Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Gates and Lasser on Palladium 411

A rather funny juxtaposition this morning - Bill Gates or someone with his signature stamp sent a spam-gram to pretty much everyone who receives any sort of Microsoft email: Bill only mentions Digital Rights Management in one throw-away sentence. And like most other spam, he promises it's a one-time mailing. On the other hand, Jon Lasser of Think Unix fame takes a harsher look at Microsoft's vision of a world where your computer is trusted against you.
This discussion has been archived. No new comments can be posted.

Gates and Lasser on Palladium

Comments Filter:
  • Ahhh (Score:4, Funny)

    by Chetmurray ( 216997 ) on Friday July 19, 2002 @01:40PM (#3918268) Homepage
    I would never would have thought MS would spam, that is something only desperate companies do.

    And here I thought that was a personal note to me. I have spent the last three hours writing my personal reply. Guess I will just send it to this nice Nigerian man who just emailed me, he just suffered a personal tragedy and seems to need some support.

    Chet
  • by sllort ( 442574 )
    The way every talks about TCPA/Palladium, you'd think it was the biblical mark of the beast. "A single, remote authority with the ability to delete random files off my hard drive? Call the Free Speech Police!"

    The problem with everyone's understanding of TCPA/Palladium is that there won't be a single authority (flying Black Helicopters over your PC at night). Big companies like IBM (and especially the government) may use it for document control, but that's about it. What Palladium will do for the world is:
    • End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
    • End the trojan horse/worm problem
    These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.
    By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.
    If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
    • by Telastyn ( 206146 ) on Friday July 19, 2002 @01:49PM (#3918341)
      Until of course the remote server is comprimised and suddenly explorer.exe is an untrusted binary and every windows machine in the world shits a brick.

    • by dusanv ( 256645 ) on Friday July 19, 2002 @01:50PM (#3918348)
      Did you read the articles at all? It is plainly said that Palladium will not eliminate application layer virii. That means Joe Sixpack *will* be getting more Outlook & Word virii. What he won't be able to do is to watch unlicensed content. It is plain that this has nothing to do with Joe Sixpack's security but only with content protection Hollywood and total control by Microsoft.

      The problem with everyone's understanding of TCPA/Palladium is that there won't be a single authority (flying Black Helicopters over your PC at night). Big companies like IBM (and especially the government) may use it for document control, but that's about it. What Palladium will do for the world is:

      * End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever...


      You are contradicting yourself in mere two sentences. No black helicopters? They don't need them. THe server you mention later is *way* better. Whoever controls that server - controls your PC.

      Cheers,
      D.
      • (* It is plain that this has nothing to do with Joe Sixpack's security but only with content protection Hollywood and total control by Microsoft. *)

        I never figured out how home movies would be allowed through. If people find out that they cannot send home movies to Grandma, things are gonna fly.

        Another thing, if the security is based on firmware, it is quite possible to have a bug or two that some hacker can exploit, allowing anything to be "signed". Would we have to upgrade chips to see new content because old ones have been compromized?

    • by cioxx ( 456323 )
      If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?

      I would rather be bombarded by viruses than have my hardware sign off my hardware and sanity to big corporations so they can tell me what to do, and how to use them.

      Ask yourself this question: "Would you rather drive a Ferrari in a prison, or Honda Civic out in the city"
    • Did you even READ the damned article?

      Most of the vulnerabilities represented in the article execute inside the already-authorized binary. Palladium will not prevent or fix that problem. Palladium can stop unsigned binaries from being run and provide a measure of content control, but not prevention of vulnerability or risk.

      AFA Linux goes - more likely than not, Linux won't run at all on Palladium hardware...and besides, do you really want to start counting how many Linux viruses there've been vs. the number of Microsoft Windows ones? I didn't think so.

      Palladium in the home sector is just BAD BAD BAD. I don't want any of it. None. It's too bad short-sighted people like you are so eager to adopt a fascist draconian design in the false veil of added security.

      sedawkgrep
    • Anyone want to bet on the time before there is a virus that appears as if it was signed...
      That blew that benefit for Joe Sixpack
      Leaves only the benefit for Big Corp Inc. No more of that commie Linux thingie
    • End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever


      Ammend that to:
      End the untrusted Windows binary problem.

      OpenBSD users have been using trusted sources for a long time with the signed_exec kernel patch. I imagine that there are equivelents in most *nix.

      So remember, just because it's a problem in Windows, doesen't mean it's nesesairly a problem with more robust operating systems.

    • People wouldn't be so paranoid if this were being discussed more as an option and not somthing hardwired into future hardware and OS versions.

      I'll decide what I consider acceptable risk. I've been working with computers for 18 years and havn't had anything I couldn't handle. In fact every problem I have had was a issue with a security hole in a Microsoft product. Now Microsoft is pushing that the only solution is to give somone else the power to monkey with my computer and decide what I can store/run on my hard drive. Get real.
    • by wirefarm ( 18470 ) <jim&mmdc,net> on Friday July 19, 2002 @02:50PM (#3918767) Homepage
      The way every talks about TCPA/Palladium, you'd think it was the biblical mark of the beast.

      No, it's the Business Plan of the beast.

      * End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
      * End the trojan horse/worm problem


      No. Sorry. I don't want Microsoft scanning or reading my mail. I trust them less than I do the virus writers.

      Most of the problems with Windows arise from programs that Microsoft *trusts*.

      Why not give me a Windows mail client that *cannot* run embedded code of *any* kind?
      I can live without JavaScript in my email.
      I don't need IFrames in my messages.
      I can save attachments to disk before opening them - so can Joe Sixpack. Do that much and you probably don't need Palladium.

      These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.

      Joe Sixpack really doesn't matter to Microsoft. Business and Government users do. The thing that stops many business from switching to a real operating system is not the availability of commercial software, it's the dozens of little in-house-developed apps that companies use.
      Very often these apps have been written by long-gone consultants who left neither the source code nor a forwarding address. So what does the company that uses these apps do? Can they arbitrarily sign the apps and let them run on Palladium-capable machines? If so, can anyone sign any bit of code and make it run? Sort of defeats the purpose, so I guess they won't be doing that...

