Will Microsoft Code-Checking Plans Cripple the GPL? 663
Infonaut was one of many readers to point out that "Thomas C. Green at The Register seems to think Microsoft is after far more than the 'ubiquitous security' they're pitching to the mainstream press. In this lengthy article, he contends that Microsoft's latest plans are in many ways an attempt to kill Linux by rendering GPL'ed software unusable. Yep, that's freedom to innovate, I'd say."
Where did you say you wanted to go today? (Score:5, Funny)
Thomas, are you there ? (Score:5, Funny)
Thomas, if so, can you reply to this so that we may ask you questions in this forum ?
Re:Thomas, are you there ? (Score:2, Troll)
sure, cheers.
tcg
Re:Thomas, are you there ? (Score:3, Insightful)
Put a patch in the os (isn't open source great - you can't do that with closed source) that intercepts all bios calls, and gives back the response you want to give.
Next, we'd see patches for flashing the rom to disable the mobo code - again no problemo!
The only people who wouldn't be able to accept this solution are proprietary os loosers^H^H^H^H^H^H^H^Huseres.
This way, you can even imitate another user and pc by copying their hash key - talk about yet another gaping security hole.
Now you won't even have to root their box to own them
I guess this is Bill Gates latest insecurity model
Micro$oft - you fix it, they break it in the next version!
Re:Thomas, are you there ? (Score:3, Insightful)
1.Intercept the bios calls, and return whatever you want, including "signed" data. Or return nothing. Or return values you've sniffed from someone else's box.
2. Back up your bios first, then look through the bin file (doing this on 2 mobos with the same bios, and running a diff will give you the bios key)
3. If sites don't allow people in who aren't authenticated, this means that, eventually, as authentication becomes all-pervasive, unauthenicated users will become "invisible". Once nobody will be able to see them, and nobody's checking for them anymore, they'll be able to roam the net free of constraints.
Also, we could run the data stream through a firewall that could strip out any key data, or replace it with whatever we want.
There are also privacy concerns that would require that the ID be able to be changed, or deleted. You can be sure that the NSA, etc., will insist on a back door for their "trusted users". How long before someone else finds it?
If you don't think people will be able to do this, check out how many are using hacked satellite TV cards.
Bah. (Score:4, Insightful)
Just keep coding. Millions of happy hackers > politics and license agreements.
Who will 'force them'?? (Score:2)
He will use online vendors that support the new web security etc in this box.
The vendors will use windows servers because they help deliver that security.
Vendors will only use linux boxes if they can do the same thing as the market leader. This has always been true with linux, even in markets where ms was not the leader.
Re:Who will 'force them'?? (Score:2)
Keep coding, use what you want to (that's the great thing about open source), and let the rest of the world be.
This isn't a pissing contest. It's subversive passive aggression.
Re:Who will 'force them'?? (Score:2)
Re:Who will 'force them'?? (Score:2)
Re:Who will 'force them'?? (Score:5, Interesting)
Let me explain:
IMO, the only thing that keeps Windows going is that people have so much software lying around that they have a hard time switching.
Now if the first PCs with this limitation come to the market that force you to replace all your software many would just switch to Linux because your software will become worthless sooner or later if you stay on Windows.
And if Microsoft is stupid enough to enforce Palladium in their OS, Wine/Linux will have BETTER WINDOWS COMPATIBILITY than Windows itself.
Re:Who will 'force them'?? (Score:5, Insightful)
The "safer" way for Microsoft, is to make their next version of Windows warn you whenever you try to do something "unsafe". Imagine if each time you connect to a webserver not running this security stuff, you get a window saying that you are connecting to an insecure site and that you should ask the site operator to upgrade to a secure system.
Then give users the option of blocking unsafe sites permanently.
Then after somewhere around 70-80% of all systems are "secure" they issue an upgrade that make your machine refuse to deal with unsafe data by default, hiding an option deep down in Windows to allow it. Possibly allowing you to "self authenticate" old applications.
After a while, you then make the authentication mandatory.
This has the possibility of working, if they aren't met with solid opposition from the start, and if they have the sense to do it gradually enough to not alienate too many people.
Keep in mind that Windows is based on obsoleting things. There's so much old software that stops working between versions of Windows, that that argument simply don't hold - your Windows software WILL become worthless sooner or later, but people still stick with it.
And as for switching to Linux, you might not have that option, as the entire point about Palladium was that it is mean to be enforced in hardware via alliances with Intel and AMD (for now).
Microsoft may be evil, but they aren't stupid... People can't afford to take the risk of discounting their ideas.
Re:Who will 'force them'?? (Score:3, Interesting)
Oh really?
Of course they won't make new PCs refuse to run unauthenticated binaries right away. That would of course kill them. The "safer" way for Microsoft, is to make their next version of Windows warn you whenever you try to do something "unsafe". Imagine if each time you connect to a webserver not running this security stuff, you get a window saying that you are connecting to an insecure site and that you should ask the site operator to upgrade to a secure system.
I imagine lots of pissed users and lots of suspicious users and lots of users who have lost their confidence that the next Windows will allow them to pirate.
A message like this can be translated to: "Microsoft is watching you" - Thing is, people don't like to be watched when they download warez, mp3s, porn and divx-movies.
People will avoid any system that has sub-par mp3/porn/divx/warez capabilities and will switch to something else (*gasp* Linux) if Windows loses these capabilities or gives hints that the next version will lose them.
And as for switching to Linux, you might not have that option, as the entire point about Palladium was that it is mean to be enforced in hardware via alliances with Intel and AMD (for now).
Linux runs the majority of servers, so Intel and AMD will support Linux, no matter what Microsoft sais.
Microsoft may be evil, but they aren't stupid...
LOL. Yeah, that's why I see Hailstorm-websites all over the web. And Bill Gates surely didn't say anything stupid when he claimed "Internet will never be popular [and will get killed by proprietary MSN]". Or look at XBox which is the most innefficient and expensive gaming system on the planet. Microsoft is the only one losing huge amounts of money, yet they are at last position compared to Gamecube and PS2.
