Palladium's Power To Deny 568
BrianWCarver writes "The Chronicle of Higher Education has the most detailed article I've yet seen on Microsoft's Palladium architecture. The article discusses the potential Palladium has to give publishers power to eliminate fair use and the potential for software manufacturers to use Palladium to enforce shrink-wrap licenses. Comments from several great sources including, Ed Felten (Freedom to Tinker), Eben Moglen (pro-bono counsel for the Free Software Foundation and recent Slashdot interviewee), and Seth Schoen (Electronic Frontier Foundation) among many others. Key quotations from article: Palladium could create 'a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution. In such a scenario the very concept of fair use has been lost.' 'Palladium will "turn the clock back" to the days before online information was widely available.' and 'Microsoft could decide to lock everything up.'"
Excuse me, but (Score:5, Informative)
One-step process (Score:5, Funny)
1. Billions upon billions of dollars
Re:One-step process (Score:3, Interesting)
It acts like UNIX. It has UNIX-y software in the box. You can get arbitrarily large amounts of UNIX-y stuff and install it.
For anybody who doesn't care about "trademark dilution" of the UNIX brand, it's UNIX.
So are the BSDs. So are the various Linux distros. Get over it.
And, insofar as NT is supposed to be POSIX compliant, there is an argument to be made that you could in fact run a UNIX workalike under NT. Bottom line is, who cares?
OS X IS UNIX® Unix and *Nix (Score:3, Informative)
The Open Group -- the official holders of the Unix trademark -- classifies UNIX as such:
"UNIX - the worldwide Single UNIX Specification integrating X/Open Company's XPG4 and additional standards. The majority of commercial vendors have registered UNIX products, with most at the UNIX 95 level and newer products registering for UNIX 98."
Obtaining an official UNIX title is merely achieved when key functionality is added, thus allowing the OS to meet the requirements of the UNIX brand. In this context, Windows NT could obtain UNIX status. Believe it or not.
Either way, your argument is moot. The open group has already clasified Apple as an official suporter Supporter of the "Single UNIX Specification".
See for yourself [unix-systems.org]
Re:Excuse me, but (Score:5, Insightful)
Re:Excuse me, but (Score:5, Informative)
Kierthos
Re:Excuse me, but (Score:5, Insightful)
Even if I were a legal genius, if I have a day job, and I spend my time in court rather than working, that costs me. Sure, you might argue that if that were so, I might be well advised to make a living practicing law, but there is an opportunity cost related to being in court rather than doing something else with your time.
So, yes, justice costs. As long as people (and judges) think that expensive suits mean credible arguments, justice costs.
Re:Excuse me, but (Score:5, Informative)
Clearly you've never defended yourself in court against a
deep-pockets plaintiff. Perhaps you should refrain from
commenting unless you know what you're talking about.
Someone with money to burn can bury you and the court under
a blizzard of motions, subpoenas, and depositions, to most of
which you will need to respond. Copying and filing fees
alone in such a case can amount to many thousands of dollars.
Then there's the small matter of your own time.
A plaintiff with money to burn can tie you up in court
appearances and depositions for months on end.
Will your employer understand if you only show up for
work one or two days a week for six months?
See if you can find the answers to these questions
by Googling about
What has been the effect on the personal finances of
Keith Henson (L5 Society founder, among other things)
of exercising his free speech rights to criticize the
Church of Scientology ?
How did this effect come about ?
Who was Scamizdat (hint: it wasn't Grady Ward) ?
How many judisial motions did the Church of Scientology file
against Grady Ward in an effort to prove that he was Scamizdat ?
What impact did this have on Ward's finances ?
Who is Larry Wollersheim ?
How much was he awarded in his lawsuit(s) against the
Church of Scientology? (appealed all the way to the
Supreme Court; denied cert)
When did Scientology exhaust the appeals process ?
How much has Scientology actually paid to date ?
How many lawsuits, cross-complaints, and legal actions has
Wollersheim endured in his search for justice ?
Re:Excuse me, but (Score:5, Interesting)
Patents can be used to ward of small competitors to a business. You cannot use a patent to ward of microsoft or ibm or any other large company with a large amount of money in the bank. You can sue them for patent infringement, they would drag the case in court, fight for a year or so and pay you a million bucks at the end. But by that time, they've already done whatever damage they could, and your company is bankrupt.
Of course this doesn't work if the patent holder is a big company such as one of the above.
Moral of the story is: if big players want to infringe smaller players' patents, they could do so and have a good chance of getting away with it for not that much money.
Such are the wonders of capitalism.
Re:Excuse me, but (Score:3, Insightful)
In a free market, you wouldn't have IP laws - and probably you wouldn't have companies the size of Microsoft either - in fact, since corporations are state creations, you might not have that form of company at all - nor could they sue small companies for frivolous patent infringements...
OTOH, they could copy small companies technology and use their marketing clout to beat them - except that usually small companies are much more adept at that than big ones...
Re:Excuse me, but (Score:5, Informative)
That was cypherpunk "Lucky Green", who said he submitted a patent application on ways to use Palladium for software copy protection. This was after Microsoft publicly told him that not only did they have no plans to do that, they couldn't even think of a way to use the technology for that purpose. Lucky said that he could think of lots of ways, so he'd go ahead and patent them. You can read more about Lucky's plans here [mail-archive.com].
I haven't heard anything about this lately, and a recent patent office search for applications under Lucky's real name (widely known, his initials are MB) didn't turn up any hits. So I don't know if he actually went through with it or not.
Not a problem (Score:3, Insightful)
bah (Score:3, Funny)
=[ sad (Score:3, Interesting)
Re:=[ sad (Score:5, Insightful)
Palladium may well be very news worthy in the industry press, but trust me, almost no-one outside of the IT industry is going to have heard of it. *Everyone* has heard about Iraq.
Re:=[ sad (Score:5, Interesting)
Re:=[ sad (Score:5, Insightful)
Things like this, the general population won't know about until it's implemented and is being sold to them, and then, they'll only have the positive marketing spin (and perhaps a little bit of nay-saying in the general press, but nothing technical or deep).
Things like the laws passed in the wake of the WTC attack get through, becuase
a) it makes people feel safe, and as though people are doig soemthing about it
b) "I have nothing to hide"
I do agree with you, and take some solace from the fact that I'm in (and from) the UK. Of course, where the US leads, we (blindly) follow...
Re:=[ sad (Score:3, Insightful)
Re:=[ sad (Score:3, Insightful)
"they" are worrying about the wrong thing. "They" are also incapable of worrying about more then one thing at a time. "They" worry about whatever the media tells them to worry about.
Re:=[ sad (Score:3, Insightful)
I'm not pro-war. But I'm 100% anti-peaceniks.
Then I guess it's not completely evil for me to hope that, by some strange science fiction manifestation of karma, you find yourself fleeing across the desert, dodging angry Iraqui bullets.
Here's my story. See if you can figure out why I find it annoying that people who have never sacrificed anything for their "beliefs" can judge the motivations of others in so shallow a manner.
When I was a young man, the "peaceniks" tried to talk me out of going to Vietnam. I went anyway. A year in that sunny clime convinced me that while some wars might be morally justified, that one sure as hell wasn't. With less than a year to go on my hitch, I was ordered back to SE Asia with my squadron. I refused to go. There was great puzzlement among my squadron officers, since I had been ordered to Bangkok, Thailand, which at that time was the land of milk and honeys, the favored destination for GIs leaving Vietnam for R&R. There didn't appear to be any explanation for my bizarre behavior, other than a genuine belief that dropping bombs on the Vietnamese was immoral. However, as was their duty, my officers busted me out with a bad discharge, I lost my various GI entitlements, and here I am, just a few years short of my retirement move to a cardboard box.
