Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCPA discussion please 4

Status
Not open for further replies.
petermeachem

petermeachem

Programmer
Aug 26, 2000
2,270
GB
We all seem to be fairly close to a major change in the way we work and interact with computers and the Internet.
What do you think about it? For starters, you do worse than read this
I would like to keep this a fairly sensible discussion and not descend into a 'Yah Boo he's silly' thread which doesn't get anyone anywhere. Peter Meachem
peter @ accuflight.com
 
Sort by date Sort by votes
Well, your last guy was silly.....



To quote Bruce Schneier, "Security is a process, not a product."

It does no good to buy the most secure bank vault money can buy if you don't lock the door.

For Palladium to work, Microsoft would have to be able to produce code free of security holes, otherwise I could easily abuse the holes, thereby circumventing the system. If Microsoft is capable of producting code free of security holes, why didn't they start doing it 5 years ago?

But suppose that it does work. How will "fritz" react when it cannot talk to it's digital rights management servers? If the default is "allow content exchange", then all I have to do is prevent "fritz" from talking to those servers by blocking its communications at the network level. If the default is "prevent content exchange", what happens when my laptop isn't connected to the internet, or when someone launches a distributed denial of service attack against the content rights management servers?
______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
Think of "The Matrix"... a quote: "Everything in the Matrix is based on a set of rules, rules that can be broken." (I don't remembe the rest :-(, guess I will have to watch it again. :-D)

Now put this in terms of what the basics of this Pallidum is. XP isn't supposed to be able to be used on multiple computers. Guess what? There are illegal versons all over that allow you to do that. Within days, XP was cracked. Mike Wills
IBM iSeries (AS/400) Programmer
[pc2]

Please, if you find my post useful, let me know. [thumbsup2]
 
Upvote 0 Downvote
Perhaps they didn't produce secure code 5 years ago because they wouldn't make money out of it.

What percentage of the desktop is wintel? Can't remember the figure, but is is most computers.

The Matrix was madeup you know. This may be real. Peter Meachem
peter @ accuflight.com

 
Upvote 0 Downvote
I'm sorry, I've just looked down the list and this has all been covered recently. Peter Meachem
peter @ accuflight.com

 
Upvote 0 Downvote
Thanks, Peter.

That link above will have to become my new SIG. At last, we have the writings of a thorough, seasoned thinker. I find very little, if any fault with his thinking.

The whole TCPA/Palladium thing fits right in with the a current big-business mindset that says "every customer is a potential enemy.". And the comments about Wycliffe, Gutenberg, and Tyndale are perfectly in line with what I see happening out of this mindset. (We can't put power into the hands of the individual)

There has always been a certain duality to technical progress: it gives the powerful more ways of selling and getting money from the 'average' person, but on the other hand, it almost always provides that person with another avenue of freedom in life. Here are a few progressions you can see: mail->telegraph->telephone->internet, horse->wagon->boat->train->automobile, handwriting->print_press->photocopier->digital_data, etc... In each of these the trend is to empower the individual every bit as much as it empowers governments and large corporations. So, if you look at the history of innovation, you also see a history of attempts to repeal the effects of that innovation. The recording industry was at one time against radio, because it allowed people to listen to music "for free"; then they were upset at personal recording devices, and finally they are even more up in arms over computers and the internet. Yet, each time these advances (and the freedom they bring) have done nothing but bring more bucketloads of cash into the hands of recording executives. Yes, it's possible for someone to listen to the radio and never ever pay for the latest Dave Matthews CD, but interestingly, the industry found a way to cope with it, without being allowed to impede anyone's freedom. That's the kind of thinking that needs to be employed again.

Also, these attempts never really make economic sense. These industries are spending gigantic amounts of money trying to find ways to prevent people from doing simple, obvious things. Why not instead find ways to make it easier for both sides to benefit. Example: if the music executives had layed aside their egos for just ten minutes, they would have seen that they could make a mint from music copying simply by making alliances with computer makers and bandwidth providers (we'll provide the media, if you give us a percentage of the bandwidth/equipment you sell), and by providing easy ways for people to purchase digital music online at real cost (by real cost, I mean taking away the cost of packaging and labeling, etc... so that songs would reasonably cost $.25 each, or something to that effect). I believe history has shown that, for both governments AND corporations, if you provide a way for people to exercise more freedom, you will do nothing but profit. (Understand, that I use 'freedom' in the libertarian sense, meaning one person's right to freedom end where another person's rights begin. I don't mean freedom as a license to do anything that infronges on someone else.)

