LaGrande, TCPA, and Palladium 343
An anonymous reader writes "Intel's Paul Otellini gave a talk to developers where Intel's project called "LaGrande" was mentioned. This project is aimed to create a "safer computer environment", that would consist of an advanced TCPA implementation. Some of the features it has deal with physically "protected execution, protected memory, and protected storage". When talking on LaGrande, Otellini said "it's a core technology that things like the Microsoft Palladium initiative can take advantage of to build much more stable platforms.""
The scariest part (Score:5, Insightful)
Re:The scariest part (Score:2, Insightful)
Not that this says anything great about American consumerism either; it simply says a lot about the mores of American consumerism. MS is not stupid; they are in business to make $$$ and those (economic) values will eventually clash with the moral values of their public as a whole. Other than that, what distinguishes this effort from earlier infosec security projects?
(insert instant slashdot classic here)
(think Honeywell/Orange Book) in the light of "security projects", even though the respective documents are long out of date they possibly speak volumes about the current expectations regarding information security per se.
The part about MS that truly scares me is that they seem to be willing *and able* to twist things for mass-market consumption in the name of "security".... [1] [2]
[1] and still sleep at night, regardless of the seeming fact that their motives could be driven more by internal American business needs than anything else.
[2] Not that many ppl will take the trouble to d/l and read/understand copy of www.radium.ncsc.mil/pep/library/rainbow/5200.28-S
The sad thing is.... (Score:5, Insightful)
Re:The sad thing is.... (Score:4, Insightful)
That's the beauty of the thing. They add complexity, but the slightest bug in the complex software will probably be exploitable to make encrypted data available to "normal" (e.g. non-approved-by-the-Intel-Microsoft-hegemony) programs.
Just like growing the government has historically added more layers of beauracracy, making the people safer from the more-massive-and-slower-moving government.
Re:The sad thing is.... (Score:5, Insightful)
Re:The sad thing is.... (Score:3, Insightful)
With that many eyes really wanting to break your encryption (basically everyone who can break encryption in the entire world) you stand no chance. I wouldn't doubt MS choses some retarded block style assignemnt method that allows you to throw out 90% of the private keys before you even begin to brute force.
Re:The sad thing is.... (Score:2)
I thought Palladium was designed to be used for things like "digital rights management"? That is, everything from DRM-protected videos to emails that "cannot be forwarded" (easily). (That's the theory, anyway). Surely this type of DRM stuff would require moving data around the net?
Re:The sad thing is.... (Score:5, Insightful)
It is a cryptographic system, it kas keys. The way access is restricted to approved programs is by signing the programs with a key.
Palladium-locked data isn't going to jump all around the net
Yes, a signifigant amount of Palladium data WILL be bouncing around the net. Content delivery, patch delivery, every time you try to view certain kinds of DRM files you'll be bouncing locked data off of an approval server. One of the feature Microsoft is hyping is that you can send locked E-mails to people.
Microsoft's marketing hype about Palladium is extremely misleading. It does not do the good things they say it does, and it does do the bad things they say it's not intended to do. Palladium is Bad News (unless you happen to want to sell DRM content or you happen to want an ultimate lock-out against competition).
-
Re:The sad thing is.... (Score:3, Insightful)
Ok, so part of Palladium will involve internet transport--but not all of it.
Palladium's chief change, as I understand it, is a "secured disk area" where only the actual program that writes the data can read the data.
Microsoft's marketing hype about Palladium is extremely misleading. It does not do the good things they say it does, and it does do the bad things they say it's not intended to do. Palladium is Bad News (unless you happen to want to sell DRM content or you happen to want an ultimate lock-out against competition).
Sorry, I don't consider DRM a bad thing. A trusted PC interface means that those-that-publish will be able to do so electronically without knowing that it's going to be pirated the next day.
Neither do I consider a program being able to lock its own files a bad thing--since MS would be shooting themselves in the foot operatability-wise if it's impossible to tell the program to move the files to "public space."
Re:The sad thing is.... (Score:2)
The major thing wrong with palladium is that it cannot work. There is nothing stopping you from running everything inside a virtual machine which exactly emulates the palladium-protected machine.
It is only possible to cun a virtual machine if you have full information about the machine you are emulating. This is exactly what Palladium is designed to prevent. The critical information is locked up inside special tamper-resistant chips.
*IF* you could get the full information on the chips you could run the virtual machine, but then you wouldn't need to. If you have all the information you could just write a program to directly do the decryption.
-
Re:The sad thing is.... (Score:3, Informative)
Bugs in software cannot lead to protected data being divulged. The encryption key management and encryption routines themselves are implemented in hardware. The software portion of Palladium is actually pretty small, and Microsoft plans on releasing that code for public review.
And no programs are approved by Microsoft or Intel- Palladium amounts to an API that is available for ANY developer to use without any need to certify or register that software with anybody.
Re:The sad thing is.... (Score:2)
Sure, and I bet you'll be telling us about modem that need MS too... Oh wait, that really happened...
Re:The sad thing is.... (Score:2)
However, There are modems that require a software driver, but thats far from requiring MS.
All you need to do is make a driver for whatever platform you want, and it works fine.
