Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Editorial Your Rights Online

RMS Urges Opposition to "Trusted Computing" 522

Andy Tai writes "In this Newsforge article, Richard Stallman analyzes the "Trusted Computing" initiative and Microsoft's Palladium, points out that such initiatives are really means to ensure your computer can be trusted by Microsoft and Hollywood (you can't do things they don't want), and urges computer users to organize, to support the Public Knowledge and the Digital Speech projects and to use their consumer power to block "Trusted Computing" in its tracks."
This discussion has been archived. No new comments can be posted.

RMS Urges Opposition to "Trusted Computing"

Comments Filter:
  • by autopr0n ( 534291 ) on Tuesday October 22, 2002 @03:44PM (#4507402) Homepage Journal
    I'm absolutely flabbergasted that RMS would oppose this. Flabbergasted. :P
  • lol (Score:3, Interesting)

    by Quasar1999 ( 520073 ) on Tuesday October 22, 2002 @03:45PM (#4507405) Journal
    Ya, just like I 'trust' the banks with my money, and I 'trust' the .... ^H^H^H^H^H^H^H^H^H

    Wait a minute? I do... and so far it seems to work... BLOODY HELL! How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work... Anyone???
    • Re:lol (Score:5, Insightful)

      by Anonvmous Coward ( 589068 ) on Tuesday October 22, 2002 @03:48PM (#4507442)
      Well, the bank has incentive to not screw with you a whole lot. Mainly because of the competition and mainly because the Gov't takes that type of crap very seriously.

      MS doesn't have niether competition nor federal mandates preventing computers from being restricted.
      • by sakeneko ( 447402 ) on Tuesday October 22, 2002 @05:19PM (#4508259) Homepage Journal
        Well, the bank has incentive to not screw with you a whole lot. Mainly because of the competition and mainly because the Gov't takes that type of crap very seriously.

        The bank knows that the big, bad SEC will be breathing down its neck in a microsecond if it crosses certain boundaries. Both the banking laws and banking tradition keep its competitive force/greed in check.

        The high-tech world hasn't got the equivalent of the SEC. And, of course, it doesn't WANT an SEC looking over its shoulder, although Microsoft's behavior certainly indicates it needs one. :/

        Even parts of the high-tech world that overlap on the SEC's territory, like online banking (PayPal, anyone?) or online stockbroking, are often not regulated as the equivalent real-world businesses would be. PayPal, for example, doesn't operate under the same laws and regulations as a bank, although its business is unquestionably banking. That's why I won't use PayPal.

        Stopping Microsoft and the RIAA on the "Trusted/Treacherous Computing Initiative" is going to take both a grassroots refusal to use products that have that technology and a significant political effort. Time to call the EFF....

      • Oy... (Score:5, Funny)

        by Inoshiro ( 71693 ) on Tuesday October 22, 2002 @06:10PM (#4508631) Homepage
        "MS doesn't have niether competition nor federal mandates preventing computers from being restricted."

        That sentence should be dragged out into the street and shot.

        Too bad that Grammar guy isn't here to point out the tragedy of double negatives, improper spelling, confusing wording, and a run-on sentence all in one! It's like looking at a 16-car accident.
    • by Brento ( 26177 ) <brento AT brentozar DOT com> on Tuesday October 22, 2002 @03:49PM (#4507446) Homepage
      How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work.

      Well, start with Paypal, which a lot of people trusted as a bank but then got screwed when Paypal froze their funds. Google for Paypal frozen accounts and you'll find tons of horror stories.

      Then move on to the online storage of credit card data, and think back to when CDNow got hacked and all their consumers' credit cards were tossed around to the public.

      I'm sure you'll get hundreds of examples here, but come on, you really don't have to think too hard.
      • that was their stupidity for using Paypal as anything more than a clearinghouse. I would never do any banking with a "bank" that I couldn't just walk into and ask for all my money in cash.
      • by AndroidCat ( 229562 ) on Tuesday October 22, 2002 @04:39PM (#4507910) Homepage
        I think you misunderstand. They don't want to spend the time and effort to make their computers trustworthy. Busy busy busy, too much work and effort.

        No, they want to make our to be computers trustworthy -- to them. Hardwired DRM would make them untrustworthy to me. ("You want to install operating system XYZ? Sorry, I can't do that Ron, it would bypass my DRM protection...")

        Hell, they control their computers and websites and transaction processing. So why do they make idiot mistakes? Let them install secure operating systems that prevent those kind of fsckups first.

        I'd rather hand over all my root accounts or just install BackOrifice for them than give them what amounts to hardware control.

        And Microsoft is evil.
        An operating system that needs to phone home to properly install.
        Software that wants to auto-update. (Blocked suckers!)
        And now "DRM" that basically gives them a hardware blackbox that they control inside the machine I paid for? I. Don't. Think. So. (And I still have my hand-soldered 8085 as backup.)

        Usually I think RMS is a bit of a loon, but in this I agree. (My initials are RMS too, can I sue him? :^)

    • Re:lol (Score:5, Insightful)

      by Maniakes ( 216039 ) on Tuesday October 22, 2002 @03:55PM (#4507511) Journal
      I can't find a good example where trusted 'fill in the blank' doesn't work... Anyone???

      Trusted CEOs of Enron and WorldCom?
      Trusted polititicans?

      In general you can trust people if:
      1. You through personal experience that they are trustworthy.
      2. You have thoughouly investigated their background.
      3. They believe the consequences of screwing you over are bad enough that screwing you over is not to their advantage.
      4. -- OR --
      5. The consequences to you of being screwed over are worse than the consequences of not trusting that person.
      Of course, this doesn't apply to trusted computing, which actually means that your computer doesn't trust you, not that you trust your computer.

      And remember, if you lend someone $20 and you never see that person again, it was probably worth it.
    • Re:lol (Score:5, Interesting)

      by NanoGator ( 522640 ) on Tuesday October 22, 2002 @04:00PM (#4507570) Homepage Journal
      "Wait a minute? I do... and so far it seems to work... BLOODY HELL! How am I supposed to make a point of how Microsoft's intentions are evil (which they clearly are), when I can't find a good example where trusted 'fill in the blank' doesn't work... Anyone??? ?"

      I'm puzzled how this is more 'flamebait' than 'interesting'. I think he makes a good point. There's nothing wrong with stopping and asking "Why should I follow the anti-MS stampede?". If you guys knee-jerk against every single thing that MS says or does, then how's anybody going to take you seriously when they do something that's really really bad.

      As for my response: The main reason I'm against this is that the wrong problem is getting solved, and the consumers get burned for it. The problem is not that computers need to be restricted so that Hollywood can feel safe with digital content, the problem is that Hollywood needs to learn how to make it in this market.

      Hollywood doesn't understand that people are happy to pay for service, but they can't pay until the service is provided. Right now, I could go download a bunch of movies from kazaa. What would that experience be like? Well, I get varying quality, unreliable connections, and it takes hours (sometimes days) to get a movie to come down. Now if I could pay $5 to download a guaranteed high quality movie at a speed of 100KB/s, why would I even care about Kazaa?

      If the internet got to the point that p2p could work that fast, then the pressure is on Hollywood to provide a better service. "The first 100 people to buy this movie will also recieve a still from the movie..." or something like that.

      PC's and the Internet are marketing opportunities, they are not exploits designed to put Hollywood out of business. If they're not willing to get with the times, then they don't have any reason to get computers regulated with technology like Palladium.
      • Re:lol (Score:5, Insightful)

        by schon ( 31600 ) on Tuesday October 22, 2002 @04:22PM (#4507758)
        There's nothing wrong with stopping and asking "Why should I follow the anti-MS stampede?"

