×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Schneier Analyzes Palladium

michael posted more than 11 years ago | from the verrrrry-interesting dept.

Security 270

bcrowell writes "This month's CryptoGram from Bruce Schneier has an analysis of what little information people have been able to glean (without signing an NDA) about Microsoft's Palladium initiative." We might as well throw in a direct link to Schneier's look at the MPAA License to Hack bill as well.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

270 comments

12 times to install Windows XP??? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4081838)

Hmmm, lets see...

Average AOL User : Installs Windows XP in 1 attempt.
Cmdr Taco : Cannot install Windows XP despite 12 attempts.

So, is this a Microsoft problem, or something more idiotic?

Re:12 times to install Windows XP??? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4081871)

CmdoTaco is a homosexual LUser (Linux User).

Damn, does /. suck for posting, or does /. suck for posting? Post for the first time, and says you have to wait 20 seconds... Well f*ck you /.!

Re:12 times to install Windows XP??? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4081885)

yep, idiotic.

This place is going all to shit anyway.

No, it's neither a problem nor idiotic (0, Offtopic)

d2002xx (586197) | more than 11 years ago | (#4081890)

If everybody can install Windows XP successfully in first time, who wants to buy M$'s next upgrade version?

You can't but admit it's the most intelligent method to earn money in the world, and that's the M$'s "patent".

Re:No, it's neither a problem nor idiotic (-1)

cyborg_monkey (150790) | more than 11 years ago | (#4081899)

Nope, yer wrong. If, in fact, he had to attempt the installation 12 times, he is a bafoon.

Re:No, it's neither a problem nor idiotic (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4081924)

Hey, it only took me two tries to install Linux. Then I realized I hated it, so I uninstalled it. However, I couldn't get the stench of all the greasy hippies that worked on it out of my system, so I traded it to a homeless guy for half a bottle of Mad Dog 20-20, a dog carcass, and some stale french fries.

Re:No, it's neither a problem nor idiotic (2, Insightful)

Launch (66938) | more than 11 years ago | (#4081959)

To say that users upgrade only because they have problems with an operating system is myopic. If that were the case then we would all be using dos still. The reason users upgrade is for features, be it word processors or operating systems. And in MS case, many users upgrade for the 'razzle dazzle of it'. To say MS's strategy is to perposely distribute an operating system that doesn't install on a significant number of it's users machines is just plain stupid.

Hey, I'm all for Linux, and if you don't like MS then fine... but when I heard bitchy stories about how MS makes products that don't work to catch users on the upgrade it's just anoying.

It happens, OSes can be buggy, and they are hard to write. Just look how many kernal patches there are floating out there for the linux distros.

Trust me, if MS had a product that installed successfully the first time for every user that installed it they would flaunt it (and rightful so) in all of their competitors faces.

Bottom line: WindowsXP is an easy to install OS that most likely has a higher success rate of installing on first attempt then any other OS out there (and much higher success rate then most linux distros I've installed)...

Re:12 times to install Windows XP??? (0)

Anonymous Coward | more than 11 years ago | (#4082108)

i have been using Linux for such a long time, that windoze is as foreign to me as Linux is to your avarage AOL/WIndoze user...

what is a virus???

what is a popup advert???

what is spam???

Re:12 times to install Windows XP??? (-1)

Anonymous Coward | more than 11 years ago | (#4082228)

you are so 1337

I like the was you write 'windoze' instead of 'windows'.. It's very fresh and such, because nobody else has ever thought of writing it that way and it really makes you stand out and such

Well (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4081852)

I admire the guy and all, but it seems pretty foolhardy to do ana analysis based on rampant speculation, FUD, and vapor. Wait til you can see the real thing - this doesn't help anybody.

Re:Well (2, Insightful)

CaptainZapp (182233) | more than 11 years ago | (#4081936)

He makes the data-basis of his analysis exceptionally clear and cautions explicitely that things might and will change.

You would have seen that, if you'd have actually bothered to click the link.

Re:Well (3, Interesting)

Fizzol (598030) | more than 11 years ago | (#4081945)

Unfortunately by the time we get to see 'the real thing' it may already be mandated by law and be far too late to do anything about it. When dealing with something like this you really can't have too much lead time.

Also in the crypto-gram (2, Offtopic)

wiredog (43288) | more than 11 years ago | (#4081854)

Down in the news section, he has a link to an article which shows that profiling airline passengers is "provably less secure" than random searches at the gates.

He has issues with arming airline pilots [counterpane.com] as well.


The real dangers, though, involve the complex systems that must be put in place before the first gun can ride along in the cockpit. There are major areas of risk.

Re:Also in the crypto-gram (1)

leuk_he (194174) | more than 11 years ago | (#4081997)

Hmmm. If you want to bring a gun on board of a airplane:
-dress in a fancy pilot's costume. (pick up chicks with it as well)
-wear a gun.

To a 5$ an hour security person. "Sorry i forgot my pilot id".

I think bruce is right.

Re:Also in the crypto-gram (0)

Anonymous Coward | more than 11 years ago | (#4082052)

You haven't been through airport security lately have you. Besides practically being strip searched there are national guardsman standing there with handguns and high-powered rifles. As least that is what is was like when I went out of LaGuardia.

Re:Also in the crypto-gram (1)

leuk_he (194174) | more than 11 years ago | (#4082155)

No, i haven't flying the last 10 month's. Specially not wearing a pilot's uniform.

But your description makes it even esier to bring a weapon on board. Dress like " national guardsman standing there with handguns and high-powered rifles".

Besides that, armed security(army/police) on airports is nothing new. At least not in europe.

Wrong pay rate... (1)

cnelzie (451984) | more than 11 years ago | (#4082063)


The new Federally employeed security personnel will be started at 27k per year moving upwards to 50k per year.

Let's do some math...

27,000 per year divided by 52 weeks equals 519.23 per week

519.23 per week divided by 40 hours equals $12.98 (roughly $13 an hour)

Let's look at the upper end of the spectrum...

50,000 per year divided by 52 equals 961.54 per week.

961.54 per week divided by 40 hours equals $24 per hour.

Of course, they will be hourly employees and I imagine that most will be working closer to 50 hours on average. So, they will be payed somewhere between 32k and 58k per year.

By the way, I do agree with Bruce regarding the arming of pilots being a wrong thing.

