MS Palladium Patent 409
Concerned Citizen writes "cryptome has Microsoft's patent for Palladium. Including such gems as: 2. The computerized method of claim 1, wherein protecting the rights-managed data comprises:
refusing to load the untrusted program into memory. 14. The computerized method of claim 1, further comprising:
restricting a user to a subset of available functions for manipulating the rights-managed data.
And I'm sure we'll all be coerced to agree to Palliadium during a future security patch agreement."
Security Patches (Score:3, Informative)
Re:Security Patches (Score:4, Interesting)
Re:Security Patches (Score:2)
I don't want anybody doing anything to my system but me. Automated or not.
*I* AM BEST SUITED TO DETERMINE WHAT'S BEST FOR MY COMPUTER. ONLY ME. NO ONE ELSE.
sedawkgrep
Do you hear that too? (Score:4, Funny)
Yeah, but I don't think it was Microsoft... (Score:5, Funny)
I feel something terrible has happened.
*** SOME TIME LATER ***
KONQUEROR: Our position's correct except... no cryptome.org.
ME: What do you mean? Where is it?
KONQUEROR: That's what I'm trying to tell you, kid, it ain't there. It's been totally blown away.
ME: How?
It's been destroyed... by the Slashdot.
KONQUEROR: The Slashdot crowd couldn't take down the whole site! It would take ten thousand people with more free time than I've...
*Alarm bell goes off*
how 'bout apple (Score:3, Interesting)
So if palladium does become reality I'll have to swap over to Mac.
But wait: doesn't M$ 0wn apple? (25% stock?) Does anyone know about DRM plans on mac?
Re:how 'bout apple (Score:5, Informative)
Microsoft quietly sold their stock (for a profit) some time afterward.
Why wait for Palladium to switch to Mac? (Score:2, Redundant)
The only reason why I'm using windows is because MS office is still superior
MS office for Mac is superior to MS office for Windows. Go figure.
So if palladium does become reality I'll have to swap over to Mac.
Why wait? [apple.com]
Re:Why wait for Palladium to switch to Mac? (Score:2, Interesting)
Re:Why wait for Palladium to switch to Mac? (Score:2, Funny)
Re:Why wait for Palladium to switch to Mac? (Score:2, Insightful)
Re:Why wait for Palladium to switch to Mac? (Score:2)
IE itself doesn't handle displaying PNG files on the Mac. The Mac has a very good system for seemless integration of different products. Quicktime displays the PNG files on Mac IE, as it can in Windows, but does it seemlessly. MS Office for example on the Mac can call upon the default image editing program (assuming program is written to specs), which is generally Abode, and can allow you to edit an image extensivly inside Word.
Re:how 'bout apple (Score:3, Interesting)
Not looking back...
Of course, the worry about Apple is they are the only source of mac's, and they'll be subject to any DRM laws if (when) they get put (paid) through the US govt.
Re:how 'bout apple (Score:2)
MS office is still superior
Give OpenOffice (or StarOffice if you need the extra filters or the Access-like component) -- We used Access and Excel in a huge way but now StarOffice has replaced it without causing any of our office staff any trouble. Definately worth a try.
Unfortunately you're absolutely correct about Director and Dreamweaver (although Quanta is showing some real promise). Quark is evil nasty horrible software.
Re:how 'bout apple (Score:2)
There is no good equivalent of Access, and the scripting language of Excel -for me- is easier to use than OpenOffice version (even though that one is technologically superior or whatever). I've tried adabas but it just doesn't have it.
Keep your comments about Quark to yourself. If you don't like it don't talk about it. At the oment it is still the only good program for multicolor prepress work. Why don't you write something better if you have such an opinion about it?
Re:how 'bout apple (Score:2)
Re:how 'bout apple (Score:2)
The good equivalent of access is . If you need the (yes I admit) nice front end then there is a plethora of GUIs for interacting with MYSQL and POSTGRESQL.
As for scripting in excel you might want to try gnumeric with gnubasic.
graspee
Re:how 'bout apple (Score:2)
The real question is going to be whether Intel, AMD and the motherboard and chipset vendors will go along with this. Intel has already voice opposition.
So long as you can buy and run hardware/OS choices that don't force you into this, it doesn't matter to me.
On the other hand if something like the Hollings bill passes, things will be very dark indeed.
Cracksmoke Detected! Send moderation reinforcement (Score:3, Interesting)
AMD and Intel have both signed on to palladium. It is a done deal. The motherboard makers have no choice, they will be starved of the latest fastest CPUs, if they refuse to cooperate. Possibly even starved of the older slower CPUs... AMD and Intel will simply refuse to manufacture them (there is precedence, AMD clobbered the 486's that embedded systems engineers liked so much). The chipset manufacturers will either clone the DRM features, or be left out.
There is no escaping this. Laugh all you like, point at Circuit City's DivX if it makes you feel better. I could explain that too, if you cared to know. And when the marketing weight of 1 billion cluelesss idiots buying the computer the Dell dude tells them to crushes you, I'll be laughing at you. Admittedly, only a split second before I'm squished like a bug. *shrug* OS choices? What choice? Linux kicks ass, no argument here. But it simply won't run. "Yet more proof linux is insecure, it won't run with palladium!". We're all sooooo fucked. Does anyone have some lube? This is going to be a big one, and I'm afraid my virgin ass just won't be able to take the punishment...
