Palladium Changes Name 350
thelinuxking writes "According to this CNET article, Microsoft has changed the code name of its highly controversial 'trusted' computing platform from 'Palladium' to 'next-generation secure computing base.' Microsoft claims that the name is being changed to reflect the fact that Microsoft is 'embracing this technology in terms of folding it into Windows for the next decade.' Also, an unnamed small firm has claims to the trademark of 'Palladium'. Microsoft denies that they changed the name due to the criticism 'Palladium' has recieved, and released the source code to the core part of the software to show that the software is secure and does what they claim." Notice the PR diversionary tactic: it's being criticized because it does what they claim, not because it doesn't. :)
Hello? (Score:4, Funny)
Re:Hello? (Score:4, Insightful)
Maybe this $300 billion company figured they could strong-arm the trademark owner out of the name like they strong-arm everyone else in the industry?
Re:Hello? (Score:3, Insightful)
Or maybe the other company figured they could make some easy money in an out-of-court-settlement by preemptively filing a trademark on a name they knew Microsoft was using but hadn't trademarked yet. It could happen. [geek.com]
Won't they feel silly when they discover that "Palladium" was just a code name, and MS never had any intention of trademarking it as a brand name anyway!
Re:Hello? (Score:5, Interesting)
On the other hand, given that Exchange 2003 is code-named Titanium, I'd wager that someone's been looking at the periodic table.
I doubt Palladium was ever going to be used as a release name, something boring like MS MyVault...
Re:Hello? (Score:3, Insightful)
Because in the past they've just muscled any trademarks they wanted from their respective owners.
Ask the the people from SyNet, which was run out of business from fighting a trademark dispute with MS over their trademark on "Internet Explorer" in the mid 90s.
Re:Hello? (Score:5, Informative)
It was a code name, they were not using it in trade.
An international trademark search costs millions so companies use code names while they do trademark searches.
Palladium was simply one of a list of metals that they had used for secure O/S projects.
Microsoft was never going to market under the name Palladium any more than it would use Yukon or Longhorn.
Re:Hello? (Score:2, Funny)
Palladium was simply one of a list of metals that they had used for secure O/S projects.
What ? Palladium for Open Source Projects ? MS should get *real metal* swords to fight open source... palladium's too light
Wow Wow.. wait... lemme explain.. tht was... just... a.. joke...ZOOOOM.... [ducks and runs away]
Re:Hello? (Score:3, Interesting)
If you want to exclude all posibility of collision you do. Trademarks are complex, you can have different companies using the same trademark on different categories of product.
Microsoft probably did do a cheapie thousand dollar job, I would not expect that type of search to preclude any possibility of a claim.
I doubt the case gets too far however since Microsoft never sold anything under the Palladium brand. Attempting to trademark an element name is difficult in any case. Kind of like trying to enforce a trademark on windows...
Re:What is the Maisy? (Score:2)
I mean, next-generation secure computing base, doesn't the new name just roll of you're tong like butter?
They can change the name all they want (Score:4, Funny)
I wonder if it was these guys... (Score:3, Funny)
Re:I wonder if it was these guys... (Score:2)
Oh, er, there I go cross referencing fantasy and reality again. I am not an NGR Borg... I am NOT an NGR Borg...
Palladium (Score:4, Funny)
Joe Sixpack - "Muuur, pall-ad-ium? What's that?"
Joe Fourpack - "I think it's food. I eat it."
Bill Gates - "No! That's an xbox 2, with trust built in so you can't watch VCDs, DivX, or listen to mp3s on it!"
Joe Fourpack - "Tastes like chicken."
-Mark
Actually the opposite... (Score:3, Interesting)
In other news, does anyone else think it interesting that they are releasing the source code to part of Palladium? Cnet was a little thin on details about that though.
Re:Palladium (Score:2, Funny)
Good news! (Score:3, Funny)
The name is a bit long? (Score:5, Funny)
Try saying that fast ten times in a row?
zRe:The name is a bit long? (Score:3, Funny)
It does seem a bit of an odd name... Let's rename
Re:The name is a bit long? (Score:4, Funny)
Re:The name is a bit long? (Score:2)
Re:The name is a bit long? (Score:2)
Re:The name is a bit long? (Score:5, Funny)
Re:The name is a bit long? (Score:2)
Re:The name is a bit long? (Score:5, Insightful)
It worked for Prince [amazon.com].