Also, if you want to know the caliber of people that are being hired to perform this security task. Go and take the 6 hour plus test that they make you take as the first screening session. Getting hired to do that job takes more than a few months at this time. I have a family member who was recently hired and it took quite a while.

-.-

Re:Wrong pay rate... (1)

leuk_he (194174) | more than 11 years ago | (#4082186)

Ok, i was wrong about the pay rate. But you are a kind of a sadist giving them NO VACATION DAYS AT ALL.

Getting hired to do that job takes more than a few months at this time.

Are they doing background tracking in that time, or are the people hiring burocrats? Or do you spend time training.

Not that I want to be a sec. guard.

Offtopic- he's getting overly complex (2, Offtopic)

dfenstrate (202098) | more than 11 years ago | (#4082260)

The real dangers, though, involve the complex systems that must be put in place before the first gun can ride along in the cockpit. There are major areas of risk.
Yes, this was such a danger, that we all remember the stories about problems with armed pilots that happened before the FAA banned the practice in 1987 for political reasons.


Actually, come to think of it, I cant' seem to recall a single one. Can you?


Pilots carrying handguns on their planes used to be routine, and in fact, when carrying US mail, required [handguncontrolinc.org] by the federal government.
When this person speaks of complex systems, he's obviously forgetting one over-riding principle: KISS. Keep it simple, stupid.
When you give pilots guns, do what other federal agencies and the majority of police departments do- each pilot is responsible for their own firearm, and must have it in their possesion at all times. So yes, they carry it through the gates, and security checkpoints. They certainly don't hand them over at any time to the high school dropouts who clean the plane or run the security checkpoints. They would carry the gun on them, on their hips, or maybe some quick draw holster at their controls (only while their seated.) They should be required to take lessons in weapons retention, so that terrorists would have a harder time getting the weapons from them.
Think about it carefully- when terrorists bust through the cockpit doors, they're going to be close, and their going to be nicely framed targets in a little doorway. Assuming the pilots are vaguely aware of whats happening in the cabin behind them, they're going to be prepared to annihlate one or multiple attackers.


Stun guns and other non-lethal methods often don't work well for single attackers, and are useless for multiple attackers.


Picture this scenario: Terrorists, armed with whatever, try to take over the plane. They are highly trained in improvised weapons and hand to hand combat and there are four of them (a la 9-11. Dealing with the single air marshall that mightbe there would be easy- have one guy start everything, and when the Air Marshall jumps up to take care of the first, the others get out of their seats and take care of him. Presumably, this would be alot of commotion, and the pilots would hear it from the flight attendants, through the doors, our through a cabin monitor of some sort.


Now once they have the cabin under control, they go for the cockpit. They bust through the cockpit door (even if it is reinforced, it won't take long) Here's where the scenario splits.


A. The first guy gets hit with a taser the pilots might have (or blocks it completely with a seat cushion shield.)The others then use whatever they have to kill or subdue the pilots, and take control of the plane. The air force sends up an F-15 and drops the airliner like a bad habit, Hopefully over a rural area. All onboard are lost, maybe some on the ground. National treasures are safe.
B. The terrorists bust through the door. The pilots have the plane locked into autopilot so they can deal with the issue at hand. The shoot the first terrorist. The second. The third. Whats left of the fourth after the air marshall, whom the terrorists already killed, dealt with him. Maybe they're such poor shots they accidentally shoot one person on board, maybe two. The plane lands ASAP (this takes at least 15 minutes from cruising altitude.) Innocent Casualties: 1 or 2, tops. Terrorist casualties: 100% & mission failure. The air force saves a $70,000 Air to Air missle for a target drone.

The crypto-gram article discounts the fears of airliner integrity, so I'll be brief. Suffice it to say, if this airplane [aloha.net] can land safely from 24 000 feet, a few bullet holes don't mean shit.
Other concerns:
We can't trust pilots with guns
Most pilots are ex-military that carried guns all the time when flying for the Air Force. Besides, we trust them with a $40 Million dollar aircraft and 100-400 passangers; why not a gun?
Someone innocent might die
Better than losing the entire plane. Even if they try and fail, I sure as hell prefer a fighting chance with a solid advantage.
The pilots should focus on landing the plane, or engaging in manuvers to through the terrorists off balance
How can the pilots land the craft if they're dead? How can they land it if they're doing crazy manuvers? How can an air marshall do his/her job under crazy manuvers. Answer to all: They can't.

Pilots should be armed, end of story. The prospects look reasonably good for this becoming a reality through legislation, though the feds are bound to fuck it up by making it too complex and cumbersome. I think the same legislation also limits liabilities to airlines in case of accidental shootings in a crisis situation.

We've know they're out to kill us, and if they come here to do it, let's send them to Allah without us.

Re:Offtopic- he's getting overly complex (1)

sphealey (2855) | more than 11 years ago | (#4082357)

Most pilots are ex-military that carried guns all the time when flying for the Air Force. Besides, we trust them with a $40 Million dollar aircraft and 100-400 passangers; why not a gun?
Most pilots are in fact not ex-military, the airlines having grown far beyond the size where military retirees could supply the needed numbers. And most miliary pilots do not carry weapons in the cockpit; they leave security (where it is deemed necessary) to the Air Police or the Marines (in combat situations).

sPh

EFF has nothing on this! (3, Insightful)

Delrin (98403) | more than 11 years ago | (#4081865)



"None of this is new or controversial, so why are copyright holders even talking about this? This bill would make it legal for the MPAA, the RIAA, and its ilk to break into computer systems they suspect (with no standard of evidence) are guilty of copyright infringement. It will allow them to perform denial-of-service attacks against peer-to-peer networks, release viruses that disable systems and software, and violate everyone's privacy. People they choose to target would be deemed guilty until proven otherwise. In short, this bill would set up the entertainment industry as a Gestapo-like enforcement agency with no oversight. "

Isn't this just becoming the general trend in America? I wonder how many victims of the MPAA will be arabic looking?

VM Could break Pd perhaps? (5, Interesting)

Dooferlad (101535) | more than 11 years ago | (#4081873)

The latest Crypto-Gram has some things to day about Pd, or Palladium as the full name goes. It is interesting, but it doesn't say anything about somthing that sprang to my mind - the possibility of a virtual machine that runs as a Pd device, on top of a non-Pd device, completely breaking the security. This would be hard to do I expect, but not impossible. Those who have written VmWare and similar programs probably have it in them to reverse engineer the protocols used and re-produce them in software, for the sake of argument call it VmPd.