Conclusion: You are simply a flaming retard, incapable of seeing the nearly immediate, and agonizingly obvious. You're standing there, admonishing us all not to panic, even though those that choose to look can see the 500 ft tall tidal wave getting ready to crash. If ever there was a time for panic, it's now.
*LOL* *Sobbing*
Re:how 'bout apple (Score:3, Insightful)
> Apple has no stated direction on DRM, except
> perhaps putting the DRM on the user with stickers
> like "Don't steal music" on the iPod.
Actually, Apple does have a stated position on DRM. It was stated by Steve Jobs when he accepted a Grammy for Apple (as reported on http://sg.news.yahoo.com/020227/1/2jun2.html):
-> "Apple strives to protect the rights of both
-> intellectual property owners and consumers
-> alike and believes there is a 'middle path' in
-> digital music distribution which actively
-> discourages the theft of music, while at the
-> same time preserving consumers rights to manage
-> and listen to their legally acquired music on
-> whatever devices they own," he said.
Microsoft's vision of DRM (and their own Millenium) is a dire threat to Apple. If the Hollings bill goe through, and Microsoft's Palladium is chosen, Apple would either be indentured to Microsoft or be destroyed. Apple's only hope is to find a way that will satisfy both content creators and content consumers (who are both Apple's customers), and that will let Apple get on with the business of building great computers for both camps.
"Mothra's attack is working."
-- Shouta, "Mothra 3: King Ghidora Attacks"
Microsoft may be worse than you know: (Score:4, Interesting)
"I've heard WinXP removed the cmd/command prompt."
No, they didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)
The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.
Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.
The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.
When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.
People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP has added new programs for configuring the OS that work only under DOS.
Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.
Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.
Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:
So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer [jscript.dk]. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.
It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking [usdoj.gov]. The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.
Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.
Note that Microsoft does not support making functional complete backups under Windows XP: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation [microsoft.com]. Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.
Note that the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft article. So, if you have a failure, you may not be able to recover unless you have a spare computer with the same motherboard.
Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.)
Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.
Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer.
Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch gave Microsoft administrator privileges over user's computers [theregus.com]. If users want to patch their system against a bug which would allow an attack over the Internet, they must give Microsoft legal control over their machines. See this article also: Microsoft's Digital Rights Management-- A Little Deeper [bsdvault.net]. You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.
This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you [theregus.com]. Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS [zdnet.com].
Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.
These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.
Corrections and additions to this comment will be posted at http://hevanet.com/peace/microsoft.htm [hevanet.com]
Trust (Score:4, Insightful)
Re:Trust (Score:2, Insightful)
you cannot get rid of OEM software by Microsoft, even if you are not agree to its EULA, did you forget?
People will just get their Palladium with new computers. And there will be no other options, same as now, when you almost cannot buy a new computer with anything but Win XP.
Never overestimate the public (Score:2)
Would people use software that was known to crash regularly, costing them time and money and making them do the same work over?
Would people buy new versions of software when it was known to be extremely bloated, take much more resources than previous versions, and contain megabytes of dead useless code?
I submit that your expectation of the wisdom of the buying public has no basis in fact.
Re:Trust (Score:3, Insightful)
1) WinME sold millions of retail copies, not only ones that were attached to machines. These people were not forced to upgrade, unless you consider "forced to upgrade" to be the same as "being convinced through marketing". If that's the case, you were "forced" to buy the car you bought (assuming you own one) or the jeans you wear (assuming you wear jeans) or the soap you use.
2) CE has no monopoly power and continues to gain marketshare at the fastest rate of any embedded OS (IDC embedded market share numbers 2002) In fact, the monopoly power in this market is Wind River, who is being investigated by the FTC.
3) If MS gets out of the xbox market, then i might say you are right (assuming no other factors are at play). However, i wouldn't consider competitive price reductions to indicate anything other than costs of production went down and they wanted to put additional pressure on Sony and Gamecube. PS2 had slower sales when it first launched, and less games.
4) SQL server is the fastest growing database (IDC worldwide database tracking numbers 2002). Faster than Oracle, faster than IBM. Unless free databases change their share and growth numbers dramatically, the people who are going to suffer are DB2 and Oracle, not MS. Free databases are flat, not growing. In fact, Access share is growing faster than free databases (again, IDC WW DB market number 2002). "Expecting declines" is not really a debating point, other than stating your opinion. SAPDB? Interbase? These are below 1% in share numbers. At least use alternative low end databases to make your point that have some standing (Progress DB and Pervasive are two examples). Unfortunately, their market shares are shrinking as well.
5) IIS certainly is not #1, but is launching with a 2 year lag on Apache (not including first versions of NCSA 1.3 which became Apache... ultimately more than 5 years from the first launch of NCSA/Apache to the first launch of IIS). Also, certainly you would not consider MS to have a monopoly on servers all that time (even now). Flavors of Unix, until recently, were the primary OSes for servers, and though Windows is now #1 (IDC server operating system market share numbers 2002), it certainly does not have a monopoly.