Re:The name is a bit long? (Score:5, Funny)
That's probably deliberate (Score:5, Interesting)
"next-generation secure computing base = bad" is a more complex a message that does not make a neat soundbite
Re:That's probably deliberate (Score:3, Insightful)
Don't mistake me for a Microsoft hater - I'm sure there are many worthy concepts and ideas in Palladium (for lack of a better title), and I can't really have many complaints about some of their applications, but due to previous experience and bad business practices, they have got themselves a bad reputation among many /,ers and techies.
Tim
And it's about as catchy and... (Score:2)
Bleagh.
.Net, Palladium (Score:5, Funny)
Now Microsoft will change Windows XP to Windows NGICI (Next Generation Insecure Computing Interface) thats pronouced ni-ji-se
Re:.Net, Palladium (Score:2)
So that's what this MSSQL worm is all about.
Microsoft "embraces" another technology.... (Score:3, Insightful)
Why does my stomach get a queezy feeling when I read this??
Hey, I got karma to burn...
Because.... (Score:4, Funny)
I mean, who wouldn't want a computer that has all its data secure, is immune to hackers, and runs only Microsoft products?
Re:Because.... (Score:3, Interesting)
I know why... (Score:2, Funny)
In Other News (Score:5, Funny)
(inspired by Harland Williams)
Make your time (Score:5, Funny)
Re:Make your time (Score:3, Funny)
since no one bought what they said with Palladium (Score:5, Funny)
Re:since no one bought what they said with Palladi (Score:2)
Or as we like to put it... (Score:3, Insightful)
Wonder how much they were asking for... (Score:2)
If it were mine, I think I'd be looking for a cool $1Bn...
Great... (Score:5, Funny)
Re:Great... (Score:2, Interesting)
good (Score:5, Funny)
How to lampoon an uncatchy name? (Score:5, Interesting)
But this new name just doesn't have the same ring to it. How do you make up a catchy slogan -- any slogan -- containing the inconceivably awkward phrase "next-generation secure computing base"?!
The resistance needs catchy terminology, even if the Evil Empire doesn't.
I suggest, as a start, that "next-generation" is superfluous: Perhaps even the word "base" is as well, as long as the "Microsoft" is still in there: This presents the problem, however, that people may confuse the already-meaningful phrase "secure computing" with digital rights mangling.
One safe route, perhaps, is to insist on calling it "DRM", even as that phrase takes on an increasingly negative connotation and Microsoft attempts to disown it.
All your nextgen secure computing base belong 2us? (Score:3, Insightful)
This is absolutely the point. As anyone who follows the abortion issue knows (ex-- is it "Pro-Life" or "Anti-Choice?"), much of controlling a public debate is about winning the "terminology" war. How better to obfuscate a debate by blurring the way the topic is labeled and discussed? Is anyone in the general public really going to read an article which refers to Microsoft's dull-sounding "next-generation secure computing base"? Who wants to be "anti-security" anyway?
Notice that "NGSCB" is unpronouncable and hard to wrap your head around. Where as people can rally around a fight against something called "Palladium" there is no easy "brain-handle" in NGSCB to grab onto. They've chosen a bland nothing-name.
The Federal government had a similar problem with "Carnivore" which just sounds ominous. So what did they do? They changed the name [metrostate.com] to something bland-- DCS1000...something that sounds boring and innocuous, like the model of a breadmaker.
I'm sure the Department of Justice's Total Information Awareness [epic.org] will be renamed shortly to some anagram with no vowels like the "next-generation secure nation base 2003LJFBF". When you see they've changed the name, remember you saw it here first.
Incidentally, Time has a good article [time.com] about how the White House is trying the same kind of thing by reterming thinning of trees as "management-caused changes in vegetation". While they can't do an all-out assault on the environment...
"They are rejecting the full-frontal-assault approach that gets a lot of media attention in favor of death by a thousand strokes of the pen," contends Stoermer. The Republicans are also learning how to spin environmental issues in their direction. In a confidential document distributed to G.O.P. Governors and members of Congress just before last November's elections, Republican pollster Frank Luntz advised party members to refer to themselves as "conservationists." The document said, "The first (and most important) step to neutralizing the [Republican environmental] problem and eventually bringing people around to your point of view on environmental issues is to convince them of your 'sincerity' and 'concern.'"