Getting way off topic here, but couldnt you use something like how mplayer loads windows codecs?
There are existing softmodem drivers, So it could be done. You'd just have to wrap the calls right, and I think its possible to make a universal softmodem-driver-loader.
Re:The sad thing is.... (Score:2, Insightful)
What the hell, I'll ask you, too: Name one privacy or control that you will lose with this. Just one.
Hint: you will be able to turn it off, since it would break backward compatibility if you couldn't.
Re:The sad thing is.... (Score:3, Insightful)
1) Fair usage writes on media
2) The right to copy and email many types of files on my own system
3) The right to use international software without in running in a virtual environment (i.e. international software is unlikely to get certified)
In terms of privacy
Most content on my system will be registered to my name.
Re:The sad thing is.... (Score:5, Interesting)
- The media that will most likely be restricted is media that is not available at all right now (legally) because the media producers fear piracy. Fair usage is a pretty muddy area, anyway.
2) The right to copy and email many types of files on my own system
- In general, you do not lose this "right". The cases where you do lose it, it is not legal to copy the file anyway.
3) The right to use international software without running it in a virtual environment (i.e. international software is unlikely to get certified)
- Certified by who? The user still decides what software is trusted or not.
About privacy:
Each palladium system has a unique 2048 bit public/private key pair. However, the public key is protected by hardware and cannot be tracked by a third party because of a system of nonces (outside parties will never see the same public key twice for the same system). Therefore, privacy is maintained.
Re:The sad thing is.... (Score:2)
As for copy files on my machine. Any doc I have I can copy and distribute. There may be civil penalties for doing so if I cause economic harm. That is far more free then a situation where I am criminally liable even if I am succesful in distributing something and these somethings which prohibit distribution aren't neccesarily things that would cause economic harm.
Finally the user does not decide what software is trusted. If they did they could run a debugger and get the keys that are being used by the programs running.
Re: (Score:2)
Comment removed (Score:4, Informative)
Re:The sad thing is.... (Score:4, Insightful)
In a computer EVERYTHING is data. Media=content=data. Programs themselves can be locked inside the palladium system, as can the entire operating system, or websites. Anything and everything on a computer can be locked behind the Palladium wall, and all it takes is someone at a company to say "Heay, if we use Palladium on [something/everything] it then we could [do whatever]".
Do you have any doubt that patches are going to be wrapped in Palladium "for your own protection"? Do doubt that websites that require Palladium will be as common as websites require cookies or require javascript?
Fair usage is a pretty muddy area, anyway.
The outter boundries of fair use are not well defined, but large areas are crystal clear. Courts have clearly and consistantly stated a wide varietey things are fair use, and that fair use is an ABSOLUTE exemption from copyright protection. You can't casually dissmiss fair use merely because there exist some areas that are unclear.
>The right to copy and email many types of files on my own system
- In general, you do not lose this "right".
Unless the application goes out of it's way to enable you to move a file, you lose this right for every file within Palladium.
The cases where you do lose it, it is not legal to copy the file anyway.
Bullshit. (Pardon my french) Not every instance of moving a file is a violation of copyright law, and files inside Palladium are not necessarily covered by copyright protection. As I said before, anything and everything can and will end up inside Palladium. It's quite possible wind up with content to which YOU ARE THE COPYRIGHT HOLDER to be locked up on your machine, unable to move them.
The user still decides what software is trusted or not.
Then you do not understand Palladium at all. Trustworthy computing has ZERO to do with you trusting your machine or you trusting/not-trusting programs. YOU DO NOT GET TO DECIDE WHAT IS TRUSTED. Palladium is all about corporations not trusting YOU. THEY get to decide weather they trust your hardware. THEY get to decide weather they trust your operating system. THEY get to decide weather they trust your program. THEY get to decide weather they trust your data.
privacy is maintained
IF and ONLY IF the program chooses to do so. Palladium makes it trivial for programs to track you uniquely if they choose to, and companies are already trying to do this almost every chance they get.
-
Re:The sad thing is.... (Score:5, Insightful)
(the first shot is always free...)
Re:The sad thing is.... (Score:5, Insightful)
As for Linux, I wouldn't count on being able to run it in the future if Palladium continues unchecked. M$ wants a 'trusted path' to the keyboard and to the mouse - and presumably to the network too. Linux may very well lose the ability to access those devices (either through technical or through legal means), making it 100% useless.
As for the notion that M$ would NOT abuse their monopoly powers, well I wouldn't count on that...
Re:The sad thing is.... (Score:2, Insightful)
Really ? You seem to trust MS/Intel a lot more than I do.
> since it would break backward compatibility if you couldn't.
Just like MS worries so much about MS Office 11 being backwards-compatible to Windows before 2K? [com.com]
And don't forget to ask a few bitter Visual Basic programmers about having to re-write the vast portion of their code to move it to dot-NET.
Re:The sad thing is.... (Score:2, Informative)
how little control or privacy these projects will leave us
The control still remains with the end user. By design, the user determines what is trusted and what is not trusted. And privacy is always protected, and that protection is backed by hardware.