      By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.

      You're missing a small point about Linux: If you have Linux, you also get the source code. If you make a change to the source and recompile it, it's no longer signed. Patching and recompiling is a necessity that they are not accounting for in this plan.
      This attitude is dangerous and irresponsible on their part - Go read that story on the spread of Code Red from yesterday - Within hours of the attack, people were writing fixes and workarounds. What if none of these fixes ran, because they weren't properly signed by the original author?
      Also consider the following: IIS at the time could have been signed and still been just as vulnerable. Code Red used 'Out of the Box' virgin copies of the programs as written by Microsoft and still wreaked havoc on the net. Palladium would have done little if anything to stop this.

      Two points:
      1.) Microsoft is offering a false sense of security.
      2.) Microsoft is offering a false sense of security.

      If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?

      Do you *really* believe that Linux gets so few viruses now merely because of its smaller user base? One big difference between Linux and Windows is the permission scheme - you can only do what you are allowed to do in Linux. You can't read/write/execute files where you don't have rights. Linux programs run as users - if you don't trust the program, run it under a user with few rights. It's not perfect, but better than what Microsoft is offering.

      Now go to a Windows Machine (95/98/ME - others too?). Boot it. When the login screen pops up, hit escape. Hit 'start', 'run' and type 'regedit'. Change whatever you like. That is not good. Microsoft decided that a lack of security was what the user wanted, then later decided to fix this with a bunch of cobbed-on hokey 'enhancements' that do not correct the original problems. Maybe XP and 2000 fix this somewhat, but I wouldn't know - we have 4 XP laptops at my office that I spend LITERALLY an hour a day maintaining for the users. (Wireless networking problems.) No matter how good the OS is, if it doesn't do basic things for my users, it's less than useless - it's counterproductive.

      Microsoft is again waving around their heavy hand and people are frightened that they are going to screw things up even more - I know that I am...

      Cheers,
      Jim in Tokyo
      (Go ahead, mod me 'overrated' - I no longer care...)
  • The Hipocracy! (Score:4, Insightful)

    by FortKnox ( 169099 ) on Friday July 19, 2002 @01:42PM (#3918281) Homepage Journal
    No, not of MS, but of Slashdot.

    When someone mentions they gave up Linux for Windows (don't feel like searching for the link, but it was a story last week), everyone on slashdot supported MS, and ran against Linux.
    But, a few stories later, we find ourselves reaming MS.
    Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar.

    I'd like to suggest what someone suggested in the "give up linux" article.
    We need to STOP railing MS, and start boosting Linux. I don't want Linux to be successful if the success is based on dirty marketing against MS.

    What's worse is this wasn't even submitted to slashdot, its an editor attempting to push MS into a story so we can all moan about it.

    I think it'd be in Linux's best interest if Slashdot didn't write anything negative about MS, just tech updates or whatever. It'd be a lot more mature than the dung-flinging that goes on here.

    This hypocracy is just as bad as putting restrictions on users and preaching online rights...

    BTW - I'm expecting a being modded down, especially editor moderation (how do you make a broken moderation system, worse? Absolute power, of course!), I'm just venting some steam (and losing some karma).
    • Re:The Hipocracy! (Score:4, Insightful)

      by Peyna ( 14792 ) on Friday July 19, 2002 @01:47PM (#3918321) Homepage
      Slashdot = tech community != linux community. Just because there are a lot of Linux zealots that post on slashdot doesn't mean there aren't many other folks out here.
      • Re:The Hipocracy! (Score:2, Insightful)

        by sehryan ( 412731 )
        I agree, there are probably many, many users who are not linux zealots. I am one of them. But that isn't the root of the problem.

        The problem comes in that the editors of slashdot *ARE* linux zealots. And because of this, anything that Microsoft does is always posted with a negative tint. Even if the original poster is trying to be objective, the editor will stick his $0.02 in, basically to rattle the cage of the other zealots on site. The icon for an MS story is Bill Gates as a borg, for crying out loud!

        That was what the parent was trying to get at (I think). Editors trolling MS stories and using degrading icons aren't exactly helping improve the image of slashdot (or linux).
        • Re:The Hipocracy! (Score:2, Informative)

          by FortKnox ( 169099 )
          Yes. You are hitting one of the MAJOR points in my argument.

          Unfortunately, this is my last post for the day (yeah, slashdot determines how many posts per day I get, and I only get 10), so I can't argue with any other points until tomorrow.

          Thanks to the editors for determining how many posts it'll take to defend my position!
    • Limiting the number of posts per day is censoring. What was wrong with them hidden at -1??

      No, its not. They can still post as an anonymous coward.

      Limiting posts per ip, however, is bad.
    • Umm, no (Score:5, Insightful)

      by dant ( 25668 ) on Friday July 19, 2002 @02:04PM (#3918462) Journal
      Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar

      Who here do you think wanted MicroSoft to address DRM in the operating system? I'd guess almost nobody.

      Who here do you think wanted MicroSoft to address the 'problem' of users having complete control over their own machines? Again, nobody.

      I see no change in attitude here at all. The Slashdot crowd has always disliked DRM and giving Bill the keys to your computer--and that's exactly why there is so much anger at Palladium.

      And while I agree with you that we'd be better off boosting Linux than trashing MicroSoft all the time, you still have to point out significant dangers when you see them.

    • Re:The Hipocracy! (Score:3, Insightful)

      by ajs ( 35943 )
      When someone mentions they gave up Linux for Windows everyone on slashdot supported MS, and ran against Linux.

      Not I, but that's sort of beside the point.

      But, a few stories later, we find ourselves reaming MS. Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar.

      Adressing the subjuct really doesn't do anything. We're concerned about the prospect of OS/hardware DRM and the many possible abuses thereof, not the arm-waving of a convicted market-manipulating monopoly. The simple fact is that MS cannot be trusted, just as Enron cannot be trusted, but that too is beside the point. If Red Hat and Intel were colluding on DRM I would be worried too. This is the sort of thing that could lead us down the road to hardware that does not allow us to write our own drivers or run our own operating systems. It gives large companies (like MS) the hooks to start abusing competitors (especially open source).