Face it: Microsoft is probably the most incompetent company in IT. The only thing that gets them going is endless backwards-compatibility with their x86-desktop domination. (which dates back to 1981)
People can't afford to take the risk of discounting their ideas.
Wrong, people should start discounting their ideas.
Microsoft marketing works like this:
"We will release product xy next year"
Then people LIKE YOU come around and scream "the sky is falling!", "Microsoft is evil", "boycott this product, it will destroy competition!"
To Joe Average this all sounds like "Product xy will become the standard and all alternatives will become unsupported." -> Joe buys product xy. I wonder how many people have bought a XBox because they thought it would become "the standard" which was told so often all over the net. It's amazing how XBox sales figures dropped after it became clear that PS2 won't be dethrowned. Even in the USA XBox fell behind Gamecube.
Nobody likes to be a mayrtyr, people like you are Microsoft's greatest marketing asset. Actually they don't have to do much marketing, people like you do it for them.
I'm very thankful for Microsoft releasing the XBox, because it will fail so badly that Microsoft will lose their standard-setting image. (Microsoft had many blunders in the past like Windows/Alpha, MS Bob, Hailstorm, etc. But XBox will be first the average customer will know about) In the post-XBox era, Microsoft will have to actually deliver something more than a press release to convince people of future standards.
Re:Bah. (Score:2)
Re:Bah. (Score:2)
Quality of life. (Score:5, Insightful)
And, to top it all off, in the past 30 years or so, incidences of stress-related mental illness has increased by something like 500% (I forget which study I read that in, but anyway).
And what do we have to show for it? Do we have more time to spend with our friends and families? No, all we have is a few new toys (although, as a geek myself, I have to admit that they are fun toys). If we see an average person working one day a week and making enough money to support themselves and their families, then that would be a massive improvement in quality of life.
In fact, we have seen the opposite; the two-income family is so common that it has become difficult to be one-income anymore. The quality of life has decreased enough that the average two-income family now lives about the same as an average one-income family in the 1920's.
Remember, those who do not understand history are doomed to repeat it.
Re:Quality of life. (Score:5, Insightful)
the average work day has not decreased at all (and increased in a lot of professions. It depends on how you count all the "work" time I spend on
developing countries that can get more money from selling their crops as cattle feed in the US. Really? I thought most third-world farmers couldn't afford to ship their crops to the ports or the cities (whether for sale locally as food, or to ship overseas) - maybe because most of the foreign aid went into Swiss bank accounts rather than things like roadbuilding, or tractors and fertilizer to make the food farms more efficient. Or their government pressures them to grow cash crops for export (to get more hard money for those Swiss bank accounts) rather than food. Agricultural subsidies in most first-world countries do screw their own consumer/taxpayers as well as third world farmers, but the bigger problem is with the third world governments.
in the past 30 years or so, [Diagnoses] of stress-related mental illness has increased by something like 500%. Maybe now doctors call it "mental illness", where 30 years ago they'd just say "take a vacation". Unfortunately, that doesn't mean they are better at diagnosing mental illness, but rather that they've better learned how to phrase it so as to get the medical insurance to pay. And to whatever extent there is a real increase in stress: It may be hard for you kids to believe this, but 30 years ago the industrialized countries were already fully industrialized and had been for 50-100 years. Maybe "Republicanization" is causing increased stress to US workers, or maybe it's that 4-6 months a year we work just to pay the goddammed taxes, but if stress was due to industrialization, it would have peaked long ago.
And do you think medieval peasants, Roman slaves, Egyptian peasants in 3,000 BC, or any other lower classes in the old days were free from stress? No, they _died_ instead of just getting a little squirrelly.
the two-income family is so common that it has become difficult to be one-income anymore. (1) It's quite possible to raise a family on a single moderate income. Mennonites do it all the time. They just don't buy toys, fashionable clothes, prepared foods, etc. And, because my wife can't hold a job for more than a week before she starts telling the boss how to run it, I raised two children on my one paycheck - and for the first 8 years, it was the tiny paycheck of an enlisted serviceman. Just don't think you've got to buy everything they show you on TV.
2) A pre-industrial farmwife worked much, much harder than a modern working mother. Yes, I know it's hard to get home from 9 or 10 hours of work, toss dinner in the microwave, run the vacuum around the floor, get the kids ready for bed, and toss the clothes in the washing machine. Try cooking food from scratch on a wood fire, washing those clothes by hand. and cleaning the carpets by taking them out to the clothesline and beating them. If you can't afford to hire help, you'll soon be happy to go back to a dirt floor and greatly lower your expectations of personal cleanliness - even if you don't have anything better to do all day.
(3) You don't know how the average one-income family lived in the 1920's. You only see the top 10%. For the rest, no refrigerator, no car, electricity and running water optional, and generally the wife was working outside the house too as much as childbearing and care allowed.
working one day a week and making enough money to support themselves and their families. Scale your lifestyle back to that of Abraham Lincoln's parents, and it ought to be possible. If not, it's because of the ridiculous tax burden we have allowed our local, state, and federal governments to impose. I do know people who support themselves on less than 1 day a week work, but they get their wages in untaxed cash and the cardboard crates they live in have so far escaped the notice of the tax assessors...
Re:Bah. (Score:4, Funny)
AMD/Intel-marketing: "Yeah, sure."
Oh and to fuel the flame-fest:
Bill Gates early 90's: "Internet will never be popular"
Bill Gates early 00's: "Linux will never be popular"
As opposed to... (Score:5, Funny)
As opposed to Windows 98 first edition, which was an attempt to make closed source software unusable.
Rules of the Game (Score:2)
eh? (Score:2)
I thought he was arguing (in part) that open source is more secure and private. What's the deal?
Re:eh? (Score:2, Insightful)
In other words, he's describing the Microsoft FUD as if the theoretical client believed it.
Re:eh? (Score:2, Funny)
There may only be one uniformed customer, but there are millions of pig ignorant ones!
grand scheme off to bad start? (Score:2, Interesting)
What about arm and powerpc CPUs used in PDAs and many other systems?