Your point, about the investment style of MS, is invalid because many many companies develop this way (Merck, Amgen, J&J, Ferrari, HP, Xerox) where you develop many technologies, see what sticks, and then run with what does. They also have not been shown to exercise monopoly pricing (where marginal cost = marginal revenue). This is a fine but important point. Monopoly pricing is an exact term used by economists to indicate a condition where price of goods and restriction of output. This has not been shown to be the case on Windows, though Windows is a monopoly, and, though intuitively it seems to be the case, the have not been proven to have a monopoly on office at all, let alone to be engaged in monopoly pricing.
Also, unless you have insider information, you do not have MS's return on investment numbers for these projects. How could you measure them (and then determine success or failure)? Further, this is not the only way to measure success. There are lots of reasons to make investments, and direct revenue ties may only be one of those reasons (improved branding, adoption of the platform, competitive pressures, etc).
Doesn't Java do this? (Score:2, Informative)
Re:Doesn't Java do this? (Score:4, Informative)
-jhp
Re:Doesn't Java do this? (Score:2)
What about anti-virus stuff, too? (Score:2)
It seems the link is /.ed, so I can't check the details... Does anyone know whether the patent would be claiming established anti-virus techniques as well?
Re:Doesn't Java do this? (Score:2, Insightful)
Bill wants to turn your entire machine into HIS sandbox.
Re:Doesn't Java do this? (Score:2)
Follow-up to Cringely's Column (Score:5, Informative)
Most of you will remember a last week's
It's probably worth noting that Cringely responds in this week's column [pbs.org] to the reaction that followed that original panicked (and, knowing MS, probably justified) outburst.
Re:Cringely has littl idea what he is talking abou (Score:2)
What is so amusing about that? The probable reason why not enough detail isn't out yet is because MS does not know how it wants to execute it's latest strategy yet. Given a string of disasterous failures MS probably wants to take more time to plan a more foolproof method of making sure no comeptitors software runs on intel based platforms and that no teenager can write the next killer app.
I think that anybody in this world who thinks MS has good intentions or is looking out for the consumer belongs in a mental institution. We all know what MS wants to do we just don't know how they are going to do it.
It's not too early to jump all over them for what they want to accomplish.
The Declaration of Software Freedom (Score:3, Funny)
To juxtapose the Patent against:
The Declaration of Software Freedom [freedevelopers.net]
(read the whole thing!) of which a subpart is:
"Current Software Commercial Organizations
hide source code to keep developers divided, disenfranchised and
dependent; tie inferior products to dominant ones; defiantly violate and
avoid court orders; quash promising competitive start-ups; leverage
dominant products into other, unrelated businesses; carve up markets to
eliminate real competition; utilize predatory pricing practices to
foreclose competition; commoditize and objectify their customers by making
them captive; cause developers to constantly re-invent the wheel by hiding
the source code; exercise general thuggish behavior in business dealings;
compel weak competitors to destroy their own innovative products to
protect established profitable ones; fail to respond to customer requests
and needs in a timely fashion; exploit natural "choke-holds" in the
economy for their own advantages; manipulate and delay technological
progress to maintain supremacy; hide coding bugs thereby jeopardizing
stability and security; de-humanize software developers by considering
them as "inputs" or "assets"; stifle innovation; "embrace and extend" or
otherwise pollute open standards in order to break and appropriate them;
use exclusionary contract provisions to enforce censorship over disclosure
of bugs and defects; shut-off or block channels of distribution to
legitimate competitors; announce vaporware to foreclose adoption of real
competitive products; frustrate, taunt and antagonize governmental
officials protecting the public interest; truncate choices; create
confusion and frustration in users by selling inferior code; take the
innovations developed by others as their own; practice differential
pricing to punish those that oppose them; misinform and exploit users;
use undocumented features as an anti-competitive device; suppress the
open, efficient and free nature of the scientific method by keeping the
code secret; purposefully break the code of competitors so that there are
code inoperabilities across products; prohibit friends from sharing
software with friends; coerce their users to fore-go promising competitive
technologies; use overly restrictive and exclusionary contracts against
weaker competitors; and perform other anti-social, anti-competitive and
improper acts to establish, maintain and extend their software
monopolies."
Patent, being a public accessiable document, can be turn into evidence
against MS, for which they cannot remove from public access?
well, at least.... (Score:2)
Hey, I'm trying to think positive here...
The geek responsibility (Score:2, Insightful)
{
I can't possibly know with 100% certainty what Microsoft's intentions are, but there stands a reasonable chance they are intended for their benefit and any consumer benefits are purely coincidental.
So what can we do about all of this? Pay attention and educate ourselves on this initiative and then pass on the news good or bad to the masses that aren't up to date on the geek speak. It is probably not a good idea to leave thsi job up to mass media.
It is possible for us to either make or break this technology. Look at the old Divx from Circuit City. Bad idea. It was DOA because many people (myself included) advised everyone not to buy it.
This is a controversial technology from a controversial company. This doesn't mean it is destined to be evil. It does mean it is the job of those in the know to keep those out of the loop informed.
}
Re:The geek responsibility (Score:2, Interesting)
Talking down Microsoft's initiatives is a LOT easier said than done. Seriously, if you'd like another good example, look at
Paladium could be the exact same situation.
Chris
Re:The geek responsibility (Score:4, Insightful)
There's one giant problem with it though:
The desktop OS market is being dominated by a monopoly. MS makes updates (XP and WPA are a good example) and the bulk of the consuming public doesn't know and/or care. They merely get the latest version when they buy their new PC. MS really doesn't need to market their OS's, they just slowly become dominant by default (installation).
