Schneier Analyzes Palladium 270
bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.
Also in the crypto-gram (Score:2, Offtopic)
He has issues with arming airline pilots [counterpane.com] as well.
Offtopic- he's getting overly complex (Score:2, Offtopic)
Yes, this was such a danger, that we all remember the stories about problems with armed pilots that happened before the FAA banned the practice in 1987 for political reasons.
Actually, come to think of it, I cant' seem to recall a single one. Can you?
Pilots carrying handguns on their planes used to be routine, and in fact, when carrying US mail, required [handguncontrolinc.org] by the federal government.
When this person speaks of complex systems, he's obviously forgetting one over-riding principle: KISS. Keep it simple, stupid.
When you give pilots guns, do what other federal agencies and the majority of police departments do- each pilot is responsible for their own firearm, and must have it in their possesion at all times. So yes, they carry it through the gates, and security checkpoints. They certainly don't hand them over at any time to the high school dropouts who clean the plane or run the security checkpoints. They would carry the gun on them, on their hips, or maybe some quick draw holster at their controls (only while their seated.) They should be required to take lessons in weapons retention, so that terrorists would have a harder time getting the weapons from them.
Think about it carefully- when terrorists bust through the cockpit doors, they're going to be close, and their going to be nicely framed targets in a little doorway. Assuming the pilots are vaguely aware of whats happening in the cabin behind them, they're going to be prepared to annihlate one or multiple attackers.
Stun guns and other non-lethal methods often don't work well for single attackers, and are useless for multiple attackers.
Picture this scenario: Terrorists, armed with whatever, try to take over the plane. They are highly trained in improvised weapons and hand to hand combat and there are four of them (a la 9-11. Dealing with the single air marshall that mightbe there would be easy- have one guy start everything, and when the Air Marshall jumps up to take care of the first, the others get out of their seats and take care of him. Presumably, this would be alot of commotion, and the pilots would hear it from the flight attendants, through the doors, our through a cabin monitor of some sort.
Now once they have the cabin under control, they go for the cockpit. They bust through the cockpit door (even if it is reinforced, it won't take long) Here's where the scenario splits.
A. The first guy gets hit with a taser the pilots might have (or blocks it completely with a seat cushion shield.)The others then use whatever they have to kill or subdue the pilots, and take control of the plane. The air force sends up an F-15 and drops the airliner like a bad habit, Hopefully over a rural area. All onboard are lost, maybe some on the ground. National treasures are safe.
B. The terrorists bust through the door. The pilots have the plane locked into autopilot so they can deal with the issue at hand. The shoot the first terrorist. The second. The third. Whats left of the fourth after the air marshall, whom the terrorists already killed, dealt with him. Maybe they're such poor shots they accidentally shoot one person on board, maybe two. The plane lands ASAP (this takes at least 15 minutes from cruising altitude.) Innocent Casualties: 1 or 2, tops. Terrorist casualties: 100% & mission failure. The air force saves a $70,000 Air to Air missle for a target drone.
The crypto-gram article discounts the fears of airliner integrity, so I'll be brief. Suffice it to say, if this airplane [aloha.net] can land safely from 24 000 feet, a few bullet holes don't mean shit.
Other concerns:
We can't trust pilots with guns
Most pilots are ex-military that carried guns all the time when flying for the Air Force. Besides, we trust them with a $40 Million dollar aircraft and 100-400 passangers; why not a gun?
Someone innocent might die
Better than losing the entire plane. Even if they try and fail, I sure as hell prefer a fighting chance with a solid advantage.
The pilots should focus on landing the plane, or engaging in manuvers to through the terrorists off balance
How can the pilots land the craft if they're dead? How can they land it if they're doing crazy manuvers? How can an air marshall do his/her job under crazy manuvers. Answer to all: They can't.
Pilots should be armed, end of story. The prospects look reasonably good for this becoming a reality through legislation, though the feds are bound to fuck it up by making it too complex and cumbersome. I think the same legislation also limits liabilities to airlines in case of accidental shootings in a crisis situation.
We've know they're out to kill us, and if they come here to do it, let's send them to Allah without us.
Re:Offtopic- he's getting overly complex (Score:2)
I don't see this scenario being possible after 9-11. Anybody trying to hijack a plane with non-projectile/non-explosive weapons will be DOGPILED by the other passengers, especially if it looks like they're trying to get into the cabin. Improvised weapons and/or intensive combat training will only help you hurt/kill other individuals, but it won't move 800 pounds of desperate human flesh pinning you to the ground, and if you really make them desperate, it won't stop them from eventually gouging your eyeballs out & choking you to death.
In order to hijack a plane now a days, you need either a weapon dangerous enough to be likely to kill a significant number of the people on the plane in an instant, or you need enough hijackers (at least 30% of the passengers maybe?) to physically control all the rest of the passengers.
Re:Offtopic- he's getting overly complex (Score:2)
The next logical target would be cargo planes, as they have 2 or 3 people on board at the most. They're probably also alot harder to hijack, as access is severely limited, and you'd have to do it on the ground.
I've heard rumors that there have been some people of the type that performed 9-11 probing and practicing on domestic flights, trying to provoke reactions from air marshalls, without doing anything that would get them arrested. But this is just hearsay, so I guess we'll have to see.
actually, IMHO, even explosives and projectile weapons (short of large capacity automatic weapons) would be enough to keep the passangers in line, cause if they think they're gonna die anyway, what is there to lose?
Re:Offtopic- he's getting overly complex (Score:3, Informative)
I have flown multiple times in my time in the military, once clear over the Atlantic over to Germany, and I have NEVER seen a pilot with a weapon, let alone ever had any sort of weapon along for the ride.
Of course, these were all peace time, but you are incorrect in saying that pilots carry weapons in the military. While it may occure, I believe it is the exception, not the rule.
Re:Offtopic- he's getting overly complex (Score:2)
I think it depends on what kind of pilot you are, and where you are flying.
For example, when my dad was flying tacitcal helicopters for the military, he carried his sidearm when he flew on any sort of operational mission.
Re:Also in the crypto-gram (Score:2)
Not quite:
The terrorists we are currently dealing with are not from a diverse population. With very few exceptions, they are male Muslim extremists mostly between the ages of 17 and 40 [oraa.org]. The paper assumes that Osama and his buddies can recruit a 25 year old Saudi and a 75 year old grandmother from Nebraska with equal ease, which is certainly not the case. It's an interesting theoretical piece, but certainly doesn't "prove" that profiling is a bad idea.