      Personally, I just don't see this article as being anti-MS so much as anti-corporate. When has Slashdot ever flinched from that possition? What shocked you about that? Did you come to slashdot expecting Forbes?
    • Re:The Hipocracy! (Score:4, Insightful)

      by jd142 ( 129673 ) on Friday July 19, 2002 @02:11PM (#3918520) Homepage

      Learn how to interpret what you read.

      Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar.

      No. The main gist of the responses is not that they are upset that MS has addressed the issue, but the way they have addressed the issue.

      If I said, "Killing little girls is a bad thing, it should be stopped," and you responded by saying, "You are right, it is bad. I know, we'll stop it by using sex selection to make sure that only male embryos are brought to term." I would get mad at you not for addressing the issue, but for the idiotic solution. That's what is happening here.

    • "Now MS tries to address subjects YOU WANT THEM TO ADDRESS, and the linux community is in an uproar"

      I think the point of the "uproar" is that most of us don't believe that Microsoft is trying to address subjects that we want them to address. Most of us feel this is an attempt to cater to Hollywood and the music industry and possible even kill open source.

      We really have no reason to trust Microsoft. This corporation is totally unrepentant of its past crimes and continues to engage in unacceptable monopolistic practices.

      Bottom line: It would truly be foolish to embrace anything that Microsoft does with open arms without first carefully scrutinizing its actions. The uproar you are complaining about is part of the scrutiny. I give the Palladium scheme a big two thumbs down.

      It IS more about taking control of OUR HARDWARE and limiting OUR CHOICE than it is about security.
    • To be extremely blunt, what the fuck are you talking about, you absolute moron? Last time I checked, I don't think ANYONE wanted MS to come up with something like Palladium!

    • Did you read the John Lasser article? He was a bit closer to the 'correct' track: "MicroSoft? They make keyboards, right?"

      It's a bit stupid to have blinders on. Even if you don't snag code, snagging ideas is not a bad thing. Perhaps MS will come up with some new ideas.

      (BTW, when I needed new keyboard/mouse, I went STRAIGHT to the MicroSoft offerings. I don't care who invented optical mice. I just like the ones MicroSoft makes.)

      Anyway, I'm surprised you have any karma left, given how often you rail against the party line.
    • The Hipocracy... of Slashdot

      I've read this kind of thing before here, and it bugs me every time.

      Suppose you and I are standing next to each other on the street. You say "I don't like that car" and I say "I like that car." Are we hypocritical? No. We are two different people with two opinions.

      If a week ago a bunch of people supported MS plan X and today a bunch of people asserted that it's the work of the devil, there is no hypocracy as long as they are different people.

      There are some 4e5 registered users around here. Some of them are probably hypocrits. Some of the editors might be hypocrits. The only way for "Slashdot" to be hypocritical is for all of us to agree to have a single opinion on all issues.

      Unless some TOS [everything2.com] agreement somewhere has changed, I haven't agreed to any such thing.

    • Is it just me, or are there a lot of posts lately that pop up early in a MS story claiming that we shouldn't say bad things about MS, posts that immeditally get modded up to 5 points?

    • Besides, it's all a waste of time anyway. The open source community needs to halt its collective Palladium whining and do something about it. Palladium as a Microsoft controlled standard will never succeed if there is a superior and more openly controlled alternative.
  • The meat (Score:2, Informative)

    by The Bungi ( 221687 )
    This is not the entire message, but it pretty much covers it. I removed the intro and market spiel and the "What you can do" section at the end.

    It's interesting that I got this since I specifically asked Microsoft to stop sending me *anything* and they complied. At least until now. I guess they pulled out all the email addresses they've collected over the last 8 years.

    -------------

    As I've talked with customers over the last year - from individual consumers to big enterprise customers - it's clear that everyone recognizes that computers play an increasingly important and useful role in our lives. At the same time, many of the people I talk to are concerned about the security of the technologies they depend on. They are concerned about whether their personal data is being protected. Although they know that computers can do amazing things, they are frustrated that their technology doesn't always work consistently. And they want assurances that the high-tech industry takes these concerns seriously and is working to improve their computing experience.

    Six months ago, I sent a call-to-action to Microsoft's 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.

    This is an important part of the evolution of the Internet, because without a Trustworthy Computing ecosystem, the full promise of technology to help people and businesses realize their potential will not be fulfilled. Ironically, it is the growth of the Internet and the advent of massive computing systems built from loose affiliations of services, machines, communications networks and application software that have helped create the potential for increased vulnerabilities.

    There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we're combining passwords with "smart cards" to authenticate users. We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.

    For example, we've historically made our software and services more compelling for users primarily by adding new features and functionality. While we are continuing to invest significantly in delivering new capabilities that customers ask for, we are now making security improvements an even higher priority than adding features. For example, we made changes to Microsoft Outlook to block email attachments associated with unsafe files, prevent access to a user's address book, and give administrators the ability to manage email security settings for their organization. As a result of these changes, the number of email virus incidents has dropped dramatically. In fact, email viruses like the recent "Frethem" virus propagate only to systems that have not been updated - underscoring the importance of updating them regularly.

    We are also undertaking a rigorous and exhaustive review of many Microsoft products to minimize other potential security vulnerabilities. Earlier this year, the development work of more than 8,500 Microsoft engineers was put on hold while we conducted an intensive security analysis of millions of lines of Windows source code. Every Windows engineer and several thousand engineers in other parts of the company were also given special training in writing secure software. We estimated that the stand-down would take 30 days. It took nearly twice that long, and cost Microsoft more than $100 million. We've undertaken similar code reviews and security training for Microsoft Office and Visual Studio .NET, and will be doing so for other products as well.

