Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Microsoft

The Power of Palladium 401

Posted by michael from the it-slices-it-dices dept.
phriedom writes "Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software. My favorite part though is on page two, where the Microsoft apologist says that ones view of Palladium 'depends on what you believe Microsoft's long-term aims are. If you believe it's to stimulate commerce and stimulate security, it's a step in the right direction ...and if you're perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers, you might have a different view of the same architecture.'" Wired also has a story claiming under-the-hood exposure to Palladium, although it doesn't seem to have much information that hasn't come out already. Update by J : Steven Levy's Palladium story, which we linked to in an earlier article, has allegedly been pulled from MSNBC's website. Anyone know if there's a simple explanation of this?
This discussion has been archived. No new comments can be posted.

The Power of Palladium More

The Power of Palladium

Comments Filter:

  • Microsoft: Palladium not just for Windows (Score:5, Informative)

    by savaget ( 26702 ) on Friday July 12, 2002 @02:35PM (#3872326)
    Read this story from Zdnet: News: Microsoft: Palladium not just for Windows [com.com]

  • Details on Palladium from EFF's Seth Schoen... (Score:5, Informative)

    by sheldon ( 2322 ) on Friday July 12, 2002 @02:41PM (#3872384)
    Apparently Microsoft met with the EFF to discuss Palladium. Mr. Schoen wrote up his notes from the meeting. [loyalty.org]

    His notes are more technical in nature and he doesn't make much in the way idle speculation, so they tend to disagree with much of the reporting that's shown up on slashdot.

  • good insider view here... (Score:5, Informative)

    by slashdaughter ( 309904 ) on Friday July 12, 2002 @02:45PM (#3872423)
    an interesting, detailed perspective on Palladium from someone who worked inside MS on some related stuff. TCPA and Palladium: Sony Inside [kuro5hin.org]
    -- -- -- --

  • "Microsoft Apoligist" (Score:3, Informative)

    by Little Brother ( 122447 ) <kg4wwn@qsl.net> on Friday July 12, 2002 @02:46PM (#3872435) Journal
    I think it is important to note that the person described as a "Microsoft Apoligist" is Farber, who testified against Microsoft in the antitrust trial...

  • I've seen it over and over and I'm tired of it... (Score:5, Informative)

    by prophecyvi ( 249996 ) on Friday July 12, 2002 @02:53PM (#3872492) Homepage
    The initiative, called Palladium, after the mythological statue that defended ancient Athens against invaders, sits on a set of technologies that have long been in use

    Not to nitpick, but I AM tired of it... the Palladium was a small statue of Athena in the city of Troy, not Athens - it was stolen by the Greeks very near to the end of the Trojan War. It was the basis for the whole Trojan Horse bit. The explanation the Trojans received when they found the horse was that the theft of the Palladium by Odysseus had so infuriated Athena that the Greeks had left the horse to appease her wrath. The idea was then implanted in the Trojans' heads that the Greeks very much did NOT want the horse dragged into Troy, for then Athena would favour the Trojans and might kill all the Greeks on the way home. (Which, ironically, she and Poseidon largely did anyway.) The Palladium is generally held to have been taken by Aeneas on his flight from Troy to Italy, or maybe by Diomedes to Sparta, but never Athens.

  • Moved to the pay site (Score:4, Informative)

    by lseltzer ( 311306 ) on Friday July 12, 2002 @03:03PM (#3872576)
    The Levy piece has moved to the Newsweek Pay Archives.

    Try this link [newsbank.com]

  • Re:The whole point... (Score:2, Informative)

    by GigsVT ( 208848 ) on Friday July 12, 2002 @03:15PM (#3872675) Journal
    They've said that the core of it will be open source. Of course their idea of open source is a lot different from Liber Software open source.
  • From the document:
    "Microsoft assumed as a design criterion for Palladium that existing versions of Windows should be able to run on a Palladium PC, as should existing Windows applications, as should existing non-Windows operating systems like Linux.
    There is no attempt to stop people from booting whatever code they currently use or may write in the future. In addition, the hardware trust features can potentially be used by specially-adapted software, regardless of what operating system is running. It is possible to imagine that a Palladium-hardware-aware version of Linux could be created and could make full use of Palladium's hardware features in order to achieve trust comparable to the Windows implementation. Microsoft is only writing an implementation for Windows, but plans to publish all the technical details."
    In other words: don't get your undies in a bind...at least not yet.

  • Why MSNBC pulled the article-no, it's not bias.... (Score:5, Informative)

    by spectecjr ( 31235 ) on Friday July 12, 2002 @04:55PM (#3873434) Homepage
    Here's the simple explanation for why MSNBC pulled the article:

    It's a Newsweek article.

    Newsweek charge for archive access.

    The article is now over a week old, and has been moved to their archives.

    Simple. If you want to get the article, you can still buy it from Newsweek for $2.95, or for a lot more if you want access to their entire library of stuff.

    You can still find it if you go to www.newsweek.com , and search the archives for Palladium.