These projects will not give us more stable software, just buggy software that will let us do less
I'm not sure where you are coming with that. Palladium will make it easier to develop secure applications- reduced complexity correlates directly with reduced bugs.
Basically, Palladium sets out to solve the problem of protecting mobile code from a malicious host (that is, it protects software from software). Without hardware support, developers must rely on obfuscation or tamper-resistant code to completely protect their code and data (something which is provably impossible [weizmann.ac.il] to do, btw).
Re:The sad thing is.... (Score:3, Insightful)
The people I know in the security business agree that the problem is impossible to solve without hardware support. If you haven't noticed, there is a huge demand for digital content, and there is a lack of supply of that content because the media companies fear piracy. This is a defensive move by Microsoft/AMD/Intel, because someday somebody was always going to find a way to allow media companies to distribute this content without fear of piracy, and that person is going to make a lot of money.
er the OS (palladium) decides what is trusted , otherwise the certificates are useless, and the certificates are issued by microsoft.
I have been reading the documentation available, like here [microsoft.com] where Microsoft says:
I have also been reading enough to know that most of the information out there about Palladium is untrue.
Re:The sad thing is.... (Score:3)
Only the user decides what "Palladium" applications get to run. Anyone can write an application to take advantage of "Palladium" APIs without notifying Microsoft (or anyone else) or getting its (or anyone else's) approval.
I have also been reading enough to know that most of the information out there about Palladium is untrue.
Even assuming this is true (which I don't) this only applies to the application level. Yeah, so you can run any app you want. Whoopie. Apps are useless without data to manipulate and Palladium takes away my control of what I do with the data on my machine.
If I can manipulate and distribute music/movies/text that I created there is, by definition, a way to do it with music/movies/text someone else made. Maybe not trivially, but there is a way. The system is useless either way. If I cannot distribute data a computer is worthless. If I can than the protections it supposedly gives do not perform as advertised.
Re:The sad thing is.... (Score:2)
Actually I don't see any problem with what Intel is doing. If you are using software that you trust has your interests at heart (for me that is Linux) then you don't have to worry that your software is going to limmit you. However, if you do not trust your software or the provider of that software, then WHY ARE YOU STILL USING IT? If you give money or use software from people who you think are out to cheat you then you only have yourself to blame when it happens. Intel is adding features to thier hardware that could be used for good or bad but I only intend running software that will only utilize these features to my benefit.
Re:WAKE UP. AMD will still be around. (Score:2, Informative)
sun, amd amongst others are actually PARTNERS in the TCPA ALLIANCE
im quitting computing and going back to robotics or something now..
VIA will still be around. (Score:2)
Safer from what? (Score:2, Insightful)
Re:Safer from what? (Score:2)
How to make microsoft lose money (Score:2, Insightful)
Money talks (Score:5, Insightful)
Re:Money talks (Score:2, Insightful)
You think you have all of the power, but dont forget that if AMD, Intel, and Microsoft finally get in the same boat, it really wont matter how much you boycott their products, because the reality is, you wont be left with an alternative. Lets see you run the latest and greatest games 2-3 years down the line on your XP or P4.
Re:Money talks (Score:3, Informative)
Re:Money talks (Score:2)
The fact that I own a TiBook is to me enough to believe a revolution is coming. I hated apple until 10.2, but they honestly seem to be a company motivated by being the best right now. I can't say that about anyone else.
Re:Money talks (Score:5, Insightful)
There is [apple.com].
Alternatives? No problem. (Score:5, Insightful)
And then there is the biggest alternative of all: Keeping what I already have. Once investors perceive that Intel/AMD/M$ are losing sales because customers are postponing upgrades, heads will roll.
Re:Alternatives? No problem. (Score:2)
For this reason, I agree that we should not buy the systems when they come out, hoping that lower sales will convince them to call off the project. But I don't think it will work.
Re:Alternatives? No problem. (Score:2)
Re:Alternatives? No problem. (Score:2)
Re:Money talks (Score:3, Funny)
The guy at the store said "oh that's just the new controls in MS to stop piracy", he couldn't explain why it would stop me from editing my own documents though.
I went out and got a Mac the next day, it allows me to open any document I want, and there are no messages accusing me of being a criminal! I look in pain as I see people being called criminals on their new "production stoper" machines, but I get all my documents done with no problems.
My name is sean fritz, and I'm a software engineer.
Re:Money talks (Score:3, Informative)
1) Microsoft is not to be trusted.
("Reality Master" -- sheesh)
Re:Money talks (Score:2)
Re:Money talks (Score:5, Insightful)
PALLADIUM/LAGRANDE PROBLEM #1: IT TAKES CONTROL OF THE COMPUTER AWAY FROM THE OWNER AND PLACES IT WITH EXTERNAL ENTITIES.
It is only a matter of time before those entities make decisions that are in conflict with the computer owner. Obnoxious EULAs and enforcement, insane DRM practices, fees, fees, and more fees. It will become the technological equivalent of a coin-operated computer. No thanks.
Re:Money talks (Score:3)
Yep. I've been thinking about ways to explain to non-propellerheads what's wrong with Palladium, and this is what I've come up with:
In the Bad Old Days of computers -- in the 1950s through the 1970s -- ordinary people like you and me feared computers, because computers were available only to governments and the largest corporations. Computers were something they paid for and they controlled.