DivX failed because DVD's were already on the market and the cost of the DVD player was dropping rapidly. People were able to evaluate this as a pure cost/benefit issue and everyone realized that the DivX duck wouldn't hunt.
There will be no such evaluation with MS's latest and greatest OS.
Questions that MS needs to answer: How will Palladium treat those home videos that everyone's starting to create. (I just bough a digital camcorder myself.) How will Palladium treat home recordings? (I have a friend who is slowly putting together his own album. What if he wanted to mail around MP3's of his songs?)
This is where we can maybe corner MS. They need to answer how the "untrusted" (really uncopyrighted or copyrighted by an individual) content is treated.
Re:The geek responsibility (Score:2)
I can't possibly know with 100% certainty what Microsoft's intentions are, but there stands a reasonable chance they are intended for their benefit and any consumer benefits are purely coincidental.
I don't know why you considered that a "karma burning philosophical schpeel", since you don't say anything remotely controversial and, if anything, you are whoring.
I suspect the reason Microsoft wants to put DRM into the OS is twofold:
a) They are very vocal anti-software piracy advocates, which makes them sympathetic to the music/film industries' own piracy problem.
b) They demonstrate to the government that closed-source software has the advantage that users can't modify it for illicit purposes.
-a
Re:The geek responsibility (Score:2)
The laws for this stuff are not even defined yet. Computers are so versitile that it is hard to put strict definitions on the books. CPU's can be virtual. Data can be programs and programs can be data. The lines are too blurry.
Paladins (Score:2, Funny)
Not neutral evil.
Re:Paladins (Score:2)
<Obscure D&D reference>Nah. Bill fell long ago.</Obscure D&D reference>
Re:Paladins (Score:2)
Re:Paladins (Score:2)
No, Palladium is clearly Lawful Evil. It is completely dedicated to order and control and doesn't care who it harms.
The Mafia is lawful evil - strict loyalty and obedience within the organization. The GPL is chaotic good - it values individual freedom and doing things for the benefit of other people.
-
Re:Paladins (Score:2)
Okay, you raise a silly comparison, but I'll bite.
The GPL is lawful good-- it enforces a limitation on the rights of the collaborators in order to benefit the end users. Those potential collaborators or users who may have different political or fiscal agendas are barred from using these published methods.
The BSD family of licenses hails far closer to chaotic good-- it supports unpredictable uses by collaborators regardless of fealty, and end users to have pretty much the same right for the licensed forks.
I'd have to say that Public Domain is the maximum extent of chaotic good. If the US Congress would heed the predictions and intent of the US Constitution, then far more works would be entered into the Public Domain, enriching and enabling the maximum number of creators, contributors, collaborators and end-users.
D&D comparison (Score:3, Interesting)
It all depends on your point of view. Microsoft view themselves as lawful good, free OS zealots as lawful evil, and napster-happy consumers as chaotic evil.
For the free OS point of view swap evil for good and vice versa.
The whole AD&D alignment system doesn't hold up in the real world; the chaotic, neutral, lawful bit is fair enough, but as for good, evil and neutral you need to have an objective, externalized viewpoint to say what is good or what is evil.
This is basically the same "Is there such a thing as objective good and objective evil ?" question you might get on a philosophy exam.
My own opinion is "no", but most people fall into the "yes" category, either because they belive in some deity, are totally stupid or c) both of the above.
To properly frame the viewpoints of MS vs free OSs you need to replace good and evil with commercial and free.
So MS is Chaotic Commercial, free OS zealots are Lawful Free. Show me a company that is Lawful Commercial and I'll show you a company that covers its tracks well...
graspee
Hat trick? (Score:5, Interesting)
And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy.
nope (Score:2)
"And what's the big deal about having "non-trusted" code loaded into RAM anyway? Actually, it's very easy to put one's own binary code into the system's memory; load it as raw data. An OOB-type exploit can pass control to that nearly as easily as it can execute a program that's been loaded but not yet determined to be trustworthy."
Re:nope (Score:2)
I think perhaps, in current NT kernels, you can't execute code out of the data segment.
And you can't modify the text segment.
So maybe one loader reads it into data, checks it out, then permits actual execution.
Under Dos & Win9x, this would be trivial.. I think under NT it's going to be harder.
Re:nope (Score:2)
Or you could write the date of creation into the first few bits of every disk block, and follow it with a 40 bit sig based on that time. And then use a checksum withing that. The hardware could strip off the envelope on the way in, and only the internals would ever hit ram. For more security, use a longer key, but even with a one bit key it's illegal for anyone else to break it, so only MS, and those they license, would be allowed to sell software.
What security is depends on what your goals are.
The other things that you do are camoflage to fool people into thinking (or being able to pretend) that your goals are what you claim they are, rather than what they actually are. The real purpose of Palladium appears to be to force everyone to license the right to operate from MS.
Re:Hat trick? (Score:2)
Especially if it has to go online to get an OK on the signatures from MS.
Think of this happening on your Web server or dedicated financial services database machine. That's why I've been warning people including a recent article I did for VAR Business. It isn't just about civil rights, it's about spending more for a computer and getting less performance out of it.
