Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Microsoft Your Rights Online

Will Microsoft Code-Checking Plans Cripple the GPL? 663

Infonaut was one of many readers to point out that "Thomas C. Green at The Register seems to think Microsoft is after far more than the 'ubiquitous security' they're pitching to the mainstream press. In this lengthy article, he contends that Microsoft's latest plans are in many ways an attempt to kill Linux by rendering GPL'ed software unusable. Yep, that's freedom to innovate, I'd say."
This discussion has been archived. No new comments can be posted.

Will Microsoft Code-Checking Plans Cripple the GPL?

Comments Filter:
  • by paiute ( 550198 ) on Wednesday June 26, 2002 @07:27AM (#3768173)
    Sorry, you can't get there from here.
  • by forged ( 206127 ) on Wednesday June 26, 2002 @07:29AM (#3768180) Homepage Journal
    I wonder is Thomas C. Green is one of the many IT analysts also reading Slashdot on a regular basis.

    Thomas, if so, can you reply to this so that we may ask you questions in this forum ?


    • sure, cheers.

      tcg
  • Bah. (Score:4, Insightful)

    by EvilNight ( 11001 ) on Wednesday June 26, 2002 @07:29AM (#3768185)
    Don't worry about Microsoft. They're on their way to being a footnote. I chuckle that they think that when forced to choose between MS and GPL, people will go with MS. That's not a safe assumption to make... not a safe one at all.

    Just keep coding. Millions of happy hackers > politics and license agreements.

    • People, ie my Dad, will use whatever comes on their pc which will be sold with a sticker saying 'more secure web security in this box'.

      He will use online vendors that support the new web security etc in this box.

      The vendors will use windows servers because they help deliver that security.

      Vendors will only use linux boxes if they can do the same thing as the market leader. This has always been true with linux, even in markets where ms was not the leader.

      • So? How does this affect you? Honestly, Microsoft can never "kill" open source because it's open. It's always there for you to use, modify, and redistribute. So what are you all worried about?

        Keep coding, use what you want to (that's the great thing about open source), and let the rest of the world be.

        This isn't a pissing contest. It's subversive passive aggression.
        • Well, if your new PC refused to run binaries that weren't authenticated, that would pretty much kill open source if the authentication process was difficult enough. But it would also never catch on.
          • I doubt this is an assumption that ALL future PC hardware will be Palladium enhanced. I'm certainly not going to buy such hardware. I'll nurse my Duron till the chip breaks down to sand before I upgrade.
          • by rseuhs ( 322520 ) on Wednesday June 26, 2002 @08:25AM (#3768510)
            If your new PC refuded to run unauthenticated binaries, that would pretty much kill Windows.

            Let me explain:

            IMO, the only thing that keeps Windows going is that people have so much software lying around that they have a hard time switching.

            Now if the first PCs with this limitation come to the market that force you to replace all your software many would just switch to Linux because your software will become worthless sooner or later if you stay on Windows.

            And if Microsoft is stupid enough to enforce Palladium in their OS, Wine/Linux will have BETTER WINDOWS COMPATIBILITY than Windows itself.

            • by vidarh ( 309115 ) <vidar@hokstad.com> on Wednesday June 26, 2002 @08:47AM (#3768668) Homepage Journal
              You don't get it. Of course they won't make new PCs refuse to run unauthenticated binaries right away. That would of course kill them.

              The "safer" way for Microsoft, is to make their next version of Windows warn you whenever you try to do something "unsafe". Imagine if each time you connect to a webserver not running this security stuff, you get a window saying that you are connecting to an insecure site and that you should ask the site operator to upgrade to a secure system.

              Then give users the option of blocking unsafe sites permanently.

              Then after somewhere around 70-80% of all systems are "secure" they issue an upgrade that make your machine refuse to deal with unsafe data by default, hiding an option deep down in Windows to allow it. Possibly allowing you to "self authenticate" old applications.

              After a while, you then make the authentication mandatory.

              This has the possibility of working, if they aren't met with solid opposition from the start, and if they have the sense to do it gradually enough to not alienate too many people.

              Keep in mind that Windows is based on obsoleting things. There's so much old software that stops working between versions of Windows, that that argument simply don't hold - your Windows software WILL become worthless sooner or later, but people still stick with it.

              And as for switching to Linux, you might not have that option, as the entire point about Palladium was that it is mean to be enforced in hardware via alliances with Intel and AMD (for now).

              Microsoft may be evil, but they aren't stupid... People can't afford to take the risk of discounting their ideas.

              • You don't get it.

                Oh really?

                Of course they won't make new PCs refuse to run unauthenticated binaries right away. That would of course kill them. The "safer" way for Microsoft, is to make their next version of Windows warn you whenever you try to do something "unsafe". Imagine if each time you connect to a webserver not running this security stuff, you get a window saying that you are connecting to an insecure site and that you should ask the site operator to upgrade to a secure system.

                I imagine lots of pissed users and lots of suspicious users and lots of users who have lost their confidence that the next Windows will allow them to pirate.

                A message like this can be translated to: "Microsoft is watching you" - Thing is, people don't like to be watched when they download warez, mp3s, porn and divx-movies.

                People will avoid any system that has sub-par mp3/porn/divx/warez capabilities and will switch to something else (*gasp* Linux) if Windows loses these capabilities or gives hints that the next version will lose them.

                And as for switching to Linux, you might not have that option, as the entire point about Palladium was that it is mean to be enforced in hardware via alliances with Intel and AMD (for now).

                Linux runs the majority of servers, so Intel and AMD will support Linux, no matter what Microsoft sais.

                Microsoft may be evil, but they aren't stupid...

                LOL. Yeah, that's why I see Hailstorm-websites all over the web. And Bill Gates surely didn't say anything stupid when he claimed "Internet will never be popular [and will get killed by proprietary MSN]". Or look at XBox which is the most innefficient and expensive gaming system on the planet. Microsoft is the only one losing huge amounts of money, yet they are at last position compared to Gamecube and PS2.

                Face it: Microsoft is probably the most incompetent company in IT. The only thing that gets them going is endless backwards-compatibility with their x86-desktop domination. (which dates back to 1981)

                People can't afford to take the risk of discounting their ideas.

                Wrong, people should start discounting their ideas.

                Microsoft marketing works like this:

                "We will release product xy next year"

                Then people LIKE YOU come around and scream "the sky is falling!", "Microsoft is evil", "boycott this product, it will destroy competition!"

