Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Questions for a Lecture on Microsoft's Palladium? 612

An anonymous reader asks: "Microsoft is going to be giving a lecture on Palladium for my Computer and Network Security class at MIT this Thursday. We're told that it's going to be the most technically detailed lecture publically given to date, and that we should be armed with questions as a result. Any suggestions from the Slashdot crowd? What technical details have you been dying to know about Palladium?" It would be interesting to hear back from someone who is planning on attending this. For those who wish they were, but can't for one reason or another, what would you have asked by proxy?
This discussion has been archived. No new comments can be posted.

Questions for a Lecture on Microsoft's Palladium?

Comments Filter:
  • by Anonymous Coward on Tuesday October 15, 2002 @08:53PM (#4458081)
    No matter what your first question is, if it's from Slashdot, your second question will be:

    Why won't you answer my first question?
    • by abe ferlman ( 205607 ) <> on Tuesday October 15, 2002 @09:12PM (#4458222) Homepage Journal
      Once Palladium has gained market acceptance, will the borg-gear be a requirement, or more of a 'perk' for loyal customers and trusted partners?

    • by Alsee ( 515537 ) on Wednesday October 16, 2002 @03:01AM (#4459852) Homepage
      Won't Palladium delay the release of critical security patches, leaving computers vulerable to attack?

      This question should probably be saved until some of the groundwork for it has been already been covered. Here's the basis for it...

      Palladium programs and any Palladium data can only be used on a trusted nub ("nub" basicly means kernal). Any changes to the nub are going to have to be submitted for approval as a new trusted nub. How long will this approval process take?

      I think they plan an "independant" body to certify/sign a nub as trusted. If so point out this will massively delay the release of their security fixes.

      If Microsoft plans to do their own certification that their nub is trustworthy then point out that they are leveraging their 90+% marketshare to create a monopoly on trusted nubs and all commercial use of Palladium.

  • by Trusty Penfold ( 615679 ) <> on Tuesday October 15, 2002 @08:54PM (#4458090) Journal

    Why did you choose to build your new processor out of Palladium.

    Silicon, with aluminium or copper, is the more traditional choice.
  • by Anonymous Coward on Tuesday October 15, 2002 @08:55PM (#4458094)
    ...that you'll adopt Palladium if Steve runs and jumps around like an idiot for an hour. Then after he's done, tell them you were just kidding. He could use the exercise.
  • by Anonymous Coward on Tuesday October 15, 2002 @08:55PM (#4458097)
    More of a basic business question, but didn't anyone learn from Intel's ill-fated processor serial number "feature" in the Pentium III, or the Div-X movie fiasco? Why would consumers want this at all, and why will they choose it over other alternatives?
    • by Anonymous Coward
      And why does it have to be consumer, not customer?
    • "More of a basic business question, but didn't anyone learn from Intel's ill-fated processor serial number "feature" in the Pentium III, or the Div-X movie fiasco? Why would consumers want this at all, and why will they choose it over other alternatives?"

      Or conversely, "Why does Microsoft believe that Palladium will earn a positive cash flow for the company, satisfy return on investment, etc, in the long run?

      Essentially, "what's in it for YOU?" This could reveal some interesting information about their long term strategy and core motives.

    • by gidds ( 56397 )
      Why would consumers want this at all...?


      IMO it's a similar situation to DVD region coding. Consumers never wanted it, but the big studios wouldn't put stuff on DVD unless it was protected, so the electronics companies had to agree to it, and if we wanted to use DVD we had to as well. Which many did. If M$ can make a must-have Palladium app (probably business- rather than consumer-targetted), then you'd be surprised how many go for it.

      Of course, the DVD protection was broken: player makers turned a blind eye to region mods, or even quietly introduced them themselves; and similar hacks became available for many DVD-RAM drives. Nevertheless, region coding still exerts a good deal of control over the DVD markets, and causes many consumers great inconvenience. And the same will happen with Palladium: if it becomes widespread and desirable, then someone is bound to crack it. But that won't stop it from causing untold pain and misery.

    • by SiliconEntity ( 448450 ) on Tuesday October 15, 2002 @10:59PM (#4458849)
      More of a basic business question, but didn't anyone learn from Intel's ill-fated processor serial number "feature" in the Pentium III, or the Div-X movie fiasco? Why would consumers want this at all, and why will they choose it over other alternatives?

      The answer is obvious. Once Palladium is in widespread use, (legitimate) content will only be made available to systems that use Palladium to enforce DRM. So a consumer will want to buy a Palladium box because that is the only way that he can download the latest PPV movies, super-CD-quality audio, and other 21st century content that we haven't even thought of yet.

      Microsoft benefits by providing a technology which will make the content companies feel comfortable in releasing their data in digital form. This will make PCs more valuable and sell more of them, which means more copies sold of Windows and more money in Microsoft's pocket.
      • by Simon ( 815 ) <> on Wednesday October 16, 2002 @03:39AM (#4460011) Homepage
        You've only got half of the answer covered. What's really in it for MS is locking Free Software operating systems out of digital media. Quickly:

        * Only DRM/"Trusted" systems will be able to play content from the Music industry or Hollywood.

        * For an operating system to be trusted it needs to be vetted and signed for use with DRM. i.e. it needs to be a "known quantity".

        * An OS where the user can modify it at will is not a "known quantity" or signed, and even if it was, as soon as you recompile it you would break the signature. Basically, an OS where you are allowed to modify it, can not be trusted. (Allowing modifications being a large part of the "Freedom" involved in Free Software. You can't have it both ways).

        The result being a world where only non-Free operating systems can play the entertainment industry's content, by design.

        If you thought playing Windows Media files on Linux was tough now, wait until Palladium.


    • Intel Serial number (Score:4, Interesting)

      by jmorris42 ( 1458 ) <`gro.uaeb' `ta' `sirromj'> on Wednesday October 16, 2002 @12:06AM (#4459221)
      Except of course it wasn't ill fated at all. When the public outcry came along, the allowed the BIOS makers to put in an option to supress it. And they all did. For a time.

      Got some Thinkpads a few months ago and guess what? The option is GONE. They win, we lose.

      Expect the same tactics again. In the beginning it will be optional but it won't stay that way long.
  • by The Importance of ( 529734 ) on Tuesday October 15, 2002 @08:56PM (#4458098) Homepage
    Read this [] for some good info.
  • by andfarm ( 534655 ) on Tuesday October 15, 2002 @08:56PM (#4458105) a general member of the computer-using public.

    The biggest question in my mind on Palladium is how it's supposed to help users. Why we're supposed to use it, instead of just keeping on using our old Palladium-free computers.

    • Devil's Advocate (Score:5, Insightful)

      by gvonk ( 107719 ) <[slashdot] [at] []> on Tuesday October 15, 2002 @09:57PM (#4458493) Homepage
      /ONLY playing devil's advocate; DON'T get on my case as this is not how I really feel/

      Their answer will be:
      "Providing adequate protection for digital content helps ensure that the quality of that content is protected, and maintaining the rights of the content producer will help maintain the quality of their work, which helps us all."

      Again, I don't agree with this nor do I think it is a compelling reason, but if I were a Microsoft Market-bot-3000, that would be my standard output.
    • by Jerf ( 17166 ) on Tuesday October 15, 2002 @10:09PM (#4458580) Journal
      No! Do not ask them "How is it supposed to help users?" They are so ready for that question. All you will get back is the approved marketing spiel about increased access to movies, better data security, and increased safety from viruses, just a laundry list of handwavy features with no grounding or evidence. You'll grant them a platform to spout the lines they want to spout... well, frankly, there's no way to avoid that, they are the professionals after all... and you'll probably have lost the opportunity to ask another question.

      In fact, stay away from the obvious questions in general. Answers will have been prepared and you will waste your time.

