What's in a name? Not Palladium

[Zombie9920]

By Robert Lemos
Staff Writer, CNET News.com
January 24, 2003, 5:47 PM PT


Microsoft has dropped the code name of its controversial security technology, Palladium, in favor of this buzzword-bloated tongue twister: "next-generation secure computing base."
On Friday, the company said that the name Palladium had become tarnished by controversy surrounding some elements of Microsoft's security push. In additional, it faced a potential legal battle with a small firm over the Palladium name.

"The official story--and it's true--is that we intended to change the name for a long time," said Mario Juarez, product manager for Microsoft's Windows Trusted Platform Technologies Group. "The fact that it was something that got a lot of attention and gave rise to a lot of misunderstanding" was also a factor, he said.

 

Microsoft unveiled Palladium last summer with the goal of allowing companies to wall off data, secure communications, and to identify their systems and those of business partners.

Critics, however, argue that the technology can also be used to restrict access to data. For example, a text document could be restricted to being accessible by only the application that created it.

To address the criticism, the company has decided to release the source code of the core part of the software, known as the nub or nexus, so that others can verify it is secure and is doing only what the company has claimed.

Microsoft's Juarez dismissed any suggestions that the name change implied that the company was trying to dodge criticism.

"That's not the reason that we are doing it," he said. "This is really reflective of the fact that Microsoft is embracing this technology in terms of folding it into Windows for the next decade."

In addition, a potential lawsuit by a small firm that he wasn't allowed to name was also a major factor, Juarez said.

"Another company has laid a claim to the trademark of Palladium," he said.

The name change comes a day after Chairman Bill Gates sent a memo to Microsoft's customers outlining the company's progress towards securing its Windows products. The memo foreshadowed the name change by referring to Palladium as the initial name for the technology.

"Looking ahead, we are working on a new hardware/software architecture for the Windows PC platform (initially code-named 'Palladium'), which will significantly enhance the integrity, privacy and data security of computer systems by eliminating many 'weak links,'" Gates wrote in the memo.

Despite the controversy surrounding the technology, few technical details of the technology have been released.

http://news.com.com/2100-1001-982127.html?tag=fd_top

[slave]

quote: To address the criticism, the company has decided to release the source code of the core part of the software, known as the nub or nexus, so that others can verify it is secure and is doing only what the company has claimed.

So does that mean I can run Linux on Palladium hardware?  Not that I'd want to, anyway.

PS they don't need to release the source code to convince me what Palladium "does"  I know exactly what it does - it caters to the media industry.

[Refalm]

Another name, but it's just the same evil thing.

Non-tech people will mark "next-generation secure computing base" as "difficult/advanced" which makes it even harder for us anti-Microsoft people to explain.

[choasforages]

yeah, they confusicate the name. and refalm, please change you agianst tcpa to something agianst DRM and whatever microsoft is calling their "inovation"

[raptor]

microsoft isnt making it any easier on themeselves.

[ January 26, 2003: Message edited by: raptor ]

[Refalm]

quote:chaosforages: please change you agianst tcpa to something agianst DRM and whatever microsoft is calling their "inovation"

Uh... why? Isn't the TCPA an "innovation" led by Microsoft and Intel to crush competition?

[AlexMax]

Actually, there is a part of this that is actually beneficial, if I'm following everything right.

From what I hear, ANYONE can sign software, not just M$.  This means that you would be able to use LILO as your bootloader.  However, there might be something built into Windows that would prevent LILO from botting Windows since there isn't a 'trusted' connection between the two.  But that would be simple to solve, move to Linux.

I am, of course, speaking of what I have been able to gather.  If I'm wrong, please let me know, but I think it's a little more realistic than some "MICROSOFT IS TRYING TO RULE THE WORLD with DMCA, TCPA, DRM, EIEIO, AND OTHER EVIL SOUNNDING ACRYNIMS" kinda thing.  Not that they aren't, but that's another subject.

[ January 27, 2003: Message edited by: AlexMax ]

[jtpenrod]

quote: Microsoft has dropped the code name of its controversial security technology, Palladium, in favor of this buzzword-bloated tongue twister: "next-generation secure computing base."
On Friday, the company said that the name Palladium had become tarnished by controversy surrounding some elements of Microsoft's security push. In additional, it faced a potential legal battle with a small firm over the Palladium name.