                To Joe Average this all sounds like "Product xy will become the standard and all alternatives will become unsupported." -> Joe buys product xy. I wonder how many people have bought a XBox because they thought it would become "the standard" which was told so often all over the net. It's amazing how XBox sales figures dropped after it became clear that PS2 won't be dethrowned. Even in the USA XBox fell behind Gamecube.

                Nobody likes to be a mayrtyr, people like you are Microsoft's greatest marketing asset. Actually they don't have to do much marketing, people like you do it for them.

                I'm very thankful for Microsoft releasing the XBox, because it will fail so badly that Microsoft will lose their standard-setting image. (Microsoft had many blunders in the past like Windows/Alpha, MS Bob, Hailstorm, etc. But XBox will be first the average customer will know about) In the post-XBox era, Microsoft will have to actually deliver something more than a press release to convince people of future standards.

  • by Brento ( 26177 ) <brento AT brentozar DOT com> on Wednesday June 26, 2002 @07:31AM (#3768191) Homepage
    ...an attempt to kill Linux by rendering GPL'ed software unusable.

    As opposed to Windows 98 first edition, which was an attempt to make closed source software unusable.
  • by GigsVT ( 208848 )
    (and neither can the script kiddies who root my site monthly),

    I thought he was arguing (in part) that open source is more secure and private. What's the deal?
    • Re:eh? (Score:2, Insightful)

      The argument is that he was playing the part of the Uninformed Customer, the one Microsoft is trying to woo. A bit difficult, but I caught it when I read it the first time.

      In other words, he's describing the Microsoft FUD as if the theoretical client believed it.
      • Re:eh? (Score:2, Funny)

        "of the Uninformed Customer, the one Microsoft is trying to woo"

        There may only be one uniformed customer, but there are millions of pig ignorant ones!
  • This scheme only seems to work with x86 CPUs.

    What about arm and powerpc CPUs used in PDAs and many other systems?

    I wont even mention how the crusoe CPU could be re-programmed to fake any CPU ID you wish :-)
    • Palladium is not restricted to x86. It embraces all tyoes of hardware. This will include Tivo, PDA's even MP3 players. It can and will be expanded to any electonic device. Microsoft will not simply to encode protection into Longhorn. Bill Gates is aiming for a much larger market share than that.
  • by Gryffin ( 86893 ) on Wednesday June 26, 2002 @07:35AM (#3768213) Homepage

    It's a good, thoughtful article. It expands upon my first impression of Palladium when I heard it, that it was mainly going to be a way for Micro$oft to lock out other platforms as "untrusted".

    Much like John Ashcroft, Micro$oft is taking advantage of post-9/11 paranoia to expand their reach still further...::sigh::

  • by colmore ( 56499 ) on Wednesday June 26, 2002 @07:35AM (#3768216) Journal
    The general thrust of the article is that under the new security system, GPL programs will not be able to be "trusted" by MS' hardware/software security system, so GPL based systems (like Apache web servers) will become unusable with mainstream computers.

    I doubt this will happen.

    Because, frankly, the invisible success of opensource is too widespread. I haven't looked at server statistics recently, but a significant percentage of webservers run on some manner of opensource program. Microsoft isn't going to be able to force half of the web servers in the world to switch over, and if people know that buying this new board from MS/Intel (which has few tangible benefits) will render half of the internet unusable, nobody is going to go for it. I'm not even beginning to think about the various governments that have begun to standardize around Linux, the opensource core of Apple's OS X, etc. etc.

    Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.

    I say, let 'em try.

    • Also, supposed "journalism" that uses phrases like "Windoze" and "Microsoft's Mark of the Beast" cannot be trusted for accurate, unbiased information. The guy has an interesting opinion, but it's just that: an opinion.

    • You do have to consider that unless we can get out and tell people, most are going to think, 'Oh, website X is broken, I'll go to Y instead.' rather than 'Oh, Windows is broken, let's use Linux/Mac/PalmOS instead'.

      I don't think Linux has reached critical mass yet, but I hope there will be enough incumbants on old Windows systems as well as everyone on the new systems for the new Windows market to be ignored by the web hosts.
      • I imagine this will be an optional security feature, too.

        Since they can't have instant 100% deployment, people will have to be able to turn off the "security" to view a lot of content. If we could somehow setup a big public webserver where rejected traffic is relocated, we could inform people that "1, they should turn that crap off and 2, Microsoft is doing some *VERY* dirty business here and 3, Isn't it time they cut those corporate puppet strings from their arms" it could be a huge PR boon for the OS community.
    • by GigsVT ( 208848 ) on Wednesday June 26, 2002 @07:43AM (#3768261) Journal
      Need I break out browser market share statistics from 1996?

      We need to fight every battle as if it is our last, things change too fast in the IT world to trust things like market share.
      • For that to be a relevant comparason, the entire OS community would have to stop putting out meaningful updates and upgrades, make no feature additions ever, decide to scrap their codebase, and refuse to acknowledge that competition is occuring.

        Netscape died by their own hand. I wonder at what point the execs said "oh well we can retire on AOL money anyway, who cares?"

    • There must be a way of using in-house software by self-signing it. Can't people wanting to use GPL software just do the same?
      • by Zathrus ( 232140 ) on Wednesday June 26, 2002 @07:56AM (#3768332) Homepage
        In-house is irrelevant. That's not what this is marketed/designed toward. What MS is attempting to solve here is "how can I trust party X out there? How do I even know that party X is party X? And how can I trust party X not to share my private information with party Y?"

        It is, at least on the surface, a noble goal. There's still a lot of people out there that aren't willing to do transactions over the net due to security concerns. And even those of us who do use the net to do transactions know that there's pretty much nothing we can do about step 3 above -- if someone decides to share my personal data (be it my name, my address, my credit card numbers, or my social security number), there's pretty much no way in hell for me to ever track it back to them.

        The problem is, these are tough nuts to crack. That's why they haven't been fully completed yet. Microsoft is taking the stance that the only way to do it is to have a centralized authority, hardware encryption, and trusted systems. The problem with this is that it must be closed source. You cannot open the source up, nor can you allow people to "self-sign" -- doing so just means that Joe Cracker can say "yeah, I'm trusted - give me your info" and the system will. Because it's designed that way.

        Of course, there are a plethora of other issues here... privacy advocates will immediately scream about a centralized database of ALL the private information. Think the credit bureaus are bad? You haven't seen anything yet. And, afterall, we're talking about Microsoft here -- they don't exactly have the greatest history when it comes to security. And this isn't the kind of thing you can release and patch up later. It must be virtually air tight from the very beginning, or else you won't be able to guarantee the system as a whole (good luck patching that security hole on the embedded card reader over there!).
      • Not if the code wants to access any part of the system that deals with DRM. If it were possible to create self-signed code that interfaced with DRM components, then it would be possible to circumvent any access controls and get at the raw data.

