[ale] [ISN] Microsoft to reveal Palladium source code (fwd)

Jim Philips jcphil at mindspring.com
Wed Jun 26 14:32:55 EDT 2002 

Your question is dealt with specifically in the Register article:

"How do you make Linux interface with a security chip in such a way that 
untrusted applications are sandboxed without taking root away from the 
machine's owner? I think the answer is, 'you can't,' and I imagine Redmond 
thinks so too. And what will Palladium mean to application development? More 
overhead, that's what. Certification authorities charge for their services. 
Some applications in development may have to be scrapped due to the costs of 
certification.

Eventually, as Palladium contagion spreads, the home Linux box will need 
certified open-source apps to run DR-managed content. Here goes the GPL 
again. So I've got this certified app. Fine. I've got the sources. Fine. What 
happens if I decide to build my own binaries? They won't be certified. They 
won't work. So what does the GPL mean to me then? It means I can build, or 
modify and build, an application which will lack the digital cert which it 
needs in order to run the content it was designed to run. Only the binaries 
will be certified (as a moment's reflection will make obvious). This is a 
nail in the GPL's coffin. Yes, I can improve the app and give away or maybe 
even sell my improved version; but first I have to prove that it qualifies 
for certification, and second I have to pay for the cert. And when I release 
it, source and all, only the certified binary will function.

The entire concept of root will be out the window. If I build my own or 
re-compile my existing kernel, my certs won't work. I won't be permitted to 
log in to the Microsoft Digital Empire or any of its numerous colonies 
because that little chip on my mobo is going to freak out. Perhaps even my 
certified apps will fail to run. And I can no longer present my Uniform 
Identifier at the digital immigration turnstiles which MS will be setting up 
as I meander through cyberspace. 'Sorry, we don't know who you are; you'll 
have to turn back....'"

On Wednesday 26 June 2002 03:21 pm, John Wells wrote:
> The way I understand it, and correct me here if I'm wrong, is that for an
> application to run it would need to be signed by a valid certificate
> authority.  Valid will most likely mean Microsoft and its approved
> partners.  That causes a problem when trying to compile open source apps,
> as there's no way to compile and then have a cert authority sign the
> resulting binaries.
>
> I'm wondering if, since the code will supposedly be shared, there will be
> a way to modify it to use alternate certificate authorities.  In that
> case, I envision some open source friendly cert authorities coming into
> existence that will automatically validate binaries per Palladium specs.
>
> I guess it's too early to tell.  There's only one thing that can be taken
> for granted...if the opportunity presents itself to screw a competitor,
> Microsoft *always* takes full advantage.
>
> John
>
> Pete Hardie said:
> > Jonathan Rickman wrote:
> >> On Wed, 26 Jun 2002, Pete Hardie wrote:
> >>>And if it's built into the compiler, then open source will work just
> >>> fine.
> >>
> >> There's the problem. MS controls access to the compliler and re-words
> >> the user agreement to prohibit compiling source code that is GPL'ed.
> >
> > That kind of restriction would (I fervently hope) be struck down in an
> > eyeblink  - it's too restrictive, rather like Ford making it illegal to
> > drive a Ford car onto a Chevy dealer's lot.
> >
> >
> >
> >
> > --
> > Pete Hardie                   |   Goalie, DVSG Dart Team
> >      posting from, but not     |
> > 	speaking for:             |
> > Scientific Atlanta, Digital Video Services Group
> >
> >
> >
> >      - - - - - - -  Appended by Scientific-Atlanta, Inc.  - - - - - - -
> >
> > This e-mail and any attachments may contain information which is
> > confidential, proprietary, privileged or otherwise protected by law. The
> > information is solely intended for the named addressee (or a person
> > responsible for delivering it to the addressee). If you are not the
> > intended recipient of this message, you are not authorized to read,
> > print, retain, copy or disseminate this message or any part of it. If
> > you have received this e-mail in error, please notify the sender
> > immediately by return e-mail and delete it from your computer.
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list. See
> > http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> >  sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.

More information about the Ale mailing list