Forgot your password?
typodupeerror
Microsoft

Analyzing Palladium 481

Posted by michael
from the looking-glass dept.
apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.
This discussion has been archived. No new comments can be posted.

Analyzing Palladium

Comments Filter:
  • Score -1: Troll (Score:2, Insightful)

    by Anonymous Coward on Thursday June 27, 2002 @08:22AM (#3778004)
    Until we fully know what Palladium encompasses, why are we jumping to these hasty conclusions? This is no better than when people believed that Windows XP would deny you the ability to play your mp3s, or play them at a much lower quality, because they weren't 'certified'.
  • by truthsearch (249536) on Thursday June 27, 2002 @08:26AM (#3778019) Homepage Journal
    He makes quite a valid run through his logic. It's not impossible, so I wouldn't call it simple paranoia. However I still don't think MS finds the GPL or Linux that much of a threat to its entire business. They're putting way too much effort into Palladium if it were only to make the GPL useless. It's really all about control, as a lot of people said in previous /. articles. It's somewhat about money, but at this point it's about growing an empire and making it even stronger.
  • by tony_gardner (533494) on Thursday June 27, 2002 @08:27AM (#3778024) Homepage
    Look, lets not get our knickers in a knot. It may happen, but it's never going to be the only,
    or even a high-level verification method. Obviously not, it's embedded in hardware.

    I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
    identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?

    It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.

    In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.
  • MS is Silly (Score:5, Insightful)

    by YanceyAI (192279) <yanceyai@yahoo.com> on Thursday June 27, 2002 @08:30AM (#3778045)
    The notion of hard-wired authentication rings alarms for conspiracists who sense a plot by which Microsoft might exert even more control over what kind of software could run on future computers. The Redmond behemoth dismisses such talk as silly.

    Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.

  • Masters at work (Score:5, Insightful)

    by rant-mode-on (512772) on Thursday June 27, 2002 @08:30AM (#3778050) Homepage
    Whilst Microsoft does not produce the most robust software in the world, they have repeatedly proven that they are masters of strategy and marketing. Getting into games consoles, PVRs and just about every other major electronic device that you use is just a prerequisit to being able to make this successful. Palladium is something to be feared.
  • by tony_gardner (533494) on Thursday June 27, 2002 @08:33AM (#3778061) Homepage
    between this and biometric security methods. Very strong security. When the single layer is cracked, there is no backup mechanism, and resecuring and reverification of user are almost impossible.

    Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.
  • by JonathanTWilson (588645) <wilsonjNO@SPAMindigo.ie> on Thursday June 27, 2002 @08:35AM (#3778071) Homepage
    Palladium, Microsoft's future?

    Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?

    A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.

    All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.

    How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.

    Here is what I think Microsoft is making a play for:

    The answer is a trusted programming language a.k.a .NET framework. Microsoft's new byte-code compilers (look's like Java might just have missed the boat). With a trusted compiler creating trusted byte-code running on a trusted computer. It now becomes possible to create different levels of certificates for different levels of access to computer hardware and personal data. In this way Microsoft will have completed their "finial software solution".

    Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on .NET byte-code this will not be a problem.

    With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.

    Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.

    Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.

    So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles :)
  • Apple anyone? (Score:1, Insightful)

    by Anonymous Coward on Thursday June 27, 2002 @08:36AM (#3778081)
    I'm with Apple, and as far as I know they fully respect my privacy. Hell, they even make it easy to share my MP3 stuff and software, thanks iPod!,br.Besides, Apple is commited with the OpenSource movement and it even use GPL'd software as EMACS in MacOSX. Apple hardware may cost more, even more if you live in a 3rd World piece of country like me (I'm from Brazil), but at least you can keep your freedom and privacy!

    Victor Hogemann - hogemann@mac.com
  • So how preciesly are are supposed to know, across a network, that the signals you are recieving come from a chip or come from a piece of software emulating a chip?

    And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.

  • by Man Eating Duck (534479) on Thursday June 27, 2002 @08:45AM (#3778131)
    The FAQ is a good effort which I appreciated a lot, but if I show it to my less-techie friends, they won't want (or be able) to read and understand all of it.
    Anyone know where one could encounter a well written introduction to the problem, and a summary of the main points in the FAQ?
    This would be good for people who's not technically oriented, but still use computers for variuos tasks. Those are the ones that must know about the implications of Palladium, to be able to protest against it with their wallets...

    I'd write one myself if I posessed the insight and eloquence, but I suspect that many others could do a far better job than I.
  • by Multics (45254) on Thursday June 27, 2002 @08:52AM (#3778177) Journal
    It sure begins to look like George Orwell was only 20-21 years early in his estimate.