It goes like this:

VmPd runs on a PC, VmPd contains all keys required to access all areas of itself. VmPd is trusted, because it is a trusted PC (which is the point of this whole mess) to do what it is expected to do. For the sake of argument assume we have downloaded The Little Mermaid under license from Disney, and we are only allowed to play it once. We turn off VmPd, and all we have is an encrypted jumble on our hard disk where we set up the partition to host it. We also have the keys to read it though, and simply decrypt the move and show it to our hypothetical little children as many times as we like.

This works because, as I understand it, Pd only allows you to access material with certain rights, depending on what access partition it is under. If Disney set up an access partition for downloading movies, this will be done in a way that trusts your Pd machine.

Assuming that Disney only give you a key when you pay for one, that key will always work unless they can chance how the movie is encrypted. It is conceivable that they would have a player that on-the-fly re-encrypts the movie with a new public key as you view it, every time you view it, and they only give you the new private key when you pay for it. But the transmission of the key is encrypted, trusted because you have a Pd device, so you just intercept the key on its way into VmPd, don't play the movie, and decrypt it yourself and watch as many times as you like.

I am probably missing something, but it makes for interesting thinking.

Re:VM Could break Pd perhaps? (2, Funny)

revery (456516) | more than 11 years ago | (#4082048)

That is interesting...

Now I'm excited about Palladium. ;)

Re:VM Could break Pd perhaps? (1)

matman (71405) | more than 11 years ago | (#4082115)

They may do something like certify the key in the CPU to be trusted by Microsoft or something like that. Palladium would be shipped with MS's public key, and so would try to validate the the CPU's key. You could maybe get around this by copying the CPU key of a trusted CPU or something, but, then they could tie it to some hardware factor, that you'd have to emulate as well.

Re:VM Could break Pd perhaps? (3, Insightful)

Fruit (31966) | more than 11 years ago | (#4082138)

The problem is of course in constructing the Palladium emulator (VmPd). You'd have to break a real one open to get the encryption keys out, and even if you succeed, the key of the real Palladium is licensed to you (and can be traced back to you). You won't be able to put it on a website without violating some agreement you signed when it was licensed to you.

So yes, it could work, but it's not going to be easy and it will be a significant threshold for anyone who wants to upload new materials to p2p. It'll be possible, but not casually so.

Re:VM Could break Pd perhaps? (0)

Anonymous Coward | more than 11 years ago | (#4082255)

"he key of the real Palladium is licensed to you" Given Microsoft's track record on making secure, unspoofable, keys, this is not likely to present much trouble.

Re:VM Could break Pd perhaps? (1)

Dooferlad (101535) | more than 11 years ago | (#4082287)

It is more a case of if you can create valid Pd keys, then you are home free.

If you can't (MS distributes them, and signs them, with signatures publicly available for all keys linked to UIN's or something) then you could, for instance, use the trick of differential power analysis [ibm.com] to identify the key (which is fixed in most smart cards these days, but used to be a problem) then you can clone a Pd system. If you owned the system, then who would know?

As long as you decrypt stuff and erase any signing / watermarks etc, you can upload stuff to P2P systems if you want. I wasn't thinking of that though, just creating a system to allow fair use. I won't go into the fair use rant here because I am sure eveyone has heard it many times before.

Reminds me of Tivo (1)

MiTEG (234467) | more than 11 years ago | (#4081886)

"There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at."

Isn't that a lot like the Tivo "feature" that reserves a set amount of space on the drive for automatically downloaded "content" that can't be removed?

Re:Reminds me of Tivo (3, Insightful)

Tall Rob Mc (579885) | more than 11 years ago | (#4081916)

Problem is, my computer holds information far more important than my TiVo. They can have my TiVo space, but I'll be damned if they touch my computer.

Re:Reminds me of Tivo (0)

Anonymous Coward | more than 11 years ago | (#4081929)

No, because Tivo sold you a machine with 20Gb (or whatever) of space for your programs - and that's what you got.

They need some scratch space for their own housekeeping, and the space used for that does not come out of the space you paid for.

Re:Reminds me of Tivo (0)

Anonymous Coward | more than 11 years ago | (#4081975)

Couldn't they just list it in the disk space reqs for Pd? Say something like 3 GB are required, and use that space to make a new partition?

Re:Reminds me of Tivo (0)

Anonymous Coward | more than 11 years ago | (#4081931)

On Slashdot [slashdot.org] last May.

Re:Reminds me of Tivo (1)

will_die (586523) | more than 11 years ago | (#4081967)

Tivo is different, when you purchase the Tivo you are only given X amount of hours, any of that other stuff is stored above the X hours. No product loss.
The only way for this to be similar is if when you purchased a hard drive that had storage above what was on the box that only the pd could get to.

More info here (5, Informative)

countach (534280) | more than 11 years ago | (#4081887)

There is more info at the EFF here [eff.org] . And donate some money while you're at it. That's more likely to help than a slashdot whine.

What should I add to my sources.list ? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4081895)

And which is the fastest mirror for apt-get?

Is it in the non-free section?

Has anyone got it to compile yet?

Re:What should I add to my sources.list ? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4081979)

apt-get install buttfucker-junior

deb-src http://goatse.cx

You now have the clues... go to it, man!

My favorite quote (5, Insightful)

stefanb (21140) | more than 11 years ago | (#4081901)

They're trying to invent a new crime: interference with a business model.

This sums it up pretty nicely, I think.

Re:My favorite quote (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4081910)

I suggest a slight alteration:

Interference with the "right to profit".

Re:My favorite quote (1)

e_nygma99 (580298) | more than 11 years ago | (#4082099)

I would concede that if I own a business, then I have a 'right to try to acheive a profit', but not necessarily a 'right to profit'. It's just a 'New-new-New Economy', being driven by the monopoly out of Redmond. What does this mean for the consumer? Well, it's east to project that you won't be able to let your kids play {Insert game here}on your PC or Game console without buying their own copy first. This would generate more revenue for everyone; including M$, if it's their trusted system things are running on. What a crock.. Security and M$ just doesn't go together, unless they can profit from it. Just my .02.

With all this non-resalable equipment and media... (4, Interesting)

tlambert (566799) | more than 11 years ago | (#4081902)

With all this non-resalable equipment and media, has anyone done an environmental impact study in terms of waste disposal, when your computer and/or it's current OS load and the CDROMs it came on can no longer be donated to the local orphanage?