All of the forces involved seem convinced that everyone wants everything for free. If they would just spend 10 minutes with real people, they will see that this is not the case. What people really want is freedom of choice and convenience. Music copying itself is not really free. Consumers must pay for bandwidth, and computers, etc... No one seriously copies MP3's without a $50/month broadband connection anyway. (If I dropped down to a $15/month dialup, I could afford 3 new CDs a month.). No, it's not about the money, but about the fact that one can think "Hmm... what was that song I used to like back in 92?", or "Who was that obscure composer again?", and within 5 minutes be listening to it. This is personal empowerment of the highest level!

But no, these isolated powermongers instead want to convince us that this sort of freedom is wrong, and fear is the motivator they hope to use. We are expected to trust massive corporations to protect us from hackers, terrorists, and the bogeyman, while there is ample evidence that they can't even be trusted with a simple balance sheet. It is an Orwellian exercise, along the lines of "War is Peace", but what they are saying is "trust is suspicion", and we are all the suspects. -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
Oooh, nice, rycamor! I've given that one a star!


petermeachem, it's not a matter of economics. It's a matter of attitude and corporate culture. I was once in 1998 personally privileged to hear the truest statement ever uttered about Microsoft. Two of Microsoft's marketing droids came to give a talk to the employees of the company for which I then worked. After nearly an hour of their calling a rousing game of Buzzword Bingo, and after one of them spewed two utterances in succession that were so full of buzzwords he forgot to put verbs in them, one of them said, "Microsoft is not a service company. Microsoft is a marketing company." 'Nuff said.

If it were a matter of economics, then Microsoft would write their software correctly in the first place. To publish flawed software and fix it later violates Blackwell's Law of Strategic Laziness, which states, "It always requires less effort to do it right in the first place." Most of the security holes found in Microsoft's software to date have been either flaws from not considering at all that the internet is a place with lots of hostile code in it (look at how many virii found in the wild are coded in VBA) or failing to bother to check that their buffers do not overflow (look at any ten bugs reported to Microsoft in the last year -- 7 will be buffer overflows).

For Microsoft to do anything more than pay lip-service to the concept of TCPA, it will have to do two things: take security seriously, and reinvent its whole software engineering process.

To see Microsoft's current attitude toward security, take a look, for example, at this URL ( which is a link to an eWeek magazine article titled, "Microsoft security under fire". The article questions Microsoft's entire commitment to security and tells the response of Microsoft and KDE to reports of a flaw in their SSL certificate verification. KDE's Konqueror browser was patched within hours. Microsoft posted a TechNet article nine days later describing the flaw and saying it's exploitation is unlikely. I ask you, who has a commitment to the security of their product?

Microsoft's software engineering paradigm will have to be completed revamped. For one thing, Microsoft doesn't differentiate from OS code and application code. Any programmer working on, say, the Word team can unilateraly modify the behavior of the Win32 ersatz-API. If Win32 is the mechanism for providing the higher-level functions of the OS, what in the hell is an application programmer doing tinkering with it? And why doesn't anyone do a code review before publication to at least see if everyone is checking that their buffers don't overflow?

I honestly think that the complexity of Microsoft's code has outgrown their current software engineering practices. I have a friend who works for a company that builds high-availability computer systems. The company is going to provide Windows 2000 on their systems as an option to their own proprietary OS. Their engineers were astonished on a visit to Redmond to discover that Microsoft's idea of project code revision management is to assign a human librarian to a project. And if you are looking for a specific version of a particular DLL, you just "prairiedog" up in your cube farm and ask if anyone in the sound of your voice has what you're looking for. This does not sound like the work of a serious artist.
______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
Thanks sleipnir214,

"prariedog"? I love it!! ;-). I have never had the pleasure of working at a truly large corp, but from everything I have heard from friends, this is often the way things work, even in the largest ones.

