RMS Urges Opposition to "Trusted Computing" 522
Andy Tai writes "In this Newsforge article, Richard Stallman analyzes the "Trusted Computing" initiative and Microsoft's Palladium, points out that such initiatives are really means to ensure your computer can be trusted by Microsoft and Hollywood (you can't do things they don't want), and urges computer users to organize, to support the Public Knowledge and the Digital Speech projects and to use their consumer power to block "Trusted Computing" in its tracks."
lol (Score:3, Interesting)
Wait a minute? I do... and so far it seems to work... BLOODY HELL! How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work... Anyone???
For those who missed it... (Score:5, Interesting)
RMS is a dork. A principled dork, but a dork nonetheless.
Re:For those who missed it... (Score:4, Interesting)
Microsoft Palladium Nightmare Scenarios (Score:5, Interesting)
former student, returned to his Alma Mater and gave a talk on some of the
technical aspects of Microsoft's Palladium project. Brian began the talk with
a quick overview of the goals of the project. He stated that Palladium's
goal was to 'Protect Software from Software'. He went on to enumerate some
of the nightmare scenarios that keep the Palladium team up at night, such as
a virus/trojan that launches something worse than a Denial Of Service (DOS)
attack.
These included:
After this brief introduction, Brian went on to describe a hardware based
software security system that would provide 'Fingertip to eyeball security.'
This system would consist of a hardware Security Support Component (SSC)
chip, a special security kernel called the 'Nexus' and user level security
applications called 'Agents'. Palladium would also require alterations to
the MMU for the curtailing of memory and USB for secure input/output.
Brian admitted that Palladium would offer no protection against DOS
attacks and that Palladium would necessarily include a universal serial
identifier (this
would be provided by the RSA key burned into the SSC chip). He also promised
that Palladium would run unmodified legacy applications and drivers.
Problems surfaced during the end of the talk when Brian began taking
questions. Richard Stallman correctly pointed out that Palladium was being
presented as a way of improving the security of personal computers. Indeed,
according to Brian, this was the focus of Microsoft's Palladium project, but
no where in his talk did he present any solution to the crucial nightmare
scenarios that are supposedly keeping the Palladium team up at night.
Indeed, as was pointed out by Stallman and others, if Palladium would run
unmodified legacy applications, then how could Palladium thwart the legacy
virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?
The truth is Brian was being disingenuous when he described the nightmare
scenarios that motivate the Palladium team. In all honesty, there are only
two nightmare scenarios that are relevant to the Palladium project:
internet
has ushered in the end of there ever ballooning bottom line
holders
to effectively eliminate the fair use rights of the public
With Palladium, Microsoft plans to solve the former by introducing the latter.
To get to the heart of the matter, we have to ask _why_?
Brian says Microsoft is concerned that large copyright holders will refrain
from publishing works in formats compatible with the Windows PC. My theory?
Microsoft sees an opportunity to bolster there own
bottom line. Palladium is meant to do for DRM what
for web services.
By providing the infrastructure, Microsoft hopes the content companies will
write applications and release content only for Palladium enabled systems.
Joe Consumer who wants to listen to the next Brittany Spears album on his
computer will be forced to upgrade to the next release of Windows/DRM. Of
course, it doesn't hurt that Palladium could provide quite a few wrench's to
throw at Microsoft's open source competitors.
Nightmare scenarios indeed!
Make your own RMS news generator!! (Score:0, Interesting)
RMS Urges
Insert:
<a company that profits from something proprietary>
Or
<a company that supports something associated with a company that profits from something proprietary>
And finish with:
to stop their wicked income ways!
Or, replace the top like with:
RMS Urges you to oppose
Examples:
RMS Urges Microsoft to stop their wicked income ways!
RMS Urges you to Oppose Mono
Enjoy your new generator.