We're already having problems with monitors and computers (it costs to throw a monitor away where I live, unless you take it to the dumpster at 3AM), with most printed circuit board finding their way to heavily contaminating the countryside during cheap-labor disassembly after shipping to Asia.

-- Terry

Re:With all this non-resalable equipment and media (4, Funny)

Waffle Iron (339739) | more than 11 years ago | (#4082216)

The Palladium scenario would be a net benefit for the environment. Nobody would ever throw away any electronic equipment ever again, for fear of losing the magic keys that enable them to watch the content that they paid for.

No circuit boards would be dumped in Asia. They would remain embedded in ever growing stacks of redundant consumer electronics devices in American living rooms.

One side effect: sales of outlet strips, surge protectors, A/V cables and video selector switches will skyrocket. Buy Belkin stock today to get in on the ground floor.

A tired Hollywood plot? (4, Funny)

bunyip (17018) | more than 11 years ago | (#4081905)

Viewed from the 10,000ft level, it sounds like a common Hollywood plot (Pd in parens):

It's the year 2050 (2004) and the government (MS) is telling everybody how they will live (compute). Trust is guaranteed by the government (MS) and violators will be punished (digitally locked out). The people (programmers), though outwardly happy (productive), harbor deep lingering desires for freedom (open source).

Then, along comes a rough-shaven, rogue hero (hacker), played by Stallone or Schwarzenegger (Torvalds). The aforementioned hero (hacker) then liberates the people (programmers) from the tyranny of the government (MS). The people (programmers) are overjoyed, their lives have returned to normal.

So - if it ever played out like this, I'm sure someone in Hollywood already has the rights to the script. Will they own us?

Alan.

Re:A tired Hollywood plot? (4, Funny)

Anonymous Coward | more than 11 years ago | (#4081940)

Wow, I have to admit, the parent post is insightful (stupid). The analogies are concise (tired) and accurate (cliched). It truly makes me proud (depressed) to read this masterpiece of slashdot (slahbot) eloquence (drivel).

Grrr... If they're even using Pd for short... (0)

Anonymous Coward | more than 11 years ago | (#4081909)

Damn microsoft forever damaging the good name of the 46th element.

TCPA / Palladium FAQ v1.0 (4, Informative)

Camillo (123336) | more than 11 years ago | (#4081913)

Bruce also refers to Ross Anderson's TCPA/Palladium FAQ [cam.ac.uk] , which is well worth a read. Of particular /. interest is question 18, cryptically titled "Ugh. What else?":

"TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed." "You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system."

A lot of background information can also be found from Ross' page about Economics and Security [cam.ac.uk] .

You should ask yourself the question "if a computer can run code in a protected environment, whose code would you be willing to let into the computer?" Once it's there, it is protected - even from you.

History tells the future. (4, Insightful)

miffo.swe (547642) | more than 11 years ago | (#4081920)

Bruce Writes:

"It's hard to sort out the antitrust implications of Pd. Lots of people have written about it. Will Microsoft jigger Pd to prevent Linux from running? They don't dare."

I dont have the same impression of Microsoft that Bruce seems to have. If i go trough what they have done in the past there is nothing they wouldnt do to get more control. They will almost certainly have a licence tailored to make it hard for Open Source/Linux to implement it without breaking GPL.

Considering that GPL is a bigger threat to them than linux itself i assume they will take a shot at it. GPL is the one thing stopping them from stomping all over Open Source wreaking hawoc like in Simpson. They much prefer the BSD licence where they can "borrow" code since the despite their extremely big cashpile cant get people who knows how to code.

Usefulness of Palladium? (4, Funny)

Wingchild (212447) | more than 11 years ago | (#4081932)

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?

Dear lord! Perish the thought.

I can't even imagine most companies having to deploy something on this order to safeguard their data. Hell, I'm not even sure the military needs it.

For reference, the Department of Defense has a series of guides and guidelines for locking systems down to ensure security. These are called STIGs and are created by DISA (Defense Internal Security Agency) and the NSA (National Security Agency). When the guides are applied the machines are as secure as can be made.

Part of the guidelines cover physical security; i.e., if someone can reach your hardware physically without being cleared for it, you fail that part of the check. As such, I can't imagine how Palladium would not be redundant to things we already have in place.

For good security, you can use smartcards with a PKI certificate, anyway. Don't let someone sign on without one, don't let them access data without one, have an active and interested central monitoring and issuing authority and practice good physical security. Save the money you'd spend on Palladium equipment.

Re:Usefulness of Palladium? (3, Insightful)

Over_and_Done (536751) | more than 11 years ago | (#4082041)

I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?

I think that the point is that the consumer does not have a choice. They buy the latest and greatest that Dell sells them, and don't really pay attention to the OS, or anything else associated with the machine. People will be adopting something that they don't understand. Not a whole lot different from what goes on today.

Re:Usefulness of Palladium? (2)

sphealey (2855) | more than 11 years ago | (#4082058)

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?
The "average user" won't get a choice. The number of organizations capable of designing and manufacturing general computing chipsets has been falling since the 1980s; I believe that in order to produce an Intel-compatible motherboard today you would be forced to buy chips from one of three vendors. Once those three are on-board (ha ha), all chipsets and hence all Intel systems will become Palladium compliant.

A few techno-geeks might be capable to putting together Linux systems from the parts bin, but they likely then wouldn't be able to run any commercial software.

sPh

Re:Usefulness of Palladium? (3, Insightful)

imadork (226897) | more than 11 years ago | (#4082117)

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described. Hardware-level tampering resistance is a good thing for Department of Defense computers, say, but does the average home user, surfing the web and storing recipes, really have to worry about someone leeching that information from residual information that could (maybe) be gleaned from the CPU itself?

