The Power of Palladium 401
phriedom writes "Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software. My favorite part though is on page two, where the Microsoft apologist says that ones view of Palladium 'depends on what you believe Microsoft's long-term aims are. If you believe it's to stimulate commerce and stimulate security, it's a step in the right direction ...and if you're perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers, you might have a different view of the same architecture.'" Wired also has a story claiming under-the-hood exposure to Palladium, although it doesn't seem to have much information that hasn't come out already.
Update by J : Steven Levy's Palladium story, which we linked to in an
earlier article,
has allegedly been
pulled from MSNBC's website.
Anyone know if there's a simple explanation of this?
yup (Score:5, Insightful)
Yes, I believe that was the verdict.
Re:yup (Score:2)
"Biddle also denied widespread speculation that Palladium will involve changes to the existing TCP/IP protocol of the Internet, and would be used to disable or lock out other vendor's software, saying, "What IT manager in his right mind -- what Microsoft in its right mind would roll that out?".
Re: (Score:2)
Re:yup (Score:3, Insightful)
One is competing, the other is doing a Tonya Harding and smacking the competition on the knee just before the big game.
Microsoft has never competed in the boundaries of the market. It's never tried to bring a better product to market, or make a product cheaper. It's often dumped a product at well below cost, but only as a way of putting a competitor out of business.
Microsoft has done nothing for the market that other competitors wouldn't have, and hasn't begun to approach the benefit to the consumer of Compaq who reverse engineered IBM's PC, making the hardware a commodity.
It's interesting, people (mistakenly) applaud MS for making computers a commodity, but then also applaud their efforts to bring in proprietary protocols and system designed to remove the commodity nature. They should make up their minds on commodity parts being a good thing, and then research it a bit and see how MS has always been moving away from any sort of multi-company standard.
Hrmmm. (Score:2)
Palladium's Power: total corporate domination (Score:5, Funny)
You're arguing with your wife again. It seems she's missed her spending quota again this quarter. A proud patriot, you have no problem spending 85% and sometimes 90% of your income on consumer goods, yet she can't manage to spend even close to the 75% required by law. It's that foreign mentality, you suppose--that's what happens when you are educated overseas and without the benefit of a corporate sponsor. You have to remind her that if the Internal Consumer's Service (ICS) catches her, she'll be doing time in Philip Morris(TM) Prison like her uncle.
Oh well, hopefully a night at the town's AOL-Time-Warner-Clear-Channel-Blockbuster(TM) Authorized Media Distribution Center will smooth things over with her. That reminds you--you need to have your eye- and ear-implants inspected for this quarter again, otherwise you won't even be allowed in tonight.
You haven't attended church services for a while. Although your wife is a devout follower of God's Customers(TM) and shops in the Church Store at LEAST five tiems a quarter, you're not yet convinced that converting from Consumers For Jesus(TM) was that sound an investment.
Your son Rick has just graduated from the local McDonalds(TM) High School. You want him to go to Pepsi(TM) University like his sister, but he wants to go to Coke(TM) College. Not that it matters--the permits you get at either school are the same. Although he really wanted to attend Stanford(TM), his corporate sponsors rejected that proposal, based on what it might do to his credit rating.
Your youngest daughter just graduated Pepsi(TM) U. It was expensive, but she is all set now, having received a Creative Thought Permit and a Entrepreneurship License. On top of that she's accepted a job at Fortune 10 corporation. Of course almost everyone works for a Fortune 10 nowadays, there being only thirty-some corporations left. It's too bad she had to sign all those NDA's though--you'd really like to be allowed to know where she would be living and how to get in touch with her. Ahh well, it's the price you pay for our corporate security.
Your older daughter, after twenty quarters of employment, was finally permitted to tell you that she is working in middle-management at AT&T. Of course, every job in the United Corporations of America is middle-management. The cheaper--skilled--labor is all outsourced to Those Other Countries, whatever they are called. In ten more quarters, assuming her credit rating remains good and she has attained Shareholder status, she'll be allowed to talk face-to-face (no encrypted channel) with us again!
Apparently, her five year old daughter has been grounded again, this time for racking up a $6000 fine--singing "Happy Birthday(TM)" at a party without a Media Distribution License. She really needs to be taught a lesson--that as a patriotic Consumer of the UCA, she needs to respect the rights of Shareholders and property owners. What a dangerous thoughts she has! She thinks she should be allowed to say whatever she pleases, no matter what it does to someone else's portfolio! No one can get it through to her that terrorist ideas like that will land her in one of those "special" schools--and she'd be subjected to a lower quarterly limit on all her credit cards.
Fax from your wife--she'll be late tonight. Corporate HQ has re-instated fourteen-hour work days until the end of this quarter. It's too bad she's not allowed to quit her job--you could get her a pretty sweet management position any time in your department at Microsoft.
This document is hereby released to the public domain. You may (and are encouraged to) reproduce, republish, read, modify, and/or archive it without limitation.
Re:Palladium's Power: total corporate domination (Score:3, Interesting)
Actually, the future Accord MT envisions here isn't that far off. See this article from the Washington City Paper (the D.C. futons and kinky personals paper):
http://www.washingtoncitypaper.com/archives/coverRe:Palladium's Power: total corporate domination (Score:5, Insightful)
Media corporations and advertisers are accusing TV viewers of theft if you skip commercials with a PVR, or by going to get a snack or going to the bathroom.
