Palladium Discussion

This is now considered to be archived material as MicrosoftPalladium is dead. Please continue in MicrosoftSecurity for further information sharing in future. -- MicrosoftSlave

(in reference to MicrosoftPalladium)


Is MicrosoftPalladium more a push toward TrustworthyComputing, as Microsoft marketing would like us to believe, or is it really a foundation for DigitalRightsManagement, being pushed by the audio and video industries?

There seems to be some confusion toward the two. Obviously, you need to identify the particular owner of a specific computer in order to charge them for listening to an MP3 file. So by TrustworthyComputing Microsoft means that they claim that they can identify who is using the computing resource.

I think that this simple fact alone may prove considerably more difficult than advertised.


Not so; remember intel started the unique cpu-id with P-III; and Windows XP identifies each computer with the serial numbers of the hard drives, ethernet cards, and almost everything else that reports a serial number when probed by software; and each physical cd of XP has it's own unique ID, than when combined with the hardware IDs result in a unique identifier for a single installation. You have to report this unique id to a M$ database, and they issue the key for you to continue using XP. If you change too many of these items at one time, XP will balk and request that you re contact MS to re-authorize your computer. There are a maximum of 11 authorizations, so trying to register it for the twelfth time will simply result in not getting a key. (or 8 authorizations, depending on which M$ tech rep you talk to.) There is a bill in the US senate right now (hopefully it will not pass) called " Consumer Broadband and Digital Television Promotion Act (S.2048)" (CDBTPA) (successor to Security Systems Standards and Certification Act, or SSSCA) that states:

Creating: Anyone selling - or creating and distributing - "digital media devices" may not do so unless they include government-approved security standards. Digital media devices are defined as any hardware or software that can reproduce or display copyrighted works. [Section 5(a)(1)]

Importing: It would be unlawful to import software or hardware without government-approved security standards. It's not clear whether this section bans an individual downloading a copy of a program from a non-U.S. website. [Section 5(a)(1)]

The technical groundwork is already in place; all that's left is for it to become legally enforced.

[BelTorak] -t.''


Palladium is Microsoft's solution to today's terrible problems with the security of our computers (due to hackers, viruses, worms, etc) is not the only possible solution. Another solution is CapabilityComputing (see also CapabilitySystem & CapabilitySecurityModel).

Simplistically, Palladium is to CapabilityComputing, as a Dictator is to a Democracy. i.e. Palladium essentially relies on one central trusted certifying authority (Microsoft), and gives the user little control, whereas CapabilityComputing gives all the control to the user.

With a properly implemented CapabilityComputing, viruses & worms are simply not possible (because the user would have to given them permission to do their evil deed), while hackers would face a nearly impossible task (since their are no global permissions, they canNOT hack a small buggy subsystem and obtain "root access" - the best they can do is control that tiny subsystem).

Whether Microsoft manages to convince the world that Palladium is the best (or only) solution, or someone else manages to produce a better alternative based on CapabilityComputing, is something only time will tell. We REALLY need a Linux-like solution for CapabilityComputing, but unfortunately all the existing capability OSes haven't grown beyond their academic (university) beginnings. :-(

Ironically, the very thing Microsoft will use to protect users from viruses (i.e. DRM) is unlikely to stop virus writers for long. We know from many years of experience how buggy & flawed Microsoft software is, so it won't be long before their DRM technology is cracked - highly illegal of course (due to the Digital Millennium Copyright Act) but when has that stopped hackers?

But should Linux (or SymbianOs, etc) people want to read Microsoft Word/etc documents (which will use DRM sooner or later), they will have to break the law (e.g. DMCA) to overcome the the DRM, and you can be sure Microsoft will prosecute. So in the end Palladium won't be much safer than todays Windows systems, but it will allow them to use their monopoly to get rid of any competitors (like Linux), while simultaneously limiting users to stuff that is officially sanctioned by Microsoft (want to convert your music CD to MP3s, so you can listen to it on your MP3 player? Tough! Microsoft won't allow you to do that, or other similar reasonable things. Even copying & pasting from a Word document or PDF file will likely be disabled by most companies, as standard policy - reducing the utility of computers even more). -- ChrisHandley


As a species, why do we do this sort of stuff to ourselves?!

Inherently stupid?


