Analyzing Palladium 481
apeir0 writes "The Register has a story which proposes an ulterior motive to Microsoft's new Palladium: a GPL-killer. 'It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.' Is this a valid point or just paranoia?" Ross Anderson has been writing about this recently; we covered his paper a few days ago, and he's now got a Palladium FAQ up. Another submitter sent in this interview with the Microsoft manager in charge of Palladium. The Washington Post has a column. Update: 06/27 22:43 GMT by T : Bob Cringely also has a column on Palladium up, in which he says that several of his fears have been realized by it.
on a more serious note (Score:1, Interesting)
It seems to me that if the hardware isn't forced we end up with 2 distinct branches of the computing world. those that will still bow to the MS gods and those who do what the hell they want.
Basically nothing changes???
Where trust comes from (Score:4, Interesting)
Juarez:
No big shocker here. (Score:4, Interesting)
It seems that we, the mass public, are expected to give up the idea than when we buy something, it's ours. Now that even seems to include our hardware, not just our software.
Devices hostile to 3rd party peripherals (Score:5, Interesting)
> For example, some mobile phone vendors use challenge-response
> authentication to check that the phone battery is a genuine part
> rather than a clone - in which case, the phone will refuse to recharge
> it, and may even drain it as quickly as possible. Some
> printers authenticate their toner cartridges electronically;
> if you use a cheap substitute, the printer silently downgrades
> from 1200 dpi to 300 dpi.
I wonder if there's a list of printers and/or phones that perform in such a manner. I'm not sure if the law would deem such behavior as "anti-competitive", but I as a customer certainly find it so, as well as offensive.
No, it still won't work. (Score:5, Interesting)
Think about it for a second: a lot of people, though not the [MP|RI]AA, are going to be royally pissed off about this.
Therefore, they will be tempted to do something about it. So, we'll see one of these solutions:
Finally, I think the US
Again: I believe M$ is just testing the waters here. It's probably either a marketing test balloon or vaporware, designed to please the US government in these post-9/11 times.
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
YMMV, IANAL, Standard::Disclaimer and so on and so forth.
DRM similar to P3 ID? (Score:1, Interesting)
Lets face it for the H/W manufacturers to implement this it's going to cost them money. How will MS get everyone to co-operate? Lets face it Big businesses don't play nicely together very often - why this time. What will be their incentive.
If this is an MS ploy to rein in the renegade Linux lovers its very subtle and very clever - it definately needs to be watched. MS is very good at thinking about the long run when it comes to competition.
Then again it could be bollocks and we're all wasting our time
.
Re:No, it still won't work. (Score:3, Interesting)
Invisible hand (Score:3, Interesting)
Or so I hope.
Re:Ignore them. (Score:5, Interesting)
However I can't ignore this. It does worry me since most of my clients only know MS. It is very difficult to get your avarage joe user to break the MS habit, and some clients believe the FUD being spewed/parroted by media.
We can't ignore it, MS have a monopoly and they are going to leverage to its fullest extent until it is (if ever) taken away.
I cheer on your use of linux, but we are a minority, a well informed minority, but a minority non the less.
The Cartel Problem (Score:4, Interesting)
Remember: Palladium can only work if every company joins the conspiracy. Some, maybe even a lot, won't.
This, IMHO, is why it won't succeed for the same reason cartels designed to artificially restrict supply sooner or later all fall appart. Initially, people might go for it. When an economic disadvantage is passed on to consumers - designing this, after all, isn't free, and developers who can't or won't pay the fees required to have their code "Certified" will be unable to develop for that market - and consumers of Palladium PC's will be unable to use their wares.
This will result in a incentive for a manufacturer of CPUs or motherboards to produce a non-Palladium product. People will move to those platforms for a variety of reasons, producing an incentive to produce non-palladium products, springing up a non-MS taxed industry. It probably would motivate a lot of busy people like me to start working on GPL products to fight against the mark of the beast. Sooner or later though, a hardware manufacturer will spring up to produce hardware to meet the demand. That's inevitable.
This, frankly, sickens me to think about. I'll become physically ill if Apple announces they're going to soil their OS X and Powerbooks with this platform.
Re:on a more serious note (Score:2, Interesting)
Let's say, in my case Intel will lost 200-300 (all what's possible Intel) PCs yearly. but then again I'm only one. I will just move my bussines to first quality non-DRM platform (and if that's Apple than Apple it will be (god I'm proud I wanted my bussines as platform independant as possible)).
But to state my case more clearly, if there is 1000 resellers as I am, it will be a significant market loss. Anyone remember CPU number?
Call me paranoid... (Score:2, Interesting)
So, what are we going to decide? Will we allow the big companies (the 'Party') to take away all of our freedoms one by one? Today fair-use, tomorrow anonymity?
