Worth a read: ------- Forwarded message follows ------- From: "Serdar Yegulalp" <serdar@xxxxxxxxxxxxxxxxxxx> To: <gkarpik@xxxxxxxxx> Date sent: Tue, 02 Jul 02 16:02:29 -0400 Subject: [Win2kPowerUsers] Volume 2, Number 23 / July 2, 2002 Windows 2000 Power Users Volume 2, Number 23 July 2, 2002 By Serdar Yegulalp (serdar@xxxxxxxxxxxxxxxxxxx) *************************ADVERTISEMENT************************** Missing Your Winmag.com Newsletter Authors? Don't! Jim Powell's The Office Letter: http://www.officeletter.com/ Serdar Yegulalp's Newsletter: http://www.win2kpowerusers.com/ Fred Langa's LangaList: http://www.langa.com/ Karen's Power Tools at http://www.karenware.com/ Jason Levine's Toolbox: http://www.jasons-toolbox.com/ Mike Elgan's Mike's List: http://www.mikeslist.com/default.htm John Woram's Newsletter: http://www.woram.com/letter/index.htm Scot Finnie's Newsletter: http://www.scotfinnie.com/newsletter/ ***************************************************************** In This Issue: - Palladium: (Dis)Trustworthy? Palladium: (Dis)Trustworthy? I had other material scheduled for this week, but I've pushed it back in favor of an analysis of Microsoft's latest future project, Palladium. (To all those who wrote to me in the last couple of weeks -- regarding laptop repair, the spam issue, and so on -- I do thank you in advance. I'm still sifting through a lot of that mail and I plan on offering another issue later this week.) Of all the things Microsoft has announced recently, this is the one which makes my hair stand on end the most fiercely. Microsoft was originally mum about Palladium, but news has leaked out (courtesy of journalist Steven Levy), and now it's all over the place. And it's not pretty. Put simply, Palladium is a system architecture -- odds are it's going to be part of the next version of Windows -- with built-in DRM (digital rights management) and cryptography features, called a "trusted computing platform." Palladium requires hardware that's designed specifically for it -- a chipmaker would need to devise a CPU, chipset and motherboard that is Palladium-compatible. Not only that, but I'm assuming everything else in the PC, from the disk controllers to the graphics cards, would also have to be replaced. This means that every aspect of the system -- everything -- would be protected with cryptographic control. Programs that aren't Palladium-approved don't run. Data that isn't copy-approved can't be copied. Microsoft insists, however, that Palladium is just an architecture; it's content-neutral. You can implement as much or as little of it as you wish. That's a nebulous promise to me, especially since about all I can glean from this is peril, not promise. Several key issues do come to mind. 1. Totally new hardware and software is required. Not only is this expensive and in many cases impractical, but it's exasperating and smells of a locked-hands policy. Imagine not being able to upgrade anything -- drivers, software, everything -- on your PC because the only future versions available are Palladium-only. Who wants to pay -- possibly pay more -- for something which allows you to do less? 2. Censorship and freedom of information. While I am no pirate and I don't defend them, the idea of pre-emptively making it impossible to copy anything without certification is appalling. As someone else pointed out, treat ordinary people like thieves and they'll become thieves. (On that note, the new CD copy-protection initiatives are a joke; they're expensive, they create more problems than they solve, and they're disgustingly easy to defeat. Not only that, but the music industry is talking out of both sides of its mouth when it tries to ascribe hard loss numbers to piracy, which is by its definition nearly impossible to get hard numbers on.) 3. Microsoft. Again, I don't need to go very far to spell this out, but given how Microsoft has come under heavy fire for being monopolistic, how is this supposed to make them any less of a bully in the eyes of the government? And, as David Coursey pointed out, why should we trust Microsoft to come up with some proprietary closed-ended scheme that's ostensibly for our protection? Wouldn't we be better off with an open standard, if we were going to do something like this at all? Why give Microsoft the keys to the digital kingdom? To think that Microsoft came up with this in response to criticisms that Windows is insecure would be funny if it wasn't so true. Clearly, one of the better ways to address that would have been to simply police their code better, but now it seems they're more interested in a baby-and-bathwater solution. If Palladium is being sold as a way to stop viruses, for instance, I don't buy it for a second. Every security system can be cheated; all it takes is time and diligence -- and there's a whole subculture of crackers who would be itching to do exactly that. Notice how Microsoft (and just about every press pundit who writes about Palladium) never talks about this basically being handcuffs for your PC. They talk about security. Security's a two-edged sword, and if you go by the old quote about those who give up liberty for security deserving neither, you're probably quite on track. One of the joys of owning a PC is being able to do what you want with it -- including making modifications to it that the designers never intended. Now that appears to be the next big enemy in the digital world, because God knows people who are allowed to run just any old program on their computer could be doing something illegal. In my opinion, Palladium's promise of security is about as appealing as voluntarily going to prison to avoid being charged with a crime (or attacked by a criminal) -- and we all know how safe and trustworthy prisons are. It is not even a remotely fair tradeoff; it is, quite simply, blackmail. The only way to make this even remotely palatable is to make it an option - something that can be turned off, permanently, or something that is only available in a specific edition of the OS that is not the only version. There is also a good deal of time to register one's feelings about the idea -- Palladium itself probably won't appear for several more years at least. But I have the feeling we're going to need that time, because of all the ideas Microsoft has come up with, this one is fraught with the direst implications. On a side note, remember the Intel CPU ID number controversy? In 1998 Intel started rolling out a software-addressable extension to their processors, which allowed you to query the CPU for a unique serial number. Public outcry against the idea forced Intel to ship with the ID number disabled. No OS or program I know of uses it, and it was in fact one of the big reasons a number of friends of mine ditched Intel systems to go to AMD-based PCs. Microsoft appears to be on the verge of making the same sort of mistake, one which is not so much technologically ill-conceived as simply tasteless. "The last thing I want," one of my friends remarked, "is to have my PC branded with the Mark of the Beast." I'll be reporting back more on this as time goes by -- and as always, speak your mind in e-mail. I suspect my mailbox will be melting from this one. If Product Activation inspired resentment, this will probably inspire revolt. Serdar Yegulalp Editor, Windows 2000 Power Users Newsletter http://www.win2kpowerusers.com/ Personal site: http://www.thegline.com To unsubscribe from this newsletter, send an email from the address you wish to remove to: win2k-unsubscribe@xxxxxxxxxxxxxxxxxxx ------- End of forwarded message ------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...a cat is a diagram and a pattern of subtle air... Grant Karpik gkarpik@xxxxxxxxx To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/