        The only way to enforce DRM policies would be to require some sort of licencing/certification process for companies and developers that want to be able to write such code. That way the high cost would effectively prevent people from committing copyright infringement in that way.

        At some level, self-signed code must be regarded as being (potentially) untrustworthy, and so refused access. It's just a question of where the designers decide to draw the line. You can bet, though, that it'll be this side of enabling people to access data that the system thinks they shoudn't. This will help stamp-out copyright infringement and home-grown/open source media players...

        Cheers,

        Tim
    • by serps ( 517783 ) on Wednesday June 26, 2002 @07:57AM (#3768336) Homepage
      Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.


      I say, let 'em try.

      You think? I believe you're not looking at the bigger picture. The open source movement is a t a point where big business is starting to take it seriously. What Longhorn attepts to do is is dump linux from the desktop, because all the client progams will barf when they don't see MS-certified keys when they install. That's only half the story, though. You need those killer applications otherwise people will just install some other OS, and you've lost your leverage with the OEMshardware makers, and your momentum stops.

      The other half is the network services. What if your online bank rejected non-WindowsDRM compliant Operating Systems? What if all the websites you wanted to go to required Passport, or conversely if those websites HAD to run .NET-compatible OSes in order to be accessed by WindowsDRM machines? Microsoft doesn't own the web, but if they make their own proprietary internetworking system (*cough*.NET*cough*) then they've won half the war. They can afford to play nice and let .NET become really popular before introducing "optional" security settings, then embrace and extend to taste. They need critical mass in both the server and the client to win the war, but they only need to break Linux's interoperability with Windows to relegate Linux into a niche market - an OS which doesn't "work" with the new Net.

    • This article talks about Web browsers, but how much would you like to bet that the first battleground for this technology will be MS' attempts to eradicate "untrusted" file servers on corporate networks.

      Samba should be very concerned about this!
      • Corporations' purchases are at least partly reviewed by IT professionals who will instantly pick up on this.

        "Wait, so if I put one of these boards in a terminal, we have to setup a new $60,000 file server, hmmm... thanks but no thanks"
    • I think his point was that the GPL is undermined by the fact that you can't modify your system under such a scheme -- and still participate in the 'commons'. That, effectively, makes your GPL'd system unusable if modified.

      But, replace the word 'unusable' in your first paragraph with 'unmodifiable' and I think it represents the general thrust of the article more accurately.

      OTOH, I hope (and believe) that you're right on your later point -- Microsoft won't succeed on this one.
    • by rseuhs ( 322520 ) on Wednesday June 26, 2002 @08:07AM (#3768410)
      Not only Open-Source is too big, their own installed base is too big, too.

      The majority of users still use Win98, a 4 year old OS - which is only a minor step up of Win95, a 7 year old OS. (And Win95 is also still used by over 10% of users.)

      So if we extrapolate this figures:

      If MS starts this scheme in 2 years, it will take another 7 years until 90% of their users have it (and that's still not enough because 10% is still too much to lose).

      And because Linux is starting to make inroads (Governments of South-Korea, Germany, France, Israel and many other organizations are getting Linux on desktops) it will be too late for them in a couple of years anyway. Even if Linux only captures 10% within the next 5 years, this is enough to make such schemes fail.

      I don't even have to talk about the server-side because you already did.

      So, yes I agree, let them try.

      This will be the next Hailstorm.

      • by hoggy ( 10971 ) on Wednesday June 26, 2002 @09:04AM (#3768767) Homepage Journal
        If MS starts this scheme in 2 years, it will take another 7 years until 90% of their users have it (and that's still not enough because 10% is still too much to lose).

        Microsoft can afford to take the long view. The biggest driving force of Palladium/Longhorn will be the DRM technology. People want to consume media and the media companies will require rights management. The media companies can also afford to take the long view. They only need to keep crushing P2P upstarts through sheer weight until the laws and technology to support DRM are widespread.

        If only "trusted" apps running on a "trusted" operating system can play music and video, then people will buy those. Remember the vast majority of people aren't interested in their rights - and before anyone starts, I didn't see any groundswell of ordinary people defeating the DMCA.

        There is no "Linux" to defeat this. There are only distributions. The big commercial distros are the ones that will end up on ordinary people's desktops and they can either play along or not play - it'll be that simple. When it comes to pleasing shareholders I can guarantee that they will chose to play along.

        You just can't afford to be complacent on this issue. This is the biggest failing of the Open Source movement - there is no movement, just a bunch of people writing open source software. This works fine when there's no threat to the freedom, but when there is there's no organisation.

        The closest thing free software has ever had to a movement with principles and goals is the Free Software Foundation - and look at how ridiculed RMS has become.

        People like sitting on their butts and whining a lot more than they like actively campaigning.
    • by Saint Fnordius ( 456567 ) on Wednesday June 26, 2002 @08:10AM (#3768429) Homepage Journal
      The sky may not be falling, but it also fits in with vilefying emulators and their ilk, as Microsoft really *is* running scared. Now that Intel and IBM are working so closely with Linux, and Apple maneuvering itself to becoming the developer's platform of choice, Microsoft sees its comfortable monopoly under attack.

      Microsoft is paranoid about becoming irrelevant, about anybody doing to them what they did to IBM. They aren't truly innovative, and they know it. It even shows with this re-hashing of Intel's unique identifier plan as a way to lock out the competition. The wierd thing is, this comes just as experts (even from Microsoft itself!) are debunking technological security schemes!

      Another thing I noticed is that this whole "Palladium" is still speculative vaporware. It's as if Microsoft wants *us* to define it with our hopes and fears, or as if they heard of another meme and wanted to claim that they thought of it first.

      So maybe the sky *is* falling...from Microsoft's point of view.
      • Another thing I noticed is that this whole "Palladium" is still speculative vaporware. It's as if Microsoft wants *us* to define it with our hopes and fears, or as if they heard of another meme and wanted to claim that they thought of it first.

        That's a very good point. I think that's exactly what they did with .Net. They announced a bunch of vague stuff a few years ago and listened closely to whatever dreams people projected onto the formless name. Then they built that, or at least relabeled other things to fulfill the half-expressed wishes that they got back from the community.