You're right -- for the average home user, a non-palladium system will be more useful than a palladiun system, all (technical) things being equal. But there will be marketing, social and political issues that will sway the average user --

  • Palladium will (and already is) being marketed as a way for the average user to secure his or her own information, even if this claim is somewhat dubious. (It has been billed as a way to prevent viruses from running, because they wouldn't be signed and would not be trusted by default, for instance.) Remember that no matter what their marketing people say, Microsoft doesn't care one whit about the integrity of your data, unless they can find a way to make money from it.
  • Major content distributors have, for the most part, been hesitant to distribute digital content without the ability to control it as much as possible. Once Palladium-enabled PC's ship, don't be suprised when all new CD's, DVD's, or whatever is carrying content at that time won't work on old PC's (or, old stand-alone players for that matter). This will be an incentive for the average user, who can't live without their media, to upgrade their hardware and software to Palladium-enhanced versions.
  • As we have seen in the past, content distributors will buy legislation, in as many countries as possible, that will make it illegal to circumvent the "protections" in a DRM scheme, and Microsoft will be happy to offer Palladium as a way to comply with that law. (As above, this will be billed as a way to protect consumers, when in reality it is a way to protect content distributors at the expense of the average citizen.) By licensing the technology to all "established" Commercial OS (and standalone media player!!) vendors, they can dodge the Monopoly accusations while getting to Microsoft's Holy Grail -- getting money for every PC (and CD/DVD/whatever player!!!) that ships, whether or not they actually own the OS that ships on it. It has the added benefit of mandating that people upgrade their hardware in order to comply with the law!

Re:Usefulness of Palladium? (1)

OmniVector (569062) | more than 11 years ago | (#4082123)

Unfortunatly the problem isn't that the average home user wouldn't purchase it. The problem is Microsoft is going to get this into writing, it will hit the markets, and it will flood the pc market. Joe won't know the difference because Joe doesn't usually buy Mom 'n Pop PC3000. To make matters worse, the Microsoft/PC Manfacturer liscenses practically force every large company that makes PCs to spit out a Windows Box with Pd, or else they threaten to stop liscensing that company windows -- which unfortunatly is suicide for most companies because of the monopoly Microsoft has on the market.

This isn't going to be a consumer choice I fear. It's been evident for awhile that big greedy corporations don't care about consumers but only the shareholders.

Re:Usefulness of Palladium? (2, Insightful)

tijsvd (548670) | more than 11 years ago | (#4082151)

After reading the article, I can't imagine that a home user would ever make a point of purchasing a system on the order described.

Unfortunately the home user won't read the article. He will read advertisement ads that promise him a computer that will make "Windows XP even more secure".

The home user bought Office 2000 because of the helpful little paperclip. He will buy this.

Why the hardware? (2)

truthsearch (249536) | more than 11 years ago | (#4081935)

Can someone please explain why the desired level of security can't be obtained by only software? What exactly are the situations which require a security chip as opposed to software? I'm not speaking of physically breaking into the computer, but someone at the keyboard or over a network.

Re:Why the hardware? (1)

Camillo (123336) | more than 11 years ago | (#4081974)

An example goes a long way. Take Linux kernel rootkits for instance. Once a (let's assume well-programmed) rootkit is in place, it will intercept all system I/O that would reveal its presence. The data the I/O returns is then modified to remove all traces of the rootkit's existence. For intents and purposes, the rootkit isn't there. Except it is.

The only reliable way to avoid this is to "bootstrap" the kernel from a trusted hardware component that makes sure that the kernel being loaded does not contain a rootkit.

So, to put it briefly, you need the trusted (as in the "can violate policy" sense) component to establish your initial trust in the software you are running.

Re:Why the hardware? (1)

z-man (103297) | more than 11 years ago | (#4081976)

There is a lot of different ways to snoop around a computer, a lot of the stuff that goes through your hardware can be picked up via things like Van Eck Phreaking [techtarget.com] . You can protect yourself from attacks like this with software alone.

Re:Why the hardware? (2)

DoctorFrog (556179) | more than 11 years ago | (#4082144)

Because you control the software. The object of
the exercise is to protect the copyright holder
of the file you put on your computer from
you.

Ownership of Your Own Computer (5, Insightful)

Greyfox (87712) | more than 11 years ago | (#4081952)

Bruce Says: My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet.

We're already well down that road. It is very easy to see a day when the general computing device we all know and love will be illegal because it makes it way too easy to copy digital data. Nevermind that what made the general computing device popular is that it manipulates digital data so easily.

We all know what the industry wants. THe industry wants a pay per view world where every consumer pays every time he views industry owned content and the industry is protected from competition because they control the technology that allows content to be created. It isn't about fairness. It isn't about content authors getting paid. It's about greed, plain and simple.

Damn! (2)

Greyfox (87712) | more than 11 years ago | (#4081963)

I thought I closed that i tag there. That's what I get for posting to slashdot before I've had my coffee. Bruce said the stuff in the first paragraph there. The second two are my comments.

Re:Ownership of Your Own Computer (0)

Anonymous Coward | more than 11 years ago | (#4082017)

fuck em and feed em fishheads, i won't buy one of those computers, i would rather do without thsese new computers and keep what i have now with Linux installed...

got /root

vaporware... ? (5, Funny)

jukal (523582) | more than 11 years ago | (#4081958)

Palladium, Pd46, Heat of vaporization 357.0 kJ/mol. I quess kJ/mol means, KiloJournalists / Microsoft's Obfuscated Literature?

One IMPORTANT thing (1)

Libor Vanek (248963) | more than 11 years ago | (#4081960)

I couldn't NOWHERE find one - the most - important thing - WHO&WHY is gonna buy Pd-PC? I couldn't think out any reason to buy such a crippled (and expensive probably also) computer except forcing it by very restrictive law.

Just you wait and see... (0)

Anonymous Coward | more than 11 years ago | (#4081965)

They just might do that.

Re:One IMPORTANT thing (1)

Fizzol (598030) | more than 11 years ago | (#4082003)

> I couldn't NOWHERE find one - the most - important thing - WHO&WHY is gonna buy Pd-PC? You won't have a choice. Palladium will be mandated by law ni the name of national security or some such. It will be illegal to use, produce or view DRM content on a non-Pd system, it will likewise be illegal to connect a non-Pd system to the net in the US.

Re:One IMPORTANT thing (2, Interesting)

miffo.swe (547642) | more than 11 years ago | (#4082037)

They will probably coerce it into AMD and Intels Cpus by either repression or by lobbying. Once its in the CPU its a easy task of just slipping it into the next version of Windows.

Their goal is probably to make it impossible to buy a new computer without the hardware part. Once that is in games and other apps are released to only work on a palladiumenabled computer. Note that this is a bit down the road and not all of it will happen at once. Its a sneak attack.

Hopefully either AMD or Intel will see that the one of them that not has the hardware thingie in their CPU will be selling a lot more CPU's than the other.