        True enough... but using logic like "I trust banks, so why not trust MS" is pure lunacy..

        Banks are required (by law) to be FDIC insured. There is none of this "we take no responsibility for your money - if we get robbed, you'll lose it, even if it was our fault" mentality that MS seems to have (read your EULA some time)

        If a bank decided (for no reason) to tell you "I'm sorry, I don't feel like giving you your money", they can be shut down, and the officers thrown in jail.

        As soon as MS takes some responsibility for their products and services, maybe I'll start to trust them.
        • Re:lol (Score:5, Insightful)

          by dogfart ( 601976 ) on Tuesday October 22, 2002 @04:42PM (#4507940) Homepage Journal
          True enough... but using logic like "I trust banks, so why not trust MS" is pure lunacy.. Banks are required (by law) to be FDIC insured. There is none of this "we take no responsibility for your money - if we get robbed, you'll lose it, even if it was our fault" mentality that MS seems to have (read your EULA some time)

          And keep in mind that banks weren't always so trustworthy, and that it has taken centuries of bank failures resulting in economic slowdowns before we have reached the current state of "trust". The first central bank in the US was chartered in 1791. Nationally chartered banks were established in the mid 19th century, to ensure a stable consistent national currency. The current Federal Reserve system was established in 1914. Bank failures during the great depression of the early 1930's resulted in more regulation under the New Deal.

          Banks were once not considered trustworthy - hence the tales of old folks with their life's savings hidden under their mattress. The current state of trust in banking institution results from a long painful history of experiments, failures (and lost savings) and government regulation. Banks are perhaps the most regulated and most audited commercial organizations in the country.

          Banks have had to earn their trust in ways Microsoft never has (and likely never will)

    • Re:lol (Score:3, Funny)

      by teamhasnoi ( 554944 )
      trusted 'fill in the blank' doesn't work

      I think I've found a couple...Trusted:
      Left-out Milk
      Serial Killer
      Steve Balmer's anti-persperant
      Outlook Attachment
      Full-Bladdered Dog
      panhandlers
      monopoly
      little Brother/Sister
      Moderation
      Romulans
      Slashdot the Grammar
      Slahsdot Slpeeling
      Slashdot Obituaries
      Blind barbers
      Stoned roommate & leftover pizza
      Kazaa downloads
      Fox news
      Shadow Government
      One calorie soda
      Lite Beer
      Heroin Junkie & nice sterio
      Microsoft's User Testimonials
      EULAs
      Politicians
      8 track Tapes
      clean underwear
      Transvestites
      & blood transfusions in Hati.

      Thanks, I'll be here all week.

    • Re:lol (Score:5, Insightful)

      by mcc ( 14761 ) <amcclure@purdue.edu> on Tuesday October 22, 2002 @04:34PM (#4507863) Homepage
      The fact the word "trusted" is in this thing means NOTHING. The word is just there as a PR thing, something microsoft set up to make people feel all warm and fuzzy toward them. I could move into your neighborhood and start a program i call the "community trust system" in which you pay me money, and as a result you get to sleep safe at night trusting that my hired thugs will not come smash in your windows... and the fire department, which i have bribed, will actually come to your aid in the case of an unfortunate fire at your house... but that wouldn't have anything to do with either "community" or "trust". It would just be extortion. ..but then, if I also paid off the town newspaper and made sure that all anyone from other sections of town heard about was how great it was that the areas with the Community Trust System had much lower crime, then people on the other side of town would walk away thinking the Community Trust System was something really good.

      This is what the RMS bunch never gets. If you let the other side set the language of the debate, they start out with a huge advantage. If you just sit there and LET the debate begin in a mode where "trusted computing" is always being used to describe "computing in which microsoft, not the owner of the box, is the one who has final say-so as to what happens on that box" (or "computing in which the user is not trusted at all".. really, palladium is a complicated concept, and trying to reduce it to one catchphrase is just silly).. and "anti-piracy" is always used for "prevents copying".. and "digital rights management" is always used for "technology which lets providers of copyrighted material limit the manner in which that material is used"..

      If you let that happen, you're always at a huge disadvantage, because people who walk into the debate late will hear RMS or whoever saying "and so, Trusted Computing is bad!" and they'll go "wait, Trusted Computing sounds good! huh?"

      This is made even worse in this particular case becuase the technical issues are simply beyond the grasp of the average person. Unless you have a pretty decent idea of how a computer works, you can't understand what Palladium does, and it takes quite a while for someone to explain to you what Palladium's effect for the consumer will be. As such, the average person, upon hearing about all this, will be faced with two sides to the debate: Microsoft's version of things, which is incredibly simple and easy to grasp because Microsoft is oversimplifying the truth to the point where it's practically out and out lying, and the Free Software People's version of things, which is disgustingly, disgustingly complex becuase it tells the whole truth, with all its confusing technical details and collateral damage. (Well, and becuase the Free Software People are a large, disorganized, and largely not very eloquent group, whereas Microsoft has everything being written by PR firms, and a large advertising budget.) Who do you think the average person is going to listen to? It seems obvious to me-- they simply won't be able to wrap their heads around what the Free Software People are saying. People may walk away with some vague sense Microsoft may be up to something shady, but they'll assume that even if it gives Microsoft lots of power, Palladium does the things Microsoft says it does (which it doesn't, not effectively), and will just forget about all those "side effects" that they heard about but didn't understand.

      For people who spend so much time haggling over hacker vs cracker and the whole "GNU/" thing, it always seems so wierd to me they don't get that one simple thing. The vocabulary of the debate matters.

      Remember, always remember: With Trusted Computing, you are not the consumer. You are the product. You are being sold to entertainment companies by Microsoft-- and they are paying Microsoft not in money, but by agreeing to use Microsoft's platform for "digital rights management", and Microsoft benefits in that they get validation for their secure, locked-down stranglehold on every single step within the computer between your fingertips on the keyboard and the rays of light coming out of the monitor. (And, of course, if things turn out the way MS hopes, eventually things will reach the point where your average computer user can't realistically ever switch Palladium off, because if they do there will be too many programs they can't run and too many websites they can't visit.) Of course, if Microsoft ever does secure that degree of control, you can bet the entertainment industries will wind up paying Microsoft a decent amount of money, if nothing else for the licensing to encode and decode into the formats of Microsoft's secure platform..
      • Re:lol (Score:3, Insightful)

        If RMS doesn't understand the vocabulary issue, then why does he refer to "trusted computing" as "treacherous computing" throughout the article?
  • by Anonymous Coward
    He just wants it to be known as GNU/Palladium.
    • Re:Misinterpreted (Score:2, Insightful)

      by thelexx ( 237096 )
      Imagine a Beowulf cluster of idiots attaching GNU to everything RMS ever said and never letting the world forget what they think Gore said. Or just imagine Slashdot, same thing.

  • by SerpentMage ( 13390 ) on Tuesday October 22, 2002 @03:46PM (#4507423)
    I personally think RMS is a kook and an extremist.. Like most "spirtual" leaders are. BUT and this is a big BUT, thanks to people like him and L Lessig our world is being attended to...

    I consider myself more of a business person and see the world in shades of grey. Sure that is great for earning an income, the problem though is that my shade of grey might change from a more white grey to a more black grey. And that switch is an erosion of power that I only realize when it is too late... At that point my black grey is a white grey for most people because they have "gotten" used to it.

    So hats off Mr RMS...
    • Yeah, he's pretty Naderiffic.

      As far as your "grey" issues go, perhaps you should try Grecian formula?
    • SerpentMage:Blah, blah, white grey, black grey, erosion, etc...

      YourMissionForToday: and try new pink grey!

      See how funny my post was compared to yours? And you know why? Because I use drugs. That's all you need to do. That's the key!