        It's like marketing by sonar. Send out a flat ping, and see what shape it takes when it reflects off of the industry.
  • by nenya ( 557317 ) on Wednesday June 26, 2002 @07:38AM (#3768237) Homepage
    Most of the posts that precede me evidence a startling lack of respect for a true problem: M$FT, as much as we make fun of it, deride it, and generally despise it, has the ability to change the way the computing world operates. They've evicerated OS's before, and with a multi-billion dollar bank account, they can do it again. The Linux community's rallying cry seems to be "but we're so much better!" Microsoft's response is, "It doesn't matter. We're more powerful." It's time that we stopped touting our own superiority and took seriously attempts to make our favorite OS an irrelevent geek hobby. Yes, Microsoft has failed to do this before, and yes, they will fail to do so again, but they've got all the time and money in the world. They may be incompatent coders, but they are brilliant marketers. If they've got all the users, having the superior product is suddenly irrelevant. And if we aren't careful, we will be too.
    • by Tim C ( 15259 ) on Wednesday June 26, 2002 @07:54AM (#3768320)
      They may be incompatent coders

      They're not incompetent; some of the best coders in the world work for Microsoft.

      Just like in any other company, though, quality of the programmers is by no means the only factor determining the quality of the product. Give a good team an impossible deadline and you'll get rushed, buggy code. Give them a reasonable deadline but conflicting yet essential requirements, and you'll get an unstable product.

      Sure, some of the programmers are crap, but so are some open source programmers. I don't believe that they have any higher proportion of crap coders than any other successful software development shop.

      Love it or hate it, Windows 2000 works. So does Office, and Outlook, and SQL Server, etc. They may well all have bugs, and security holes, and annoying design/UI problems, but no complex piece of software is completely free of these things. I personally have issues with some aspects of KDE (still my desktop environment of choice, though). Just recently, a security flaw was discovered in Apache. Sure, it got fixed quickly, but it was still there. Are the Apache coders incompetent because of it? Of course not.

      I don't like Microsoft, its business practices, or many of its products, but to describe their coders as incompetent is grossly unfair.

      Cheers,

      Tim
    • but you have it wrong....

      MS killed Geos because it saw it as a bug and stepped on it.. Geos was a single distinct bug that youcould extinct the whole species with one squish.

      Linux and BSD are like cockroaches.. we reproduce like mad. if you kill one of us 10 spring up in it's place, and the recipie for making more of us cockroaches is freely available and will never ever dissappear.

      Microsoft doesnt have enough money,power, or anything to kill linux or bsd or GNU anything. we out number them 100 to one and have a ton more power, resources, smarts and speed.

      sorry, but watching a giant running around frantically stepping on millions of tiny bugs and getting more and more afraid as the swarm of bugs starts to run up it's legs and multiply faster is a precious sight.. and I am soo glad to be one of those bugs.
  • Microsoft is too far behind the power curve for their "final solution" to have more than a token effect on the clueless masses; GPL software is already too widely deployed and (dare I say it? Yes!) entrenched in too many places.

    One major example of this entrenchment: university research labs running high-performance computing systems (read: Beowulf-class clusters). Microsoft, to my knowledge, has absolutely nothing that can perform at the level that the cluster designers/admins/users have come to expect from Linux. If Microsoft tries to force those sites and systems into the old AD&D Paladin trap of "convert or die," they're going to be told where to go and who to see, in terms that are neither ambiguous nor polite.

    Just my two cents' worth...save up the change for a Red Bull or something.

  • Those that "know" wont use longhorn, and will still be able to use the software.

    Those that dont, probably wouldnt use the software in the firstplace.

    Me? Im sticking with 98se and w2k.
    • The problem will lie in transactions online. If you cannot buy that new cd you wanted because you are not "trusted" by a Palladium system you will be forced to go to a shop to buy it or buy a palladium compliant system.

  • by sbuckhopper ( 12316 ) on Wednesday June 26, 2002 @07:45AM (#3768277) Homepage Journal
    In other words, what MS is attempting to do here is the same thing they've done all along.
    1. Take a perfectly good command standard.
    2. Bastardize it for their own use.
    3. Make it not-backwards compatible.

    However this time they really win the game if they're succesfull. This is because if they can really implement this, they actually don't have to do the work of bastardizing the standard interfaces, they've inherintly done it.

    What they're trying to do is make it so that a common interface is a MicroSoft interface from the start.

    How many antitrust lawsuites do they want brought against them? I guess $30B can buy a lot of lawyers.
  • Well after all... (Score:3, Insightful)

    by o'reor ( 581921 ) on Wednesday June 26, 2002 @07:48AM (#3768288) Journal
    Not everybody is using Hotmail or MSN. Alternative solutions to MS Passport or "Palladium" exist, supported by big brands such as Sun, Oracle and so on. Why would everybody suddenly turn to an all-M$ solution ? Besides, that "Palladium" thing is still a long way down the road : no release before 2006 AFAIK. Right now, there are plenty of governments and organizations that are considering migrating part or all of their administration to Linux or other open-source based solutions, one of the main reasons being (surprise !) the openness of those products and the availability of the source code.

    This means that they have weighed in all the involved costs (migration, maintenance, training and so on), and they are not likely to go backwards to a proprietary M$ solution in 5 years (which would involve another heap of money for training, data migration, etc.)

    Since M$ is not going to release any major rework of its flagship OS for the next 5 years or so, I see a chance for Linux and other free software OSes to dramatically increase their respective user bases in the meantime. And if the users turn out to be major organizations / administrations / companies, they will be in a position to negociate an open-source (or at least, much less restrictive) alternative to M$ Palladium from the contents providers / secured businesses they might have to deal with.

    Just my 0.02 euros anyway...

  • by MongooseCN ( 139203 ) on Wednesday June 26, 2002 @07:48AM (#3768289) Homepage
    In other news MS has decided to get into the meat packing business. Their first products will be Gnu and Penguin burgers. Rumor has Bill Gates himself helps butchers the animals and is under investigation by the ASPCA.
  • It's simple:
    • MS will coerce chipmakers into putting circuits on ALL of their chips that require software running on those chips to carry out patented processes. (Note that the terms of the licenses will state that the companies can only make these chips if ALL chips have these patented circuits.)

    • They will then license the ability to use these patented processes in software to companies who make approved/trusted software.

    • Any guesses on whether Linux and GPLed software will get this permission.?

    • Any guesses on whether or not the terms MS gives to software developers will be nice or not?


    I really hope that this doesn't happen, but I can see them trying. My hope is that the chipmakers balk at some point, or at least one of them does for each of the necessary parts.
  • First of all, it's not at all about the GPL. MS may want to lock out everything non-Windows, but that would include the BSDs and BeOS or OS/2 if they were alive. (none are under the GPL)

    Then, people just don't want this. They did not ask for it, they will not pay for it and they will not buy it. It does not add any value to the product.