No! Convenience, Greed, Accommodation and amorality allow confiscation of property and rights. If people would not deceive, steal and destroy, such devices would not be thought essential. It is the automation of a MachineBasedCorporateMorality?. It is an extension of the idea that Machines, Governments, and Corporations can be trusted, mankind cannot. This is a natural evolution which occurs in a society which has denied personal integrity, honesty. truthfulness and responsibility. So why not JustSayNo? or apply Yagni? Isn't that a possible response? Remember the phrase "What if they called for a war, and nobody showed up." I think it applicable here. We are 80 percent of the economy and can call our own shots. Why should we lose by voluntarily submitting to a thinktank device. We have everything to lose by their chains. (a twist of the common You have nothing to lose but your chains) Freedom is too dear to be administered by machine.



Nicely put... ties in with some of the stuff I've been reading recently. What if institutions (economic and so forth) were run democratically, by the people for the people? Consider alternatives for a few moments. Hierarchies, where they are necessary, would be instituted along democratic principles (e.g. you vote for your manager, who then holds the position for a limited period of time). Everyone would have the opportunity to influence the ideas in play, and would have a say as to which ones are pursued. Democracy.

Globally, as things stand, there are a powerful few who control the lives (and indeed the deaths) of the less powerful/weak many, and who work to maintain their dominant position. The less powerful/weak many are too busy either fighting to stay alive (consider the 10 million currently facing starvation in Southern Africa), or struggling to crawl up the power ladder (white collar employees in the Western World), to challenge the way things work.

But maybe I'm getting a little off-topic...

(Remember, if you live in a democracy, you have at least some scope to change things for the better. The world needn't be like this.)

Although, bear in mind that the more democratic any institution is, the more time and effort people spend on just getting elected at the expense of time and effort spent on productivity. This is a key flaw of democracy. -- AndyPierce

Hmmm. Was it not the theme of an old 60's Star Trek Episode that Nazism, brutal though it is, is a highly efficient way of running things? I'll take democracy where I can get it, and hang efficiency considerations. :)

Just as a follow up, when weighing this stuff up, why should efficiency take priority over the health/happiness/fulfillment/survival of the citizens of a society? (Not that the current Western system has been proved to be the most efficient, it's only the most efficient of the systems tried thus far; not everything has been tried, and furthermore we seem to be gobbling up the planet's resources like there's no tomorrow. Sooner or later, this is going to bite us (or more likely, our offspring).

There is much drive in the modern Western world, to the exclusion of much else. Work longer, harder, more efficiently. Do it because your manager tells you to do it. The market demands it. It's in the interests of the economy. It's in the interests of consumers. Unfortunately, most consumers are also subject to the downsides of the system, when they/their families have to go to work. Who really benefits? The wealthy, powerful few at the top of the heap, getting wealthier on the labours of those further down. And we really don't want to think about the conditions for people at the bottom of the heap.

OK, I'm really off-topic now, I'll stop here. Perhaps this stuff should be removed, or moved to another page/wiki? (Got on my soapbox there...)


I'd just like to point out that the supposed inefficiency of a democracy is not true; all of the effort put into getting elected/etc is WORTH WHILE, because it ensures that some madman (such as Hitler) cannot get into power (at least not much power, and not for long).


I have put up a web page of links; I might add a discussion board at some point; but the real question is what the heck are we going to do about it? We can't just boycott tcpa compliant products / companies or ignore it or comply (with good conscience and/or a modest pocketbook); the sheer weight of numbers will crush us... thoughts? ideas?

http://www.angelfire.com/realm/beltorak/ttcpad

[BelTorak]


For a slightly broader perspective on the potential de-democratizing effects of MicrosoftPalladium, see the following article:

http://www.weeklywire.com/ww/02-21-00/alibi_feat.html

It's a set of comments by NoamChomsky on a number of issues. He touches on the importance of public access to the media, and the powerful effects it can have (in terms of democracy), as well as the negative effects which can result from private control of such resources. One of the things he mentions is the possibility of the web slipping into private control.

This is far from inevitable, though we must work to avoid it.


The future described in "The Right to Read" (RichardStallman, TheRightToRead?) does not seem to be unreal anymore: http://www.gnu.org/philosophy/right-to-read.html


There's a follow up of that story on the anti-dmca website that describes some of the important pieces of legislation are already in place in the States (under the DMCA). http://www.anti-dmca.org/DRM-OS.html -t.


CategoryMicrosoft


EditText of this page (last edited November 9, 2014) or FindPage with title or text search