Analyzing Palladium 481
apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.
Score -1: Troll (Score:2, Insightful)
Between a valid point and paranoia (Score:5, Insightful)
Lots of problems ahead for MS (Score:5, Insightful)
or even a high-level verification method. Obviously not, it's embedded in hardware.
I would think that an identification code embedded in hardware is going to be cracked, and in short order. What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique
identifier? And that he can't change that identifier without a new MOBO? Or that Microsoft is giving away his credit card number to anyone who can spoof his identity?
It's a common failing of software manufacurers to think that new hardware can solve problems that software cannot (CF pretty much every dongle ever made) Just let MS run with the ball until they realise that the same thing can be done in software at a fraction of the cost.
In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.
MS is Silly (Score:5, Insightful)
Apparently the US government does not think it's silly. Nor did the judge in the case who ruled against them.
Masters at work (Score:5, Insightful)
Anyone notice the inherent similarities (Score:5, Insightful)
Although, I guess if I had to choose between getting a new MOBO and new eyeball I'd pick the MOBO. Maybe this is Microsoft's attempt to be least-worst.
Palladium, Microsoft’s future? (Score:5, Insightful)
Palladium if it ever actually comes to pass is probably the biggest and most profitable enterprise Microsoft could ever possibly have imagined. Why? Secure software running on a secure platform. But what steps do you take to make this idea a reality?
A trusted hardware base. All hardware must meet certain operational standards that are set out by a central organization. For hardware to be "compatible" it must live up to the minimum of these standards. Similar to government regulated health and safety standards on all current hardware, but in this case software regulated. While this might not appear in Palladium version 1.00 it will definitely feature in its future, as all the big media companies want hardware copy protection.
All software needs to be certified by the above central organization. It wouldn't be out of the question for Microsoft to create an "external sub-company" to administer this side of the business and not seem like it's trying to be a monopoly. This new company would deal with Sun, Linux, Oracle, etc, in the same way it would deal with Microsoft. Why this might happen I'll explain later.
How will this software be certified? If a software company just uses any old computer language to create a binary, what will get certified the source code or the binary? This is an important question, how do you check that the software that's certified has no backdoors? As backdoors are the single biggest problem within a closed "secure" system.
Here is what I think Microsoft is making a play for:
The answer is a trusted programming language a.k.a
Microsoft is predominantly still a software-based company. While the IBM PC compatible hardware is Microsoft strong hold it's not the only hardware option. To a large extent Microsoft has won the desktop market. The only way they will lose it is if there's a change in the Client/Server (Desktop/Internet) relationship. Microsoft saw with Java how this relationship could change and Windows could become no more then a footstool for Java applications. If Java had become the programming language of choice for creating Desktop/Internet applications Windows would have become a very easily removed part of the equation. Enter all the dreams of the Net-PCs, a slimed down computer running cheap to free operating systems with a Java run-time on-top. Here's the twist. Microsoft liked the idea and with its power in the desktop arena knew it could succeed where Sun failed. Microsoft Windows might not be the flagship of Microsoft for much longer, as Palladium could become the software platform of the future. Two reason why I think this: 1) They could create a more "open" version of Windows knowing this would help them in their antitrust cases. But really knowing that all software by default will have to run under Palladium anyways. 2) Palladium will be run on all trusted hardware footprints (PC, Apple, etc). But Microsoft will use its power over the desktop market to implement Palladium through Windows. Once it has been accept as the standard that Microsoft believes it will be, demand from users of other hardware platforms to support Palladium will create the need for all client operating systems / hardware to support an implementation and because its all based on
With this move Windows steps back becoming primarily a desktop only environment running Palladium for all import tasks. Windows users will still be able to play all their games and fun applications, which might not be trusted but Internet access and important data can only be accessed through Palladium. Windows would sandbox trusted and untrusted software apart. So at an operating system kernel level trusted and untrusted software runs differently. Plus with Microsoft changing its file system from FAT/NTFS to a Database system untrusted software wouldn't be able to get access to this partition, both at hardware and software levels.