    Then, Linux will adapt fast enough. If this really affects internet-applications, then it wouldn't be viable without Linux, Linux runs the majority of Webservers, remember?

    I dismiss this thing as "Microsoft strategy of the week". It's the next Hailstorm.

    • There are many ways for this "M$ strategy of the week" to fail. So many, in fact, that it's just a matter of waiting to see what kills it. Considering the overwhelming rejection of Hailstorm, we can expect to see Palladium buried in the cyber-cemetary, between Hailstorm and the CueCats.
  • by tkrotchko ( 124118 ) on Wednesday June 26, 2002 @07:55AM (#3768327) Homepage
    I think its a chicken or egg problem.

    If there were no PC's, this scheme might work because there is no "untrusted" installed base.

    But since there are already billions of PCs out there already that can't or won't work with this scheme, they it can't be adopted because a merchant or web site owner would risk locking out huge portions of their customers.

    This reminds me of the whole Passport authentication scheme that had everyone in an uproar last year. In the end it amounted to NOTHING because it never had critical mass.

    I agree with most of the analysis, I just don't think anyone has enough control over the computing ecosphere to make this work.
  • This will not kill Linux. This will Linux on x86 (or whatever platform Windows runs on). I can't imagine that Apple will go along with this. So if all the die-hard Linux users start buying Apple computers instead, the hardware vendors and retailers will feel it (they may only feel it slightly, but slightly is still money).

    Bonus: If we're all using Apple hardware, we're dealing with a MUCH smaller set of hardware; less driver searching. Maybe Apple would even be helpful in writing the drivers?
  • Here is an idea... make a business out of fighting Microsoft. Grab all the Free Software you can... pay developers to improve it... package it and sell it. Then, you can charge for service/training etc. Show folks how much they will really save. Don't rely on other's opinions, sit down and do the numbers yourself. Then, show how well you'll be able to communicate with all that other Free Software that everyone will use. Show them that Big Brother is watching, and that they own your life if you choose to use their software. There is a market folks... I know I'm going to get in the game, you should too!
  • by spagma ( 514837 ) on Wednesday June 26, 2002 @08:00AM (#3768357) Homepage
    The reason I say this, is that I do technical support for a local ISP, we have both Unix and W2K webservers on our system and a couple thousand customers that don't know the difference. I would say that most people wont even know they are getting these boards whent they purchase a new machine. Then they will be calling me up to find out why they cant view their favorite webpages. The answer, "Your hardware is restricting your access to the site" is just going to blow right over their head, they are not going to understand why. They are just going to be pissed at us for not being able to help them, probably switch to AOL or something before they find out the real problem, but by then it is way to late. They will just deal with it. Complacency is the name of the game, this is the same reason why companies offer rebates, because a good portion of the customers are not going to bother doing anything about it. Sure some will, or try to return their hardware, but most will not, they will assume it is the new standard and everyone else will have to change to meet it. After all, their stuff is brand new, how could it be wrong?
  • by kipple ( 244681 ) on Wednesday June 26, 2002 @08:01AM (#3768366) Journal
    you have a chip ON THE mobo that tells you if you can run an application. what if you're disconnected from any network? the chip must have some key that, applied to the application, will make it usable. Or will decrypt the application. Or will act as a general key to allow the cpu to run some code.

    Still, it is something you have ON YOUR MOTHERBOARD. Like the CSS key... it's there, it will be just a matter of time before those evil linux users will find a way to bypass it, fake it, and run whatever they want. Bringing havoc on the pristine, certified, public-key signed microsoft world. Like a cancer...

    ....or at least I hope so. I have much more trust in a 15-years old linux north-european user, than in any chunk of Microsoft Engineers that live in their golden world, without Windows (hah! pun!) on the outside world.

    However, this palladium-thing looks like the whole .NET thing. Just marketing hypes, nothing else. We've all seen what .NET has become... bugs even before it was launched. Palladium is just a way to scare vendors which would like to try linux.

    Those guys at Microsoft are just playing the scary-announcement thing: to scare people before they make the next move. Then make them wait, then provide them a lot of useless marketing, then -before they will realize it- they have been embraced. And the empire extends itself.

    Whops! sorry folks, I don't believe a word of this palladium thing until I see a working chip, and I see that it works better than current systems. THEN we can start talking about that, and hacking it. Unless the new DMCA won't make it illegal and punisheable by death ;)

    cheers.
    • Unless the new DMCA won't make it illegal and punisheable by death

      Ding! The existing DMCA makes this illegal. Since Palladium provides DRM (by attempting to provide a 'trusted' client, ie one that obeys MS and not its owner), subverting it is a DMCA violation. Do not pass Go, do not collect $200.

      Now, arguably, the interoperabality/reverse-engineering clauses of the DMCA clear you here, but if those meant anything the whole DMCA becomes mostly a non-op anyway, so the courts appear to be just ignoring them.
    • by mjh ( 57755 ) <mark.hornclan@com> on Wednesday June 26, 2002 @09:50AM (#3769293) Homepage Journal
      you have a chip ON THE mobo that tells you if you can run an application. what if you're disconnected from any network? the chip must have some key that, applied to the application, will make it usable. Or will decrypt the application. Or will act as a general key to allow the cpu to run some code.

      Ok, but this will be done by installing a certificate (i.e. a signed public key) into the mobo, not a secret key? The certificate will be used to verify that Red Hat (for example) has signed the binary that was distributed. Nothing secret is needed to accomplish this verification. The secret is stored in Red Hat's secret key (stored at red hat) and in the root level secret key (stored, presumably at Microsoft).

      So what happens is that Red Hat attaches the cert that they used to sign the app to the app. The mobo cert can verify that it's a red hat cert because the root cert is installed on the mobo. Then the mobo uses the red hat cert to verify that the app has been signed by red hat. No secret keys required. Only publically available knowledge required.

      If you're able to break this, then you've broken all public/private key encryption under whatever algorithm was in use.

      This is very different from CSS because CSS tries to encrypt (hide) the content. With CSS a huge number of people need to be able to see that content: legitimate customers, none of which have their own private key. So somehow the customer needs to be able to get access to a secret key to see the data. So CSS put a secret key into every DVD player, so that customers could see the data.

      But with this, they're not trying to hide anything. They're trying to verify that the data (in this case a computer program) hasn't been altered. Doing that securely does not require wide distribution of a secret key. It requires wide distribution of a certificate (i.e. a public key) but so what? It's a public key. As long as the software provider has a cert signed by microsoft and as long as microsoft keeps their secret key secret, this is going to be very difficult to break.