Likewise, media corporations are claiming that if they make $X billion in a year rather than $X*2 billion in a year, they are being threatened by theft (piracy), rather than blaming it on their lack of ability to make anything remotely entertaining.
Disney essentially paid Senator Hollings to write a bill that would require you to have "policeware" features in your computer, TV, stereo, etc. They also apparently made some anti-MP3 propaganda where a rap star's paycheck is reduced to $3 a month because of Napster.
President Bush encourages people to go out and spend their cash rather than save it, despite the fact that many people are having a hard enough time paying off their executive-greed-inflated bills.
Re: (Score:2)
that makes 6 stories about Palladium (Score:4, Insightful)
Microsoft: Palladium not just for Windows (Score:5, Informative)
Ha ha (Score:5, Interesting)
But they clearly couldn't allow open source operating systems. So who does that leave? There are no other x86 operating systems to speak of except the open source ones, unless Palm for some reason decides to do a BeOS revival. Maybe MS will release a doctored version of freebsd with all the crucial kernel bits closed-source just to prove look, we're leteting competitors in? And what would be the point of offering Palladium tech licensing to other operating systems, when you couldn't run Palladium software anyway (because the Palladium software is win32??)
*Could* they allow open-source operating systems? How could Palladium chip manage to function when the operating system has been altered specifically to allow you to run things without consulting the Palladium chip? Does the Palladium chip refuse to let the machine boot unless the operating system itself has been signed? How does it read the disk to see if the operating system is signed without letting the operating system partially boot first? Please explain.
Yeah, yeah, DMCA, whatever. There's a limit to what the DMCA can do before it gets hauled into court and struck down. The general public can't understand all this gunk about linux and kernel drivers, but they WILL understand "This law makes it illegal to distribute this 40k file containing a long set of instructions in english, because this other program can convert that set of instructions into a patch for windows that will let you back up files for Palladium-enabled programs in windows." Very few people actually need or want to run DeCSS. If palladium succeeds, lots of people will want to circumvent it.
Is anything above wrong? There ARE reasons to circumvent palladium, right? I think MS's greatest triumph in any case is when they can make it so everyone is talking about their new technology but no one is sure what it is, and that's the case now. Is it or is it not true that Palladium would allow you to create an application that WOULD NOT run unless Palladium were enabled and in control of the operating system? Is it or is it not true that Palladium would create hard disk sectors and third-party peripherals that couldn't be accessed unless Palladium were enabled and in control of the operating system? These news articles are all so vague. Enlighten me.
Re:Macintosh (Score:2)
It isn't just Mac users -- precious few consumers like the idea of DRM. It's just that MS may be able to tell everyone that they're darn well going to use it anyway.
Palladium explained. (Score:3, Interesting)
Palladium is build on "trust". Not your trust in something, but Microsoft's (and other company's) trust in what the computer/software WILL NOT LET YOU DO.
The first layer of trust is trusting the hardware. The hardware then checks if it can trust the operating system by making sure it is cryptographicly signed. The hardware/operating system then check if they can trust a program by checking that it is also crypographicly signed. Without a valid cryptographic signature the Palladium hardware shuts down and cripples the system.
A quote from the article you linked to "The main consideration for Microsoft, said Juarez, will be integrity (of the Palladium software)". The integrity of the software lies completely in controlling what software gets signed. "That is where we will make our stand. We will not sacrifice integrity of the Palladium platform" - that flat out means that Microsoft WILL NOT give up control over what does and does not get signed. At MOST they will assign that control to a carefully constructed puppet organization.
Some code for non-windows systems will be signed - but only when it suits MS to do so. Sure, MS will create formal "fair" rules where "anyone" can get their code signed because they can't afford to be blatant dictators. You'll still have to be a major corporation and agree to play by Microsoft's rules to get your code signed.
The system will be broken in one of the following ways.
(A) the crypographic keys will be leaked/stolen (unlikely)
(B) a bug in the system (MS is known for its bugs, but I think this unlikely also, they will be VERY carefull)
(C) someone tricks MS into signing code with a backdoor/trojan (difficult and the certifacation process to get signed will be quite costly)
or
(D) in my oppinion the most likely place Palladium will be broken is at the first layer of trust - the trust they place in the hardware.
The chips circuitry can be scanned and analized. The hardware can be hacked to change data/code on the fly. The hardware can be simulated in software. These things are not easy, but they can be done. Therefore they WILL be done.
-
Welcome to Capitalism! (Score:2, Interesting)
So, lemmie get this straight. MS sees Linux/Open Source Software as a competitor. MS competes with said competitor in order to win more capital.
What's the problem here? This is basic economics 101. You can't complain about it. Remember that Open Source software is very adaptive. There will always be a way for both MS and Open Source to talk to one another. MS will always try to stop open source, cause they see it as a viable competitor. Open Source will survive, regarless. There's no point in whining, nor is there a point to bash MS. Its legal, and its common business sense.
Re:Don't forget the DMCA (Score:2, Interesting)
unless M$ gives their approval, what do you think the DMCA is for?
Re:Don't forget the DMCA (Score:2)
unless M$ gives their approval, what do you think the DMCA is for?