Re:Also in the crypto-gram (Score:2)
Even if the profile screens out nine out of ten terrorists, the tenth one knows he is unlikely to get caught, so he can smuggle the bombs on the plane while the other nine stay on the ground and forge checks or whatever. That's the central insight of the "Carnival Booth" paper.
Re:That would be counting... Payed vacations. (Score:2)
EFF has nothing on this! (Score:3, Insightful)
"None of this is new or controversial, so why are copyright holders even talking about this? This bill would make it legal for the MPAA, the RIAA, and its ilk to break into computer systems they suspect (with no standard of evidence) are guilty of copyright infringement. It will allow them to perform denial-of-service attacks against peer-to-peer networks, release viruses that disable systems and software, and violate everyone's privacy. People they choose to target would be deemed guilty until proven otherwise. In short, this bill would set up the entertainment industry as a Gestapo-like enforcement agency with no oversight. "
Isn't this just becoming the general trend in America? I wonder how many victims of the MPAA will be arabic looking?
VM Could break Pd perhaps? (Score:5, Interesting)
It goes like this:
VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do. For the sake of argument assume we have downloaded The Little Mermaid under license from Disney, and we are only allowed to play it once. We turn off VmPd, and all we have is an encrypted jumble on our hard disk where we set up the partition to host it. We also have the keys to read it though, and simply decrypt the move and show it to our hypothetical little children as many times as we like.
This works because, as I understand it, Pd only allows you to access material with certain rights, depending on what access partition it is under. If Disney set up an access partition for downloading movies, this will be done in a way that trusts your Pd machine.
Assuming that Disney only give you a key when you pay for one, that key will always work unless they can chance how the movie is encrypted. It is conceivable that they would have a player that on-the-fly re-encrypts the movie with a new public key as you view it, every time you view it, and they only give you the new private key when you pay for it. But the transmission of the key is encrypted, trusted because you have a Pd device, so you just intercept the key on its way into VmPd, don't play the movie, and decrypt it yourself and watch as many times as you like.
I am probably missing something, but it makes for interesting thinking.
Re:VM Could break Pd perhaps? (Score:2, Funny)
Now I'm excited about Palladium.
Re:VM Could break Pd perhaps? (Score:3, Insightful)
The problem is of course in constructing the Palladium emulator (VmPd). You'd have to break a real one open to get the encryption keys out, and even if you succeed, the key of the real Palladium is licensed to you (and can be traced back to you). You won't be able to put it on a website without violating some agreement you signed when it was licensed to you.
So yes, it could work, but it's not going to be easy and it will be a significant threshold for anyone who wants to upload new materials to p2p. It'll be possible, but not casually so.
hardware and software keys. (Score:3, Informative)
This is essentially how an XBox works; having learned (now, finally) from the modchip fiasco, the plan for Palladium calls for embedding the key *inside* the CPU. It might be possible to steal this and then emulate pdCPU in software, but getting that key out will be tricky and no doubt illegal.
(Which means VMWare will never run palladium apps, btw...)
Re:hardware and software keys. (Score:4, Insightful)
Once captured off the bus the key can be revealed and used to decrypt everything else as necessary.
By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.
Re:hardware and software keys. (Score:4, Informative)
By the way, the hardware used may have been expensive, but the hardware PRODUCED to do it was valued by the author at about $50. So a device could be created to spit out the codes easily and cheaply.
I just wanted to interject a quick reality check. Sure, it looks cheap and easy when quickly reading the paper (or just reading comments on slashdot, most written by people who themselves skimmed or did even read it). It looks so simple and easy...
The bare circuit board was made by Advanced Circuits [4pcb.com] using their $33 each service (that I've used a few times for my own projects). At the time they had a minimum of 2 boards, now it's three. $99 (plus shipping) is still a GREAT price for prototype circuit boards with 6 mil spacing. The norm for the industry is in the $300 neighborhood.
But that $100 only gets you a tiny bare circuit board with a LVDS to TTL buffer chip and 6 mil traces at the same spacing as the traces on the xbox circuit board (nice of them to route the signals on the outer layer instead of an inner layer with the vias burried under the BGA package).
Another component he used as a Xilinx development board, which probably sells for several hundred dollars, and featured a nice Virtex series FPGA chip (expensive). Even if you get the chip as a free sample, you'll need a 4 to 6 layer board (which is way outside of the $33 double sided service), and the ones with flexible choices of I/O signalling only come in BGA packages... which requires very expensive equipment or hiring an board assembly company to solder it. Those chips can only be programmed using proprietary software. Xilinx does provide some limited free software, but the full version sells between $700 to $2500 depending on which chips is supports.
Now I suppose if you're working in your basement, your labor might be free... but consider the difficultly of soldering those 6 mil traces to the matching 6 mil tracks on the xbox PCB. Also consider that he hand-routed the signals inside the FPGA chip for 200 MHz performance... a very difficult and time consuming task, and he manually tweaked the propagation delay of the clock to get his sampling into the center of the stable bit times of the waveforms on the xbox board.
I've spent quite a bit of time designing with FPGAs (eg, the mp3 player on my website), and I can tell you that this hand optimizing the internal layout of the FPGA, custom tweaked for the other delays in his system, is some very serious voodoo magic that takes an incredible amount of time and patience.
Anyway, my point is that the cost is much more than $50... as a student or engineer with access to much of the equipment, you can discount those other costs. Even if the hardware and software were free, the skill required is absolutely astounding. I know it's easy to read a paper like that and lump it into the collective memory of blubs that "appeared on slashdot" without any (or much) appreciation for what an incredible feat it was.
That's why I'm writing this long-winded message... to remind and armchair would-be hardware hackers out there that reading a paper like that prepares one for mastery in hardware hacking about as well as watching the olympic on television prepares one to be a champion figure skater.
So a device could be created to spit out the codes easily and cheaply. It also would not have to be attached for a long period of time, just long enough to retrieve the key. As such you could, theoretically take your xbox to a shop, and be handed the key 2 minutes later. Wouldn't have to solder anything either.
It would be trivial for Microsoft to make all those signals in inner layers of the circuit board in future revisions. Many other more sophisticated counter measures are also possible. Technically unsophisticated laws, like say, the DCMA also serve as a pretty good deterant (at least against a shop doing the work for profit).