Re:For those who missed it... (Score:5, Interesting)
Trusted computing creates a potential clique. (Score:5, Interesting)
The Commons, revisited (Score:5, Interesting)
Although RMS does arouse some passions within the slashdot community, in this, I believe, he is right.
There is, in English Common Law history, a subject area, called the Enclosures Acts, where vast quantities of land were removed from common use, and awarded to landowners in what was a thinly veiled land grab.
It had justification, of course. Private Ownership was deemed more efficient by those that grabbed the land. Far be it for the government to disagree. The whole idea of common weal ( as in commonwealth) was called The Tragedy of The Commons.It would appear that history is attempting to repeat itself. If computing can be controlled by a trusted source - Who will that trusted source be?
This age old problem, can be solved in a number of ways - a dictatorship, or, a democracy, or...
Not quite trusting my fellow man, I think I would rather do my own choosing. But then, I use GPL'd software. A lot. And your choice will be?
Re:lol (Score:5, Interesting)
I'm puzzled how this is more 'flamebait' than 'interesting'. I think he makes a good point. There's nothing wrong with stopping and asking "Why should I follow the anti-MS stampede?". If you guys knee-jerk against every single thing that MS says or does, then how's anybody going to take you seriously when they do something that's really really bad.
As for my response: The main reason I'm against this is that the wrong problem is getting solved, and the consumers get burned for it. The problem is not that computers need to be restricted so that Hollywood can feel safe with digital content, the problem is that Hollywood needs to learn how to make it in this market.
Hollywood doesn't understand that people are happy to pay for service, but they can't pay until the service is provided. Right now, I could go download a bunch of movies from kazaa. What would that experience be like? Well, I get varying quality, unreliable connections, and it takes hours (sometimes days) to get a movie to come down. Now if I could pay $5 to download a guaranteed high quality movie at a speed of 100KB/s, why would I even care about Kazaa?
If the internet got to the point that p2p could work that fast, then the pressure is on Hollywood to provide a better service. "The first 100 people to buy this movie will also recieve a still from the movie..." or something like that.
PC's and the Internet are marketing opportunities, they are not exploits designed to put Hollywood out of business. If they're not willing to get with the times, then they don't have any reason to get computers regulated with technology like Palladium.
Get a job writing the TCPA bios for trusted linux (Score:5, Interesting)
I hope they do call me though. I'll give them a piece of my mind, followed by the URL of my DeCSS mirror [goingware.com].
Now I ask you this: if they're verifying the "system integrity" of a linux box with the TCPA, are they complying with the GPL?
Typical RMS (Score:4, Interesting)
Stallman's examples this time are rather simplistic. His concerns about "DRM", aside from the "I want to be able to shock myself" degree of control he wants for PCs, aren't all they're chalked up to be. Calling it "trecharous computing" makes him sound like a kook, not a serious voice.
To wit:
"Your boss's e-mails will be written in disappearing ink!"
"You won't be able to send incrimiating documents to the press!"
Any corporate system that causes the main focus of communication to automatically expire with no way to retrieve it is a poor business model, not an aspect of trusted computing. Investigative and Corporate preferences aside (after Enron, do you REALLY think that it'd be hard for Congress to slap a "records requirement" on corporations?), someone should be able to mark their e-mails as "archived." And you can always just print out the document...
And, if some company is too paranoid to keep any e-mails and advanced enough to be truly paperless, there's still a digital camera and the on-screen display. Or the simple expediency of calling the cops...
As for the rest--if MS wants Word to be Word-only, more power to them. It'd keep some large usability problems from arising, and quickly tone down word e-mail.
Postscript 2 really irks me. I'm no programmer, but even I can imagine a system where "untrusted" code & docs are run in a "sandbox," where they can't do any real harm and the user can still use them. Given six months of speed increase, the user probably won't even notice the difference between "game on new system's emulated layer" and "game on old system raw."