Now, strangely enough, I'm not bitter. I knew what I was doing and what I would lose, and I know I was lucky not to spend time in Leavenworth for my beliefs. But it does piss me off to hear shallow real-politik arguments bereft of any moral component used against people who are doing what they think is right. Hey, maybe if I hadn't refused to go hang bombs on F-111s in Bangkok, maybe we'd have "won" the war in Vietnam. You think? Naw, probably not. It was late 1972, the war was lost, and the F-111s were broke most of time they were over there. I think it's a shame that I and the other "peaceniks" didn't quit fighting a few years earlier. Might have saved a few hundred thousand lives, American and Vietnamese.
The point is that the "peaceniks" are making a moral choice. Even if you don't agree with their choice, they deserve more admiration and consideration than a gaggle of grasping pinhead politicians who are making the decision for purely utilitarian purposes.
Finally, a little quote from a speech last fall by Sen. Byrd: "Representative Abraham Lincoln, in a letter to William H. Herndon, stated: 'Allow the President to invade a neighboring nation whenever he shall deem it necessary to repel an invasion, and you allow him to do so whenever he may choose to say he deems it necessary for such purpose - - and you allow him to make war at pleasure.'"
Don't answer me. Answer Abraham.
Re:=[ sad (Score:4, Insightful)
But as far as your comment goes :
WTF?A. It is hardly saddening, that the people are concerned about their gov't jumping into war.
B. Isn't smarter to protest before a war happens, than after?
Re:=[ sad (Score:4, Interesting)
Without any actual agreement, I'm restricted from running certain programs on my computer (servers) to serve up certain data that I have (movies, songss, etc). This restriction is legal, Constitutional, but does infringe on my rights as much as the old English royal monopolies did. The Constitution does not grant rights but recognizes them, which is why we have things like the 9th and 10th amendments and why a significant fraction of the founding fathers were against a bill of rights on exactly the grounds that future generations of bozos would come to feel that only the rights written in the Constitution existed and all else was controlled by the government.
If you pipe muzak into an elevator, in what sense have I asked you to provide me with this? The only sense is some larger advancement of the arts and sciences social contract. But the ability to tinker, to create new things out of our own equipment is a fundamental basis for advancing the arts and sciences and just as valid as any band or movie company creating art. DRM and Palladium require that this sort of tinkering be substantially curtailed (and likely eliminated) in order for them to work. If the playback system is open enough to tinker, it's open enough to override DRM.
So here we end up with the arts and sciences being retarded by taking a very flexible piece of equipment (the general purpose personal computer) and making it a closed rigid system in order that other types of creators may more securely exploit their legal monopolies. I find that absurd. I find it doubly absurd because the tradeoffs are not being debated on those terms by our legislators who are, after all, our designated representatives for all this mess.
Palladium is useless without an underlying hardware base that is 100% compliant with it. If you can play media on a non-DRM system, you'll just make a virtual machine that is non-DRM and run your media from inside the virtual machine. We don't need faster processors to do that already (albeit at lower quality than native) a chip generation or two further down the road and the difference won't even be humanly detectible.
If Palladium can be so easily circumvented the only reason to spend money developing, pushing, and deploying it is to prepare for the day when it *does* become mandatory. Is that too hard to figure out?
The 2nd amendment people fight mandatory gun registrations on the same grounds. After the 10th or 15th country that went from registration to confiscation and full bans you draw the line further out where it's still politically viable to resist. The same logic holds true for the banning of the open system general purpose computer.
Its a good thing .... (Score:3, Funny)
Rerun... (Score:2, Interesting)
Wouldn't that be history repeating itself?
What's the issue? (Score:5, Insightful)
This isn't where the fight should be. Instead, we should be avoiding the products of the companies that would use such technology for purposes of controlling what we can do with what we own.
Re:What's the issue? (WHAT?!) (Score:5, Insightful)
Sorry, you don't own anything anymore, you license it.
While I agree with you in principle, I know that it won't work. Old saying - an ounce of prevention is worth a pound of cure. The average person, which BTW outnumbers the "in-the-know" crowd by about a million to 1, will not care. If the only thing that Dell sold was Palladium computers, the public would buy them. They won't go out of their way to avoid it, they will fork over their cash because as far as they are concerned, it isn't a big deal.
Our duties as the technically literate is to make sure that things like Palladium do not happen. The (potential) cost far outweighs the (potential) benefits.
The best way to do that (Score:5, Insightful)
Well people got together and educated the average joe on why Divx sucked and why they should not buy it. The acerage joe listened, Divx sold for shit, and Circut City took a bath to the tune of $100 million.
That's the real way to beat Pallidium: Convince the public it's bad and that they don't want it. Companies go where the money is, and if people won't buy Pallidium stuff, they'll stop selling it.
Re:What's the issue? (WHAT?!) (Score:3, Insightful)
I know I wouldn't advise anyone to buy such a system, much less buy one myself. Would you?
Re:What's the issue? (WHAT?!) (Score:3, Insightful)
Absolutely. The DMCA is something that never ever should have been passed, and is an example of what can happen if tech people don't keep their eyes and ears open. I think it was a wake-up call to that effect, and makes us realize that Palladium needs to be fought against, and fought hard. Don't let the market decide, help the market decide. I think people have the right idea that we need to educate ourselves, and educate others. Like I said:
We need to do whatever it takes to prevent things like this from getting off the ground. "The market" needs to have a bigger voice up front, especially when it comes to someone like Microsoft who has the power to essentially disregard what the market thinks. It needs to be prevented from happening, rather than let it get created and then rally against it.
Unfortunately, most people aren't aware of the DMCA, and won't care about it until it affects them personally, and in a significant way. By then, it may be too late.
Re:What's the issue? (Score:5, Interesting)
Whilst it is true that if it doesn't work at all then it will be shunned, it is not so true if it doesn't work in the interest of the consumer.
If Microsoft start making 'agreements' with vendors like Dell and HP to sell only (or mainly) Palladium'd boxes then people will buy them. Especially if there's some sort of discount price incentive put in place.
It's a sad fact that we often have to face here, that the average person just wants 'a computer', and they don't care about how it works, who's really in control, and why that might be bad. As long as Mom and dad can do their tax, and the kids can play the latest incarnation of Tomb raider or Quake then all is just dandy.
Once again our fate rests with the teenagers. If they can complain just loudly enough to mom and dad that they heard that computers from .* supplier don't work properly (i.e. allow music/video/whatever to be exchanged freely) then maybe nobody will buy them and disaster could be averted.
Sad state of affairs really isn't it?
Re:What's the issue? (Score:4, Insightful)
The Palladium spec also allows for it to be enabled/disabled. If you don't want it on your computer, don't enable it. Don't buy stuff that requires Palladium.
If you want MP3s, you can still go to the record store and rip all the music you want. When the record companies find that nobody is buying their DRMed music from the web, they'll be stuck.
Re:What's the issue? (Score:5, Insightful)
All we have to do is accept that, and stop giving money to the rest. Unfortunately, the leaders in the movement against DRM are hypocrites like the Slashdot editors, men who attack companies like AOL/TW, Microsoft, Blizzard, Disney, etc, and then purchase and promote these companie's products with their next breath. These men have plenty of talk but no moxie. Until these idiots can stop buying a copy of Windows XP to play Warcraft III on while watching a "Fellowship of the Rings" DVD, they are just supporting the technologies they complain about, and doing NOTHING to stop the problem.
Correction (Score:5, Interesting)
What is particularly maddening about Palladium is the repeated claims that this offers a security benefit for end users. Microsoft is trying very hard to trojan in this DRM technology as a part of the Trusted Computing initiative. If this is the form of 'trust' they are speaking of then I want nothing to do with it.