    THE TRUSTWORTHY COMPUTING FRAMEWORK

    Trustworthy Computing has four pillars: reliability, security, privacy and business integrity. "Reliability" means that a computer system is dependable, is available when needed, and performs as expected and at appropriate levels. "Security" means that a system is resilient to attack, and that the confidentiality, integrity and availability of both the system and its data are protected. "Privacy" means that individuals have the ability to control data about themselves and that those using such data faithfully adhere to fair information principles. "Business Integrity" is about companies in our industry being responsible to customers and helping them find appropriate solutions for their business issues, addressing problems with products or services, and being open in interactions with customers.

    Creating a Trustworthy Computing environment requires several steps:

    - Making software code more secure and reliable. Our developers have tools and methodologies that will make an order-of-magnitude improvement in their work from the standpoint of security and safety.

    - Keeping ahead of security exploits. Distributing updates using the Internet so that all systems are up to date. Windows Update and Software Update Services, discussed below, provide the infrastructure for this.

    - Early Recovery. In case of a problem, having the capability to restore and get systems back up and running in exactly the same state they were in before an incident, with minimal intervention.

    FIRST STEPS TOWARD MORE TRUSTWORTHY COMPUTING

    There is still much work that Microsoft and others in our industry must do to make computing more trustworthy. Here is a summary of some of the progress we've made, six months after my email to Microsoft employees:

    - We have changed the way we design and develop software at all phases of the product development cycle. Our new processes should greatly minimize errors in software, and speed up the development process for new products and services.

    - Software Update Services (SUS) is a security management tool for business customers that enables IT administrators to quickly and reliably deploy critical updates from inside their corporate firewall to Windows 2000-based servers and desktop computers running Windows 2000 Professional and Windows XP Professional.

    - Microsoft Baseline Security Analyzer is a new tool that customers can use to analyze Windows 2000 and Windows XP systems for common security misconfigurations, and to scan for missing security hot fixes and vulnerabilities on a variety of products, including newer versions of Internet Information Server, SQL Server and Office.

    - In addition to providing customers with tools and resources to help them maximize the security of Windows 2000 Server environments, we are committed to shipping Windows .NET Server 2003 as "secure by default." We believe it's critical to provide customers with a foundation that has been configured to maximize security right out of the box, while continuing to provide customers with a rich set of integrated features and capabilities.

    - The error-reporting features built into Office XP and Windows XP are giving us an enormous amount of feedback and a much clearer view of the kinds of problems customers have, and how we can raise the level of reliability in those products - and that of products made by other companies. As part of this effort, we recently created a secure Web site where software and hardware vendors can view error reports related to their drivers, utilities and applications that are reported through our system. This enables the vendors who work with us to identify recurring problems and address them far more quickly than in the past. All of our server software products will incorporate these error-reporting features in subsequent versions of the products.

    - With Microsoft Windows Update, we are completing the customer-feedback loop based on the error-reporting features mentioned above. This globally available Web service delivers more than 300 million downloads per month of the most current versions of product fixes, updates and enhancements. When customers connect to the site, they can choose to have their computer automatically evaluated to check which updates need to be applied in order to keep their system up-to-date, as well as identify any critical updates to keep their system safe and secure.

    - We are working on a new hardware/software architecture for the Windows PC platform, code-named "Palladium," which will significantly enhance users' system integrity, privacy and data security. This new technology, which will be included in a future version of Windows, will enable applications and application components to run in a protected memory space that is highly resistant to tampering and interference. This will greatly reduce the risk of viruses, other attacks, or attempts to acquire personal information or digital property with malicious or illegal intent. Our goal is for the Palladium development process to be a collaborative industry initiative.

    - We've incorporated what is known as P3P (Platform for Privacy Preferences) technology in the Internet Explorer browser technology in Windows XP, which enhances a user's ability to set privacy levels to suit his or her needs. The P3P standard enables a user's browser to compare any P3P-compliant Web site's privacy practices to that user's privacy settings, and to decide whether to accept cookies from that site.

    Identifying and addressing critical Trustworthy Computing issues will require significant collaboration across our industry. One example of the kind of cross-industry effort we need more of is the recent creation of the Web Services Interoperability (WS-I) Organization (http://www.ws-i.org/). Founded by IBM, Microsoft and other industry leaders including Intel, Oracle, SAP, Hewlett-Packard, BEA Systems and Accenture, WS-I's mission is to enable consistent and reliable interoperability of XML-based Web services across a variety of platforms, applications and programming languages. Among other things, WS-I will create a suite of test tools aimed at addressing errors and unconventional usage in Web services specifications implementations, which in turn will improve interoperability among applications and across platforms.

    • There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we're combining passwords with "smart cards" to authenticate users. We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.
    Now this is progress. From actions like these in the computer software industry we can see that they are gradually moving away from the 'hacker' mentality (as in 'hack it together and hope it works') to a more formal design process. Like, software engineering might actually live up to its title!

    And the closer computing gets to more comfortable real-life metaphors, such as using human-orientated media such as eyeballs and fingers, the more comfortable people will generally find the technology.

    Aye man. Innit.
  • The Right to Read (Score:5, Insightful)

    by Kafka_Canada ( 106443 ) on Friday July 19, 2002 @01:46PM (#3918316)
    A nice, and a propos story by RMS, called The Right to Read, can be found here [gnu.org]. Definitely worth the read.
  • by astrashe ( 7452 ) on Friday July 19, 2002 @01:50PM (#3918344) Journal
    I think the community's response to DRM is wrong. I don't think that the analysis of it is wrong -- it's a very negative technology. But I think the response is a little off.

    If MS wants to put the interests of the large media companies ahead of the interests of its own customers, the people who actually buy the computers and the software, why not let them take it to the market? Let's let the market decide what it thinks of that. Let's give them enough rope to hang themselves.

    The thing that we have to worry about is some sort of legal framework that requires all computers to respect some DRM system.

    MS is way ahead on the desktop, and their systems have gotten a lot better than they used to be. The only way they're going to get dislodged from that position is by making a really catastrophic mistake.

    This could be that mistake!

