|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
16:35 EST/21:35 GMT | News Source:
Electric News |
Posted By: Byron Hinson |
More has been written about Microsoft's Palladium (Pd) security initiative than about any other computer security topic in 2002, and no wonder. Called "Pd" by Microsoft, Palladium allegedly implements the Trusted Computing Platform Alliance (TCPA) specification. But others say Pd is a digital Garda that arrests any software attempting to use copyrighted content in an unapproved manner.
|
|
#1 By
2960 (156.80.64.132)
at
9/19/2002 4:38:40 PM
|
Yeah, it's me again LOL!
TL
|
#3 By
1845 (12.254.162.111)
at
9/19/2002 5:38:03 PM
|
Lol @ TL.
"But others say Pd is a digital Garda that arrests any software attempting to use copyrighted content in an unapproved manner." Um, isn't that what DRM is? Don't ACL's do the same thing? We all know I support DRM, but aside from that, that statement was incredibly obvious.
|
#4 By
3339 (65.198.47.10)
at
9/19/2002 5:41:54 PM
|
Sure. I've got an opinion on everything.
Do you? Or do you just love my posts so much that your's only exist to herald the coming of a jerk post?
|
#5 By
5444 (208.180.245.190)
at
9/19/2002 6:21:31 PM
|
jwm,
except that that the PD code will be open for all to use the only ones that will have to pay is to pay to get the certificate. which will be the providers responsiblity. You have to pay now for the certificate so that isn't new.
And the hardware side is part of an open trustworthing computing.
I do believe that people will use parts of this. but it is an optional aspect. which may or may not cause parts of the OS to be functional or not.
EL
|
#6 By
3339 (65.198.47.10)
at
9/19/2002 6:41:59 PM
|
Here's a few thoughts for you JWM... the TCPA has gone no where for ten years, not because the tech doesn't work but because no one wants it.
People who think things will improve because of reduced pirating are fooling themselves... Saying that all consumers are paying the cost is ridiculous... Software developers and the Recording Industry are making their money and they are not going to drop their prices...
CDs have been cheaper to produce than cassettes since 1980 but CDs are still twice as expensive... what makes these people believe that these companies are now going to pass the savings on to us.
I do not have security problems, virus problems, or spam problems... what do I need this for?
Whether or not it's an open system or can be switched on or off, why would I want it? That's not an argument for why it's desirable. That's like saying it would be a good thing if everyone is rigged with an explosive collar, but it's only activated if you are suspected of being a criminal, and only triggered if the authorities want to and you get to pick which authority pushes the button... but most people won't even notice it. Do you want an explosive collar?
Some basic principles that just form a start to my thoughts.
This post was edited by sodajerk on Thursday, September 19, 2002 at 18:52.
|
#7 By
3653 (63.162.177.140)
at
9/19/2002 6:42:19 PM
|
JWM, "OMG. This stuff is horrible!" could you elaborate a bit?
|
#8 By
20 (24.243.41.64)
at
9/19/2002 6:49:01 PM
|
#8 (sodajerk): I like the explosive collar analogy. I was actually LOL.
Many people don't reallize that the TCPA has been around for awhile and several companies have already implemented part of the spec. They have a big list of companies who participate and a list of some of the hardware currently shipping with part of the spec implemented on their web site.
|
#9 By
20 (24.243.41.64)
at
9/19/2002 6:49:48 PM
|
#1: What'd I miss? Why is this you again?
|
#10 By
5444 (208.180.245.190)
at
9/19/2002 7:21:47 PM
|
Well palladium isn't DRH if that is what you mean JWM, And the hardware is there and any OS can implement the same thing. so it isn't limited to Windows.
BEEYp, no, even with encrypted bootsector it doesn't limit what OS is loaded.
But in those cirumstances where a company needs that kind of control they can set up the computer to be only run a certain OS if they so choose.
While I don't see the need at the consumer level. I can give examples of a encomerce systerm based on a Palladium tcpa based computer.
An example would be this.
Right now in Ecomerce you enter in a Credit Card Number and send the information over a SSL connection. You are trusting that the other individual at the other end is who they say they are. there is no way to do this currently.
In a palladium/ecommerce setup.
I sign up with my bank and Only I and my bank ever see the credit card number.