      If you want to make them squirm, you need to come up with some direct and highly pointed questions that will be very difficult to avoid answering directly without making it very obvious they are so avoiding it. (You can't prevent avoidance, but you can try to make it obvious that that is what they are doing.)

      If I could ask a question, I'd try something like the following:
      • What kind of data recovery plans will exist if I buy $1000 dollars worth of digital music that is tied to my processor, only to have my processor get fried in a power surge? Will there be any way to recover my investment, or is it lost? If so, what's to prevent hackers from using that recovery mechanism? If not, how can this be a benefit to customers?
      The meta-point: Perfect protection implies no recoverability. Recoverability implies imperfect protection. You can not have it both ways.

      It's pointed, and it will be very difficult to avoid giving an answer, or making it obvious there isn't one. Either there is a recovery procedure, or the customer is SOL... it's pretty binary. If there is a recovery procedure, hackers might exploit it. (Or do we have to dial home to Master Microsoft first?) If there is no recovery procedure, then how can they honestly claim this is a benefit to the customer?

      Me, I'd lay money on a handwaving answer... but it should be obvious, if you do it right.
      • by PaddyM ( 45763 ) on Tuesday October 15, 2002 @10:18PM (#4458638) Homepage
        Am I, as the owner of the computer, going to have final say in what can and what can't run on my computer? Or am I going to have to get permission from some sort of "slavemaster" to be allowed to run some programs on my computer?
        • Am I, as the owner of the computer, going to have final say in what can and what can't run on my computer?

          How about: I'm a freelance developer, and I use Cygwin to do most of my development. I have invested over ten years in learning these tools, and as a result, I am incredibly efficient with them. For those of you who don't know, Cygwin is an OpenSource extension to Windows that runs common UNIX programs like Emacs & GCC. Will I be able to run Cygwin in a Palladium environment, or will I be forced to run only Microsoft-approved development tools with corresponding EULAs?
      • by SiliconEntity ( 448450 ) on Tuesday October 15, 2002 @11:09PM (#4458917)
        What kind of data recovery plans will exist if I buy $1000 dollars worth of digital music that is tied to my processor, only to have my processor get fried in a power surge? Will there be any way to recover my investment, or is it lost? If so, what's to prevent hackers from using that recovery mechanism? If not, how can this be a benefit to customers?

        Microsoft hasn't said how this would work, and it is certainly a good question. But I don't agree with your implication that it is somehow an unsolvable problem or indicates that Palladium must be weak.

        The related TCPA scheme did have a proposal for how to deal with this. The idea is that your crypto chip has a key in it that encrypts all this data. You can get it to export this key in a "blob" that can only be decrypted by the manufacturer. (Actually the key is exported in two parts, one in the clear and one in the blob, that have to be XOR'd together to recover the real key.)

        If your crypto chip dies, you buy a new computer or motherboard with a new chip. You send the backed-up blob and the new chip identifier to the manufacturer, who decrypts the blob data and re-encrypts it for the new chip, and sends it back to you. You then enter this into the new chip, along with the other half of the key, and presto, your new chip is initialized with the same key that was in the old one. So your new computer can read the data that was locked to the old computer.

        This is all done in such a way that neither you nor the manufacturer ever sees the crypto key, so the data is still protected.

        Now, this is pretty cumbersome, and maybe Microsoft will come out with something better. If this is really going to be a detailed technical presentation, this would be an excellent question to ask. Just don't assume they can't answer it!
        • Maybe a Computer Science major with an interest in cryptography would find this simple, but just try explaining that to my Mom when she can no longer read her email because the computer crashed, and she has to wait a month for the chip manufacturer to burn her a new chip.

          The process you describe would require that every PC owner (we're talking hundreds of millions and soon billions) diligently backs up their key and keeps it safe. How can you expect this when most people can't find their car keys? How can you expect my Mom to understand that when she can barely understand how the damned computer works at all?

          Humans (and especially us Americans) most often take the path of least resistance. This Palladium crap is definitly not that.
        • Wouldn't this imply that if the hardware vender died and sold off all of its IP (to help pay off those debts) that if your hardware died, your data would in-effect be gone forever, or you would have to illegally violate DMCA to get to it?
        • by Jerf ( 17166 ) on Wednesday October 16, 2002 @12:47AM (#4459441) Journal
          I agree with you, but I also agree with the other responders to your post, that this is incredibly cumbersome and puts a lot of responsibility on the consumer to back up a key, and we all know how likely that is.

          The real point to hammer home is "How is this helpful to the consumer to make them jump through all these hoops to do something that used to be as easy as burning backups to a CD-R?"

          (BTW, to the story poster, if you REALLY want to nail the question down, you need this back-and-forth between people to really refine it. SiliconEntity's post is exactly what you need.)
        • This all assumes that the chipmaker stays in business forever, that your blob cannot become corrupted, and that the next generation chip will use the same blob format. Even if your idea works perfectly in a perfect world, how do you protect against these other drawbacks, especially if you have no CHOICE in how you store your data??

  • by Anonymous Coward on Tuesday October 15, 2002 @08:56PM (#4458107)
    We don't need palladium for viruses...this just seems like a system for pervasive DRM. Why do we need this?
    And how does "trust" have anything to do with Palladium. Palladium is a system of control, not of trust.
  • by Longinus ( 601448 ) on Tuesday October 15, 2002 @08:58PM (#4458117) Homepage
    Are there any plans to have this webcasted via audio or video, or at the vary least transcripted for our analytical pleasure?

    MIT's page [] makes no mention of any intention to do this, and seeing how it will apparently be the "most technically detailed lecture publically given to date," I think that the public would benefit greatly from such a service.
  • by Drunken Coward ( 574991 ) on Tuesday October 15, 2002 @08:58PM (#4458120)
    Maybe it isn't as technical as you want the questions to be, but I'm interested in the answer:

    Can open source software and Palladium coexist?
    • by aronc ( 258501 ) on Tuesday October 15, 2002 @09:08PM (#4458197)
      Can open source software and Palladium coexist?

      Go even more general than this, so you don't even have to bring up competition:

      How can user written software run on a 'trusted' system?
      • by GigsVT ( 208848 ) on Tuesday October 15, 2002 @09:13PM (#4458236) Journal

        Can a system of DRM be devloped that does not rely on security through obscurity at any level, or a crippling of general purpose computers?
        • by danheskett ( 178529 ) <danheskett&gmail,com> on Tuesday October 15, 2002 @09:49PM (#4458436)
          Okay, lets settle this once and for all gigs.

          The answer is of course yes. YES.

          Its simple. Three parties. You, the media provider, middleman.

          You arrange for content from media a provider. They issue a license which is held in escrow by the middleman, who is paid *directly* by the consumer (you). The media provider issues you custom encrypted media file, with the only key going to the middleman *anonymously*. Your software starts and downloads, sends your file hash/details to the middleman, and the appropriate key is downloaded. As long as no one else simulatenously has the key, it is issued anonymously. You listen to the music. When you want to "move" that media file to another machine, or sell it, or give it away, or whatnot the key is removed from your machine and checked back into the middleman. It can then be rechecked back out. The middleman never has to know the owner's identity, which machine its on, or any of that. It simply holds a small file with a key in it. When the key is checked out the file is destroyed.

          The real weakness on this system is the client. If the client has a "hole" in it - something that lets the raw unencrypted data out to another portion of the system - the system is bust. That's where Palladium system comes in. Software that is on the middleman's approved list - with the binaries being approved ahead of time - would reside in a Palladium like secure-system portion of the system after loading. Encrypted communications (SSL) would download the key into a sealed storage area of the system. The security chip would be responsible for protecting the output path (as Palladim supposedly will), the audio path (as secure audio path supposedly already does).