    I think there's a lesson in the current stock market scandals. The big companies can buy legislators. They've shown that they can derail effective regulation of accounting rules. They can set things up so that a crooked CFO who bilks people out of billions and sends the markets into a spiral that wipes out the savings of millions of people gets a lighter punishment than a punk who robs a liquor store.

    But in the end, there's nothing they can do against the force of the market itself. They got cocky -- they thought they could get away with anything. It turns out that they can't.

    Neither can the DRM boys.
    • actually, while the companies with crooked accounting went down in a ball of flame; most of the guilty white-collars responsible for it got out early with millions and are now pleading the 5th in front of congress. Not a single one has gone to jail yet. Anyone wanna place bets on whether any will?
      • I think they will (Score:2, Insightful)

        by jbolden ( 176878 )
        The attitude towards accounting fraud is not friendly. The Senate is ticked and the President does not want to look bad on this issue. DAs and judges are similarly going to be out for blood. To prove to Americans that the problem isn't structural but rather with specific individuals the system is going to need scape goats, that is individuals are going to go to jail.

    • I think there's a lesson in the current stock market scandals. The big companies can buy legislators. They've shown that they can derail effective regulation of accounting rules. They can set things up so that a crooked CFO who bilks people out of billions and sends the markets into a spiral that wipes out the savings of millions of people gets a lighter punishment than a punk who robs a liquor store.

      You know, I began to think about this statement, and realized that what the corrupt corporations are doing is no better than the mob making a living by racketeering. The punk robs a few bottles and perhaps some cash, the mob takes the entire store and sells it at a loss to pad their own pockets. It's really no different at the corporate scandal level.
    • If MS wants to put the interests of the large media companies ahead of the interests of its own customers, the people who actually buy the computers and the software, why not let them take it to the market? Let's let the market decide what it thinks of that. Let's give them enough rope to hang themselves.

      The thing that we have to worry about is some sort of legal framework that requires all computers to respect some DRM system.

      Bingo. That's the danger with "letting the market decide" on DRM. If it was that simple, we wouldn't have anything to worry about, because DRM-restricted technology would die a firey death so horrible it'd make Circuit City's Divx look pretty. Big Hollywood knows this, so in addition to pushing DRM to the major technology players, they're going to Congress to make any technology that doesn't do DRM illegal.

      So we'll get a situation where Microsoft/AOL/Sony/etc. all get the license to provide the legal DRM systems, and anyone who wants to develop any innovative new technology will have to get the blessing from the DRM priests before they can bring that technology to market. If you thought corporate technology monopolies were bad before, wait 5-10 years.

      • Does anyone remember the fight over the clipper phones? The clipper system used mandatory private key escrows. The idea was that if you bought a clipper phone, the secret key would exist in a government db somewhere. If they wanted to wiretap you, they'd just have to look your key up and decrypt the signal.

        It wasn't a rejection of the clipper ideology that sank the proposal. It was a proof that it would be possible to build counterfeit clipper phones that would interact with the system. The NSA screwed up, they built a system that wasn't strong enough.

        It seems to me that palladium would face a similar challenge. How do they differentiate between a rogue board that pretends to be palladium compliant and a real one? Especially in a world with flashable BIOS?

        What's to stop people from buying boards that will be palladium switchable? If you want to run Windows, you can set the BIOS one way, if you want to run Linux, you can set the BIOS to disregard it?

        Or what's to stop people from making boards that accept any signature without checking it? MSs software would think it was on a palladium compliant system, but you could run whatever you wanted.

        • It seems to me that palladium would face a similar challenge. How do they differentiate between a rogue board that pretends to be palladium compliant and a real one? Especially in a world with flashable BIOS?

          What's to stop people from buying boards that will be palladium switchable? If you want to run Windows, you can set the BIOS one way, if you want to run Linux, you can set the BIOS to disregard it?


          Technologically, there's no way to enforce it (and they know this). It would all depend on how many people Big Hollywood wanted to see arrested as to how many people would try to get around their DRM stuff. Throw enough people in jail for "hacking" and "pirating", and everyone else will be too scared to try to fight.
      • by t ( 8386 )
        Even if a law requires it, it can still fail spectacularly. Imagine that the law passes and they say that on Jan 1, 2003, all computers sold must be compliant. There'll be huge rush on the grandfathered computers. I find my 900MHz Athlon from years ago still more than capable for everything I do. What will happen is after Jan 1, 2003, sales will plummet. Intel/Asus/etc... will start bleeding money like never before. Sales will be completely stagnant. Can the populace wait 1 measly year before buying a new computer? Easily. Can Intel et al survive a black year? Hell no. The laws will get negated faster than a virus appearing in your email.

        t.

    • by jjn1056 ( 85209 ) <jjn1056 AT yahoo DOT com> on Friday July 19, 2002 @03:24PM (#3918936) Homepage Journal
      I just attended a private focus group on this subject. All the attendees were Director level IT folk who are constantly hassled by security problems. Some of them came from a management background and some from a technical background. Almost all of them thought this would be a good idea. In fact they thought it was such a good idea that they would be willing to pay $25 to $400 more per server or desktop just for the chance to have this technology.

      I think this shows just how far along this idea has gone. None of these people in the room cared a wit about privacy, open source, the ability to compile your own apps, etc. because the vast majority of people don't do even know what they could be missing. All they care about is a golden pill to solve all there security problems.

      So we shouldn't all be thinking that somehow this idea will be MS shooting themselves in the foot. That won't happen unless we get the word out.
      • You said, "I think this shows just how far along this idea has gone. None of these people in the room cared a wit about privacy, open source, the ability to compile your own apps, etc. because the vast majority of people don't do even know what they could be missing. All they care about is a golden pill to solve all there security problems."

        Let me start out by saying that I agree with this statement. My basis is the fact that I actively do security administration and teach security classes so I've seen my share of people that are involved in corporate/IT security.