Buy your processors now before they are infected with all of this Palladium/TCPA nonsense.
Re:Correction (Score:5, Insightful)
The oldest trick in the book is to identify that aspect of your product that is going to be most harmful to your customers and spin it as a plus.
Nobody advertises 40 room mansions on 1000 acres as "spacious." That epithet is reserved for studio apartments in a "bee hive."
KFG
Re:Correction (Score:4, Funny)
Trusted Computing Platform / Interlectual Property, or just TCP/IP for short.
I see an embrace and extend coming our way...
Who's locking what up? (Score:4, Insightful)
Isn't the reality that the content creators would be the ones locking everything up? Who says MS is going to for them?
Another stupid poke at MS I assume? Damn that's getting old.
Re:Who's locking what up? (Score:3, Insightful)
- most providers use M$.
- M$ software will be blocking-friendly
- therefore most providers will also be blocking-friendly
that's the cause/effect he was referring to, I believe. not that M$ directly will block; but its the popularization and embracement of their crap that will seep its way into the rest of the net and fsck us all up in the process.
Re:Who's locking what up? (Score:4, Insightful)
Hmmm possibly. I'm not completely convinced of that, but I'm not ignoring it either.
Here's what gets me though, why is MS the bad guy here? Obviously there's some demand for MS to fill here. The chances are Hollywood is telling MS "we'll start making movies ready for PC when we have the protection we need". MS knows that content will provide a new interest in PCs. They're probably bending over backwards to get Hollywood's support.
I don't think MS is interested in locking up your data (their install CD's have trivial copy protection, btw...), I think they're interested in getting content creators on board. If you want to point a finger, point it at the MPAA. They (plus the RIAA) are the ones that think this type of thing is important. (SSSCA) MS wouldn't introduce these restrictions and piss off their customers (like an office setting wants to deal with more pain from their computers) unless they thought there was a huge benefit to it.
Re:Who's locking what up? (Score:5, Interesting)
Yeah. Actually I've been told (by an MS exec) that the demand is mostly coming from normal business. They like the idea of keeping control of internal documents, keeping it secure, all the benefits of DRM etc. I've seen a roundtable discussion at a conference that was discussing the benefits a new age of DRM will bring, these guys were really enthusiastic but they weren't from the MPAA or RIAA. They were just business people (except the blonde in the short skirt, I think she was just there to distract the attendees).
Both (Score:5, Interesting)
So you sign in for your latest Windows Update (which you'll have to because if you don't, your encryption will soon be out of synch and nobody will be able to read squat that you make), Windows Update detects that "Hey! This copy of Palladium has been registered in a different computer", not knowing that you've just moved the hard drive over to a newer chassis with more expansion room, and sends the code to lock it all up, so that all you get on bootup is a message to "Call Microsoft at
Re:Who's locking what up? (Score:5, Insightful)
Content creators? HA!
You mean publishers right?
If this DRM stuff goes through the way everyone wants it, your "content creators" will have two choices: DRM-enabled-digital, or cassette tapes.
Like hell the RIAA will let mp3s (or ogg) exist anymore, and if they do, I'll bet the default setting for any mp3 you record will be "don't copy this". How much do you think the RIAA will want to be paid for the right to change that bit? Changing it yourself is a violation of the DMCA, even though you're the copyright holder because the DMCA protects that bit not your copyright.
Re:Who's locking what up? (Score:3, Informative)
Changing it yourself is a violation of the DMCA, even though you're the copyright holder because the DMCA protects that bit not your copyright.
Bullshit. It is illegal to circumvent a technological method for protecting access to a copyrighted work. Since you own the work in question, and the bit is not copyrighted, you may abuse the encryption any way you like.
Re:Who's locking what up? (Score:3, Interesting)
So Indie musicians (Like myself) have NOTHING to fear about this. In fact, maybe for the first time if an Indie musician decides that they WANT to control their music (About 1 in 20 do) they now have the power to do so, while the others will have the power to grant unlimited lisence so you know you are copying legally.
Re:Who's locking what up? (Score:5, Informative)
Funny how every drastic social backlash seems to be preceded with a golden-age of middle-men. Just ask yourself when the last time you actually hearn an honest to god content creator speak his or her mind
Read up on some copyright history and you'll see we played this game about 100 years ago when piano roll technology hit the market and the UK saw rampant 'piracy' in the US. Find out why publishers are consistantly mistaken for content creators over and over in the latter stages of each cycle in the history of copyright law.
Re:Who's locking what up? (Score:5, Funny)
Isn't the reality that the content creators would be the ones locking everything up? Who says MS is going to for them?
Another stupid poke at MS I assume? Damn that's getting old.
Thanks for clearing that up. I guess I was mistaken to think that Microsoft would act evil based upon their past behavior. (BTW, we should stop judging Saddam by his past behavior also. He would never hide WMD, use WMD, etc. Not to suggest that the scale of these "evils" are comparable.)
Isn't the reality that Microsoft, making the software, and security system, will have absolute control. I think this will work as described in a Letter from 2020 [osopinion.com]. Silly me, if we end up with a world as described by this vision, I shouldn't blame Microsoft, they have no culpability in this.
Same ol' story (Score:5, Insightful)
Re:Same ol' story (Score:4, Insightful)
Right, but one of the points of the article is that if content providers buy in to palladium, then their content will not work on your N-1 system. Obviously if you're not using anything from these providers then it's not a big deal, but if you love playing Blah online and they suddenly require the system you're on to be running Palladium, then you either pony up or you decide to no longer play. That's the biggest concern. This applies to people saying "I'll just switch/use Linux/Mac/Whatever".
Story = "Networks rule" (Score:3, Insightful)
The benefit of Palladium-enabled architectures will be (for one example) the ability to download MPAA-approved Hollywood blockbusters. Without the Palladium hardware "enhancements" you'll simply be locked out.
What happens when all digital TVs, cellphones, and laptops must be Palladium-capable in order to even use email? I know this is scenario is not guaranteed, but it might become reality unless some hacks to route around Palladium come into being, presuming your early 21st-century processor can produce passable certificates (Beowulf clusters aside).
Some theoreticians compute the value of a network as the square of the number of nodes it contains. If consumers are jazzed to buy Palladium-enabled devices because it's the only way to let the HDTV babysit the kids with Disney's Steamboat Willy, you can bet all of your legacy hardware that the nodes of the Palladium network will multiply out of control.
Your n-1th system will be as useful and desirable as a late 80's IBM 386, minus collector's value.
The server seems slow... full text here (Score:3, Informative)
http://chronicle.com/free/v49/i24/24a02701.htm
Control Issues Microsoft's plan to improve computer security could set off fight over use of online materials
By FLORENCE OLSEN
Computing experts in academe often blame Microsoft for producing software that is vulnerable to viruses and hackers. But, of late, the experts have been criticizing the company's sweeping plan to correct those very deficiencies.
Under the plan, announced seven months ago under the name Palladium, new computers would be equipped with security hardware and a new version of the Windows operating system.
The goal, Microsoft officials say, is to make servers and desktop PC's that people can trust. But critics say the technology, which Microsoft recently renamed "the next-generation secure computing base," could stifle the free flow of information that has come to characterize the Internet, and could give Microsoft too much control over colleges' own computerized information.
With the new technology, information-systems officials could use cryptographic hardware "keys" rather than software controls, like user names and passwords, to lock up student records and prevent illegal copying of materials. Registrars would have tamper-proof controls over who could see, copy, or alter the records. The advances could be used to prevent identity thieves from invading campus computer networks to steal Social Security numbers, grades, and other personal data.