Whatever. Once again, it's form over substance in the Land of Redmond. Rather than answer the "controversy" by clearly explaining what this "Palladium" really is, what it does, and by opening the source code so that everyone can see exactly what it's all about (now that would be "trusted computing"!    ) they change the name. They really do seem to believe that they can make the controversy go away with a simple name change.   :eek:  

Also, the mighty Microsoft is worried about a legal challenge from a "small firm"?   :confused:    Since when have they ever been afraid of "small firms", which they eat for breakfast like they've been doing for the past 20 years? Do they really expect anyone to buy that?

Just more MS BS. Whom the gods would destroy, they first make mad
_____________________________________
Live Free or Die: Linux

Their fundamental design flaws are completely concealed by their superficial design flaws.

[sporkpimp]

quote:Originally posted by Linux User #5225982375:

So does that mean I can run Linux on Palladium hardware?  Not that I'd want to, anyway.

Who ever said you can't? In the TCPA FAQ, it's pretty much summed up perfectly under section 18:

"18. Ugh. What else?

TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed. The GPL is designed to prevent the fruits of communal voluntary labour being hijacked by private companies for profit. Anyone can use and modify software distributed under this licence, but if you distribute a modified copy, you must make it available to the world, together with the source code so that other people can make subsequent modifications of their own.

At least two companies have started work on a TCPA-enhanced version of GNU/linux. This will involve tidying up the code and removing a number of features. To get a certificate from the TCPA corsortium, the sponsor will then have to submit the pruned code to an evaluation lab, together with a mass of documentation showing why various known attacks on the code don't work. (The evaluation is at level E3 - expensive enough to keep out the free software community, yet lax enough for most commercial software vendors to have a chance to get their lousy code through.) Although the modified program will be covered by the GPL, and the source code will be free to everyone, it will not make full use of the TCPA features unless you have a certificate for it that is specific to the Fritz chip on your own machine. That is what will cost you money (if not at first, then eventually).

You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system. Something similar happens with the linux supplied by Sony for the Playstation 2; the console's copy protection mechanisms prevent you from running an altered binary, and from using a number of the hardware features. Even if a philanthropist does a not-for-profit secure GNU/linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There is still the question of who would pay for the user certificates.)

People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. This helped make people willing to give up their spare time to write free software for the communal benefit. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended. The benefit for Microsoft is not that this will destroy free software directly. The point is this: once people realise that even GPL'led software can be hijacked for commercial purposes, idealistic young programmers will be much less motivated to write free software. "

***

I wouldn't mind if it was just the Open Source Initiative getting screwed, but this hurts GNU too! (shakes fist)

-SporkPimp

[Tattooed]

Would TCPA and Palladium not be break anti trust laws? Check this out
http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf  
I hope nobody buy TCPA or Palladium- remember what happend with the P3 serial numbers-nobody wanted that-so why should anyone what this crap.

[Refalm]

quote:Tattooed: I hope nobody buy TCPA or Palladium- remember what happend with the P3 serial numbers-nobody wanted that-so why should anyone what this crap.

That's because Microsoft says that it will increase security on your computer and on the internet. And that people are actually believing that.

[Calum]

microsoft break anti trust laws all the time. don't be naive.

[Tattooed]

Here is a TCPA site that you can write comments or a Question about TCPA. http://www.trustedcomputing.org/tcpaasp4/contact_tcpa.asp

[ February 06, 2003: Message edited by: Tattooed ]

[sporkpimp]

Okay, so Palladium is incredibly, indelibly evil... but what about the TCPA?

The TCPA rebuttal PDF linked a couple posts above is interesting... if the author is honest and things work out like he says they will, even a Linux box would benefit from TCPA... I personally would feel a lot better having (nearly) unstealable private keys, and the idea of being able to "lock in" security information would be nice...

...of course, that's -IF- that's an accurate summary of TCPA.

Anyone got better info?

[choasforages]

from the tcpa faq, it says you can use your own keys. its supported by ibm, and supposedly theyve had it in some of their systems for some time now

[ February 07, 2003: Message edited by: chaosforages ]