    Fritz H. needs to be un-elected. Anyone got good pointers on how to do that?

    -- Multics

  • by Anonymous Coward on Thursday June 27, 2002 @08:55AM (#3778194)
    I work for an SI company. A large one. With a huge degree of MS-related work. The MS reps tell *us* that they can commit MS resources (i.e. spend MS money) to help us win projects IF Linux or Apache are involved.

    We're talking about people's time at many thousands of dollars per day. However much we need. They won't do it for almost any other project... So I'd say yes, they see it as a threat.
  • by Anonymous Coward on Thursday June 27, 2002 @08:59AM (#3778213)
    It is about money first, then control.

    The requirement of Palladium for online content viewing makes a lot of sense, mainly because it forces a hardware upgrade. And Microsoft sells a huge amount of software on an OEM basis, so this forced obsolescence works well for them. Hardware makers love to hear that everyone needs a new computer.

    But it won't work. People upgraded hardware a lot when computers were evolving. 'Puters haven't changed a lot in the last 5 years, from the consumer's perspective. Why should I buy a new computer when my current one(s) do what I want them to do ? And, anything they don't do (that I would like them to do) I can get in software. Lack of upgrades is killing Microsoft's revenue, so they are squirming. Palladium is but one fork of the attack - another is subscription software. Prolly others coming too.

    It is the sign of a really really rich company looking really hard towards a new business model in the future.
  • Re:Flattening (Score:3, Insightful)

    by tshoppa (513863) on Thursday June 27, 2002 @09:06AM (#3778253)
    serialize the data to plain ascii. I assume no software can restrict taking stuff out of binary documents, and then sending that flat data to a friend

    The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved software from accessing a protected document. And in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.

    Of course, maybe all you need is a single "buggy" but approved application to get around all this.

    Another way would be to digitize the video or audio coming out of your PC, but after the MPAA makes owning or building unrestricted A/D converters illegal [eff.org] this won't be an option. (Except to those of us who know how to build A/D converters out of stone knives and bearskins and live in the underground economy).

  • by slow_flight (518010) on Thursday June 27, 2002 @09:07AM (#3778254)
    This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart.

    Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.
  • Re:Invisible hand (Score:3, Insightful)

    by slow_flight (518010) on Thursday June 27, 2002 @09:15AM (#3778299)
    the rest of the world won't follow, so there will always be a steady supply of 'open' hardware (which will probably be cheaper, too). After which the American industry will scream bloody murder because of the unfair competitive advantage of foreign corporations using all this open stuff.

    This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.
  • by SEWilco (27983) on Thursday June 27, 2002 @09:22AM (#3778348) Journal
    Well, he said that they build their own machines, therefore they won't "buy a new pc". But when TCPA is in all motherboards/processors, all those machines (if the BIOS allows them to boot) will report they are not TCPA-compliant.

    So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.

    Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.

  • by Anonymous Coward on Thursday June 27, 2002 @09:22AM (#3778350)
    Obviously the hardware contains a secret private key that it never exports, it only ever uses it to sign challenges. Which allows it to authenticate itself to any party with the corresponding public key.

    I agree that it is ridiculous to expect that the hardware will never fail...and either the devices are going to share a key (total compromise the first time it is cracked) or there will have to be a huge database containing the public keys for all of the devices, making security dependent on a trusted party providing this service...also bad and unpractical.
  • by sphealey (2855) on Thursday June 27, 2002 @09:23AM (#3778359)
    The appearance of "GNU Hardware": open designs, based on a strict "No Palladium" clause, along with an explosion of small, customized hardware shop based on these designs.
    That might have worked in the 1970s or even 80s, when chipmaking systems had "reasonable" prices (say in the 50 million USD range), there were many companies making chips, and there was competition among microprocessors.

    Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."

    Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.

    sPh

  • Absolutely Right (Score:4, Insightful)

    by FreeUser (11483) on Thursday June 27, 2002 @09:28AM (#3778405)
    Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC?

    Absolutely right.

    Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.

    These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).

    We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.
  • by WolfWithoutAClause (162946) on Thursday June 27, 2002 @09:34AM (#3778456) Homepage
    Breaking one persons account can be handled the same way they deal with credit card theft, they just publish a list of identities that are known to have been broken. No big drama.