When you work in smaller companies, you tend to get the idea that all the Big Boys have these sophisticated ways of doing things, but I think the past year has showed just what a facade much of this is.

Microsoft's whole software architecture has been built insecurely from the ground up. This is the real reason they want Palladium/TCPA. For a good indication of why Microsoft's only hope is a Palladium-like system, see this information about the "Shatter" attack: and -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
That shatter code is scary isn't it. You could put that in your signature too. Peter Meachem
peter @ accuflight.com

 
Upvote 0 Downvote
Microsoft and Current Software Engineering Practices. That's as oxymoronic as it gets. Microsoft couldn't care less about software engineering, nor could they care any less about security. They address both of these issues at the absolute minimal level necessary to remain viable.

Microsoft is a big business that is interested in money, power, and control, and Palladium is next step toward that end. They are, as sleipnir214 has already corrected stated, a marketing company and their approach to Palladium is how to spin and market it so that people will buy it. To further drive this point home, here are a few selected phrases from the link in peter's orignal post:[ol][li]Microsoft were also motivated by the desire to bring all of entertainment within their empire[/li][li]Making the Chinese pay for software[/li][li]Microsoft would like to make it more expensive for people to switch away from their products (such as Office) to rival products (such as OpenOffice). This will enable them to charge more for upgrades without making their users jump ship[/li][li]easier for Microsoft to control upgrades and patches[/li][/ol]
Trying to "sell" this concept as a security move by Microsoft is putting the fox in charge of the henhouse.

Mr. Anderson has already alluded to the power struggle beginning between Microsoft and Intel over control of the technology. Considering that MS wants to control entertainment, then you can expect Disney, Paramount, etc to join in the battle, and of course IBM will certainly be represented as well. All trying to get as much control over the consumer. Could be fun to watch. But good for the consumer? Doubtful.

Without going into details - a couple of issues that have yet be disected are Individual Privacy Rights, and of course, the 4th Amendment - Search and Seizure. I am curious as to how the Fritz chip will able to secure a warrant to search your machine for illegal content. Just how will probable cause be determined - considering you'd have to search to check?

One would be blind not to realize that there are benefits, but one would be naive not to recogonize the gross potention for abuse. You think Big Brother is watching now, just wait, tomorow you'll be secured by Palladium.

Microsoft claims that Palladium will eliminate viri. But I wonder what it will do with that Trojan Horse called Palladium.

Finally, a very good definition a `trusted system or component' is defined as `one which can break the security policy'. . So let me get this straight - we going to put Microsoft in control of this trusted system?? Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
A few other questions come to mind:

With respect to DRM, suppose that I do go out and buy the latest Dave Mathews CD, and rip it myself onto my own PC? Why shouldn't I be able to copy it to all of my PC's, I've already paid for the music - how will Palladium deal with it?

Suppose that I sell my TCPA/Palladium PC to my neighbor?

Will I be able to take work home and work from my personal PC at the house? Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
The theory is that when you rip a copyright CD, "fritz" and software elements in the computer will recognize it as such. The publisher of the CD can at their disgression decide whether to allow you to rip it at all or not.

If you are allowed to rip it, there will be a mechanism to uniquely identify the rip. If you dump the MP3 into your portable player, it's TCPA hardware and software will check whether you are allowed to dump it into an MP3 player.

If you are allowed to do that, then some automagic cryptographic process will then disable playback of the original MP3 on your hard-drive, and enable playback from the copy on your MP3.

Only when you have deleted the MP3 from the player will playback of the copy on your hard-drive work again.

This whole process is so complicated and so fraught with places in which the process can be hacked or broken that the whole Palladium process is pointless.

What I want to know is what happens if my MP3 player dies ungracefully with that protected MP3 aboard? How then do I renable playback of the copy on my hard-drive? Logically, I might delete the file and rip the CD again. But TCPA has the capability for Sony to limit the number of times you can rip the CD.

And I have yet to ever hear any real benefit to the users of personal computers, just companies.