I wont even mention how the crusoe CPU could be re-programmed to fake any CPU ID you wish
Re:grand scheme off to bad start? (Score:2)
Nice to see *someone* thinking this stuff through (Score:4, Insightful)
It's a good, thoughtful article. It expands upon my first impression of Palladium when I heard it, that it was mainly going to be a way for Micro$oft to lock out other platforms as "untrusted".
Much like John Ashcroft, Micro$oft is taking advantage of post-9/11 paranoia to expand their reach still further...::sigh::
The Sky Isn't Falling Yet (Score:5, Insightful)
I doubt this will happen.
Because, frankly, the invisible success of opensource is too widespread. I haven't looked at server statistics recently, but a significant percentage of webservers run on some manner of opensource program. Microsoft isn't going to be able to force half of the web servers in the world to switch over, and if people know that buying this new board from MS/Intel (which has few tangible benefits) will render half of the internet unusable, nobody is going to go for it. I'm not even beginning to think about the various governments that have begun to standardize around Linux, the opensource core of Apple's OS X, etc. etc.
Frankly opensource is too big. If Microsoft renders its systems incompatible with the GPL, then it will be Microsoft, and not the OS community, that suffers.
I say, let 'em try.
Re:The Sky Isn't Falling Yet (Score:2)
Re:The Sky Isn't Falling Yet (Score:5, Insightful)
the worst sources are the ones that seem to be "fair," because they tend to make you less alert to the bias that inevitably exists.
Re:The Sky Isn't Falling Yet (Score:2)
this page [leisuretown.com] from this amazingly funny comic [leisuretown.com] from this amazingly funny website [leisuretown.com]
Re:The Sky Isn't Falling Yet (Score:2)
I don't think Linux has reached critical mass yet, but I hope there will be enough incumbants on old Windows systems as well as everyone on the new systems for the new Windows market to be ignored by the web hosts.
Re:The Sky Isn't Falling Yet (Score:2)
Since they can't have instant 100% deployment, people will have to be able to turn off the "security" to view a lot of content. If we could somehow setup a big public webserver where rejected traffic is relocated, we could inform people that "1, they should turn that crap off and 2, Microsoft is doing some *VERY* dirty business here and 3, Isn't it time they cut those corporate puppet strings from their arms" it could be a huge PR boon for the OS community.
Re:The Sky Isn't Falling Yet (Score:5, Insightful)
We need to fight every battle as if it is our last, things change too fast in the IT world to trust things like market share.
Re:The Sky Isn't Falling Yet (Score:3, Insightful)
Netscape died by their own hand. I wonder at what point the execs said "oh well we can retire on AOL money anyway, who cares?"
Re:The Sky Isn't Falling Yet (Score:3, Insightful)
Nobody trying to make any money on the web will render their services incompatible with user's browsers. Especially if you think about how many corporate surfers (lunchbreak ebay time... why isn't it working?) are using non-Palladium machines to connect. It doesn't matter what's on your desk, it matters what's in the network closet.
I really believe that Microsoft is flushing money down the toilet, or perhaps appeasing investors by saying "ignore those reports of poor security, look at what we're going to do"
They'll need something like a 95% installed base before they can make this into anything other than a "check here to not see this warning again" feature, and that won't happen for at least 5 years, many more if the current slowdown in hardware purchasing is more than a temporary snag (hint: it is, what widely used apps make full use of even two year old systems?)
the hardware upgrade cycle is rapidly moving away from the old 2.5 year average, and that alone will kill any chance of this thing working.
Re:The Sky Isn't Falling Yet (Score:3, Interesting)
Re:The Sky Isn't Falling Yet (Score:5, Interesting)
It is, at least on the surface, a noble goal. There's still a lot of people out there that aren't willing to do transactions over the net due to security concerns. And even those of us who do use the net to do transactions know that there's pretty much nothing we can do about step 3 above -- if someone decides to share my personal data (be it my name, my address, my credit card numbers, or my social security number), there's pretty much no way in hell for me to ever track it back to them.
The problem is, these are tough nuts to crack. That's why they haven't been fully completed yet. Microsoft is taking the stance that the only way to do it is to have a centralized authority, hardware encryption, and trusted systems. The problem with this is that it must be closed source. You cannot open the source up, nor can you allow people to "self-sign" -- doing so just means that Joe Cracker can say "yeah, I'm trusted - give me your info" and the system will. Because it's designed that way.
Of course, there are a plethora of other issues here... privacy advocates will immediately scream about a centralized database of ALL the private information. Think the credit bureaus are bad? You haven't seen anything yet. And, afterall, we're talking about Microsoft here -- they don't exactly have the greatest history when it comes to security. And this isn't the kind of thing you can release and patch up later. It must be virtually air tight from the very beginning, or else you won't be able to guarantee the system as a whole (good luck patching that security hole on the embedded card reader over there!).
Re:The Sky Isn't Falling Yet (Score:3, Interesting)
This does make some sense -- we get applications all the time from parent/sibling entities. Naturally we trust them because we're part of the same overarching business entity, but should we?
It might also have value for internal security if the signing mechanism allowed for hierachical keys and a true cryptographic system. As an added layer of security an application or data might be completely encrypted unless your machine/key decrypted it.
I think it might appeal to some IT organizations which have third-party security concerns (defense, healthcare) but I think it might also just seem like a lot more baggage than necessary to other IT organizations for whom security is a more secondary concern.
Re:The Sky Isn't Falling Yet (Score:2)
The only way to enforce DRM policies would be to require some sort of licencing/certification process for companies and developers that want to be able to write such code. That way the high cost would effectively prevent people from committing copyright infringement in that way.
At some level, self-signed code must be regarded as being (potentially) untrustworthy, and so refused access. It's just a question of where the designers decide to draw the line. You can bet, though, that it'll be this side of enabling people to access data that the system thinks they shoudn't. This will help stamp-out copyright infringement and home-grown/open source media players...
Cheers,
Tim
Re:The Sky Isn't Falling Yet (Score:5, Insightful)
You think? I believe you're not looking at the bigger picture. The open source movement is a t a point where big business is starting to take it seriously. What Longhorn attepts to do is is dump linux from the desktop, because all the client progams will barf when they don't see MS-certified keys when they install. That's only half the story, though. You need those killer applications otherwise people will just install some other OS, and you've lost your leverage with the OEMshardware makers, and your momentum stops.