Money and Access
Palladium would require colleges to make expenditures on new computers and software. Existing computers could not be retrofitted.
Colleges would decide whether to buy Palladium-capable software and hardware, and then whether to activate Palladium's security functions. But practically speaking, they would face enormous pressures to do so, especially if publishers of books, journals, software, and other electronic "content" were to adopt Microsoft's standard to deliver their materials online. The publishers could dictate that colleges had to use Palladium or else be denied access to the material. That worries many in academe, who believe that publishers would use Palladium to bar some uses of digital materials to which scholars argue that they are entitled under copyright law. That loss may outweigh the advantages of tighter security over student records, the critics say.
"If Palladium is adopted, and if other technology vendors exploit it fully to restrict access to copyrighted works, education and research will suffer," says Edward W. Felten, an associate professor of computer science at Princeton University, who was the U.S. Justice Department's chief computer-science expert in its antitrust case against Microsoft.
Microsoft officials respond that their new technology will simply give all users --whether colleges or publishers --more control over the information they own. Colleges have been demanding more computer security, says Brian LaMacchia, a software architect in Microsoft's trusted-platform-technologies group, which is responsible for Palladium. "It's a two-edged sword," he says, acknowledging that commercial publishers have demanded greater protection for their copyrighted works.
Palladium's software components will be part of the next major version of Windows, which Microsoft has said it may release toward the end of 2004. Some hardware components that Palladium needs, including a security chip, are available already in a notebook computer, the IBM ThinkPad T30. Chip manufacturers and the major computer companies --Dell, Gateway, Hew-lett-Packard, and IBM, among others --have begun work to redesign PC's so that they will work with Palladium software.
A key component of Microsoft's new technology is the "nexus," a minisystem that runs in a sealed-off area in the computer's memory, where private transactions can be conducted, and where designated security and copyright policies would be enforced. In theory, the nexus is immune to many of the problems that plague Windows machines, like viruses.
Moving away from password-protected security and toward security that is built into the hardware would make campus networks less vulnerable to hacker attacks, Microsoft officials and academic experts agree. "Once you move to hardware security, then you're talking about deterring 98 to 99 percent of all hackers," says David C. Rice, a security consultant who is an adjunct faculty member in the graduate program in information security at James Madison University.
Here's how Palladium works: If a program --with its nexus --were running on a server in, say, a college registrar's office, the server would ask any computer that tried to gain access to student records on the server to certify what program it was running. The server would block access to the records if the computer were running an insecure program. Such questioning of another computer is not part of most security mechanisms in use today. As a result, college computer systems are repeatedly victimized by hacker attacks.
Mr. LaMacchia says that Palladium also would permit personal data and other files to be kept secret on the computer's hard drive in an area where the data would be unreadable by any program other than the one on the computer that created them.
"It's definitely going to solve a lot of security problems, but it's like any kind of new technology," says William A. Arbaugh, an assistant professor of computer science at the University of Maryland at College Park. "It can do good or evil."
Fair Use
Whether it is used for "good" or "evil," he says, will depend on who gets to control the technology --colleges or the publishers whose "content" the colleges use.
Most of the early controversy surrounding Palladium in academe has concerned its impact on "fair use," a gray area in copyright law that gives professors and researchers limited but free use of copyrighted materials. In the past, faculty members could decide on their own that "fair use" permitted them to distribute a journal article to, say, 10 students. But publishers could use Palladium's controls to unilaterally limit use of their materials, such as by restricting professors to a read-only view of the article, from which they could not "cut and paste" the text.
With Palladium, owners of content would gain at the expense of consumers of content, including professors and students, says Eben Moglen, a professor of law and legal history at Columbia University. In fact, if Palladium were to become a widely accepted way of protecting copyrighted material, Mr. Moglen says, it would create "a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution."
In such a scenario, he says, "the very concept of fair use has been lost."
Ross Anderson, who holds a faculty post as a reader in security engineering at the University of Cambridge's Computer Laboratory, says Palladium will "turn the clock back" to the days before online information was widely available.
The biggest losers, he says, will be "small colleges, poor schools, universities in Africa, hospitals in India --the people who have benefited hugely from the availability of vast amounts of information that was simply unavailable to them before."
Publishers generally support the type of copyright-enforcement mechanisms that would be in Palladium systems, although "there would be some concerns about bugs in those systems," says Ed McCoyd, director of digital policy for the Association of American Publishers. For example, he says, even now, while publishers complain about the inflexibility of technical controls in electronic-book readers, they do not want to share those controls with users.
"They certainly want to have sufficient flexibility in the publisher settings --one publisher might choose to enable printing, one might not," Mr. McCoyd says. But with the new technology, he predicts, publishers will insist on controlling the software settings for what they "consider to be fair use."
Some experts argue that computer and network security are so weak today that the benefits of Palladium outweigh any risks that Microsoft, or content providers, would abuse the new controls.
"Microsoft could decide to lock everything up," says David J. Farber, a professor of telecommunications systems and of business and public policy at the University of Pennsylvania. "But there is nothing a priori that says they'll be all bad boys."
Indeed, Microsoft says it is listening to its critics. It has been talking with academic researchers about the new technology far earlier than usual in Microsoft's product-development process. "Part of the reason has been to hear the feedback --positive and negative --from the academic community, analysts, influentials, and others," says Amy Carroll, group manager of Microsoft's trusted-platform-technologies group.
Palladium's software architects have given several guest lectures at universities in the United States and Britain, in part, Ms. Carroll says, to listen to academic concerns "and, hopefully, assuage them."
Many of the concerns are a result of misunderstanding what the new technology will do and how it will work, Ms. Carroll says. Microsoft plans to publish the source code for its nexus, she says, so that "people can view the code and see that it will do what we say it will do," and see that it will not give the company control over colleges' computerized information.
Even Palladium's critics see good uses for the technology, like maintaining the privacy of student records. Colleges may want to have Palladium activated on some servers to keep them from running "pirated software, MP3's, or anything that is illegal," says Mr. Rice, the security consultant.
More Worries
But Palladium is worrisome to college officials for reasons other than an erosion in the fair use of copyrighted materials. Jeffrey I. Schiller, a network manager at the Massachusetts Institute of Technology, says software companies most likely would use the program to enforce license agreements that many in academe believe are legally unenforceable. For example, more and more software licenses forbid users from running tests known as benchmarks to measure the performance of one company's software against that of its competitors.
Some critics, like Mr. Schiller, say Palladium might achieve the results intended by the Uniform Computer Information Transactions Act, a model law devised by the National Conference of Commissioners on Uniform State Laws, which has been enacted only in Maryland and Virginia. Ucita is "an attempt to give these software licenses the force of a signed contract, even though you didn't sign a contract," Mr. Schiller says. With Palladium, technology would "enforce" the licenses de facto, he says.
Microsoft insists that its new technology is a neutral platform. "It is certainly possible that an application vendor could choose to use [Palladium] to evaluate and enforce some software licensing terms," acknowledges Ms. Carroll. But "at the end of the day," she says, "the terms of the license for an application are strictly an issue between the vendor and the university."
Others think Palladium would be an anti-competitive tool in the hands of software publishers, especially Microsoft, which, in 1999, was found guilty by a federal-district court of monopolistic practices. With Palladium, software publishers could decide to create programs that refuse to work with rival programs, a tactic that is difficult for them to get away with now, says Seth Schoen, a staff technologist at the Electronic Frontier Foundation, a group that promotes civil liberties in cyberspace.
Critics of Palladium frequently cite a hypothetical situation in which a company makes a word-processing program that requires Palladium to run and that encrypts all of the documents that it creates. "Any other Palladium user who is also using that same word processor will be able to decrypt and view the documents," Mr. Schoen says, "but nobody without access to Palladium or who uses a different word processor would be able to derive the necessary decryption keys."