It sounds to me like this would be the ideal time to use the united force of all people around the world who value their freedom to fight the sickening proposals being made by those who stand above the possible effects of their ideas.
Certainly, this technology might be useful in certain situations, but it should never be used to limit the freedom of the individual.
Are we willing to sacrifice our freedom for the sake of the profits of the 'entertainment' industry? It would hardly surprise me if after a successful introduction of TCPA, the number of sold CDs/movies and the profits made on movies in theatres would rapidly decrease, instead of rise, like they did before the introduction of TCPA (profits made by the entertainment industry has continued to rise in the past few years, despite the doubling of the number of sold illegal CDs and the exponentially growth of P2P software over 2001).
I propose that we, the people, make our final stand here and let utter defeat be the fate of our opponent(s).
If I were an MS employee (Score:3, Interesting)
So if they want to get this adopted and in use - below the radar if possible - they have to do it very slowly. Get the stuff out there and then launch BigBrother.exe (or actually, bigbro~1.exe).
The obvious hole (Score:2, Interesting)
Frankly, I think it HIGHLY unlikely that one of these keys won't be uncovered, either by an insider or by a large distributted cracking project. And once a key is out, ALL THE MACHINES CAN USE IT TO BYPASS PALLADIUM.
Nuff said.
--
Re:Lots of problems ahead for MS (Score:3, Interesting)
All the manufacturers will be nodding their heads at MS while producing security free boards in the background. The market always follows what people want, and many consumers won't want to be tracked and stamped by MS.
Re:on a more serious note (Score:1, Interesting)
SUN to the rescue
Re:If I were an MS employee (Score:3, Interesting)
Re:Lots of problems ahead for MS (Score:3, Interesting)
I would think that an identification code embedded in hardware is going to be cracked, and in short order.
Hardware is enormusly dificult to crack, look at the ASIC on DBS cards for example, reverse engineering software is one thing, anyone with a afternoon and a hex editor can do that. Getting a electron microscope out and figuring out how the circuits work on a eeprom substrate is an entirely different matter.
What happens to Charlie consumer when he finds that his version of Word no longer works because some cracker has a hold of his unique identifier?
How about this, what happens to Charlie consumer when he wants to upgrade his system and move all of his software from one to another, you guessed it, he cant, its tied to the first machine for good, fork up another say $2000+ dollers to upgrade all of your software.
Just let MS run with the ball
Isnt that what got us into this mess in the first place?
In addition, I think it would die in Anitrust. Just wait until those computers start being returned, because they won't play nice with my operating system of choice, and watch Intel turn on a dime.
Isnt that how it should be? Vote with your $$$ just dont buy one and it will die a horible horible death, more importantly inform as many people as you can about it.
ibm laptop security chip (Score:1, Interesting)
The T30 security chip looks like a big mystery to everyone. I've been to a presentation of the new TP and no one could tell what the security chip does, or what it is there for.
We've been told that it might be used for storing passwords instead of storing them on the HD, and it can do more than that, but it is still unclear, so if a customer asks you about it, there's not much you can tell.
After reading the FAQ, I'll make sure I know where I can find the setting to disable it, as it seems it's all I want to know about using the chipset right now!
Re:Olympus SmartMedia (Score:3, Interesting)
I have an Olympus C2000Z with a panorama feature, which can only be accessed if I insert a Smartmedia card from Olympus with this feature enabled.
I recently purchased a new smartmedia card of 128MB from a white brand, and the feature is unavailable with this card. It *may* have to do with vendor lock-in, but it may also be that those Smartmedia cards have a special (read: more expensive) feature of providing more temporary storage or something.
Re:Devices hostile to 3rd party peripherals (Score:2, Interesting)
My thought is one of these companies will over step the bounds and get sued. Oh wait..Microsoft already did and they are buying their freedom. God I feel good about America right now.
Re:Ignore them. (Score:5, Interesting)
The parent post to which you replied should never have been marked Troll, and I will enjoy ripping the moderator responsible a new one on meta.
That having been said, I disagree with his suggestion that ignoring this problem is the answer, but not for the reasons you say (or at least, not entirely for those reasons). This must be fought tooth and nail, as we are being attacked from two sides:
1) Microsoft, trying to leverage their monopoly to impose further, very detrimental, restrictions on the freedom of customers to deploy the correct technologies for their solutions under the guise of DRM.
2) The entertainment industry, that is trying to legislate the very same restrictive technologies and require them in all digital hardware.
We would be absolute fools to ignore this.
Having said that, fewer and fewer people care about Microsoft's proprietary protocols. Even offices that deploy Microsoft on the desktop are, in my experience, deploying open protocols in place of Microsoft's wherever possible to avoid the sort of nonsensical moving target and deliberate breakage MS service packs often result in.