It's all about baby-steps and controlling the debate through language. As far as I'm concerned, whatever Microsoft now calls PALLADIUM, we and the press should not let them get away with it.
W
where's the source? (Score:5, Interesting)
Released the source to who? I don't remember seeing this anywhere and a little googling comes up with nothing. Seems like you would want to post it to slashdot since open source users are the ones most concerned about the ramifications of pallad... Err next generation secure computing base.
Before we have any Knee Jerk reactions... (Score:3, Insightful)
Re:Before we have any Knee Jerk reactions... (Score:5, Interesting)
Nice one! (Score:3, Funny)
NO! (Score:3, Interesting)
Why is it so hard to understand that what is wrong with private keys is that I don't have complete control over them? If it's my private key, it's mine, not something hardware generated that I can't keep or delete or copy at my whim. When it goes out of my control, it's somebody else's, not mine, and I don't want it!
Re:Before we have any Knee Jerk reactions... (Score:5, Interesting)
The pics on the site particularly shows a document being access and permission from an agent is needed to view it. Now what is the diffinition of DRM ?
Could TCPA be used for drm? The answer is yes and no but that is what its not designed. There are no apps I am aware of that use it. Its just a soldiered on encryption chip. Its also an industry standard and highly documented.
Could palladium be used for drm? The answer is a certain yes. How do I know? Look at Bill Gates comments, the discussion of the next generations of Windows, and the link I gave above. Palladium was designed as a proprietary drm solution from the ground up to turn a pc into a cable box to applease hollywood and cut down on piracy. You have the next generation of Windows that has everything to the filesystem encrypted and even all the peripherals are encrypted. Everything is setup as a trust relationship? You have to ask yourself why is a whole trust relationship needed for simple encryption?
TCPA is an open standard while palladium is secret and in combo with the DMCA illegal for anyone but Microsoft to use! In palladium every component has an encryption chip and the nexus chip on the motherboard only views the keys from the application agents and other the peripherals. Bill Gates called these agents using the nexus chips "bouncers" back in 2000 when discussing some of microsofts research with secure computing. Bouncers?? He also mentioned during the 1990's that he wanted china to becomed hooked on Microsoft products so during the next decade he could find a way to "make them pay".
So lets summarize here:
1.)Instead of a master encryption chip, the master in palladium (nexus)deals with trust relationships between all the different keys in the peripherals. To make sure nothing is tampered with. It also only partially decrypts the data. All the other peripherals like the hard drive and video decrypt the rest. Yes even the video card is encrypted to prevent you from recording movies!
2.)Bill Gates calls the software agents that communicate with the nexus "bouncers".
3.) Microsofts own pics show documents being "trusted" to view on a pc.
4.)Micosoft mentioned that NTFS will go away and be replaced with an encrypted filesystem so palladium can take advantage of it. Yes palladium ready hard drives are already on the market! My guess is even the hard drive will be palladium ready to make sure the user can't read it.
Folks if this is not drm then I do not know what is. Hell, coding for your digital cable box might be easier then coding for your palladium machine. That is unless you use Microsoft tools only. This does assume that it can not be turned off. TCPA can but since palladium is only vaporware right now I can not say.
Please TCPA please take over before palladium. Macs are expensive and I do not want to switch. However if Windows only works with palladium then I guess its time to start the voodoo Steve Jobs worship. If you read my other comments you will notice I am pro TCPA. I just do not trust Microsoft. Microsoft wants apple out of the multimedia market for years and directX really did hurt them but they are still there. Infact directx was made according to an insider soley to hurt apple. Hollywood, content makers, and the porn industry, backing palladium might just kill it out of its core market and seal its fate.
The big consorturium of TCPA likes Linux and has no intention to find anyway possible to kill competition. I am sure they will be more lenient in regards to signers and gatekeepers.
Pallas Athena should sue them... (Score:2, Funny)
Where are you taking this from? (Score:2)
it's being criticized because it *does* what they claim...
So what is it that Palladium does that TCP doesn't do that's so bad for you? I've heard of Palladium doing curtain memory (which at least seems like a Good Thing(tm), but definitely is not a Bad Thing (tm) -- in the worst case a Useless Thing(tm) ), I have also heard that Palladium is *not* DRM.