The Palladium Machine (Score:3, Insightful)
By the way, this won't be anything new. It's only the continuation of a longer trend: Taking the user further and further away from the hardware. On Windows 95, you weren't able any more to write programs that controlled the hardware directly. You had to use Microsoft's API.
Now, you will have to use Microsoft's API for everything that happens on the computer. So:
API Empire fight (Score:2)
The user will be even further away from the hardware Microsoft will control even more layers between the user and the hardware and become even more powerful. *)
MS witnessed Sun's Java trying to do the same thing, and so is now trying to out-Java them with
activex revisisted (Score:4, Interesting)
Palladium is just ActiveX revisited. Security is confusing because it covers two entirely different problems: 1) protecting the machine from rogue users, 2) protecting the machine from rogue software.
The second point bifurcates into two opposing camps: 1) most rogue software comes from unemployed college dropouts, 2) most rogue software comes from Fortune 500 companies.
Palladium is the approach of keeping the foxes away from the chickens by building a coop for the foxes.
Palladium / TCPA FAQ (Score:4, Informative)
C'mon, Judge Kollar-Kotelly, make me proud. :)
TCPA / Palladium Frequently Asked Questions (Score:5, Interesting)
First, this guy thinks a lot of himself: FUD Notice the bold FUD. Oh my, that sounds horrible. We could have a market finally for digital releases, one where I get my media, and the seller gets his money. Sounds fair. Keeps me from making 10 copies of this new movie and giving them to my friends. And thus more speculation and FUD. OK, so now the open-source movement is AGAINST encryption/privacy? Does this mean PGP is bad now too? This sounds like technology I always assume US military intelligence organizations already use. I don't want a whistle-blower leaking confidential battlefield plans (we've seen it happen a lot in the last year). As for corporations, if a whistle-blower can't print, email, fax, save to disk some document, they'll find some other way to blow the whistle. This is a stupid argument as for why Palladium as a whole is bad. I'm sure the FBI would love it if the Mafia started using DRM certs on their data. It'd be much easier to ask a judge for the rights to sieze and open documents certified by this certificate, then say to ad-hoc monitor possibly private data in an attempt to get to Mafia data.
Note, it will never happen. Criminal elements will stay away from technology like DRM and pallidum. Elmer FUD would be proud. I went and pulled the membership on the EUROSMART list, and I see a lot of overlap with TPCA. I guess they don't hate it that much. First, that's not censorship, that's search (and possibly seizure) and it's pure FUD to presume the government will push a button and search you hard-drives and then drag you down to the police station, for your dirty little picture. However, even if they did... this picture would have to be signed somehow, and under DRM protection. Not sure why a child pr0n peddler would take the time to DRM his pictures. And if you want to view that sick stuff, turn off the DRM system before you do it. Yes, it does have an off switch. While off, you can't use the apps in DRM mode, meaning you can't open DRM certified media. Oh my god. It's at this point I have to stop reading this horrible FUD..er FAQ. Disable DRM, and the DRM enabled functionality in DRM enabled apps will cease to work, the apps will continue to work. Sure, you can't open your ULTRA-7 security level report, that the NSA sent to you, but theres good reason for that. Turn back on the trust management, and then open that report. And what's with saying it's like switching from Windows to Linux? First, what the fook is wrong with linux bitch? and second, that makes no sense!
I honestly went to this FAQ to try and see both sides of the Palladium debate. But this FAQ is a borderline paranoia conspiracy rant. It hurts the anti-palladium side more than helps. Stick to the facts, dissect it like a Vulcan would. Show me logical arguments, and keep your emotion and fear out of it.
-malakai
Rebuttals of some of those points (Score:5, Insightful)
He's entitled to. He's an established expert with credentials in the industry, and it's quite possible that his understanding and information on this subject is ahead of most people's, including the MS guy posting on this thread.
It's nothing of the sort; it's a very real issue. If you provide a means to lock people out of data -- which is essentially all DRM is -- and then appoint MS as the effective custodian of that data, what is to stop them abusing the technology to stop you loading a document you created in MS Word with, say, a translator for OpenOffice? As those crying "FUD" are shouting so loudly here, there is precious little solid information available and even fewer guarantees, and MS has a demonstrated history of abusing any power it gets through its dominant position in the market. A little caution is more than justified here. It's only paranoia if they're not all out to get you.
It's also a market where critics could potentially be stopped from using controlled material in a legitimate way. Worse, that potential is controlled by whoever owns the DRM controls -- MS in our current scenario -- and not by a suitable legal system. This is not in the interests of the common consumer of these products.
This is a bad caveat, because I doubt anyone here would have any sympathy if a child pornographer got screwed to hell; the ability to do this in such cases is a definite plus point of the proposed approach. The problem is that the same technology could be used to prevent the distribution of, for example, information certifying that Microsoft's accounting practices are highly dubious (such as is currently freely available on the web), and once again, the control is in the hands of the DRM guys, not the duly appointed government.
There are far fewer applications currently available for Linux, and hence you are limited in what you can do with it. If you can't see the parallels to the DRM scenario, and the problems potentially created, I'm afraid you really aren't looking very hard.