Microsoft faces an uphill battle to win acceptance for Palladium in academe. College students, many of whom are used to playing illegal copies of music and videos on their personal computers, may be resistant.
"They're not going to consciously go out and buy a product that necessarily limits their ability to do what they want to do," says Mr. Rice, the security consultant. "They'll definitely buy a product if it means security for them. I don't know if they're going to buy a product if it means security for somebody else."
The Business Software Alliance, a trade group representing software companies, declined to comment on Palladium, citing a policy of not talking about its members' products. But Robert M. Kruger, vice president for enforcement, says the group is beginning to tilt more toward technology to enforce copyrights.
In dealing with software and other copyright piracy on campuses, colleges "aren't sending the message as aggressively as we would like," he says.
Will MIT, whose researchers have studied Palladium, want to run it? Maybe not, says Mr. Schiller, the university's network manager. "Personally, I would never use this technology," he says. As for MIT, though, it's an open question, he says. "Palladium has to become more real for us to really decide if we can use it."
"If I had my druthers, I'd love the technology to be available and used for all the good things we could use it for," Mr. Schiller says. "But I'm enough of a realist to know that's not how it's going to play out."
WHAT PALLADIUM WILL AND WON'T DO
Microsoft's Palladium project is designed to make Windows computers more secure. But computer experts are concerned that the technologies being used to make computers more secure will block the free flow of information needed for teaching and research.
Palladium will:
- Run programs that could prevent illegal copying of or unauthorized access to information stored in PC's.
- Permit owners of digital information, whether copyright holders or registrars responsible for student records, to set tamper-proof controls on who can see, copy, and alter digital files.
- Prevent unauthorized access, via a computer network or the Internet, to Social Security numbers, credit-card information, and other personal data stored in PC's.
Palladium will not:Re:The server seems slow... full text here (Score:5, Insightful)
How reassuring.
Look, here are the complete mechanical drawings for my handcuffs and leg shackles. Anyone is free to study them and see that they will really do what we say when they put them on your hands and feet.
In order to actually be secure, they have to be able to trust the software running. This means that nobody can compromise, for instance, Windows Media Player. But then this means that anyone could make an EXE that cannot be compromised.
Just imagine....
- E-mail clients and Browsers that won't let you copy the content.
- E-mail clients that will automatically delete the message after a certian time, or will ensure that you read the message.
- Programs that can send your private information somewhere, encrypted. You can't do a darned thing about it. The program can just refuse to run. You can't compromise the integrity of the program.
- In a nutshell... In the most general sense... A program can do any manner of evil thing, and you can't compromise it.
Sure I buy the "secure" aspect of it. A virus can't compromise an executable either before or during its execution. Great. But this means that the user can't compromise it either. This means that a program can do any manner of evil thing and we are powerless.Surely programs would never do evil things such as...
Not Necessarily (Score:5, Funny)
It will only be harmful if some large monopolistic company decides to abuse it for their own purpose and to restrict the access to "passports" to viable code, and block off homegrown software ("openly developed software" - if you will) from gaining pre-eminence over their own solutions
I sure hope there are no big companies out there like that.
Re:Not Necessarily (Score:3, Insightful)
palladium or whatever they're calling it now is a bad idea, the benefits are small, but the fact that someone other than me may be able to say what run or what doesn't run on my computer is a bad thing. i'd rather put up with the few viruses that would be stopped by palladium than deal with the restrictions.
really, i don't care about palladium that much, i haven't touched a windows box in years. my only concern is that i'll need to have a windows/palladium box to be able to communicate effectively on the internet. that would be a bad thing.
Comment removed (Score:3, Interesting)
Re:Why the problem? (Score:4, Insightful)
A lot of people use windows out there, A LOT. Open-source software et al. need to get their software to these users.
Go to the register and read many stories about just how hard it is to stay out of the upgrade-cycle-of-death that is windows software licensing
Re:Why the problem? (Score:5, Insightful)
What's the problem, you say?
Microsoft==Monopoly.
Don't like the price you pay for electic power? If this is such a bad product, don't buy it.
Are you dis-satisfied with your telephone service? If this is such a bad product, don't buy it.
Are you unhappy with the performance of the latest Ford auto? If this is such a bad product, don't buy it.
Notice that this last one is much more feasible than the previous two!
Microsoft is in that position. Because of the proven anti-competitive practices of a convicted monopolist, I don't really have that choice. As a software developer, I have to account for Windows as a platform or stop making money.
And, if Microsoft decides that they EOL any non-Palladium O/S, millions will be forced to buy it, simply because they have no effective choice.
Linux (Hooray!) is becoming an option, and I'll do everything I can to get it in use, but it's not there yet. I can't yet readily make a living producing software unless I at least allow accessability to Windows users.
And Microsoft still has the power to potentially stonewall Linux adoption for a long time, and it's my feeling that Palladium is how they'll try do it.
Only time will tell...
Re:But here's the thing (Score:3, Interesting)
Re:Why the problem? (Score:5, Interesting)
This is true -- according to Google's Zeitgeist [google.com], the number of people using "obsolete" versions of Windows (95, 98, NT) is almost the same as those using the latest versions (2000 and XP).
"I really can't see how this will effect people who don't use it (now tell me how it will take over the world when people do start to use it and how it will effect the data on the internet and bla bla bal....)"
Easy. If broadband ISPs only allow Palladium-equipped devices (PCs, routers, etc) online, then the Internet will be denied to everyone else. Should Microsoft make their own version of IPv6 that's "secure", it's going to be supported by all the major players. (If the MS-IPv6 protocol can't be altered through software, then any company that doesn't support the corrupted protocol is going to be locked out from all new PCs once IPv6 goes live.)
Even easier: sites that currently "require" Internet Explorer -- but work fine with other browsers -- will require IE plus Palladium. Or your ISP says that only PCs with Palladium are supported.
If Microsoft plays their hand correctly, they'll be in complete control of the x86 platform, and nothing other than a successful anti-trust case will break that hold. If Microsoft fails, they'll alienate enough people that Linux and other OS's will make significant gains.
The problem... (Score:3, Informative)
Re:Why the problem? (Score:5, Interesting)
Imagine what would happen to Wine if all the new Windows games and applications required Palladium to run. If Wine can't break Palladium encryption, then Wine can't run any new Windows software. This could prevent any sort of Windows emulation or reverse-engineering that is allowable by fair-use. They could effectively prevent people from using any OS other than Windows to run their applications or view documents. As new applications come out and old ones become outdated, Palladium could become the new standard just because all the new software requires it.
Re:Why the problem? (Score:3, Insightful)
I can still buy the newest althon CPU and MB along with RAM, put linux, win2k, bsd, whatever on it, without worring about palladum.
Nope, buy a palladiam motherboard it won't let you load a non-Palladiam OS.
problem because... (Score:3, Insightful)
Sooner or later everyone will have to upgrade, because parts malfunction. Whether one will be able to purchase an Athlon without DRM at that point is an open question. I don't feel confident that the majority won't upgrade, because "the majority" is comprised of non-technical people who respond well to marketing buzzwords. If there is a good time for those aware of the issue to try to educate that majority by loud, vocal, repeated means, now is certainly it.
"next-generation secure computing base" (Score:2)
Didn't they change the name Palladium to a new one [slashdot.org]?
MS market in China (Score:2, Interesting)
Is then MS pushing this as a way to seal up markets like China? whre this desire to lock up information is prevalent?
What would be cool (Score:2)
Yet another reason to join the movement at.... (Score:2, Informative)
Yeah, MS is going to lock it up... (Score:2, Interesting)
-theGreater View.