So what's it to you? why are you complaining? Enlighten me, oh gods of OSS.
This is just like the Hollings bill. (Score:2, Insightful)
You can easily find stuff about Palladium [google.com]. But searching for next-generation secure computing base [google.com] turned up a lot of people using these keywords, and with quotes as of yet has turned up nothing [google.com].
future is good (Score:4, Insightful)
However Linux doesn't seem to require an integrated hardware/software Palladium or similar technology. MS is trying to stay in the $. I'm sure over the next Decade Linux can get an interface as integrated and user-friendly as Windows and Macs (look at OsX on FreeBSD). Then what will you choose as a computing platform? .. An integrated Windows/hardware/software secure system that you pay through the teeth for, or a less restrictive but equally friendly, cost-effect Linux desktop system? ... especially if you are deploying hundreds or thousands in a corporation. The future can be bright. MS might just force themselves into harder competition by this secure computing strategy. Here's hoping, because it's always nice to have more than one on the playing field.
Re:future is good (Score:3, Interesting)
Also corporate customers love Palladium because they can timebomb all their documents and secure important data and bring down support costs but eliminating virii. Enron for example would love something like this.
Macs( only linux platform left) will be avoided since they can no longer read email or word docs, or produce "protected" images for the companies "protected" websites.
This will also squeeze unix out of the server room since everything will be an encrypted
Remember that it was the corporate world that wanted a one standard monopoly. They chose Microsoft. In 10 years the doj will be all over Microsofts throat for allowing this to happen. They and the judge f*cked up bigtime and we will see the result of the ruling with this.
The name has been changed because it was too sexy (Score:3, Funny)
perhaps even to think about...
believe me, this is the most 'clever' idea from microsoft since June. by the way, this technique is getting pretty common in the area. There were already the dmca, tcpa, sssca, cbtdpa....
I urge people here to find it a catchy nickname before it is too late (it will be to late when the hype about palladium will be over, which means soon). "Big Brother" is maybe not original enough... and also not enough specific (there are other related issues in america, like the tia and the tips).
Re:The name has been changed because it was too se (Score:4, Funny)
In a similar vein, Intel's hardware implementation could be called "Big Brother Inside" or "Gestapo Inside" or somesuch.
Re:The name has been changed because it was too se (Score:2, Insightful)
How about Palladium? Many people already know what it means, and it's (somewhat) memorable.
Just because Microsoft declares the name to have been changed, doesn't mean anyone needs to listen.
Same roach, different rock (Score:2)
The fact that it was something that got a lot of attention and gave rise to a lot of misunderstanding
Yes, to be sure, people do not understand why Microsoft is telling them it's supposed to make their Windows security less buggy, when it's obviously much better suited to restricting what you can do with your own computer.
ah, microsoft... (Score:3, Funny)
(If you're tempted to mod this "redundant", think about giving me some mercy points for using a nickel word like "obfuscation.")
Secure Computing Base: The Next Generation (Score:5, Funny)
The Next Generation
Cyberspace- the final frontier.
These are the voyages of the monopoly: Microsoft.
Its continuing mission- to seek out new life and new civilizations...
graspee
Is Palladium REALLY optional? (Score:5, Interesting)
Here's how I understand Palladium. It is implemented beginning at the hardware level. The hardware refuses to execute a boot sector that has not been digitally signed. Therefore, only "trusted" boot loaders will work.
From here, the trust is handed to the software, and the trust keeps expanding as more software is loaded. Some future version of Windows, let's call it Windows Secure User eXtensions, or for short, just Windows SUX, would be designed to cooperate with this trust model. The boot sector for WinSUX would be digally signed. So the hardware would load and execute the boot sector.
The boot sector loads an OS kernel from disk, the WinSUX kernel. Now the boot sector will not execute the kernel unless it is digally signed. So once the boot sector checks the signature, it passes control to the loaded kernel. The trust keeps expanding. Once the kernel is in control it can run only digitally signed device drivers, thus ensuring security of the hardware, and that only trusted hardware is used. WinSUX can also only run trusted applications, such as Windows Media Player, thus ensuring DRM. Untrusted applications could be run within a sandbox by WinSUX - with certain API's and raw access to the hardware being off limits. Thus only trusted DVD players, media players, etc. will run. There will be no CD audio rippers, because they, being unsigned and untrusted, won't have access to rip the raw bits from an audio CD.