The other half is the network services. What if your online bank rejected non-WindowsDRM compliant Operating Systems? What if all the websites you wanted to go to required Passport, or conversely if those websites HAD to run .NET-compatible OSes in order to be accessed by WindowsDRM machines? Microsoft doesn't own the web, but if they make their own proprietary internetworking system (*cough*.NET*cough*) then they've won half the war. They can afford to play nice and let .NET become really popular before introducing "optional" security settings, then embrace and extend to taste. They need critical mass in both the server and the client to win the war, but they only need to break Linux's interoperability with Windows to relegate Linux into a niche market - an OS which doesn't "work" with the new Net.
Re:The Sky Isn't Falling Yet (Score:2)
Samba should be very concerned about this!
Re:The Sky Isn't Falling Yet (Score:2)
"Wait, so if I put one of these boards in a terminal, we have to setup a new $60,000 file server, hmmm... thanks but no thanks"
Re:The Sky Isn't Falling Yet (Score:2)
But, replace the word 'unusable' in your first paragraph with 'unmodifiable' and I think it represents the general thrust of the article more accurately.
OTOH, I hope (and believe) that you're right on your later point -- Microsoft won't succeed on this one.
Re:The Sky Isn't Falling Yet (Score:4, Insightful)
The majority of users still use Win98, a 4 year old OS - which is only a minor step up of Win95, a 7 year old OS. (And Win95 is also still used by over 10% of users.)
So if we extrapolate this figures:
If MS starts this scheme in 2 years, it will take another 7 years until 90% of their users have it (and that's still not enough because 10% is still too much to lose).
And because Linux is starting to make inroads (Governments of South-Korea, Germany, France, Israel and many other organizations are getting Linux on desktops) it will be too late for them in a couple of years anyway. Even if Linux only captures 10% within the next 5 years, this is enough to make such schemes fail.
I don't even have to talk about the server-side because you already did.
So, yes I agree, let them try.
This will be the next Hailstorm.
Oh yes it is. You're just not looking far enough. (Score:5, Insightful)
Microsoft can afford to take the long view. The biggest driving force of Palladium/Longhorn will be the DRM technology. People want to consume media and the media companies will require rights management. The media companies can also afford to take the long view. They only need to keep crushing P2P upstarts through sheer weight until the laws and technology to support DRM are widespread.
If only "trusted" apps running on a "trusted" operating system can play music and video, then people will buy those. Remember the vast majority of people aren't interested in their rights - and before anyone starts, I didn't see any groundswell of ordinary people defeating the DMCA.
There is no "Linux" to defeat this. There are only distributions. The big commercial distros are the ones that will end up on ordinary people's desktops and they can either play along or not play - it'll be that simple. When it comes to pleasing shareholders I can guarantee that they will chose to play along.
You just can't afford to be complacent on this issue. This is the biggest failing of the Open Source movement - there is no movement, just a bunch of people writing open source software. This works fine when there's no threat to the freedom, but when there is there's no organisation.
The closest thing free software has ever had to a movement with principles and goals is the Free Software Foundation - and look at how ridiculed RMS has become.
People like sitting on their butts and whining a lot more than they like actively campaigning.
Re:The Sky Isn't Falling Yet (Score:4, Insightful)
Microsoft is paranoid about becoming irrelevant, about anybody doing to them what they did to IBM. They aren't truly innovative, and they know it. It even shows with this re-hashing of Intel's unique identifier plan as a way to lock out the competition. The wierd thing is, this comes just as experts (even from Microsoft itself!) are debunking technological security schemes!
Another thing I noticed is that this whole "Palladium" is still speculative vaporware. It's as if Microsoft wants *us* to define it with our hopes and fears, or as if they heard of another meme and wanted to claim that they thought of it first.
So maybe the sky *is* falling...from Microsoft's point of view.
Re:The Sky Isn't Falling Yet (Score:3, Insightful)
That's a very good point. I think that's exactly what they did with
It's like marketing by sonar. Send out a flat ping, and see what shape it takes when it reflects off of the industry.
Re:The Sky Isn't Falling Yet (Score:2)
Apples to oranges here.
People buy "crappy DVD players" that happen to have region free hacks because they're cheap, not because they're region free. 99% of the US market couldn't care less about non-region 1 DVDs.
It is, however, unfortunate that there are few (if any) current high end DVD players that can be made region free. Putting a $99 DVD player on a $3000 HDTV is an injustice to the TV. And a fair number of the people in the $5000+ range for TVs are also in that 1% that does care about region-free capabilities. Of course, the high end DVD player manufacturers can't actually put in region free codes lest they be gutted by the DVD consortium -- and they're a lot easier to gut than a company like Apex.
I'm sure there are some region free high-end DVD players out there... anyone want to point some out?
Re:The Sky Isn't Falling Yet (Score:2)
Just like they would need to have a monopoly on everything to force the computer retailers to ship all computers with Windows preloaded?
Re:The Sky Isn't Falling Yet (Score:3, Insightful)
Big Biz does NOT want to update their codebase. The Airlines still use traffic control software written in the mid-70s. It is expensive to update custom software.
Secondly, I see a far more likely response to Microsoft's threat of "this site is not safe to visit, tell them to upgrade to IIS" is a massive class-action lawsuit. This tactic amounts to nothing more than a protection racket, and CEOs (once things are explained to them in baby words by IT) won't stand for it.
Regardless, it IS a threat, but only if we roll over and take it. We've got several years to fight this thing, are we men or are we netscape?
Re:The Sky Isn't Falling Yet (Score:3, Insightful)
This is a problem that will be dealt with on the server level, and corporate customers, while certainly not beyond being sold by MS' bullshit, are far less sheeplike than their customers. Especially when we're dealing with tons of money.
Also, another factor that I hadn't considered. If a formerly Linux based webservice has to make the switch to IIS, they will likely have to replace or retrain their entire IT department, which in many cases, could be almost the entire company. People cost much more than software, and MS may well be offering struggling e-businesses little more than a chance to go bankrupt.