          The whole thing is open, using established encryption techniques. It is anonymous. It is backed by hardware protection of the unencrypted data. And it has no effect whatsoever on normal functions of the PC. Furthermore, OSS systems could be fully friendly towards it, with absolute no compromise of any principles of the FSF or OSS. The player software is entirely open, as is the communications protocols. The only caveat is that the software development cycle on this software will be much slower thanks to the code review needed by the middleman. This is to be expected, but it is somewhat necessary. Additionally you'd have to carefully compile it on OSS systems to ensure that the key binaries are an exact match to the middlemans approved list.
      • by SiliconEntity ( 448450 ) on Tuesday October 15, 2002 @09:50PM (#4458441)
        How can user written software run on a 'trusted' system?

        It's obvious, if you're familiar with the Palladium information that has been released. All software, whoever writes it, will be able to make use of Palladium features via a new API.

        What are the Palladium features? Your software will be able to create a "virtual vault" that other software can't see into (an encrypted disk file locked to a hash of your software). You can have a "trusted agent" that runs in a secure memory area which is immune to being inspected or changed using debuggers, virtualizers, etc. You can get the OS to securely report a hash of your software to third parties, cryptographically signed by a key which is locked in the Palladium hardware.

        The sense in which these features entitle your software to be called "trusted" is beyond the scope of this reply.

        I strongly suggest that the OP read the Palladium docs that are available to familiarize himself with the system before he goes to this lecture.
      • by McCart42 ( 207315 ) on Tuesday October 15, 2002 @10:16PM (#4458621) Homepage
        How can user written software run on a 'trusted' system?
        From the Microsoft Palladium FAQ: When running, "Palladium" provides a parallel execution environment to the "traditional" Windows kernel- and user-mode stacks; "Palladium" runs alongside the OS, not underneath it.
        I think what they're trying to say is that you'll be able to run non-licensed software, however you'll receive a nasty warning similar to the warning in XP if you try to install non-WinXP certified drivers. So I see Palladium being like the Intel processor serial numbers, except you'll NEED to enable it for certain software. And of course it'll be cracked 2 days before release.
    • by Erpo ( 237853 ) on Tuesday October 15, 2002 @11:11PM (#4458938)
      There is no reason you couldn't write an open source browser or office suite and have it run on a palladium system. The reason why there have been murmurs of a possible palladium/OSS conflict only apply to a certain type of program, specifically that which uses palladium/tcpa's "security" features.

      Picture an open source media player. As it stands, xmms could be run on a palladium system and the oss model would work fine. It would play oggs ripped from your own personal cd collection and any company that takes the source, modifies it, and distributes a binary would have to release the source back to the community. No problem.

      Now let's say a company takes the xmms source, adds support for drm-infested media, and releases a binary that's been digitally signed by MS, meaning that MS has examined the source and seen that it will not ever expose unencrypted, drm'd data to user access. It still plays oggs (they haven't removed that feature yet), but here's what happens when you try to connect to Disney's server to upload your credit card data and download Mickey Mouse 2010 (subtitile: Yes, we still have the copyright):

      1. Disney queries your machine for it's unique ID (yes, all PCs must have them for the system to work).
      2. Upon verification that the unique ID is a valid one from the central unique ID database, it asks your system for a signed, timestamped, digitally signed (by the TPM [trusted platform module) message saying that your system is running a drm-compliant OS.
      3. If it gets an affirmative answer back, it queries the OS as to whether the app is digitally signed by MS. I'm not familiar with the system that will be used in this case, but I think identd would be an accurate model (i.e. "Is the app connecting from port xxxx on your machine to port yyyy on my machine digitally signed?").
      4. If it gets an affirmative answer back, the server will then send content encrypted with the platform's public key (not the "unique ID" key, that one is a single purpose sign-only).
      5. xmms, upon receipt of the data, plays it back according to the drm rules.

      Now, imagine you want to modify the new xmms sources (that include drm support) to play a new audio format or to add a media manager function (or whatever). You still have free access to the sources, but once you modify and compile them, you get an unsigned binary out of your compiler. It still plays oggs, but when you try to buy a movie from Disney, the OS responds (in step 4 above) with a negative answer.

      "No, the binary making that connection is NOT signed."

      The result is that Disney will not send data to that app. I'll get the obvious question answered right now:

      Q: What if you modify your OS to respond to all step 3-4 "is xyz app signed?" questions with a "yes" answer? Couldn't you break the system that way?
      A: No. The authentication process would fail on step #2 above because your recompiled kernel wouldn't be signed so the TPM on your motherboard would refuse to vouch for it.

      What does this mean for OSS? Well, not much. Open-source, non-pd/tcpa software won't be affected at all. OSS that does "handle" secure content as one of its main functions would be affected - you wouldn't be able to fork it unless you wanted to pay MS for a digital signature on every release to you want the pd/tcpa portions to keep working. In a nutshell, only the portions of OSS that normally depend on pd/tcpa would be nonfunctional.

      So why is palladium/tcpa still a big problem? Well, a couple of reasons, but first, more Q&A.

      Q: What if I were to physically crack open my trusted platform module and extract its private encryption and sign-only authentication keys.
      A: You would have broken palladium/tcpa security.

      Q: What if I were to replace my core root of trust for measurement (CRTM, aka my BIOS) with one that always reports the system is booting in a "secure state" to the TPM?
      A: You would have broken palladium/tcpa security.

      Q: What if I find a buffer overflow or other bug in a signed application (e.g. windows media player) that allows me to execute arbitrary code as that process?
      A: You would have broken palladium/tcpa security.

      Q: What if I find a buffer overflow or other bug in the OS or a signed driver that allows me to execute arbitrary code as the OS kernel?
      A: You would have broken palladium/tcpa security.

      I don't mean to make it sound easy - tcpa is designed to place these activities beyond the means of the average script kiddie. However, they are all very real valid security problems that palladium/tcpa _will never be able to solve_, specifically because of the nature of cryptography, mass-produced hardware, and information itself. I guess you could say that information really does "want to be free".

      (Note to grammar nazis: Yes. I'm aware I put the period outside the quotation marks. I did this because I believe it enhances the readability of printed english. Putting the terminating semicolon from a line of C code inside the quotes around a quoted string just doesn't make logical sense. However, any its/it's, there/their/they're, or other stupid mistakes that detract from my ability to communicate clearly are fair game. ;) )

      So why is it such a bad idea? Because people think it will work. The latest issue of PC World (November [?] 2002) features an ad from IBM touting the advantages of the latest Intel Pentium 4 processor's LaGrand Technology. If I could find it I'd post the page number, but if you look through the issue it's on the left side somewhere in the middle-ish section. It promises freedom from viruses and a more secure operating system. I think it promises completely secure e-commerce as well. The average PC World readers are going to read this and their eyes are going to pop out of their heads. "Really? No more viruses? No more trojans? Secure e-commerce? How wonderful!" When online companies start pushing "secure" online movie rentals (broadband only, some restrictions may apply, void where prohibited, etc...) the ones surviving heart failure will scramble to buy new pcs with this LaGrand Technology (or amd's equivalent). After all, who wouldn't want a virus-free secure PC that does new and exciting things?

      Nevermind that the reason 99.999% of the computer-using public have to even think about viruses is because outlook is so incredibly insecure. Nevermind that the only things stopping global availability of secure online shopping are the certificate authorities' greed and US crypto export laws*. Nevermind that online movie rentals will most definitely not take off soon considering how much bandwidth is available to home users even with broadband. (Yes, you may have 2mbit cable, but what's going to happen when a large enough percentage of friday night movie watchers decide to download and cable companies are overselling their last mile _and_ backbone bandwidth at a ratio of 50 to 1?) Nevermind that LaGrande Technology is designed to be the cpu-side hardware support for tcpa/palladium which is already flawed. I'm not saying that IBM won't be able to make good on their promises of perfect security and a virus-free environment (that's a separate debate) - I'm saying that they're pushing a unique PC ID and Digital Restrictions Mechanisms into every home in trying to do it.