*sigh*
Re:For those who missed it... (Score:3, Interesting)
So what's to be done? (Score:5, Interesting)
Afterall wasn't it Microsoft who lied in court? Or just last week about the "switcher"? They can't be trusted, it's that simple - they've shown that time and time again.
As for Hollywood, well again why should my computer put the needs and wishes above my own? So I buy a DVD, why can't I play that everywhere? Why can't I create my own player? Who says I shouldn't be able to buy a DVD while on holiday and be able to watch it when I get home? If I save a little money by buying it overseas isn't that my good fortune? Why should a commodity like a DVD have such wide differences between price and terms in different places?
No there are legitimate reasons why I might want to do things that MS/Hollywood want to stop - I don't see why my computer should help them take away MY FREEDOM?
Personally I think it's time we started something like FSF for hardware (FHF if you will) so that we can escape the clutches of "the evil Empire".
What happens next? The PC refuses to run any OS without a Microsoft signature, and we're blocked from reverse engineering it? This seems to be happening already with the Xbox, is this just a test case for the whole PC?!
Perhaps Red Hat should make a PCs, and allow anyone to copy the design. For no other reason than to protect THEIR business model.
Re:Microsoft Palladium Nightmare Scenarios (Score:3, Interesting)
Sandboxes and an agent watching the mail spool.
"Oh, Outlook 2000 is trying to write to the registry! "
"Oh, IE is attempting to send 5374 mail messages! "
Kick the user's head by requiring a certain security clearance for "", and an idiot warning to boot.
Man, I thought OSS folk were smarter than MS coders!
The truth is Brian was being disingenuous when he described the nightmare scenarios that motivate the Palladium team. In all honesty, there are only
two nightmare scenarios that are relevant to the Palladium project:
Stop thinking like a medieval catholic zealot, and start thinking like a modern-day person.
MS et al really, truly believe that what they're doing is the right thing. Their arguments are not "justifications" for "controling your computer"--they're honestly believed arguments.
I could as soon say that Stallman just wants to not pay for software because he's cheap, and be just as accurate as you saying that MS is driven by a desire to disallow fair use.
Of course, it doesn't hurt that Palladium could provide quite a few wrench's to throw at Microsoft's open source competitors.
Maybe... but MS knows that OSS is a competitor, and that OSS will hack its way into useabilty no matter what they try and pull (remember deCSS?).
I suspect that MS will push palladium, and succeed, and license their software along with the Palladium hardware chip--thus allowing them an effectively "free" Linux binary distribution angle, which means that there won't be as many coders working to crack it.
Stallman isn't an unbiased or "reasonable" person in this debate. Trusted Computing ideas are, in some ways, in direct competition with his agenda--but that doesn't mean that they're totally wrong or immoral, or "trecharous computing." It just means that it's not likely to be advocated by the FSF anytime soon.
Comment removed (Score:2, Interesting)
banks (Score:1, Interesting)
Irrational Security (Score:4, Interesting)
1) The traditional one. This puts the access control of computer resources in the hands of computer owner.
2) The DRM, CP Protection etc: These system wants to take away access control from the owner.
I don't know why the second part is even called "security".
The problem with DRM etc is that once they become more wide spread, someone will provide a method to defeat them. And once defeated, there is no easy way to enable them since the owner doesn't want to enable them! E.g. region code and macrovision disabling in most dvd players. So the only way to implement DRM etc would either be by making it a law and have a very stringent enforcement or don't allow people to buy computers (just allow them to rent only, which will contain license clause that the sytem must be audited, insured at renters expense). Either of the proposition is very expensive.
Where the hell does this guy make his money? (Score:2, Interesting)
Silly comments aside, there are two things that must be balanced, the rights of the copyright holder/content producer and the rights of the consumer.
If the copyright holder/content producer is not protected then the incentive to produce and innovate is greatly reduced. Bills need to be paid, families fed, etc. Those things happen when the commodity (content) is paid for. (e.g. how does RMS eat? He must expect to get paid for some things and I'm sure he wouldn't appreciate it if I collected his assorted writings and published them without recompense to him)
On the other hand, the consumer has certain rights granted when the content is acquired. People must be vigilant to ensure those rights aren't abridged.
