Forgot your password?
typodupeerror
Microsoft

MS Palladium Patent 409

Posted by CmdrTaco
from the click-here-to-upgrade dept.
Concerned Citizen writes "cryptome has Microsoft's patent for Palladium. Including such gems as: 2. The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory. 14. The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data. And I'm sure we'll all be coerced to agree to Palliadium during a future security patch agreement."
This discussion has been archived. No new comments can be posted.

MS Palladium Patent

Comments Filter:
  • Security Patches (Score:3, Informative)

    by aivic (468344) on Sunday July 07, 2002 @10:02AM (#3836576)
    No modifications to the EULA were made in the latest build of XP SP1... maybe the next?
  • by Anonymous Coward on Sunday July 07, 2002 @10:04AM (#3836581)
    I think I'm hearing "The Imperial March" in the background. Weird.
    • by da cog (531643) on Sunday July 07, 2002 @01:02PM (#3837166)
      I felt a great disturbance in the force, as if millions of server processes suddenly cried out in terror, and suddenly silenced.

      I feel something terrible has happened.

      *** SOME TIME LATER ***

      KONQUEROR: Our position's correct except... no cryptome.org.

      ME: What do you mean? Where is it?

      KONQUEROR: That's what I'm trying to tell you, kid, it ain't there. It's been totally blown away.

      ME: How?

      It's been destroyed... by the Slashdot.

      KONQUEROR: The Slashdot crowd couldn't take down the whole site! It would take ten thousand people with more free time than I've...

      *Alarm bell goes off* ...*** TO BE CONTINUED ***
  • how 'bout apple (Score:3, Interesting)

    by Ubi_UK (451829) on Sunday July 07, 2002 @10:05AM (#3836584)
    The only reason why I'm using windows is because MS office is still superior and there is no substitute for Director, Dreamweaver or QuarkXPress on Linux.
    So if palladium does become reality I'll have to swap over to Mac.

    But wait: doesn't M$ 0wn apple? (25% stock?) Does anyone know about DRM plans on mac?
    • Re:how 'bout apple (Score:5, Informative)

      by tunah (530328) <sam@nOSPAM.krayup.com> on Sunday July 07, 2002 @10:09AM (#3836593) Homepage
      Microsoft bought a bunch of non-voting stock in apple as part of a deal that included cross licensing of patents. This settled a long running dispute of MS supposedly stealing apple's look and feel.

      Microsoft quietly sold their stock (for a profit) some time afterward.

    • The only reason why I'm using windows is because MS office is still superior

      MS office for Mac is superior to MS office for Windows. Go figure.

      So if palladium does become reality I'll have to swap over to Mac.

      Why wait? [apple.com]

      • IE for the Mac is also superior to IE for Windows. It even has alpha-channel support for PNG files, which IE for Windows lacks. Do these teams never communicate?
        • Do these teams never communicate?
          Having seen how much better the Mac M$ products are, I hope the teams never communicate. Why drag the Mac team down?
        • IE itself doesn't handle the PNGs the Mac has a very cross product support. So any program can display PNGs quicktime, and it works seemlessly, unlike quicktime on windows. This is the same reason Office is supperior it can call on third party apps to do a lot of its work for it, and remain seemless.
          • Wow, sorry for the grammer. Let me rewrite that.
            IE itself doesn't handle displaying PNG files on the Mac. The Mac has a very good system for seemless integration of different products. Quicktime displays the PNG files on Mac IE, as it can in Windows, but does it seemlessly. MS Office for example on the Mac can call upon the default image editing program (assuming program is written to specs), which is generally Abode, and can allow you to edit an image extensivly inside Word.
    • Re:how 'bout apple (Score:3, Interesting)

      by Yarn (75)
      This is precisely what I've done already. Yummy tibook. I have got Debian as well, but I've not actually felt the need to use it, OS X is *that* good.

      Not looking back...

      Of course, the worry about Apple is they are the only source of mac's, and they'll be subject to any DRM laws if (when) they get put (paid) through the US govt.
    • MS office is still superior

      Give OpenOffice (or StarOffice if you need the extra filters or the Access-like component) -- We used Access and Excel in a huge way but now StarOffice has replaced it without causing any of our office staff any trouble. Definately worth a try.

      Unfortunately you're absolutely correct about Director and Dreamweaver (although Quanta is showing some real promise). Quark is evil nasty horrible software.

      • Not true..

        There is no good equivalent of Access, and the scripting language of Excel -for me- is easier to use than OpenOffice version (even though that one is technologically superior or whatever). I've tried adabas but it just doesn't have it.

        Keep your comments about Quark to yourself. If you don't like it don't talk about it. At the oment it is still the only good program for multicolor prepress work. Why don't you write something better if you have such an opinion about it?
        • Ventura is a far better program for multicolor prepress work.
        • "There is no good equivalent of Access, and the scripting language of Excel -for me- is easier to use than OpenOffice version"

          The good equivalent of access is . If you need the (yes I admit) nice front end then there is a plethora of GUIs for interacting with MYSQL and POSTGRESQL.