    • I consider myself more of a business person and see the world in shades of grey. Sure that is great for earning an income, the problem though is that my shade of grey might change from a more white grey to a more black grey. And that switch is an erosion of power that I only realize when it is too late... At that point my black grey is a white grey for most people because they have "gotten" used to it.

      There's a solution to this: Pull Your Head Out Of Your Ass.

      It's bad business to ignore the long-term affects of your short-term "compromises"
    • So, you disapprove of him in some unspecified way, but thanks to him and the other "kooks," your "world is being attended to?" Thank goodness that RMS is doing the work that you are too "normal" to do, Mr Business Person.

      My first reaction to your post is "screw off."

      My second is to make a list of all the things that could not have flourished over the past 10 years if Stallman had not, in an obvious fit of "kookiness," started the GNU project:

      Linux
      FreeBSD
      MacOSX
      OpenBSD
      OpenSSH
      pgp
      G NUpg ... and anything else for which you are required merely to type 'make.'

      Free software has more than the wonderful effect of "attending to" your world. It has Ballmer openly crapping himself during keynote speeches. It has some governments considering the radical move of removing their dependency on software made by foriegners with nationalist concerns in a world where freedom and your ability to run software are becoming more and more the same.

      Think of what you do in a day: use the ATM, check your email, check your voice mail, get mail on paper, read the newspaper, watch television, get water from the tap, turn on the lights, listen to some music. Now picture that all running on software owned by the "Trusted Computing" infrastructure, which decides what you are and are not allowed to do with the stuff for which you pay. Feel a little "kooky?"
  • by Frothy Walrus ( 534163 ) on Tuesday October 22, 2002 @03:46PM (#4507428)
    ...RMS made quite a fool of himself at MIT's recent Palladium discussion. Highlights include taking the podium uninvited, having Ron Rivest (the "R" in RSA) tell him to please stay on-topic, and delivering his stock rant under the guise that it was topical.

    RMS is a dork. A principled dork, but a dork nonetheless.
    • by Clue4All ( 580842 ) on Tuesday October 22, 2002 @03:49PM (#4507448) Homepage
      Kernel developers also want to have him banned from the LKML for constantly spamming it with off-topic political discussions. Story here [linuxandmain.com].
      • Kernel developers also want to have him banned from the LKML for constantly spamming it with off-topic political discussions.

        Wrong! One missguided person wants him banned. Everyone else thinks that he is annoying but generally harmless.

        Most ernel developers understand that censorship doesn't solve anything.

      • by Anonymous Coward
        First of all, he has not constantly spammed the list. Secondly, as anyone following those threads on LKML can see, most kernel developers have no problem with RMS.
      • by Chops ( 168851 ) on Tuesday October 22, 2002 @06:00PM (#4508552)
        This is wrong -- Chris Hellwig wants him banned from LKML. Alan Cox [iu.edu], Roman Zippel [iu.edu], Adam Richter [iu.edu], Jeff Garzik [iu.edu], Andrew Morton [iu.edu], and Larry McVoy [iu.edu] want not to have him banned (for reasons of free speech and the efficacy of killfiles for those who don't want to hear him), and so far no one's piped up agreeing with Hellwig. It would be correct to say that "a kernel developer" wants to have him banned.
    • by manyoso ( 260664 ) on Tuesday October 22, 2002 @03:55PM (#4507514) Homepage
      It was definately an awkward situation, but RMS should be applauded that he is willing to put himself on the hook for something he believes in. Make no mistake, Palladium is an absolute nightmare and I'll bet Richard understands that better than most of us. Brian LaMaccia gave a pleasant talk, but he was also disengenious. Someone asked Brian how he felt about developing something that could be used for some horrendous purposes. He said that if and when that happened he would quit. Apparently he does not believe the elimination of Fair Use to be a horrendous purpose. Tells you a little about where these people stand.
    • by haggar ( 72771 ) on Tuesday October 22, 2002 @05:01PM (#4508107) Homepage Journal
      The more I read about his guy the more I respect him. He let himself ridiculed in order to inform the public at large about important issues. Issues not easily understood by most people and yet, that will affect everybody's life.

      RMS is being laughed at by people like you, but I believe humanity has a chance of advancing because of RMS and people like him. People who's vision goes beyond their own good.

      No, I don't have the courage to do things RMS does, but that doesn't mean I don't think highly of him.
  • by manyoso ( 260664 ) on Tuesday October 22, 2002 @03:50PM (#4507454) Homepage
    I've recently attended Microsoft's Palladium talk at MIT. Brian LaMacchia, a
    former student, returned to his Alma Mater and gave a talk on some of the
    technical aspects of Microsoft's Palladium project. Brian began the talk with
    a quick overview of the goals of the project. He stated that Palladium's
    goal was to 'Protect Software from Software'. He went on to enumerate some
    of the nightmare scenarios that keep the Palladium team up at night, such as
    a virus/trojan that launches something worse than a Denial Of Service (DOS)
    attack.
    These included:
    • A virus/trojan that trades stock thereby disrupting the market
    • A trojan that activates and places an order on Amazon.com
    • A virus that publishes sensitive information such as private tax records

    After this brief introduction, Brian went on to describe a hardware based
    software security system that would provide 'Fingertip to eyeball security.'
    This system would consist of a hardware Security Support Component (SSC)
    chip, a special security kernel called the 'Nexus' and user level security
    applications called 'Agents'. Palladium would also require alterations to
    the MMU for the curtailing of memory and USB for secure input/output.

    Brian admitted that Palladium would offer no protection against DOS
    attacks and that Palladium would necessarily include a universal serial
    identifier (this
    would be provided by the RSA key burned into the SSC chip). He also promised
    that Palladium would run unmodified legacy applications and drivers.

    Problems surfaced during the end of the talk when Brian began taking
    questions. Richard Stallman correctly pointed out that Palladium was being
    presented as a way of improving the security of personal computers. Indeed,
    according to Brian, this was the focus of Microsoft's Palladium project, but
    no where in his talk did he present any solution to the crucial nightmare
    scenarios that are supposedly keeping the Palladium team up at night.
    Indeed, as was pointed out by Stallman and others, if Palladium would run
    unmodified legacy applications, then how could Palladium thwart the legacy
    virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?

    The truth is Brian was being disingenuous when he described the nightmare
    scenarios that motivate the Palladium team. In all honesty, there are only
    two nightmare scenarios that are relevant to the Palladium project:
    • The nightmare scenario of the large copyright holders who fear the
      internet
      has ushered in the end of there ever ballooning bottom line
    • The nightmare scenario that Palladium will allow the large copyright
      holders
      to effectively eliminate the fair use rights of the public

    With Palladium, Microsoft plans to solve the former by introducing the latter.
    To get to the heart of the matter, we have to ask _why_?

    Brian says Microsoft is concerned that large copyright holders will refrain
    from publishing works in formats compatible with the Windows PC. My theory?
    Microsoft sees an opportunity to bolster there own
    bottom line. Palladium is meant to do for DRM what .NET was supposed to do
    for web services.

    By providing the infrastructure, Microsoft hopes the content companies will
    write applications and release content only for Palladium enabled systems.
    Joe Consumer who wants to listen to the next Brittany Spears album on his
    computer will be forced to upgrade to the next release of Windows/DRM. Of
    course, it doesn't hurt that Palladium could provide quite a few wrench's to
    throw at Microsoft's open source competitors.

    Nightmare scenarios indeed!
    • by Fiveeight ( 610936 ) on Tuesday October 22, 2002 @04:14PM (#4507693)

      'Fingertip to eyeball security.' ? Sounds pretty low tech to me...
      *POKE*
      "Arrgh! I'm blind!"
      "He won't be sharing any more images"

      All they need now is 'Palm-to-eardrum' security, and they can wipe out MP3 sharing too.