But even with the xbox, as it was 1/2 a year ago, the key extraction is a very tough job. The bug in the secret bootloader that allowed the lookup tables for hardware config to bypass the entire process has almost certainly been fixed by now (reportedly, Nvidia recently reported a significant loss on an inventory of xbox specific chips that had to be scrapped... one can only assume they had the original bootloader code and the chips they're making now have a different key and that bug fixed).
So next time you watch figure skating, and they make it look so easy... the same is true with this sort of hardware hacking. Anyone who really does design and play with hardware can tell you that the process described in that paper was absolutely astounding. And while it was relatively cheap, it certainly costs MUCH more than $50.
Re:hardware and software keys. (Score:2)
If everybody had to do it from scratch it would not be feasable. My point is, it has been done. It can be duplicated, and/or, used to produce hardware to do it again, in a more commercial like setting. As opposed to academic.
And, in fact, it has been done.
As I am a programmer I understand that there is some hand waving involved. For me to put the tools (never mind knowledge) in place to pull off something like this, your right, would have cost me atleast $5-10K. (Even if I rented access to such equipment).
Re:VM Could break Pd perhaps? (Score:2)
Re:VM Could break Pd perhaps? (Score:4, Insightful)
This might work if and only if you gain access to the private keys of the Pd hardware chip.
If you have these keys, the security is broken completely and you can do whatever you want. Getting them is the hard part.
Keep in mind that you, the owner of the machine, is NOT supposed to have access to these keys. In fact they are specifically protected against YOU.
Pd is trusted in this context means that a Pd machine is trusted by Disney, etc. to display some copy-protected crap. You, the owner, is NOT the trusted party, you are the bad guy, the malicious bastard that your machine has to be protected from.
More info here (Score:5, Informative)
Funny coincidence. (Score:3, Funny)
My favorite quote (Score:5, Insightful)
This sums it up pretty nicely, I think.
With all this non-resalable equipment and media... (Score:4, Interesting)
We're already having problems with monitors and computers (it costs to throw a monitor away where I live, unless you take it to the dumpster at 3AM), with most printed circuit board finding their way to heavily contaminating the countryside during cheap-labor disassembly after shipping to Asia.
-- Terry
Re:With all this non-resalable equipment and media (Score:4, Funny)
No circuit boards would be dumped in Asia. They would remain embedded in ever growing stacks of redundant consumer electronics devices in American living rooms.
One side effect: sales of outlet strips, surge protectors, A/V cables and video selector switches will skyrocket. Buy Belkin stock today to get in on the ground floor.
A tired Hollywood plot? (Score:4, Funny)
It's the year 2050 (2004) and the government (MS) is telling everybody how they will live (compute). Trust is guaranteed by the government (MS) and violators will be punished (digitally locked out). The people (programmers), though outwardly happy (productive), harbor deep lingering desires for freedom (open source).
Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds). The aforementioned hero (hacker) then liberates the people (programmers) from the tyranny of the government (MS). The people (programmers) are overjoyed, their lives have returned to normal.
So - if it ever played out like this, I'm sure someone in Hollywood already has the rights to the script. Will they own us?
Alan.
Re:A tired Hollywood plot? (Score:4, Funny)
TCPA / Palladium FAQ v1.0 (Score:4, Informative)
"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."
A lot of background information can also be found from Ross' page about Economics and Security [cam.ac.uk].
You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.
Re:TCPA / Palladium FAQ v1.0 (Score:3, Informative)
"When I asked [the Microsoft Research speaker] whether this meant getting rid of linux he replied that linux users would have to be made to use content screening."
Currently, there is a "digital divide" between those who have computers and Internet access and those who don't. Palladium raises the bar to divide those who have Palladium and those who don't. This scares the shit out of me (not literally, now, put probably so in a few years).
If power over people is founded in controlling information, then....
Re:TCPA / Palladium FAQ v1.0 (Score:2)
Bruce Schneier lists Ross Anderson's so-called "TCPA/Palladium FAQ" among a whole lot of other links to related content. Having read the TCPA spec, the recently published book on TCPA, Seth Schoen's notes (referred to by Schneier), and as much else as I can find about TCPA and Palladium, I would say that if you want to stand on someone's shoulders to see further into this area, Schneier is a giant, but Anderson is at best a dwarf, and probably standing at the bottom of a deep hole. I was shocked that someone with Anderson's reputation could produce such a poorly researched piece of work.
Read the TCPA spec for yourself, it's on the web for all to see, as Schneier points out. Do your own thinking. A lot of what has been written about it is just plain wrong. There are risks and a dark side to that sort of technology, but also a lot of good things that could be done with it. The open source community could exploit TCPA to their advantage if there are people with the insight and imagination to see the opportunities.
Re:TCPA / Palladium FAQ v1.0 (Score:2)
Why does this matter?
Because there are very legitimate reasons for providing others access to content, software, etc. without having to tie them via a remote access protocol to secured hardware (servers). Imagine any type of distributed, cooperative P2P network where the clients could not be easily hacked to abuse the network. Control over unauthorized redistribution of copyright material is but one such application of DRM.
Of course, the ??AAs don't want simple redistribution control: they want complete access control as well, turning the world into a pay-per-view-of-our-content nightmare. Deployment of oppressive DRM could certainly bring this about.
I keep thinking how Microsoft had to bend to an open Internet, not under their control, except for the few protocols they tried to keep closed -- the net was fundementally designed to be as decentralized as possible. If a non-oppressive means is not found to safely store foriegn content on one's computer with regard to unauthorized redustribution to others, but that respects, as much as possible, the computer-owner's traditional fair use rights and technical freedoms, we will have a far more oppressive one shoved down our throats.
There are problems with my attempt at "less-oppressive" (non-oppressive would not be completely correct) DRM attempt: it's deployment and required PKI trust infrastructure would involve a huge capital cost. More oppressive DRM schemes would be, sadly, cheaper to deploy. The only way that the infrastructure costs could be mitigated would be if a PKI web of trust could be built on traditional trust models rather than few certificate authorities, and grow the way roads spring up between communities desiring to engage in communication and trade.
History tells the future. (Score:4, Insightful)
"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."
I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.
Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.
Usefulness of Palladium? (Score:4, Funny)
Dear lord! Perish the thought.
I can't even imagine most companies having to deploy something on this order to safeguard their data. Hell, I'm not even sure the military needs it.