      (* Yes, I'm aware that you can get strong ssl encryption in linux outside the US. Here I'm referring to windows, a product from a commercial entity that has at least a slight interest in pretending they obey US law.)

      So that's how it's going to get into homes and businesses. What harm is it going to do once it gets there? Well, just because it's going to be hopelessly inadequate when it comes to serving its intended purpose of stopping online piracy of digital media doesn't mean that it won't restrict fair use rights. Sure, anyone can use a cracked pd/tcpa box to download a film from disney and then distribute it online, but if Joe user can't rip his legally purchased CD and send it to his car stereo because of draconian DRM code, that's a problem. And that's only the copyright/fair use side of the issue. What about security? What happens when a certain OS vendor, with complete confidence in its supremely planned but critically flawed transition element, starts getting lax on security and starts depending on pd/tcpa keep everything together? Even worse security holes than we've seen before due to inattention to important detail and (at least) internal code review.

      I hope you see what I'm talking about now. The worst possible outcome is not that palladium/tcpa will progress as planned (which violates the "possible" part). It's that it will approach an uneducated public and fail miserably.

      Are you a paying member of the eff yet?
  • THe obvious one ... (Score:3, Interesting)

    by Vilim ( 615798 ) <> on Tuesday October 15, 2002 @08:58PM (#4458121) Homepage
    The question i would most like to see them confronted by (though i most likely know the answer) is: Microsoft has been called a monopoly in the PC market, it maintains control over more than 95% of the desktop market. Since the only operating system that can even compare to windows (desktop wise) on the PC is linux. If palladium is integrated won't this mean death for linux and Microsofts complete domination over the desktop market? They will most likely try to sugar cote thier answer, or say that linux should go closed source (HA!) however it will boil down to "Yes".
    • by Alsee ( 515537 )
      If palladium is integrated won't this mean death for linux

      This question WILL BACKFIRE on you unless you are extremely detailed and careful. They've built up an arsenal of smoke and mirrors to disuise their monopoly tactics as being free, open, even friendly and generous.

      Linux will run perfectly fine on Palladium machines. A computer with Palladium is like a computer with a webcam attached. If none of the programs are written to use the webcam, it doesn't matter that it's sitting there unused. It is still a fully functional computer. All other programs still work.

      Microsoft has specificly stated they WILL release the information Linux needs to use Palladium. This is their big "open source" hype. Everyone can use palladium. The catch is that Palladium programs will only run on an operating system they trust. This means the operating system needs to be signed by Microsoft. Well, actually Microsoft will probably set up an "independant body" to do the signing. There will be an "open process" were anyone can get their OS signed. Except the process will be very long, very difficult, and most importantly very expensive. You have to prove the OS's use of Palladium is completely secure and meets all the rules they set.

      In otherwords it will be virtually impossible for Linux to get approval. Lets assume some big company like IBM actually does finance an approval for Linux. It's next to worthless because the signature will only work for that EXACT binary distribution. Switching to a different distribution, or moving up to the next release, or even just applying a patch will void the signature. And THAT excludes the possibility of using any commercial Palladium program or Palladium content on Linux in general.

  • Target Consumers? (Score:5, Interesting)

    by magnum3065 ( 410727 ) on Tuesday October 15, 2002 @08:59PM (#4458132)
    I'm curious who Microsoft expects to be the target customer base for this software, do they expect home users, or businesses. Will this be used in general across an office, or possibly only for machines that require high security (e.g. servers with remote access)? It seems that the average home user wouldn't want to be troubled with some of the new security features, and since technologies of questionable legality (mp3, divx, etc.) are becoming popular in the main-stream now, many people would actually be opposed to some of the new security measures. So, since Microsoft has typically targetted an average home user with their products, do they expect to win over the home user market for this new product, or do they simply plan on a small user-base that requires a more substantial amount of security at first, then try to make the system more wide-spread among consumers later?
  • by Consul ( 119169 ) on Tuesday October 15, 2002 @08:59PM (#4458134) Journal
    What will Palladium do to those of us who release independent content? (As in, independent of major corporations.)

    The only way I can see it possible to effectively implement DRM is to require computers to not play any digital content that does not have a valid encrypted signature, as provided by the various media companies, and/or Microsoft and Intel.

    My main concern, is that independent producers/composers/moviemakers will be locked out of distributing digital content, because the companies involved in Palladium, and other DRM schemes, can choose to withhold issuing these encrypted signatures to them, therefore rendering their content unplayable on Palladium-enabled systems.

    I feel, as a copyright owner, and musician, that this infringes upon my rights to distribute my work signature-free, for anyone to be able to play. I do not want a special tag on my releases telling people this is official. I would just like to see my stuff "out there". Therefore, this infringes upon my right to the "pursuit of happiness", as ordained by the constitution.

    Anyone else have thoughts?
    • by SiliconEntity ( 448450 ) on Tuesday October 15, 2002 @10:00PM (#4458510)
      The only way I can see it possible to effectively implement DRM is to require computers to not play any digital content that does not have a valid encrypted signature, as provided by the various media companies, and/or Microsoft and Intel.

      Microsoft has said many times that Palladium does not do this. Of course, anyone could write software which would only play content that had a signature, and that software could otherwise use some Palladium features. But this is not Palladium functionality per se.

      What Palladium does is kind of the reverse: it lets the remote server check that you are running "kosher" software. A remote server could refuse to stream content to anything other than Windows Media Player, for example. Palladium would allow WMP to cryptographically prove to the remote server that it was running, and nobody could write a "fake" WMP that could fool the remote system.

      Then WMP can impose whatever DRM policies it wants, and the remote server can be confident that the data it sent to you will be managed under those DRM policies.

      And of course you can always decide not to download the data, if you don't care to accept the terms under which it is offered.

      In this system it seems likely that it is in Microsoft's interest to keep WMP "open" and allow it to play content from as many people as possible. That makes the software more widely useful and ultimately will sell more copies of Windows.

      However, it's also possible that Sony or some other content company could create their own media player software, and it might only play Sony content. Again, this would not be a Palladium feature. The only place Palladium would come in is that the Sony servers could make sure that they only downloaded their content to Sony media players.

      Oh, also Palladium would allow Sony or the WMP to store their files encrypted on your disk in a really secure way, so that short of hardware hacking you probably won't be able to break the encryption.
      • by spitzak ( 4019 ) on Wednesday October 16, 2002 @01:26AM (#4459583) Homepage
        You don't seem to understand the question.

        If there is a player that plays unencrypted content, then it is possible to copy movies. It only needs to be copied once, perhaps by a hacker with hardware modifications, or by pointing a video camera at the screen, and then can be played everywhere.

        If only encryped content can be played, then it does not matter if some hacker makes a copy, it cannot be played on most people's machines. Every single machine would have to be hacked to enable it to play some new player that allowed unencrypted content. The security to IP is enormously greater with such a system, ie hundreds of millions of times more secure, so much greater that the drive to enforce this system will completely squash any morals or promises by a few people at MicroSoft.

        But how will parents send grandma their videos of their baby? The answer is they won't, and they will forget the fact that there was once a time when a recording could be removed from one device and put into another. Or more likely they will be able to do it with a live connection through a trusted 1:1 connection from their camera to grandma's desktop.

        Nobody will be able to record music, make movies, and possibly even publish text without a license from a media conglomerate.

        I believe this is going to happen if these schemes are not stopped now.

  • by Anonymous Coward on Tuesday October 15, 2002 @09:00PM (#4458136)
    What repricussions will this have on computer users that enjoy the use of standards, such as Ogg Vorbis, and share their private, legally owned, collection between multiple Operating systems on a Single Machine, or multiple machines running a variety of Operating System?
    • None. That was easy?

      Seriously, your question is like asking: "how will PGP affect me sending e-mails to my grandmother, who doesn't have PGP?"

      Thats really all it.
    • users that enjoy the use of standards, such as Ogg Vorbis

      Friend, I think your definition of "standard" has come unstowed.