Now the "external sub-company" suggested above would be used as follows: This company would be "external" from Microsoft, and Microsoft would sell its MS-Palladium investment to said new company, which just happens to have Bill Gates as its CEO and many other big shots involved. This new company (which for ease of reference will be called "New$oft") will be now responsible for managing all the NS-Palladium implementation with all hardware / software companies. This implementation will required backroom access to all operating systems source code, to double check that there are no loopholes in the security of an implementation. Companies like Sun and Apple to an extent will have to allow Newsoft access to their primary intellectual property. Newsoft will check that the operating system cannot do any damage to the secure Palladium.NET network. As for Linux, Newsoft will create its own GPL distribution and modified Kernel, which it obviously has control over. This is all perfectly legal as Newsoft gives away all the source code for NS-Linux free. But when purchasing NS-Linux a license fee is paid for the NS-Palladium subsystem. All Linux updates will have to come through Newsoft before becoming part of NS-Linux. This will hi-jack Linux and removing control of the Kernel from Mr. T to Newsoft. Linux will still be as popular as ever but the distribution of choice will be Newsoft's because of market compatible pressures.
Now to the finial piece of the puzzle. Palladium will control access to different data and software features through certificates. Companies creating software that will run on Palladium.Net will have to get certified for developing different types of software. Meaning, not only will the source code be certified the companies that create the code will also have to be certified if they want their application have access to certain user data. This way only trusted companies will be allowed on the trusted Palladium.Net network. But the only way to create the byte-code is by using the Microsoft's Studio.Net tools. The byte-code that is created will have to adhere to standards that can easily be parsed for backdoors or loopholes. This way the certification of the binary process becomes a simple automated matter of checking the company's certificate permissions against what the binary byte-code is programmed to do. If the binary byte-code operates within the limits of the company's certificate we have a trusted program. This could even be applied to things like Palladium-Word macros, Palladium-emails to stop spam, the list of possibility is endless.
So to recap. All computer hardware is updated to have a Palladium microchip. The operating system has been updated to run Palladium's run-time byte-code. All software and software companies have been certified by Newsoft to be trusted. Linux is just another pawn in Newsoft's game of secure chess. Call this farfetched if you wish, but in Bill Gates wallet beside the picture of his children is a copy of this plan which he looks at daily, and smiles
Apple anyone? (Score:1, Insightful)
Victor Hogemann - hogemann@mac.com
Hardware based security is bunk (Score:2, Insightful)
And how do you patch hardware when you find, 6 months in, that there is a flaw? This is a giant step backward in technology, designed to make people go out an buy yet more useless crap for their computers.
What about a 'FAQ' for dummies? (Score:2, Insightful)
Anyone know where one could encounter a well written introduction to the problem, and a summary of the main points in the FAQ?
This would be good for people who's not technically oriented, but still use computers for variuos tasks. Those are the ones that must know about the implications of Palladium, to be able to protest against it with their wallets...
I'd write one myself if I posessed the insight and eloquence, but I suspect that many others could do a far better job than I.
so... 20 years late? (Score:3, Insightful)
Fritz H. needs to be un-elected. Anyone got good pointers on how to do that?
-- Multics
The MS sales drones sure think its a threat... (Score:1, Insightful)
We're talking about people's time at many thousands of dollars per day. However much we need. They won't do it for almost any other project... So I'd say yes, they see it as a threat.
Re:Between a valid point and paranoia (Score:1, Insightful)
The requirement of Palladium for online content viewing makes a lot of sense, mainly because it forces a hardware upgrade. And Microsoft sells a huge amount of software on an OEM basis, so this forced obsolescence works well for them. Hardware makers love to hear that everyone needs a new computer.
But it won't work. People upgraded hardware a lot when computers were evolving. 'Puters haven't changed a lot in the last 5 years, from the consumer's perspective. Why should I buy a new computer when my current one(s) do what I want them to do ? And, anything they don't do (that I would like them to do) I can get in software. Lack of upgrades is killing Microsoft's revenue, so they are squirming. Palladium is but one fork of the attack - another is subscription software. Prolly others coming too.