Highlights of the TCPA FAQ (Score:2)
Considering that no details have been released about Palladium besides the fact that there is a burgeoning project at Microsoft that will use that as a codename I can't see how anyone can explain Palladium when no one (not even average Microsoft employees like myself) know what the details are. I read it and seemed to simply care about one thing and that was spreading FUD [clueless.com]. In fact let's dissect this logical explanation Looks like someone has no idea what it does for sure but tells us what it obviously must do. There is a saying about assumption which fits right in here. Again, instead of concrete details we get speculation and assumptions. Maybe that's because there are no details so all one can do is leap to conclusions? This section is disgustingly similar to the "encryption is bad because terrorists can use it" argument. I guess its OK for such a narrow minded and ignorant viewpoint which has been derided several times to be espoused if one is bashing Microsoft (sorry I meant M$).
I could go on reading the FAQ but it devolves into paranoid conspiracy theories from that point on.
Uhmm, sorry! Lot's of prior art here ;-) (Score:5, Insightful)
Hmmm. Seems to me that this 'art' has been around since the beginning of Unix. Hell, Microsoft has been providing a form of this 'art' with NT and 2000 for quite sometime. It's called permissions! And what would you call the recent advent of the NSA's Secure Linux? Administrators have been 'refusing to load the untrusted program into memory' for quite sometime to protect data... The only thing different about this scheme is Microsoft will be instituting a system where the company itself is root/administrator and the previous system admins are relegated to subordinate positions.
"The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data."
Ahh, this has also has seemingly been done since time began
Cheers!
Re:Uhmm, sorry! Lot's of prior art here ;-) (Score:2, Funny)
Re:Uhmm, sorry! Lot's of prior art here ;-) (Score:2, Insightful)
"The computerized method of claim 1, wherein protecting the rights-managed data comprises: refusing to load the untrusted program into memory."
The computerized method of claim 1, further comprising: restricting a user to a subset of available functions for manipulating the rights-managed data
The key terms here are "rights-managed data". AFAIK no OS out there has built in protection for rights managed dataRe:Uhmm, sorry! Lot's of prior art here ;-) (Score:2)
Fact is most of these "obvious" patents usually end up holding up. Do you really think with the Army of legal geniuses MS employs that they didn't think of what you just said? MS for the most part doesn't enter battles they will outright lose so easily.
So make fun of the patent if you want to, but if DRM OS's in fact do become the wave of the future, its endgame already for both your rights and OpenSource OS's as well.
"Chicken Little ain't got nothing on me"
Re:Uhmm, sorry! Lot's of prior art here ;-) (Score:2)
That's why some people call the US a plutocracy. Because the judicial system is more strongly tilted in favor of those with more cash than in several other countries. (But they generally have their own favored groups. So select the evil that you choose wisely.)
Palladium is least important thing in article (Score:2)
This ought to be a condition of public funding for public media. Anyone pushing DRM is probably up to no good, but DRM or no, a commons of high-quality independent media is an essential pillar of a free society and we ought to be demanding it.
-jhp
1 0wN my computer (Score:2)
Microsoft does not own my hard-drive.
I will put on it whatever I want to put on it. Understand?
Re:1 0wN my computer (Score:3, Insightful)
Actually it would be a good thing in the long run. (Score:4, Insightful)
Is this going to be the new whipping boy? (Score:5, Interesting)
http://yro.slashdot.org/article.pl?sid=02/06/23
http://slashdot.org/article.pl?sid=02/06/27/125
http://slashdot.org/article.pl?sid=02/07/02/161
http://yro.slashdot.org/article.pl?sid=02/07/04
and now this one... shouldnt the paranoia level be turned down a notch till we have something a little more concrete?
Re:Is this going to be the new whipping boy? (Score:2)
Witness MS's practice of sneaking things into routine software upgrades.
In any event a patent should be as concrete as you need, because it should enable one to practice the invention.
Re:Is this going to be the new whipping boy? (Score:3, Insightful)
Re:Is this going to be the new whipping boy? (Score:2)
You folks don't no sh*t about patent law (Score:2, Informative)
So while all you dorks think the scope of the invention is very broad, it's really very narrow because it further limts claim 1. The real issue is this: did claim 1 meet the requirements of patentability. For those that don't know there are two requirements - 1) is it novel and 2) is it not obvious to one of ordinary skill in the art. To show that it fails to meet requirement 1 you have to show that the invention was published or displayed in public one year prior to the filing of the patent applications. It's very difficult to prove that it doesn't meet the second requirement because what is "obivous to one of ordinary skill in the art" can be subjective. What's obvious to programmer without a degree may not be obvious to one with a Ph.D. or visa versa.
Re:You folks don't no sh*t about patent law (Score:2)
care to elaborate on this, perhaps provide a link?
One year is an awfully long time to allow someone to file a patent on something they found already published by another.
Re:You folks don't no sh*t about patent law (Score:2)
So it is not really as simple as the inittial poster put it.
Re:You folks don't no sh*t about patent law (Score:2)
If someone else creates 'art' that uses a new invention, and this art is disclosed (such as publication of a paper, posting to Usenet even...), then only that someone can attempt to patent that invention from that day forward. And, only within the first year.
I disagree on obviousness (Score:2)
And the person applying for the patent should initially prove that his invention is non obvious.
The non-obviousness requirement has been reduced in importance lately but it is really key for having a sensible patent system.
DRM and DAT (Score:4, Insightful)
The problem here is the same as it's alway been. Fair use is largely the intent of the person making the copy. Until technology can read minds (fate forfend!) there won't be a DRM that won't abridge fair use in some way. As long as DRM abriges fair use, popular adoption of DRM technology won't happen willingly. This is an attempt to ram it down on an unwilling consumer population.