      There are basically two definitions of "standard" that apply here. On the one hand, we've got "standard" in the sense of an ISO standard: a documented specification that has been published by a recognized standards body. Ogg Vorbis doesn't meet that criterion. MP3 does, because it's part of an ISO standard specification.

      On the other hand, you've got the idea of a "de facto" standard, which is a format or tool that's so widely used that you can depend on its availability with reasonable confidence. The Microsoft Word file format is a standard in this sense. It's not true to say that everybody uses Word, but in certain circumstances-- such as sending a resume to the HR department of a big corporation-- you can assume that Word will be the preferred format.

      Neither de facto nor de jure standards have the moral or practical high ground. The world is composed of both, so it's important to be able to recognize either type of standard and act accordingly. In some cases, the de facto standard conflicts with the de jure standard. We're dealing with that now with respect to HTML; the de facto standard (IE for Windows) and the de jure standard (the W3C specification) conflict. That causes problems, but eventually they'll bubble out.

      Ogg Vorbis, despite whatever merits it might otherwise have, can't reasonably be called a standard in either sense. In pointing this out, I'm not trying to say anything good or bad about Ogg Vorbis, or about standards for that matter. I'm just trying to keep the conversation straight, that's all.
  • Optional (Score:5, Insightful)

    by pete-classic ( 75983 ) <> on Tuesday October 15, 2002 @09:00PM (#4458138) Homepage Journal
    IIRC I read that DRM would be "optional."

    Could you ask them what "optional" means for me?

    Please note the presence of any lawyers.

    • What "optional" means to you is that you have the option of not running DRM.

      Exercising this option is functionally equivalent to exercising the option to not have access to any digital content whatsoever.

      So it's "optional" as in "breathing", not "optional" as in "comes with a sunroof".

      -- Terry
  • by Degrees ( 220395 ) <(degrees) (at) (> on Tuesday October 15, 2002 @09:00PM (#4458141) Homepage Journal
    Who will own the keys that release it? Where will those keys be stored? Do I get to run the server that hands out the key?

    I am thinking if I make a video of my grand kids - how can I make sure that anyone I want can view it?
  • Hey Bill... (Score:3, Funny)

    by Bob Vila's Hammer ( 614758 ) on Tuesday October 15, 2002 @09:00PM (#4458143) Homepage Journal
    Can I borrow a billion bucks?

  • My question is... (Score:5, Insightful)

    by name_already_in_use ( 604991 ) on Tuesday October 15, 2002 @09:01PM (#4458145) Homepage many objections need to be made until you decide to scrap the whole thing?
  • Reasons (Score:5, Interesting)

    by qwerbus ( 583999 ) on Tuesday October 15, 2002 @09:01PM (#4458148) Homepage
    I'd ask them why they think they need to protect Hollywood?
  • by Anonymous Coward on Tuesday October 15, 2002 @09:02PM (#4458153)
    Will Palladium enforce .Net framework code-access security? E.g. if I delare a private member, can I be certain that the hardware will guard that memory location with its life from access outside my class?

    And would the same apply to non-.Net Win32/64 code? How about scripting languages? Other VMs?
  • Tech/legal mix (Score:4, Interesting)

    by lawpoop ( 604919 ) on Tuesday October 15, 2002 @09:02PM (#4458154) Homepage Journal
    My Q: To what extent will palladium rely on legal means to enforce policies?
  • Corporate liability (Score:5, Interesting)

    by paranoic ( 126081 ) on Tuesday October 15, 2002 @09:04PM (#4458166)
    Will Microsoft assume liability for when Palladium breaks, or are they going to hide behind some shrink-wrap/click-through agreement that says that they (Microsoft) can't be held liable for anything?
  • by brw215 ( 601732 ) on Tuesday October 15, 2002 @09:04PM (#4458170) Homepage
    From what I have gathered, NO code can run on palladium enabled hardware that is not signed by Microsoft. I am concerned not just about Linux, but about all open source and individual development in general.

    Will code I write be able to be run on different Windows machines, or will I be restricted to my local environment barring a signature from Microsoft? From what I have read so far it is the latter and that is frankly terrifying.
    • by Yankovic ( 97540 ) on Tuesday October 15, 2002 @09:35PM (#4458357)
      The answer is yes. I don't know exactly where you have gathered this, it's completely wrong. Here's a link to an interview with the group product manager for Palladium with the answer:

      DIDW []

      And the relavant quote (with important part bolded):
      DIDW: So flexibility is a big goal, with nothing traceable locked in and no specific required PKI structure it must be part of?

      Juarez: The architecture is designed to be an open platform and open environment. As an ISV or service provider you can build anything you want on top of this platform and offer up a value proposition with consumers, or with other businesses. It can do all kinds of interesting things. But there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed, or you have to have things authenticated. It's a very basic, open environment and we're not trying to build any elements of it that are going to require verification or the participation of anything other than the ISV and the person who is using the services want to have happen.
  • by ajd1474 ( 558490 ) on Tuesday October 15, 2002 @09:04PM (#4458171)
    Are they releasing details on when they plan on invading Poland? Just so i can be sure to leave The Continent before then.
  • Secure Palladium? (Score:5, Insightful)

    by Devil's BSD ( 562630 ) on Tuesday October 15, 2002 @09:06PM (#4458177) Homepage
    Trolls and humor aside, I would like to know how they are expecting to fix problems with Palladium should they arise. The only way they can fix X-Box "security" problems right now is to release X-Box 1.1, and if they have to re-release computers to fix security problems, how would they do it? and who gets the bill? (maybe I shouldn't ask that last question...) And what is to stop people from mod-chipping computers? At any rate, I believe like many of my fellow /.'ers that X-Box is a Palladium Preview... or Rhodium (the element before Pd, get it?)
    Hmmm.. On that note, maybe Palladium is a preview to Microsoft Silver?
    • Data corruption? (Score:4, Insightful)

      by DoctorFrog ( 556179 ) on Wednesday October 16, 2002 @12:48AM (#4459451)
      A similar question hinges on how Palladium will deal with minor program corruption.

      If I understand correctly, Palladium checks the integrity of a program "down to a single bit" and will not allow the program to run if a single bit is different from what it expects.

      What happens if a sector on the hard drive becomes corrupted? Whereas most programs will presently continue to run with a small amount of corruption (at least well enough to retrieve data), under Palladium would it not fail to load entirely? In other words, the most minor data corruptions become catastrophic failures.

      Would it be necessary to reinstall the software entirely in order to run it under Palladium?

  • by carlmenezes ( 204187 ) on Tuesday October 15, 2002 @09:07PM (#4458193) Homepage
    You talk about Palladium being trusted and secure computing. Are there any provisions for backdoors so any content generated by the "secure" technologies can be monitored? If so, how secure will these backdoors be from malicious hackers?
  • by redback ( 15527 ) on Tuesday October 15, 2002 @09:08PM (#4458199)
    What options are likely to exist for people that do not wish to use Palladium?
  • by heptagram ( 253026 ) <> on Tuesday October 15, 2002 @09:14PM (#4458239) Homepage
    Ask questions that will make the lecturer either reveal how evil it is, or make his evasions obvious. Possibilities:

    1. If you turn it off - as MS claims they're going to allow - will the system then appear to apps, content & the network as "a Palladium PC with Palladium turned off" or as a non-Palladium PC? (Hint: it's the former.)

    2. Will I still be able to flash my BIOS? *All* of it? replace it completely? (Assuming TCPA hardware, they're lying if they say 'yes'.)

    3. Why would I want to buy this, if I'm not interested in Hollywood movies but do want complete control over my computer?

  • by Kindaian ( 577374 ) on Tuesday October 15, 2002 @09:18PM (#4458255) Homepage
    Why should one buy a more expensive Palladium compatible computer if they can buy a cheaper non-Palladium one?

