Fog Creek Software
Discussion Board




Microsoft Palladium

http://www.msnbc.com/news/770511.asp?0bl=-0

Microsoft have revealed their plans for the next generaton 'trustworthy' PC.  Amoung other thing, it can only run certified binaries. 

The idea of certification has been discussed a fair bit lately, and it looks like Microsoft are going for it.

So, is this a new era of reliable computing, or has Microsoft gone bonkers?

Theres an interesting discussion of its affect on GPL here: http://www.theregister.co.uk/content/4/25891.html

Ged Byrne
Wednesday, June 26, 2002


If Microsoft can afford to give these things for free, sure, it's going to catch, Without mentioning that there is no such thing like "inviolable".

Leonardo Herrera
Wednesday, June 26, 2002

who the heck uses "Panacea" in article like this?

Matt H.
Wednesday, June 26, 2002

Microsoft proposes something and the Register does not  like it? I'm shocked ;-)

Seriously though, if (I'll repeat that - IF) you think that there is a right for a content producer to limit what you can do with a copy of the content that you (rent - lease - purchase - whatever), and you are faced with a world that has (a) the technology to effortlessly abuse your rights and (b) has demonstrated a total lack of voluntary compliance, what are you supposed to do? Creating a technology that allows you to distribute your content in a way that tries to eliminate (a) seems logical.
Is it sad that there is a need for this? Yes. Is there a need for this? Yes. Will you be forced into this system exclusively? No.

Seems like an excellent opportunity to me for the GPL crowd to start working on GPL'ed content. Stop whining and start grinding.

Just me (Sir to you)
Wednesday, June 26, 2002

Microsoft seems to be unable to win a straight-up technology fight, so they have to resort to changing the rules of the game.

Sounds like an admission of defeat to me.

Chris Woodard
Wednesday, June 26, 2002

"Just Me" says:

"Seriously though, if (I'll repeat that - IF) you think that there is a right for a content producer to limit what you can do with a copy of the content that you (rent - lease - purchase - whatever), and you are faced with a world that has (a) the technology to effortlessly abuse your rights and (b) has demonstrated a total lack of voluntary compliance, what are you supposed to do? Creating a technology that allows you to distribute your content in a way that tries to eliminate (a) seems logical."

and I have to reply that I'd change the form I distributed my content in.  I'd figure out a way to encode said content into an unplayable encrypted form with decoding instructions interspersed with the data at fractal intervals.  (The encoding would be done with the public key from a PKI pair.)  Then I'd build a hardware player with its own OS and built-in decoding VM that contains the private key in ROM, and assign the public/private keys through an online music service after suitable payment.  I'd have to throw enough goodies into the hardware player to make it attractive, or I'd build them and sell them at a loss to capture market share.

And I could do all that without the stupid draconian hysterical self-protection that Microsoft's executives have to resort to in order to hobble the better, cheaper, more nimble competition.

Chris Woodard
Wednesday, June 26, 2002

Using a secure machine as the trojan to deliver publisher controlled content is an interesting approach.

However, its a model that depends on ubiquity, which is the fault of all these panaceas.

When publishers finally realise that what consumers want is exactly the same rights over digitally delivered content as they have over every other distribution medium, probably for the same cost/same quality; then publishers will actually start to regain consumers trust.

Mind, the combination of Microsoft and secure in the same sentence strikes me generally as an oxymoron.

Simon Lucy
Wednesday, June 26, 2002

If Microsoft couldn't convince people to use Passport, how do they think they're going to get this to work?

Makes me wonder if all the buzz about "security is our top concern" was just lead-in for this unlovely proposal.

Matt Conrad
Wednesday, June 26, 2002

Great articles both of them.

My money is on Microsoft though....wait a sec, didn't I just pay a s***load of $$$ for the OS and Office.

Prakash S
Wednesday, June 26, 2002

This sentence puzzled me though: "So far, the United States doesn’t seem to have a problem, but less tolerant nations might insist on a “back door” that would allow it to wiretap and search people’s data."