    • Indeed, as was pointed out by Stallman and others, if Palladium would run unmodified legacy applications, then how could Palladium thwart the legacy virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?

      Sandboxes and an agent watching the mail spool.

      "Oh, Outlook 2000 is trying to write to the registry! "

      "Oh, IE is attempting to send 5374 mail messages! "

      Kick the user's head by requiring a certain security clearance for "", and an idiot warning to boot.

      Man, I thought OSS folk were smarter than MS coders!

      The truth is Brian was being disingenuous when he described the nightmare scenarios that motivate the Palladium team. In all honesty, there are only
      two nightmare scenarios that are relevant to the Palladium project:


      Stop thinking like a medieval catholic zealot, and start thinking like a modern-day person.

      MS et al really, truly believe that what they're doing is the right thing. Their arguments are not "justifications" for "controling your computer"--they're honestly believed arguments.

      I could as soon say that Stallman just wants to not pay for software because he's cheap, and be just as accurate as you saying that MS is driven by a desire to disallow fair use.

      Of course, it doesn't hurt that Palladium could provide quite a few wrench's to throw at Microsoft's open source competitors.

      Maybe... but MS knows that OSS is a competitor, and that OSS will hack its way into useabilty no matter what they try and pull (remember deCSS?).

      I suspect that MS will push palladium, and succeed, and license their software along with the Palladium hardware chip--thus allowing them an effectively "free" Linux binary distribution angle, which means that there won't be as many coders working to crack it.

      Stallman isn't an unbiased or "reasonable" person in this debate. Trusted Computing ideas are, in some ways, in direct competition with his agenda--but that doesn't mean that they're totally wrong or immoral, or "trecharous computing." It just means that it's not likely to be advocated by the FSF anytime soon.

      • Let that be:

        "Oh, Outlook 2000 is trying to write to the registry! [abort] [inspect] [allow]

        "Oh, IE is attempting to send 5374 mail messages!
        [abort] [inspect] [allow] "

        Kick the user's head by requiring a certain security clearance for "
        [allow] ", and an idiot warning to boot.


      • by SirSlud ( 67381 ) on Tuesday October 22, 2002 @04:32PM (#4507848) Homepage
        Funny, I've yet to come across a working environment where we do what 'right'. Usually we supply a solution for a demand in our marketplace.

        Windows User A isn't smart enough to 'demand' trustworthy computing, so I don't believe they're doing it because users are asking for it. MS might be doing it because they think its the right way to win back frusterated users (or at least turn their customers' love/hate relationships into love relationships) .. if it does indeed end all of the sketchy goings on of Windows User A's computing experience. I'm certainly willing to believe that thats a healthy portion of the justification of Palladiums development.

        However, can you honestly tell me that MS doesn't smell the yumminess coming from owning the 'Word Format' of pop culture?

        Granted, maybe they just think its 'right', in the sense that their tactics to own the .doc format of pop culture are the kind of tactics that leads to a healthy, progressive techological marketplace in which we all benifit by achieving maximum efficiency out of the resources available .. but thats the shakiest justification of them all. And the DOJ has already supposedly told them that it isn't true.
      • by manyoso ( 260664 ) on Tuesday October 22, 2002 @04:34PM (#4507868) Homepage
        Sandboxes and an agent watching the mail spool.

        Sure, but then this is not a part of Palladium. MS offered _zero_ ways Palladium might defeat these attacks. Therefore, it is rightly understood that Palladium has absolutely nothing todo with what we normally think of 'security'.

        Stop thinking like a medieval catholic zealot, and start thinking like a modern-day person.

        What the hell are you talking about? Do you normally randomly spew incoherant phrases? What do you have against making sense?

        ... and be just as accurate as you saying that MS is driven by a desire to disallow fair use.

        Were you at the talk? Are you aware that Brian admitted that the elimination of Fair Use was one of Palladiums goals? This is not in contention. What is in contention: Microsoft passing 'security' off as the primary goal.

      • Sandboxes and an agent watching the mail spool.

        "Oh, Outlook 2000 is trying to write to the registry! "

        "Oh, IE is attempting to send 5374 mail messages! "

        Kick the user's head by requiring a certain security clearance for "", and an idiot warning to boot.

        Man, I thought OSS folk were smarter than MS coders!


        Why the heck do you need a Palladium Agent to implement this?

        Jack Valenti still rants about "standards for wrapping digital content in uncopyable layers of encryption" and Senator Fritz Hollings is trying to push through a bill to make it mandatory. Do you think Microsoft is responding to this, or do you think they are looking out for their valued customers?
      • Palladium is not required in order to implement a sandbox for the current crop of pathetically insecure WinDOS applications. That goal can be achieved by simply adding a "sandbox execution mode" to the Win32 subsystem. Nothing as grandiose as Palladiums is required.

        OSS Zealots ARE smarter than MS coders. They're smarter than MS shills too...
    • ...
      He went on to enumerate some
      of the nightmare scenarios that keep the Palladium team up at night, such as
      a virus/trojan that launches something worse than a Denial Of Service (DOS)
      attack.
      These included:

      • A virus/trojan that trades stock thereby disrupting the market
      • A trojan that activates and places an order on Amazon.com
      • A virus that publishes sensitive information such as private tax records
      ...
      Indeed, as was pointed out by Stallman and others, if Palladium would run
      unmodified legacy applications, then how could Palladium thwart the legacy
      virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?

      Well, duh, if the user wants to run insecure applications, fine, Trusted Computing won't stop him. But if he wants to run secure applications, it will let him. The point of Trusted Computing is that, for example, the stock broker's computer can tell
      1. that it is really talking to the client's computer,
      2. that it is talking to a secure application, not a trojan emulating the protocol,
      3. that the application is running on the operating system it thinks it is running on,
      4. that the computer was booted in secure mode,
      5. that when the user is asked for the password, the user is actually physically present.

      There is no way to tell those things without hardware assistance.


      It is fine to point out the potential downsides and abuses of the technology but there really are uses for it to improve security! For RMS to pretend otherwise is wrong.

      • Word usage (Score:5, Insightful)

        by fizbin ( 2046 ) <martin@snoFORTRA ... g minus language> on Tuesday October 22, 2002 @04:43PM (#4507957) Homepage
        Please, please do not use the words "secure application" when what you really mean is "approved application".

        What I suspect you really mean is "an application that is doing only what the user intends that application to do". However, that is not necessarily the same as "approved application". (Since software vendors can stick all sorts of cruft and spyware into their "approved" applications) Some Palladium supporters would like everyone to assume that they are the same, and the use of "secure application" supports this confusion.

        "Secure application" presumably means, among other things, "an application that is not vulnerable to attempts to make it misbehave". This is also not what "approved application" means.

        I wonder - if an approved application contained a buffer overflow or other vulnerability, would it be possible to write a trojan that would operate entirely through that vulnerability as though it were a trusted application? (e.g. a trusted server could be exploited remotely and then the trojan code loaded into memory, running as a thread of the trusted server process) Tricky perhaps, but I've not heard anything that makes me think that Palladium will avoid that scenario.
      • No it is not simply 'duh'. Microsoft would have us believe that Palladium is primarily intended for the elimination of these virus/trojan.

        " ... if the user wants to run insecure applications, fine ... "

        If Microsoft is really concerned with these insecure applications then they could rewrite them without all of the obvious security holes. Palladium is not needed for this. It is _huge_ overkill. Come on, Microsoft says that Palladium will run with legacy applications and they also say that Palladiums primary purposes are security. But, unless you upgrade all of your software (not to mention drivers) to use Palladium then there is no security?! It is freakin obvious that Palladium has nothing whatsoever to do with 'security'.
      • As soon as you introduce the network, all bets are off. At that point, all the recieving server can be sure of is that it recieved packets that "look right". Anything else is an ASSUMPTION on the part of the server.

