gulp! - P2P-Zone

schmooky007 · 08-09-02, 03:37 AM

a nice description about the latest "secure computing" product in the works from microsoft:

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

theknife · 08-09-02, 06:53 AM

Yup....Diego posted this a while ago - pretty Orwellian, no? When I read stuff like this, I don't get too worked up coz I always figure that somewhere out there, some 14 year old hacker will figure out a way around it - and when he does, I'll find out about it here at the NU

SA_Dave · 08-09-02, 11:11 AM

The only problem with that theknife is that this proposed scheme would incorporate hardware encryption, as well as software "protection". XP was the software-only solution, and easily crackable as a result. The initial hardware attempts should also be crackable to a degree, and I believe M$ may be doing this to create a false sense of security & to prevent cries of "Anti-trust violations" by people who aren't in the know, yet are intelligent enough to put two and two together when comparing their brand-new, crippled system to the functional one they just replaced!

Even if the hardware could be exploited to reveal the decrypted keys, the problem is that they are machine-specific. This is a poorly-disguised ploy to kill open-source & free-software movements, because all these "keys" or "certificates" would be controlled by Microsoft-Dictatorship Limited's centralised server farms. What's more, these keys would act very much like the checksum signatures used in p2p-clients like eDonkey2000/Overnet, Shareaza & Kazaa/KL/G/iMesh. If you modify one byte, the file's signature is different and would therefore require a different key. The only way to distribute this key is for you as a developer to pay Microsoft to be authenticated, and would most probably be required to pay for each file!

This would essentially kill open-source, as patches, updates & personalised modifications are constanly being released & developed en-masse. It would also prevent hacking/reverse-engineering & the ability for Linux users to compile & modify their environment. It would probably make life difficult for freelance developers too, which wouldn't even be in Microsoft's best interest! This would also kill the competition! Sure they released SP1 for XP, which claims to allow you to use Netscape, AIM & other third-party apps with ease, but it doesn't help if they have the power to remotely disable or even delete these programs! In fact, with recent WMP patches they've included ominous suggestions in the license agreements.

GNU developers don't have the money to pay royalties to Microsoft. Although they won't admit it openly, Microsoft are dead-scared of the soaring popularity of Linux as a desktop platform, especially in big business.

You also have to consider the broader concept of .NET when looking at TCPA/Palladium. This is Microsoft's vision of distributed computing. All your data & applications are stored on and processed by the central servers, so frustrating patches & steep minimum requirements would be a thing of the past. All that would be necessary would be a terminal/pc with a functional web-browser. The main problem here is, if you fall behind in your monthly payments, or if the server/service is compromised, discontinued or lost, then your data is out of your hands or possibly even permanently destroyed! Plus with M$'s impressive track record for privacy, this would seem to have far more disadvantages than benefits.

.NET would initially be based on passport (MSNIM & hotmail) services, yet on a much larger scale. It's debatable whether the company can even accomodate such massive traffic, as hotmail etc. are prone to major downtime even now! Will their services even be competitive or desirable? I doubt that would be the case, but if they're allowed to continue buying-out & bullying other companies, acquiring their technology in the process, it might very well happen.

I'm not at all unrealistic here. I believe these measures may well be Microsoft's undoing! Competitors like Sun & Oracle are providing practical distibuted-computing solutions right now (thin-client technologies are very useful in corporate networks), years before M$ even claims it will be ready. If you include the fact that development cycles are usually at least twice as long as Microsoft initially reports, the competitiors could easily outpace even themselves! However, MS does have a multi-billion dollar publicity/propoganda/recruitment/news-manipulation campaign going on. This technique has succeeded in the past and probably will to a limited degree in the near-future. In other words, I think .NET & Palladium will succeed to a point, hurting many consumers' business & personal interests along the way, yet it will ultimately fail. We just have to spread the message & not become complacent. The "I've heard it all before, yet it doesn't affect me now & probably won't in future, so why bother?" attitude of the public has to be altered or questioned at the very least.

Consumer-outcry probably won't drastically affect MS's policies, but it should be a good incentive for trying out the competing products. I think the partnership between IBM, Sun & Sony to create a new supercomputer chip for the Playstation3 & other computing platforms is the kind of thing that needs to happen in order to crush .Net & Palladium. You have to remember that Intel & AMD (the 2 largest chip manufacturers) are in this with Microsoft & the affordability & distribution of these platforms are what allows Linux to have a growing influence on home-users.

Drakonix · 09-09-02, 01:00 AM

Quote:

...writings that criticise political leaders.

This one alone should be enough to kill it, this is clearly an unconstitutional restriction.

Quote:

Software companies can also make it harder for you to switch to their competitors' products; for example, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor.

This one is clearly anti-competative.

The fight is really heating up.

Mowzer · 09-09-02, 06:32 AM

As with pretty much all Palladium stories on the net, the fine points are a bit off.

A good read is from the eff.org... "When Microsoft came to talk to us [eff.org] about Palladium, Seth took some notes and did this write up" http://vitanuova.loyalty.org/2002-07-05.html

With Palladium, one can't ignore the fact it seems more about control of your computer and restriction of fair use than the 'advantages' of virus control or thwarting hackers.

Microsoft's inherent software inadequacies seem to be at the root of the problem.

This post on slash dot sums it up best...