On that conclusion i presume they will lobby as hard as they can to make it mandatory to have TCPA built into new computers.

Re:One IMPORTANT thing (1)

adamfranco (600246) | more than 11 years ago | (#4082081)

If Pd becomes mandated by law in the US it is going to severely cripple any software and hardware industry not associated with MS. If this happens I'm moving to Canada or Europe. Thank goodness for those other countries (China, Iran, etc.) that at least don't want MS looking over their backs. We may be more free politically, but in a few years they might have more software/hardware choice.

Those who would give up essential liberty to purchase a little temporary safety deserve neither...
-Benjamin Franklin

Re:One IMPORTANT thing (1)

Xtacy (12950) | more than 11 years ago | (#4082274)

How will this help? I live in Canada, and do you think they will sell Windows and its variety of software in Canada that will work on a non-Pd-PC? It'll be the same everywhere, you can't run the newer stuff because you dont have Pd machine.

gaming companies will be forced to have it in their games etc. etc...

This is a bad thing

Good insight (2)

beleg777 (551987) | more than 11 years ago | (#4081966)

I'm sure others will mention this, but I thought this quote was worth highlighting.

Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think.

Anyhoo, I thought this was a good, well ballanced article. He's much more realistic than most about what may happen, both on the paranoid and the hopeful angles.

Re:Good insight (3, Insightful)

seosamh (158550) | more than 11 years ago | (#4082032)

I was going to quote the same passage, along with

Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.


Whether MS actually needs the content companies at this point is debatable. If it came to that, Gates could buy a couple ;> in a pinch.

But if MS wants content available on their platform, why not open that platform up to let the consumers of content make sure they can access their favorites on Windows? There are a lot of people who use MS products by choice (not me, but there are such people) who would build their own open source solutions if MS would give them the slightest encouragement.

Or maybe not. What the hell do I know?

Opposing Microsoft is communism (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4081970)

Don't listen to the anti-Pd agit-prop. All what Billy G. want is to help fighting terrorism: listening to music without the permission of politbureau of the RIAA, watching foreign movies etc.

What is good for Microsoft is good for America.

On the same topic... (3, Informative)

jnd3 (116181) | more than 11 years ago | (#4081978)

Bob Cringely wrote a column [pbs.org] on the same topic about a month ago. He called Palladium a Rosetta Stone for malicious hackers. Sounds like a blast.

That's just what I want, another Microsoft initiative aimed at security. They've done such a good job at it so far that now I'm a whisper away from getting my account canceled by my ISP -- all because some Outlook/Outlook Express user somewhere has Klez and our e-mail address.

Palladium (like chemists, Microsoft calls it "Pd") (5, Funny)

ejaw5 (570071) | more than 11 years ago | (#4081983)

as all chemistry students will learn:

Palladium (Pd) + MP[3/G/EG] (MP*) => Fire.

How to beat it (2, Interesting)

ShieldW0lf (601553) | more than 11 years ago | (#4081987)

My understanding of the way this system works is that the authour of a piece of media will be able to revoke ppls rights to use it remotely. What needs to happen is for someone to hack some major source of media, and wipe out everyones media. Once this happens, people will refuse to buy the hardware. If you could wipe out a few multinationals and a few important government departments, that would help bring us all together, "consumers" and government alike.

The worm (2)

oliverthered (187439) | more than 11 years ago | (#4082292)

I had a simila plan to kill off the BSA,
Construct a worm/virus with a load of keygens that goes around changing all the software licences it finds, the BSA wouldn't be able to work out what was licensed and what wasn't.

You could do the same for media, change all the keys, once you've done that everything would be buggered.

It's already happened. (3, Insightful)

gillbates (106458) | more than 11 years ago | (#4081993)

My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet.

Strange thing is, what most people don't realize is that they don't own the software that runs on their computer. Microsoft does (or at least the EULA claims they do). Our computers are not our own, and have not been our own, for a long time now. The sad fact is that while we may physically own the hardware, a part essential for the hardware functioning - namely, the OS - is owned by Microsoft.

Now, you could counter by saying that people could run Linux, however, this isn't really an option for the average computer owner. Most computers built today have hardware that isn't fully compatible with Linux (Winmodems, etc...). So, the while the user has physical possession of his computer, all of his data is effectively owned by Microsoft, because without Microsoft's blessing, the average PC is useless.

So the next time you hear of someone wanting to buy a new PC, you might want to remind them that unless they are willing to install Linux, they aren't really buying anything. It's more like a lease from Microsoft.

Re:It's already happened. (3, Insightful)

danheskett (178529) | more than 11 years ago | (#4082024)

This isn't just Microsoft mind you, anything you "buy" in regards to IP is simply licensed.

If you buy a DVD of "The Little Mermaid" do you actually own the little mermaid? Can you resell copies of it? Resell distribution rights?

What do you get for your $20?

You get the right to watch a copy of that movie, in a certain way, on certain devices. You don't own "The Little Mermaid", but rather a mere copy.

The same is true of software. If you buy a piece of software for $400, you aren't owning the software. YOu are licensing a copy of it.

EULAs are probably invalid. And MS's EULAs suck. But there is a real difference between FPP (full packaged products, what you buy at the Mall) and the license on bundled, OEM, or Volume software.

So yes, you are entirely correct. You are effectively leasing software from MS, except right now you pay for it up front in one payment (with a few notable exceptions).

This isn't really new, or exciting. Its pretty old, and worn issue really.

Re:It's already happened. (3, Insightful)

RickHunter (103108) | more than 11 years ago | (#4082193)

Yes, its an old, worn issue... And many people still don't know about it. Or play down its importance. Or ignore it entirely.

Also, note that you used to be buying a copy of the Little Mermaid (to use your example), but some of your property rights were restricted for the good of society and the intellectual commons. Unfortunately, recent copyright law revisions have travelled far along the road to turning copyright into ownership, so this is no longer true.

Yes, its an old issue... And we should keep reminding people of it. Because ignoring it won't make it go away.