I thought especially the US government is keen on wiretapping and searching? Isn't it just a few years ago that they released the ridiculous export restrictions on 128-bit encryption? I wouldn't exactly use the term "tolerant" for the US government.

Not to mention the Digital Copyright Act.

Frederik Slijkerman
Wednesday, June 26, 2002

“I firmly believe we will be shipping with bugs,” says Paul England.

I think this says it all. 

Joe AA.
Wednesday, June 26, 2002

Simon hit on the key flaw in this plan. You have to boil the ocean. Until big majorities have the chip in their PC, they cannot force everyone to put up with binaries that will not work without it.
If the binaries will work without the special hardware, you are not going to sell much special hardware.

What really bothers me is that when I see an announcement like this, I wonder what is the real motive. This new MS strategy is like a troll post. It begs to be flamed. What is the more subtle strategy they are trying to slip past us? And, when did I get so cynical?

Doug Withau
Wednesday, June 26, 2002

>Simon hit on the key flaw in this plan. You have to boil the ocean. Until big majorities have the chip in their PC, they cannot force everyone to put up with binaries that will not work without it.
>If the binaries will work without the special hardware, you are not going to sell much special hardware.

I ain't MS, but the following is what I guess that's gonna happen.

1. MS makes deals with AMD and Intel. Since this is a win-winsituation(for them) they'll agree.

2. AMD and Intel starts replacing "normal" chips with new "secured" chips gradually.

3. MS Windows X, launched in 2008, can run on both normal and new chips. (But on normal chips, some minor functions will be lacking. )

4. Sooner or later, the majority of users have the secured chip installed in their machines (with/without knowing exactly what's the heck is that). Chip manufacturers stop making normal chips completely.

5. MS Windows Y, launched in 2012, can only run on new chips. And it's pay-back time: chip manufacturers, MS will start charging whatever they want.

Voila.

Sam Wong
Wednesday, June 26, 2002

SAM: it will be as early as 2006.

Prakash S
Thursday, June 27, 2002

Well, if everyone complains about MS has no security then this would be logical response. It would be the HEIGHT of hypocrisy for people to complain about this!

It is interesting that this future vision is being taken by ms. However, it is very understandable. Computers have changed the world, and bringing digital rights management down the consumer level might just be what is needed.

How many of you people actually lock your door when you go out? I suppose if you don't have a door, and you don't believe in locks then the above vision does not make any sense.

Do any of you people actually lock the doors on your car? It certainly makes sense to me. In addition, distribution and protection of my software, or even my writings can be protected as much as I wish this way.

The music industry might think this is good for them, but they better think about this. If I do manage to get some digital music out of *their* DRM system into my DRM, then they might lose. (I could share music, and they would never know).

We have locks on cars, we probably need some on computers. 30 years ago, this was moot point. Now, something dearly is needed as computers become so intertwined into our lives.

I am actually surprised that much of the proposed security was not proposed by congress.

I know of several companies that have tried to setup and run their own web servers. In all cases it has been a disaster! This is due to the sites being constantly hacked, and messed with. This is sad, as I really did think that every single business today could, and would and *should* be running a nice little web server.

Software such as quicken etc could then pump customer data to the web site, and customer service would improve.  There is a zillion nice LITTLE things that a small web server could do for each and every business I know. How about a version of word that auto publishes material to web site for you with one click.

Right now, all of these small business have been forced to move their web sites to a ISP not because they wanted to, but for simple issues of security. What a mess.

I wish every business could simple run a nice little web site with great ease (well...they kind of can..if they use CityDesk!).

We need to be able to expose our computers to web with great ease..but security is stopping this.

Hum, could the last bastion of computer crackers be Linux and open source?

We need somthing.....

Albert D. Kallal
Edmonton, Alberta Canada
Kallal@msn.com

Albert D. Kallal
Thursday, June 27, 2002

Albert,

By 'share music' you mean 'steal music', right?