Who are they going to charge with breaking the DMCA? All the hotshot OpenSource developers, like Alan Cox for example, live and work abroad and refuse to enter the US.
Re:Don't forget the DMCA (Score:2)
Re:Welcome to Capitalism! (Score:4, Insightful)
Just like Ford authorizing or forbidding use of the specific replacement tires for their vehicles, except this would be like Ford turning off your car if you have not used authorized tires.
Re:Welcome to Capitalism! (Score:5, Insightful)
Oh, wait. They were. So perhaps it's not unreasonable to be suspicious of their motives.
Re:Welcome to Capitalism! (Score:2)
And therein lies the key
Are they creating artifical barriers, or are they legitimate barriers.
Re:Welcome to Capitalism! (Score:2)
they are artificial barriers, by definition. without this technology, anyone could run any binaries, with this technology, there is a barrier to running code.
Re:Welcome to Capitalism! (Score:2)
The whole point... (Score:5, Interesting)
Anytime you focus that much control through one agency, you're asking for trouble. Funneling it through a for-profit company is double the risk.
Re:The whole point... (Score:2, Informative)
Re:The whole point... (Score:2)
Microsoft Customer Service (Score:5, Insightful)
Is there some other Microsoft out there? The one we all know and love is well known for kicking its customers in the teeth.
This guy obviously has not done any research into Microsoft's history.
Re:Microsoft Customer Service (Score:2)
Details on Palladium from EFF's Seth Schoen... (Score:5, Informative)
His notes are more technical in nature and he doesn't make much in the way idle speculation, so they tend to disagree with much of the reporting that's shown up on slashdot.
Re:Details on Palladium from EFF's Seth Schoen... (Score:4, Informative)
Re:Details on Palladium from EFF's Seth Schoen... (Score:4, Interesting)
Worse: Microsoft's SMB subsystem could stop accepting data from non-DRM-friendly servers or clients at any time. When that happens, since Samba cannot do the DRM without violating the patent, everyone running Samba loses.
It's not so much that Pd v1.0 will hose Open Source. I give MS credit for being much smarter than that. I think it will be an early service pack that addresses "security concerns" that starts to cause small problems for "non-trusted" systems and software. Then, a new "high security" IIS release will start to bounce non-IE browsers (or at least that's MS' counter-threat to AOL who is currently threatening to take a huge chunk of the browser market away by releasing a Netscape-based AOL).
This will be the tool that the marketing types use in the next round of platform wars. They would be stupid not to use it. It is incumbent on us to find a way to stop that before it becomes an option.
Re:Details on Palladium from EFF's Seth Schoen... (Score:2, Insightful)
Re:Details on Palladium from EFF's Seth Schoen... (Score:2)
In short, it was time to get one's undies in a bind when "Palladium" was first uttered.
Re:Details on Palladium from EFF's Seth Schoen... (Score:2)
That may be true ... for now. But think about it. After Palladium
enabled hardware has been around a few years, almost everyone will be running
Palladium-enabled operating systems (and mostly Microsoft ones, at that).
And at that point, they'll manage to push through legislation (or whatever
the equivalent will be for the situation -- a rule by whatever agency has
controlling authority over the spec, for instance) requiring any new
Palladium hardware to refuse to boot something without a valid signature.
And the vast majority of people won't even notice, because almost all of them will be running signed OSes anyway.
Microsoft has billions in the bank. They can afford to be patient. And so can the large media conglomerates.
Re:Details on Palladium from EFF's Seth Schoen... (Score:2)
There is a difference between disagreeing with someone and responding as such... and moderating as flame or troll.
What I have noticed is that posts frequently are moderated as troll or flame because they are accurate, and that just bugs the hell out of certain people. It's sort of a Ostrich syndrome.
XBox/Windows (Score:5, Insightful)
This is the ultimate in hubris. They are in the penalty phase of a federal decision that seeks to punish them for doing the exact same thing with their restrictive licensing. Now they want to have even more restrictive licensing enforced by software and hardware that makes certain nothing unauthorized by them runs on windows.
Or Maybe they are just shooting the moon on this one, so their other business practices look nice in comparison. Either way this stinks.
Re:XBox/Windows (Score:2)
US law may enforce copyright restrictions against reverse engineering, somehow.
Do we then see a Canadian or Mexican black market for tools to circumvent it?
Does the likely anti-trust violation that such a system would represent turn us all into scofflaws, observing the rules about as rigorously as
we observe speed limits?
Are the Gnomes of Redmond laughing themselves silly at the crap-storm they've caused in the media via their play-action-fake?
FWIW, I have nothing but good things to say about MS's customer service, and online help resources.
Hopefully, the market will break all tradition and vote against fascist business practices via wallet.
Anyone who argues that no alternatives to MS exist, or that nothing can be done to prevent assimilation deserves it.
commerce?!? (Score:4, Insightful)
When was the last time MSFT ever wanted to stimulate commerce, except in the purchase of its own products and products that allow people to purchase its own products?