The result, interstingly enough, has been a quiet movement on the part of several businesses away from Microsoft not just on the server side, but also on the desktop
This is why Microsoft is scared, this is why Microsoft is trying to impliment coercive technologies that will remove the last vestiges of customer choice, and this is why their unholy alliance with Hollywood will likely succeed in creating a Revelations-esque dystopia if we sit on our hind ends and do nothing to prevent it.
Unfortunately we as Americans are so thoroughly conditioned to not become actavists about any cause, no matter how much we care about it, that it is very possible we will do nothing about it in time.
BTW - As another person who works at a company that has completely depircated Microsoft products and deployed GNU/Linux widely throughout our enterprise I can echo the original poster's comments (that were so unjustly marked as a Troll): Life as a non-Microsoft shop is damn good.
Re:No, it still won't work. (Score:3, Interesting)
Palladium is based on the patented Xbox method. The hack for that requires an expensive mod chip, a soldering iron, and a willingness to break your warranty and (arguably) the law in the form of the DMCA. That's pretty darn good security in practical terms, and it'll be better by 2006. This isn't some afterthought dongle, this is Palladium hardware that will only talk to the Palladium OS, and vice versa.
Bzzzt, wrong. Not enough market, and this won't open a niche, because Intel and AMD will sell expensive "server" versions that will run non-Palladium OS's (then expect to see sales licensed to "crack down on piracy"). But surely (I suspect you'll say) people will realise that it's better to support a cheaper and technically superior solution over a bloated expensive incumbent. Uh, right. Nobody every got sacked for buying IBM, goes the adage. Remind me, how is Transmeta doing these days? Still burning up the venture capital, right? OK, we can go to PPC, but that sinks one of the great strengths of Linux/BSD, that you can install it side by side with Redmond on your Intel/AMD system and see if you like it.
Er, yes. Or rather, I think that EU politicians will let it in, and then the EU courts will have to deal with it after the fact. You know, the way it always works. Third word? What's the interest in the third world? It's to increase the potential market. OK, but companies know that it's more expensive to recruit than to retain. It's way more efficient to lock in your high value customers than to spend money to try and persuade low value customers to join in. And once you're infected by Palladium, they've got you. You're never getting out. They don't have to win everywhere at once with this, they just need to start the ball rolling.
Spurious assertion. First off, by 2006 Microsoft plan to have everyone - corporate and residential - on software-as-a-service plans, with automatic updates. And they'll simply stop offering anything other than Palladium. Then look at it from the point of view of risks and penalties. What's the cost of not signing up? It's guaranteed exclusion from the Palladium network. Initially, that means Microsoft, which means (depending how they want to play it) patches, fixes, MSN, MSDN, Microsoft Messenger, Hotmail, Passport, you name it. Then if just one of your big customers or partners switches, you have to switch, or lose them. I agree that it'll be hard for Microsoft to get the ball rolling on this, but when it starts, my god will it pick up momentum.
Maybe I'm being Chicken Little. Maybe you're being Pollyana. But the costs of me being right are a heck of a lot higher than the cost of you being right. I say we scream about this, and we scream about it now, before it has a chance to gather momentum.
Does anyone read the articles? (Score:2, Interesting)
Outsourcing (Score:2, Interesting)
Second of all, Intel and AMD are the only games in the x86 desktop/server town. There is an Apple town, there are towns where Motorola is mayor, and Transmeta has moved in on a few. Don't forget to count the mobile processors. Your list is short by at least half, and I am sure Slashdotters could come up with more.
Re:Where trust comes from (Score:3, Interesting)
First of all, what they publish will be the interface to the hardware. The important stuff will still be hidden down in the hardware, or up in the application.
Secondly the code will only work if it is signed my Microsoft. If you change a single bit the hardware will flag it as "untrusted" and lobotimize itself, as the MS-DRM-OS patent puts it, it will "renounce the trusted identity". Altered code will not work.
MPAA/RIAA will jump onboard and start offering locked content. Sales of the system will be diven by movies/audio only useable on "Palladium enabled" computers.
The system will be cracked, but it will require a student in a college lab scanning the data off of the hardware, or maybe someone in his garage hacking a new circuit into the motherboard. It will be the biggest hack-target in history. It wont last long.
-
Re:No, it still won't work. (Score:4, Interesting)
One of the most successful chipmaker of all time is ARM. The first version of the ARM chip (a 16-bit RISC chip) was created by just two people, with no money, no help and no support from the main company (Acorn, at the time). If I remember well, these two people did not even have a lot of experience in chip design.
The great-grandchildren of this chip can now be found in millions of devices all over the world. iPaq, Nokia, HP, you name it: they all use it (even Palm, in its latest models).