Just as WinXP requires registration to use, WinSUX can do likewise. But with WinXP there are already numerous hacks to defeat the registration mechanism in WinXP. Not so with WinSUX. If you tamper with the code, you invalidate the digital signature, and the boot loader won't run the OS. Or if you didn't tamper with the kernel, then whatever trusted DLL or application you had to tamper with won't get run by the kernel because it's digital signature will now be invalid.
Being able to trust that WinSUX is trusted also allows Microsoft to ensure things that they cannot ensure today. They really could make WinSUX expire after two years and refuse to run. You could not patch WinSUX in order to continue running the OS you paid for.
So it seems like WinSUX does give security to Microsoft and to Hollywood, but not to the user. There still could be remote root exploits in WinSUX, thus allowing hackers to compromise running systems, steal credit card numbers, deface web pages, plant remote monitoring software, launch remote attacks, etc.
So far my analysis has not mentioned open source. Some would say, "If you don't like Palladium, then don't run WinSUX." But this ignores the fact that Palladium begins at the hardware. In order to run any bootloader, it must be signed.
There is no way that Microsoft is going to sign a bootloader like, say, LILO, the boot loader for Linux, unless it is trusted. Now LILO is open source, and Microsoft could say they will sign a "trusted" version of LILO. That is, if LILO is patched so that it will only execute a digally signed Kernel. So, LILO is patched, it is open source, Microsoft inspects the source, compiles it, and signs it. Now you can use the LILO boot loader and only execute signed Kernels. But all we've done is move the problem. Now I can only run signed Kernels. Maybe major distribution kernels such as SuSE, Red Hat, etc could have signed kernels. But what about Joe User who wants to compile his own kernel? What about developers who compile thirty kernels a day?
Of course, I'm sure Microsoft will find ways to make their own internal kernel developers lives easier. In fact, this becomes one way in which Microsoft can make external OS developers lives more difficult, and give their own developers an advantage.
The fact remains that the only way you're going to get a Kernel signed is if it is trusted. This means inspecting the source to make sure it doesn't have any naughty bits, and promises not to ever execute any other naughty bits. Signing kernels also becomes a new revenue stream for Microsoft.
But some would say: "But Palladium is optional, if you don't like it, just don't use it." Do you really expect me to believe that it will be optional? If it is optional, then all of its benefits completely disappear.
If Palladium were optional, then the following scenario would be possible. Put LILO into boot sector of hard drive. Boot up a specially crafted loader which loads the WinSUX kernel, patches it to bypass its security, and then start execution of the compromised WinSUX operating system. Once a compromised WinSUX can be executed, then all security bets are off. I could compromise its ability to run only signed device drivers. I could compromise its ability NOT to run an MP3 ripper. Compromise its registration mechanism, thus allowing pirated copies of WinSUX. Compromise its ability to quit running when it has reached the expiration date. It would even be possible to compromise WinSUX to allow the reading of material which Microsoft might consider "subversive", such as what you are reading right now.
Does anyone really believe Microsoft would go to so much trouble to ensure security only to turn around and make it optional? Optional means that the entire security of WinSUX and other future versions of Windows could be defeated. (Of course this is true on any non-Palladium hardware, such as a hardware emulation like Virtual PC.)
Let's continue with the analysis of getting open source programs to be "trusted". Maybe Microsoft runs a service where they will inspect another OS kernel to make sure it is trusted, and then they will sign it, so that the trusted LILO will run it. A trusted Linux kernel would have to be trusted not to execute any naughty code. Linux is trusted as long as it does two things: (1) only executes signed LKM's (Linux Kernel Modules), and (2) keeps certain API's off limits to untrusted user space programs. (You'll note that this is just how I previously described WinSUX.)
A Visual Basic programmer could write his own toy programs. But he could never write code that did anything naughty, such as play DVD's. Or he could do so only through secure COM components. System level programming would now become something that only a special "guild" could do. Ditto for device drivers.
Would Microsoft relax these restrictions? If I could run arbitrary LKM's, then all bets are off. I just write a Linux Kernel Module that holds interrupts, wipes memory clean, loads WinSUX, patches it, and then starts the compromised WinSUX running on the hardware. The LILO-Linux-LKM just becomes a means to an end of running compromised patched WinSUX code.