          As for scripting in excel you might want to try gnumeric with gnubasic.

          graspee

    • But wait: doesn't M$ 0wn apple? (25% stock?) Does anyone know about DRM plans on mac?

      The real question is going to be whether Intel, AMD and the motherboard and chipset vendors will go along with this. Intel has already voice opposition.

      So long as you can buy and run hardware/OS choices that don't force you into this, it doesn't matter to me.

      On the other hand if something like the Hollings bill passes, things will be very dark indeed.

      • First: If you've been kidnapped and locked in some basement in chains for the past 6 weeks, ignore my ranting and please accept my apologies. If not, read on...

        AMD and Intel have both signed on to palladium. It is a done deal. The motherboard makers have no choice, they will be starved of the latest fastest CPUs, if they refuse to cooperate. Possibly even starved of the older slower CPUs... AMD and Intel will simply refuse to manufacture them (there is precedence, AMD clobbered the 486's that embedded systems engineers liked so much). The chipset manufacturers will either clone the DRM features, or be left out.

        There is no escaping this. Laugh all you like, point at Circuit City's DivX if it makes you feel better. I could explain that too, if you cared to know. And when the marketing weight of 1 billion cluelesss idiots buying the computer the Dell dude tells them to crushes you, I'll be laughing at you. Admittedly, only a split second before I'm squished like a bug. *shrug* OS choices? What choice? Linux kicks ass, no argument here. But it simply won't run. "Yet more proof linux is insecure, it won't run with palladium!". We're all sooooo fucked. Does anyone have some lube? This is going to be a big one, and I'm afraid my virgin ass just won't be able to take the punishment...

        Conclusion: You are simply a flaming retard, incapable of seeing the nearly immediate, and agonizingly obvious. You're standing there, admonishing us all not to panic, even though those that choose to look can see the 500 ft tall tidal wave getting ready to crash. If ever there was a time for panic, it's now.

        *LOL* *Sobbing*
  • Trust (Score:4, Insightful)

    by Buggered Choirboy (237709) on Sunday July 07, 2002 @10:08AM (#3836590)
    If nobody trusts this system, it will not get into widespread use. Amazingly, Micro$oft does not succeed at everything.
    • Re:Trust (Score:2, Insightful)

      by WetCat (558132)
      Trust? OEM!!!
      you cannot get rid of OEM software by Microsoft, even if you are not agree to its EULA, did you forget?
      People will just get their Palladium with new computers. And there will be no other options, same as now, when you almost cannot buy a new computer with anything but Win XP.
    • Would people use or even install software that claimed the right to disable any other software it felt like that they paid good money for on their own system?

      Would people use software that was known to crash regularly, costing them time and money and making them do the same work over?

      Would people buy new versions of software when it was known to be extremely bloated, take much more resources than previous versions, and contain megabytes of dead useless code?

      I submit that your expectation of the wisdom of the buying public has no basis in fact.

  • by Anonymous Coward
    Correct me if I am wrong but doesn't Java's sandbox model refuses to load untrusted program into memory (if set up o only run signed applets) and restricta a user to a subset of available functions for manipulating rights-managed data?
    • by marxmarv (30295) on Sunday July 07, 2002 @10:29AM (#3836654) Homepage
      Correct me if I am wrong but doesn't Java's sandbox model refuses to load untrusted program into memory (if set up o only run signed applets) and restricta a user to a subset of available functions for manipulating rights-managed data?
      As far as I know there isn't anything in Java that distinguishes the access rights of any particular piece of data, but you can install a custom SecurityManager in the JVM that can deny certain actions taken by particular threads, use a custom ClassLoader to ensure that signed classes can take extra privileges not granted by default, and ensure only signed classes get access to rights-managed data. Unless it's in silicon, you can still break the JVM, a la Ken Thompson's famous login/cc hack.

      -jhp

      • Have a look-see at Enterprise Java, in particular the access rights model of EJB's. It reminds me very much of this patent, in providing function access rights. Data is similarly encapsulated through function access.
    • It seems the link is /.ed, so I can't check the details... Does anyone know whether the patent would be claiming established anti-virus techniques as well?

    • I think a big diference here is that Java is a virtual machine, not your whole computer. You can still load other non compliant software in your machine, even while Java is locked down to it's sandbox.

      Bill wants to turn your entire machine into HIS sandbox.
    • And afaik, with a little tweaking, you can setup the jvm to run apps that are not signed.
  • by donnacha (161610) on Sunday July 07, 2002 @10:17AM (#3836617) Homepage


    Most of you will remember a last week's /. story [slashdot.org] which mentioned Robert X. Cringely's column on Palladium, the maturely entitled I Told You So [pbs.org].

    It's probably worth noting that Cringely responds in this week's column [pbs.org] to the reaction that followed that original panicked (and, knowing MS, probably justified) outburst.