RMS needs to moderate himself and find a workable solution in the middle. He smacked of Chicken Little when he started on the treacherous computing and MS Word thing. First they get you with the file format, then next thing you know, "You might be unable to read [your writing] yourself." Yes, there's a good business model for word processor sales - a write only word processor.
That's just one example where his extremism will turn people off. This isn't about black vs white - everyone needs to win here. He certainly sees himself on the moral high ground but what is really needed is a solution for the masses. If he isn't working towards that solution then he is part of the problem, and he'll soon be regarded like that guy found on every college campus, the one standing on some steps somewhere ranting or preaching or something.
Re:lol (Score:2, Interesting)
Oops.
Okay, so, yeah, RMS does get it. I must confess i did not actually read his article before making my post.. there were like 10 links in that blurb and it wasn't clear what was what
Although i'll hold to what i said-- RMS may get it, but in general not all of the other free software advocate people do.
Actually, RMS *really* gets it. This is a great article. It's too bad RMS never gets published outside of the incestuous circle of slashdot-like sites, he's so much more eloquent in writing... I wonder how hard it would be to get something like this RMS article published as a one-page advertisement in Newsweek. If karyn wossername [savekaryn.com] can get $20,000 just becuase she couldn't manage her debt and she knows how to set up a website, the Slashdot Community could probably put together enough money for a newsweek ad
whatever. ugh. shame.
Re:Government versus Business (Score:2, Interesting)
Unclear. Government franchises, aka. "Corporations", were well known and widely used to accomplish the evils of government when the Constitution was drafted. They date back quite some way, in fact, where "limited liability" was granted by the Throne to, um, enable, tax collectors maximum ability to collect from deadbeats.
Even today, most local (township/county) tax collectors in the US are NOT a formal part of the government -- even though you "vote" for them. You are, in fact, authorizing nothing more than a G2C relationship. If the Corp loses your payment, EVEN IF THE STEAL IT, you can't protect your home nor sue the Government. Your cause of action is only against the Corp. Been there, and lost, as the Corp was dissolved when another was voted in.
Corporations were then, and still are, the way government distances itself from popular review. Unlike you and I, Corporations are subject only to the rights they are explicitly granted -- not the Constitution. So the Governments can pass a law that says Corps enforce X to their consumers/employees, even if the Constitution would expressly forbid them from passing such a law on you directly.
Why can you save 20-25% of your salary tax free, but only if you work for a Corp? If you don't you're limited to the $3000 IRA max? Unequal application of law is unconstitutional, no?
Fact is, Corps can be directed to enforce law outside the boundries of the Constitution. Their use to that end is pretty much the definition of Fachism.
So, it is the US Government pulling this. That's why they created DMCA and are pushing CBDTPA. Both are, basically, laws on commerce that ultimately impose and enforce a legal framework upon you that could not otherwise be established.
Trusted Virii (Score:2, Interesting)
What would be interesting would be a virus or trojan that builds its own layer of "trust".
In order to "trust" an application there has to be some way to ensure another application doesn't disable or modify it. Now imagine a virus exploits a trusted application and is now in the trusted realm. You wouldn't be able to remove it because the MMU is protected at the hardware level. Does this mean that virus scanners must be trusted more than the average stock app or bank app? Or is this the end of automated virus detection.
A Plea to Responsible Computing Professionals (Score:3, Interesting)
We can no longer afford the luxury of being apolitical. We must stand up for our principles, not only in word, but in deed as well. That means refusing to create the tools by which we, our families, and our friends will be subjugated.
I trust that all persons with even the slightest shred of honor or dignity will stay well away from this invitation to sell out the rest of their community.