So in short, Palladium cannot be optional. If it were optional, then why bother at all? It guarantees nothing to the user. It only makes guarantees to Microsoft and to Hollywood. By making it optional, then these guarantees disappear.
If Palladium is not optional, then who holds the keys to sign programs? If just anyone can get any arbitrary program signed to run on the hardware, then the entire point of Palladium disappears. (I just need to get a special loader-patcher signed to compromise WinSUX. Or get some other program signed that will run my loader-patcher on the raw hardware.) If only trusted Open Source operating systems can run, then this effectively destroys open source. But Microsoft gets to play the PR game of saying that Open Source is welcome to participate in Palladium.
How can they pull this off? Just require all hardware to implement Palladium in order for it to run WinSUX. Most users will happily buy a computer with WinSUX preloaded. So the public will not understand that by allowing Palladium hardware to become widespread that they have just cemented Microsoft's control over what software that you can run on your computer.
Re:Is Palladium REALLY optional? (Score:3, Insightful)
I don't think this is fully correct. I believe it will boot unsigned code, but this fact will be noted by the hardware, and when you try to run your favorite copy-protected game it will query the hardware and find this out - and not run (chances are the code will be encrypted using a key embedded in the hardware, so you won't be able to get it to run by patching it either - it will only be decrypted if the hardware trusts the OS you're running - and such an OS would probably block your debugger from intercepting the key).
Anyone who wants to run linux probably won't have trouble using a palladium-equiped machine. However, they won't be able to view some content online, or use software designed with next-gen copy protection. To somebody who is into pure open-source, this is a non-issue - they don't run proprietary software anyway. To somebody who wants the best of open source and proprietary software, it will be a problem. (Ie - forget running lindows - it may run some software, but it probably won't run anything copy-protected.)
If you're content to run linux and openoffice and zangband, then I wouldn't worry too much about the various trusted platforms they're talking about. But if you want to run the latest propreitary video game, you'll be stuck running windows, or perhaps a particular signed distribution of linux (where you could probably compile all the user-space programs you want, but you couldn't touch anything that runs in kernel-space).
Re:Is Palladium REALLY optional? (Score:2, Interesting)
But it is optional. Just disable the security (hardware manufacturers have promised that you CAN disable it), and then run an unsigned kernel. You won't be able to run a secure OS, secure apps, or secure media, but you can run anything you want.
Which is why OSS isn't going to be affected at all by this, but piracy will, so this is a Good Thing for those of us who sell software or content for a living.
Re:Is Palladium REALLY optional? (Score:2)
Or sign your own kernel when you install it. This already works, rampant paranoia aside. The Linux drivers are already available [ibm.com] from IBM.
Re:Is Palladium REALLY optional? (Score:3, Insightful)
Re:Is Palladium REALLY optional? (Score:5, Informative)
TCPA is not Palladium. Here's [ibm.com] a link to some whitepapers on TCPA (posted to
Here's how I understand Palladium. It is implemented beginning at the hardware level. The hardware refuses to execute a boot sector that has not been digitally signed. Therefore, only "trusted" boot loaders will work.
TCPA is more like pgp than like ssl, i.e. there are no "root certificates". The chip contains a key, and can store signatures. So, when you install a system, you sign it, and install the signature in the chip. The boot loader only has to be trusted by you.
Palladium is irrelevent because it's not going to be part of Linux (or BSD). If you install MS's OS and give them your trust, you have no one but yourself to blame.
There is no way that Microsoft is going to sign a bootloader like, say, LILO
Signatures from MS are irrelevent. What matters is that the signature stored on the chip matches the boot sector. MS doesn't have to sign it; you do. Of course, this might prevent you from dual-booting Linux and MS, since MS might make their system refuse to install unless you put their signature into the chip, but I have an easy solution to that. I just install Linux, and don't run anything from MS.
Re:Is Palladium REALLY optional? (Score:3, Interesting)
Not quite, you should have read the documents you linked to more carefully. What TCPA does is that it hashes the boot sector, and stores that hash. It can then provide that hash, signed if need be, later. And that the TCPA chip only contains the keys you generate is in fact not true: it contains a pair of hardwired keys called the "endorsement" keys that are set by the vendor. What the DRM applications will require is the boot sector hash of "trusted" operating system, signed by an "endorsement key" from a vendor that it trusts. It can then be sure you are running an OS that will not let you control your machine.