Customers not caring? Ha. (Score:5, Interesting)
When Intel came out with the uniquely identifiable number in the Pentium III, of course customers didn't care, right? When I do have to run windows, and need to install drivers, things that aren't signed are generally the things that I need to use! Why in the world would I want any sort of chip that could possibly restrict this sort of thing. This could even be expanded to be "you can't run this code on your machine unless redmond has signed it"
Re:Customers not caring? Ha. (Score:2)
Palladium will cost everyone money. The only winners are the corporations who will sell you new products. Need a new "Palladium" PC? Dell/gateway gladly will sell you a new pc. AMD and INTEL already WANTS to make these "Palladium" parts. RIAA and Hollywood will love to have "Fair Use" thrown out the window, and make you use their software for multimedia. You cant play a DRM Audio or Video DVD without their DRM software on your "Palladium" enabled PC. And for your home it will only work on "Fritz" chipped players. (Throw away that old DVD player, Circuit City is waiting for you with new models now!)
With all those corporations are loving the idea of all the new revenues on new DRM/Palladium technology, they will jump on the "Palladium" bandwagon. Screw the consumers.
Good ploy... (Score:5, Interesting)
While absolutely anyone will be able to program code for the Palladium system. Since anyone can have a licence. (I believe Microsoft would let this get by). Only the open source people wouldn't be able to handle the new licence everytime. Thus Microsoft maintains control in two ways.
1. The only main threat to MS's OS monopoly right now is Linux (and maybe a tad bit of Apple, which they own a seat on the board for.) This isn't a huge threat, but if it takes off, Windows loses it's viability. Then MS is screwed. With Palladium, only MS OSes(and MS supported OSes) will be able to handle the Palladium hardware, and the only competition that could potentially cause problems is blocked because it's unreal for it to be signed every single time.
2. If MS decides to spread their wings some more. They will have the ability to put loopholes into Palladium to make it harder for competitors to code. They have done this before with Windows, making changes that purposely are damaging to competitor software (I know, I have had to program around those changes.) I wouldn't be surprised if they used this to accomplish the same thing.
No matter what though, it does show an evil injenuity that I haven't seen from MS since the days of OS/2, and even all the way back to MS/DOS. I guess OS is having the effect of forcing these companies to compete. Since people have realized the software they pay for is as good as software people give away for free.
Re:Good ploy... (Score:5, Interesting)
The only threat here is if the Office files themselves (and things you want to do on the Internet, etc.) require Palladium. But that would lock out more than just Linux users, it would lock out anyone without a Palladium PC, Palladium Windows, and Palladium application(s). So for Palladium to effectively kill open source in general and Linux in particular it will have to become so ubiquitous that everyone needs it even more than they today need Office or IE compatibility. And that will not happen until everyone who is currently happy with their PC, OS, and applications find a good reason to replace them all with Palladium versions, and that won't happen untill Palladium becomes ubiquitous enough to effectively require it, etc. It's a classic chicken-egg problem, and I fail to see the Killer App that's going to make everyone throw away perfectly good computers and upgrade to Palladium systems. It's either everyone upgrades overnight or it fails to take hold.
Even if every new PC sold from now on is Palladium-compliant, what do you do about the installed base? What Killer App makes them all upgrade? If my bank requires Palladium, I'll switch banks; enough folks do that and the remaining banks won't switch to Palladium. If all new CDs require Palladium, the most they can expect of me is that I'll buy a DRM-compliant CD player and use the analog output to "pirate" the music for my car and computers. Lots of people forget that today's cheap analog is far better than the best you could buy at any price 20 years ago; if you don't have super-d-duper amps and speakers you won't notice the difference; you certainly won't notice it in your car at 60 MPH. Hell, most MP3's introduce more distortion in their compression than you'd get taping the analog outputs! Don't fear analog, folks.
So unless you can show me the Killer App, I predict Palladium is as dead as Digital Video Express (Divx [com.com], not DivX [divx.com]).
Re:Good ploy... (Score:3, Interesting)
Nothing ... initially.
But here's the problem: Microsoft and the hardware manufacturers can introduce Palladium versions of their hardware and software that will interoperate with non-Palladium versions. As long as people don't lose anything, they'll happily buy the new hardware and software. But once enough people have that, they can change the specs. So suddenly, the hardware manufacturers start making Palladium hardware that won't work with non-Palladium operating systems. Since most people by that time will be running Palladium-enabled, signed operating systems, they'll be able to get away with this. They may still offer non-Palladium hardware but they'll charge extra for it.
So now, suddenly, the cheapest hardware out there is also the most restrictive. And again, since most people will be running Palladium-enabled and signed OSes by that time, this won't be a big deal (in fact, most hardware comes with the OS preinstalled anyway, so the issue of Palladium-enabled OSes will be very minor).
And once that happens, hardware that can run Linux and other open source OSes will suddenly get a lot more expensive, which means that those OSes will all but disappear. Eventually the cost difference for "libre" hardware will be higher than the cost of a Microsoft Palladium-enabled OS plus whatever you might install on it for server use, and then Linux will start to disappear from the server as well.
Still think Palladium is dead?
Re:Good ploy... (Score:2)
I mean, it's nice that you think that people will never move away, but that doesn't mesh with history. Lots of websites require Javascript, and there aren't always alternatives. Gopher is long gone...I can't visite gopher-only sites any more. I don't use Windows much, but I suspect that people still using Windows 95 are pretty much out in the cold when it comes to using new games.
good insider view here... (Score:5, Informative)
-- -- -- --
I can see it now ...... (Score:2)
I authorized RMS/OSS/FSF to be the only software to run on my new Palladium system, and now it won't boot.