        So, while you are putting in place the framework that can enable the elimination of general purpose computing you are also giving the technically naieve a false sense of security.
  • Trust? (Score:5, Insightful)

    by dacarr ( 562277 ) on Tuesday October 22, 2002 @03:53PM (#4507487) Homepage Journal
    So Hollyweird, the leading offset press for movies and music, and Micro$oft, to whom I've never paid a dime, don't feel they can trust me because inherent in my Linux based computer is my ability to work a warez server? Whatever happened to the days of normal commerce, where if something new and innovative came in and beat the snot out of the original people (in this case, what Linux (sorry, RMS, GNU/Linux) seems to slowly be doing to Microsoft), the original people adapted?

    And what of Microsoft? Remember, I don't use their operating system at home - and to reiterate, I've never paid them for anything, so why should I bow to their dictates, especially since I don't use their product?

    I thought that was how the free market was supposed to work, but I guess the market ain't so free now.

  • i generly find rms's writing a bit, uhhhh, well, you know. But he always has something interesting to say. This article is dead on. Unfortunately, he's preaching to the converted.
  • by Kaz Kylheku ( 1484 ) on Tuesday October 22, 2002 @03:56PM (#4507523) Homepage
    Okay, so you have a piece of hardware with a proprietary operating system. So far so good. But now with trusted computing, that system won't load any component that is not signed by a trusted party. It's not about you trusting what you run, but about Microsoft choosing who gets the privilege of writing software for the platform. If Microsoft doesn't like you, for whatever reason, they can just refuse the signature that is needed for your software to load. This is basically where it is headed; it's the one sure way to use your monopoly to crush the competition, in particular open source. Even if some open source developers get Microsoft to approve their program, that signature will be applied to a particular binary release. The users cannot roll their own binary from the sources, because that won't carry the signature of a ``trusted'' certificate. So basically the operating system vendor regains control as the gatekeeper who determines what will run on your machine. What's worse, if the hardware vendors follow suit, then a certificate will be required by an operating system to boot on the hardware. If you are lucky enough to get a signed version of your favorite free kernel, good luck rebuilding it. The developers may be forbidden from giving you the certificate, if they get to d the signing themselves. That key is copyrighted bits, right? Letting everyone have it would be against the DMCA.

  • by JumpingBull ( 551722 ) on Tuesday October 22, 2002 @03:58PM (#4507546)

    Although RMS does arouse some passions within the slashdot community, in this, I believe, he is right.

    There is, in English Common Law history, a subject area, called the Enclosures Acts, where vast quantities of land were removed from common use, and awarded to landowners in what was a thinly veiled land grab.

    It had justification, of course. Private Ownership was deemed more efficient by those that grabbed the land. Far be it for the government to disagree. The whole idea of common weal ( as in commonwealth) was called The Tragedy of The Commons.

    It would appear that history is attempting to repeat itself. If computing can be controlled by a trusted source - Who will that trusted source be?

    This age old problem, can be solved in a number of ways - a dictatorship, or, a democracy, or...

    Not quite trusting my fellow man, I think I would rather do my own choosing. But then, I use GPL'd software. A lot. And your choice will be?

  • by MichaelCrawford ( 610140 ) on Tuesday October 22, 2002 @04:02PM (#4507587) Homepage Journal
    I applied for this last night before I fully realized what I was submitting my resume for:

    JOB DESCRIPTION Do you want to change the way people see, hear and play? Our client is looking for a Boot-Level Programmer for their San Jose offices. Music, motion picture, television, computer entertainment, and online businesses make our client one of the most comprehensive entertainment companies in the world.

    As the Boot-Level Programmer, you will modify the boot code of an embedded Linux platform to incorporate communications to a new hardware chip (TCPA /TPM) and check the system integrity. You will have to take the source code for an existing boot ROM and integrate calls to a TPM chip to check the system integrity as consistent with TCPA. You must understand TCPA and embedded devices.

    I figured TCPA was just some buzzword I could pick up out of a book if I got the job. I do that all the time. But no:

    Trusted
    Computing
    Platform
    Aalliance

    The blurb about "changing the way people see, hear and play" just didn't register.

    I hope they do call me though. I'll give them a piece of my mind, followed by the URL of my DeCSS mirror [goingware.com].

    Now I ask you this: if they're verifying the "system integrity" of a linux box with the TCPA, are they complying with the GPL?

    • We can no longer afford the luxury of being apolitical. We must stand up for our principles, not only in word, but in deed as well. That means refusing to create the tools by which we, our families, and our friends will be subjugated.

      I trust that all persons with even the slightest shred of honor or dignity will stay well away from this invitation to sell out the rest of their community.

      Schwab

  • Typical RMS (Score:4, Interesting)

    by Planesdragon ( 210349 ) <slashdot&castlesteelstone,us> on Tuesday October 22, 2002 @04:04PM (#4507601) Homepage Journal
    Man, I can see DRM and Palladium getting closer every day.

    Stallman's examples this time are rather simplistic. His concerns about "DRM", aside from the "I want to be able to shock myself" degree of control he wants for PCs, aren't all they're chalked up to be. Calling it "trecharous computing" makes him sound like a kook, not a serious voice.

    To wit:

    "Your boss's e-mails will be written in disappearing ink!"

    "You won't be able to send incrimiating documents to the press!"

    Any corporate system that causes the main focus of communication to automatically expire with no way to retrieve it is a poor business model, not an aspect of trusted computing. Investigative and Corporate preferences aside (after Enron, do you REALLY think that it'd be hard for Congress to slap a "records requirement" on corporations?), someone should be able to mark their e-mails as "archived." And you can always just print out the document...

    And, if some company is too paranoid to keep any e-mails and advanced enough to be truly paperless, there's still a digital camera and the on-screen display. Or the simple expediency of calling the cops...

    As for the rest--if MS wants Word to be Word-only, more power to them. It'd keep some large usability problems from arising, and quickly tone down word e-mail.

    Postscript 2 really irks me. I'm no programmer, but even I can imagine a system where "untrusted" code & docs are run in a "sandbox," where they can't do any real harm and the user can still use them. Given six months of speed increase, the user probably won't even notice the difference between "game on new system's emulated layer" and "game on old system raw."

    *sigh*
    • Re:Typical RMS (Score:4, Insightful)

      by cgreuter ( 82182 ) on Tuesday October 22, 2002 @04:52PM (#4508040)
      Calling it "trecharous computing" makes him sound like a kook, not a serious voice.

      I was talking about Palladium with a geek friend of mine the other day and after a while, he pointed out that I sounded like I should be wearing a tinfoil hat.

      And he was right. But it was all true. Palladium is one of those things that, if you explain it to non-geeks, makes you sound like a conspiracy theorist.

      So, I've resolved to keep my explanation simpler. If any non-geek asks me about Pd, I'll just say that it's just MS trying to protect its monopoly and that it will make it a lot harder to make backup copies of movies and music.

      Both are (IMHO) true and plausible and don't make it sound like the evil conspiracy it really is.