It is the sign of a really really rich company looking really hard towards a new business model in the future.
Re:Flattening (Score:3, Insightful)
The Fritz chip will prevent any non-[MS|RIAA|MPAA]-approved software from accessing a protected document. And in the Palladium/Fritz scheme, to get [MS|RIAA|MPAA] approval the application will not be allowed to have a useful "save" option.
Of course, maybe all you need is a single "buggy" but approved application to get around all this.
Another way would be to digitize the video or audio coming out of your PC, but after the MPAA makes owning or building unrestricted A/D converters illegal [eff.org] this won't be an option. (Except to those of us who know how to build A/D converters out of stone knives and bearskins and live in the underground economy).
Re:The Cartel Problem (Score:4, Insightful)
Cartels like the diamond industry? That was has been going strong for ages! Cartels like OPEC? It may not have the strength it used to, but it still has a tremendous amount of control over oil pricing. I hope you're right on this one, but it's not a given.
Re:Invisible hand (Score:3, Insightful)
This will not result in the removal of the crippled products, it will result in tariffs on the imports. The open hardware may be available, but it will be available only via the black market.
Ignore them and you'll vanish (Score:2, Insightful)
So even if they put a TCPA-compliant Linux on that hardware, because that hardware mix is not approved then they won't be able to use TCPA-restricted services. They won't be able to communicate with TCPA-locked clients and suppliers.
Even if they buy TCPA-compliant boxes with TCPA-crippled Linux, they will have to run only TCPA-approved applications. A TCPA-approved application can not trust data from a non-approved application (or else the app is at risk of being damaged/subverted by the data -- a buffer overflow or other attack can make an app do unapproved things). So they can't have TCPA apps read the output from custom programs, and can't create services for clients which involve their own unapproved software.
Re:Hardware based security is bunk (Score:1, Insightful)
I agree that it is ridiculous to expect that the hardware will never fail...and either the devices are going to share a key (total compromise the first time it is cracked) or there will have to be a huge database containing the public keys for all of the devices, making security dependent on a trusted party providing this service...also bad and unpractical.
Re:No, it still won't work. (Score:5, Insightful)
Today, chipmaking systems cost in the billions of USD. No one is going to start a garage shop to fabricate these things - they will have to come from established (read: large) manufacturers. Large companies are very susceptible to government pressure: "no DRM instructions in your new CPU? I guess we will have to cancel that big secret contract with the NSA, and also sic the SEC on your financial statements."
Similarly on the CPU side: Intel and AMD are really the only games in town now. Any new systems would have to "play ball" with one of those two. And again, as large organizations (in Intel's case with large US Government contracts) they will fall into line if pushed.
sPh
Absolutely Right (Score:4, Insightful)
Absolutely right.
Then, lets not forget cartels like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), who have successfully lobbied for and purchased legislation to enshrine their oligarchy into US law.
These are the very people who are pushing for this sort of nonsense, and a software monopoly as a result would be fine with them (indeed, perhaps even preferable to a free market, since it is only one point of pressure/influence they would require).
We are absolutely kidding ourselves if we do not think this is a serious threat to Free Software, the GPL, and our very freedom as human beings.
Re:Lots of problems ahead for MS (Score:3, Insightful)
Re:Lots of problems ahead for MS (Score:5, Insightful)
DRM is coming, and if people don't like it, they will have to move fast because with AMD and Intel promising support, there isn't much stopping DRM legislation - apart from some teenagers and some commie-hippy protestor types.
So get ready to wear the mark of the beast...
Re:Invisible hand (Score:5, Insightful)
They're going to let you switch it off. However, if you switch it off, you wont be able to generate or use "trusted" content, and if 80% of people do not accept your "untrusted" content (with a little help from some cunningly-worded MS error messages), you're up shit creek (to use a common engineering term).