"Microsoft Apoligist" (Score:3, Informative)
It's always been the same, and always will (Score:3, Interesting)
Re:It's always been the same, and always will (Score:2)
Of course, I'd like to point out where trying to exclude Linux folks got the DVD Consortium. Palladium is better designed, and nastier, but the payoff for breaking it is also higher.
Time for a new name... (Score:5, Funny)
Fee-C's (Fee-based Computers)
How about this? (Score:5, Interesting)
Given that, I've read all of these articles floating around and in principle I have no problem with a system of authorized applications.
However, the one thing I haven't seen is any indication that I myself will be able to authorize programs on my own computer. In my opinion, this would allow geeks to play with their own programming, download open source projects, etc. while still enjoying the knowledge that unless a program has been authorized by a signature authority or by themselves, it's not going to get a toehold in their machine.
If I'm beholden to the authorities to approve what I want to use, then I'm never upgrading. If however I'm allowed to authorize anything I might write or download then I don't have an objection to the principle.
The devil is always in the details, however.
Re:How about this? (Score:2, Insightful)
Your last statement
For the record: I hate this whole idea, I have read a good deal about this, and always come to the same conclusion: Microsoft is NOT about making good software, they are about SELLING THEIR software. In other words, this has to be about money, either for Licensing keys, or by adding restrictions that keep folks buying their software.
I've seen it over and over and I'm tired of it... (Score:5, Informative)
Not to nitpick, but I AM tired of it... the Palladium was a small statue of Athena in the city of Troy, not Athens - it was stolen by the Greeks very near to the end of the Trojan War. It was the basis for the whole Trojan Horse bit. The explanation the Trojans received when they found the horse was that the theft of the Palladium by Odysseus had so infuriated Athena that the Greeks had left the horse to appease her wrath. The idea was then implanted in the Trojans' heads that the Greeks very much did NOT want the horse dragged into Troy, for then Athena would favour the Trojans and might kill all the Greeks on the way home. (Which, ironically, she and Poseidon largely did anyway.) The Palladium is generally held to have been taken by Aeneas on his flight from Troy to Italy, or maybe by Diomedes to Sparta, but never Athens.
code signing (Score:3, Interesting)
# emerge mozilla
part of the process is for portage to fetch a copy of the source code and compare the MD5 signature against the MD5 signature that I received from a different location (in this case, the portage / rsync mirrors. This actually bit me once, when I submitted a package that retrieved a dynamically created
Microsoft is not alone in this initiative - and if the article is right when it says MS will be out of the code signing business completely, this might help the situation. But I really don't see them being all that friendly to non-partnered code-signers.
Re:code signing (Score:2)
There could come a time when Windows will only run on this type of hardware, and you have to run Windows because of the MS monopoly, therefore consumers will have little choice if they want to stay in the mainstream (ie: read websites developed with MS products, download movies and music, exchange Office files)
Re:code signing (Score:4, Insightful)
Nobody is forcing you to use MS, they just might offer the only practical solution.
There is nothing wrong with being a far better supplier then everyone else, and MS has done an excellent job of providing a solution people want to buy.
Re:code signing (Score:2)
I could; I know enough about computers to do so. John Doe i'm not so sure about.
Nobody is forcing you to use MS, they just might offer the only practical solution.
Sure, any major OEM usually tells you; "You can get it with Microsoft Windows or Microsoft Windows". So nobody has a gun to my head, and surely they aren't forcing me to use Windows but again "You can get Windows or Windows" are my choices.
There is nothing wrong with being a far better supplier then everyone else, and MS has done an excellent job of providing a solution people want to buy.
I don't want to buy windows but should I purchase a new machine instead of building my own and it happens to be x86 arch I most likely will have to buy windows. Even though I might not want to it's included in the cost of the PC. So I'm buying it anyway. That's an excellent job at locking the market in by locking OEM's in and not giving people choice. There isn't one solution I can think of that Microsoft has provided without it's quirks or that was stolen from someone else.
Microsoft is just a bunch of lawyers/criminals and mediocre products. They don't give a shit about security or quality or any of that. It's about how they can get any warm body hooked on their IV system. So far, they are doing quite well.
Re:code signing (Score:2)
I couldn't say it better myself.
The only thing to add is that is exactly what they should be doing.
Re:code signing (Score:2)
Muggers do an excellent job of providing a solution that people want to take, as well.
Re:code signing (Score:2)
Completely different (Score:2)
What's different about Palladium is that the authors can NOT sign the checksum. They can't create a checksum in the first place. Only MICROSOFT can make that checksum, and if your software differs from their vision of what they want running on your machine, then you won't be able to get that checksum. Further, if you don't HAVE the checksum, you will NOT be able to install that software, period. You may not even be able to view it.
Re:code signing (Score:2)
First, MS may *allow* other CAs, but undoubtedly have agreements with a few as to criteria used in selecting okay software. Guess which ones are going to be "trusted by default" in shipped versions of Windows...yup, the "MS partners".
Second, this ensures that Open Source development is much more difficult and may be monitored -- applying for code signatures frequently costs time (if not money).