For reference, the Department of Defense has a series of guides and guidelines for locking systems down to ensure security. These are called STIGs and are created by DISA (Defense Internal Security Agency) and the NSA (National Security Agency). When the guides are applied the machines are as secure as can be made.
Part of the guidelines cover physical security; i.e., if someone can reach your hardware physically without being cleared for it, you fail that part of the check. As such, I can't imagine how Palladium would not be redundant to things we already have in place.
For good security, you can use smartcards with a PKI certificate, anyway. Don't let someone sign on without one, don't let them access data without one, have an active and interested central monitoring and issuing authority and practice good physical security. Save the money you'd spend on Palladium equipment.
Re:Usefulness of Palladium? (Score:3, Insightful)
I think that the point is that the consumer does not have a choice. They buy the latest and greatest that Dell sells them, and don't really pay attention to the OS, or anything else associated with the machine. People will be adopting something that they don't understand. Not a whole lot different from what goes on today.
Re:Usefulness of Palladium? (Score:2)
A few techno-geeks might be capable to putting together Linux systems from the parts bin, but they likely then wouldn't be able to run any commercial software.
sPh
Re:Usefulness of Palladium? (Score:3, Insightful)
You're right -- for the average home user, a non-palladium system will be more useful than a palladiun system, all (technical) things being equal. But there will be marketing, social and political issues that will sway the average user --
Re:Usefulness of Palladium? (Score:2, Insightful)
Unfortunately the home user won't read the article. He will read advertisement ads that promise him a computer that will make "Windows XP even more secure".
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
So tell them!!! (Score:5, Interesting)
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
Being defeatist about it doesn't do squat. I bring these kinds of articles to work. I leave them in the lunch room. I don't have to proselytise any more than that; everyone knows it's me leaving them, and they ask me. I tell them what's going on and what they can do about it, including the downsides ("You will have to learn more about your computer. You will have to do some research before you buy new hardware. You won't have as many commercial applications available, and that includes games.").
I keep a supply of Live-CD distros in my desk and I give them away. Microsoft has lost several Joe Sixpack level customers from this activity. I will help people do the switch, while making it clear to them that I'm not an expert or a professional, just a guy willing to help; I will always make a full backup if they have a burner (except for XP), and I will always recommend a dual-boot at least to start with, and I will always promise to do my best to restore their system (no guarantees) if they decide to go back to all-Windows. So far no one has taken me up on that last one.
Re:Usefulness of Palladium? (Score:4, Insightful)
The home user bought Office 2000 because of the helpful little paperclip. He will buy this.
Wrong, the home user did not buy Office 2000. If they have it at all, they pirated it.
And that's Palladium's problem. Currently, the home user is used to pirate software/music/movies and if anything tries to stop him doing it, he will refuse to use it.
There will be a market for non-Palladium systems (to be more specific, there will be no market for Palladium systems) so companies will produce for that market. If AMD and Intel are relly so stupid to refuse to make any non-Palladium chips anymore, be ready for VIA and Transmeta chips that will be bought if there is no other chance to watch "insecure" content on the PC.
Come on, this has been tried before (DivX-hardware player) it just does not work.
Re:Usefulness of Palladium? (Score:2)
Result: Nobody bought DAT recorders.
Re:Usefulness of Palladium? (Score:3, Insightful)
Well and the same will happen to Palladium-PCs.
Re:Usefulness of Palladium? (Score:2)
I've seen a single spreadsheet being mailed to someone, result in them spending two or three thousand dollars on a new computer that didn't offer anything else the user wanted, except for the ability to read that spreadsheet. In a market like that, a leader can get away with poisoning their products in just about any way. Joe Sixpack will buy Pd if that's what it takes to be able to watch the trailer for "LotR 4: Sauron's Revenge" or take his work home with him.
The only thing that can stop this is for people to become more conscientious, and I just can't see that happening.
Why the hardware? (Score:2)
Re:Why the hardware? (Score:2)
the exercise is to protect the copyright holder
of the file you put on your computer from
you.
Re:Why the hardware? (Score:5, Insightful)
Because the control mechanism in any von Neumann machine is in the same band as the stuff being controlled (ie, the OS - which enforces the security policy - operates in the same space - the CPU's available memory - as the programs which may, or may not, behave themselves).
Ultimately, the only way to have a secure audit trail for how a computer got to its current state is to have the verifier out of band from the verified. This is why you need the trusted component (the tamper proof verifier which can sign the logs of the host system). Assuming no-one can get to the trusted component private keys (even, or especially, the computer owner), another computer can trust the signature to be an accurate representation of the state of the original machine.
By the way, it's this in-band control mechanism which means that the Internet Protocols have an incredibly hard time defending themselves against DoS attacks - because the ICMP packets travel along the same route as the TCP/UDP packets. If you can interfere with the data stream, you can interfere with the control stream as well. The phone companies found this out ages ago, which is why whistling at 2600Hz doesn't work any more.
--Ng
Ownership of Your Own Computer (Score:5, Insightful)
We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.
We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.
Damn! (Score:2)
vaporware... ? (Score:5, Funny)
Re:vaporware... ? (Score:3, Funny)
Palladium, Pd46, Heat of vaporization 357.0 kJ/mol. I quess kJ/mol means, KiloJournalists / Microsoft's Obfuscated Literature?
That's it! Bill Gates is on a quest to make 1 mole of dollars! Let's see, $6.02x10^23... he's almost there!
Good insight (Score:2)
Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think.
Anyhoo, I thought this was a good, well ballanced article. He's much more realistic than most about what may happen, both on the paranoid and the hopeful angles.
Re:Good insight (Score:3, Insightful)
Whether MS actually needs the content companies at this point is debatable. If it came to that, Gates could buy a couple
But if MS wants content available on their platform, why not open that platform up to let the consumers of content make sure they can access their favorites on Windows? There are a lot of people who use MS products by choice (not me, but there are such people) who would build their own open source solutions if MS would give them the slightest encouragement.
Or maybe not. What the hell do I know?
Re:Good insight (Score:2)
> I'm sure others will mention this, but I thought
> this quote was worth highlighting.
>
>> Microsoft really doesn't care about what you
>> think; they care about what the RIAA and the MPAA
>> think.
Even more, Microsoft doesn't care what its *customers* think. And that is going to get it into serious trouble one fine day.