        The sad part about this is we got into a situation by people looking for the "golden pill" that will solve all of their problems. I guess its not so much a golden pill to solve security problems, but more that people just don't want to care about it. They think if they sit in the closet with their eyes closed no one will be able to see them. We've recently been finding out (over the past couple of years) that all of those people were drastically wrong. Now that we've realized that the suites realized this, they've now decided to do something about that magic subject of "security". However instead of hiring someone who knows what they're doing, they find people who look at Microsoft saying things like "I know we messed up, but we've spent 100M USD to fix it, please trust us -- with no actual proof (can't read the code can you? not like they'd know what they were reading)". Then these suites eat it up like cops with doughnuts and two years later we'll be back into the exact same situation.

        The only golden pill for security is knowledge. I tell all of my students that, and I wish that the word would be passed along. I'm not saying that MS is shooting themself in the foot doing this because no one can read the future, we can only speculate. However I think that companies that blindly follow this scheme will be shooting themselves in the foot.
  • Ah, DRM again [slashdot.org]. I had written a post on that subject here [slashdot.org], taking a Devil's Advocate point of view. Others might find the subsequent dialog interesting. The original article didn't make the front page, and so, responses, were few.

    There may very well be useful "defanged" DRM (see my writings), but it's deployment could likely be far more expensive than the piracy it's intended to prevent.

  • by Carnage4Life ( 106069 ) on Friday July 19, 2002 @01:52PM (#3918368) Homepage Journal
    Geek-level technical details on palladium by a member of the EFF who was at a presentation [loyalty.org] and TCPA and Palladium: Sony Inside [kuro5hin.org] an article on kuro5hin by a former Microserf.

    Hopefully these links will spread far and wide so we can have technical discussions on how and why palladium can or cannot work instead of "Microsoft's E-V-I-L Mark of the Beast" hysteria like I just saw in a highly moderated comment.

    Disclaimer:The opinions expressed in this post are mine and do not reflect the opinions, thoughts, strategies or plans of my employer.
  • While open-source software's reputation for security has taken a hit lately...
    Really? What is Lasser referring to here? Where have I been...
    • He's talking about the apache worm that hit a little while ago. It's the first hole of its kind to hit open source in quite a while, and it's the first really effective worm in a long time too.
  • Turn it off (Score:2, Insightful)

    by jacoberrol ( 561252 )
    Why is Palladium necessarily a threat to Linux? It would be a simple task for hardware manufacturers to include a disable/enable Palladium bit in their devices? In fact, I would be surprised if they didn't do this as it would render their device usable by more customers. Phooey. Paranoid MS bashing.
  • by mickeyreznor ( 320351 ) on Friday July 19, 2002 @01:59PM (#3918417) Homepage Journal
    Getting some binary 'signed' will more than likely cost money. As mentioned in the article, no one will be able to run a binary they compiled themselves on their own machine.

    As a hobby programmer, this will not make me happy. Not only that, what about student projects for college? Do they have to get their programs signed as well? And what if Microsoft (or whoever decides what gets 'signed' refuses to sign your binaries just because they don't like you?

    Microsoft clearly wasn't thinking on the negative impacts of this(but then again, when do they, i guess?)
  • by PineHall ( 206441 ) on Friday July 19, 2002 @02:01PM (#3918441)
    If linux will not run on the new hardware it will be because Intel and AMD will not release the needed information. They are not Microsoft and for the sake of selling more hardware, they will make certain that other OSs can work around the new hardware or have their own certification.
    • First, IANAL

      Another response to the parent indicated that Microsoft may have patent-encumbered the use of the DRM features in the CPU, to the point that only Windows could run on the hardware.

      This is equivalent to them both placing their cojones gently into Bill's outstretched hands, when they (Intel, especially) also know he has a grip of steel. I would certainly hope that they're making sure that either DRM features can be deactivated or can be used by non-Windows OS's.

      It wouldn't surprise me to find Intel opening a back-channel to AMD specifically for the topic of DRM. I wonder if AMD is *stupid* enough to try and orbit Microsoft closer than Intel on this issue. I'm sure Intel is attempting to educate AMD on the long-term dangers of that policy.
  • Microsoft IP (Score:5, Informative)

    by gwernol ( 167574 ) on Friday July 19, 2002 @02:08PM (#3918500)
    One of the ...ahem... interesting things Bill says is: "We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders." (emphasis added)

    Bob Cringley has written a couple [pbs.org] of good [pbs.org] articles on eactly this, the second related directly to Palladium. Check them out.

    Cringley also has an article [pbs.org] on the consequences of Palladium not working.
  • In my mind I see hundreds of SysAdmins at M$ waking up from their afternoon slumber scurrying across their cubholes screaming ....eeeee slashdot....iiiieeeeeee....

    Maybe we should make it a Friday thing, post a note on the main page requesting all anti-M$ geeks to click on a M$ story or another Bill's email at sharp 3:00 Eastern time (which happens to be 12:00 lunch time for Seattle when all the Sysadmins at M$ happen to be beefing up on Tofu).

    3:30 Eastern Time : Long live www.microsoft.com!
  • by ddstreet ( 49825 ) <ddstreet&ieee,org> on Friday July 19, 2002 @02:10PM (#3918513) Homepage
    Quoth Bill Gates:

    Six months ago, I sent a call-to-action to Microsoft's 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.

    Well that's reassuring! I think the general population of California would like for computers to be a bit more reliable that their electric grid!

    And even if you're not in CA, electric power is notoriously unreliable. Brownouts, power outages, power spikes, 120V vs. 220V, etc. Is Bill trying to tell us that Windows will never be reliable at all?

  • by st0rmshad0w ( 412661 ) on Friday July 19, 2002 @02:12PM (#3918522)
    Having seen MacWorld NY and nifty little gizmos like a 20gig iPod that should have media corps coughing up hairballs in a matter of days, what of Palladium and DRM when it comes to Apple?

    Now granted the **AA's would just love to have a very tight DRM system, and Palladium underneath it all would be like a market research holy grail(knowing the marketeers behavior), but thats all at this point a Windows thing.

    Setting aside OSS for the moment, what about the few other players? Apple primarily, but there are a few others. And what if someone wants to truely innovate a new OS?

    This is _way_ too controlling a system. I think the barrier to entry would effectively become a steel bulkhead (for any truely new OS).