Third, this gives MS a nice foothold into the juicy, lucrative DRM field.
The Best Quote From The Article (Score:5, Insightful)
Are you kidding me? Planned obsolescence? Squeezing consumers dry with each "upgrade"? Bundling an insecure scripting language with almost EVERY product it produces, thus singlehandedly giving the antivirus industry a job? Snuggling closer to content providers every day at the expense of individual users' rights? Further solidifying its monopoly, even after it was supposedly "disciplined" by the DOJ?
Maybe this guy sees something I don't. ;)
PrisonerCX
Java support (Score:4, Informative)
Ironically, we had MS people on site for over a year to gather 'requirements' and help 'influence strategy'. There's no real question that this was by and large ignored - a small insight into what perhaps has been one of the most dramatic examples of contempt for customers ever exhibited by a major corporation.
Re:The Best Quote From The Article (Score:2)
(Some reasons for using linux are not technical.)
Big deal (Score:2)
I'm about as sceptical of Microsoft as the next slashdotter, but these conspiracy hysterics are getting ridiculous.
I'm all for having crypto acceleration in PC chipsets. That can only mean better security for the individual (until they discover the inevitable NSA backdoor, anyway).
As for Windows refusing to install unsigned software, fat chance. If they really do that, we can expect a lot more users and former Windows software developers in the Linux/BSD camp very shortly.
Re:Big deal (Score:2)
I think we all know how willing MS is to give up markets, so they will obviously support non-Palladium hardware, thus "legitamizing" the platform. Palladium will be relegated to a niche market of people who really need hardware encryption and have no reason to distrust the NSA.
Moved to the pay site (Score:4, Informative)
Try this link [newsbank.com]
The Big Problem with DRM (Score:5, Interesting)
And if history is any indication, what will the signatory barrier be? Just a "reasonable" fee...
The trust/freedom dichotomy is the biggie. If there were a way to resolve that -- perhaps the "2600 can sign things" idea mentioned -- letting DRM come is not a big deal.
Re: (Score:2)
I don't Understand (Score:3, Interesting)
Why do we need all these digital signatures and systems for allowing code to run? I don't have any problems manually figuring out what I think is worthwhile on my system, it all takes place in my head and doesnt require any fancy Linux commands or anything.
I certainly don't have any "spyware" running on my system. Can you MS Windows users tell me, is the world that much different for you? What is it about windows that would make you need all this crap I am doing fine without?
Of course I've only seen one or two unrequested pop-up windows on the web and that was quite a while ago, I hear they are a problem for IE users as well
Re:I don't Understand (Score:2)
Maybe you don't, but a lot of people out there would need it, regardless of whether they use Windows or Linux or anything else. Don't try to tell me that you don't know anyone like this [theonion.com]. (In fact, humor aside, I'm fine with the whole thing. Paranoia isn't my thing.)
When will we reach the point... (Score:4, Interesting)
Once code verification has been inserted into the CPU, arranging it so code HAS to be signed in order to be parsed. What happens when laws are passed requiring all CPUs faster than X gigaflops to have mandatory code verification?
Can we trust Microsoft? (Score:2, Interesting)
This question can be answered merely by shortening the title: "Can we trust Microsoft?"
Ummm no thanks.... (Score:3, Interesting)
Palladium is great (Score:2)
What Palladium will not succeed at is kill off the competition. If Intel were foolish enough to make code signing mandatory, there is plenty of non-Intel hardware that won't have these mechanisms built in, and there will continue to be because without such hardware, out world would come to screeching halt.
And what Palladium won't be either is a magic bullet for security problems. Those are still human problems, and they still need to be fixed one at a time.
What Palladium isn't either is novel. These ideas have been kicking around for a long time and nobody has been foolish enough to implement them. Microsoft is continuing their habit for taking old, discarded ideas and shoving them into Windows; Windows is quickly becoming the dustbin of history for discarded ideas in computer science.
This is BOTTOM UP design (bad, very bad) (Score:4, Interesting)
Obvious Solutions/ Some Observations (Score:5, Insightful)
1. Write an application that runs unsigned applications. Sign that app, never sign anything else again.
2. OK, let's say you have to sign every process. That means you have to sign every version of a DLL. MSFT won't just be alienating OSS developers if that happens.
3. Under this regime, security is only as good as the CA. Sure, some CA's will charge a lot of money because they are "reputable", but how hard/expensive is it to run a certificate server anyway? From what I've heard, not very. It's just that nobody does that now because there isn't a need. Something like this would just cause orgs like the EFF, GNU, perhaps others to run free CAs, or even CAs the are dummies designed to fool the OS into believing the software is signed. Then the orgs and MSFT can sue eachother for a few years, and by the time the case is settled it'll be a 1 inch blurb in the business section and a few lawyers will have new Lexus automobiles. Nothing new here.
I don't know about you guys, but I never even bother reading those little pop-ups that come from signed code, even when it has an error, and I have never been compromised by such code. Why? Because trusting code you get from ibm.com is safe, and trusting code you get from deadalienhacker.org isn't. In other words, security is verified by the reputation, integrity, and character of the authors. My... what a novel concept. :)
What if you can't choose? (Score:2)
Appease only part of Hollywood I would think (Score:3, Interesting)
Some interesting information... (Score:4, Insightful)
Why would an employee who specialized in content protection for Sony/Time-Warner etc. suddenly be interested in keeping "people secure on the Internet"? It seems far more likely to me that he'd be much more interested in DRM and control.