The sky is falling! The sky is falling! (Score:3, Insightful)
Let's step back a minute and actually think about Palladium as it currently stands, shall we? Can we?
To start with; I know lots of people on
Right now Palladium is just a flag flying. They know that the entertainment industry and the politicians in the entertainment industry's pocket will salute. But they aren't sure about everyone else. I will admit that breathless scare mongering is one reaction they will pay attention to, but a more rational approach is to simply point out clearly (and without running in circles decrying the evil-that-is-Microsoft) that there are alternatives (Linux).
Personally I think the latter is a tactic Microsoft will pay more attention to. That, and supporting the EFF [eff.org] as they fight against technology like Palladium being required.
Re:The sky is falling! The sky is falling! (Score:3)
Like the XBox? Sales are not going so well, but they press ahead...
The truth is that Microsoft will press some things even against market acceptance, if it is seen (by Microsoft) to put them in an advantageous position at some point in the future. If the "Big Pal" thing succeeds, they essentially gain the high ground in the battle to decide what will run where... possibly a strategic position against software they dislike.
You make a good point that all we can really do is support the EFF. I've already donated to them, everyone else should as well...
Re:The sky is falling! The sky is falling! (Score:5, Insightful)
The sheeple will happily buy their latest Dell/Gateway/whatever PC hardware with TCPA and an MS Palladium OS. They will never know what they are doing.
Saying that the market will do something about it is like saying the market will reject...
- Macrovision
- Encrypted DVD's
- A tax on blank media
- DMCA
- UCITA
- COPA
- CALEA
The problem is that the market must have a choice. A word not in Microsoft's vocabulary. Oh, wait... Choice...Re:The sky is falling! The sky is falling! (Score:3, Insightful)
You're wrong. The XBOX is a Palladium system. It is the "trial balloon."
The XBOX is a PC. But can you develop software for it? Not without paying for the priviledge, and agreeing to restrictive terms.
Don't Worry! (Score:5, Funny)
Palladium could create 'a closed system, in which each piece of knowledge in the world is identified with a particular owner, and that owner has a right to resist its copying, modification, and redistribution.
I know, I know. You were worried. Don't be.
Be assured that information about you, such as your medical history, and any transaction history you have in the databases of direct marketers will be copyrighted by someone other than you, relieving you of this onerous burden.
Fair use? (Score:3, Interesting)
two thoughts.. (Score:5, Insightful)
First: "If you hack it, they will crack it." Go right ahead and give us DRM, because one way or another someone will find a way to circumvent it.
Second: These kinds of moves are exactly what undermine the power of the content holders. The more tightly the MPAA and RIAA squeeze content up their asses, the more energy, resources and popular attention that will go to the small-time independents who are actually doing something creative, and the more fragmented the audience will become. Fair use is what makes the world go round..
The real problem is interoperability (Score:5, Insightful)
If I want to add a plugin to a program. The program, might just say: no! you need to be a plugin approved by my company, not some random plugin. You thief!
In other words, my beef with Paladium is that the security control is set at the level of the creator and not of the user. That in itself is not a problem until you realise that the control given to the creator is a lot more then simply "the right to copy and distribute" it affects the righ to interoperate between programs (in the name of being virus free).
The software industry does not have a history of being open minded, I'd suspsect that by default interoperability would be set to off.
Sad.
Publish freely then (Score:5, Insightful)
As an aspiring author (as a hobby, not for a living) of a fantasy novel, I have been looking at publishing recently and have decided to self publish my work and allow people to freely distribute it. Why? Well, I have a day job, and while extra money is nice, I don't really need to make money off of my novel and I don't really expect to make a living off of it either. Instead it is a hobby for me, my art if you will and I am more interested in getting it wide exposure than on some best seller list somewhere.
If my work is good, word of mouth will push it around and people will load it off my website to read. If not, it flops but I'm not really out a cent, just whatever time I put into it, which is no big loss because that time would like as not been spent playing computer games anyway.
But the advantages are, I can get widespread coverage to a large and diverse audience. I retain full rights so that if the story is considered movie material, I get to keep all of what the studio doesn't take. I can publish it anywhere at any time, for money or for free. So in a way, I don't need to worry about Palladium. If someone releases a work, no matter how good, which is locked up and expensive and pay by the bloody minute spent watching, I won't waste my time or money on it and I'm willing to bet a lot of you won't either.
As an aside to this, I wonder if a "free publishing" community will start up where people donate time and experience to writing material which goes straight into the public domain instead of locked up in copyright for life + forever. Schools, libraries and teachers would likely be happy to have such work available royalty free and aspiring writers can practice on free stuff the way coders do on open source software. After all, look what Open Source is doing to Microsoft. If the publishers get nasty, then we should be able to take them on in a similar way and have similar success. It would be great to have a library of the people, of free and public domain works which can be freely read, copied and sited without having to hunt someone down to ask permission. This isn't the same as current libraries, most works in current libraries are illegal to copy (though most people do it anyway) and sometimes you can't even site without permission. So we could use a nice library of *only* free and public domain works which can be used for whatever you wish. Better yet, it could be online and fully unlocked so Palladium be damned you could still read, copy and use such works in your own endeavors. In the end, I think everyone might benefit from such a movement.
Lawrence Lessig's Take (Score:5, Informative)
He says the picture of a world where one needs a license to read is discomforting.
Current laws represents a choice made by our democratic processes, and with copyright as code it's not clear how the same balance can be struck. The problem with regulation (And Law) through code is that there is no place for such a collective choice. If one kind of "trusted systems" software protects rights of fair use, a competing version will promise more control to the owner. This makes fair use a bug, not a feature.
Palladium != TCPA (Score:5, Informative)
Palladium would likely make use of this hardware to take care of the crypto aspects of DRM, but it is a part of Windows. If you don't buy Windows, you have nothing to worry about. Microsoft would have to manage to replace every DVD player, computer and MP3 capable device in the world to make DRM mandatory. Palladium may not be great for consumer's rights, but it is also not forced upon anyone. We still have a choice. Run some form of *nix on your current hardware, or buy a Mac. This shall pass.
My 0.10 shekels
Re:Palladium != TCPA (Score:3, Informative)
I've read a good chunk of the TCPA spec. I understand what it is and how it works. The central TCPA design specification is that the owner of the machine MUST be denied access to his own encryption keys. The ONLY purpose of this requirement is to take control away from the owner of the machine. It is designed to enforce DRM and enforce Microsoft's monopoly.
There isn't a single claimed benefit of TCPA or Palladium that you couldn't get with an identical system that lets the owner read his encryption keys based on a physical switch to control access to the keys. Unless of course you think losing ownership of your computer is a "benefit".
a special chip to handle encryption duties
Yeah, a side effect is that you can use the chip as a crypography coprocessor. If that's what it was for you could have a BETTER, CHEAPER, FASTER, and HARMLESS crypography coprocessor instead.
Code signing and crypto coprocessors have NOTHING to do with denying an owner of the machine access to his own keys. TCPA and Palladium are a Bad Thing. Period. Drop the requirement to deny the owner access to his own keys and it would be a Good Thing, but then it wouldn't be TCPA/Palladium anymore.
-
FUD , dud, or vaporsystem? (Score:3, Interesting)
Palladium as a whole, to me, sounds impossible to implement, maintain, and get buy-in on. The potential for backfire, for cracking, for failure, seems large.
So, how much does Microsoft really plan to implement?
Maybe this is a significant percent of publicity-playing. See what people think, get out the word you're "doing something" to deter the competition, then put in something far less in function (and effort, and cost) than you started and say its what people "want." Meanwhile you can hopefully discourage others innovating.