    Why would a company restrict the content they provide and thrus limiting their consumers with a tecnology that will divide the world and conquer nothing?

  • Question (Score:5, Funny)

    by Herkum01 ( 592704 ) on Tuesday October 15, 2002 @09:21PM (#4458269)

    A. After it is released what is the ETA of the hack that will work around Palladium?

    B. How many months will it be before MS comes out with a patch for the above mentioned hack?

  • Demand? (Score:4, Insightful)

    by eagl ( 86459 ) on Tuesday October 15, 2002 @09:21PM (#4458274) Journal
    Question: Do any non-industry customers (ie. consumers) actually WANT Palladium or any other DRM technology? As a "feature" that would restrict a user's ability to use and/or manipulate data in certain formats, doesn't this represent a step backwards from the enormous utility of personal computing?

    Editorial - I can see people moving in droves back to high-quality analog video and audio editing as a result of DRM technology being forced upon consumers. The whole point of a fast digital computer is to rapidly and conveniently manipulate digital data regardless of the format on a single machine, so any restrictions on doing so is a step back towards single-use analog or simple digital circuits.

    Don't they SEE what they're doing in the big picture? The day a personal computer won't compute what you want it to compute is the day you switch to something that will, plain and simple. They're playing with nothing less than the death of the general purpose processor.
    • Re:Demand? (Score:5, Interesting)

      by TellarHK ( 159748 ) <tellarhk AT hotmail DOT com> on Tuesday October 15, 2002 @09:45PM (#4458414) Homepage Journal
      What do you mean "playing with nothing less than the death of the general purpose processor", they're openly -banking- on it. Microsoft has wanted to kill off the idea of the "Personal Computer" ever since they realized being a monopoly and letting other people work with the same hardware, building on their software layer was going to be a losing gamble in the long run.

      They want to lock everything down and help the industry along back to the era of computing devices, rather than flexible, expandable, personal computers. This new "Freestyle" media center is just the beginning if you think about it. You can't -buy- a Windows Media Center license, you have to buy the software installed on a Microsoft-approved machine. Unless the software industry as a whole fights back against this push, we'll see the death of PC's within the next 10-15 years and the rise of a more fragmented, more expensive series of black boxes.

      Why should Microsoft include DirectX in a PC when they have Xbox? Why allow people to build whitebox machines and risk them installing someone else's OS on it when they can tear the PC apart and make multiple "appliances" that conveniently link together bit by bit in order to become what people want? Snap your internet module into your media module, then connect your IO module and run the whole thing on WindowsCE 2010.

      Call me paranoid, but I'm really afraid they'll find a way to make this profitable for the whole industry and completely kill the hobbyist when it comes to the new gear down the road.
  • It Will Be Broken (Score:4, Interesting)

    by Yossarian45793 ( 617611 ) on Tuesday October 15, 2002 @09:23PM (#4458282)
    First, let me say that I understand the goals of Palladium, including why it would be a valuable technology for MS customers and others; and I think I understand as well as anyone how the technology works, having only seen the publicly available information. My question is:

    What makes Microsoft think that Palladium won't be broken or circumvented, given that the information security community at large has not had a chance to review the technology?
  • by gwernol ( 167574 ) on Tuesday October 15, 2002 @09:26PM (#4458309)
    The great technology boom of the 80's and 90's - and the wealth that was created as a result - happened because ownership of Personal Computers became widespread. Microsoft and Intel were two of the key players that triggered that explosion. One of the most important reasons people brought PCs was because they could write or run any software on them. They were open systems controlled by the user - not a corporation. Unlike the mainframes and minicomputers that preceeded PCs you could run the software you wanted and you didn't have to seek permission from yourIT staff.

    Does Microsoft really believe its best course is to enforce a return to the bad old days of corporate control of computing through Palladium and other DRM mechanisms? Doesn't this route open up the way for a competitor to give people what they really want - control over their systems? Isn't this the beginning of the end for Microsoft?
  • by levendis ( 67993 ) on Tuesday October 15, 2002 @09:26PM (#4458314) Homepage
    I hate to point out the obvious, but being that slashdot is an open forum, Microsoft (and their lawyers) will surely be watching for the most interesting questions, and preparing appropriately non-controversial answers for them. Ergo, anything you ask here is likely to get a marketing non-answer, rather than a real answer....

    Just something to keep in mind :-)
  • by Broadcatch ( 100226 ) on Tuesday October 15, 2002 @09:36PM (#4458369) Homepage
    For Palladium to authenticate licensed media, there must be some set of public keys stored in the hardware somewhere.
    • Who holds the private keys?
    • How does a new media producer get their media "signed"?
    • What happens if a key is compromised?
  • Engineering holes (Score:3, Interesting)

    by Henry V .009 ( 518000 ) on Tuesday October 15, 2002 @09:37PM (#4458372) Journal
    You've went to a lot of trouble to make the Fritz chip uncrackable, but Palladium has to be enforced in software. Taking control of the boot loader was a good idea, but what do you do when someone exploits a buffer overrun or a backdoor--or a macro in Word 95--to run arbitrary code, and disable all Palladium features. Isn't all your effort completely useless?
    • what do you do when someone exploits a buffer overrun or a backdoor--or a macro in Word 95--to run arbitrary code, and disable all Palladium features

      Palladium has a concept called "curtained memory". It is immune to being touched by ordinary code, you have to be in a new CPU mode which is being defined as part of the Palladium spec (some observers call it "ring -1"). Most buffer overruns and similar bugs will not escalate your privileges high enough to touch the Palladium secure area, even if you can get into (normal) kernel mode.

      My understanding is that you'd have to find a bug in the OS kernel software component that runs in the curtained area, which Microsoft calls the "nub" or "Trusted Operating Root". They intend to publish this relatively small software component for review in the hopes that it can be made bug free. If so then bugs in other parts of the software will not defeat Palladium security.
  • What not to say (Score:5, Insightful)

    by Entropy_ah ( 19070 ) on Tuesday October 15, 2002 @09:39PM (#4458385) Homepage Journal
    I see alot of questions here that refrence things from the open source movement. I would use more ambiguous words in their place because as soon as the folks from MS realize that your into open souce they're going to give you the run-around. IE, don't say open source projects, say personal software projects. in place of Ogg Vorbis, say alternitive audio codecs.
    There was a MS representative at the career fair here at UVA and as soon as I mentioned the word linux, the conversation pretty much ended.
  • 2 Questions (Score:4, Interesting)

    by Proudrooster ( 580120 ) on Tuesday October 15, 2002 @09:40PM (#4458389) Homepage
    1. Will turning Palladium "off" ALWAYS be an option in the future?

    2. What is plan "B" for a TPA (trusted computing architecture) when Palladium hardware security is defeated and anyone can run bogus signed code?

    ( I secretly want them to answer "Why, that's impossible, no one could ever break Palladium." )

    * The Titanic was an UNSINKABLE ship! *
  • A line of Questions (Score:5, Interesting)

    by Sylver Dragon ( 445237 ) on Tuesday October 15, 2002 @09:46PM (#4458418) Journal
    1. Will it be possible, as a home user, to create and digitally sign a creative piece of work? Such as, a home movie?

    2. What ramifications will this have on digital content created before the introduction of Palladium? Will it still play?

    3. Will the information necessary to create a Palladium enabled viewer be available to public? Or will we only be able to use Windows Media Player to play Palladium enabled content? What are the projected licesing costs for a company that wishes to create a viewer that is able to view Palladium enabled content?

    4. Will hardware that requires a signature be able to run content that does not have one? (if yes) Will this then mean that any software that pre-dates the hardware must be upgraded? (if no) Then how will this system differentiate between a desired, older, program, and a virus?

  • by Lethyos ( 408045 ) on Tuesday October 15, 2002 @10:01PM (#4458520) Journal
    "Microsoft is evil, blah blah blah..."