Relevant, thoughtful, and unpartisan (2, Interesting)

l33t-gu3lph1t3 (567059) | more than 11 years ago | (#4082031)

Amazingly enough, this one is able to analyze most of the knowledgebase around "Palladium" and boil it down to the more interesting core issues. I would've appreciated a little more insight along the lines of what such a strategy as Palladium does to the role of the PC however. Generally speaking, PCs are multipurpose machines, which are *fully* programmable, and do pretty much whatever you tell them to. They manipulate data in any way *you* the *user* see fit. What Microsoft is attempting with "Palladium" is going to place restrictions about what a PC can do, and leave these restrictions up to the content producers. I won't comment on the stance of the content producer, but I will mention that this is a departure from what has been a central tenet of the computer: "it's yours". The trend seems to be shying away from "it's yours" to "you didn't buy it, you paid us to ALLOW you to use it - in a way we deem appropriate". Of course, "we" being the content producers. Microsoft really doesn't care what we dow with our music and movies - they just don't want the MPAA/RIAA/Legislators breathing down their neck.

Lots of things to think about in this piece... (5, Insightful)

jvmatthe (116058) | more than 11 years ago | (#4082042)

Microsoft really doesn't care about what you think; they care about what the RIAA and the MPAA think. Microsoft can't afford to have the media companies not make their content available on Microsoft platforms, and they will do what they can to accommodate them.

This brought two ideas to mind...
  • Microsoft often positions themselves as a company that empowers the individual user with new software. Will this pitch ring as true when they have clearly stacked the deck to pay homage to the mighty media companies at the expense of the usual freedom that users are fast becoming used to? Or will they find a way to make less freedom seem like more, so that the individual users don't notice?
  • My usual impression of Microsoft is that they will work around obstacles to maximizing profit. That's what C# (vs. Java) and IE (vs. Netscape) are all about. So, perhaps they'd eventually find it in their best interest to become a real media company themselves and work to lay the new foundation for replacements (or a replacement) for the MPAA and RIAA. Why not the Global Media Producers Association which encompasses all media and has a leaning towards digital distributions, effectively making the MPAA and RIAA obsolete? With such a leadership role (staying at arm's length to stave off anti-trust litigation), they could easily position themselves as the premeire distribution point for such media, without necessarily locking out other platforms (like Apple's MacOS).
  • Wouldn't it be cool, in a way, to see Microsoft pay lip service to the RIAA and MPAA while cleverly stabbing them in the back? Microsoft is, after all, one of the most vicious hard-ball companies around, or at least has given many that impression. I say that not necessarily in a negative light, in case it comes across that way. It's kind of like enjoying watching a good bad guy in a movie. :^)

Ok, time for work...

I'm Scared. (0)

Anonymous Coward | more than 11 years ago | (#4082045)

Please, please, please someone tell me what it is going to take for us geeks to rise up and make people aware of what's goin on in the world in regards to technology? After reading this article, what joe-schmoe in his right mind would actually support something like this?

How do we wake the layman up and get them to smack these god damned senators supporting these initiatives with a cluebie stick???

-US Citizen

Pally-Dumb (0)

Anonymous Coward | more than 11 years ago | (#4082046)

Pally-Dumb is just M$FT's attempt at makeing a secure enviroment for their vulnerable kludgeware OS to live in since they are too stupid to make a secure OS that can stand on its own...

and an attempt at extending the life of thier monopoly on computer desktops, which is like a dieing man fighting for another breath before he dies...

die mickysoft just crawl in to your grave and die...

What is really disappointing in Palladium (2, Funny)

af_robot (553885) | more than 11 years ago | (#4082056)

No one will ever even imagine a beowulf cluster of these Palladium PCs!! Damn!

Re:What is really disappointing in Palladium (0)

Anonymous Coward | more than 11 years ago | (#4082075)

sure i can, i can go outside and get some rocks out of my garden, and line them up in a row and make maybe several rows, and it would be an exellent example of several pally-dumb enabled computers in a cluster, dumb as rocks...

Re:What is really disappointing in Palladium (1)

Xenographic (557057) | more than 11 years ago | (#4082170)

No one will ever even imagine a beowulf cluster of these Palladium PCs!! Damn!
-----

Yes we can--sounds like the Big Brother Digital Security Network, to me...

Are we gonna need Mod Chips for our PC's then? (2, Interesting)

dBLiSS (513375) | more than 11 years ago | (#4082069)

I can see it now, you will have to buy Mod chips for your PC on the grey market, to get around the hardware "security" just to install Linux..

Re:Are we gonna need Mod Chips for our PC's then? (2, Insightful)

thasmudyan (460603) | more than 11 years ago | (#4082316)

I can see it now, you will have to buy Mod chips for your PC on the grey market, to get around the hardware "security" just to install Linux..

Yes, maybe so! Obviously the first version of Palladium will be the friendliest, in order to calm critics and get user acceptance. At some point in the future you won't be able to install Linux, but before that a lot of other stuff will be gone, too. The PC will be a completely different thing, the stuff you can do with it will be outweighed by the stuff you are not allowed to do with it, by then. It will be a slow process of course, to keep the users in a spiral that is slowly spinning down (you don't want to wake them up doing harsh movements).

The main problem is, that the computer as we know it today is inherently the most dynamic tool mankind has ever built. It is based on the concept of copying and modifying data freely. Most of the computer's convenience and usefulness comes from this property. Now Palladium/DRM takes this away to the maximum extent possible without turning the whole PC into a vegetable.

This technology WILL come, and it WILL take away our most beloved toy to replace it with some ghastly Juggernaut that watches our every move. Our own PC will be treating us as the enemy!

Isnt he being a bit harsh here? (5, Interesting)

Kenneth Stephen (1950) | more than 11 years ago | (#4082090)

To quote : "3. Like everything else Microsoft produces, Pd will have security holes large enough to drive a truck through. Lots of them. And the ones that are in hardware will be much harder to fix. Be sure to separate the Microsoft PR hype about the promise of Pd from the actual reality of Pd 1.0."

Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.

Re:Isnt he being a bit harsh here? (3, Insightful)

Observer (91365) | more than 11 years ago | (#4082206)

Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
Design, yes. Implement? Well, given the SSL certificate mishandling in IE that's been reported recently (and commented on in this same edition of Mr Schneier's Cryptogram), quality control still seems to be a little, um, lacking. It's a little difficult to change the whole culture of an organisation from getting the latest! greatest! new-featured! products out of the door to hit the marketing window, to one where you're concentrating on getting the thing done right, even if you need to take more time and money over it. Yes, MS will gradually improve - it has no choice as it moves into areas where errors may cost serious money - but it will be a long process.

Re:Isnt he being a bit harsh here? (1)

reaperbean (453437) | more than 11 years ago | (#4082209)

Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs.