  • by 3seas (184403) on Sunday July 07, 2002 @10:18AM (#3836620) Journal

    To juxtapose the Patent against:

    The Declaration of Software Freedom [freedevelopers.net]

    (read the whole thing!) of which a subpart is:

    "Current Software Commercial Organizations ...
    hide source code to keep developers divided, disenfranchised and
    dependent; tie inferior products to dominant ones; defiantly violate and
    avoid court orders; quash promising competitive start-ups; leverage
    dominant products into other, unrelated businesses; carve up markets to
    eliminate real competition; utilize predatory pricing practices to
    foreclose competition; commoditize and objectify their customers by making
    them captive; cause developers to constantly re-invent the wheel by hiding
    the source code; exercise general thuggish behavior in business dealings;
    compel weak competitors to destroy their own innovative products to
    protect established profitable ones; fail to respond to customer requests
    and needs in a timely fashion; exploit natural "choke-holds" in the
    economy for their own advantages; manipulate and delay technological
    progress to maintain supremacy; hide coding bugs thereby jeopardizing
    stability and security; de-humanize software developers by considering
    them as "inputs" or "assets"; stifle innovation; "embrace and extend" or
    otherwise pollute open standards in order to break and appropriate them;
    use exclusionary contract provisions to enforce censorship over disclosure
    of bugs and defects; shut-off or block channels of distribution to
    legitimate competitors; announce vaporware to foreclose adoption of real
    competitive products; frustrate, taunt and antagonize governmental
    officials protecting the public interest; truncate choices; create
    confusion and frustration in users by selling inferior code; take the
    innovations developed by others as their own; practice differential
    pricing to punish those that oppose them; misinform and exploit users;
    use undocumented features as an anti-competitive device; suppress the
    open, efficient and free nature of the scientific method by keeping the
    code secret; purposefully break the code of competitors so that there are
    code inoperabilities across products; prohibit friends from sharing
    software with friends; coerce their users to fore-go promising competitive
    technologies; use overly restrictive and exclusionary contracts against
    weaker competitors; and perform other anti-social, anti-competitive and
    improper acts to establish, maintain and extend their software
    monopolies." ....well does this mean the above needs modification of does it mean the
    Patent, being a public accessiable document, can be turn into evidence
    against MS, for which they cannot remove from public access?

  • At least it's a substantive patent; lots of diagrams and references and stuff... Some things get past the examiners that are little more than a napkin with "A method for doing the obvious" written on one side.

    Hey, I'm trying to think positive here...
  • by div_2n (525075)
    void karma_burning_philosophical_schpeel()

    {

    I can't possibly know with 100% certainty what Microsoft's intentions are, but there stands a reasonable chance they are intended for their benefit and any consumer benefits are purely coincidental.

    So what can we do about all of this? Pay attention and educate ourselves on this initiative and then pass on the news good or bad to the masses that aren't up to date on the geek speak. It is probably not a good idea to leave thsi job up to mass media.

    It is possible for us to either make or break this technology. Look at the old Divx from Circuit City. Bad idea. It was DOA because many people (myself included) advised everyone not to buy it.

    This is a controversial technology from a controversial company. This doesn't mean it is destined to be evil. It does mean it is the job of those in the know to keep those out of the loop informed.

    } //end karma_burning_philosophical_schpeel
    • I agree that geeks have a certain influence over the people in their lives when it comes to matters like this, but let's compare MS's marketing budget to Circuit City's marketing budget for a moment. And when we're done there, let's compare Windows's market share to Apple's market share to Linux's market share.

      Talking down Microsoft's initiatives is a LOT easier said than done. Seriously, if you'd like another good example, look at .Net. 18 months after they announced it, most COMPUTER PEOPLE I know can't explain what the hell it is, myself included. I met a programmer that came close though :) The point is that .Net has been this word that MS floats around, but the definition keeps changing. Even Jim Alchins said that they don't have it fleshed out really well inside the company yet. That hasn't stopped MS from running comercials advertising .Net yet though. And whatever it is, I'm sure it will be pretty successful because MS will just keep massaging the definition and marketing until it sounds palatable to the masses.

      Paladium could be the exact same situation.

      Chris
    • by TheConfusedOne (442158) <the,confused,one&gmail,com> on Sunday July 07, 2002 @11:27AM (#3836869) Journal
      There is definitely something to be said about remaining informed and trying to inform everyone else.

      There's one giant problem with it though:
      The desktop OS market is being dominated by a monopoly. MS makes updates (XP and WPA are a good example) and the bulk of the consuming public doesn't know and/or care. They merely get the latest version when they buy their new PC. MS really doesn't need to market their OS's, they just slowly become dominant by default (installation).

      DivX failed because DVD's were already on the market and the cost of the DVD player was dropping rapidly. People were able to evaluate this as a pure cost/benefit issue and everyone realized that the DivX duck wouldn't hunt.

      There will be no such evaluation with MS's latest and greatest OS.

      Questions that MS needs to answer: How will Palladium treat those home videos that everyone's starting to create. (I just bough a digital camcorder myself.) How will Palladium treat home recordings? (I have a friend who is slowly putting together his own album. What if he wanted to mail around MP3's of his songs?)

      This is where we can maybe corner MS. They need to answer how the "untrusted" (really uncopyrighted or copyrighted by an individual) content is treated.