The carrot will be Hollywood DRM content, and the stick will be in creating the perception that MP3s, Oggs and Linux are in some way "untrusted".
better transactions? (Score:2, Insightful)
I don't see what any of this has to do with people trusting the internet for transactions. How can I trust my transactions any more than I can trust it now with an SSL based system? Ok, so under Palladium I would know that my Netscape binary has been reviewed and was trusted. But I pretty much believe that already. That's not the reason people don't trust internet transactions.
One thing I find interesting about this proposal is that it requires some level of code review before release of any software. All source would need to be submitted to a third party to ensure that the code can be trusted. That sounds like quite a mess to me.
Devon
Re:Lots of problems ahead for MS (Score:5, Insightful)
Sure. Remind me, where do I download the software hack for Xbox?
Sorry, you're just plain wrong on this one. Trying to impose security on an insecure OS with a dongle is wildly optimistic. But tying the hardware and the OS together is - demonstrably - not. Modding an Xbox requires a hardware hack, and Microsoft aren't idiots; they'll learn from the Xbox vulnerabilities and make sure that Palladium is harder to crack, or they'll have got their para-legal team hopped up and ready to take down any mod suppliers the instant they appear (note that one Xbox mod chip supplier went under today).
I'm not saying it'll be impossible, but I am predicting that it'll be damn hard and will require more than just a soldering iron and a cavalier disregard for your warranty, the EULA and the DMCA.
As regarding it dying in antitrust... well, we've seen how fast the DoJ moves on these issues. As for returning computers, what's your basis for believing that by 2006 you'll be able to buy a generic naked system without a Microsoft OS installed? And if we're talking about individual components, what will the market be for people who want to install a non-Microsoft OS but who won't realise that a stock consumer Intel/AMD chip won't talk to it? 2%? 1%?
This is a big deal. It's the Son of SSSCA, dressed up in pro-consumer clothes. It's not mandatory, just de facto (i.e. zero difference in practical terms). The response to any legal challenge will be that if you really want to run a non-Microsoft OS, you can pay extra for "server" or "pro" versions of CPU's (and whatever other components have jumped on the bandwagon). Fine, but how long before the anti-piracy argument gets leveraged to push through either a consentual or compulsory scheme to license access to non-Palladium parts? Six months? Less?
We can argue this until the cows come home, but let's agree to compromise. If you're right, you can say "told you so". If I'm right, I can say... well, whatever Bill allows me to say. Fair enough?
Re:Ignore them. (Score:5, Insightful)
Which FUD are we talking about? This entire series by been a collection of FUD on both sides. In case you missed it Slashdot is also doling out large quantities of:
FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?
As a community, we've not only grown a huge distrust for Microsoft, we've grown a love for their methods. Not only do we happily wage wars with FUD, we seem (as I look through the moderated up comments), apparently advocate licenses that prevent Palladium from working with "open hardware" (sorry, but that doesn't sound open to me, it sounds as exclusionary as Microsoft's standard tactics).
It's about time we returned to our core beliefs, before we lose them entirely and become what we claim to despise.
Re:Ignore them. (Score:3, Insightful)
Which is amply demonstrated by the fact that this is the second time the story has been posted this week.
The Register article shows only that the reporter has no clue as to what Palladium is and what it can and cannot do.
No DRM solution is 100% secure, the issue is not eliminating piracy, it is raising the barrier sufficiently so that the content owners are confident enough to release material and for the level of piracy to be low enough that people can all make a buck.
Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.
If you run Linux you are not going to have a Palladium certified O/S and many content providers are not going to sell stuff to you. But that is exactly the current situation. Palldium is only going to mean that Windows users can get content that the owners will not release without strong(ish) DRM.
Microsoft's win-win (Score:2, Insightful)
Re:Ignore them. (Score:2, Insightful)
No, dumb fuck, we're not.
But those of us who are affected by the attempt to legislate DRM rights (as noted in my post) are.
The point remains, even if it is over your head.