I've Heard of That
Thursday, June 27, 2002

One thought.  MSFT is often afraid of Linux, other companies, random teenagers, etc.  How would Microsoft react if confronted with another Microsoft?

I think they would be FUCKING SCARED and untrusting.  They'd want to kill it.  And maybe that strategy is worth considering. ;-)

Sammy
Thursday, June 27, 2002

------------------------------------------------------------------
By 'share music' you mean 'steal music', right?
------------------------------------------- I've Heard of That

Take a look at MP3.com.  A personal favourite of mine is Higgins:

http://click.mp3.com/c/f_990/u_artists.mp3s.com/artists/19/higgins.html

All very legal.

Ged Byrne
Thursday, June 27, 2002

This FAQ page has some interesting info on the implications of Palladium:

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

X. J. Scott
Thursday, June 27, 2002

Albert wrote: “I am actually surprised that much of the proposed security was not proposed by congress.” Legislating technology does not work. The result is far behind the state of the art or ridiculous. California still does not have zero emission cars, even though they passed a law. Legislating chips into every PC and consumer device will give one company or group the power to control content. That is a bad thing.
Consumers can buy software that works better and is more secure. Let Darwinism in the market place solve this problem. This is just Microsoft’s attempt to grab that market. Personally, I think it will fail. The idea that the government should pass a law forcing this plan to succeed is wrong, wrong, wrong.
Yes, I do lock my doors. I also have the ability to leave them unlocked, make new keys and give keys to my friends and family. Do you see the difference? I like it much more when I am in control than having Microsoft, the US government or anyone else in control of my personal property. Yes, I am that radical to consider the PC and software I paid Yankee dollars for to be my personal property.
You can setup and run your own web server. If you can read this discussion group and follow the ideas, you can learn to setup a small, secure web server.

Doug Withau
Thursday, June 27, 2002

At the end of each year, Cringely is pretty honest about which of his predictions came to fruition and which ones fell flat.  I think in a couple of years, he'll be telling us I told you so again re his take on the Palladium ...

http://www.pbs.org/cringely/pulpit/pulpit20020627.html

Nick Hebb
Friday, June 28, 2002

From that article:

"First, make the old [Internet] unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. "

Is there any data to back this up? I have not seen more problems with the Microsoft stack than any of the others. Micrsoft has not been less or more sluggish than any other vendor/organisation to correct for problems once they surfaced.

I know I should know better than to participate in any tread on any forum that references Microsoft, since for a certain very vocal crowd it seems like the moment the MS word is mentioned it is OK to trow all rationality out the window, but on certain days, I just can't help myself.

Just me (Sir to you)
Friday, June 28, 2002

Sir, he's referring to the old Steve Gibson critique.

http://www.pbs.org/cringely/pulpit/pulpit20010802.html
http://www.pbs.org/cringely/pulpit/pulpit20010816.html

http://grc.com/dos/xpsummary.htm
http://grcsucks.com/grcdos.htm

The magic of a bookmarking system.

Sammy
Friday, June 28, 2002

Sammy,

Indeed I think you are right, it must be the old Gibson stuff. For a moment I thought there was a reference to real bugs or quality issues in the MS TCP/IP stack. In stand corrected.

http://online.securityfocus.com/columnists/14

http://online.securityfocus.com/columnists/7

Just me (Sir to you)
Friday, June 28, 2002

Nothing really interesting in this post... This Palladium talk sounds an awful lot like an evolutionary step on the protection scheme they built into the XBox. The XBox has a pretty strong mechanism for content protection, however... like all protection mechanisms it's been broken, and the procedure published. It was pretty complex IIRC. This makes Microsoft quite predictable, they test-drive their technologies in other markets (quite logically).

Beka Pantone
Friday, June 28, 2002

Doug wrote:
    Albert wrote: “I am actually surprised that much of the proposed security was not proposed by congress.” Legislating technology does not work.