    • I can't possibly know with 100% certainty what Microsoft's intentions are, but there stands a reasonable chance they are intended for their benefit and any consumer benefits are purely coincidental.

      I don't know why you considered that a "karma burning philosophical schpeel", since you don't say anything remotely controversial and, if anything, you are whoring.

      I suspect the reason Microsoft wants to put DRM into the OS is twofold:

      a) They are very vocal anti-software piracy advocates, which makes them sympathetic to the music/film industries' own piracy problem.

      b) They demonstrate to the government that closed-source software has the advantage that users can't modify it for illicit purposes.

      -a
  • Paladins (Score:2, Funny)

    by nuggz (69912)
    I still think Paladins should be lawful good.

    Not neutral evil.
    • <Obscure D&D reference>Nah. Bill fell long ago.</Obscure D&D reference>

    • Not neutral evil.

      No, Palladium is clearly Lawful Evil. It is completely dedicated to order and control and doesn't care who it harms.

      The Mafia is lawful evil - strict loyalty and obedience within the organization. The GPL is chaotic good - it values individual freedom and doing things for the benefit of other people.

      -
      • Okay, you raise a silly comparison, but I'll bite.

        • The GPL is chaotic good - it values individual freedom and doing things for the benefit of other people.

        The GPL is lawful good-- it enforces a limitation on the rights of the collaborators in order to benefit the end users. Those potential collaborators or users who may have different political or fiscal agendas are barred from using these published methods.

        The BSD family of licenses hails far closer to chaotic good-- it supports unpredictable uses by collaborators regardless of fealty, and end users to have pretty much the same right for the licensed forks.

        I'd have to say that Public Domain is the maximum extent of chaotic good. If the US Congress would heed the predictions and intent of the US Constitution, then far more works would be entered into the Public Domain, enriching and enabling the maximum number of creators, contributors, collaborators and end-users.

        • D&D comparison (Score:3, Interesting)

          OK, I just have to bite when the thread is d&d related...

          It all depends on your point of view. Microsoft view themselves as lawful good, free OS zealots as lawful evil, and napster-happy consumers as chaotic evil.

          For the free OS point of view swap evil for good and vice versa.

          The whole AD&D alignment system doesn't hold up in the real world; the chaotic, neutral, lawful bit is fair enough, but as for good, evil and neutral you need to have an objective, externalized viewpoint to say what is good or what is evil.

          This is basically the same "Is there such a thing as objective good and objective evil ?" question you might get on a philosophy exam.

          My own opinion is "no", but most people fall into the "yes" category, either because they belive in some deity, are totally stupid or c) both of the above.

          To properly frame the viewpoints of MS vs free OSs you need to replace good and evil with commercial and free.

          So MS is Chaotic Commercial, free OS zealots are Lawful Free. Show me a company that is Lawful Commercial and I'll show you a company that covers its tracks well...

          graspee

  • Hat trick? (Score:5, Interesting)

    by TheSHAD0W (258774) on Sunday July 07, 2002 @10:50AM (#3836732) Homepage
    So Palladium won't load an untrusted program into memory... How would it accomplish that? In order to determine whether a program was properly signed, one would need to get its checksum. In order to do that, you would have no choice but to load it into memory of some form. I suppose you could bypass the RAM, DMA it through a dedicated calculator... But that would be inefficient; you'd need to scan it once, and then load it for execution. And you'd need to do it every time you ran the code, or someone could have compromised the data on the system's drive by editing it on a non-Palladium system.

    And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy.
    • by BlueboyX (322884)
      Palladin is complex enough to identify both non-trusted 'code' and 'data.' It's in their patent. Their patent is actually quite thurough.

      "And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy."
      • Can it?
        I think perhaps, in current NT kernels, you can't execute code out of the data segment.
        And you can't modify the text segment.

        So maybe one loader reads it into data, checks it out, then permits actual execution.

        Under Dos & Win9x, this would be trivial.. I think under NT it's going to be harder.
      • I didn't read their patent, but this is a basically simple chore. Just check everything for the MS sig. If it isn't there, you don't trust it. If someone forges it, they broke the law (so it doesn't even need to be a secure signiture). You could do this with a 12 byte signiture, so all that you need to do is check the first 12 bytes of every block during the IO read, and nothing past the sig ever hits RAM without being signed.

        Or you could write the date of creation into the first few bits of every disk block, and follow it with a 40 bit sig based on that time. And then use a checksum withing that. The hardware could strip off the envelope on the way in, and only the internals would ever hit ram. For more security, use a longer key, but even with a one bit key it's illegal for anyone else to break it, so only MS, and those they license, would be allowed to sell software.

        What security is depends on what your goals are.
        The other things that you do are camoflage to fool people into thinking (or being able to pretend) that your goals are what you claim they are, rather than what they actually are. The real purpose of Palladium appears to be to force everyone to license the right to operate from MS.

    • How would it accomplish that? In order to determine whether a program was properly signed, one would need to get its checksum. In order to do that, you would have no choice but to load it into memory of some form. I suppose you could bypass the RAM, DMA it through a dedicated calculator... But that would be inefficient; you'd need to scan it once, and then load it for execution. And you'd need to do it every time you ran the code, or someone could have compromised the data on the system's drive by editing it on a non- Palladium system.