To repeat myself, here is a paste from something I posted yesterday [slashdot.org]:
The trick is that you cannot modify the OS software, because each layer of it that is loaded verifies the next, down to the boot loader, which the TCPA chip takes the hash of. So a modified OS means a modified boot loader, and the DRM service will ask for the current boot loader hash signed by the TCPA chips "endorsement key" (which is set by the vendor.) If the hash is not one recognized as a "trusted" OS (ie, one on which the user can't have root) then no go. Nor can you open files you downloaded previously, exactly because the TCPA chip won't decrypt stuff if the boot loader hash is different (boot viruses my ass).
Of course, this might prevent you from dual-booting Linux and MS, since MS might make their system refuse to install unless you put their signature into the chip, but I have an easy solution to that. I just install Linux, and don't run anything from MS.
You are right that we will probably be able to simply ignore this by running Linux for the forseeable future - but we will not be able to ignore it if user hostile clients become the norm. I figure we can all live without whatever annoying overpriced services the record companies are thinking up, but what happens when M$ has the bright idea of making a "trusted" version of IE that respects a "do not display source" tag in the HTTP reply? All it would take is the simple addition of a field containing the signed boot loader hash to the HTTP request to prove that the data is going to a "trusted" browser and not "untrusted" mozilla which should be locked out (until it implements the same "feature".)
Yes, it is a good thing that those of us who understand that user hostile applications are pestilence can simply choose to turn them off - but we also need to be vocal in our opposition, because a LOT of people are being LIED TO regarding the purpose and function of these technologies in order to lead them down a path they may not have chosen had they been told the truth.
Re:Is Palladium REALLY optional? (Score:2)
Why not let sourceforge.net become a trusted signer, that can sing kernels, api's and software? You didn't follow the chain in the other direction.
but maybe I simply missed the point.
Re:Is Palladium REALLY optional? (Score:3, Insightful)
Re:Is Palladium REALLY optional? (Score:3, Interesting)
Many people have posted to explain that you are all wrong about this. The bigger question is, where did you get your misinformation? Was it perhaps from the TCPA/Palladium FAQ [cam.ac.uk]? That FAQ is full of misinformation! You can't trust a word in it.
Someone yesterday posted that TCPA had good uses. They were accused of spreading FUD! And yet people post all kinds of totally incorrect information about Palladium and TCPA and nobody objects. People don't seem to mind when they are lied to, as long as the people doing the lying are on the same side. But lies which promote your goals are just as bad as lies which oppose them! In the long run, lying hurts you because eventually the truth will come out.
More and more, people are learning the truth behind Palladium (excuse me, the Windows next generation secure computing platform - boy, that just rolls off the tongue, doesn't it?) and TCPA. It's not great news, but it's not nearly as bad as some of the doomsayers were claiming. Let us rededicate ourselves to dealing with reality, to getting the full facts about these technologies and not believing every net.rumor that someone is mongering.
Re:Is Palladium REALLY optional? (Score:2)
Do you really think the population of Linux using people is enough to warrant different hardware?
Maybe there will be a trusted bootloader that will execute any other untrusted OS, but won't give it any trust.
Why do you think Bill Gates called it "My Computer"?
next-generation secure computing base? (Score:5, Funny)
all hail King IBM, the second . . . (Score:4, Offtopic)
how much vaporware do they have floating around?
doesn't it seem that they have more expertise in changing their product names, than actually making useful software?
is it just me, or has the marketing dept. been on a rampage for three years now?
they have grown to the point where the left hand doesn't want to know what the right is doing (we know /yank what it's doing).
i think its just a matter of time before the m$ bubble bursts at this rate. they are losing sight of reality at a rapid pace these days.
well, at least by the time they release Windows .Net Smart Server Phone 2006 featuring a Hailladium Security chip, the last of the Code Red, Klez and SQL bugs will be worked out. . .
Next Decade (Score:3)
I find it simultaneously amusing and annoying that Microsoft will still be in business for the next decade, thus having that much more time to make our IT lives a living hell with even more codenamed software to trample over privacy rights and innovation in the name of protecting privacy rights and innovation.