Starting in the 1980s, those attitudes changed, because computers became something you paid for and you controlled.
With Palladium/TCPA, computers will become something you pay for ... and they control.
Real Life (Score:5, Interesting)
For example, in real life, I own a small sexy sportscar. I can go very fast in it if I choose to, unfortunately it also catches Mr.Policeman's eye, so the risk of being caught going very quickly is rather high.
In the palladium world, there should be a set of radio buttons which you select from at installation
O Let me access everything
O Let me access some copied stuff, but not the really bad things
O Lock me down - protect me from myself.
The option you choose must be available to the RIAA, MPAA, PETA, etc.
So, you have the oppourtunity to break laws, EULAs, licence agreements, etc. but if you choose this option your chances of getting caught are higher.
Re:Real Life (Score:4, Insightful)
Are you being facetious? Or do you literally mean that private trade & political organizations will FOLLOW my movements? Like a stalker.
That's almost as it would be if law enforcement could secretly look and see what books I'm reading at the library. A free society would never allow that would they.
Oh, wait...
Re:Real Life (Score:2)
Well, if your small sexy sports-car is one of the latest Porsche 911's or a McLaren (both 200+mph), there's a fat chance in hell that a cop-car could catch you, even with nitro-boosters.
Re:Real Life (Score:2)
-Rusty
Re:Real Life (Score:2)
They think they have a scheme by which the software will be locked to only do the one thing they want with the data. There will certainly be no "option" to turn it off!
The sad part is that this will do absolutely nothing to stop piracy. Piracy will be greater because the pirated copy is more valuable (same thing happens when software companies try harder to copy-protect their software). People will always have older machines or will videotape from the screen.
But this will make any competition with MicroSoft absolutely *impossible*. This is because only MicroSoft software will be capable of reading the vast majority of data out there, and it is likely that only MicroSoft software will be able to talk to most new devices.
Once they have eliminated all remaining competition by making it impossible for it to interoperate, they might actually stop piracy. This will be done by making recording devices illegal. This is done by making the new secure system only play signed recordings. Conviently this shuts up all music/movie/entertainment makers who are not signed, and also stops all public discourse. You will require a license to make a web page.
This is going to happen. And when it does, you can hang your head in shame for your pathetic attempts to say it is ok.
Lemons -> Lemonade (Score:5, Interesting)
Re:Lemons - Lemonade (Score:5, Funny)
Wonderful, more laws. (Score:4, Insightful)
Now they're trying to stick this idea at the core of our computers?
I trust my humble non-Palladium Windows box just fine, thank you very much. Someone's going to end up getting screwed bigtime, but I think it's too hard to tell at the moment who exactly that will be. And unfortunatley, the result seems to be dependent on the intelligence of the majority of computer users.
I don't want to jynx it though.
Re:Wonderful, more laws. (Score:2)
You fell victim to the Microsoft Marketing disinformation that Palladium is supposed to be good for you. It has zero to do with you trusting your computer. It is 100% about weather companies trust your computer and your programs. It is about your computer not trusting you.
To avoid technical details, think about this:
Palladium provides strong DRM. Who is it that is trusting the DRM? You, or a corporation?
-
Re:I would like to point this out right now... (Score:2)
When these technologies hit the market place, there are going to be flashy commercials telling us how great they are, and all to a head bopping beat that'll stick in our minds for days. By then it'll be too late.
I once was trying to explain the advantage of using Linux over Windows to a couple of teens I know (they are the one's that spend 12 hours a day on AIM, ICQ and Messenger, downloading NOFX off of Kazaa) and they were completely clueless to the Open Source Movement. Being under the impression that Linux was a corporation like Microsoft they couldn't comprehend that there are people in the world who dedicate time and effort to making free applications to replace commercial ones. I spent over an hour trying to explain that Linus doesn't mind that you download his OS without paying for it.
We may think that everyone out there understands the evil of monopolies but the sad truth of the matter is taht they don't.
What needs to happen is that the public needs to be educated, not preached to so that they just take you for a zealot, but really educated. Sit down with 3 people for a night and tell them all about OSS. Show them that there is another way. Once they make the move, encourage them to talk to 3 people each. (It's just like Pay It Forward but without that annoying kid). We need direction and sooner is better than later.
Peace.
Re:I would like to point this out right now... (Score:2)
Re:I would like to point this out right now... (Score:2)
now the subject will change! (Score:2, Insightful)
is no longer about "is your OS supporting M$ office?", it's
going to be about freedom. Sure, many people will miss the
point until they lost most of their freedom, but that's it.
I would bet, that in the long run (>5 years) freedom
will benefit from this paladium stuff.
some times it has got get worse, before it will get better.
Great Name... (Score:5, Funny)
Couldn't think of a better name, myself.
Re:Great Name... (Score:2)
Love ya Billy! (Score:5, Funny)
1. Create an insecure operating system
2. Profit
3. Blame computers for your insecurity
4. Profit
5. Get hardware vendors to make changes to compensate for YOUR buggy software
6. Profit
7. Prevent any software except yours from running securely
8. Profit (by others demise)
9. Take away everyones choice.
10 Profit
11. Blame the computers some more, as you take away more freedom
12. Profit. Profit. Profit.
When there is a wolf guarding the hen hose, why on earth would I need the shotgun named Linux?