  • by Anonymous Coward
    I've recently attended Microsoft's Palladium talk at MIT. Brian LaMacchia, a
    former student, returned to his Alma Mater and gave a talk on some of the
    technical aspects of Microsoft's Palladium project. Brian began the talk with
    a quick overview of the goals of the project. He stated that Palladium's
    goal was to 'Protect Software from Software'. He went on to enumerate some
    of the nightmare scenarios that keep the Palladium team up at night, such as
    a virus/trojan that launches something worse than a Denial Of Service (DOS)
    attack.
    These included:

    • A virus/trojan that trades stock thereby disrupting the market
    • A trojan that activates and places an order on Amazon.com
    • A virus that publishes sensitive information such as private tax records


    After this brief introduction, Brian went on to describe a hardware based
    software security system that would provide 'Fingertip to eyeball security.'
    This system would consist of a hardware Security Support Component (SSC)
    chip, a special security kernel called the 'Nexus' and user level security
    applications called 'Agents'. Palladium would also require alterations to
    the MMU for the curtailing of memory and USB for secure input/output.

    Brian admitted that Palladium would offer no protection against DOS
    attacks and that Palladium would necessarily include a universal serial
    identifier (this
    would be provided by the RSA key burned into the SSC chip). He also promised
    that Palladium would run unmodified legacy applications and drivers.

    Problems surfaced during the end of the talk when Brian began taking
    questions. Richard Stallman correctly pointed out that Palladium was being
    presented as a way of improving the security of personal computers. Indeed,
    according to Brian, this was the focus of Microsoft's Palladium project, but
    no where in his talk did he present any solution to the crucial nightmare
    scenarios that are supposedly keeping the Palladium team up at night.
    Indeed, as was pointed out by Stallman and others, if Palladium would run
    unmodified legacy applications, then how could Palladium thwart the legacy
    virus/trojans without upgrading Palladium enabled Outlook/IE/IIS?

    The truth is Brian was being disingenuous when he described the nightmare
    scenarios that motivate the Palladium team. In all honesty, there are only
    two nightmare scenarios that are relevant to the Palladium project:

    The nightmare scenario of the large copyright holders who fear the

    internet
    has ushered in the end of there ever ballooning bottom line
    The nightmare scenario that Palladium will allow the large copyright

    holders
    to effectively eliminate the fair use rights of the public

    With Palladium, Microsoft plans to solve the former by introducing the latter.
    To get to the heart of the matter, we have to ask _why_?

    Brian says Microsoft is concerned that large copyright holders will refrain
    from publishing works in formats compatible with the Windows PC. My theory?
    Microsoft sees an opportunity to bolster there own
    bottom line. Palladium is meant to do for DRM what .NET was supposed to do
    for web services.

    By providing the infrastructure, Microsoft hopes the content companies will
    write applications and release content only for Palladium enabled systems.
    Joe Consumer who wants to listen to the next Brittany Spears album on his
    computer will be forced to upgrade to the next release of Windows/DRM. Of
    course, it doesn't hurt that Palladium could provide quite a few wrench's to
    throw at Microsoft's open source competitors.

    Nightmare scenarios indeed!
  • by Anonymous Coward
    The only problem I have with this site is with the positioning of that laptop.
  • by dh003i ( 203189 ) <dh003i@noSPam.gmail.com> on Tuesday October 22, 2002 @04:07PM (#4507625) Homepage Journal
    FACt: everything is politics.

    You're more than welcomed to just code in your own little world, do all your work in your own little world, etc. But politics is still involved, whether you choose to ignore it or not, and it still affects you.

    RMS realizes this and thus considers politics as integral in any software project.

    Palladium is all about politics. Its about the polics of the BSA, the RIAA, and the MPAA conrolling what you do through MS, which will undoubtedly make unholy alliances to please these parties and profit. Palladium is about MS trying to make the GNU/Linux OS an impractical choice for users, as no hardware would run it. MS may say this about technical matters -- i.e., security, virus-prevention, etc etc -- and it is in part; but there is also politics running through the fibers of this idea. Politics is ubiquitous in this Palladium project.

    As is predictable, everyone's been more than willing to jump on the "bash RMS" bandwagon. It actually reminds me of the Michael Jordan situation in the NBA. Here's a guy who's done alot for the NBA, alot for his team, and alot for basketball in general, and people are constantly criticizing him for making personal decisions which he had the right to make (i.e., to come out of retirement). Similar thing with RMS.

    Many criticize RMS for what he says or where he says it; i.e., mentioning such things in newsgroups or forums which are "not meant for discussing those issues". But the politics of what he talks about is relevant to kernel developers and coders, even if they're too stupid to realize it. RMS is not an extremist. Or, if he is, extremism in defense of liberty is not a bad thing.
  • by Jezza ( 39441 ) on Tuesday October 22, 2002 @04:14PM (#4507683)
    I don't think this is a question at all - we have to stand against this latest MS evil plan. Not everyone agrees with everything RMS says (though I do think that GPL style free software is a blessing, I'm not against software that's more restrictive - but there needs to be a choice) but on this issue I don't think there can be too many who think he's wrong.

    Afterall wasn't it Microsoft who lied in court? Or just last week about the "switcher"? They can't be trusted, it's that simple - they've shown that time and time again.

    As for Hollywood, well again why should my computer put the needs and wishes above my own? So I buy a DVD, why can't I play that everywhere? Why can't I create my own player? Who says I shouldn't be able to buy a DVD while on holiday and be able to watch it when I get home? If I save a little money by buying it overseas isn't that my good fortune? Why should a commodity like a DVD have such wide differences between price and terms in different places?

    No there are legitimate reasons why I might want to do things that MS/Hollywood want to stop - I don't see why my computer should help them take away MY FREEDOM?

    Personally I think it's time we started something like FSF for hardware (FHF if you will) so that we can escape the clutches of "the evil Empire".

    What happens next? The PC refuses to run any OS without a Microsoft signature, and we're blocked from reverse engineering it? This seems to be happening already with the Xbox, is this just a test case for the whole PC?!

    Perhaps Red Hat should make a PCs, and allow anyone to copy the design. For no other reason than to protect THEIR business model.
  • Before we all get too carried away, let's try to remember a few basics ok?
    1: Trust is a human phenomenon, not a
    machine state.
    2: Trust implies motives. Last time I checked,
    machines don't have motives. People do.
    What are RMS's motives? Microsofts?
    Trusted computing's motives are ???

    Personally, I think the whole thing stinks of pot, kettle, black on the above mentioned bases. Regardless of all that, I fully intend to look out for myself online using Free Software/OSS to the extent I am able. (currently 100%) I believe I know what's best for me, and don't need much help from M$, RMS, or any "Initiatives".
  • I really wish RMS would think more about long-term strategy. He spends time ranting about the name you use to refer to your OS, which hurts his credibility when he argues against things that actually are worth arguing against. There's a reason that "The Boy Who Cried Wolf" is a common folktale.
  • In the middle of his article, RMS stated that there were already US law proposals to "prohibit connecting old computers to the Internet." He states that the CBDTPA is one such law proposal.

    While I knew that the CBDTPA contained language that all new products would have to have the proposed restrictions, I don't recall seeing anything about shutting out old, non-CBDTPA, computers. Is this an accurate reading of the proposal, or a stretch meant work us up?

  • Re: (Score:2, Interesting)

    Comment removed based on user account deletion
  • I agree the issues RMS raises with trusted computing, specifically the loss of control over one's system and possibility for abuse, are valid, and even frightening.

    OTOH I hold some opinions of my own. RMS says that trusted computing should be called treacherous computing but his reasons are weak. I fail to see how stopping people from illegally trading media over the web should be considered treacherous, in fact it is commendable.

    Instead of leaving the internet as a 'wild west' with no laws, Microsoft and the RIAA (along with some politicians) are benevolently expending time and effort to establish some sort of order. I look forward to the day when I can buy Trusted hardware and engage in Trusted computing. That will finally let me sleep at night, knowing that Hollywood and the RIAA are not being robbed of their hard earned money.