    Now that's out of the way, let me remind you that there's a lot of truth to this often repeated statement. Palladium is, in a lot of ways, a cool, if horribly unoriginal technology (the concept of making software dependent on the presence of hardware to run has existed since dongles).

    Regardless of how cool, funny, or "weak" it is as many of you claim, Palladium has two purposes. 1) Palladium is meant to make other deep-pocketed interests happy (more money for MS). 2) defeat any and all competition to Microsoft products.

    It's very clear: Microsoft has the say-so in what code gets to execute on a Palladium-tainted computer. What code do you think will be allowed to execute?

    You will argue: "It will be cracked." "We can stick with old computers." "This will not be accepted by businesses/consumers." But those arguments are either irrelevant or fall flat on their faces.

    First of all, I agree. It will be cracked without a doubt. But do 99% of the users out there know how to use such cracks to free themselves? Do any of you crackers out there realize how complex this system is?

    Second, we cannot stick with old computers. This is evident by the fact that there are hordes of users out there running 1GHz processors with half a gigabyte of RAM for the purposes of checking their email. Plus, software will always get more sophisticated and people will always want higher framerates, and so on. New computers will be purchased.

    Last, of course consumers and businesses will buy up Palladium hardware! This is, without a doubt, the most absurd assumption anyone can make! "People don't want another DivX!" "People don't want to give up their rights!" Bullshit. People do not even know what their rights are. Not to forget that marketing spins already exist that are meant to convince people that they are getting something (increased security) when they are having something taken away. (Apologize to the guy who coined that phrase.)

    Palladium is very real, and it is a very real threat. It will be adopted if it is allowed to continue. Even if we educate the public, it will press on (after all, users running Windows left and right, despite superior alternatives)? Sadly, I have no suggestions on how to deal with it... but we must certainly not take it as a laughing matter.
  • by the_other_one ( 178565 ) on Tuesday October 15, 2002 @10:05PM (#4458548) Homepage
    Those involved in dreaming up this Palladium scheme are surely corporate spies from Apple.
  • by Anonymous Coward on Tuesday October 15, 2002 @10:17PM (#4458629)
    I've tried to limit these to technical questions only. Some of these could fall more under the TCPA's stuff rather than M$s Palladium, but might be interesting to hear what they'll try and pull:

    What kind of performance hit can users expect to have when using encrpytion/DRM? And can they provide any benchmarks to back up any claims?

    How much hardware will have to be "upgraded" to work with Palladium-enabled software?

    What is the expected lifespan of Palladium security? I'm talking about this rev, not any "future versions".

    Speaking of security, what kinds of encryption are they going to be doing? IIRC, TCPA calls for both symmetric and public key encryption. Key lengths? Uniqueness of keys? Disposablibity of keys? Key storage by third parties for any reason? Proof of any of the above (particularly the last one)?

    How can a user ascertain if their system is running in "trusted mode" or not? Is it technically possible for a "trusted mode" to be running without the user's knowledge or consent? And, of course, how would they prove it?

    Do users have the ability to determine all that is running on their system in or out of "trusted mode"? Let alone control that?

    I believe I read somewhere about Palladium being able to create "vaults". If so (and I just wasn't hallucinating. Again), can multiple "vaults" be created, or even nested? Again, does the user have the ability to easily determine and access all vaults? If not, why not?

    Speaking as someone in academia, how will this affect those of us trying and developing software and even hardware (unfortuneately some of the tools I've personally used have required the use of Windows)?
  • by Anonymous Coward on Tuesday October 15, 2002 @10:18PM (#4458640)

    I don't know why people are so excited about Palladium. It can not function as they claim it. This is a fact, because nobody can ignore the reasons, at least not in this universe. I'm always under the impression that there are people who sell some highly speculative and esoteric garbage. They claim something that cannot work. And still there is applause for these people, for whatever reason. And if enough applause is around, everybody claps his hands, too, without knowing why. Anyway, Palladium will never do what it is claimed to do, it cannot function reliably and every child with a little skill in mathematics can find a proof for this fact. I will give this proof now.


    A computer is a formal system which you can analyze in various ways. Mathematics gives us nice measures to do it. These measures allow us to give predicates about ideas like Palladium without even knowing anything about their inner details.

    • A computer is a Turing machine

      If we assume a correctly functioning computer, this predicate is wrong. A computer is a system which can from its boot strap state reach only a finite number of states, while a Turing machine can reach an infinite number of states.
    • An ideal computer is a Turing machine

      An ideal computer, which would have an infinite amount of memory, can emulate a Turing machine and is thus equivalent to a Turing machine.
    • A computer connected to a netwerk is equivalent to a computer with an infinite amount of memory and is therefor a Turing machine

      This predicate is wrong. The finiteness of states a computer can reach is not disabled by the much larger finiteness of a network. Because the network, as opposed to the computer, grows over time, it can be seen as an unlimited amount of memory. You would just have to wait until someone, somewhere on the planet adds more memory to the network. However, this memory is over-directed and so the system is no longer deterministic. Therefore a computer with network connection is a non-deterministic system. Non-deterministic systems are not Turing machines. Any computer is deterministic if and only if the computer controls the network connection. This control is finite, because the computer has only a finite amount of states available. So a computer can still only reach a limited number of arbitrary states. That's why a computer is still no Turing machine.
    • Limitations that are put on a Turing machine have to be put on a computer, too, if it is deterministic

      This predicate is right. Since a Turing machine can emulate every deterministic computer, all limitations that are put on a Turing machine are also valid for the emulated computer.
    • A Turing machine is subject to 'Goedelization'

      A Turing machine is deterministic and is thus countable. Therefore it is imperfect as a formal system in the Goedel sense. Hint: In imperfect systems it is possible to pose a problem that cannot be solved within the system (e.g. the formula x*x = -1 in the real number system).

    Based on these introductory insights a conclusion can be drawn now.


    • A deterministic computer will still be deterministic if it implements Palladium

      This demand is legitimate. A security risk is, by definition, something that you cannot completely abandon. A computer connected to a network is non-determenistic and as such a security risk. A deterministic computer that does no longer react in a predictable way as soon as you connect it to a network is undoubtedly a security risk, because you can no longer tell what the computer does and why. Everyone should seek to avoid security risks with computers. Especially a platform that claims to make a computer more secure must be bound to this insight, otherwise it would increase the security risks instead of decreasing it.
    • A computer with Palladium constitutes a Turing machine

      This predicate is wrong. We assume that a computer does not work in a determenistic way with Palladium and it thus constitutes no Turing machine. On the other hand Palladium supervises the data processing inside the computer and cuts off certain states. Therefore the computer loses a lot of its possibly reachable states, that is the number of possible states becomes "even more finite" than it was before. If the computer remains deterministic, then the total number of states is lower than that of a computer without Palladium. For this reason a computer with Palladium is no Turing machine, either. (This is too bad. Would a computer with Palladium constitute a Turing machine that would be a direct proof that Palladium does nothing, because all Turing machines are principally equivalent).
    • Palladium akes a computer more secure and is an embracing and before all complete solution by means of security

      This predicate is wrong. Either Palladium makes a computer insecure (see above: security risks) and will therefore not fullfill this claim, or Palladium is as a formal system imperfect by principle. Imperfectness in this case means that you can impose a request upon Palladium that it cannot fullfill, by principle. Since Palladium wants to give improved security, it either can not accomplish this claim or it has to limit the usage of the computer so that there is no way to use the machine for the broad number of tasks like before. The Goedelization in this case assures us that the limitations are by no means imposed on unwanted operations, which Palladium wants to prevent, but on wanted operations which Palladium permits (or even disres) for the user. It is irrelevant if I can now give a significant example for this or not. The fact is, simply put, that thanks to Goedel can construct such an example. That's why Palladium can again not fullfill its claim. The user is prevented from doing things that he is permitted to do due to Palladium, even though these operations are desirable.