Re:If if changes the Unix/Linux security model, fi (Score:5, Insightful)
I find it amazing how folk can start a sentence 'I don't know anything about this' and then go on to pontificate. Examples of this behavior include practically every Senator's reaction to the pledge of allegiance rulling (I haven't read the rulling but I'll make a dumb-ass statement to protect my base) and 50% of the posts on Slashdot by Linux people on WNT.
Under WNT you can set the O/S up with very strong file access permissions. It is not unusual to configure a WNT machine so that administrators don't have access to user's files and if you read the manual you can set the system up so that nobody has system privillege, administrators who can mod user accounts cannot modify the system log etc.
With W2K and later you can turn on the encrypting file system. By default the administrator still has the ability to recover files via the recovery root. But you can export that to a floppy disk and put it in a safe. You can also integrate more powerful Key Recovery systems from third party vendors that enforce dual control over recovery.
UNIX was not designed to be a secure O/S. The security it does support is a subset of the security mechanisms of MULTICS. The design observation made at the time being that the machines of the day (early PDPs) could not support a complex security model.
It is unfortunate that so many people mistake age for security. By the time VM-UNIX was developed the VAX 11/750 VMUNIX was developed on was capable of supporting a sophisticated security model as VMS proved. But like so many UNIX design features what had originally been a shortcut had been elevated to the status of dogma.
Definition of "Source Code" (Score:2, Insightful)
The GPL is a bit vague on what exactly constitutes the "source code" for a work: it is defined as "the preferred form of the work for making modifications to it". For a program which won't function fully without being signed, a strong case could be made that the "preferred form" for modifying the work is the source code plus the key used to sign the binary; after all, if the "source code" doesn't include enough information to reproduce the binary actually distributed, it's not useful for modifying the work. The GPL also specifies that for an executable program the source includes "the scripts used to control compilation and installation of the executable", which for a signed executable would include the script to sign the binary.
Thus, the danger to the GPL might not be that it will lead to GPL programs that you can't actually modify, but instead be that it will be impossible to get a GPLed program certified. Even if it is certified, it will be illegal to redistribute the resulting binaries without the key, which of course won't be available. If the person or company that produces the program is the sole copyright holder, they can of course distribute it anyways, but it won't be redistributable.
So I'd say that TCPA, Palladium, and other DRM schemes do pose a threat to the GPL, but not for the reason Ross Anderson claims.
Where is Apple? Where is Sun? (Score:2, Insightful)
It doesn't look like Apple is getting brought into this at all -- I've heard no mention of either them or Motorola (they make Apple's CPU's right? or am I wrong?) being involved in the whole debate -- and a lot of people use macs.
Furthermore, a lot of
Maybe macs and Suns will become more popular because of this Palladium thing because you can still pirate software and not let MS root your box.
What do you think?
Re:Ignore them. (Score:2, Insightful)
Attempting to rig a DRM solution so that people could only run MSFT O/S would be (1) illegal and (2) very stupid since people would have a legitimate reason for bypassing the alledged DRM measures to run Linux.
One of the things that you semm to have missed is that pointing out the possible abuses of the DRM technology is a first step in preventing those abuses.
Reason for FUD (Score:3, Insightful)
B this is just the initial stage of "freaking out." I, for one, never thought that anything short of an *obviously* oppresive gov't law could stop open source or the GPL.
But now that is changing. I'm worried. Here's why:
If the TCPA's ideas becomes law, and old applications are made incompatible, or more likely, obsoleted by new ones, people will be required to upgrade to new hardware/software to get much of anything done, as I see it. Upgrading is a source of revenue for corporations (e.g. MS), I think it's safe to say they would try for this if they could.
If this becomes standard and exclusive, there isn't a whole lot the OS community can do, especially if it is illegal, IMO.
The only thing to stop this is a huge outcry from the tech community and/or the education of government officials. Past that, the Joe Publics will have to become angry. And considering the Joe Publics I know, that isn't likely unless the idea of their computer being run remotely is spread around.