Just a thought.
Hypotetical situation. (Score:4, Interesting)
Then all documents produced inside MIT will become Microsoft DRM enabled. All the papers, tests, research and publications. Right?
Year 2050. MIT want out. Whatever reason they have; they need to get out: The cost of the system is to high or the system don't work according to the promised specification.
Actually the reason they have, don't matter. Maybe Penguin OS v69 has become The OS.It's irrellevant. They want out; and they want it now!
Now what?
Well, for starters just about everything people have done the last 45 years is _potentially_ lost forever unless they manage to get a deal with Microsoft.
All the fileformats are MS Propretary DRM Palladium Edition and can't be read on their new and shiny OS and they would have to deal with the relatives of former employes who "own" information produced on MIT.
What a mess. Such a waste.
Pleease do not confuse technical and legal issues! (Score:3, Insightful)
Palladium is a technology. It's designed to restrict what can be done with information, in useful ways. Maybe it's really clever, maybe it's clunky and unworkable, I don't know, but either way, it's a bit of technology that someone developed and therefore I'm inclined to like it.
Now, if people *had* to use it, that'd be a bad thing. If people were *punished* for certain actions, using Palladium as a tool, and those actions weren't really evil, that'd be a bad thing. Those are legal issues, and I'd be inclined to resist them.
IMHO it is never a good thing to try and suppress, a technology just because you are afraid of what someone might decide to use it for. This is exactly the kind of thinking behind the DMCA, which tries to suppress a vast class of technologies because they could theoretically be used to break other laws.
You can hate the control freak attitude of many IP holders, you can hate the ubiquity of MS, you can hate the increasingly wacky commercial laws of our nations. Heck, I know I do. But I don't start trying to suppress particular innovations just because they can be used for purposes I don't agree with. I'm generally against nuclear war but I'm sure glad they developed the internet.
This has been kind of a long, structureless post, but I'm going to post it anyway cause I really believe I have a message buried in there
Paladium hardware (Score:3, Insightful)
In a Paladium box, the DRM starts with the hardware. Thus, uninstalling MS-WinPaladium and trying to install Linux/Win2K/other is not possible because the hardware will not allow you to run the 'unsigned' installer. Once Paladium, always Paladium.
Even if someone finds a hack/crack around this, installing an alternative OS on a Paladium box will probably not become widely excepted because this is illegal according to the DMCA.
So, let's fight the battle now. Why is or isn't Paladium good for 'the people'.
Recipe for Palladium-killer (Score:5, Interesting)
- Replace the Windows operating system.
- Search the Internet to detect and delete pirated software, music, and movies.
- Eliminate spam and software viruses.
- Prevent a digital thief from gaining access to a computer in person and disabling its hardware security features.
"The goal, Microsoft officials say, is to make servers and desktop PC's that people can trust." (ha-ha)
Maybe a system that did ALL of these things would be competitive?
--
I think it's only fair these [hopefully nonexistent] publishers are forced to purchase Palladium PCs and use only Palladium-liscensed reference material for which they will pay per byte forever.
"Colleges
Why not instead force publishers to provide text-searchable CDs for free to legitimate book owners because of fair use laws? Safari seems pretty useful.
If every student is networked these days, I think there may be an opportunity for universities to promote a solution to a real (as opposed to hypothetical) problem which happens to appear antithetical to Gates' wet dreams.
- Students spend an awful lot of money on textbooks, and sometimes have difficulty finding them in bookstores and libraries. A significant number might jump at the chance to purchase a digital copy instead of the paper textbook.
- Searching for words in textbooks should be promoted at universities as one of the few clear merits of owning a computer in school. It would be interesting to see legally if universities, or individual students, can promote this to the point of forcing publishers to provide a free fair-use cd of searchable text with every textbook. The bookstore could hand them out when books or purchased.
- Students who have purchased second-hand books also should be able to enjoy the benefits of digital searching.
- Annotation is a second obvious merit of using a computer in school, and it's why the web was born. Students used to surfing the web will readily jump into information organized in am easy to use, interactive format. Researchers should also be able to freely access stores of annotations and digital texts.
- Also annotation as well as the ability to index and navigate by scene or timecode is very useful with film and video. This could be useful in university film, music, television, language, and science courses among others, and universities ought to be able to negotiate with publishers to create free-use zones for scholarship purposes without all this annoying crypto. If enough did it, there would be a smaller potential Palladium market.
- Schools with less funding should be able to invest in personnel and students, and (if there is a suitable alternative) ought to be able to use information technology to reduce the financial barriers. MIT has embarked on an open curriculum and more should be promoted. We need to enable people to apt-get an education and get used to it so they won't let it get taken away.
- It would be interesting to see if projects funded by national governments would be exempt from Palladium
- While MP3 sharing may very well be within the law, it is not as obvious a poster child for fair use as any of the above uses of everything from ascii text to hdtv. I think it would be very interesting to see if the open source and educational communities can relatively quickly develop something demonstrably more useful and open that Palladium, and possibly preempt it.
Re:Recipe for Palladium-killer (Score:3, Insightful)
It's also an interesting issue for code books (building, electrical, etc.). It would be great to have a single CD (or network appliance) that lets the user track the changes in a section over the past 50 years.
Basically, we need a way for authors and publishers to be compensated for their efforts in a manner that does not reduce the usefullness of the product. With college texts, there is a set number of copies that can be sold each semester. Anything that eats into that number forces the cost to rise.
I still have most of my engineering books. As much as they weigh, and despite the effort involved in moving them several times, I am happy to have them. Would a CD retain that same useful life?
Should organize the thoughts better, but... what the hell, this is
Timely article for me (Score:5, Interesting)
I use Windows XP with Mozilla. The software my bank uses is only compatible with the Microsoft JVM (stupid bankers...). I have previously installed the Sun JVM, so in an effort to get the Microsoft JVM working I used the new "Set program access and defaults" option which Microsoft added to Windows XP as part of the settlement. It is supposed to make it easier for you to set the default email, JVM and browser clients. I intended to change my defaults to IE and the MS virtual machine, use my bank's site, and then change them back again to Mozilla(1). To cut a long story short, once I had changed my default browser from Mozilla to IE, it was impossible to change it back again. The new configurator that Microsoft had added as part of the legal settlement had renamed all of the mozilla files so they wouldn't work anymore, replacing their old extention with "new", i.e. so mozilla.exe became mozilla.new. Not only that, it also removed the mozilla icon from the desktop, the "power bar" and the menu. So the only way I could get it working again was to completely reinstall it. And they did this as part of the legal settlement!
F*uck them. I'm going to move to Linux for my desktop. It might have installation hassels too, but at least I'll know that they haven't been designed to be difficult on purpose.
(1) This may seem an odd thing to do, but you can't download the Microsoft JVM from the MS site any more, so I thought this might be a way to reactive it.
Good for alternative platforms (Score:5, Insightful)
Now, perhaps some sort of middle ground will finally be reached, between overbroad click-through agreements and overly cheap end consumers. Or perhaps many people will make a move to a system where, for example, Kazaa will still work. Or perhaps Microsoft will take the intelligent (from their business standpoint) road and setup a system which allows piracy to flourish but can protect studio-released content from seeping into that region.
Either way, this looks great for that other OS, OpenBEOS. I mean, Linux.
Bullshit everwhere... (Score:3, Informative)
Computing experts in academe often blame Microsoft for producing software that is vulnerable to viruses and hackers.
But, of late, the experts have been criticizing the company's sweeping plan to correct those very deficiencies.
How is Palladium a plan to thwart viruses and hackers? Right in the bottom of the very same article they say that Palladium will not eliminate software viruses. And I suspect that it will eliminate few hackers too, since the weakest link is the people, not computers.