  • by vandan (151516) on Thursday June 27, 2002 @09:42AM (#3778509) Homepage
    The only problem I see with this argument is the legal aspect. All governments want more spying powers. This is especially true of the American government and their war on everything which is not in their economic interest. The organisations lobying for DRM have a lot of money, and the inclination to use it to get their way; the RIAA & MPAA, Disney, Microsoft - these are the people making laws. Do you think that the government sees any merit in allowing teenagers to download and rip music instead of paying for it like the western economy requires? And do you think that anyone in government understands the technical merits or failings of a hardware-enforced, legally required DRM? Or that they care? In their eyes, there is only one way forward. Computers are not for entertainment - they are for making a few people a lot of money. The internet is there to connect those computers for the same purpose.
    DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.
    So get ready to wear the mark of the beast...
  • Re:Invisible hand (Score:5, Insightful)

    by Anarchofascist (4820) on Thursday June 27, 2002 @09:53AM (#3778584) Homepage Journal
    "I think the market is silently going to take care of this. Would you rather buy an intentionally crippled product, or an 'open' competing product? "

    They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).

    The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".
  • by devonbowen (231626) on Thursday June 27, 2002 @09:57AM (#3778622) Homepage
    "A lot of it comes down to the fact that consumer just don't feel secure using the Internet for their critical transactions," Douglas said. "Gates has realized that unless trust can be built into these systems, the ultimate abilities of the Internet are never going to be realized."

    I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.

    One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.

    Devon

  • by Rogerborg (306625) on Thursday June 27, 2002 @09:59AM (#3778632) Homepage
    • I would think that an identification code embedded in hardware is going to be cracked, and in short order.

    Sure. Remind me, where do I download the software hack for Xbox?

    Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).

    I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.

    As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?

    This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?

    We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?

  • Re:Ignore them. (Score:5, Insightful)

    by bons (119581) on Thursday June 27, 2002 @10:04AM (#3778685) Homepage Journal
    "and some clients believe the FUD being spewed/parroted by media"

    Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
    FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
    UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
    DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

    As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).

    It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.
  • Re:Ignore them. (Score:3, Insightful)

    by Zeinfeld (263942) on Thursday June 27, 2002 @10:18AM (#3778824) Homepage
    Which FUD are we talking about? This entire series by been a collection of FUD on both sides.

    Which is amply demonstrated by the fact that this is the second time the story has been posted this week.

    The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.

    No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.

    Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

    If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.

  • by jaaron (551839) on Thursday June 27, 2002 @10:21AM (#3778839) Homepage
    Someone pointed out that they doubt the GPL is Microsoft's primary target -- that if that were the case Palladium is simply overkill. This is a good observation and I wanted to add to it. While Palladium potentially has very negative consequences for not only Open Source / Free Software but all software in general, Microsoft wins on several fronts with this approach. You might remember that Microsoft openly opposed the so-called Holling's Bill that would mandate this kind of technology. Why? Because while it would have similar results (actually the bills proposed would be more broad) the power would be in the hands of the lawmakers and more importantly in the hands of the copyright holders -- the movie and record industry. By pushing their own solution, rather than a legal one, Microsoft maintains control of the technology. To the legislators, they seem like the "good" guys (despite the monopoly convitions [how long before we finally punish these criminals?!]) and Microsoft will also get the backing of "Hollywood." It's about gaining the upper hand. They know that there are forces out there that want this kind of technology, however, it's in Microsoft's best interest to be the "innovators" and have everyone fall in line under their proposal. I think this is the real motivation -- it further secures their position as the dominant market leader. No one will want Microsoft to go away if they hold the keys to your security -- all your information, your applications, everything is in their hands. So not only does Microsoft become indispensable, but they also get to screw over the competition (which includes GPLed applications as the article points out). While security and "trustworthy" computing are nice ideas, Microsoft is the LAST company I want to hand over this kind of control to.
  • Re:Ignore them. (Score:2, Insightful)

    by FreeUser (11483) on Thursday June 27, 2002 @10:21AM (#3778841)
    we're not all Americans dip shit..

    No, dumb fuck, we're not.

    But those of us who are affected by the attempt to legislate DRM rights (as noted in my post) are.

    The point remains, even if it is over your head.
  • by Zeinfeld (263942) on Thursday June 27, 2002 @11:12AM (#3779252) Homepage
    I really don't know windows very well, but I'm sure there is one account (superadmin??) that can change these privilages. Which is basically root.

    I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.

    Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.

    With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.

    UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.

    It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.

  • by RML (135014) on Thursday June 27, 2002 @11:18AM (#3779286)
    Overall, the Palladium FAQ is interesting, but I think Mr. Anderson is overlooking a major point when he talks about how the TCPA will affect the GPL: what, exactly, constitutes the source code for a binary which has been cryptographically signed?