Why wouldn't we trust Microsoft? The better question is "Why would we trust Microsoft?". MS is a convicted monopolist (the only thing left is to determine the penalty) and a convicted copyright thief. MS has had a pattern of never inventing or creating anything but instead either buying or stealing it. MS has never before acted in the public good but only for the good of MS. Why would it change now? The answer is, I'm afraid, "It wouldn't.
I've got an idea (Score:2)
Re:I've got an idea (Score:2)
Instead of posting the same vague tid bits about Palladium over and over, and letting the
The same guarantee stands.
Turning off DRM (Score:4, Insightful)
"If you turn it off, then you are an island," says Perens. "You can't communicate with others. Everyone will be using this DRM, and you can't view Web pages."
This is a real worry - not that you won't be able to turn it off, or run Linux/*BSD/whatever and ignore it, but if you do that, then all of the content (email, web pages, documents, etc) created by all of the people who have not turned it off will be unreadable by you.
It's like avoiding email - sure it cuts down on your Spam, but it also cuts down on the legitimate messages you get.
And that's where it gets scary. I'm a UNIX administrator, but I keep a Windows system because there aren't as many games out there for Linux. The same thing - you may want ot be a holdout, but if you can't read 90% of the email or view 90% of what you want to see on the web, you may adopt it just because your other option is "almost nothing".
=Blue(23)
Re:Turning off DRM (Score:2)
DRM Platform (Score:2)
Microsoft denies that Palladium is a Trojan horse that will allow it to slip DRM into computer systems. "Turning Palladium on is not the same as turning DRM on," says Biddle.
No, but if DRM relies on Palladium's encryption hardware, then turning Palladium OFF will sure as hell be the same as turning DRM off.
On a releated note, the encryption is supposed to be public key. Presumably the private key stays embedded in the hardware, and the public key is... where? Provided by the CPU to the OS? Perhaps with a Cert Auth like Verisign? Or with Microsoft? If the encryption algorithm is well known, what's to keep an enterprising young warez d00d from generating a new key pair and emulating the hardware? If I build everything on the box, I control what goes out over the wire, so I can scam signatures off of a valid set of binaries. Just because I *have* valid binares doesn't mean that's what I'm *running*.
If the algo is not well known, forget the whole thing since it'll be cracked in a month anyway.
Just remember, Darth Hollings... (Score:2)
(with apologies to George Lucas, I just couldn't resist...)
MSNBC losing its objectivity (Score:2)
Why MSNBC pulled the article-no, it's not bias.... (Score:5, Informative)
It's a Newsweek article.
Newsweek charge for archive access.
The article is now over a week old, and has been moved to their archives.
Simple. If you want to get the article, you can still buy it from Newsweek for $2.95, or for a lot more if you want access to their entire library of stuff.
You can still find it if you go to www.newsweek.com , and search the archives for Palladium.
Simon
what if palladium breaks? and other thoughts (Score:2, Interesting)
What if someone cracks the security on it? There will be millions of people who were trained into thinking "Palladium will protect my data, I don't have to worry about it." Suddenly, they'll have all their data exposed to some script kiddie, because "it's fine to share your entire hard drive on the internet; Palladium means nobody will be able to read it anyway."
Also, what about the extra cost we'll have paid all along for Palladium-enabled hardware? What a waste! Wait for the lawsuits.
I can only hope that Apple doesn't join in; right now, it's the only other "mainstream" option out there (i.e. I doubt I could convince my mom that she needs a Sun box). We need to keep a non-Palladium option open, one that regular users won't be afraid of. That's the only way we have any hope of avoiding Palladium (if M$/Intel/AMD keep pushing ahead with it).
How long before an undernet develops, with just open-source non-Palladium software and hardware? It'll be the Internet for the /. crowd.
Microsoft has not explained any consumer benefits (Score:2)
solve *any* problems that users have today, in any manner that cannot be solved with software alone that already exists. What is does do is
define mechanisms whereby third parties can
easily restrict what you can do on your own machine.
Honestly, encrypting the video signal from your PC
motherboard to the display provides absolutely no
benefit to the user. How often have you found
criminals or terrorists intercepting the wires behind your PC on your desk? Gosh, it must happen to me at least twice a week. I wish I could
encrypt the video signals so no one could tamper with them. Yeah right. But hey, it will keep
Hollywood from letting you watch movie clips
on your PC. Oh boy, they really are looking out
for my best interests.
It is so totally obvious that the only 'protection" provided by Palladium is
for Hollywood and the BSA. I find it insane that people are arguing the merits of this, when no
compelling user benefits have been offered
by the makers.
In the future, I would in fact like to have a way
to securely store and execute my code on other
people's server hardware, without giving them access to it. However, there is zero evidence that Microsoft will ever actually offer this as a service, and zero evidence that they will allow other people to offer this as a service either. I can think of several ways to
provide this service in reasonably secure ways using existing technology today, however, and without selling my own soul to Microsoft.