      I think this is very scary, and I think it's quite clever. It basically makes the problem of exercising the GPL the equivalant of cracking public/private key encryption. And that doesn't even mention the amount of power than Microsoft can impose through forced upgrades? Certificates expire. Microsoft can impose that all software providers certificates will expire every year, or 6 months or whatever. At which point, the software will no longer verify correctly. Which means you need to go back to your provider to get an upgrade with a new certificate! You thought forced upgrades were bad before? And what happens if Red Hat decides to divulge their secret key so that the GPL can continue to be exercised? Or if they make it easy to get signed apps? Well then Microsoft simply decides *not* to issue them a new certificate when their current one expires.

      This is clever in a very sinister way... unless I'm missing something.

  • Ignorant FUD (Score:5, Insightful)

    by NearlyHeadless ( 110901 ) on Wednesday June 26, 2002 @08:03AM (#3768388)
    The article begins
    Yesterday, as we all know, Microsoft fed an 'exclusive' story about its new 'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy who writes without irony of "high-level encryption"), presumably because they trusted him not to grasp the technology well enough to question it seriously.

    This is the Steven Levy who has been writing about computers for two decades now, whose books include:
    • Crypto : how the code rebels beat the government--saving privacy in the digital age
    • Insanely great : the life and times of Macintosh, the computer that changed everything
    • Hackers : heroes of the computer revolution

    Obviously, with titles like these, he must be an ignorant Microsoft toady. On the other hand, Thomas C Greene, who has never spoken with anybody involved with the project, knows everything about it and what it is really about.
  • .....its just that everyone is out to get them.

  • Given Apache's penetration, and Linux's adoption, what is to say that Linux can't provide all that Microsoft can. I mean, what Microsoft would get is a "Microsoft Network" of computers (incedentally all running .NET) What this OS would tell you is: "No, you can't burn these MP3s, No you can't view that content." Meanwhile the opensource half of the world will have *SOME* DRM capability, which will probably be something like "allow all." Now which OS are you going to pick? The one where the Media Mongers and Monolists control, or the free and open one?

    This is just another nail in the coffin for Micrsoft, by Microsoft.
  • I think we would all agree this could potentially be a very dirty trick. I may disagree through and through with their plan and approach, but I can't totally blame them. Think about their perspective--

    -Linux market share is gaining in every direction which means their market share is at extreme risk of dwindling.
    -There is no one company to compete with and/or buy out to remove the threat.
    -Even if they were able to keep Linux OS market share at bay, it will still continue to improve because the core development team can and will always exist.

    When faced with an enemy they can't beat with their usual tactics, their last resort might just be to try something like this. Attacking from the back door could be their last hope at maintaining their dominance. Make no mistake about it, that is what they have to do in order to keep their identity.

    It seems to me that Microsoft has realized the inevitability of software--it eventually reaches a point of commodity and finality. There is only so much you can do with a word processor to make it better. After that you are only complicating it. As the OSS alternatives quickly approach this state, there is no need to use the expensive version anymore.

    Regardless of their initial intentions, it might be safe to say that if MS sees GPL and Linux suffering from this endeavor, they will try all the harder to push it. Be wary of any company that has everything to lose and plenty of resources to try and keep it.
  • by standards ( 461431 ) on Wednesday June 26, 2002 @08:07AM (#3768412)
    Let's be honest here - Microsoft has trouble on it's horizon.

    Microsoft has sold a lot of Windows 95 and Windows 98. And sad to say, these so-called "operating systems" are good enough for my mom and dad (and sister and grandfather and girlfriend and boss).

    Now what? What is Microsoft releasing that would convince my family to upgrade their PCs? To be honest, nothing but hardware failure will convince them to do that. They're happy with their 5 year old PCs, and such longevity is sure to hit Microsoft's bottom line.

    The answer? A new security scheme that makes it impossible to run new programs on old hardware. A scheme that also negatively impacts unauthorized vendors (including "open source"). And a scheme that forces users to upgrade on a period basis just so programs will work.

    Let's be honest - microsoft has some of the best business people in the world. And they're smart. They recognize this issue and plan to leverage it for profit.... not for innovation or customer experience.

    The answer? Disable Outlook - in my opinion, Outlook is the biggest computer security issue ever. It's a nice email client (in general terms), but the security issues have been out of control.
  • First which business would adopt this and cut out valid revenue from late adopters? The early adopters will just bomb. I know quite a few companies that are still running Win95 and most are on 98 hardly any are on ME or XP.


    The only value to this anouncement that I see is that it will slow down the adoption of open source. People will question the logic of converting existing systems from Window$ due to fear that they would have to switch back when this is finally implemented.


    Stop adding to this fear!!! Only stupid people would adopt/buy this technology. Granted that there are many that are stupid but quite frankly I'd say that that would be under 10%

  • DRM Comments (Score:4, Interesting)

    by ansible ( 9585 ) on Wednesday June 26, 2002 @08:12AM (#3768447) Journal

    Ya know, the more big media (and big biz in general) talk about DRM (essentially copy prevention), the less interested I become.

    Occasionally, big media has come out with some real gems (like LotR:FotR), but frankly, most of it is crap. I used to listen to the radio for music, but I'm not too impressed by most of that either. Now all I listen to is NPR and an independent dance music station.

    They can go and use all the technological means to protect their product (as opposed to art). As long as a few of us can still communicate together, I can keep using free software. As long as people still know how to sing and play, I'll still have music to listen to.

    Maybe I'll still go to a movie in a theater once in a while, but I'm just about finished with big media. The more effort they spend to protect their products, the less significant it becomes as art.

  • by LordKronos ( 470910 ) on Wednesday June 26, 2002 @08:16AM (#3768462)
    Im not the slightest bit worried about it. It wont happen in that way. Its just paranoia. Remember back long before XP came out, and everyone was talking about how horrible XP was going to be because it was going to only allow you to run digitally signed applications? Didnt happen, and it wont. The average joe user wants to run fun little $5 and $10 games and apps that they download (think card games, personal diaries, system utilities, etc). They want to run these cute little freeware screen savers that friends email to them. Its not going to fly.

    The article talks about digitally signing everything, all purchase transactions, etc. Again, it wont happen. People want to provide as little identification as possible when they are browsing porn sites, and face it...porn is pretty darn popular. So at the very least, you are going to have to leave open some holes for certain things to happen. But once you leave a hole open in your ship, there isnt much you can do to stop if from sinking. One hole is all virus writers and spammers need to get the nasty stuff through.