It may be FUD, but we should still fear (Score:5, Insightful)
Re:It may be FUD, but we should still fear (Score:5, Interesting)
They're not incompetent; some of the best coders in the world work for Microsoft.
Just like in any other company, though, quality of the programmers is by no means the only factor determining the quality of the product. Give a good team an impossible deadline and you'll get rushed, buggy code. Give them a reasonable deadline but conflicting yet essential requirements, and you'll get an unstable product.
Sure, some of the programmers are crap, but so are some open source programmers. I don't believe that they have any higher proportion of crap coders than any other successful software development shop.
Love it or hate it, Windows 2000 works. So does Office, and Outlook, and SQL Server, etc. They may well all have bugs, and security holes, and annoying design/UI problems, but no complex piece of software is completely free of these things. I personally have issues with some aspects of KDE (still my desktop environment of choice, though). Just recently, a security flaw was discovered in Apache. Sure, it got fixed quickly, but it was still there. Are the Apache coders incompetent because of it? Of course not.
I don't like Microsoft, its business practices, or many of its products, but to describe their coders as incompetent is grossly unfair.
Cheers,
Tim
Re:It may be FUD, but we should still fear (Score:3, Funny)
MS killed Geos because it saw it as a bug and stepped on it.. Geos was a single distinct bug that youcould extinct the whole species with one squish.
Linux and BSD are like cockroaches.. we reproduce like mad. if you kill one of us 10 spring up in it's place, and the recipie for making more of us cockroaches is freely available and will never ever dissappear.
Microsoft doesnt have enough money,power, or anything to kill linux or bsd or GNU anything. we out number them 100 to one and have a ton more power, resources, smarts and speed.
sorry, but watching a giant running around frantically stepping on millions of tiny bugs and getting more and more afraid as the swarm of bugs starts to run up it's legs and multiply faster is a precious sight.. and I am soo glad to be one of those bugs.
Not holding my breath, sorry (Score:2, Informative)
Microsoft is too far behind the power curve for their "final solution" to have more than a token effect on the clueless masses; GPL software is already too widely deployed and (dare I say it? Yes!) entrenched in too many places.
One major example of this entrenchment: university research labs running high-performance computing systems (read: Beowulf-class clusters). Microsoft, to my knowledge, has absolutely nothing that can perform at the level that the cluster designers/admins/users have come to expect from Linux. If Microsoft tries to force those sites and systems into the old AD&D Paladin trap of "convert or die," they're going to be told where to go and who to see, in terms that are neither ambiguous nor polite.
Just my two cents' worth...save up the change for a Red Bull or something.
whats the big deal? (Score:2)
Those that dont, probably wouldnt use the software in the firstplace.
Me? Im sticking with 98se and w2k.
Re:whats the big deal? (Score:2)
Re:whats the big deal? (Score:2)
wrecking common standards (Score:5, Insightful)
However this time they really win the game if they're succesfull. This is because if they can really implement this, they actually don't have to do the work of bastardizing the standard interfaces, they've inherintly done it.
What they're trying to do is make it so that a common interface is a MicroSoft interface from the start.
How many antitrust lawsuites do they want brought against them? I guess $30B can buy a lot of lawyers.
Well after all... (Score:3, Insightful)
This means that they have weighed in all the involved costs (migration, maintenance, training and so on), and they are not likely to go backwards to a proprietary M$ solution in 5 years (which would involve another heap of money for training, data migration, etc.)
Since M$ is not going to release any major rework of its flagship OS for the next 5 years or so, I see a chance for Linux and other free software OSes to dramatically increase their respective user bases in the meantime. And if the users turn out to be major organizations / administrations / companies, they will be in a position to negociate an open-source (or at least, much less restrictive) alternative to M$ Palladium from the contents providers / secured businesses they might have to deal with.
Just my 0.02 euros anyway...
MS decides to get into the meat packing business. (Score:5, Funny)
My prediction: (Score:2)
I really hope that this doesn't happen, but I can see them trying. My hope is that the chipmakers balk at some point, or at least one of them does for each of the necessary parts.
This article is poorly written (Score:2)
Then, people just don't want this. They did not ask for it, they will not pay for it and they will not buy it. It does not add any value to the product.
Then, Linux will adapt fast enough. If this really affects internet-applications, then it wouldn't be viable without Linux, Linux runs the majority of Webservers, remember?
I dismiss this thing as "Microsoft strategy of the week". It's the next Hailstorm.
Re:This article is poorly written (Score:2)
Their installed base will work against them (Score:4, Insightful)
If there were no PC's, this scheme might work because there is no "untrusted" installed base.
But since there are already billions of PCs out there already that can't or won't work with this scheme, they it can't be adopted because a merchant or web site owner would risk locking out huge portions of their customers.
This reminds me of the whole Passport authentication scheme that had everyone in an uproar last year. In the end it amounted to NOTHING because it never had critical mass.
I agree with most of the analysis, I just don't think anyone has enough control over the computing ecosphere to make this work.
on x86 (Score:2)
Bonus: If we're all using Apple hardware, we're dealing with a MUCH smaller set of hardware; less driver searching. Maybe Apple would even be helpful in writing the drivers?
Make fighting them a business (Score:2)
This is going to cause problems... (Score:4, Insightful)
interesting article. but... (Score:5, Insightful)
Still, it is something you have ON YOUR MOTHERBOARD. Like the CSS key... it's there, it will be just a matter of time before those evil linux users will find a way to bypass it, fake it, and run whatever they want. Bringing havoc on the pristine, certified, public-key signed microsoft world. Like a cancer...
....or at least I hope so. I have much more trust in a 15-years old linux north-european user, than in any chunk of Microsoft Engineers that live in their golden world, without Windows (hah! pun!) on the outside world.
However, this palladium-thing looks like the whole
Those guys at Microsoft are just playing the scary-announcement thing: to scare people before they make the next move. Then make them wait, then provide them a lot of useless marketing, then -before they will realize it- they have been embraced. And the empire extends itself.