The vendor also signs up with the bank and offers credentials.
When I send an order, a Token is sent instead of my credit card number. This token is
for a one time purchase. or for a certain amount of time in the case of subscription services.
(iow no more hidden in the page 4 pages down that a subscription is going to occur) the consumer would have control depending on which token is sent.
This will also help to prevent fraud and other common online issues.
But that is one case of where TCPA can help in. As it offers several security features.
DRM is outside of this but could be tied to Palladium to make it more secure. But DRM as it
is currently proposed is extreamly flawed.
Such things in how to handle licenses that get corrupted. transition of licenses from one individual to another, even transition of linceses on the same network have to worked out.
Thre is a DRM server being made. which MS will offer to other people so I don't see MS in the service business of providing that service, they will provide the software for it.
El
|
#11 By
3339 (65.198.47.10)
at
9/19/2002 7:31:07 PM
|
don't worry, Phaedrus, that's been happenng alot lately, and we're still all here.
|
#12 By
3339 (65.198.47.10)
at
9/19/2002 7:36:30 PM
|
El, before I ask what's your stake, what's your reason for defending this can you tell me of one incident ever where a major ecommerce site has been spoofed? And, further, can you tell me why an ecommerce hack would make it worthwhile to re-architect all future hardware and software when it is an insured and retrievable transaction?
This post was edited by sodajerk on Thursday, September 19, 2002 at 19:37.
|
#13 By
1845 (12.254.162.111)
at
9/19/2002 7:46:06 PM
|
That's only one example, Jerk. Palladium offers much more than that.
|
#14 By
3339 (65.198.47.10)
at
9/19/2002 7:50:07 PM
|
What does it offer of value that anyone is clamoring for (besides the Recording Industry) that isn't already provided for through TCPA (to gov'ts and such)?
Go ahead... name the benefits. Did I say I shot down all the reasons for this? No, but I'll do it one by one if I have to.
|
#15 By
5444 (208.180.245.190)
at
9/19/2002 8:18:31 PM
|
I already said at the consumer level I don't really see a need for it.
Last year in america it was estimated that there was over 300 million dollars in Online Fraud.
From companies that get a merchant account. open up for a week and then disappear.
To sites that open up and offer something just to collect credit card numbers.
and so on and so on.
At the Business level there is real reason in Property security etc. I see the use more in a business model than in the consumer model.
Governments for the most part, if it is a secure systerm, use Hardware that is specially designed and make what TCPA is offering look like a weak sieve.
I have no stake in this. I only am offering examples. I do agree that DRM isn't really a good thing. But then I also see the RIAA point on loosing money to indesriminat copying of albums.
I also think if they lower the cost of the CD's to that of Cassettes or lower, instead of "raping" their own consumers. they would go along way.
I know people that try to make a living off of software, (I gave up on that a long time ago) I find if you offer something good that most of your profits will disappear to piracy. You end up spending more money trying ot protect your IP, (part of the argument with the license issue before) While I want to give my users the benefit of the doubt, all it takes is a few to kill your profits. But there is also the trust issue. which this technology basically says we trust no one so everyone must be punished.
And believe me, while not as bad in the business realm, it still occurs.
Can I fully defend the position of the Industry no. But I do not buy Records or CDs from american companies. I do not and even have CNN and other channels owned by TW and AOL blocked in my household. (even fileing a complaint that I have to pay for them in my inclustion on my Satallite bill.
now talking about an area where you don't have choice.
El
|
#16 By
2459 (24.233.39.98)
at
9/19/2002 10:08:22 PM
|
Palladium is not TCPA nor DRM.
From Palladium FAQ: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/PallFAQ2.asp
----------------------------
Q: Is "Palladium" Microsoft's implementation of the Trusted Computing Platform Alliance (TCPA) specification?
A: No, "Palladium" is not an implementation of TCPA spec. The two projects do share some features, such as attestation and sealed storage, but they have fundamentally different architectures. (To learn more about the TCPA's approach, you can download a copy of version 1.1 of its spec from its Web site, http://www.trustedcomputing.org/.)
-------------------------------------
You can run other OSes and non-Palladium software. You can still use unprotected file formats.
--------------------------------------------
Q: So I won't be able to play any MP3s on my PC any more?