I think Joe Public can handle not stealing music. He might be used to it, but after all, by common definition, he is stealing it.
I think Joe Public won't mind the "extra security" if he thinks it's there. People aren't retarded, but often ignorant.
That is why I worry.
There is no way this could last forever. That would be retarded -- even congress has to learn about technology sometime. But what I can forsee in a possible future is a world where the companies have put their other foot in the door of our computers (and wallets). And it'll take a fight to get them out if they get that far.
To be honest, I'm scared. Fear, uncertainty and doubt are being spread because we (or at least some of us) believe in it. FUD from companies is typically BS with no thought behind it. This FUD is genuine fear, IMO.
Re:Ignore them. (Score:2, Insightful)
Re:Ignore them. (Score:2, Insightful)
>FEAR: Of loss of privacy, of misuse by Microsoft, os loss of user's rights.
Micro$oft has proven over and over again that they can not be trusted with sensitive data. Go to google and do a search on Microsoft and privacy. You are returned with a list of 1000's of articles about their poor performance in this area.
>UNCERTAINTY: of what's going to happen period. Almost everything I've read so far is speculation.
Given what the chief Micro$oft researcher said in his interview, it sounds less like speculation and more like well reasoned logical deductions as to what the company will do with this technology.
>DOUBT: Doubting Microsoft's intentions, doubting it will work. How much doubt do you want?
Given their track record, I can hardly see where expressing doubt about this company and its intentions is unwarranted. This is after all an acknowledged monopoly, which has been found to have abused its power by a court of law. It is a company that has shown nothing but open hostility toward OSS and more specifically, GPL'd software. Further it has gone out of its way to invade users privacy in ways very few other companies have even dreamed about, like the media player that phones home. The list of abuses goes on and on and on.
So in the final analysis your condemnation of all of this as our own FUD attack against Micro$oft is completely unfounded. It is not FUD to call Micro$oft exactly what it is, an avarice monopoly with less business ethics than a bowl full of pond scum.
Why should I care? Where's the "killer app"? (Score:3, Insightful)
All of this matters how, exactly? If I can run a non-TCPA approved OS (even Windows XP) on the TCPA motherboard, so what? Isn't that the same as running a non-TCPA approved OS on a non-TCPA motherboard? I don't get it. So I can't use TCPA-restricted services or run TCPA-restricted software. Big whoop. I can't do that now!
TCPA will only matter if it reaches critical mass, but people (and corporations) will have little incentive to upgrade their hardware AND their software just to run Longhorn/Palladium unless they can't do something critical without it. In other words, the TCPA-restricted services and software will have to be required, and how will they ever become required if everyone must first upgrade their hardware AND OS AND applications?
I really doubt M$ can reach critical mass on this one. What's the "killer app" that drives everyone to TCPA/Palladium? Movies? -- Hollywood would have to stop releasing on DVD and switch over 100% to a TCPA-restricted medium first, and frankly at that point I'll just stop buying movies. Remember, society got along just fine from the 1900s to the early 1980s without owning/renting movies, and we got along just fine in the 1980s and most of the 1990s owning/renting them on VHS. I'd miss DVDs, but I won't replace my entertainment system if they stop selling them. Treating me like a thief isn't going to make me rush out and replace my TV, VCR, & DVD player with something that performs exactly the same (and refuses to play my old DVDs!). The RIAA and MPAA both think society can't get along without them, but they may be in for a rude awakening.
eBusiness? So far they haven't been able to entice everyone to pay bills or shop exclusively online, and forcing a complete system upgrade first isn't going to make it more attractive. Why business would rush to embrace this eludes me. My job is making in-house software for Fortune 500 companies, and they hate spending money on things like automated testing tools; they sure aren't going to like having to pay an outside company to certify their in-house software before their own computers will run it. Hell, who certifies the development copies so they can even be tested? Companies are not going to replace all their computers just so they can increase their software development costs.
Nobody's going to go for this -- there's no "killer app."
Re:Ignore them. (Score:2, Insightful)