I don't care how unsophisticated a computer user is, most people would notice not being allowed to do a favorite activity when their old PC let them do it. If you think the copy-protected CD returns are something, wait till you see droves of people trying to return their Palladium PCs because:
1) It has a virus. It's not supposed to get them.
2) It ate my mp3 collection.
3) It won't play my CDs. There is nothing wrong with them, my old PC played them just fine.
4) It charges my credit card every time I play some music.
5) It won't run this program I downloaded. In fact it tried to call the police, but I unplugged the phone line. Nope, it wasn't warez, it was this cool free (GPL'd) program named FileZilla. The computer was calling me a commie.
6) It won't run my old programs.
If the RIAA and MPAA are all Microsoft cares about, then they can just go swim with those sharks. And they can share their fate: shark steaks:
Eisner and Disney (what he gets for saying mean things about Mothra's dear Apple):
http://www.businessweek.com/bwdaily/dnfl
AOL Time/Warner:
http://www.cableworld.com/archive/c
Vivendi:
http://news.bbc.co.uk/1/hi/business/2
Mmm, yummy. Somebody pass the butter sauce.
Bells are ringing: Mothra, Mothra! Every heart is calling: Mothra, Mothra!
Come on, Tok Wira, these sharks have gotta pay! New Kirk calling Mothra, we need you today!
On the same topic... (Score:3, Informative)
That's just what I want, another Microsoft initiative aimed at security. They've done such a good job at it so far that now I'm a whisper away from getting my account canceled by my ISP -- all because some Outlook/Outlook Express user somewhere has Klez and our e-mail address.
Re:On the same topic... (Score:2)
Nice column. Unfortunately, it proves nothing more than that Cringley and his hax0r friends shouldn't be talking about crypto, since they apparently don't understand some pretty fundamental points and cryptographic techniques.
If I understand correctly what my friend has written above, the Palladium architecture presents a wily hacker with what is essentially a Rosetta Stone -- two versions of the same data (one encrypted, one not) from which one can quickly divine the key needed to transform one to the other.
Gee, if you have both the crypttext and the plaintext of something that's encrypted, it's easy to extract the key! Um, well, maybe if you're using XOR or something, apparently Cringely has never bothered to actually look at strong cryptography (why doesn't this surprise me). For those who don't know (but at least have the sense to not rant about what they don't understand), part of the definition of strong crypto is that it is computationally infeasable to determine the encryption key given both plain-text and crypt-text. Extracting a key given a crypttext-plaintext pair is certainly not simple or 'quick'.
Honestly, I wonder why people listen to Cringley at all - he has a chronic inability to get his facts straight. If you're going to bash something you should at least bother to understand what you're talking about.
Palladium (like chemists, Microsoft calls it "Pd") (Score:5, Funny)
Palladium (Pd) + MP[3/G/EG] (MP*) => Fire.
How to beat it (Score:2, Interesting)
The worm (Score:2)
Construct a worm/virus with a load of keygens that goes around changing all the software licences it finds, the BSA wouldn't be able to work out what was licensed and what wasn't.
You could do the same for media, change all the keys, once you've done that everything would be buggered.
It's already happened. (Score:3, Insightful)
Strange thing is, what most people don't realize is that they don't own the software that runs on their computer. Microsoft does (or at least the EULA claims they do). Our computers are not our own, and have not been our own, for a long time now. The sad fact is that while we may physically own the hardware, a part essential for the hardware functioning - namely, the OS - is owned by Microsoft.
Now, you could counter by saying that people could run Linux, however, this isn't really an option for the average computer owner. Most computers built today have hardware that isn't fully compatible with Linux (Winmodems, etc...). So, the while the user has physical possession of his computer, all of his data is effectively owned by Microsoft, because without Microsoft's blessing, the average PC is useless.
So the next time you hear of someone wanting to buy a new PC, you might want to remind them that unless they are willing to install Linux, they aren't really buying anything. It's more like a lease from Microsoft.
Re: (Score:3, Insightful)
Re:It's already happened. (Score:3, Insightful)
Yes, its an old, worn issue... And many people still don't know about it. Or play down its importance. Or ignore it entirely.
Also, note that you used to be buying a copy of the Little Mermaid (to use your example), but some of your property rights were restricted for the good of society and the intellectual commons. Unfortunately, recent copyright law revisions have travelled far along the road to turning copyright into ownership, so this is no longer true.
Yes, its an old issue... And we should keep reminding people of it. Because ignoring it won't make it go away.
It quacks like a duck (Score:3)
Purchasing software or movies... It looks like a sale, it acts like a sale... it must be a sale.
You are still limited by what copyright law allows. But copyright law allows an awful lot.
Yes, to run a program that you purchase on CD, you copy from the CD to the CD-ROM cache, to the computer RAM, to the computer HD, then run it and copy to the computer HD cache, to the computer RAM, to the CPU L2 cache, to the CPU L1 cache, to the CPU registers.
Guess what... to watch a VCR tape, your VCR does much the same thing. It reads an analog signal off a tape, transmits it through several filters to a wire connecting it to your tv, into the tv and through several filters, to an electron beam gun. Lots of copies for that, and 20 years history that this is all completely legal, no license required.
All the copying required to run a computer program is covered under copyright law and fair use. Copyright law basically says you can do one of two things... you can copy something, or you can distribute it. But you can't do both. I can make as many copies as needed or desired of something in order to use it, and so long as I don't distribute any of those copies to other people, I'm within the law.
(Yes, exact legal opinions don't precisely say that... but they are close enough to work that way in practice. That's why the media companies are trying to buy new laws to prevent this.)
Licenses are not required to legally run software you *buy*. Ditto for movies you buy. You are still limited by copyright law, but in no way do you need a license in order to legally use this product you bought.
Re:It's already happened. (Score:2, Informative)
What do you get for your $20?
You get the right to watch a copy of that movie, in a certain way, on certain devices. You don't own "The Little Mermaid", but rather a mere copy.
You've missed a very important point, if you purchase a DVD you've also purchased the rights of fair use of that copy. These are the same rights you get when you buy a book. Fair use includes:
- The right to protect your purchase by making a functional backup copy.
- The right to lend the media to another party without compensation so that they may view the contents.
- The limited right to exhibit the contents without compensation. (You can invite friends over to view the contents.)
- The right to space shift. (i.e. the right to use the media in any device anywhere.)
- The right to time shift. (i.e. the right to use the media at any time.)
- The right of resale.
- The right to destroy the content.