Whops! sorry folks, I don't believe a word of this palladium thing until I see a working chip, and I see that it works better than current systems. THEN we can start talking about that, and hacking it. Unless the new DMCA won't make it illegal and punisheable by death
cheers.
Re:interesting article. but... (Score:3, Insightful)
Ding! The existing DMCA makes this illegal. Since Palladium provides DRM (by attempting to provide a 'trusted' client, ie one that obeys MS and not its owner), subverting it is a DMCA violation. Do not pass Go, do not collect $200.
Now, arguably, the interoperabality/reverse-engineering clauses of the DMCA clear you here, but if those meant anything the whole DMCA becomes mostly a non-op anyway, so the courts appear to be just ignoring them.
Re:interesting article. but... (Score:4, Insightful)
Ok, but this will be done by installing a certificate (i.e. a signed public key) into the mobo, not a secret key? The certificate will be used to verify that Red Hat (for example) has signed the binary that was distributed. Nothing secret is needed to accomplish this verification. The secret is stored in Red Hat's secret key (stored at red hat) and in the root level secret key (stored, presumably at Microsoft).
So what happens is that Red Hat attaches the cert that they used to sign the app to the app. The mobo cert can verify that it's a red hat cert because the root cert is installed on the mobo. Then the mobo uses the red hat cert to verify that the app has been signed by red hat. No secret keys required. Only publically available knowledge required.
If you're able to break this, then you've broken all public/private key encryption under whatever algorithm was in use.
This is very different from CSS because CSS tries to encrypt (hide) the content. With CSS a huge number of people need to be able to see that content: legitimate customers, none of which have their own private key. So somehow the customer needs to be able to get access to a secret key to see the data. So CSS put a secret key into every DVD player, so that customers could see the data.
But with this, they're not trying to hide anything. They're trying to verify that the data (in this case a computer program) hasn't been altered. Doing that securely does not require wide distribution of a secret key. It requires wide distribution of a certificate (i.e. a public key) but so what? It's a public key. As long as the software provider has a cert signed by microsoft and as long as microsoft keeps their secret key secret, this is going to be very difficult to break.
I think this is very scary, and I think it's quite clever. It basically makes the problem of exercising the GPL the equivalant of cracking public/private key encryption. And that doesn't even mention the amount of power than Microsoft can impose through forced upgrades? Certificates expire. Microsoft can impose that all software providers certificates will expire every year, or 6 months or whatever. At which point, the software will no longer verify correctly. Which means you need to go back to your provider to get an upgrade with a new certificate! You thought forced upgrades were bad before? And what happens if Red Hat decides to divulge their secret key so that the GPL can continue to be exercised? Or if they make it easy to get signed apps? Well then Microsoft simply decides *not* to issue them a new certificate when their current one expires.
This is clever in a very sinister way... unless I'm missing something.
Re:interesting article. but... (Score:3, Informative)
The key difference between CSS and this thing is that CSS was trying to hide something. This is trying to verify signatures. In CSS, to unhide the thing you need access to something secret. In this, you need access to nothing secret. CSS is insecure because they have to distribute that secret thing to everyone who wants to watch a DVD. Paladium is secure becase the secrets are kept secret.
This is going to be much more difficult to break than CSS.
Ignorant FUD (Score:5, Insightful)
This is the Steven Levy who has been writing about computers for two decades now, whose books include:
Obviously, with titles like these, he must be an ignorant Microsoft toady. On the other hand, Thomas C Greene, who has never spoken with anybody involved with the project, knows everything about it and what it is really about.
/. Readers Are Not paranoid...... (Score:2)
Two Operating Systems, Both alike on desktops (Score:2, Interesting)
This is just another nail in the coffin for Micrsoft, by Microsoft.
Dirty Trick but I can't blame them (Score:2, Interesting)
-Linux market share is gaining in every direction which means their market share is at extreme risk of dwindling.
-There is no one company to compete with and/or buy out to remove the threat.
-Even if they were able to keep Linux OS market share at bay, it will still continue to improve because the core development team can and will always exist.
When faced with an enemy they can't beat with their usual tactics, their last resort might just be to try something like this. Attacking from the back door could be their last hope at maintaining their dominance. Make no mistake about it, that is what they have to do in order to keep their identity.
It seems to me that Microsoft has realized the inevitability of software--it eventually reaches a point of commodity and finality. There is only so much you can do with a word processor to make it better. After that you are only complicating it. As the OSS alternatives quickly approach this state, there is no need to use the expensive version anymore.
Regardless of their initial intentions, it might be safe to say that if MS sees GPL and Linux suffering from this endeavor, they will try all the harder to push it. Be wary of any company that has everything to lose and plenty of resources to try and keep it.
Palladium is all about sales (Score:4, Insightful)
Microsoft has sold a lot of Windows 95 and Windows 98. And sad to say, these so-called "operating systems" are good enough for my mom and dad (and sister and grandfather and girlfriend and boss).
Now what? What is Microsoft releasing that would convince my family to upgrade their PCs? To be honest, nothing but hardware failure will convince them to do that. They're happy with their 5 year old PCs, and such longevity is sure to hit Microsoft's bottom line.
The answer? A new security scheme that makes it impossible to run new programs on old hardware. A scheme that also negatively impacts unauthorized vendors (including "open source"). And a scheme that forces users to upgrade on a period basis just so programs will work.
Let's be honest - microsoft has some of the best business people in the world. And they're smart. They recognize this issue and plan to leverage it for profit.... not for innovation or customer experience.
The answer? Disable Outlook - in my opinion, Outlook is the biggest computer security issue ever. It's a nice email client (in general terms), but the security issues have been out of control.
Why this FUD won't fly.... (Score:2)
The only value to this anouncement that I see is that it will slow down the adoption of open source. People will question the logic of converting existing systems from Window$ due to fear that they would have to switch back when this is finally implemented.
Stop adding to this fear!!! Only stupid people would adopt/buy this technology. Granted that there are many that are stupid but quite frankly I'd say that that would be under 10%
DRM Comments (Score:4, Interesting)
Ya know, the more big media (and big biz in general) talk about DRM (essentially copy prevention), the less interested I become.