A: You will. "Palladium" brings additional capabilities to the PC but does not interfere with the operation of any program that runs on current PCs. "Palladium" never imposes itself on processes that do not request its services; "Palladium" features must be requested by a program. So the MP3 player you have today will still work on a "Palladium"-enabled PC tomorrow.
Q: What's the difference between "Palladium" and DRM?
A: ... "Palladium" itself is not a DRM system. DRM applications can, however, be built on top of "Palladium." What "Palladium" offers is a way to isolate applications (to avoid snooping and modification by other software) and store secrets for them while ensuring that only software trusted by the person granting access to the content or service has access to the enabling secrets. A DRM system can use this environment to help ensure that content is obtained and used only in accordance with mutually understood set of rules. ...
Q: I've heard that "Palladium" will force people to run only Microsoft-approved software.
A: "Palladium" can't do that. "Palladium's" security chip (the SSC) and other features are not involved in the boot process of the OS or in the OS's decision to load an application that doesn't use a "Palladium" feature and execute it. Because "Palladium" is not involved in the boot process, it cannot block an OS, or drivers or any non-"Palladium" PC application from running. Only the user decides what "Palladium" applications get to run. Anyone can write an application to take advantage of "Palladium" APIs without notifying Microsoft (or anyone else) or getting its (or anyone else's) approval.
If you want accurate information on Palladium, please read the FAQ and Whitepaper and other info available at microsoft.com. You can also sign up for the Palladium update newsletter by sending a blank email to pdinfo-subscribe@pens.tm500.com
This post was edited by n4cer on Thursday, September 19, 2002 at 22:10.
|
#17 By
2459 (24.233.39.98)
at
9/19/2002 10:09:47 PM
|
Q: I've seen claims that "Palladium" will undermine the GPL. Is that true?
A: The claims that we've seen along these lines stem from the fact that the TCPA platform has some features that are accessible only to TCPA-certified software. So if you have source code to a piece of software that uses these features, and if you make changes to the source and recompile, you'd need to obtain a new license for the software from the TCPA: This concern is not an issue with "Palladium" because "Palladium" does not contain any restricted-access functions (except for functions restricted by the user); any nexus loaded into "Palladium" can access all "Palladium" security features for itself. Nexus B cannot access nexus A's secrets stored with "Palladium," but nexus B can always seal its own secrets without needing to hold a special license (from Microsoft or anyone else).
|
#18 By
1845 (12.254.162.111)
at
9/19/2002 10:26:13 PM
|
Hmm, kind of sounds like Palladium isn't anything to be afraid of, doesn't it?
|
#19 By
2459 (24.233.39.98)
at
9/19/2002 10:30:33 PM
|
Right Bob.
To ellaborate further, I'll post a comparison that I posted on BroadbandReports where I was having a similar discussion.
---------------------------------------
Think of Palladium hardware and software the way you think about a graphics accelerator and a graphics API like D3D or OGL.
Though you have a GeForce (Palladium Hardware), a developer still has to specifically write his game for a supported API like D3D, OGL (Palladium API) in order for his game to be able to use the GeForce's advanced 3D acceleration functionality (Palladium hardware features).
Also, even though the GeForce (Palladium hardware) is present, its 3D acceleration functionality (Palladium hardware features) will not be used unless the OS and the application support them.
This doesn't stop you from using your GeForce's (Palladium hardware) standard 2D functionality (non-Palladium CPU, etc., etc., functionality) with an OS and/or application that only uses those core (non-Palladium) features.
--------------------------
As with product activation, people would rather believe unsubstantiated rhetoric rather than getting the (widely available) factual information directly from the source.
This post was edited by n4cer on Thursday, September 19, 2002 at 22:34.
|
#20 By
135 (208.50.201.48)
at
9/19/2002 10:43:22 PM
|
n4cer - What's the point. sodajerk bases his opinions on idol speculation. Facts just get in the way of a good argument!
|
#21 By
1896 (216.78.253.234)
at
9/19/2002 11:04:04 PM
|
"Quidquid id est timeo Danaos et dona ferentes"
I am 100% against piracy, all my programs are licensed and if I like a CD I bought it; well actually I am buying vinyl again but anyway.
Maybe it is a generational problem but I can't handle to have someone else managing my freedom.