- Upon expiration of the copyright, the right to do anything you want to it, including selling copies.
The content providers (read MPAA, RIAA and other abusive corporate monopolies) have attempted to use technology, the courts, and the congress to limit these rights. The above rights are limited by:- Technological and legal impediments to fair use. (Copy protection, DMCA, etc.)
- Making media that are specific to a single device or class of devices. (Region coding, DRM, Pd)
- Making media that are time limited. (DivX, Pd, DRM)
- Pressuring legislators to extend copyrights far beyond the limited times intended in the constitution.
The idea that copyrighted works are "licensed" is a relatively new invention. The "content providers" have been fairly sucessful in convincing the world that this is true. They've also been sucessful in convincing the congress and the courts that the constitutional reason for copyright is guaranteed profit, rather than advancement of the arts and sciences.Re:It's already happened. (Score:2)
No, but I can sell my actual copy of the movie. Microsoft tries to claim I can't even sell the original of my software, even if I never use it again myself.
Re:It's already happened. (Score:2)
Relevant, thoughtful, and unpartisan (Score:2, Interesting)
Lots of things to think about in this piece... (Score:5, Insightful)
This brought two ideas to mind...
Ok, time for work...
Re:Lots of things to think about in this piece... (Score:2)
I think Microsoft's history of raping its business partners for fun and profit is well known. I seriously doubt that Entertainment, Inc. is willing to have any dependency on MS at all, in fact they'd like to force MS to license their systems, software and patents.
Didn't MS even proffer a digital music system to the RIAA a while back (2-3 years ago) that RIAA blew off?
I think "wishing" MS would screw Entertainment, Inc is a little like wishing Stalin would defeat Hitler; it gets rid of one bad guy but it only allows another to roll ahead freely.
What is really disappointing in Palladium (Score:2, Funny)
Are we gonna need Mod Chips for our PC's then? (Score:2, Interesting)
Re:Are we gonna need Mod Chips for our PC's then? (Score:2, Insightful)
Yes, maybe so! Obviously the first version of Palladium will be the friendliest, in order to calm critics and get user acceptance. At some point in the future you won't be able to install Linux, but before that a lot of other stuff will be gone, too. The PC will be a completely different thing, the stuff you can do with it will be outweighed by the stuff you are not allowed to do with it, by then. It will be a slow process of course, to keep the users in a spiral that is slowly spinning down (you don't want to wake them up doing harsh movements).
The main problem is, that the computer as we know it today is inherently the most dynamic tool mankind has ever built. It is based on the concept of copying and modifying data freely. Most of the computer's convenience and usefulness comes from this property. Now Palladium/DRM takes this away to the maximum extent possible without turning the whole PC into a vegetable.
This technology WILL come, and it WILL take away our most beloved toy to replace it with some ghastly Juggernaut that watches our every move. Our own PC will be treating us as the enemy!
Isnt he being a bit harsh here? (Score:5, Interesting)
To quote : "3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0."
Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
Re:Isnt he being a bit harsh here? (Score:3, Insightful)
Re:Isnt he being a bit harsh here? (Score:5, Insightful)
So the smart people at Microsoft made every mistake that had been made in computing since 1938 all over again, without knowing they were making those mistakes or what their consequences would be. Networking is a perfect example: in their haste to bring something to market that would displace Novell (keeping in mind that Novell created the market for MS-DOS networking), the genuii at MS built a clumsy, difficult to manage, insecure contraption of a networking system that ignored every lesson Xerox, Novell, 3Com, Wang, and others had already learned.
And, thanks to the power of the installed base, we are now stuck with Microsoft Networking and its insecurities for at least the next 20 years, because everything has to be backward compatible with what is already out there.
So I would say a combination of smartness, arrogance, and lack of perspective is exactly what has brought Microsoft code to where it is today. And a corporate culture of that nature is very, very hard to change.
sPh
Other changes in Palladium (Score:2, Insightful)
Not the MPAA's bill. (Score:3, Interesting)
There's a lot of misdirected initiatives out there, but please credit the MPAA with knowing what's right and what's not.
In layman's terms: Stealing our member companies product: wrong. "Hacking" (I'd prefer "cracking," or simply "script-kiddying," as a DoS attack is not hacking in the traditional sense) a consumer's computer: wrong. Sending Cease and Desist letters and, when those fail, working with the ISPs not to terminate acounts (examples of the MPAA's letters can be found at chillingeffect.org and you'll note they do not include language asking for account termination), but rather to remove the infringing material, IMHO, right.
I'm an author and a filmmaker, I've worked with the MPAA, I've seen my work pirated, I've heard studio heads freak out about the fact that their product is available on the Internet three weeks before theatrical release. (Anyone who hangs out in IRC knows this to happen.) I see that the problem is real. I also see the MPAA being very defensive, but most certainly not offensive (think strategy, not personal opinion
Re:Not the MPAA's bill. (Score:4, Insightful)
I don't think any of us here will disagree that piracy happens, and, to individuals such as yourself, it might truly be a problem. However, our two main gripes are 1) they're going about fighting it in all the wrong ways, and 2) the amount of money actually lost to the RIAA through piracy is so small as to be insignificant (to them; if any of us actually got that amount of money it would probably make us very happy), and, from what I can tell, only a very tiny fraction of that would get back to the artists/movie makers/etc.
To address these points more fully:
1) Yes, the piracy happens, and digital piracy happens, but by far the biggest piracy is analog. Most of the problem isn't people ripping a DVD of a movie and distributing that (though it happens); the problem you mentioned, movies appearing early, is usually accomplished by some insider (or semi-insider) leaking it; they have access to the original source material, so none of this would stop them from copying it. The other problem is that they are assuming the consumers are all thieves, and thus punishing everyone for the sins of a few. What they could be doing instead is looking for better ways to make buying the product attractive (like dropping prices or something).
2) The RIAA/MPAA talk about numbers of pirated copies sold in a certain period (side note: how the heck do they even know? Do the pirates tell them??), and take those, with the amounts they would have been paid, had all those copies been bought from them, and come up with an amount that they call the amount of money they've lost to piracy during that period. The first problem with this is that, if they had not bought the pirated copies, most of those people would not have bought anything from the RIAA/MPAA. Then, even if those numbers were correct, I think they could afford it. How much do they spend on campaign contributions a year? I would bet that it's at least as much. And, of course, the "poor artists" who are being robbed by the "evil pirates" would get very little of the money.