Occasionally, big media has come out with some real gems (like LotR:FotR), but frankly, most of it is crap. I used to listen to the radio for music, but I'm not too impressed by most of that either. Now all I listen to is NPR and an independent dance music station.
They can go and use all the technological means to protect their product (as opposed to art). As long as a few of us can still communicate together, I can keep using free software. As long as people still know how to sing and play, I'll still have music to listen to.
Maybe I'll still go to a movie in a theater once in a while, but I'm just about finished with big media. The more effort they spend to protect their products, the less significant it becomes as art.
I'm not worried...it will flop (Score:3, Interesting)
The article talks about digitally signing everything, all purchase transactions, etc. Again, it wont happen. People want to provide as little identification as possible when they are browsing porn sites, and face it...porn is pretty darn popular. So at the very least, you are going to have to leave open some holes for certain things to happen. But once you leave a hole open in your ship, there isnt much you can do to stop if from sinking. One hole is all virus writers and spammers need to get the nasty stuff through.
And doesn't anyone at Microsoft remember what happened when Intel put a simple processor serial number in their CPUs? People bitched up a storm about it. And that wasnt even a personal identifier (it identified your CPU...and if you changed CPUs nobody would know). Now they are talking about something that would identify you personally? Not gonna happen.
And another thing, did Microsoft even collaborate with anyone on this? I know they have agreements from Intel and AMD to manfacture chips, but as far as I can tell from everything I read, Microsoft has masterminded this whole thing on their own. Ignoring for the moment the fact that I dont think consumers will adopt the idea, I dont think Microsoft could be successful in addressing all the necessary issues on their own. Even if 50 of the top companies got together and tried to come up with something like this, it would still be extremely difficult for them to come up with something robust, secure, and that addresses all future possibilities. If Microsoft is masterminding this on their own, its going to be a million times more difficult to do so.
Lets look at the GPL for inspiration (Score:3, Insightful)
"6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License." (emphasis added)
As there is no specific mention that the GPL applies only to source (it applies to computer programs, including binaries and object code, as specified in section 3), one can only take this to mean that forcing it to comply with Palladium would be imposing further restriction on the users ability to excercise the rights given to them by the GPL. This is itself breaking the GPL.
Just something for the GNU friendly legal types to chew on
Why the anti-trust suit is important (Score:4, Insightful)
Since we will lose alot of interoperability, the computing world will be split into microsoft and non-microsoft which end up roughly indipendent from eachother. As I see it, there are three possibilities depending upon how deeply the hardware manufacturers and government get invoved. Either those who use microsoft are cut off from those who don't use microsoft, those who use x86 are forced to use microsoft (or at least their authentication system), or it becomes illegal not to use the system and everybody is forced into microsoft's death grip. None of these possibilities are very appealing.
The only way things won't completely suck is if this is never implemented, but if they have as much industry support (and presure from the bill formerly known as SSSCA) as I think they do, then the outlook doesn't look good. That is why microsoft's power should be limited, why they should be punished, and why they need to be monitored to prevent them from doing things that are anti-competitive (even if not overtly so). That is why I hope that, in the end, MS recieves at least a slap on the wrist from the antitrust suit, if not something slightly more meaningful. Of course, with Bush in the white house, I have serious doubts...if only more people realized that just because something is good for a big company doesn't mean that it is neccesarily the best thing for the economy or the citizens of the country...*sigh*
End of software development too! (Score:4, Interesting)
AP bashes Palladium on CNN.com *Today*! (Score:3, Informative)
- Given the reliance on hardware encryption, Palladium requires everybody to buy a new computer to use it.
- Given that an encryption system that can stand up against attack through time has never been accomplished in history, the MS plan has little chance for truly ensuring "private data".
- Given that the United States government want to be able to look at your data because you might be a terrorist (or just an enemy of the state), "private data" opposes Big Brother, and is therefore not likely to give any *real* privacy at all (unless you just have blind trust in the govenment
;P).
The good news is, I don't think the 'commons' are buying into Palladium, at least not yet. Besides, real paranoids don't use Windoze.Not remotely possible (Score:3, Interesting)
If no binary can run without certification by some outside agent, it follows that users can't write programs and run them without getting them certified (If they could, there'd be no worries about Open Source). Good god. Can you imagine what that is going to do to my debugging efforts?
This scenario is not going to happen. Because even mostly clueless M$-running people will listen if you say, "Hey, you realize that if you run Palladium-based architecture, your darling children won't be able to use their computer for some very important learning purposes."
Re:Not remotely possible (Score:3, Informative)
One could target holes in the OS itself, and workaround this way...
Make themselves irrelevent (Score:4, Insightful)
Think about this in conjuction with their plans to make Longhorn debut in 2006 as a radically new OS. Do you know what "radically" new says to me? It says completely incompatible. And not simply with Unix/Linux/et al, but with former Microsoft products as well.
Bear with me for a minute.... let's say for a minute that Longhorn is to Windows XP what Mac OS X is to OS 9 - a complete rewrite, completely incompatible, and arguably 100 times better. But adoption is slow. People are entrenched in thier current OS of choice, OS 9 or even 8 for some. So when Microsoft prepares to move the masses to their radically new OS in late 2006, a great deal of segmentation will occur.
Now let's pretend that Linux is ready for the masses (on the desktop) by 2006, and it has a stronghold in the server market. Now you're looking at two paths (at least for corporate types): 1. Continue to allow MS to shove upgrades down your throat and keep following the Windows donkey cart. Further, subject yourself to the new DRM of Longhorn and face issues of your free software and possbily other commercial software (IE Oracle and other DBMS) not working correctly. 2. Switch to Linux or maybe Macs. When companies are forced off Win 2k/XP and forced onto Longhorn via MSFT, we'll see how many are willing to comply. Continuing to use XP/2k may not be an option, but ditching MS entirely may be a reality in 4 years.
I know it took a long time to get to my point but it's a complex issue. Far more complex even than I have portrayed above. But seriously, I think MS is going down a road to making themselves irrelevant. However, never count out the power or marketing! What MS lacks in software reliablity they make up for with a powerful marketing department and an unfortunate following of corporate weenies.