This post was edited by Fritzly on Thursday, September 19, 2002 at 23:04.
|
#22 By
1845 (12.254.162.111)
at
9/19/2002 11:21:05 PM
|
Fritzly, what does that have to do with Palladium?
Oh, btw, does SSL constitute someone else managing your freedom. After all, you (like 99% of the population) don't really understand how it works, who the CA's are, where your private key is or if you even have one, whether you use a symetric or asymetric key, what the server's public key is, etc.
I also might ask, if you own DVD's. If you do, you already have managed content. Or didn't you know that both your DVD and your DVD player are region encoded?
I'm not attacking you individually, I'm attacking the idea that security == lack of freedom. I'll bet that the advances in security that Palladium will offer, will quite surprise and impress you. If they come to see the light of day (and you can get beyond the NO DRM! mindset) you'll see a wealth of possibilities to improve your way of life that wouldn't otherwise be feasible.
|
#23 By
1896 (216.78.253.234)
at
9/20/2002 5:31:28 AM
|
Maybe your DVD Bob not mine; I have an multiregion one. I am not against DRM as a concept, my problem is how it is implemented. If I buy a CD I believe I have the right copy one or more songs to an other media and make a compilation of different artists and albums, or copy the same song to another media so I don't have to swap th CD from a driver in the living room to another in the bedroom. Who is going to decide what is fair and what is not? Music industry representatives who pretend they have the right to get into your system and check if there is any "stolen music"? You can't be at the same time the accuser, the investigator, the judge and the executioner.
About the debate if security means lack of freedom there isn't an absolute answer; there must be a balance between the two issues.
Btw could you mention some of these "possibilities to improve my way of life that wouldn't otherwise be feasible" without Palladium?
Finally I would like to remind you that the era of the High Priests, the watcher of the human knowledge is gone forever. I am afraid you don' t realize how many people not only understand what you assume they don't but, even more important, how willing they are to learn when they encounter something they don't know about.
|
#24 By
1845 (12.254.162.111)
at
9/20/2002 7:04:33 AM
|
Are the DVD's you own coded to all seven regions?
No offense, but it doesn't matter what rights you believe you have with respect to using copyrighted material. Section 107 of the US copyright law explains the rights you have the, gernally speaking, the copyright holder can't infringe. 107 gives you the rights you have, so more or less than that on the side of the copyright holder or on the side of the consumer doesn't much matter. In short, the law explains what is fair and what is not.
What are you talking about with the music industry being judge, jury, and executioner. I don't see that happening today. I don't see that with any DRM strategies I've read about. I don't see that with Palladium. Maybe you can clue me in on this, because I don't see it.
Palladium - El already mentioned some with regard to eCommerce. Some of the other potential things I've heard that Palladium could offer are, the end of email virii and worms, the end of email spam, secure email, secure instant messaging, secure real time device authentication (multiple computers/appliances in your house recognize you and adapt themselves to you), document management control (you can set the ACL on a word doc and send it around. The ACL could say, you can't copy to clipboard or print. You can view it twice, then it'll delete itself. Only you can view it.).
Don't ask me how Palladium could do these things. I don't understand it well enough to say that. I do, though, know that it has a lot to offer. We should see what it is and try to see it clearly before we jump back and say some invisible evil is once again rearing its head to control us.
As for High Priests of knowledge, I have no idea what you are talking about. If you are mocking me, then I'd say you didn't understand what I intended. I'm not saying that I know everything. I know barely anything. I know enough, though, to know that most everyone who attacks Palladium knows less about it than I do.
If you look at a sampling of people on this message board you'll notice something. Most people are set in their thoughts. Some will say DRM is bad. They'll say that forever and ever. They'll say anything that smacks of DRM is bad. These are not people who are willing to learn. Most people, I'd argue, are not near as interested in learning and improving themselves as they are in ignoring and protecting themselves in their ignorance. Just look at sodajerk if you need a good example. In retort, you could likely say to look at me, and that's fair.
Out of curiosity, what do you think I think most people don't understand that they really do? In my SSL comment above, I meant to say you probably don't, not that you don't. I know that 99% of people don't understand it. Many are afraid of it, well of sharing information that it protects anyway.
|
|
|
|
|