    The GPL is a bit vague on what exactly constitutes the "source code" for a work: it is defined as "the preferred form of the work for making modifications to it". For a program which won't function fully without being signed, a strong case could be made that the "preferred form" for modifying the work is the source code plus the key used to sign the binary; after all, if the "source code" doesn't include enough information to reproduce the binary actually distributed, it's not useful for modifying the work. The GPL also specifies that for an executable program the source includes "the scripts used to control compilation and installation of the executable", which for a signed executable would include the script to sign the binary.

    Thus, the danger to the GPL might not be that it will lead to GPL programs that you can't actually modify, but instead be that it will be impossible to get a GPLed program certified. Even if it is certified, it will be illegal to redistribute the resulting binaries without the key, which of course won't be available. If the person or company that produces the program is the sole copyright holder, they can of course distribute it anyways, but it won't be redistributable.

    So I'd say that TCPA, Palladium, and other DRM schemes do pose a threat to the GPL, but not for the reason Ross Anderson claims.
  • by sklib (26440) on Thursday June 27, 2002 @11:32AM (#3779379)
    Given that Microsoft and x86 have a strong hold on the computer market, it's fine that Palladium is going to run on that combination, but what about Sun, SGI, and Apple?

    It doesn't look like Apple is getting brought into this at all -- I've heard no mention of either them or Motorola (they make Apple's CPU's right? or am I wrong?) being involved in the whole debate -- and a lot of people use macs.

    Furthermore, a lot of .edu's have a thick and manly investment with Sun -- for example half of umich's engineering workstations are ultra 10's or better, and I'm sure the same is true at many other schools. Professors and techy students aren't going to be happy about losing Sun as a usable platform because it's not palladium-compliant or whatever.

    Maybe macs and Suns will become more popular because of this Palladium thing because you can still pirate software and not let MS root your box.

    What do you think?
  • Re:Ignore them. (Score:2, Insightful)

    by tbannist (230135) on Thursday June 27, 2002 @12:59PM (#3780051)

    Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.

    1. That hasn't stopped MSFT from doing it before.
    2. That won't stop criminal prosecution of anyone caught circumventing the DRM measures.

    One of the things that you semm to have missed is that pointing out the possible abuses of the DRM technology is a first step in preventing those abuses.

  • Reason for FUD (Score:3, Insightful)

    by Dalcius (587481) <chrism3413+slashdot AT gmail DOT com> on Thursday June 27, 2002 @01:07PM (#3780120)
    You make a great point -- you're right, we should watch what we do and say.

    B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.

    But now that is changing. I'm worried. Here's why:

    If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.

    If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.

    The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.

    I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.

    I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.

    That is why I worry.

    There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.

    To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.
  • Re:Ignore them. (Score:2, Insightful)

    by RollingThunder (88952) on Thursday June 27, 2002 @01:47PM (#3780419)
    Sigh. Posting to undo a screwed up mod. I didn't select troll, damnit.
  • Re:Ignore them. (Score:2, Insightful)

    by stoothman (321719) <stoothman@BOYSENyahoo.com minus berry> on Thursday June 27, 2002 @01:52PM (#3780453)
    As they say, it is not paranoia when they really are out to get you.

    >FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.

    Micro$oft has proven over and over again that they can not be trusted with sensitive data. Go to google and do a search on Microsoft and privacy. You are returned with a list of 1000's of articles about their poor performance in this area.

    >UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.

    Given what the chief Micro$oft researcher said in his interview, it sounds less like speculation and more like well reasoned logical deductions as to what the company will do with this technology.

    >DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?

    Given their track record, I can hardly see where expressing doubt about this company and its intentions is unwarranted. This is after all an acknowledged monopoly, which has been found to have abused its power by a court of law. It is a company that has shown nothing but open hostility toward OSS and more specifically, GPL'd software. Further it has gone out of its way to invade users privacy in ways very few other companies have even dreamed about, like the media player that phones home. The list of abuses goes on and on and on.

    So in the final analysis your condemnation of all of this as our own FUD attack against Micro$oft is completely unfounded. It is not FUD to call Micro$oft exactly what it is, an avarice monopoly with less business ethics than a bowl full of pond scum.

  • All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!

    TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?

    I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.

    eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.

    Nobody's going to go for this -- there's no "killer app."

  • Re:Ignore them. (Score:2, Insightful)

    by JebusIsLord (566856) on Thursday June 27, 2002 @06:29PM (#3782524) Homepage
    No, if all chip manufacturers support it, then we will have no choice! This is so bad...

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...