      Especially if it has to go online to get an OK on the signatures from MS.

      Think of this happening on your Web server or dedicated financial services database machine. That's why I've been warning people including a recent article I did for VAR Business. It isn't just about civil rights, it's about spending more for a computer and getting less performance out of it.

  • by Hassan79 (583923) <nikd-0202@nospAm.gmx.net> on Sunday July 07, 2002 @10:59AM (#3836758)
    I think that the system architecture of the PC we are familiar with is too "open" for implementing DRM seriously:
    • Everybody can install new hardware.
    • Everybody can install new software, and, even worse, create new software that has access to all hardware devices.
    • Everybody can exchange arbitrary data over the net.
    So, the Palladium hardware won't have many relations to the PC any more, but become something like a mobile phone or a gaming console: a closed system. Probably, customers will be attracted with the argument that this new device will be easier to use and less complex. Maybe, Microsoft's XBox is even the first foundation of this new system architecture!
    By the way, this won't be anything new. It's only the continuation of a longer trend: Taking the user further and further away from the hardware. On Windows 95, you weren't able any more to write programs that controlled the hardware directly. You had to use Microsoft's API.
    Now, you will have to use Microsoft's API for everything that happens on the computer. So:
    • The user will be even further away from the hardware
    • Microsoft will control even more layers between the user and the hardware and become even more powerful.
    • (* On Windows 95, you weren't able any more to write programs that controlled the hardware directly. You had to use Microsoft's API. Now, you will have to use Microsoft's API for everything that happens on the computer. So:
      The user will be even further away from the hardware Microsoft will control even more layers between the user and the hardware and become even more powerful. *)

      MS witnessed Sun's Java trying to do the same thing, and so is now trying to out-Java them with .NET. Sun tried to make Windows irrelavent by making Java into a virtual OS.
  • activex revisisted (Score:4, Interesting)

    by epine (68316) on Sunday July 07, 2002 @10:59AM (#3836760)

    Palladium is just ActiveX revisited. Security is confusing because it covers two entirely different problems: 1) protecting the machine from rogue users, 2) protecting the machine from rogue software.

    The second point bifurcates into two opposing camps: 1) most rogue software comes from unemployed college dropouts, 2) most rogue software comes from Fortune 500 companies.

    Palladium is the approach of keeping the foxes away from the chickens by building a coop for the foxes.

  • Palladium / TCPA FAQ (Score:4, Informative)

    by ThatTallGuy (520811) on Sunday July 07, 2002 @11:01AM (#3836768)
    A prior post mentioned Robert Cringley's articles; I found them less enlightening than one of the things he linked to, a FAQ on Palladium and TCPA [cam.ac.uk] that clearly and logically explains the positive and negative effects of the system. An excellent resource to point your underinformed purchasing manager or congresscritter to.

    C'mon, Judge Kollar-Kotelly, make me proud. :)

    • by malakai (136531) on Sunday July 07, 2002 @02:00PM (#3837352) Journal
      This is a very scary paper. You think MS spews a lot of FUD, this papers is almost pure FUD.

      First, this guy thinks a lot of himself:
      The Palladium announcement appears to have been provoked by a paper I presented on the security issues relating to open source and free software at a conference on Open Source Software Economics in Toulouse on the 20th June
      FUD
      2. What does TCPA / Palladium do, in ordinary English?

      Its obvious application is to embed digital rights management (DRM) technology in the PC. The less obvious implications include making it easier for application software vendors to lock in their users
      Notice the bold FUD.
      . So I won't be able to play MP3s on my PC any more?

      With existing MP3s, you may be all right for some time. But in future, TCPA / Palladium will make it easier to sell music, movies, books and other content packaged so that people can play them on their PCs but not copy them.
      Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money.
      You might be allowed to lend your copy of some digital music to a friend, but then your own backup copy won't be playable until your friend gives you the main copy back.
      Sounds fair. Keeps me from making 10 copies of this new movie and giving them to my friends.
      Quite possibly you will not be able to lend music at all. (It looks likely that the music publisher will be able to make the rules - and to change them at will by remote control.)
      And thus more speculation and FUD.
      5. What else can TCPA and Palladium be used for? ...For example, you might arrange that your soldiers can only create word processing documents marked at `confidential' or above, and that only a TCPA PC with a certificate issued by your own armed forces can read such a document. This is called `mandatory access control', and governments are keen on it. The Palladium announcement implies that the Microsoft product will support this. Once TCPA is widespread, corporations can do this too - and so, for that matter, can the Mafia. This can make life harder for spies, corporate whistle-blowers, and FBI agents alike
      (though it is always possible that the FBI will get some kind of access to master keys)(FUD). A whistle-blower who emails a document to a journalist will achieve little, as the journalist's Fritz chip won't give him the key to decipher it.
      OK, so now the open-source movement is AGAINST encryption/privacy? Does this mean PGP is bad now too? This sounds like technology I always assume US military intelligence organizations already use. I don't want a whistle-blower leaking confidential battlefield plans (we've seen it happen a lot in the last year). As for corporations, if a whistle-blower can't print, email, fax, save to disk some document, they'll find some other way to blow the whistle. This is a stupid argument as for why Palladium as a whole is bad.
      10. OK, so TCPA stops kids ripping off music and will help companies keep data confidential. It
      may help the Mafia too, but apart from the pirates, the industrial spies and the FBI, who has a problem with it?
      I'm sure the FBI would love it if the Mafia started using DRM certs on their data. It'd be much easier to ask a judge for the rights to sieze and open documents certified by this certificate, then say to ad-hoc monitor possibly private data in an attempt to get to Mafia data.
      Note, it will never happen. Criminal elements will stay away from technology like DRM and pallidum.
      A lot of companies stand to lose out. For example, the European smartcard industry
      may be hurt, as the functions now provided by their products migrate into the Fritz chips in peoples' laptops, PDAs and third generation mobile phones. In fact, much of the information security industry may be upset if TCPA takes off.
      Elmer FUD would be proud. I went and pulled the membership on the EUROSMART list, and I see a lot of overlap with TPCA. I guess they don't hate it that much.
      11. How can TCPA be abused?