Re:Love ya Billy! (Score:2)
.
.
12. Profit.
Heay! Where are all the question marks?!?!
-
Useful services, devil is in the details (Score:5, Interesting)
A lot of people are opposed to any scheme that can be used to thwart piracy. But in my view that's an extreme and unreasonable position, even when fair use issues are taken into account.
For a long time it's seemed to me that the thing we ought to be working towards is an open system of distribution, one that can't be dominated by large media concerns, something that gives a guy who makes music at home the same sort of access to the market as the big record labels.
To me, the issue is not whether or not my computer is capable of running some sort of protected DRM system -- the issue is whether or not it's capable of running alternative systems, if the existence of a palladium aware media player will break my mp3, ogg, and divx players, or my entire open source operating system. As I read these proposals, that's not the case, they won't break things.
Microsoft has said explicitly that one of the key design goals of palladium was that it shouldn't break existing software.
In my view, these sorts of services are useful, and we ought to be talking more about "how" then "if" they are implemented.
In particular, we ought to be sure that software that will run under linux can provide the same sorts of services as a palladium enabled version of windows. I know that the applications themselves couldn't be truly open source (or at least you'd have to use a signed snapshot of an application that was developed using open source methodologies). But I don't think that's enough of a reason to pull back from this stuff.
There are useful applications for this stuff.
About a decade ago, one of the hot topics among crypto types was digicash -- cryptographic protocols invented by a guy named Chaum that try to mimic cash, especially its anonymity and security.
One of the big problems was how to make microtransactions work when you're disconnected from the net. Imagine two palm os devices doing a transaction over infrared. Chaum's answer was to use tamper proof chips.
Sure, on some level nothing is tamper proof, but it ought to be possible to make tampering difficult enough, expensive enough, and to cap the size of the transactions possible and the rate at which they can be made, in a way that would give people reasonable security. The NSA could hack the micropayment system, but they'd have to spend a million bucks, and all they could get back would be $50, or something like that.
It seems to me that this kind of hardware could be seen as a more flexible kind of tamper proof chip.
I think the goal should be that whatever hardware comes out should work with arbitrary operating systems. The trust chain should be decentralized.
In other words, if I develop an electronic music distribution system, I should be able to develop apps for whatever OSs I choose to support, and I should be able to make my system recognize whatever signatures I feel are trusthworsthy. It ought to be possible for *anyone* to develop such a system, and to use the hooks into the hardware.
The thing that worries me is that if all we say is "no, palladium is the devil" we won't have any voice in this stuff.
Re:Useful services, devil is in the details (Score:3, Interesting)
Firstly, I like you post.
Secondly, although an individual system can choose not to use Palladium, how difficult is it to do so? What's the social weight against using something else? Can anyone tell me what I'm going to face if I choose to continue using Linux?
Re:Useful services, devil is in the details (Score:4, Insightful)
Theoretically, if anyone doesn't like this-or-that DRM enabled feature of a product, they just shouldn't buy the product. But there's a flaw in this reasoning--just as everyone here who screams bloody murder about TCPA is probably going to have to buy a TCPA computer at some point (because that's the only kind they'll sell). Large well-organized corporations simply have vastly more negotiating power than individual consumers in deciding these sorts of things. You deciding not to buy the latest songs from the record companies doesn't phase them, but if large corporations decide not to sell products with feature X, then you'll just do without feature X, period.
Which means, left to its own ends, the marketplace will encourage software/hardware suppliers to set anti-fair use restrictions once DRM is common. Basically they'll turn their paper EULAs into draconian DRM restrictions.
Now, one can get on a high horse and just say "well I'll just run Linux and not purchase DRM content and never have to put up with any of that!" Yeah, we'll see how long that makes sense once all music, all movies, and many e-mails require Palladium. Most people use computers for communication--so if they refuse to buy the kind of computer that allows them to send and receive information from the kinds of computers other people buy, then your computer is going to become very useless. Palladium has far more potential to make this a reality than Microsoft Office file formats or Internet Explorer ever could. Remember, in a world of network effects, you're only as free as your neighbor.
So, while it may be true (if we're lucky) that TCPA can be used from any OS (though as you say, applications and content would need to be re-written to support it), from a utilitarian view things are going to start sucking for ordinary users unless one of two things takes place:
1. The government or some other entity outside the marketplace has veto power over allowable DRM policies, and uses it liberally.
2. We can encourage all consumers to say "palladium is the devil!", because even with the advantages you describe, it would still be a very bad thing from the users point of view.
Re:Useful services, devil is in the details (Score:3, Insightful)
Its a damn good thing .... (Score:5, Funny)
Re:Its a damn good thing .... (Score:2, Funny)
Appropriate.. (Score:3, Funny)
Re:Appropriate.. (Score:3, Informative)
La Grande itself is a relatively pleasant community, in spite of my ex-wife making it her home.