    And doesn't anyone at Microsoft remember what happened when Intel put a simple processor serial number in their CPUs? People bitched up a storm about it. And that wasnt even a personal identifier (it identified your CPU...and if you changed CPUs nobody would know). Now they are talking about something that would identify you personally? Not gonna happen.

    And another thing, did Microsoft even collaborate with anyone on this? I know they have agreements from Intel and AMD to manfacture chips, but as far as I can tell from everything I read, Microsoft has masterminded this whole thing on their own. Ignoring for the moment the fact that I dont think consumers will adopt the idea, I dont think Microsoft could be successful in addressing all the necessary issues on their own. Even if 50 of the top companies got together and tried to come up with something like this, it would still be extremely difficult for them to come up with something robust, secure, and that addresses all future possibilities. If Microsoft is masterminding this on their own, its going to be a million times more difficult to do so.
  • by fishbot ( 301821 ) on Wednesday June 26, 2002 @08:18AM (#3768472) Homepage
    A quote from the GPL [gnu.org]:

    "6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License." (emphasis added)

    As there is no specific mention that the GPL applies only to source (it applies to computer programs, including binaries and object code, as specified in section 3), one can only take this to mean that forcing it to comply with Palladium would be imposing further restriction on the users ability to excercise the rights given to them by the GPL. This is itself breaking the GPL.

    Just something for the GNU friendly legal types to chew on :)

  • by Ibag ( 101144 ) on Wednesday June 26, 2002 @08:33AM (#3768577)
    Microsoft has enough money and enough clout that something like this getting implemented is a real possiblity. Switching over to a different OS might be feasable for some people, but for the vast majority of users, it is not. If palladium is implemented and microsoft does succeed with it, what will happen?

    Since we will lose alot of interoperability, the computing world will be split into microsoft and non-microsoft which end up roughly indipendent from eachother. As I see it, there are three possibilities depending upon how deeply the hardware manufacturers and government get invoved. Either those who use microsoft are cut off from those who don't use microsoft, those who use x86 are forced to use microsoft (or at least their authentication system), or it becomes illegal not to use the system and everybody is forced into microsoft's death grip. None of these possibilities are very appealing.

    The only way things won't completely suck is if this is never implemented, but if they have as much industry support (and presure from the bill formerly known as SSSCA) as I think they do, then the outlook doesn't look good. That is why microsoft's power should be limited, why they should be punished, and why they need to be monitored to prevent them from doing things that are anti-competitive (even if not overtly so). That is why I hope that, in the end, MS recieves at least a slap on the wrist from the antitrust suit, if not something slightly more meaningful. Of course, with Bush in the white house, I have serious doubts...if only more people realized that just because something is good for a big company doesn't mean that it is neccesarily the best thing for the economy or the citizens of the country...*sigh*
  • by pongo000 ( 97357 ) on Wednesday June 26, 2002 @08:38AM (#3768613)
    The author of the linked article states that even with GPL'd source code, the binaries you build would not work because they aren't certified. How, then, would a developer develop anything if they can't run binaries? Or would all binaries run under the same cert on a particular machine? This whole scheme seems to be simply unworkable.
  • by SloppyElvis ( 450156 ) on Wednesday June 26, 2002 @08:46AM (#3768656)
    I submitted this link to a CNN article [cnn.com] before reading the /. front page today, and given its "Popular Press" status, I'm sure it won't make it through the Slashdot editors. However, it seems the popular media has taken an anti-Palladium stance for now, perhaps to cool the flames of this article.
    1. Given the reliance on hardware encryption, Palladium requires everybody to buy a new computer to use it.
    2. Given that an encryption system that can stand up against attack through time has never been accomplished in history, the MS plan has little chance for truly ensuring "private data".
    3. Given that the United States government want to be able to look at your data because you might be a terrorist (or just an enemy of the state), "private data" opposes Big Brother, and is therefore not likely to give any *real* privacy at all (unless you just have blind trust in the govenment ;P).
    The good news is, I don't think the 'commons' are buying into Palladium, at least not yet. Besides, real paranoids don't use Windoze.
  • by Fiver-rah ( 564801 ) <slashdot@NoSpaM.qiken.org> on Wednesday June 26, 2002 @08:47AM (#3768666) Homepage Journal
    He describes a scenario in which only certified binaries will execute on an operating system. Uh ... how on earth is this even remotely possible? And who would put up with it? Let's say that I'm just learning computer science. And I write a standard "Hello World" program, and compile it. Now, there's an uncertified binary. And, hypothetically, it won't run on my hardware.

    If no binary can run without certification by some outside agent, it follows that users can't write programs and run them without getting them certified (If they could, there'd be no worries about Open Source). Good god. Can you imagine what that is going to do to my debugging efforts?

    This scenario is not going to happen. Because even mostly clueless M$-running people will listen if you say, "Hey, you realize that if you run Palladium-based architecture, your darling children won't be able to use their computer for some very important learning purposes."

    • Unsigned code will run. Unsigned drivers/modules will not, and unsigned OS kernals won't boot.

      One could target holes in the OS itself, and workaround this way...
  • by d3xt3r ( 527989 ) on Wednesday June 26, 2002 @08:49AM (#3768682)
    I think this is another step in the wrong direction for MSFT. However, I am glad to see it happening because the more aggressively they attack free software (and non-MS software in general), the more quickly they postion themselves to be irrelevent.

    Think about this in conjuction with their plans to make Longhorn debut in 2006 as a radically new OS. Do you know what "radically" new says to me? It says completely incompatible. And not simply with Unix/Linux/et al, but with former Microsoft products as well.

    Bear with me for a minute.... let's say for a minute that Longhorn is to Windows XP what Mac OS X is to OS 9 - a complete rewrite, completely incompatible, and arguably 100 times better. But adoption is slow. People are entrenched in thier current OS of choice, OS 9 or even 8 for some. So when Microsoft prepares to move the masses to their radically new OS in late 2006, a great deal of segmentation will occur.

    Now let's pretend that Linux is ready for the masses (on the desktop) by 2006, and it has a stronghold in the server market. Now you're looking at two paths (at least for corporate types): 1. Continue to allow MS to shove upgrades down your throat and keep following the Windows donkey cart. Further, subject yourself to the new DRM of Longhorn and face issues of your free software and possbily other commercial software (IE Oracle and other DBMS) not working correctly. 2. Switch to Linux or maybe Macs. When companies are forced off Win 2k/XP and forced onto Longhorn via MSFT, we'll see how many are willing to comply. Continuing to use XP/2k may not be an option, but ditching MS entirely may be a reality in 4 years.