It won't work. Here is why. (Score:3, Interesting)
Seriously, though, I am willing to bet god $$$ that this is a test from Redmond. Now, they know.
And if you are from M$, read my lips: it won't work. And that's just my US$0.02. Just wait until the EU, the Justice Dept. and this nice Peruvian gentleman get a hold of this...
Like DVD region locking? (Score:3, Insightful)
I wonder how many firmware/BIOS patches will show up that disable or fool the hardware device like how you can disable region locking in your DVD drive -- not that I would ever condone such behavior
Switch! (Score:3, Interesting)
It's got a 500MHz processor, PGX64 graphics accelerator, 128MB of memory, a 20 GB 7200 HD, Ethernet, floppy, 48X CD, smart card reader, and... Solaris 8 Pre-loaded? All for $995. (Yes, that's a SPARC processor).
To me, it looks perfect. We get a high-speed 64-bit RISC processor, really the only RISC architecture that hasn't morphed into Itanium (poor Alpha); we get reasonable basic specs, and just about everything short of the proc/mobo can be upgraded with standard parts from Pricewatch; and finally, because Freedom is of the utmost concern, any version of Debian that you can run on x86, you can run just as well on Sparc.
And if that isn't enough, if you absolutely *need* to run Windows applications for some reason, in addition to using Bochs, there's another option. If you don't mind keeping Solaris on your computer alongside Linux, you can even buy a $500 PC-within-a-PC card, with a 733-MHz non-Intel x86 processor; because it lets you run Windows and Solaris apps side-by-side, it's essentially a perfect cross between VMware and Wine.
Don't know about you, but my next computer's a Sun.
I do wonder what Microsoft would think if large numbers of people did this. On the one hand, they might love it; if all the Linux users bolt to SPARC, then Microsoft is left with 99.999% control of their platform, complete control for computer built in the last 3 years, and the power to make hardware manufacturers do whatever they say. On the other hand, it means that their Windows-is-better-than-Linux arguments now have to account for the fact that Linux is running Sparc, and it becomes that much harder to get Linux users to switch back.
And for us, it means that the ugliest and slowest port of Linux, that for x86, is all but gone; and most time will be spent developing one of the cleanest, SPARC.
Nothing to worry about... (Score:3, Insightful)
Here's why:
Paladium is pure speculation by Microsoft. They cannot afford to release this to the public, because they would lose their monopoly on desktop operating systems if they did.
Free Equivalent - Public Trust Clearinghouse (Score:3, Insightful)
Microsoft is banking on the fact that companies will trust it to authenticate good software because they trust the Microsoft reputation. Historically, Open Source has developed its trustworthy reputation by banking on actual users who state that the software is trustworthy.
So here is a Free alternative to Palladium - a public trust clearinghouse. Much as DCC authenticates spam, and the GPG repositories authenticate public keys, a public trust clearinghouse could be an expression of the corporate trust of software.
As an example, imagine giving each member of the Wilshire 5000 a number of votes equal to 10000 minus their position in the Wilshire 5000 (IE, the biggest company gets the most votes). Each can submit any mix of those votes to the "trust this software" and "don't trust this software" bins, and can move them as the wish. New software would have very few votes. Established software would have many votes. The decision to trust could be based on both the number of votes and the percentage of positive votes.
Yes, I think using the Wilshire 5000 is a requirement, because corporations don't trust the general public with business decisions any more than you and I trust Joe Six-pack with firewall settings.
The question then is how to incentivize corporations to participate. Perhaps a license requiring that those 5000 companies submit a certain number of votes per month to be allowed to access the trust repository... just spitballing.
Regardless of how it is done, I think Microsoft has hit on a genuine chink in the O/S armour - it does not have any officially responsible party. Coming up with a way to state authoritatively to business that version 3.142 of SuperDaemon is trustworthy would go a long way to countering Palladium if it catches on. And frankly, I would be far more likely to trust 5000 parties who are objective on average than to trust the manufacturer of the software.
Comment removed (Score:3, Insightful)
Re:Why would this work? (Score:4, Insightful)
Easy, Longhorn won't run on a motherboard that doesn't have the chip.
Re:Why would this work? (Score:2)
I believe that when I see it.
Even Microsoft is not so dumb to risk their core-business on such unsure bets.
Windows-users are sheep, yes. They accept a lot and will swallow it. But at some point Microsoft crosses the line and things won't get accepted. I think WPA is just under the line for most users - anything more paranoid-DRM-controlling will have a hard time on the market, IMHO.
Re:ARE WE SURPRISD?!? (Score:2, Insightful)
Re:ARE WE SURPRISD?!? (Score:2, Interesting)
Re:*sigh* (Score:3, Funny)
Re:The time has come.... (Score:5, Interesting)
One of the main obstacles toward using Linux is installing software. Whenever I try to get my friends to switch over to Linux, and I'm talking about experienced computer users with Unix experience, the inevitable huge stumbling block is "well how do I install anything?"
What Desktop Linux needs is a semi-protected mode (no login) similar to the priveledges of the default Windows user, you can change settings, install software, view the whole directory structure, but you can't change anything that would cripple the system to the point where "click here to restore default settings" (another option we need) wouldn't fix everything.
Linux software should be as easy as download to the desktop -> click to install. Right now the learning curve of linux has been pushed back only a few steps, it's easy to setup a default config, and use the web and email and anything setup by the distro, but you still have to learn all sorts of crazy convoluted things to do anything beyond that. The difficulty of a task shouldn't be greater than the task's complexity.
Once that is done, someone needs to write a book/series of visible articles entitled "So, you're tired of paying Microsoft $100 per year"
Re:The time has come.... (Score:4, Interesting)
the other issue i see is installing from source. unless you can make this a double click graphical process, people wont do it. its as simple as that.
i think what linux needs is something to complete this equation...
Aqua enables Unix like...
XXXX enables Linux.
just look at what Aqua and OSX are doing for Unix, theyre getting real people(pun intended) to use it, after it being around for decades.
that and users dont want to hear about kernals or CLIs or anything remotely tech related. they want to poke at pretty buttons and make things 'magicly' happen.