  • by Henry V .009 ( 518000 ) on Tuesday October 22, 2002 @04:26PM (#4507795) Journal
    If this were the U.S. Government pulling something like this, we'd have torched the White House by now, and the only real question we'd be debating would be whether Senator Hollings needs five more turns on the spit. But to some extent we are at a loss because it is business rather than government leading this assault on speech and liberty.

    The world has started to turn into a scary place. It used to be the government that was most likely to take away people's rights. Nowadays corporations can be just as dangerous; and the massive bulwarks of liberity put up by our founding fathers--the U.S. Constitution and the checks and balances that make up the branches of government--were not intended to protect us from powerful corporations. If we are going to secure liberty for our children, it may take a struggle just as momentus as those struggles that have been fought before. Resting on our laurels is not an option for free men who mean to stay free.
  • It would be the funniest thing in the world if the first public demonstration of Palladium was a dismal PR failure because somebody hacked in a desktop image of Goatse.

    "Ladies and Gentlemen, as you are about to see it looks the same as always when we boot up......Yipes Crimminy! Um. We have a technical glitch here it seems. I think this demo shall continue another day."
  • Irrational Security (Score:4, Interesting)

    by u19925 ( 613350 ) on Tuesday October 22, 2002 @04:29PM (#4507818)
    There are two types of computer security systems:

    1) The traditional one. This puts the access control of computer resources in the hands of computer owner.

    2) The DRM, CP Protection etc: These system wants to take away access control from the owner.

    I don't know why the second part is even called "security".

    The problem with DRM etc is that once they become more wide spread, someone will provide a method to defeat them. And once defeated, there is no easy way to enable them since the owner doesn't want to enable them! E.g. region code and macrovision disabling in most dvd players. So the only way to implement DRM etc would either be by making it a law and have a very stringent enforcement or don't allow people to buy computers (just allow them to rent only, which will contain license clause that the sytem must be audited, insured at renters expense). Either of the proposition is very expensive.

  • Dear RMS thank you (Score:3, Insightful)

    by t0qer ( 230538 ) on Tuesday October 22, 2002 @04:38PM (#4507902) Homepage Journal
    Hey man, i'm toq, maybe you've seen my posts around here? :)

    Anyways I just wanted to give my opinion on why this is bad. MS has over $40billion in cash reserves. This is enough money to subsidize anything they want to, which is a really scary thought. So right now MS is subsidizing DRM development through a network of smaller projects like the Xbox, funding cheerleaders to go to hollywood (RARA RA M$ OWNIN YOUR PC IS GREAT!!) and getting chip makers to make the actual chips to go into the final product.

    When it comes time for a "final product" no doubt that will be subsidized too. Unfortunately there are no .gov regulations that would stop them from selling a DRM equipped peice of hardware for far less than a non DRM equipped peice of hardware. I would imagine any hardware company not willing to produce MSDRM compliant stuff will be left out in the cold because they won't recieve funding from M$ to develop it.

    Furthermore, when a first time computer buyer goes to buy a pc, will they buy the fully pre built "Compatible with hollywood!" PC or will they pay the extra money to have a non DRM pc built.

    Customer "You mean its not compatible with hollywood?"

    For us tech hounds, we know we'll end up having to support this shit somewhere down the line. Personally, I don't want to touch it with a 10 foot pole. I can see my CEO now...

    CEO, "I tried to access this insider trading site (porn) on my sleek sony vaio (it looks cool)and it said I wasn't Hollywood compatible? Bob from accounting said hollywood compatible computers are cheaper than non holywood compatible ones."

    See that's the basic, sometimes flawed logic of the pc illiterate public.

    And that's where I see all this going. I see MS and NBC and AOL getting together for one HUGE fucking ORGY to screw us. I see future media being created that REQUIRES you to have this hardware to listen to it. Yet the PC illiterate do not even stop to think "Tape recorder next to the radio" DRM is flawed from the beginning in that sense, so really this is just MS's 3rd reich (1st riech killed os2, 2nd killed beos, 3rd is goin after linux)

    Anyways, good luck to you Mr. Stallman, i'll be here in the trenches trying to prevent MS from going onto my friends and families computers. Not many people can sit back and see the whole picture but you can, and should be commended for that.
  • by Ingolfke ( 515826 ) on Tuesday October 22, 2002 @04:38PM (#4507907) Journal
    An interview [microsoft.com] w/ John Manderfelli, General Manager of the MS Palladium Business unit, on MS's is worth the read. The following quotes came from the interview.

    "The project began about four years ago as an epiphany among a small group of Microsoft employees who were working to solve the problem of content protection for online movies."

    "The end result is a system with security similar to a closed-architecture system but with the flexibility of the open Windows platform."

    And to stir up the pot a bit.

    • How would you back data up w/ this system? What if the trusted system burned up... could you still access the archived data?
    • No doubt MS will charge a premium to use the Palladium "features". So in the home edition of Windows you'll have strong DRM, but you won't be able to secure your own files w/o upgrading to Professional (kind of like it is now).
  • Control Structures (Score:3, Insightful)

    by smd4985 ( 203677 ) on Tuesday October 22, 2002 @04:40PM (#4507925) Homepage
    As Lessig has written in 'Code' and RMS writes here, government and commerce feel that imposing control structures on users is a good thing. The government likes it because control enhances their regulatory power. Commerce needs control so their 'property' will be defensible from piracy, etc.

    RMS should really be taken seriously - web services is the next step for commerce that the government will attempt to promote. Web Services will enhance our PKI, allowing for identification, and it will also add controlling code to many devices and systems. Not only developers but the average citizen should be lobbying hard for open networks and open systems. If we don't, the Internet will become the perfect control structure to regulate our lives.
  • by i_want_you_to_throw_ ( 559379 ) on Tuesday October 22, 2002 @04:43PM (#4507951) Journal
    <TANTRUM>
    It's easy to do so when YOU aren't that bright. He might not be a Jeffersonian speaker (well maybe George Jeffersonian) but he has done more to further OSS than you that's for damn sure. You're lucky he's even around after the shit you constantly heap on the guy.

    So he's not eloquent: you can't diminish what he's done.

    Stop being such a snot and shut the fsck up. Cut RMS some slack. At least he contributes something of substance where it counts. You? Well it's real easy to be enlightened when you're sitting on YOUR ass on a mountaintop somewhere and all you can contribute are some comments that you hope get modded up.

    I got a shitload o karma to burn baby so mod me down and flame as high as possible you unappreciative shits.
    </TANTRUM>
  • by NetDanzr ( 619387 ) on Tuesday October 22, 2002 @05:07PM (#4508163)
    The key phrase in the article is "downloaded from the Internet". In other words, treacherous computing works only if your computer is connected to the internet. A trecherous computer needs this for two reasons: first, to let the computer controller know what's on your computer, and second, to download new rules for the proprietary software.

    Here's a reason why Microsoft should not want to implement treacherous computing in the future: while North America, Western Europe and a few Asian countries are pretty well wired, the majority of computer users is not yet connected to the Internet. Those who don't have a PC yet (the enormous market potential), will always get Internet access after they get a computer, not before. Thus, if you start selling software that absolutely requires Internet to run properly, you automatically hand over a huge potential market to your competition.

    On a personal note, there's a small group of people (just like me) who choose not to have Internet access at home, and could not care less what software they are using at work.

  • Yes. (Score:4, Insightful)

    by _ph1ux_ ( 216706 ) on Tuesday October 22, 2002 @05:11PM (#4508198)
    All MS bashing aside I find it very odd that people, with all their supposed privacy concerns, would even consider a company such as Microsoft or any other software vendor for that matter, trusted enough to hold a lot of personal information.

    I understand the appeal of having an account that floats to any terminal that you log into - but having someone else in charge of that makes me nervous.