That said, the backlash that might build will depend largely on how intrusive Joe Six-Pack is going to find this new DRM technology. The second J.S.P. gets pissed off about it is the second elected officials are going to feel the heat. When they feel the heat, no amount of payola from ??AA is going to save it. MS is walking a fine line between control of content and pissing off J.S.P.
Until Joe Six Pack starts screaming not much is going to change. Unfortunatly, this might be after the Fritz chip is in most consumer electronics, and it will be too late to do much about it.
Don't forget that J.S.P. doesn't give a fart in the wind for the best technology. If he did, we'd have Betamax insted of V.H.S. We'd still have a Tucker auto, and not (fill in your most hated car). Zip and Jazz drives would be moldering in the dump, and we'd be using optical disks.
Is this new technology from MS a Open Source Killer? That's going to depend on someone making MoBo's available without the Fritz chip. Sure, those systems won't be able to run XP, but there are an awful lot of people out there running systems that don't run MS products. I can't quite see (at this point, maybe in the future?) a MoBo that flat won't allow a non-DRM OS to run, just that it won't run in the "Fritz here, you can control this system" mode.
That being the case, then I don't see Plaidium being quite the Open Source killer it is being painted. Not to say that it won't hurt Open Source, but it may not kill it. That's for the next evoloution of DRM. Which might be why MS is sending a sacrifice to Linux Expo. Calm down the Open Source zelots enough to get Fritz installed, don't use all of it's control capibillities until you reach market saturation, THEN whack those commie programmers when it's too late for them to save themselves. GAMEOVER.
Re:HAHAHA (Score:3, Interesting)
Be very afraid.
Re:HAHAHA (Score:3, Interesting)
Nope.
Unfortunately Microsoft has a plausible route to getting Palladium out there. "Palladium Enhanced" computers will be able to do everything non-Palladium computers can do, plus they will be able to view DRM movies, DRM music, and whatever else. The content industries will jump on board. The only reason not to get a computer with Palladium in it would be extra cost, but Microsoft could subsidize that cost down to zero if they want.
Microsoft programs will start including extra options that only work if Palladium is present. Once Palladium is on a certain percentage of computers Microsoft can start requiring Palladium for basic functionality. They could even start requiring Palladium for all patches and installs. It's "for your own protection", Palladium will ensure the patch is legitimate and not a virus/trojan. They just won't offer bug fixes / security patches for non-Palladium. Once Palladium is in a certain percentage of computers they can start making people suffer if they don't have it.
Cracking the system is going to require cracking the hardware. It's not going to be easy, but someone WILL do it before Palladium hits that critical percentage of desktops.
-
Re:HAHAHA (Score:3, Insightful)
This is essentially what the Circuit City / DIVX people tried. They wanted to create a deviant standard for DVD movies that required special hardware and pay-per-view accounting of titles. For awhile, there was talk that some movie studios would only be releasing on DIVX, supposedly because it was more secure and profitable. But it failed miserably. Why? Because #1. Millions of people already had "standard" DVD players. and #2. There was a rather large popular campaign to stop / boycott the DIVX standard. Several people along the way asked me what was the difference and why they shouldn't just buy a DIVX-capable DVD player in case the standard caught on. I then explained why DIVX was harmful for the consumer and reminded them that if they didn't want this garbage, they should not vote with it with their dollars. And none of them did. We can do the same thing with Palladium: start a popular campaign to boycott it before it's even on the shelves. It's just a matter of spreading the word. Tell people that M$ wants to take away control of their computers and make it illegal to run anything but Windows on all new computer hardware. Tell them how much DRM is a bad idea. Tell them that the answer to viruses and computer security is secure software to begin with, not this pathetic attempt to plug up the holes in their flaky software.
Re:Never gunna happen (Score:4, Interesting)
new computer they are thinking of purchasing has less features than
their current one."
It might just be possible that Microsoft, Intel and AMD have already thought of that. It might just be that they will market it as a new feature. Indeed, in the original NYTimes Steven Levy piece it was interesting to see Gates saying (words to the effect of) "we started thinking about this technology in connection with music and video, but then we realised we could position it as a general purpose security feature." Apart from killing one of the last remaining sectors where ISVs still make money writing for the Windows environment (a/v, security, personal firewalls and so forth), you can bet that they'll be trumpeting Palladium as the pay-off from the much hyped "trustworthy computing" hype. Come to think of it, that abuse of the word "trust" - a term with a specific meaning in info-sec, crypto and other areas - as a marketing term is classic Microsoft double-speak. Or do I mean newspeak? "Palladium is watching YOU!"
Oh, and what's in it for Microsoft? Control. The same thing they've always been about. It's the same reason the MPAA are attempting to suppress deCSS: nothing to do with copy protection, everything to do with control of the distribution channel.
Why bother telling them? (Score:2, Insightful)
I'd love nothing better than to see the geek revolution stop this shit from making it into the hardware, but lots of luck. EULAs are every bit as bad in the legal sense but if there was an overwhelming hue and cry from the masses that convinced the software companies to quit screwing us with them, I must have slept through it. This site will pump the hardware to our crowd as happily as it did Warcraft III; nevermind the fact that they just informed us about how the publisher wants to give the open source community a good legal rogering; and the Slashdot crowd will swallow every bit like a double frappichino. Oh, they'll be bitching about the evil corporate overlords all the way through the checkout line, but we all know what's gonna be in the shopping cart anyway.