Even when ARM1 came out, it was touted as more powerful than anything Intel had to offer at the time. It was also easier and cheaper to produce and consumed less power than all other CPU models.
And there are ARM clones out there, including one on Open Cores.org [opencores.org]. Not that I think that desiging an ARM clone is necessarily good, just that that designing a cheap RISC CPU can be done.
So, designing a complete "GNU Hardware" system is possible, and it could even be a way of ditching the mess which is the PC architecture.
Think about it:
Let's face it: some people (including me) would pay good money for a "no-Palladium" system. Especialy if I have no choice!
Operating Systems such as Linux are a commodity -- but a commodity that break M$ monopoly. I think it's time for the hardware itself to become a "free speech" comodity as well. And Palladium could push the Open Source community to do just that...
Re:Ignore them. (Score:5, Interesting)
This is a disabling technology and DRM management laws would be disabling laws. Take a look at prohibition to see what would happen. Most people will begin using computers illegally, black market devices and software will be developed, economic calamaty will eventually ensue due to the brakes being put on free commerce in many arenas, including Hollywood and Microsoft.
It will be one hell of an ecnonmic downturn. I alos predict that all the financial pundits will not key on DRM laws being the cause, but they will be.
Hmmm, seen this before. (Score:1, Interesting)
We've seen this before (with a slight new wrinkle.)
Keys not withstanding, this is a hardware crypto system decrypting ciphertext into plaintext, and forwarding the plaintext to file descriptors.
Wrote a paper on this, short synopsis is;
1- Only way to secure the hardware is to keep it out of the hands of people who could modify it.
2- Without secure hardware, software can not be secured (ciphertext is available before decryption, plaintext is available after decryption)
In short, stop looking at the FUD, and focus on the flaws in the design. This is not a very good system.
Know any 14 year old crackers?
True, but there are other factors to consider (Score:2, Interesting)
With the Macintosh crowd turning firmly toward UNIX-based systems with the release of MacOS X, it's all the more clear that UNIX is beginning to win back all the space it lost through the 90s.
What's more, the application suites in Linux are quickly beginning to rival those developed by MS for its own OS - I've tried OpenOffice 1, and it's just as good as its Microsoft-produced counterpart.
There's just one more hurdle to clear - getting independent software developers to see things the same way. Games make the system, and this is one area where Linux is lacking. Smash-hit store-bought games is one major reason why Windows took off. Linux still doesn't have the wealth of games that Windows has, unfortunately.
Here's my suggestion. Make inroads into the home market - get the average Joe User to see how well Linux performs - and word will spread like wildfire. As long as the only people who proselytise Linux are IT directors, it won't achieve the one thing we all want - the downfall of the Big Redmond Machine.
Linux has made considerable gains in recent years - and this is largely attributable to its consistently top-notch development system and the initiative to develop applications that compete head-on with similar Windows products. But it's not over yet.
As the columnist said, Tuxers, it's time for the gloves to come off.
Re:Between a valid point and paranoia (Score:3, Interesting)
Its kind of like noting that the Internet was in (somewhat) widespread use well before 1996, so why didn't Microsoft pay attention if this Internet thing is such a big deal. It wasn't until the graphical web browser showed up that Microsoft paid attention. Therefore, its not the Internet - its the Web.
In some people's minds the two ARE the same thing. And while they really are seperate entities, one depends greatly on the other for its success. And once the Internet with its more user-friendly flashy graphical Web front-end hit the scene... businesses, even those who had spent years running competing technology / practices, were forced to adopt it.
Linux and the GPL share many of the same traits. To the uninformed, the GPL and Linux are the same thing (if both aren't simply labled 'freeware'). The GPL license and GNU project layed the foundation for Linux. Linux drove the popularity of the GPL. At first GPL/Linux went unnoticed by the IT industry. And then it sprung forward, caught momentum, and is now an issue most IT Industry players must tackle - including Microsoft.
The GPL and Linux provide a whole range of threats to Microsoft. Competing software. Competing standards. Demand for open standards. Loss of control over implementation of those standards. Loss of control over publically available code, to include technology and code developed at Universities and through the US Government. Competative advantages to competing businesses able to adopt a business model that can make use of this code base. It doesn't matter if its specifically Linux or the GPL - its all full of nasty potential for Microsoft.
Microsoft's strategy is pretty simple. Linux presents a unique threat - it can't be bought, out-marketed, or simply smothered. Linux is grassroots and now a part of a wide number of corporate strategies. Its an IT industry hydra and the time-tested strategy of lopping off a head won't work. So Microsoft has decided to go for the heart; the GPL. Which would be a nice and neat thing to do - poison the GPL and ALL the issues of Linux and the GPL begin to fade.