Once again, if any of this information is inaccurate, please do not be offended; instead, simply tell me what I've gotten wrong.
Dan Aris
Don't get too worried (Score:2)
Out side USA (Score:3, Insightful)
"To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model."
Thats got to be the best way i've heard it put so-far.
stuff that i cant get at? (Score:2, Insightful)
now what the hell is this gonna be for? data on MY hard drive that MY computer cannot access? sounds like storage or something to me (spyware?)...
will i see any money for this (i.e. "rent") for the hard drive space that i dont get to use now?
i dont care how much or little this will take up, but i am going to want that space
What ever happened to... (Score:3, Interesting)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
How is my hard drive and RAM different from my "papers" and "effects"?
Let's say I have 3,000 VHS videocassettes in an home owned by me. Those cassettes contain blatantly illegal copies of The Country Bears, which I intend to sell for profit but haven't, yet. The FBI cannot break into my home at any moment to see whether the videocassettes are there; they have to wait until I sell them carelessly leaving a trail right back to my home. Only then, with a warrant in hand, do they come and confiscate the cassettes probably arresting me, too.
Let's say I find a way to copy one of those videocassettes onto my Palladium-equipped PC but haven't distributed it, yet, even though I intend to. Will there be something about this act that triggers Microsoft's piracy alarms? Even though I haven't technically broken the law, yet, can Microsoft or their hit-men enter my computer without a warrant and delete that movie?
How is entering my computer through a network interface different than entering my home through the front door?
Re:What ever happened to... (Score:2)
Actually, you're mistaken. If the FBI learns you have 3000 VHS cassettes containing copies of The Country Bears, and catches wind of your intent to sell them, they can nail you well before you actually carry out the act. That's the definition of conspiracy.
Likewise, the police don't have to wait for you to attempt murder if they know you're planning one. Authorities can arrest and convict you merely by proving intent.
Re:What ever happened to... (Score:2)
This is fine, but what if the conspiracy is totally stored within the mind? In either case, whether the movies are in my house on cassettes or on my hard drive, there is no clear external sign of intent.
The point I'm trying to get at is that Palladium might be a means of allowing me to be labeled a conspirator without there being real proof of it. In my post, the movie had simply been copied to the hard disk, which, in itself, doesn't break the law. The intent to distribute it isn't stored on the hard disk but the mind. Without proof of that intent, Microsoft, the RIAA, and
While we're at it, the First Amendment (free speech) and the Sixth Amendment (the right to a trial) should be considered, too. If Microsoft, the RIAA, and the MPAA think they can bypass the U.S. Constitution, of all things, in trying to preserve their way of life, they are arrogant beyond belief.
Re:What ever happened to... (Score:2)
Am I really the first person to notice this? (Score:3, Informative)
Sheesh...
Big Corporate Brother (Score:2, Insightful)
Does it concern anyone that Microsoft, Oracle, AOL, Disney, etc... would have control over your computer if this standard is implemented (and you use a windows platform)? Does it concern anyone that corporations and governments could delete anything they found objectionable?
Truth is: had the US government realised how big the Internet would become and how free information would flow, they never would have allowed it. With TCPA / Palladium, governments and corporations will kill the freedoms we now enjoy on the web, usenet, ftp, etc.
Re:Big Corporate Brother (Score:2)
Re:Big Corporate Brother (Score:2)
The wheel turns... (Score:3, Funny)
Man that guy can be clueless (Score:2)
I think it is the other way around. No media company can afford to offend M$. There are lots of media producing companies, and about 5 real OS manufacturers. M$ has the BIG stick in this case not intel or amd or any computer or software manufacturer.
Palladium's a Big Patch (Score:2)
The only thing that made Windows different from the old Mac OS in terms of security is that the Mac OS never reached a critical mass of users. So, as a result, virus makers never bothered to make the volume of viruses or hacks to penetrate the old Mac OS.
Microsoft, IMHO, is trying to simply wrap up their inherent inability to write anything with sufficient security by making a product, and charging users for something they should expect as part of any trustworthy operating system's initial cost of purchase.
Of course, there's no guarantee it will work as advertised--another Microsoft trait.
MS and Bush Administration in League? (Score:2)
It looks like the Bush Administration wants the DOJ to give Microsoft a slap on the wrist, however. Even though they've been found guilty of leveraging their Monopoly powers to squash competition.
I'm not going to point to any conspiracy theories, etc., just a gut feeling. Could it be that the Bush Administration secretly wants Microsoft to deploy Palladium?
If Palladium is as bad as people are saying it is, it has the capability of forcing every computer user who wants to use the internet in a meaningful way to use the same exact (or very similar) system as everyone else.
Imagine that MS deploys Palladium, then announces that they are going to "cooperate" with the Office of Homeland Security, allowing them to use the capabilities of Palladium to "fight terrorism."
Working together with Microsoft, the government could suddenly have access to everyone's hard drive. Not only in the United States, either, but on any PC in the world that is running on Palladium hardware. Unplugging your PC from the network won't even be an option if you are required to be connected to use any software.
And of course, anyone who resists upgrading to Palladium after a certain period of time would not only be pictured as being against capitalism by refusing to spend money to upgrade their PCs, but would also be seen as aiding the terrorists by using non-Palladium hardware.
They could also justify a military raid of Southeast Asian countries for producing "terrorist computer hardware," in other words cheap computer hardware that is not Palladium-enabled.
I might be a bit alarmist, but it seems that some of the capabilities of Palladium are very much aligned with the Bush Administrations current track record of curtailing our civil liberties and screwing around with other countries in the name of "fighting terrorism."
Additionally, though I'm still skeptical, I'm becoming more and more convinced of the possibility that the Bush Administration knew about what was going to happen on 9/11 at least a few weeks before hand.
I certainly hope we don't start seeing "Palladium-enabled" purchacing kioscs at our supermarkets and so forth, but it wouldn't surprise me. Revelation 13 is seriously starting to freak me out.
Re:Reminds me of Tivo (Score:3, Insightful)
Re:Well (Score:2, Insightful)
You would have seen that, if you'd have actually bothered to click the link.
Re:Well (Score:3, Interesting)
Re:Well (Score:2)
Palladium-lovers usually tell us: "If you have nothing to hide, you have nothing to fear from Palladium".
Well, if Micrososft has nothing to hide, why do they keep Palladium a secret?