[...it's easy to imagine, in the future, the argument on the senate floor, "Since basically everybody uses Trusted Computers, why not just make untrustworthy computers illegal? they'only empower terrorists/drug dealers/kiddie porners/etc..."
And to most people, it makes total sense then to ban those anonymous, crime-friendly pc's. I suppose the silver lining is, we could at least free ourselves of spammers. So it's a tough call ;-) ]

08-09-02, 03:37 AM	#1
schmooky007 hi Join Date: Mar 2001 Posts: 1,708	gulp! a nice description about the latest "secure computing" product in the works from microsoft: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-09-02, 06:53 AM	#2
theknife my name is Ranking Fullstop Join Date: Dec 2001 Location: Promontorium Tremendum Posts: 4,391	Yup....Diego posted this a while ago - pretty Orwellian, no? When I read stuff like this, I don't get too worked up coz I always figure that somewhere out there, some 14 year old hacker will figure out a way around it - and when he does, I'll find out about it here at the NU

08-09-02, 11:11 AM	#3
SA_Dave Guardian of the Maturation Chamber Join Date: May 2002 Location: Unimatrix Zero, Area 25 Posts: 462	The only problem with that theknife is that this proposed scheme would incorporate hardware encryption, as well as software "protection". XP was the software-only solution, and easily crackable as a result. The initial hardware attempts should also be crackable to a degree, and I believe M$ may be doing this to create a false sense of security & to prevent cries of "Anti-trust violations" by people who aren't in the know, yet are intelligent enough to put two and two together when comparing their brand-new, crippled system to the functional one they just replaced! Even if the hardware could be exploited to reveal the decrypted keys, the problem is that they are machine-specific. This is a poorly-disguised ploy to kill open-source & free-software movements, because all these "keys" or "certificates" would be controlled by Microsoft-Dictatorship Limited's centralised server farms. What's more, these keys would act very much like the checksum signatures used in p2p-clients like eDonkey2000/Overnet, Shareaza & Kazaa/KL/G/iMesh. If you modify one byte, the file's signature is different and would therefore require a different key. The only way to distribute this key is for you as a developer to pay Microsoft to be authenticated, and would most probably be required to pay for each file! This would essentially kill open-source, as patches, updates & personalised modifications are constanly being released & developed en-masse. It would also prevent hacking/reverse-engineering & the ability for Linux users to compile & modify their environment. It would probably make life difficult for freelance developers too, which wouldn't even be in Microsoft's best interest! This would also kill the competition! Sure they released SP1 for XP, which claims to allow you to use Netscape, AIM & other third-party apps with ease, but it doesn't help if they have the power to remotely disable or even delete these programs! In fact, with recent WMP patches they've included ominous suggestions in the license agreements. GNU developers don't have the money to pay royalties to Microsoft. Although they won't admit it openly, Microsoft are dead-scared of the soaring popularity of Linux as a desktop platform, especially in big business. You also have to consider the broader concept of .NET when looking at TCPA/Palladium. This is Microsoft's vision of distributed computing. All your data & applications are stored on and processed by the central servers, so frustrating patches & steep minimum requirements would be a thing of the past. All that would be necessary would be a terminal/pc with a functional web-browser. The main problem here is, if you fall behind in your monthly payments, or if the server/service is compromised, discontinued or lost, then your data is out of your hands or possibly even permanently destroyed! Plus with M$'s impressive track record for privacy, this would seem to have far more disadvantages than benefits. .NET would initially be based on passport (MSNIM & hotmail) services, yet on a much larger scale. It's debatable whether the company can even accomodate such massive traffic, as hotmail etc. are prone to major downtime even now! Will their services even be competitive or desirable? I doubt that would be the case, but if they're allowed to continue buying-out & bullying other companies, acquiring their technology in the process, it might very well happen. I'm not at all unrealistic here. I believe these measures may well be Microsoft's undoing! Competitors like Sun & Oracle are providing practical distibuted-computing solutions right now (thin-client technologies are very useful in corporate networks), years before M$ even claims it will be ready. If you include the fact that development cycles are usually at least twice as long as Microsoft initially reports, the competitiors could easily outpace even themselves! However, MS does have a multi-billion dollar publicity/propoganda/recruitment/news-manipulation campaign going on. This technique has succeeded in the past and probably will to a limited degree in the near-future. In other words, I think .NET & Palladium will succeed to a point, hurting many consumers' business & personal interests along the way, yet it will ultimately fail. We just have to spread the message & not become complacent. The "I've heard it all before, yet it doesn't affect me now & probably won't in future, so why bother?" attitude of the public has to be altered or questioned at the very least. Consumer-outcry probably won't drastically affect MS's policies, but it should be a good incentive for trying out the competing products. I think the partnership between IBM, Sun & Sony to create a new supercomputer chip for the Playstation3 & other computing platforms is the kind of thing that needs to happen in order to crush .Net & Palladium. You have to remember that Intel & AMD (the 2 largest chip manufacturers) are in this with Microsoft & the affordability & distribution of these platforms are what allows Linux to have a growing influence on home-users.

09-09-02, 06:32 AM	#5
Mowzer ' Join Date: Jan 2002 Posts: 209	As with pretty much all Palladium stories on the net, the fine points are a bit off. A good read is from the eff.org... "When Microsoft came to talk to us [eff.org] about Palladium, Seth took some notes and did this write up" http://vitanuova.loyalty.org/2002-07-05.html With Palladium, one can't ignore the fact it seems more about control of your computer and restriction of fair use than the 'advantages' of virus control or thwarting hackers. Microsoft's inherent software inadequacies seem to be at the root of the problem. This post on slash dot sums it up best... [...it's easy to imagine, in the future, the argument on the senate floor, "Since basically everybody uses Trusted Computers, why not just make untrustworthy computers illegal? they'only empower terrorists/drug dealers/kiddie porners/etc..." And to most people, it makes total sense then to ban those anonymous, crime-friendly pc's. I suppose the silver lining is, we could at least free ourselves of spammers. So it's a tough call ;-) ]