Microsoft has already given you a good taste (Score:2)
You don't have to speculate on what life with
hardware Palladium is going to be like. Microsoft
has already given a nice taste of how they are
going to play nice with Hollywood, and give you,
the user, the bum's rush.
Last year I got a IBM Thinkpad laptop running Windows 2K. It had in it a DVD player drive.
I was in Japan, so I wanted to play a Japanese
DVD. Yes, it had a non-North-America zone code.
So I put it in the DVD player, and I was told that
I could not play the DVD, because it was not the
right zone.
The driver control planel has an option to change the international zone for the DVD. So I set it to
Asia. A warning dialog comes up and says
(to paraphase) "You have changed the zone on your
DVD player. We will let you do this two more times. After that the DVD player will be disabled, and you cannot re-enable it even
if you re-install the operating system. It will
be slag. Fuck you, you fucking video pirate!"
Well, it didn't use those words precisely, but the effect
was the same. The hardware was telling me that I was a thief and it would self destruct. No appeal,
no mercy, just the word of Microsoft.
If you think Microsoft is going to do things
differently when then own the whole CPU, keyboard, video, and disk drive, you better think again. Wake up, you sheep!
We need to change to rhetoric here (Score:2)
If people accept Microsoft's rhetoric, that
Palladium is about providing "protection", then
we have already lost the battle. It is like
conceding the term "Pro-life" to the opposition in a debate on
abortion.
Palladium should instead always be referred to
in more precise technical terms; it serves to
"restrict" capabilities of the user's hardware.
Always use the word "restrict" and Palladium in
the same sentence. Don't refer to protection, since
protection of the user's interests is only a possible but unlikely application of the technology. The protection is clear for Hollywood, but totally absent for the end user like you and me. The goal is to stop your
PC from being able to process any data
except under the terms of the organization
who encoded it.
The
technology is all engineering ways of restricting the user's
access to their own hardware. Don't forget that,
and you will have a much clearer picture to present
to people who are curious about this technology.
What I think is interesting.... (Score:2)
It is worthwhile to note that many individuals who have made great contributions to the computing community (both in hardware and software) had made great strides to that end WHILE they were nobodies. If they had been limited in what they could do before they earned the trust of some corporate entity, probably less than half of what we now take for granted today would even exist. Or do we now think that everything worthwhile has already been discovered? It occurs to me that we've been down a road in the past where a similar idea was prevalent. I doubt it's any more true now than it was then.
This has nothing to do with Microsoft trying to kill open source, it has everything to do with some company placing limits on the human creative spirit when it comes to using a computer as the medium for expression. Paladium discourages independant creative thinking, and for that reason, if no other, it must not be allowed to materialize.
Nitpick on the Salon Article (Score:3, Informative)
I further disagree with Mr. Perens as well. The content is all that will be limited, not the computer. The computer will not be limited in any way. You can boot into untrusted mode and use whatever you want. The content, on the other hand, may require the use of trusted mode. That simple.
Comparison to signed ActiveX controls (Score:3, Informative)
Relying on 'signatures' to protect you is falso hope. Check on www.microsoft.com, search for "ActiveX Security vulnerability" using ALL keywords. You'll get 100 hits back, and the search cuts off at 100, so I don't know how many there are. Yes, the Java security manager had holes (these holes were eventually plugged). But at least there were limits, like a hole in the dike instead of it collapsing. How many IE holes were because certain ActiveX controls were marked "safe for scripting"? So this ActiveX had the run of the system. The controls are signed, but what's stopping a rogue person from obtaining a certificate ad releasing a bad ActiveX control (or a bad app). I remember someone did this, had a certificate and made code that was a proof of concept (I don't remember, I think he wrote soemthign in teh Run key, and you saw a message every time you started up). I also remember when someone pretended to be from Microsoft and obtained a key? Yeah, MS released a patch invalidating the key, how many folks didn't install the patch? Is there code out there with that key? If they can't even hold on to their keys, how can you trust them?
How do you protect against bugs? Outlook wasn't intended to be malicious, but look what happened. MAJOR design flaws in Outlook, and how it's integrated into the system (a great deal of virus damage can be traced to the fact that Explorer by default doens't show extensions, and Outlook picks this up). Neither was sendmail, how many bugs came from that? OK, sendmail's signed now, I can still root you. Is a signed IIS any less vulnerable to Nimda? Is all the KaZaa spyware gonna get kicked off casue of this? Nahh, it's all gonna be signed.
This is where a sandbox mentality is best. Something like the jail and chroot syscalls. Limit the damage that can be done to the system. Have all syscalls be available to be jailed, something like the security manager in Java. Have IIS be jailed to not be able to use connect() to dial out to other servers, jail the ability to make files anywhere other than a log-root, so it can't make startup files in
A big problem with Paladium this it turns people into vertificate validators. How many folks do you know who know how to read a key? It's gonna be either accept all, or accept none, depending on what the default is. And if you accept, you're still making you're system succeptible to bugs and trojan horses.
This just seems, to me anyway, to be Microsoft's way of pushing new software and hardware. I don't see it helping folks much.
Kuro5hin discussion (Score:3, Informative)
noticed that also (Score:2)
I think what the author really meant was a car that was governed to the speed limit.
- adam
Re:Speed governor? (Score:2)
Re:Speed governor? (Score:2)