      One of the worries is censorship (...)
      For example, the police could get an order against a specific pornographic picture of a child, and cause the policy servers to instruct all PCs under their control to search for it and notify them if it were found.
      First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture. However, even if they did... this picture would have to be signed somehow, and under DRM protection. Not sure why a child pr0n peddler would take the time to DRM his pictures. And if you want to view that sick stuff, turn off the DRM system before you do it. Yes, it does have an off switch. While off, you can't use the apps in DRM mode, meaning you can't open DRM certified media.
      12. Scary stuff. But can't you just turn it off?

      Sure - one feature of TCPA is that the user can always turn it off. But then your TCPA-enabled applications won't work, or won't work as well. It will be like switching from Windows to Linux nowadays;
      Oh my god. It's at this point I have to stop reading this horrible FUD..er FAQ. Disable DRM, and the DRM enabled functionality in DRM enabled apps will cease to work, the apps will continue to work. Sure, you can't open your ULTRA-7 security level report, that the NSA sent to you, but theres good reason for that. Turn back on the trust management, and then open that report. And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch? and second, that makes no sense!

      I honestly went to this FAQ to try and see both sides of the Palladium debate. But this FAQ is a borderline paranoia conspiracy rant. It hurts the anti-palladium side more than helps. Stick to the facts, dissect it like a Vulcan would. Show me logical arguments, and keep your emotion and fear out of it.

      -malakai

      • by Anonymous Brave Guy (457657) on Sunday July 07, 2002 @06:36PM (#3838304)
        First, this guy thinks a lot of himself:

        He's entitled to. He's an established expert with credentials in the industry, and it's quite possible that his understanding and information on this subject is ahead of most people's, including the MS guy posting on this thread.

        The less obvious implications include making it easier for application software vendors to lock in their users
        Notice the bold FUD.

        It's nothing of the sort; it's a very real issue. If you provide a means to lock people out of data -- which is essentially all DRM is -- and then appoint MS as the effective custodian of that data, what is to stop them abusing the technology to stop you loading a document you created in MS Word with, say, a translator for OpenOffice? As those crying "FUD" are shouting so loudly here, there is precious little solid information available and even fewer guarantees, and MS has a demonstrated history of abusing any power it gets through its dominant position in the market. A little caution is more than justified here. It's only paranoia if they're not all out to get you.

        Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money.

        It's also a market where critics could potentially be stopped from using controlled material in a legitimate way. Worse, that potential is controlled by whoever owns the DRM controls -- MS in our current scenario -- and not by a suitable legal system. This is not in the interests of the common consumer of these products.

        First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture.

        This is a bad caveat, because I doubt anyone here would have any sympathy if a child pornographer got screwed to hell; the ability to do this in such cases is a definite plus point of the proposed approach. The problem is that the same technology could be used to prevent the distribution of, for example, information certifying that Microsoft's accounting practices are highly dubious (such as is currently freely available on the web), and once again, the control is in the hands of the DRM guys, not the duly appointed government.

        And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch?

        There are far fewer applications currently available for Linux, and hence you are limited in what you can do with it. If you can't see the parallels to the DRM scenario, and the problems potentially created, I'm afraid you really aren't looking very hard.

    • I found them less enlightening than one of the things he linked to, a FAQ on Palladium and TCPA [cam.ac.uk] that clearly and logically explains the positive and negative effects of the system

      Considering that no details have been released about Palladium besides the fact that there is a burgeoning project at Microsoft that will use that as a codename I can't see how anyone can explain Palladium when no one (not even average Microsoft employees like myself) know what the details are. I read it and seemed to simply care about one thing and that was spreading FUD [clueless.com]. In fact let's dissect this logical explanation
      2. What does TCPA / Palladium do, in ordinary English?