It's closer than you think... (Score:2, Informative)
I saw an ad on TV for one of those. Kinda made me cringe. I'm curious as to what kind of TCPA stuff it's got.
I see it as good. (Score:3, Interesting)
What im saying of course is it will have its place, on the business desktop, on the childs computer, on public accessable computers etc etc. They have already stated that there will be a option to turn it off, and to be honest all of those who say "Well yes, but what about when they remove that option?" are just scaramongering. Yes true they can remove it in the future, but will it be that easy? I dont think so, there will be too a big outcry, and there will still be large numbers of eastern computer manufacturers making PCs as we know them now.
As i said at the beginning of my post, i am looking forward to this. Especially if systems administrators will be able to control it (and i bet they will be able to), as this creates a whole new set of security barriers to wouldbe theives etc. Imagine what the outcries were like when the first user account was created on an OS which didnt have full rights to all the system. This is jsut the same.
Re:I see it as good. (Score:2)
If done right (and here is where MS may falter), there won't be a big outcry if they turn the option to disable Palladium off. Never underestimate the spinelessness of the average person.
The PC manufacturers (the ones who count, anyway) are already in their pocket. Both AMD and Intel have pledged support for Palladium. In the future there will be no PC manufacturers making "more free" PC's because doing so will prevent them from being profitable.
I'd rather "scare-monger" (as you call it) then leave people with a false sense of security by telling them things will be alright when they won't.
Is there any hard info on this? (Score:2)
This could be both good or bad. On the good side, it might support multiple virtual machines a la VMWare without the horrid hacks needed to make that work. On the bad side, it could mean that you can't develop code that will run on consumer machines without permission from Microsoft.
Time for OpenSource Hardware ! (Score:2, Interesting)
Many hardware vendors are finally waking up and embracing Open Source, e.g. (3ware, Adaptec, Intel, AMD), but it seems as if the community is always fighting with hardware. If worst came to worst, we could all boycott a particular vendor and pledge as a community to buy non DRM (Digital Restrictions Managemet) devices from a competitor in volume.
After all, DRM is NOT LAW! (Well at least not until Microsoft donates $20,000 to a couple of congressional campaigns).
Open Source should have Open Hardware!
Also, I am not worrying too much about Palladium or other "copy protection" type devices. They will be defeated just like every other type of "copy protection" that has ever been invented. In fact reverse engineering Palladium in compliance with the DMCA will probably be a sourceforge project.
Does Intel like losing EU sales? (Score:2, Insightful)
Superb marketting effort! (Score:2, Insightful)
History is replete with Bad Things imposed by powerful entities (be it governement, warring factions, religious institution, corporations, etc). Usualy, those entities attempt to reduce resistance to those schemes by publicising them as good, advantageous, desirable even.
Censorship is a reccuring favorite. "It would be bad to let the counter-revolutionnaries / heretics / competitors to speak against the System". Another common theme is "We have to protect the weak / children / people against harm and/or themselves".
This is, however, the first time that I see something so obviously nefarious portrayed in such a positive light!
The only raison d'tre of Palladium (and the underlying mechanisms) is to prevent people from using their tools to process the data of their choice in the manner they choose. Be it to prevent the "evil pirates" from listening to their CD on their computer, or *gasp* using such-and-such technology without the "safe" and "approved" program (how much are you willing to bet that "approved" software will always be commercial, proprietary and expensive?)
This would be horrible enough to get even the general populace to react and protest... if it wasn't described as an "enhancement". "Safer" They say (for whom?). "More reliable" (at what?).
My OS and computing environment are safe enough for the tasks I give them as it is. I don't need "help" protecting me against myself!
We need to cry, shout and yell loud enough to be heard. The CDA was nothing compared to this, because our computer remained ours, we could always choose to obey the law or not.
They are trying to take that choice away from us.
-- MG
Who is paying for this??? (Score:3, Interesting)
From what I have heard about "LaGrande" and "Palladium", there are benefits for the "gatekeepers", but no benefit for end users. Nobody is projecting increased sales because of these lovely DRM "features". Indeed, many are wondering if people will buy this stuff at all. This would be like McDonalds working on a way to make greasier french fries, because it would help the lard industry.
So my question is this: "Who is bankrolling this operation?" If Intel/AMD/M$ are really spending their own money on this, it's a mass outbreak of corporate stupidity. Is Saddam Hussein attacking our tech industry with some kind of "dumb-down" bio-warfare weapon?
My conspiracy theory is that the "LaGrande/Palladium" boxes will be blown out at firesale prices, subsidized by someone who really wants this stuff to be deployed -- kind of like Xbox on a massive scale. The payback will have to come from the victims^h^h^h^h^h^h^h^h customers -- endless fees and hidden surcharges built into everything they do.
Great... (Score:2)
Could this be a Good Thing? (Score:3, Interesting)
This would not stop Linux from running. Linux would simply not utilize the feature (or, it could even be added to Linux), and run it's own memory management scheme with software as it does now.
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
This will not stop your DVD ripper from ripping. An alternate driver and ripping program designed to simply not use a feature designed to provide hardware security for applications is not a violation of the DCMA (even if the ripping of a DVD is, which is a different question).
This will stop someone from using an external program to cheat at a game (the game locks off its memory, the cheat program cannot change the data).