Microsoft is living in a dream world. They just don't get the fact that the internet is not necessarily a nice place. And the TCPA depends on everyone playing by the rules.

Microsoft has also forgotten one of the basic truisms of the internet: in the words of John Gilmore, "The internet interprets censorship as damage and routes around it."

They've also forgotten E. E. "Doc" Smith words from his "Lensmen" science fiction series: "That which science can create, science can duplicate." I predict that Palladium, the TCPA, and "fritz" will be hacked long before the technology is ever installed in a produced-for-consumer-market computer. ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
Hi all ~

This is an interesting thread. First time I've heard of this TCPA, and all the pros/cons to it.

As we all know, if it can be built, it can be broke.
If it can break, it can be repaired.
If it's repaired, it can be duplicated.
If copied, it can be shared.
If shared, it can be altered.
Once altered, it can mutate.
If it mutates, Microsoft sells it as something else :)
. . . and the cycle starts again!

Very informative info. Thanks.

 
Upvote 0 Downvote
Indeed.

This is the kind of system that would make the majority turn and look for alternatives, if a 50% licensing increase turns so many away I can only imagine what Palladium would do.

That aside - as written above, whatever microsoft/intel coders can do someone somewhere can do things better. Systems will always be cracked and altered it's the way things are.

It's a corporate dream that will never come of age.
 
Upvote 0 Downvote
I think Microsoft is going to try hard to make it work. Not as the threory describes, but definately a scaled-down version. I think Microsoft's percentage in Palladium is that it would give them the ability to lease software on PCs. Think what that would do for their revenue streams.

Imagine that you fire up your "Palladium 2006" machine and invoke Word, only to find that Word won't run, because "fritz", the custom onboard-software, and Microsoft's DRM servers have determined that your lease on the software has expired. A dialog box pops up reading,"You have exceeded the grace period for the lease on this software. An annual renewal is only $149.99. Please call Microsoft to renew. Have your credit-card ready when you call." ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
To put a finer theoretical point on my arguments (with apologies to petermeacham), here is a link about one of the groundbreaking thinkers in 20th century economics:
IMHO, the arguments advanced by economist Ronald Coase apply perfectly to the values placed on modern internet/digital goods and services. He claimed that problems in business rights are often much better solved by strategic bargains rather than using government intervention. (Notice the example of the lighthouse, which is a good parallel for modern internet services)

Disclaimer: as one of those crazy American libertarian individualists, I tend to like theories that favor less government. Funny thing that the Coase, a British socialist, ended up thinking this way too ;-). -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
I read the Newsweek article on Palladium a few months ago. Microsoft is used to being able to patch software, but palladium is at the hardware level. How does one 'patch' a hardware bug that's not discovered until 20-30 million units are out there? As far as playing along with the palladium concept, to quote Wargames: "The only winning move is not to play"
--Jim
 
Upvote 0 Downvote
I have two quote that cover my opinion on the subject:

Antoine de Saint-Exupéry (1900-1944: pilot, author, inventor):
You know you have achieved perfection in design, not when you have nothing more to add, but rather when you have nothing more to take away.


Montgomery Scott's line from Star Trek III: The Search for Spock:
The more they overthink the plumbing, the easier it is to stop up the drain.
______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
I read about TCPA today and was going to ask about it. Petermeachem beat me to it!

For info though, the FAQ linked in his post can also be found at


where there is much more info on the subject. As an OpenOffice & Mozilla user, I don't like the look of it much...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

netnerdnerd9
  • Locked
  • Question
question please 14
2 3 4
Replies
79
Views
637
netnerdnerd9
netnerdnerd9
Wavesg
  • Locked
  • Question
Advice Please 2
Replies
4
Views
33
Wavesg
Wavesg
langleymass
  • Locked
  • Question
the decline of e-mail discussion groups
2
Replies
20
Views
68
Vanine
Vanine
GreenTeeth
  • Locked
  • Question
Please define "Ethical" 3
2 3
Replies
46
Views
132
xutopia
xutopia
sam2001
  • Locked
  • Question
a carreristic quest -please help 2
Replies
2
Views
41
pivan
pivan

Part and Inventory Search

Sponsor

Back
Top