      Its obvious application is to embed digital rights management (DRM) technology in the PC. The less obvious implications include making it easier for application software vendors to lock in their users.
      Looks like someone has no idea what it does for sure but tells us what it obviously must do. There is a saying about assumption which fits right in here.
      4. How does it work?


      likely implementation in the first phase of TCPA is a `Fritz' chip - a smartcard chip or dongle soldered to the motherboard.
      Again, instead of concrete details we get speculation and assumptions. Maybe that's because there are no details so all one can do is leap to conclusions?
      5. What else can TCPA and Palladium be used for?


      TCPA can be used to implement much stronger access controls on confidential documents. For example, you might arrange that your soldiers can only create word processing documents marked at `confidential' or above, and that only a TCPA PC with a certificate issued by your own armed forces can read such a document. This is called `mandatory access control', and governments are keen on it. The Palladium announcement implies that the Microsoft product will support this. Once TCPA is widespread, corporations can do this too - and so, for that matter, can the Mafia.
      This section is disgustingly similar to the "encryption is bad because terrorists can use it" argument. I guess its OK for such a narrow minded and ignorant viewpoint which has been derided several times to be espoused if one is bashing Microsoft (sorry I meant M$).

      I could go on reading the FAQ but it devolves into paranoid conspiracy theories from that point on.
  • by manyoso (260664) on Sunday July 07, 2002 @11:07AM (#3836788) Homepage
    "The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory."

    Hmmm. Seems to me that this 'art' has been around since the beginning of Unix. Hell, Microsoft has been providing a form of this 'art' with NT and 2000 for quite sometime. It's called permissions! And what would you call the recent advent of the NSA's Secure Linux? Administrators have been 'refusing to load the untrusted program into memory' for quite sometime to protect data... The only thing different about this scheme is Microsoft will be instituting a system where the company itself is root/administrator and the previous system admins are relegated to subordinate positions.

    "The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data."

    Ahh, this has also has seemingly been done since time began ;-) For instance, with Unices I can restrict the user to reading the data, writing the data, executing the data or some combination thereof... Thus Unix has been able to restrict 'a user to a subset of available functions for manipulating the rights-managed data'.

    Cheers!
    • Or they could just hire a bouncer to come along with every Windows computer, and order them to bash you into the wall every time you try to load disapproved content.
    • "The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory."

      The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data

      The key terms here are "rights-managed data". AFAIK no OS out there has built in protection for rights managed data
    • I love how ever time a patent comes out people yell prior art and give obvious examples as to why "it won't possibly hold up".

      Fact is most of these "obvious" patents usually end up holding up. Do you really think with the Army of legal geniuses MS employs that they didn't think of what you just said? MS for the most part doesn't enter battles they will outright lose so easily.

      So make fun of the patent if you want to, but if DRM OS's in fact do become the wave of the future, its endgame already for both your rights and OpenSource OS's as well.

      "Chicken Little ain't got nothing on me"
  • While y'all stupid wankers were salivating over "Ooh, ooh, a Palladium link that's been posted at least once, probably closer to a dozen times if you count comments", the REALLY revolutionary and important part of the column was buried way down here:
    But we're still faced with the problems of video quality and the high cost of distribution, both of which we propose to solve by encouraging viewers to make copies of the shows and give them to friends. This wouldn't work with traditional streaming, but in order to mandate a particular minimum level of video quality, we'll be downloading the show, not streaming it. (Emphasis mine.) Downloading means that modem users who are willing to download during dinner can get the same video quality as broadband users. It also means that anyone who watches the show HAS THE SHOW ON THEIR HARD DRIVE. They can delete it, make it available through a peer-to-peer file sharing system, make it available on their own website, or e-mail it to a friend. As a guy who seeks new viewers and readers, there is no downside for me in this. I will gladly accept anyone's bandwidth. And I'll accept new viewers, too -- viewers who would never have found me had a friend not shared their copy.
    At last someone is daring to consider the idea of DOWNLOADABLE CONTENT. This is important, because as Cringely goes on to state, streaming content takes a LOT of the user's control over content they've downloaded and puts it in the hands of Progressive Networks and Microsoft, which is not where you want it.

    This ought to be a condition of public funding for public media. Anyone pushing DRM is probably up to no good, but DRM or no, a commons of high-quality independent media is an essential pillar of a free society and we ought to be demanding it.

    -jhp

  • Microsoft does not own my RAM.
    Microsoft does not own my hard-drive.