    The final conclusion will be drawn now


    I assume that at Microsoft there are bright minded people who know enough about mathematics to not only be able to follow my implementations, but rather knew them long ago. I assume this because there's not much behind it. And therefore I assume that Microsoft knows that Palladium can not function in the way they claim.

    Now that raises the question why Microsoft still propagates Palladium in the way they do? They should know that their claims are wrong. I see only two possible reasons for this riddle:

    Either Microsoft wants to mock up activity in the security sector, which in reality doesn't exist and in such way gain market shares by marketing fluff.

    Or Microsoft exactly knows that the computer will become completely uncontrollable with Palladium, because every networked computer with Palladium will work in a non-deterministic way. The non-determinism in this case helps specificially the one who controls Palladium, and this means Microsoft and Intel. But it will be exploited by hackers as well.

    Since I make the assumption that the uprising damage from the second case would make an unrecoverable loss for the companies, I firmly believe that Palladium is marketing fluff. Professionals will turn off Palladium to have a (more) secure computer again. For consumer computers this might be a different case, but certainly no sysadmin is going to blindly accept an increased and easily avoided security risk.

    Palladium most probably is nothing but marketing fluff without any backgroud - except moneymaking.

    We shall not fear Palladium. If it was impossible to turn off Palladium, every computer's value would be zero if it was not connected to the net. And if it was connected to the net, it'd be completely indeterminate what the machines does. At least that's the consequence of Goedel's proposition of incompleteness.


    Original text (german) can be found on: =Sections&file=index&req=viewarticle&artid=10&page =1

    Final word from the translator, ie. me: English is not my mother tongue.

  • by SiliconEntity ( 448450 ) on Tuesday October 15, 2002 @10:23PM (#4458662)
    I would ask this:

    Will it be possible for new peripheral devices, like disk players for Super Audio CD or DVD-Audio, to use Palladium to make sure that only "authorized" (by the drive manufacturer) software can read the data from the disk drive? I.e. will the drive firmware be able to use Palladium to get an attestation on the secure hash of the running software that is trying to access the drive?

    This would end unauthorized ripping of data from these new formats, which would be tremendously valuable to the content companies. It is plausible that these companies would only allow their drives to go into computers if Palladium could provide this assurance. Therefore by providing this capability, Microsoft would make PCs more attractive and useful to consumers, sell more copies of Windows, and make more money.

    Microsoft has both the incentive and the technological capability to do it. But they haven't said if they will, and none of their public discussion has touched this issue. Please ask them.
  • by kfg ( 145172 ) on Tuesday October 15, 2002 @10:28PM (#4458686)
    For God's sake. . . WHY?

  • by Kylow ( 581998 ) on Tuesday October 15, 2002 @10:28PM (#4458687)
    Does all our base, in fact, belong to you?
  • by Bill Privatus ( 575781 ) <{last_available_id} {at} {}> on Tuesday October 15, 2002 @10:51PM (#4458810)

    I think this should be treated the same as any invitation to submit questions to an interviewee.

    MS, in this case.

    It's disappointing to see the flamage herein. Yep, Slashdot may be homogenizing, as some have asserted - becoming bland, grey, doubleplusungood sameness in all directions. Personified by Prolific Puking Proselytizing Punks!?!

    Yet ---- on the flip side, there are too many superficial questions asked, which by their phrasing or their supposed "subtlety" or "indirection" will somehow be "sprung" upon the erstwhile MS drones standing under the bright lights.


    This is a very rare opportunity, if indeed someone will represent "our" interests at this forum (and assuming the chance to speak).

    We should be asking all the questions that have come up before, but that have not yet been answered: in Salon [] by Bruce Perens ('Perens is convinced that Palladium will let Microsoft decide which applications can run on a machine and which are simply too unsafe for public consumption -- such as programs written by open-source hackers. Perens even thinks that's the point of Palladium: "It's designed to kill off open-source development."') and in Dan Gillmor [] ("Microsoft has launched its Palladium initiative, a hardware-software system designed to make computing more secure from viruses and malevolent hackers. Palladium, unfortunately, could also be used by intellectual-property owners to lock down copyrighted materials in ways that would damage users' rights. Critics have also suggested that Palladium could be used to freeze out open source software -- and they make a compelling case.")

    A few example questions:

    1. What special considerations will be given to corporations whose desktop computers may not have live access to "verification" servers or other real-time "authorization" mechanisms?
    2. What will prevent the "considerations" given to corporations from being subverted for use by non-corporate users?
    3. From Robert Cringely (here []): "Under Palladium as I understand it, the Internet goes from being ours to being theirs. The very data on your hard drive ceases to be yours because it could self-destruct at any time. We'll end up paying rent to use our own data!"

      What is Microsoft's response to Cringely's allegation that data will no longer be "permanently readable" - a characteristic of computing that is taken for granted today?

    4. From Digital ID World []:
      DIDW: Because Palladium will have an installed public/private key for at least bootstrap purposes...
      Juarez: Which is never revealed to anybody, including you.
      DIDW: But it raises the questions, all the old Clipper Chip issues, of will the government pressure you for key escrow and things like that?
      Juarez: We are talking to the government now, and maybe this is where we get some advantage from having a broad industry initiative. Our fundamental goal is "let's do the right thing." We have pretty strong feelings about what the right thing is on terms of making sure that things are truly anonymous and that key escrow kinds of things don't happen. But there ARE governments in the world, and not just the U.S. Government.

      What are Microsoft's present commitments to governments regarding key escrow? U.S.? England? France? Germany? Afghanistan? Iraq/Iran?

    5. From []: "The big question from everyone is," says Elias Levy, a computer-security expert and CTO of Security Focus, "who is going to have control - is it going to be in the hands of the user or Microsoft?"
    6. From []: "But by integrating Palladium with its Windows operating system (OS), Microsoft is taking another strike at Linux users. Juarez won't rule out Palladium ever being available for alternative operating systems, but it won't be initially."

      What is Microsoft's position today on this issue?

    7. As noted in BSDVault [], a patch to MS Media Player to address security bulletin MS02-032 includes the following EULA language:
      * Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.

      Is this DRM part of (or related to) Palladium? In any event, what recourse will users have when (if) their existing software ceases to function as a result of these new "features"?

    Search Google, read all the material, find the unanswered questions - and it won't matter that Microsoft sees this slashdot thread. Ask the questions that MS knows about, but has not been able or willing to answer...

  • What, Why? (Score:4, Interesting)

    by dosh8er ( 608167 ) <> on Wednesday October 16, 2002 @12:51AM (#4459456) Homepage Journal
    What effect will this have on people who want to run multiple OS's (let's just say for lack of argument, OS/2, or older versions of Windows... BeOS, linux doesn't even NEED to fit the picture here...)? Would this cause problems for re-installs, re-formats, etc. (What effect will this have on the frequency of re-installing?) How will this help the growth of private building of systems, existing hardware, hobbyist usage of BASIC stamp kits, etc.? need i go on? Why should manufacturers of various computer components/accesories follow suit?
  • by pesc ( 147035 ) on Wednesday October 16, 2002 @06:44AM (#4460405)
    Palladium and "trusted computers" are often mentioned together.

    What Palladium does is to enable the computer to NOT trust its owner.

    Any other problem allegedly solved by Palladium can be solved without it.


  • by Scarblac ( 122480 ) <> on Wednesday October 16, 2002 @07:54AM (#4460556) Homepage

    Say I write something in an interpreted language, Python, Perl, Java, whatever.

    The interpreter binary that runs the code is signed, totally officially Palladium-fine.

    Then I can write any Python code that does whatever, can't I? You can't sign the ASCII source code.

    I conclude that any language interpreter, or any application that has any sort of scripting language (say IE, Outlook, Word) can't have any means of breaking out of DRM in the language or it won't be certified. This is unbelievably crippling.

Today is a good day for information-gathering. Read someone else's mail file.