    I know it took a long time to get to my point but it's a complex issue. Far more complex even than I have portrayed above. But seriously, I think MS is going down a road to making themselves irrelevant. However, never count out the power or marketing! What MS lacks in software reliablity they make up for with a powerful marketing department and an unfortunate following of corporate weenies.

  • by Noryungi ( 70322 ) on Wednesday June 26, 2002 @09:00AM (#3768747) Homepage Journal
    Some quick ideas:

    • I thought M$ had some legal problems going on. Somebody find state lawyers and explain that Palladium means the monopoly is going to get bigger. Then watch them go ballistic.
    • Interested in Palladium? Seriously, can you trust the company who brought you email viruses with your mobo security? I thought so.
    • Specific example: Linux+Apache = ungodly percentage of www servers in operation today. And you think all of these sites will change to a Palladium-enabled machine+Win2K+IIS? Naaaaaahh...
    • I can see the web banners out there right now: Cheap Taiwan mobo, ready for P6-300GHz and NO PALLADIUM!! As a matter of fact, there is even a precedent for this: DVD players used to be geographically limited, right? Then some CEO in Korea decided that stupid rule was costing his company money.
    • M$ Hardware? High security? You mean, like... the XBoX, right? =)

    Seriously, though, I am willing to bet god $$$ that this is a test from Redmond. Now, they know.

    And if you are from M$, read my lips: it won't work. And that's just my US$0.02. Just wait until the EU, the Justice Dept. and this nice Peruvian gentleman get a hold of this...
  • by SailFly ( 560133 ) on Wednesday June 26, 2002 @09:27AM (#3769040) Homepage
    Embedded security into a hardware device to restrict its use? Sounds similar to me.

    I wonder how many firmware/BIOS patches will show up that disable or fool the hardware device like how you can disable region locking in your DVD drive -- not that I would ever condone such behavior :)

  • Switch! (Score:3, Interesting)

    by psicE ( 126646 ) on Wednesday June 26, 2002 @09:28AM (#3769049) Homepage
    There's a computer available, that doesn't use AMD or Intel products, so it's immune from Palladium.

    It's got a 500MHz processor, PGX64 graphics accelerator, 128MB of memory, a 20 GB 7200 HD, Ethernet, floppy, 48X CD, smart card reader, and... Solaris 8 Pre-loaded? All for $995. (Yes, that's a SPARC processor).

    To me, it looks perfect. We get a high-speed 64-bit RISC processor, really the only RISC architecture that hasn't morphed into Itanium (poor Alpha); we get reasonable basic specs, and just about everything short of the proc/mobo can be upgraded with standard parts from Pricewatch; and finally, because Freedom is of the utmost concern, any version of Debian that you can run on x86, you can run just as well on Sparc.

    And if that isn't enough, if you absolutely *need* to run Windows applications for some reason, in addition to using Bochs, there's another option. If you don't mind keeping Solaris on your computer alongside Linux, you can even buy a $500 PC-within-a-PC card, with a 733-MHz non-Intel x86 processor; because it lets you run Windows and Solaris apps side-by-side, it's essentially a perfect cross between VMware and Wine.

    Don't know about you, but my next computer's a Sun.

    I do wonder what Microsoft would think if large numbers of people did this. On the one hand, they might love it; if all the Linux users bolt to SPARC, then Microsoft is left with 99.999% control of their platform, complete control for computer built in the last 3 years, and the power to make hardware manufacturers do whatever they say. On the other hand, it means that their Windows-is-better-than-Linux arguments now have to account for the fact that Linux is running Sparc, and it becomes that much harder to get Linux users to switch back. :D

    And for us, it means that the ugliest and slowest port of Linux, that for x86, is all but gone; and most time will be spent developing one of the cleanest, SPARC.

  • by gillbates ( 106458 ) on Wednesday June 26, 2002 @09:39AM (#3769185) Homepage Journal
    Microsoft cannot implement this without going out of business, or losing a substantial amount of the desktop PC market to Linux.

    Here's why:

    1. Microsoft's dominance in the PC market has been fueled by the fact that their software has been backward compatible; existing desktop users have always found it easier to upgrade Windows than switch to Linux.
    2. The appeal of Windows for the average user is that it is compatible with almost all of the hardware and software available today. Take away this compatibility, and there will be little reason for the average desktop user to adopt it.
    3. Many businesses, including mine, depend on the backward compatibility of Windows to run many of our mission critical applications. We don't even have the source code for some of these, so switching to a Paladium Windows(TM) isn't even an option. Even in the cases for which we do have source code, we would still be forced to use Linux because Paladium Windows (TM) wouldn't run our unsigned code.

    Paladium is pure speculation by Microsoft. They cannot afford to release this to the public, because they would lose their monopoly on desktop operating systems if they did.

  • by Bob9113 ( 14996 ) on Wednesday June 26, 2002 @09:44AM (#3769235) Homepage
    What is the free equivalent to this? I propose the following:

    Microsoft is banking on the fact that companies will trust it to authenticate good software because they trust the Microsoft reputation. Historically, Open Source has developed its trustworthy reputation by banking on actual users who state that the software is trustworthy.

    So here is a Free alternative to Palladium - a public trust clearinghouse. Much as DCC authenticates spam, and the GPG repositories authenticate public keys, a public trust clearinghouse could be an expression of the corporate trust of software.

    As an example, imagine giving each member of the Wilshire 5000 a number of votes equal to 10000 minus their position in the Wilshire 5000 (IE, the biggest company gets the most votes). Each can submit any mix of those votes to the "trust this software" and "don't trust this software" bins, and can move them as the wish. New software would have very few votes. Established software would have many votes. The decision to trust could be based on both the number of votes and the percentage of positive votes.

    Yes, I think using the Wilshire 5000 is a requirement, because corporations don't trust the general public with business decisions any more than you and I trust Joe Six-pack with firewall settings.

    The question then is how to incentivize corporations to participate. Perhaps a license requiring that those 5000 companies submit a certain number of votes per month to be allowed to access the trust repository... just spitballing.

    Regardless of how it is done, I think Microsoft has hit on a genuine chink in the O/S armour - it does not have any officially responsible party. Coming up with a way to state authoritatively to business that version 3.142 of SuperDaemon is trustworthy would go a long way to countering Palladium if it catches on. And frankly, I would be far more likely to trust 5000 parties who are objective on average than to trust the manufacturer of the software.
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Wednesday June 26, 2002 @09:41PM (#3775960)
    Comment removed based on user account deletion

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...