In fact, I did not hint, or intend to hint that the government should, or should not legislate this. I was only stating that I was SURPRISED that some legislation has not been proposed.  (not that they *should* do this...). We have too much legislation as it is!

The analogy of the locked car is not bad. However, I would venture to say that if cars DID NOT have a ignition key...then congress probably would force the auto makers to do this (too many kids would be taking cars from the local mall, and going for a ride). In fact, there was some talk of forcing manufactures to use digital keys on new cars (GM does this for the “high” theft cars now anyway...so do many others).

In addition, the government did legislate that you must have insurance to drive a car. Just like the un-secure web site. I certainly could hope that people learn how to drive a car (and thus we would not need car insurance). I could also certainly hope that setting up a secure web server would be as easy as installing word. However, it is not case. The fact that some one CAN LEARN how to setup a secure web server is exactly my point. If a web server was VERY SECURE from the start, then those tons of small business I talked about would (and could!) still now be running web servers. It is extremely difficult to setup a secure web server if you don’t know all the ins and outs. I am simply saying that a huge business opportunity was missed by Microsoft in that IIS is easy to setup, but not easy to secure. MS should have locked down IIS from the start.

Have you even seen the defaults that load on win2000 server edition? I mean NNP (newsgroup server installs, and runs by default?....gee how many people are running a news server?). Again, my point here is that a very natural and secure computing environment has MANY benefits.

It is not just a web server we are talking about here! I should be able to expose MY COMPUTER to the web, and not even have to worry any problems. My public folders should contain articles, and even stuff like my resume for all to see and grab. Anything I want to expose to the web, or the net...I should simply be able to do this by sharing a few folders.

I can’t do this right now due to the existing security model that computers have. Would you feel ok about having your personal computer exposed to the web (files...and all?). Heck, I would not even run a web server on my personal pc for this very reason. This is not just windows problem here. In general most computer people would be uncomfortable exposing their computer to the web. As mentioned, the list of benefits here is huge. All kinds of software could be exposed from computer to computer. My example of invoicing via quicken could even be extended to have inter-act funds transfer. This list if things I would like to do is real long...but not even close to attempting right now due to security concerns.

We are missing out a huge bunch of benefits that we could reap from secure computers.


Albert D. Kallal
Edmonton, Alberta Canada
Kallal@msn.com

Albert D. Kallal
Friday, June 28, 2002

It was part of the first US Gov attempt to allow them to be able to decrypt all data to incorporate it in every single machine.  That got killed simply because no one accepted the premise and there are too many fax machines already out there.

This will be similar.  If both Intel and AMD only produce 'secured' processors all that will happen is that some other IC manufacturer will generate non-'secured' processors.  There may be a slight hiatus in processor development but it would only be slight and temporary.

Fairly soon afterwards both Intel and AMD would revert to non locked in architectures.

Simon Lucy
Saturday, June 29, 2002

Actually I think the bigger problem here is sorting out how to upgrade from a broken "palladium" computer to the working new one you've just bought. Right now you can restore a backup and away you go, I just don't quite see how they work their way around this (Without revealing some of the keys involved somewhere, which leaves a potential hole).
Backup is a critical issue for business use, and god only knows what organisations like the EU will think.

Peter Ibbotson
Monday, July 01, 2002

Albert wrote:  "...I should simply be able to do this by sharing a few folders.
I can’t do this right now due to the existing security model that computers have. "

....ahhh the fresh ignorance of someone dependent on MS products.

You cannot do this now with computers running Microsoft Windows.  I have numerous files available online.  It's called OpenBSD and secure communications.  I have only 1 port open to incoming traffic it only accepts secure connections.  Problem solved..unless you run Windows, of course. 

You also assume Microsoft (the primary developer) will actually make a secure system.  They have yet to product anything that even remotely secure.  *Remote* exploits are exposed on a nearly weekly basis for MS machines (e.g. IE, WMP, etc...which are "required" to run the OS).  Pathetic.

Steve Jobs
Thursday, July 11, 2002

*  Recent Topics

*  Fog Creek Home