    And what exactly is Apple's position on all this? Especially since OS X. And sooner or later there will be a fairly usable Darwin for x86. If the hardware begins to limit the software as is predicted, them perhaps MS should just make its own hardware for its new OS's. Open up its abandon-ware for the rest of us and strike out along the path of Apple.

    Frankly I think all of this is going to fail. And no system will be secure until we can get rid of the users =P
    • And what exactly is Apple's position on all this?

      Apple doesn't like DRM. Their entire digital hub strategy is based on easily being able to manipulate digital content.

      • Exactly. So what happens if a Palladium/DRM(P/DRM) scheme is widely implemented? Will Macs and P/DRM pc's have some issue accessing one anothers content? Gate's has been talking about altering internet protocols, how the hell does he plan to do that? Sounds like bad news if you ask me.
    • ... what of Palladium and DRM when it comes to Apple?
      Obviously "Palladium" per se won't be implemented on MacOS X, and I don't know whether Motorola is participating in the TCPA or if Motorola will even be around for much longer. But -- Try doing a screen capture while playing a DVD in your Mac, right now. You can, but you won't get a frame of the DVD -- it'll be blank. Why do you suppose that is?
  • ...who had Bill Gates mentioned his virus by name
  • Headlines yesterday showed that Microsoft's porifits have grown close to 10% in this weakening PC/IT market. Hmmm...how could that be? The Padisha Emperor himself conducted an investigation and found no wrongdoing on the part of Baron Gates and House Microsoft.

    Much to the delight of House Microsoft's board of directors, the Baron unleashed Steve "The Beast" Ballmer [ridiculopathy.com] to extract as much as he can from their corporate customers in the form of "upgrade plans" and other rackets.

    Some talk of a vast hidden population of Lemen, yet official sources dismiss the rumors.

  • The rest of the world backs up products they want to inspire trust in with warranties or some guarantee that the product is actually usable for its intended purpose.

    This is something that is notably lacking from MS, their trustworthy intiative seems more about making their EULA more legally binding, without delivering anything to the consumer.
  • While biometric identification through a trusted, controlled and monitored source might satisfy me for everything and using my biometric keys to provide retrieval-only access to my data might satisfy me, there is no way that I would blindly trust the network, never mind the machine for update.

    The consequences are too horrific.

    I've been a victim of identity theft and it cost some one her LIFE, such as it was, because she chose suicide instead of a long jail term.

    This is SERIOUS SHIT. It happens. It happened to some body I knew. But she ripped me off. I turned her in and she funkin' offed her stupid cowardly self. ("People Who Died" by the Jim Carroll Band is running through my head...)

    There is NO FUCKIN' WAY I'd trust my Macs or my Linux PC to reveal information on my behalf.
  • by Oztun ( 111934 ) on Friday July 19, 2002 @02:25PM (#3918604)
    Ok this might be completley ludicrious but here it goes.

    I would like to see Microsoft and Intel team up and go one way, while AMD and everyone else go the other.

    Then Microsoft can lock down everyones PC like apple and do whatever they want to. The rest of us will then be able to enjoy our open systems.

    Crazy idea? You decide.
  • We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information ...
    ... like this message you've just sent, Bill?-)
  • I'm done. I've had it. I've used Windows for years, and managed to do what I need w/o massive invasions of privacy. Straw to camel's back: You are broken. This box (Win2K) is going to serve me for as long as I need it. My second machine is getting Gentoo installed right now. I'll have some of my Linux pals help me get it set up and set up right. And help me figure out what I'm actually doing (in part). I've done enough to get around Linux, but I want to know more.

    Hopefully, within a year (minding, I like my gaming!) I'll be able to toss Windows and break myself of the habit completely before Palladium comes out and destroys home computing.
  • Open? (Score:4, Insightful)

    by krmt ( 91422 ) <therefrmhereNO@SPAMyahoo.com> on Friday July 19, 2002 @02:35PM (#3918674) Homepage
    I think one of the interesting things about the rise of Microsoft and the IBM clone PC in general is that it proved that an open, extensible system is going to win out. It doesn't matter how good your closed system is, it just won't win out (witness: Mac vs DOS).

    And here we are, it's 2002, and Microsoft, the company that most benefited from having the PC architecture open, is now seeking to close it. For "security". As more restrictions are added, fewer interesting things will happen on the system, and people will start to look elsewhere to get what they want and need.

    It's sad that Microsoft has forgotten what got them where they are in the first place. Look for Apple to do even better once Palladium hits.
  • Bill Gates(tm) (Score:4, Insightful)

    by smoondog ( 85133 ) on Friday July 19, 2002 @02:36PM (#3918684)
    I am confident we can and will create a truly Trustworthy Computing environment.

    Anyone else notice Bills interesting capitalization at the end of the letter? Perhaps we can expect another generic trademark soon?

    So, I guess it has finally happened. People don't use the word trustworthy to describe M$, so M$ just created a way for trustworthy to be used with all M$ activities! I guess that is more profitable than actually becoming trustworthy.

    -Sean

  • I'm not an expert security programmer, but I think I have an ideo on how to handle the data overflow bug in Apache and other systems.

    Limit the amount of data that can be inputted from any particular source, depending on how fast the system can handle the requests. Has your system ever slowed down so much that you type something and it appears...five seconds later? Same idea. Why should the system allow gigabytes of data to be inputted when the given system can only handle -- say -- 100 MB at a time? It shouldn't. This is exactly what causes the problem -- the system gets information/data at a rate faster than it can handle it. So basically, my idea amounts to this: don't bite off more than you can chew.

    A similar concept might work well to protect against password-cracker programs. Why allow user/password entries as fast as the sytem can handle it? Why not set a limit so that the program only accepts one attempt every 10 seconds, and then after 3 such times closes?