Schwab
Re:Microsoft Palladium Nightmare Scenarios (Score:3, Interesting)
"Oh, Outlook 2000 is trying to write to the registry! "
"Oh, IE is attempting to send 5374 mail messages! "
Kick the user's head by requiring a certain security clearance for "", and an idiot warning to boot.
Man, I thought OSS folk were smarter than MS coders!
Why the heck do you need a Palladium Agent to implement this?
Jack Valenti still rants about "standards for wrapping digital content in uncopyable layers of encryption" and Senator Fritz Hollings is trying to push through a bill to make it mandatory. Do you think Microsoft is responding to this, or do you think they are looking out for their valued customers?
Re:Paypal, CDNow, tons of examples come to mind (Score:3, Interesting)
Depending on how pedantic you're willing to get, you could say Palladium is "the working name given to some software" and leave it at that. The referenced article, however, deals specifically with DRM as one of the likely uses of Palladium technology so please be willing to make that herculean logical leap when posting.
No one is forcing you, or will force you to use anything related to Palladium
Gee, ya think? Nobody claims that MS is holding a gun to anybody's head, how on earth does that invalidate comments about the program? Nobody held a gun to your head and forced you to read the previous poster's comments, but I see that didn't stop you from replying.
Windows XP can phone home for you, or you can do it yourself. Big deal.
It is a big deal in that it is completely unnecessary with regard to the functionality of the product, and it presumes every install of XP is a criminal act involving pirated software until that transaction is successfully made to the satisfaction of Microsoft.
That check box clicking thing got you down? Whats wrong with software that offers to keep itself current? On the one hand you say MS sucks for its security problems, and then on other hand when they design software to help reduce exploitability after a compromise is found you freak out. You cant have it both ways.
Irrelevant trolling. The issue is not that MS generously wishes to fix the bugs in its software mere months after the are brought to enough people's attention that they can no longer be successfully ignored; the issue is that MS insists on packaging unknown, untrusted (by the user), unrelated malware and asserting insane levels of control in the attached EULA, which one of course must click in order to have the original bugs fixed.
I have no idea what you are talking about, but its definately not related to Palladium
If you don't understand how hardware-enforced encryption to which I do not hold the key running on my machine might be likened to a blackbox, then your statement is more of a personal admission of general confusion than the smart, stinging rhetorical question you probably had in mind.
Re:Paypal, CDNow, tons of examples come to mind (Score:2, Interesting)
No. I use the mp3 format to rip hundreds of CDs which I purchased in order to burn them onto CD and listen to them in my car. Your plan penalizes me, allowing me only unlistenably poor copies of music I have already paid for.
GNU/Linux is important to him (Score:2, Interesting)
It takes a very great man to see his life's work taken for granted by all without any recognition. In effect Linux has killed the ambition of the GNU project, which was to come up with an alternative Unix system written from scratch.
GNU started with the compiler and the utilities and put the kernel last. This made sense at the time if you wanted a usable system at every point. Linus came along with his kernel and stole the show. Nothing wrong with that but it is true that the community should recognize RMS's contribution. A few do but the majority see him as a crackpot.
He is not. In his place most people would react the same, or worse.
Re:Get a job writing the TCPA bios for trusted lin (Score:3, Interesting)
But that is not always possible to enforce.
Consider your average bank branch. The machines are owned and administrated by the bank, but in daily use by employees, who are of variable trustworthiness. 99.9% of bank employees can be trusted, but for that 0.1%, you need mechanisms in place to thwart attempts to introduce foreign software that hasn't been vetted by the site administrator (N.B: the site administrator vets the software, not Micros~1 or the {MP,RI}AA).
For instances where the software needs to be updated, the site administrator has the digital certificate for all the machines under his/her control. After verifying that the software does what is expected, s/he signs the binaries with the certificate and ships them off to be installed site-wide. So legitimate installations happen without incident, and unauthorized installations are made NP-hard.
Schwab