Not true. (Score:2)
Re:Well (Score:4, Interesting)
I disagree with Schneier on several points -
Will Microsoft jigger Pd to prevent Linux from running? They don't dare.
and earlier he says -
Some say that Pd is, in fact, Microsoft's attempt to preempt the TCPA spec.) TCPA is the Trusted Computing Platform Alliance, an organization with just under 200 corporate members
So does he think for a moment that Linux is a "corporate member"? Linux is by it's definition a community, not a corporation and thus cannot "be a member" of the TCPA, of course corporations who sell Linux can be members, but as the corporations involved with Linux are a fraction of what Linux actually is, Linux as a community could be damaged severely if this comes to pass.
Additionally, a new chip is required: a tamper-resistant secure processor.
And who's going to upgrade all those old machines that don't have the chip? And what of all those old machines donated at the end of their corporate or home lives to schools and charities? How much of the data swirling around the data buses is encrypted? Do we need new memory / I/O buses that are deemed "secure"? Are there requirements for sheilding the buses from electromagnetic surveilence? Or are they mandated to be open to some mandated authority? So many questions, and NO answers, if they really have been working on Pd since 1997 and there are no answers to these fundemental questions then I call BS.
Pd provides protection against two broad classes of attacks. Automatic software attacks (viruses, Trojans, network-mounted exploits) are contained because an exploited flaw in one part of the system can't affect the rest of the system.
Or *nix as it's usually called. Given that MS software has been and continues to be highly insecure does anyone really think that they can pull this off? The paragraph continues -
And local software-based attacks (e.g., using debuggers to pry things open) are protected because of the separation between parts of the system.
So how much will I have to pay MS to run a debugger? And will there be any other debuggers allowed to run other than MS ones?
There are security features that tie programs and data to CPU and to user, and encrypt them for privacy.
Does that mean that every user (member of family, freind, co-worker, etc) that uses a machine will require a seperate licence to get a seperate key or is it all encrypted with the owners rather than users key? And how are data and keys moved from machine to machine? What happens if keys (like the Regiistry before hand) become corrupt?
Your computer will have several partitions, each of which will be able to read and write its own data.
And what if a partition becomes corrupted? Do we have some sort of digital reciept if we got something from the Net so that we can get back from the Net what was lost locally? If so who enforces the contractual obligations of the digital seller? What if the seller ceases trading?
There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at.
So the MPAA could just DoS me by using up all my drive space so I don't have any room to put MP3s on my machine?
Microsoft has repeatedly said that they are not going to mandate DRM, or try to control DRM systems, but clearly Pd was designed with DRM in mind.
They also say that they arent an abusive monopoly or that they arent hiding anything by not decaring share optionson their balance sheet.
There seem to be good privacy controls, over and above what I would have expected.
So no dial in to MS then to give up your blood type and sexual preference then??
And Microsoft has claimed that they will make the core code public, so that it can be reviewed and evaluated.
When? 2010? 2050?
It's hard to sort out the antitrust implications of Pd.
Why would they care? Hasnt Bruce been following the current case? Doesnt he realise that MS 0wnz the DoJ?
Will it take standard Internet protocols and replace them with Microsoft-proprietary protocols? I don't think so.
The word Halloween comes to mind...
Will Microsoft enforce its Pd patents as strongly as it can? Almost certainly.
Except in countried where software patents arent recognised
Lots of information about Pd will emanate from Redmond over the next few years, some of it true and some of it not.
Whoa! Some of it "true"?
1. A "trusted" computer does not mean a computer that is trustworthy. The DoD's definition of a trusted system is one that can break your security policy; i.e., a system that you are forced to trust because you have no choice. Pd will have trusted features; the jury is still out as to whether or not they are trustworthy.
Didnt NT have a C5 rating? Hehe...
I doubt that you or I could, and still enjoy the richness of the Internet. Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think. Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.
Yeah I mean it's not like people are ripping CDs and DVDs all the time and making them available over the Net with downloads in the billions per month or anything.... DOH!
3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0.
At last! Pd is right now a big PR exercise with a bit of crappy MS code behind it that probably has hundreds of obvious holes (buffer overflow anyone?)
4. Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition.
and -
There's also a lot I don't like, and am scared of. My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay.
Pd is about the control of information, where/how you get it and how you use it, usually the perview of media companies, governments, religous leaders etc for most people on this planet, as opposed to some of us
Re:No, it's neither a problem nor idiotic (Score:2, Insightful)
Hey, I'm all for Linux, and if you don't like MS then fine... but when I heard bitchy stories about how MS makes products that don't work to catch users on the upgrade it's just anoying.
It happens, OSes can be buggy, and they are hard to write. Just look how many kernal patches there are floating out there for the linux distros.
Trust me, if MS had a product that installed successfully the first time for every user that installed it they would flaunt it (and rightful so) in all of their competitors faces.
Bottom line: WindowsXP is an easy to install OS that most likely has a higher success rate of installing on first attempt then any other OS out there (and much higher success rate then most linux distros I've installed)...
Re:One IMPORTANT thing (Score:2, Interesting)
Their goal is probably to make it impossible to buy a new computer without the hardware part. Once that is in games and other apps are released to only work on a palladiumenabled computer. Note that this is a bit down the road and not all of it will happen at once. Its a sneak attack.
Hopefully either AMD or Intel will see that the one of them that not has the hardware thingie in their CPU will be selling a lot more CPU's than the other.
On that conclusion i presume they will lobby as hard as they can to make it mandatory to have TCPA built into new computers.
Re:One IMPORTANT thing (Score:2)
There you have it. You simply won't have a choice. All the major computer manufacturers will be on board with only producing Pd hardware and hte major software manufacturers will be on board with only writing software for Pd.
Want to play the latest, greatest games on your PC? You'll need a Pd compliant system to play it on.
Want the newest computer system? You'll have to buy Pd.
Want to upgrade your old non-Pd-compliant system? Too bad. They don't make parts for it anymore.
Sure, there'll be a used-PC market for a while, but eventually, the components will wear out and you'll have little choice but to go with Pd. And there might be a hanful of non-Pd computr manufacturers... but how many people will buy them? All the Mac and Linux users?
Microsoft will still control 95% of the market, which is plenty enough. By that time, they might be able to pay Congress to pass laws banning non-Pd compliant systems to nail that last 5%. Because, obviously, only hackers, pirates and terrorists would want to use a non-Pd system.
Re:One IMPORTANT thing (Score:2)