Can someone explain to me any real, additional potential benefits of Palladium? We have encryption and security for protecting sensitive data already... I bet most of student records leak from the paper copy accessed by some unscrupulous employee rather than through smart hackers.
Palladium is control (Score:5, Insightful)
However, what isn't stated is that Palladium lets you control how I use my computer. That I do not like.
Thus, Palladium is equal and symmetric, except for one thing. Given the power relationship between me and (say) a typical software company, Palladium will only be used to maintain and strengthen their power over me through abuse and control.
Thus, although it nominally gives me the ability to control others, that control will be useless to me in practice. This is much like how copyright supposedly gives band's the control over the music industry. *laugh*
Re:Palladium is control (Score:4, Insightful)
However, what isn't stated is that Palladium lets you control how I use my computer. That I do not like.
It doesn't do either one of these things. What it does is to let you prove to me what software you are running, and vice versa. Therefore we can mutually agree on some data exchange only if we know what software is running on the other end to handle the data. Maybe I'll only download my music to you if I know you're running a music client that does DRM. Maybe you'll only let me join your online game if you know I'm running a non-cheating game client.
This is not control. This is informed, mutual agreement of a kind which is impossible in the online world (but routine in the physical world) today.
Re:Palladium is control (Score:3, Interesting)
In any case, assuming that hypothesis correct, then this is control. You can coerce interoperable software to behave however you fashion, and control interoperability. While it is true that I could coerce you just as much as you coerce me, (I won't let you send me music unless you run a particular music server that serves OGG files.) most business-to-consumer relationships are not equitable power relationships. Thus, the control, while theoretically both ways, will in practice be one-way. (You run XYZ, or else we won't send you a copy of this electronic-only textbook you need for a class you need to graduate.)
Palladium is a mechanism that is perfectly suitable in situations where it really is a voluntary consentual relationship. I would have no problems with Palladium if this was its scope. However and again, many person-to-business relationships are not exactly consentual. (Look at people trying to get refunds for the windows tax on laptops. Or, look at the copy-control cartel.) In the real world of not-entirely-consentual relationships, Palladium will be used for coercion and extortion of citizens.
As-is, and barring the fact that it cannot actually prove to a different machine what software I am running, Palladium is not per-se a completely bad idea. I like it in ways. The problem is that it is one of those things that is guarenteed to be abused, and it will be abused in really nasty ways.
In this real world, Palladium allows digital extortion. Just because I used your software to write my book does not mean that you have any right to control how, when, and where I use my book. That is why I'm against it.
Remember ActiveX, DVD, and Java (Score:5, Interesting)
Java: Protected by a sandbox. At numberous points in past, some implentation flaw has allowed java apps to get around the sandbox.
DVD: Trotted out to content providers as secure since content could be encrypted and secured on the disk. Then one vendor makes a mistake and includes an unencrypted key in their DVD player, some kid in Europe finds it, and the entire house of cards falls down. If that one vendor didn't screw up, DVD's probably would still be unrippable.
In all technologies, the apologists have pointed to the fact that they are secure by design, but flaws in implementation or procedures caused the faults.
So even if I wanted TCPA/Palladium to be a smashing success, I wouldn't bet my fortune on it. Someone will screw it up...
Re:Remember ActiveX, DVD, and Java (Score:3, Informative)
This is misleading.
- The CSS cipher key is 40-bits.
- Whoever designed the CSS cipher wanted it to be cheap in hardware and didn't put much effort at all into its design. There is a simple guess-and-check algorithm that breaks it with a work factor of 2 ** 16.
Based on some simulations I ran with RC6, my PII 266 would break RC6 with a 40-bit key in just under a year on average (unoptimized C). The CSS cipher is much faster and is based on LFSRs, which can be bitsliced very efficiently using MMX instructions (I can try 128 keys simultaneously). Even without the weak cipher design, my lowly dinosaur of a machine could probably recover all of the player keys in under 2 months. (Very pessemistic estimate.)A work factor of 2 ** 16 means that even my slow machine can figure out the disk key in under a minute.
26! is more than 2 ** 88, but that doesn't make your secret decoder ring strong crypto. More or less they used the equivelent of a secret decoder ring to encrypt the data. Ross Andersen's attack on the A4 cellphone cipher should have been known to the designers of CSS, yet they went ahead with a cipher that is more easily vulnerable to the same sort of guess-and-check attack. (None of the advanced Russian sparse matrix inversion techniques are required to make it practical.)
OSX on x86 (Score:3, Interesting)
If this is true then Apple obviously thinks there are going to be a lot of users that are going to be so p****ed off at MS that they'll switch platforms at this time. And they have a lot more marketing dollars than any of us here to predict these things, so what do you guys think?
-Nex
Re:Circumvention (Score:3, Interesting)
So to answer your question: not very long.
Re:Circumvention (Score:4, Insightful)
Re:This is both good, and neccessary. (Score:5, Insightful)
Bullshit. I bought those albums, so it is most certainly fair use. If I started sharing them with someone else, then it would not be. Just because I carry 10GBs of mp3/ogg on my laptop does NOT mean I have violated any law, civil or criminal.
Similarly, how is having a divx copy of LotR illegal if I bought the dvd and ripped it myself?
I can only assume you're referring to people who illegally download mp3s or make divx copies of illegally recorded theatrical showings of movies, but you need to be specific! The lack of specificity insinuates that we're all rampant filesharers, or that the only use of MPEG compression technology is piracy. Keep it up and the next thing you know, the MPEG consortium will have to disband or be incarcerated...
Re:This is both good, and neccessary. (Score:5, Insightful)
If all that content owners were doing is "attempting to enforce their rights", then we wouldn't be having this discussion.
It's really about content owners claiming more rights than they currently have. If I buy a dead-tree book, I can't make copies and sell or distribute them. But I can still make a copy of a page for my own use, or lend or give away the original to a friend. I still control the one physical copy that I have bought. DRM takes these rights away from the consumer. It takes control away from the consumer.
I agree with you that all the people who are mooching need to stop! But I contend that DRM advocates are using the cause of preventing piracy as a smokescreen. Their real goal is to control our behavior to a much higher extent, so that they can separate us from our money quicker. Even if there were no piracy, the push for DRM will not go away, as you suggest. Because Piracy is not the reason for it, it's just the excuse.
Re:This is both good, and neccessary. (Score:3, Insightful)
What they want to stop is sharing that collection with the world via Kazaa, Gnutella, WinMX, or what not. Palladium will make it far more feasible for content manufacturers to allow you to have a copy of the music on your computer, and to burn a cd for yourself without allowing you to give it away to millions of people.
After all, nobody cares about people giving music to friends, even the record company executives realize that's a sales booster. However, Giving music to millions of people needs to become socially and technologically unacceptable.
Re:This is both good, and neccessary. (Score:3, Insightful)
Frankly, I find that hard to believe. If you've been following the DRM, you'd have to take into account that every DRM scheme to date has been aimed at preventing users from making any copies whatsoever, which I would say, is a pretty clear violation of fair use. CSS was created to stop you from making any copy of a DVD. CD copy protection schemes (music) are even more horrendous, often times preventing the *original* from working properly in some people's players. Now, given MS's own attempts at DRM along with the history of DRM in general, don't you think MS would just love to have a way to make the previous generation of Windows simply cease working at an arbitrary date, forcing users to buy a new lisence every n months?
Re:Certify Shmertify. (Score:4, Funny)
MSN was recently noted as serving up different (read broken) content to non-IE browsers. Now you won't be able to decrypt or access MSN ... without Internet Exploder.
Surely, you don't consider this to be a loss?