    I will put on it whatever I want to put on it. Understand?
    • by WetCat (558132)
      Exactly! You own your land near your house. But you cannot grow there anyhing except stupid lawn; if you do, the "good neighbours" will complain and municipal mowers will come with police to cut your lawn. You will be billed for that operation!
      I will put on it whatever I want to put on it. Understand?
      Yes. But first try to grow anything but lawn on your land...
  • by blueworm (425290) on Sunday July 07, 2002 @12:51PM (#3837125) Homepage
    The more you expose the consumer to strict DRM rules the more they will come to reject it. I honestly don't believe people will keep investing in computer hardware when it doesn't let them play their favorite burned CDs or permit them to hear their own MP3 collection. The quicker it is implemented on a large scale, the quicker it will be destroyed.
  • by night_flyer (453866) on Sunday July 07, 2002 @01:27PM (#3837243) Homepage
    since the 26th of June Slashdot has had five stories concerning palladium:

    http://yro.slashdot.org/article.pl?sid=02/06/23/ 16 41205&mode=thread&tid=109

    http://slashdot.org/article.pl?sid=02/06/27/1252 27 &mode=thread&tid=109

    http://slashdot.org/article.pl?sid=02/07/02/1617 21 8&mode=thread&tid=109

    http://yro.slashdot.org/article.pl?sid=02/07/04/ 13 14229&mode=thread&tid=109

    and now this one... shouldnt the paranoia level be turned down a notch till we have something a little more concrete?
  • by Anonymous Coward
    Everytime I read articles like this on Slashdot my head explodes. The claims that were posted are dependent claims. That means that they further limit the parent patent claim. In this case it's claim 1) that's why all the post claims keep saying "the method of claim 1 wherein,.." The scope of the invention is not the posted claim, but the posted claim plus claim 1.

    So while all you dorks think the scope of the invention is very broad, it's really very narrow because it further limts claim 1. The real issue is this: did claim 1 meet the requirements of patentability. For those that don't know there are two requirements - 1) is it novel and 2) is it not obvious to one of ordinary skill in the art. To show that it fails to meet requirement 1 you have to show that the invention was published or displayed in public one year prior to the filing of the patent applications. It's very difficult to prove that it doesn't meet the second requirement because what is "obivous to one of ordinary skill in the art" can be subjective. What's obvious to programmer without a degree may not be obvious to one with a Ph.D. or visa versa.

    • "To show that it fails to meet requirement 1 you have to show that the invention was published or displayed in public one year prior to the filing of the patent applications."

      care to elaborate on this, perhaps provide a link?

      One year is an awfully long time to allow someone to file a patent on something they found already published by another.
      • Well there is another requirement - that you must be the guy that invented it. That is nobody invented it before you. So generally you must be the first to invent, but after you invent the thing you have one year after it has been published, used in public, or offered for sale to patent.

        So it is not really as simple as the inittial poster put it.
      • The real requirement is that if you create 'art' that uses the invention (patent), you have one year to file a patent application. Otherwise, your prior art makes the invention public domain.

        If someone else creates 'art' that uses a new invention, and this art is disclosed (such as publication of a paper, posting to Usenet even...), then only that someone can attempt to patent that invention from that day forward. And, only within the first year.
    • It is meant to be an objective requirement. It is true that it is hard to administer mostly because you are asking someone that already knows about the invention, whether it would have been obvious.

      And the person applying for the patent should initially prove that his invention is non obvious.

      The non-obviousness requirement has been reduced in importance lately but it is really key for having a sensible patent system.
  • DRM and DAT (Score:4, Insightful)

    by buss_error (142273) on Sunday July 07, 2002 @04:55PM (#3837949) Homepage Journal
    People forget that DAT's started out as a DRM for audio. Anyone remember listening to Digital Audio on tape? Not many, huh? Most people didn't like the DRM and it wasn't adopted widely.

    The problem here is the same as it's alway been. Fair use is largely the intent of the person making the copy. Until technology can read minds (fate forfend!) there won't be a DRM that won't abridge fair use in some way. As long as DRM abriges fair use, popular adoption of DRM technology won't happen willingly. This is an attempt to ram it down on an unwilling consumer population.

    That said, the backlash that might build will depend largely on how intrusive Joe Six-Pack is going to find this new DRM technology. The second J.S.P. gets pissed off about it is the second elected officials are going to feel the heat. When they feel the heat, no amount of payola from ??AA is going to save it. MS is walking a fine line between control of content and pissing off J.S.P.

    Until Joe Six Pack starts screaming not much is going to change. Unfortunatly, this might be after the Fritz chip is in most consumer electronics, and it will be too late to do much about it.

    Don't forget that J.S.P. doesn't give a fart in the wind for the best technology. If he did, we'd have Betamax insted of V.H.S. We'd still have a Tucker auto, and not (fill in your most hated car). Zip and Jazz drives would be moldering in the dump, and we'd be using optical disks.

    Is this new technology from MS a Open Source Killer? That's going to depend on someone making MoBo's available without the Fritz chip. Sure, those systems won't be able to run XP, but there are an awful lot of people out there running systems that don't run MS products. I can't quite see (at this point, maybe in the future?) a MoBo that flat won't allow a non-DRM OS to run, just that it won't run in the "Fritz here, you can control this system" mode.

    That being the case, then I don't see Plaidium being quite the Open Source killer it is being painted. Not to say that it won't hurt Open Source, but it may not kill it. That's for the next evoloution of DRM. Which might be why MS is sending a sacrifice to Linux Expo. Calm down the Open Source zelots enough to get Fritz installed, don't use all of it's control capibillities until you reach market saturation, THEN whack those commie programmers when it's too late for them to save themselves. GAMEOVER.

You can tell how far we have to go, when FORTRAN is the language of supercomputers. -- Steven Feiner

Working...