Meh. (Score:2)
Microsoft Secure Medium Which Interfaces with Hardware and Makes Sure That Those Warezing Bastards Don't Pilfer MicroSoft Office and Visual Studio Or Else Bill Gates Is Not Going To Be Able To Afford His Borg Implants Anytime Soon And That Will Be a Real Bummer Because We Are Afraid of Those Linux Zealots is the newest attempt at securing the Microsoft Advantage.
After about 10 paragraphs of that, people decide to go, "I can't take it and instead write about LongHorn's database file system.
Good Strategy.
Re:Meh. (Score:2)
yes, lets all write about m$'s quixotic quest to surpass BeOS as the world's finest SQL file system. why, i'll get to the story right after I finish this m$ sql bug launches DDOS attack on the Root servers story.
here's hoping that m$ can duplicate BeOS's success.
Do as the press did unto Prince... (Score:4, Funny)
Doomed (Score:3)
Now if they had changed the name to something like "Athena: super-dimensional fortress of security" then victory in the market would be assured.
Wait a minute ... (Score:3, Insightful)
You know what I think? I think the net has suffered enough DDOS attacks, Worm Spreads, and Virii for the last 10 years because of OS's from MS the this next "Secure" release should be free to anyone who was made unsecure before from MS.
So I want to mail them a copy of Windows 98 and I want this new "Secure" version for free because I already paid for an operating system which was supposed to be more "stable and secure" and now what? This should be free to everyone who had to suffer data loss from the fault of MS.
Or I guess I could get an upgrade to a secure OS for free ... www.openbsd.org ...
A suggestion for Bill Gates (Score:2)
If Bill wants a more descriptive name for Palladium, may I suggest calling it:
names (Score:5, Funny)
Rumagent
Good way to hide features (Score:3, Insightful)
1) 'next-generation secure computing base'
2) Palladium
From the article "To address the criticism, the company has decided to release the source code of the core part of the software, known as the nub or nexus, so that others can verify it is secure and is doing only what the company has claimed."
Question: What about
correct me if im wrong here.... (Score:2, Interesting)
NGSCserver: incoming request! are you a NGSC computer?
NGSCcomuter: why, yes. as a matter of fact, i am!
NGSCserver: great! what can i do for you now that i know you are a trusted platform?
NGSCcomputer: i would like to exploit one of your bugs, causing you to blow your brains out and bring you to a screeching halt.
NGSCserver: okay! youre the boss!
Re:correct me if im wrong here.... (Score:3, Interesting)
But it enforces stuff at the hardware level! they will claim. I will make a counter-claim: I believe Windows as it is does not have any bug that will allow a non-Administrator to turn into an Administrator. It could very well be *perfect* and you could publish papers showing how utterly impossible it is for a user program to compromise a machine running Windows. And it really is as impossible to do as if there was hardware enforcing this. However this has absolultely no effect on all the bugs that cause exploits, as those bugs lie in programs running *as* Administrator (or root for Unix).
What it does is enhance *MicroSoft's* "security". It does nothing for bugs except "sign" them and say they are "trusted".
I'm chaning my name... (Score:2)
I'm not fooled by MS's "name change."
PR focussed on real problem from MS perspective (Score:2, Insightful)
It is being criticized by people who care about freedom... but the people who pose a more serious barrier are European and other governments.
The PR is focussed at the SERIOUS objections... not what you or I might find uncomfortable or politically objectionable.
Change those META-tags NOW! (Score:2, Interesting)
It had to be said.... (Score:2, Funny)
All your next-generation secure computing base are belong to us
Hmmm I think I'll call it... (Score:2, Funny)
Foot icon? (Score:3, Funny)
Someone mis-filed this under "Microsoft".. is the "It's Funny.. Laugh.." category broken?
S
Palladium, the metal (Score:2)
Nah.
In Other Related News Today... (Score:2, Funny)
I'll complete that (Score:2)
Re:My friends work for MS! (Score:2)
Re:My friends work for MS! (Score:3, Interesting)
Re:Just look at the SQL Server bug (Score:2)
Re:Has KDE caught the Debian disease? (Score:3)
Don't be so bothered about gcc3.2. It frickin BITES. If you are using XFS you are f*cked - it is incapable of compiling any kernel with XFS support. No doubt there are other things wrong with it beyond this one.
You are better off with a compiler that works. Stick with gcc-2.96. It's dependable and the same kernel that gcc3.2 choked on compiles fine with gcc2.96.