    Simon

  • Java support (Score:4, Informative)

    by alext ( 29323 ) on Friday July 12, 2002 @05:42PM (#3873714)
    Having been to a number of MS 'Executive Briefings' my impression is that by far the most requested item by large customers has been proper Java support. Right now it is costing companies a huge amount of effort to integrate Excel and Outlook apps with Java-based transactional systems, and going right back to 1998 the story from MS has never been "How can we help solve your problem?", only "How can we dominate this space and exclude competition?"

    Ironically, we had MS people on site for over a year to gather 'requirements' and help 'influence strategy'. There's no real question that this was by and large ignored - a small insight into what perhaps has been one of the most dramatic examples of contempt for customers ever exhibited by a major corporation.

  • Re:Java support (Score:1, Informative)

    by Anonymous Coward on Friday July 12, 2002 @05:45PM (#3873735)
    Except, of course, that Sun has this problem with actually letting MS implement anything like recent Java specs on Windows ...

  • Nitpick on the Salon Article (Score:3, Informative)

    by Yankovic ( 97540 ) on Friday July 12, 2002 @07:11PM (#3874248)
    Perens says that "what is new here is that the customer's PC is getting hardware with the specific purpose of constraining the customer. Never before has a customer received a speed governor on his car -- and this is worse than a speed governor. It's like saying, 'You may never drive into this part of town.'"


    It's worth pausing to think about Perens' example for just a second. Surely some lawyer somewhere has suggested to one of the Big Three automakers that adding speed governors to its fleet could save the company a penny or two in legal costs. So why don't we have speed governors in our Fords?
    Cars sold in the US do have speed governors on them. It tops out at about 140-150 miles per hour, in Ford's (and others too, I don't know what those are). I've actually experienced this... we went out to the desert in my friend's Jaguar and actually hit it. It's why you can't buy a street legal porsche that can outrun a cop car.

    I further disagree with Mr. Perens as well. The content is all that will be limited, not the computer. The computer will not be limited in any way. You can boot into untrusted mode and use whatever you want. The content, on the other hand, may require the use of trusted mode. That simple.

  • Comparison to signed ActiveX controls (Score:3, Informative)

    by cant_get_a_good_nick ( 172131 ) on Friday July 12, 2002 @09:45PM (#3874818)
    I remember the whole IE ActiveX vs Java wars. MS's view was to get signed code. Java's was to build a sandbox, and if you want to break out of that, then you do the certificate thing, and then you have to let individual items through (allow reading local filles for example, but not write). MS has the bulk to say which one you chose, irrespective of technical superiority.

    Relying on 'signatures' to protect you is falso hope. Check on www.microsoft.com, search for "ActiveX Security vulnerability" using ALL keywords. You'll get 100 hits back, and the search cuts off at 100, so I don't know how many there are. Yes, the Java security manager had holes (these holes were eventually plugged). But at least there were limits, like a hole in the dike instead of it collapsing. How many IE holes were because certain ActiveX controls were marked "safe for scripting"? So this ActiveX had the run of the system. The controls are signed, but what's stopping a rogue person from obtaining a certificate ad releasing a bad ActiveX control (or a bad app). I remember someone did this, had a certificate and made code that was a proof of concept (I don't remember, I think he wrote soemthign in teh Run key, and you saw a message every time you started up). I also remember when someone pretended to be from Microsoft and obtained a key? Yeah, MS released a patch invalidating the key, how many folks didn't install the patch? Is there code out there with that key? If they can't even hold on to their keys, how can you trust them?

    How do you protect against bugs? Outlook wasn't intended to be malicious, but look what happened. MAJOR design flaws in Outlook, and how it's integrated into the system (a great deal of virus damage can be traced to the fact that Explorer by default doens't show extensions, and Outlook picks this up). Neither was sendmail, how many bugs came from that? OK, sendmail's signed now, I can still root you. Is a signed IIS any less vulnerable to Nimda? Is all the KaZaa spyware gonna get kicked off casue of this? Nahh, it's all gonna be signed.

    This is where a sandbox mentality is best. Something like the jail and chroot syscalls. Limit the damage that can be done to the system. Have all syscalls be available to be jailed, something like the security manager in Java. Have IIS be jailed to not be able to use connect() to dial out to other servers, jail the ability to make files anywhere other than a log-root, so it can't make startup files in /etc. Limit the damage it can cause. I forgot the Free-NIX projects that support restricted syscalls.

    A big problem with Paladium this it turns people into vertificate validators. How many folks do you know who know how to read a key? It's gonna be either accept all, or accept none, depending on what the default is. And if you accept, you're still making you're system succeptible to bugs and trojan horses.

    This just seems, to me anyway, to be Microsoft's way of pushing new software and hardware. I don't see it helping folks much.

  • Kuro5hin discussion (Score:3, Informative)

    by cant_get_a_good_nick ( 172131 ) on Friday July 12, 2002 @10:04PM (#3874874)
    They started a discussion on MS and Sony. Read it [kuro5hin.org], it comes from a former Microsoft developer

  • I found the "pulled" article... (Score:2, Informative)

    by 2bStealthy ( 512402 ) on Saturday July 13, 2002 @02:41AM (#3875796)
    http://www.msnbc.com/m/nw/talk/archive.asp?lt=0625 02_levy

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close