This will prevent someone from, say, running a malicious program which essentially "core dumps" your RAM at a specific time, maybe when opening your e-mail reader?
This will possibly stop things like Outlook viruses, as Palladium/LaGrande-aware applications are hardware-isolated into their own address/execution space and cannot interefere with other applications.
Did I miss something? Should I really believe M$ is dumb enough to make a move which will cause outcry and backlash from the most tech-savvy of users all the way down to the e-mail granny, at a time when the DOJ, along with every man, woman, and l33t-preteen on the planet is breathing down their necks in anger?
C'mon people, I hate MS too, but they where smart enough to get this far, even if they did hire Balmer...I think that's an obvious move to NOT be making, if they value their asses (assets?) at all.
Please correct me if I'm wrong, and please post links.
Re:Could this be a Good Thing? (Score:4, Insightful)
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
I think you misunderstand the use of the protected area. Your MP3s will be encrypted. the keys to decrypt them will be stored in the protected area. Only "trusted" programs will be allowed access to the protected area, so only "trusted" programs will be able to get the keys and decrypt the MP3s. One requirement for "trust" will be that the player provides no way to save the unencrypted datastream anywhere. Possibly it might not even send the stream to a sound card unless that sound card was also "trusted".
The fundamental problem isn't even the word "trust", it's who can trust the computer. This whole thing isn't intended to insure that you can trust your computer or the software on it. It's to insure that other people (eg. the RIAA, MPAA, Microsoft) can trust your computer. Trust it, that is, to do only what they tell it it can do and nothing else. If you wonder why MS would want that, think back a couple of years to their floating of the idea of annual subscriptions for Windows licenses. Now imagine the glee when they discover a way to guarantee that, if they impose that, you the user can't do a thing to bypass their check of whether you've paid or not because the hardware won't let you touch that data.
not yet anyway (Score:4, Insightful)
this is a tarpit
personally i've written a letter to amd already asking them what their formal stance is and they never wrote me back
Re:not yet anyway (Score:2)
I've seen several reports that AMD is officially planning to support Palladium on their chips. If some new version of windows runs on Intel but doesn't run on AMD then AMD is dead dead dead. -
Re: (Score:2)
Re:I think these technologies are a good thing (Score:3, Insightful)
Re:I think these technologies are a good thing (Score:2)
This way when I install a game, I don't have to worry that it could steal my bank account information. No program would be able to access my bank account information unless it was signed by the same company as the program that stored the information originally.
Re:I think these technologies are a good thing (Score:2)
But you don't need Palladium to solve this problem!! If you run Linux, you can do this by using chroot. The problem is readily solvable on todays hardware. But solving this is not what Microsoft is really interested in. If they wanted security for users they could have implemented it years ago. Like other systems.
The only thing Palladium provides is taking control away from the owner. Really! Think about it!!!
Re:I think these technologies are a good thing (Score:2)
I wish I had Palladium when Code Red hit because it stole my... err, umm, well when Nimda hit it stole my.... ummm... well, you know! It will protect my DRM music and my DRM movies from viruses!
-
Re:I think these technologies are a good thing (Score:2)
A word processor is pretty useless without the ability to share files. Nobody is going to use a word processor that prevents this.
However, your bank will be able to store your account number on your machine such that no program not signed by your bank can access it.
Microsoft's chosen vendors (and Microsoft itself) will not be able to access this bank account number.
As far as whether or not it is proprietary, TCPA is the (theoretically) open platform, Palladium is the proprietary Microsoft thing that could possibly be made TCPA compliant but probably won't be. I don't support Microsoft's continual efforts at creating proprietary protocols, but I do support creating something like Palladium/TCPA.
Re:I think these technologies are a good thing (Score:2)
While that MAY be the case for the short-term, i'm sure once it becomes part of the average users desktop M$ will find some excuse to "lock it down" further.
With Palladium, etc. it will become possible for programs to keep especially sensitive data safe from malicious programs operating on the same machine. Now an attacker will have to not only subvert one of the programs that I have trusted, it will also have to defeat the Palladium system.
What kinds of malicious programs? Define "malicious"? More importantly, how does MICROSOFT define "malicious"? Could Openoffice.org, a presumably "unauthorized" piece of software be considered malicious if it is able to open a Microsoft Word document? Food for thought.
I don't see how this can be a bad development. At worst its neutral. At best, Palladium will allow me to do all sorts of things on my computer that I wouldn't dream of doing today because of security concerns.
Microsoft? Neutral? Neutral EVIL, maybe! :)
I'm not sure what you mean when you say you aren't able to do things on your PC that you won't be able to do with Palladium in place. I can think of MANY things that Microsoft would try to prevent you from doing with their implementation of Palladium (and not necessarily "illegal" acts such as copying and distributing movies and music.) Palladium is NOT about Freedom.
Re:I think these technologies are a good thing (Score:3, Interesting)
Yes. This is a very good thing.
However, the problem becomes when Palladium is the de-facto standard. When you need Palladium on to run pretty much anything, including seeing grandma's last e-mail, because her system uses Palladium by default, then we have a problem.