If we don't see (or grudgingly tolerate) the problem, what chance does Joe Sixpack have?
Re:Never gunna happen (Score:3)
I refer the honorable poster to the most accurate comment on this view currently available [dilbert.com].
Re:Never gunna happen (Score:3, Interesting)
Perhaps it won't happen. Perhaps the idea is just yet another diabolical plan for world domination that popped into William H. Gates III's twisted imagination. But we must not be complacent unless we want to live in a world where Free Software is a crime.
We need to think about Palladium like we think about asteroids colliding with earth. The risk is small (maybe even tiny) but the possible consequences are catastrophic. Our actions should be made accordingly.
Of course Palladium won't mean the end of the world. But it will mean that Microsoft will finally become completely entrenched into global civilisation, a scourge which will be impossible to remove. It will make it only a matter of degrees for Free Software to be outlawed. And it will tether our technological society to outdated ideas from the 19th century.
At a time like this nothing is more dangerous than complacency.
Re:new rule.. (Score:3, Offtopic)
It's their site. They can post what they want. They're not here to keep your sheletered little MS-good, choice-bad worldview intact.
Or maybe for every 3 news stories saying that Al-Queda are up to no good, the news channels should cover the positive work for farmland renewal that Al-Queda are doing?
Oh, they're not? - See how absurd you are being?
Re:new rule.. (Score:2, Insightful)
Re:new rule.. (Score:3, Insightful)
A) Find something good to say about them and post it to the front page WITHOUT SARCASM
B) Post an anti-linux, anti-free software article."
Why?
Slashdot dosen't PRETEND to be an unbiased news source, they put their Bias right up front where everyone is aware of it and can take that into account when reading it.
If you want a news source that pretend to be unbiased while spewing out drivel that is little more than a rehash of Microsoft's latest PR release I suggest that you try ZDnet for your "news".
Re:Thats not a truck (Score:3, Interesting)
http://www.riva3d.com/dvi.html
I fuund this gem regarding DVI
With capabilities for copy protection, bidirectional communication, and selective refresh, DVI is projected to have a minimum life of 10 years.
at http://www.intel.com/update/archive/issue22/stori
Somehow I see new content being released only to "trusted" hardware that are quite hack and copy resistant. Even the link to the monitor and speakers will be encrypted. A copy played back will lack the proper response to a random challange and the playback device will not unencrypt and play a recorded copy on untrusted hardware because it will not handshake.
Re:Thats not a truck (Score:2)
This will of course prevent people from making "perfect" digital copies. But making a slightly imperfect analog copy, then reproducing it digitally ad infinitum, is entirely doable. 'Course the next step is to place controls on all analog-to-digital converters. I'd love to see them bell THAT cat.
Re:Thats not a truck (Score:2)
Of course, it would only take one person with modified display and sound hardware to create non-masked versions of DRM-protected material; once those copies were made, they could spread like wildfire.
Then all that might remain a challenge would be digital watermarks. The practicality of a watermarking system that isn't bypassable but can still automatically prevent material from being played is problematic. A watermark that only shows the origin of the material and wasn't designed for automatic discovery would be another matter, though.
So when you buy that video, intending to pirate it with your special ripping hardware, make sure you use a stolen credit card number and a spoofed IP.
Re:sign yourself (Score:2)
Re:sign yourself (Score:2, Interesting)
How difficult would it be to set up a free CA for Open Source Software, or software released under other licenes, such as X or BSD?
IMHO, code signing in itself is not such a bad idea. What is bad is who you have to pay money to in order to get "trusted" status. A Free CA would allow free software to remain free and gain "trusted" privileges.
Re:Palladium's Downfall (Score:3, Insightful)
This isn't funny.
This is absolutely right. The web wouldn't exist -- as it curently exists, anyway -- without the pioneering efforts of pornography sites. Love 'em or hate 'em, pr0n sites made the web what it is, and stretched technology in support of pr0n: pop-up ads, pop-under ads, javascript abuses, spamming techniques, etc. What's important here is that all these techniques have been taken up by so-called "legitimate" web sites as well.
Pr0n sells, and so does piracy: Napster, Kazaa, etc. Joe User will unsuspectingly download 1-900 number dialers to see his pr0n, will unwittingly load all sorts of spyware along with his Kazaa.
It may be that the easiest and most effective way to fight DRM will be to present the user with a free killer app tat won't work so long as DRM is enabled. Odds are, that app will provide either dirty pictures or free mp3s.
How they force it upon everyone (Score:2)
In other words anyone NOT using a PC with a "serial number embedded in it" will effectively be locked out of the internet.
And the worst part of it is that the average family will be grateful because such a move would be positioned as protecting their kids from porn and other pop-up meyhem.
Re:Call me ignorant if you like... (Score:2)
Re:Coercion. (Score:2)
Re:Coercion. (Score:2)
Re:Coercion. (Score:2)
Yeah, gnumeric is great for keeping track of those vaccination and neutering appointments...
graspee
Re:Coercion. (Score:2)
Re:Coercion. (Score:2)