M$ produces products on various levels, and yes, there home operating systems are based on user-friendly at all costs. However, you can't say that all M$ products are aimed primarily at user-friendly. M$ does not blatenly ingnore security with their high end producst, they just have a bad track record.

Their past history doesnt imply anything about how secure they can make their stuff.

Perhaps not, but it certainly sets a pattern. Security is not so much an added feature as it is a mentality. Security needs to be incorperated in to a design from the bottom up, not just as an extra bonus. This is where M$ historically fails, they use poor designs, and then try to patch over security design flaws later.

Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.

Having smart people means nothing if they are not given freedom to design and inovate. This is why M$ can't compete on a fair playing field with Open Source software and as such is adjusting their tact to fight a legal and political battle.

If you can't build a superior product, simply get the government to give you a monopoly.

Re:Isnt he being a bit harsh here? (5, Insightful)

sphealey (2855) | more than 11 years ago | (#4082330)

Sure, Microsoft has to date produced lots of software with security holes "large enough to drive a truck through". However bear in mind that the holes have usually been a consequence of the overriding principle of wanting to keep things user-friendly at all costs. Their past history doesnt imply anything about how secure they can make their stuff. Certainly, Microsoft hires a lot of smart people and I'm sure that if they were given the mandate to design and implement a secure infrastructure, they could do it - something that Bruce seems to think is impossible.
I would argue that it is in fact the very "smartness" of the people at Microsoft that makes it unlikely that MS will be able to create a secure product. Mr. Gates has explicitly stated (interview in Newsweek about 1995) that when he was hiring people to build Microsoft, he wanted very young, very smart people with no previous experience in the computer industry. And he got them in droves. So these very smart people came in and started rebuilding everything from scratch - without bothering to study the fundamentals or learn about what had been tried in the past.

So the smart people at Microsoft made every mistake that had been made in computing since 1938 all over again, without knowing they were making those mistakes or what their consequences would be. Networking is a perfect example: in their haste to bring something to market that would displace Novell (keeping in mind that Novell created the market for MS-DOS networking), the genuii at MS built a clumsy, difficult to manage, insecure contraption of a networking system that ignored every lesson Xerox, Novell, 3Com, Wang, and others had already learned.

And, thanks to the power of the installed base, we are now stuck with Microsoft Networking and its insecurities for at least the next 20 years, because everything has to be backward compatible with what is already out there.

So I would say a combination of smartness, arrogance, and lack of perspective is exactly what has brought Microsoft code to where it is today. And a corporate culture of that nature is very, very hard to change.

sPh

Other changes in Palladium (2, Insightful)

l33t-gu3lph1t3 (567059) | more than 11 years ago | (#4082102)

What is also interesting to note about this article is the hints it gives as to Microsoft's future plans for software security. The idea of having independant secured partitions within a computer is not new of course, but it's nice to note that MS is doing *something* about their rather poor security history. Oh GOD, please pray that they don't integrate Outlook Express with the *secure OS* portion of Palladium

Not the MPAA's bill. (3, Interesting)

Anonymous Coward | more than 11 years ago | (#4082212)

Quite frankly, I'm a little tired of the reactionary way in which any perceived infringement on electronic freedom is automatically associated with the MPAA. For the record, the RIAA works closely with Berman, and the bill is more or less theirs. Jack Valenti has publically distanced himself from the bill, and it's not something the MPAA had a hand in.

There's a lot of misdirected initiatives out there, but please credit the MPAA with knowing what's right and what's not.

In layman's terms: Stealing our member companies product: wrong. "Hacking" (I'd prefer "cracking," or simply "script-kiddying," as a DoS attack is not hacking in the traditional sense) a consumer's computer: wrong. Sending Cease and Desist letters and, when those fail, working with the ISPs not to terminate acounts (examples of the MPAA's letters can be found at chillingeffect.org and you'll note they do not include language asking for account termination), but rather to remove the infringing material, IMHO, right.

I'm an author and a filmmaker, I've worked with the MPAA, I've seen my work pirated, I've heard studio heads freak out about the fact that their product is available on the Internet three weeks before theatrical release. (Anyone who hangs out in IRC knows this to happen.) I see that the problem is real. I also see the MPAA being very defensive, but most certainly not offensive (think strategy, not personal opinion ;) in their fight to stem this tide.

Don't get too worried (2)

selectspec (74651) | more than 11 years ago | (#4082221)

I wouldn't get too worried over MS actually following through with PD. The fact is that security is so often a trade off for functionality, and that MS has ususally errored on the side of functionality, not security. That's a tough habit to break. If they follow through with a "trusted" system, they are pretty much guaranteed to end up with a system that is not user friendly because it doesn't trust the user. I know this is a simplistic way of looking at the problem, but we've seen plenty of MS research that never left the ground and received plenty of hype.

aug162002 msnbc.com error 80070057 time10:00 amEST (0)

Anonymous Coward | more than 11 years ago | (#4082225)

upsclient.upsclient.1
error '80070057'
-
invalid ID number does not appear to be GUID or a
passport ID /ads/managers/batchads.inc line 304
-
-
-What the hell is this? The site keeps giving me
internal server errors 500

Out side USA (3, Insightful)

t_allardyce (48447) | more than 11 years ago | (#4082256)

What does the bill say about foriegn piracy? will the RIAA be attacking systems that are outside of the USA? If American soldiers came over to another country and killed/kidnapped someone there would be hell to pay (ignoring Afganistan lol). Like wise, if the SAS went to America and did the same, there would also be hell to pay.

"To me, it's another example of the insane lengths the entertainment companies are willing to go to preserve their business models. They're willing to destroy your privacy, have general-purpose computers declared illegal, and exercise special vigilante police powers that no one else has...just to make sure that no one watches "The Little Mermaid" without paying for it. They're trying to invent a new crime: interference with a business model."

Thats got to be the best way i've heard it put so-far.

stuff that i cant get at? (2, Insightful)

tx_mgm (82188) | more than 11 years ago | (#4082289)

There's nothing in Pd that prevents someone else (MPAA, Disney, Microsoft, your boss) from setting up a partition on your computer and putting stuff there that you can't get at

now what the hell is this gonna be for? data on MY hard drive that MY computer cannot access? sounds like storage or something to me (spyware?)...
will i see any money for this (i.e. "rent") for the hard drive space that i dont get to use now?
i dont care how much or little this will take up, but i am going to want that space
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...