    Another suggestion, on Palladium and like technologies/ideas. Basically, the criticism is that it will kill OSS / FS, either because they won't get the seal of approval from MS or because even if they do, or that will be impossible (how do you give such to source code), or that even if its given it will be broken if the user excercises his OSS / FS rights and changes the code. The solution to this problem is for whoever to create a digital approval system such that the user decides which things he approves of. For every chip sold, they will have the "universal" approval stamp on them, and one which is specific to that user: namely, that means that every piece of hardware made would have one common approval stamp (which would be delegated out by some organization) and one private unique one, which the user would control and give the "stamp" to the programs of his choice. Comments?
    • A similar concept might work well to protect against password-cracker programs. Why allow user/password entries as fast as the sytem can handle it? Why not set a limit so that the program only accepts one attempt every 10 seconds, and then after 3 such times closes?

      IIRC, Solaris has such a feature - you can configure the delay between password entry attempts - and pretty much EVERY OS I know of has a "lockout after x number of failed attempts" feature - going back to Banyan - probably further.
      • So the question is, why doesn't Linux & Apache have such features for passwords, and for data-input? Also, why not have a feature which only allows passwords to be entered as input from the keyboard, and not some program?
  • by EXTomar ( 78739 ) on Friday July 19, 2002 @02:45PM (#3918746)
    Palladium is yet another example of Microsoft's flawed software strategy. MS constantly thinks: If there is something wrong, make new products to fix it. Doesn't anyone else think that this is flawed??? Oh yeah...you can't sell stuff like that as much as new "I have better features than my previous version" software.

    Palladium is a bandage over the broken user/networking model and the interfaces to them. Instead of stepping back and considering the reasons why most users and processes MUST run as Administrator(locally and network wise), Microsoft wants to promise that yet more software that will sort out the issue for you without thinking. Installing software on a Win2K system can be a bear if permissions have to be setup a certain way. How hard is it going to be to install software on a Palladium system?? Don't think the new Word for Palladium. Think about the legacy software you are still required to use. That should send shivers down any IT Staff's collective spines.

    And, at the worst, Palladium fails to fix a giant class of problems. IIS will no doubt in MS's mind be a trusted program to run. However monkeying with "default.ida" isn't something it should be doing. Palladium can protected from "mystery.exe" which is unsigned from running but seems to make no provision for trusted binaries suddenly behaving badly. Default settings, denial of serivce, etc. have nothing to do with signed code.

    Beyond this a computer is supposed to get out of the way and let you do your tasks. A "well oiled" Linux machine can do this for tasks. Mac users rave about how its OS goes way into the background when a task is executed. MS through Palladium seeks to get more in the way to protect us from ourselves. Why does Joe Sixpack want a computer that is even more "in your face" than it is now?

    As for the future of Linux with Palladium looming on the horizon. I'm not worried. In fact I forsee a great boon in virtual execution environments on Linux and BSD where you can choose to ignore Palladium rules if you the user choose to do so.
  • Lasser's Comments (Score:3, Interesting)

    by EdMcMan ( 70171 ) <moo.slashdot2.z.edmcman@xoxy.net> on Friday July 19, 2002 @02:49PM (#3918766) Homepage Journal
    I'm afraid I disagree with Lasser. First of all, Microsoft has not yet said what type of code will be 'signed'. One can assume it would be applications. Let's say I do a buffer overflow on IIS, and use shell code. The shell code is not a new program, and runs 'inside' the other program. These are instructions, not a program, and really can't be signed or protected against.

    Microsoft is truly foolish if they expect to have people switch to Palladium. The majority of their customers were pissed with XP, just having to call Microsoft if they updated their hardware. Now, they expect people to buy new hardware so they can be told what they can't run? Personally, I think Palladium might end up being a new NT, but I seriously doubt it will ever be like Microsoft claims it will.

  • A question (Score:3, Interesting)

    by cascino ( 454769 ) on Friday July 19, 2002 @03:01PM (#3918830) Homepage
    I've always wondered what will happen to companies that write commercial compilers and/or tutorials for writing programming code (whether it be C++, C, Basic, whatever) if Palladium becomes the standard.
    Will the computer enthusiast be able to write (and thus learn) new programming languages? I find it hard to believe that a compiler could digitally sign all code, and thus it would be impossible for the average Joe to write a "Hello World."
    I remember writing my first program (a blackjack game, I believe) in 4th grade in Visual Basic. Isn't that how most (if not all) computer professionals got in the business? Will self-discovery and self-learning be possible anymore?
  • by Ender Ryan ( 79406 ) on Friday July 19, 2002 @03:29PM (#3918956) Journal
    Ok, so what about servers? Will their server OSes only run signed code? I'm sure a lot of people won't be too happy if that's the case!

    What about internal business software? Will all businesses have to get their own internal software signed by Microsoft for use on their own machines?

    What about hobbiest programmers? I don't know about you, but I got into programming at home messing around with compilers and such... Ummm... Are they trying to extend their monopoly to... programming in general?

    I think it's possible that Palladium could end up being either the demise of general computing, or the demise of Microsoft's monopoly, as other competitors such as Apple, Linux, *BSD, etc, step up and offer people their COMPUTERS back to them.

    I'm not going to worry. If it comes to it, I'll run Linux on PPC hardware or something. If that gets DRM infected as well, I'm sure there will be other choices, possibly from the other side of the pond. And if it's worse, I'm quitting this industry and going into construction or something. Or maybe politics, it'll get easier and easier to run on a platform of offering people their freedom back!

  • by Shirloki ( 563610 ) on Friday July 19, 2002 @04:33PM (#3919332)
    Six months ago, I sent a call-to-action to Microsoft's 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.

    I live in California, need I say more? Not to mention the price of electricity here...
  • by catfood ( 40112 ) on Friday July 19, 2002 @06:09PM (#3919861) Homepage

    Can anyone explain how having (for example) IIS signed by Microsoft is going to make it any more secure? It's not as though there's some "untrusted" version of IIS going around that the Palladium system will be able to detect and disable, is it?

    All signing can do is reassure you that you are indeed running the same binary that Microsoft (or whoever) is offering. It certainly doesn't prove that the binary is competently designed, well tested, or secure against crack attempts.

    Palladium is a terrific solution for a nonexistent problem.

What this country needs is a good five dollar plasma weapon.

Working...