Palladium is a bad company's wet dream. Enron's accounting books could be completely unreadable to anything except for the computer they were created on -- "Oops! It got wiped.. sorry sir.." Those pesky e-mails that pointed out exactly how MS was trying to lean on other companies? You certainly wouldn't be able to get hold of them under a Palladium system.. even the copies over at the Netscape office could be set to "expire" and auto-delete themselves after a certain amount of time.
Or here's a fun one, EULAs that automagically update themselves from headoffice with no warning whatsoever to the user. It's bad enough now when to download a *required* security update, you are forced to accept a change in licensing. If you don't download the update, you lose the ability to obtain support, but at least right now you have the choice. Palladium gives the content owners, (which in this case is the folks who presented the contract) the ability to change the content at any time. Do you really believe that every company out there will be willing to resist temptation?
Plus, when it's the defacto standard, you start losing the widgets and API's that allow new software to be built without Palladium. After all, if MS can simply discontinue support for W98, what makes you think that they can't discontinue support for non-palladium equipped systems?
"Your trying to use what API? Oh.. that was before Palladium. We deprecated that a while ago, just use our new Palladium enhanced version now. It provides better security and support. Open source developer? No problems with that. Just so long as you cough up a nickel for every person that tries to use your program, we'll be happy to set up a key for you."
Which brings us to a point where *all* software has to be licensed through a key provider - and also a point where if the key provider decides they want more money (name me a corporation that wouldn't) they simply increase the charges and/or invalidate current keys.
Of course, the answer for all this is, "Well don't use it! Use Linux or something." Unfortunately, this assumes that we'll have the choice. The first attack on that choice is coming in the form of legislation. When hardware manufacturers are mandated to have security protocols in their hardware. The second attack is the weight of network effects. As I said, when even grandma uses Palladium, when every major company from here to Timbuktu uses it for the "security advantage", you really lose any choice to not use it. Oh I suppose you could try and be like those die-hards who still make use of FIDO, but beyond hobbyists, you completely lose the ability to connect to the world. This can go even further when major routing points start to use it to increase the security of the entire internet. Prevent DDOS attacks from those nasty non-Palladium machines out there by dropping their packets at the first router. Only Palladium Approved Packets will be accepted, thank you. At that point, even the die-hards will be forced to move to Palladium (or I suppose they could ressurect FIDO).
Now, will things get this bad? I don't know, this is kind of a worst case scenario, and we all know that it often doesn't get to the worst case. Unfortunately, I really don't see anything that would stop this scenario from happening.
Finally, on a side note, if you have even a minor knowledge about proper security precautions for your computer then your banking information is likely safer being on your computer than it is being in your wallet.
Kwil
You don't know what you are talking about (Score:2)
For protecting from malicious (or more likely buggy) programs, everything Palladium promises is there right now. But machines are contuously hacked (Linux as well as Windows). Why? Because of a thing called bugs. Palladium is not going to stop bugs. It will instead sign bugs and say they are "trusted". Big deal!
Palladium's purpose is to make sure the owner of the computer can't insert "bugs", and the user cannot fix "bugs", no matter how hard they try or want to do it.
MOD PARENT UP! (Score:2)
Great job man!
Re:Why Palladium / DRM Won't Catch On (Score:2, Insightful)
Re:Why Palladium / DRM Won't Catch On (Score:2)
So from that point of view, any competitive plans by MicroSoft are probably much more geared to finishing off this "competition". Getting rid of Linux is just a side effect.
Rest assurred that the old Windows machines will not read palladium-encrypted pages either.
And how's your Divx box? (Score:2)
Not likely, because the idea of DVDs that expire a few days after purchase was so bad that even Joe Sixpack wouldn't buy into it.
If you want to give the keys to your computer to anybody but yourself, fine. Publish your static IP address, turn off your firewalls, deinstall your anti-virals, and announce here that you've done this and I'm sure your box will be 0wn3d in a few minutes. Maybe you'll even still get to use it afterwards.
The rest of us obviously have a lot more sense and a lot less trust than you do. Are you new to the Internet? Do you actually buy products that spammers sell? Is your "herbal Viagra" working?
"Trusted Computing" is intended to protect the vendors, not the users. We are the ones that are expected to pay for these boxes. I can't think of any actual benefits which DRM-enabling will give me in actual practice.
If you want to buy it because it's k3wl n3w t3cHn0l0gy, go for it. And post about your experiences, in the post DRM climate, those of us still in the USA will need all the laughs we can get, and those of us who aren't probably deserve some chuckles at US expense as well.
Re:And how's your Divx box? (Score:2)
Your confidence that DRM-enabled hardware will give control to its users and not the vendors is touching. I don't happen to share it and the vendors haven't really given us anything better than "trust us" as the reason why we should.
Re:This isn't about palladium! (Score:2)
When they added memory protection to the 386, you could write software that ran in the unprotected mode. Yes, you could write a system that would lock things up so that a branch of software was unable to switch to protected mode and unable to write outside it's own memory. But you could write that system!
The difference with Palladium is that it is explicitly designed so that nobody other than MicroSoft can write the unprotected mode part.
Come on, think a little bit before posting next time.
Re:Who is worried? (Score:3)