    I mean - think of credit companies on steriods here.

    For example - having a bank have some ability to control your money is one thing - but here you would have an account that could have much more information that you "own" but dont have full control over.

    In your profile in the next 5 years will be such info as:

    bank info
    documents, both personal and professional that are kept or written by you
    habits file, browsing, shopping, reading, viewing etc.
    personal machine preferences
    owned/installed programs you use regularly.
    plus more

    Now I cant understand why I would want to give anyone control over any aspect of this. Banking is a necesity in todays world - but that's as far as it should go. I dont wnat my bank to handle any information other than exactly how much money is in my account and when I access it. I wouldnt trust them with my personal documents etc... so why would I trust MS.

    One argument against this could be the handling of hotmail accounts.

    If you think MS is responsible enough with all you info then you have never been one of hundreds of thousands of whom who had their hotmail accounts "misplaced" [wired.com] with not so much as a sorry. (cant find a very good article on it - but I remember it when it happened)

    What about how hotmail handles information as simple as your email address - and how much spam you get. What levels of access will "affiliates" and "advertising partners" have to all the info in your .net or palladium account?

    There is already a proven track record to show why you would not want this info placed outside your control.
  • A simple question (Score:4, Insightful)

    by Reality Master 101 ( 179095 ) <RealityMaster101 @ g m ail.com> on Tuesday October 22, 2002 @05:22PM (#4508278) Homepage Journal

    The same question that I have in my sig:

    How is Microsoft supposed to roll this out? How EXACTLY are they supposed to take over the world such that ONLY signed code can run, and maintain backward compatibility?

    No backward compatibility, no sales.

    Once again it has to be pointed out: Microsoft is in business to sell operating systems and software, not to take over the world.

    Palladium will ALWAYS be able to run unsigned code. There's no other way it can happen.

  • by lowe0 ( 136140 ) on Tuesday October 22, 2002 @05:39PM (#4508398) Homepage
    Palladium isn't going to rob you of the right to use your PC. Do you really think Intel and AMD would make a processor that only ran one OS? They'd be tying their futures to those of Microsoft.

    Palladium will just sit there until you choose to run software that uses it. Not install, but run. That means you have to:

    1. Have Palladium hardware.

    2. Have a Palladium OS.

    3. Have a Palladium application.

    The above three will allow you to access Palladium-protected content. Guess what? If you don't want to use something protected, you don't need Palladium!

    Now, what happens if your favorite band or software company or whoever decides they're going to use Palladium? Well, you tell them you're not buying anything. All Microsoft is providing is a secure delivery vehicle. If you don't want to do business with those who use DRM, or trusted applications, or any of the other uses for Palladium, then you don't have to. Sure, it means you have to go without the latest version of the software you love, or that new album from that band, or whatever else you might want, but that's the sacrifice you make. If enough likeminded people feel the same way, then Palladium will fail.

    Palladium is all about layers of security. If the hardware's secure, a secure OS can load. If the OS is secure, a secure app can load. If the app is secure, a secure file can load.

    If the system is secure, content providers will be able to provide media with confidence. In a controlled environment with limited legacy software, unauthorized code such as virii can be halted before damaging or spreading. Truly effective copy protection can be implemented if backwards compatibility is left behind (ah, the age-old quandary.)

    In short, it's not going to stop you from running your own OS.

    So, vote with your wallet. But don't give in to paranoia.
  • by quakeroatz ( 242632 ) on Tuesday October 22, 2002 @06:47PM (#4508910) Journal
    I find it absolutely comical how self centered _some_ Americans are, to the point that they think the TCPA and related AMERICAN technologies (Palladium, etc.) will be the end of free computing in a global sense.

    Do they really think asian/european PC hardware manufacturers are going to radically redesign their products to serve the needs of American capitalism?

    Not a chance.

    The TCPA may be the end of free computing in America (though I doubt it), but the rest of the world will continue on its merry way.

    Get over yourselves!

    I apologize in advance to all open minded Americans, you know who you are.
    • I wish you were right, but your simply incorrect. Europe and Asia will go as does America.

      From a practical standpoint, this planet has only ONE consumer operating system producer. All of the PC manufactures in Europe and Asia need Microsoft just as badly as Dell and Compaq do.

      In fact, unlike the rest of the planet, the US has a few companies that might be able to sell PCs without Microsoft's help: Apple (of course), Sun, and IBM. (Sony could give it a shot, but they've shown no inclination. They have enough to benefit from the content business that strong DRM will be right up their alley.)

      All of today's Wintel-clone builders will move as a group to either accept or reject Microsoft's hardware demands en-mass. Any of them who lags- whose customers start returning computers because it was incompatible with MS Word 2004- will be dragged down into bankrupcy.

      Besides, the "OneWorldGovernment" thing is happening- its not coming from traditional governments though, but from multinational corporations. They influence the political process of each state to maximize their profits, molding the "developed world" into a conforming shape. (Laws which don't directly business profits will be left alone for a while, so nations will retain distinctiveness on "irrelevant" things like gun control, abortion, and taxation patterns.)

      Pseudo-governmental entities like G7, IMF, and WIPO drive this conformity forward. WIPO tries to convince all nations to increase their intellectual property laws- they promoted some kind of "copyright duration parity" as support for the Sonny Bono act, for instance.

      The citizens of the world CANNOT sit back and laugh at the hapless American consumers who are locking themselves into subjugation- soon the tendrils of DMCA-equivalency laws will penetrate their homelands, bootstapped as conditions of Favored Nation trading status, or by more insidious means.

      I'm being pessimistic here- maybe Germany et all will be smart enough to read the fine print on some of these treaties before their parliaments rubber-stamp them- but its safer to assume the worst, and spread the warning about it.
  • by BeBoxer ( 14448 ) on Tuesday October 22, 2002 @08:56PM (#4509696)
    I think Palladium is a great idea, and let me tell you why.

    One thing it offers is the ability to run a program which has it's own secure connection to the input devices and the screen. I think I'll write a little encryption utility which makes use of these features. By using a screen-based soft-keyboard for passphrase input I can make it impervious to every known keyboard sniffer, hardware or software. I bet I can find a few Mafia bosses who would pay a pretty penny for that! Thanks Microsoft(tm)!!!

    Palladium will also let a client download software from the net which a remote server can verify is running untampered. I think I'll write an encrypted communications tool which uses this. Imagine being able to walk into any Internet cafe in the world and securely download an encrypted comm program with no worries about man in the middle attacks or keyboard sniffers! I hear the bin Laden's make good money in the construction business. I bet they'd pay good money for software like this so their "contractors" could check and submit bids online securely and anonymously from anywhere in the world. Thanks again Microsoft(tm)!!!

    I bet I can find product opportunities in every market from P2P pirates to child porn collectors. Thanks Microsoft(tm)!

    Step three: Profit!!!

    Of course, the FBI and CIA are unlikely to let encryption tech that works that well out into the mass market. It's a safe bet that Palladium will either ship with a hidden back door or will include everyones favorite forgotten boogeyman key escrow. Thanks again Microsoft(tm)!
  • One point ... (Score:3, Insightful)

    by Mr_Silver ( 213637 ) on Wednesday October 23, 2002 @03:44AM (#4511119)
    No-one will see this, as it's at the very bottom of the pile of comments, but what the hell, I'll make it anyway.

    If RMS really wants to tell the world that they should oppose "Trusted Computing" then he really should find a better outlet than an OSS online newspaper.

    Theres nothing wrong with Newsforge per se, but if he wants people to actually sit up and take notice then he really should try and get his articles published in places with larger distributions (BBC, WSJ, FT, Business and Computing publications for example).

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...