Microsoft Scales Down Palladium 475
bonch writes "Formerly known as Palladium, Next Generation Secure Computing Base (NGSCB) will not be fully available in Windows Longhorn after all. Instead, Longhorn will offer "the first part of NGSCB: Secure Startup," says Jim Allchin, Microsoft's group vice president for platforms. However, most hardware will not support this technology on release."
So... (Score:5, Interesting)
Soo..... (Score:4, Interesting)
Re:Soo..... (Score:1, Interesting)
I really think your overestimating people there. A few of my friends are still saying "Can't wait for Longhorn". I'm know that they'll be queueing up outside the shop for it.
And yes, they have seen all the announcements about everything thats to be dropped.
Microsoft is totally dropping the ball (Score:5, Interesting)
I tell you, if IBM sunk $1 billion dollars into making a single grandma-usable Linux distribution, it'd be the best $1 billion they ever spent. That's a pipe dream, but seriously, if nobody capitalizes on this, it's a total missed opportunity to break the Microsoft monopoly.
In my opinion, the software is ready. KDE is all set to go. We've got office applications, dtp, multimedia, internet, databases... If somebody could fix CUPS, make software installation simple, and populate all the most important configurations in one area and give them easy-to-use and consistently-designed wizards (that the experienced users could of course ignore), this thing would be ready. Not World of Warcraft ready, maybe, but ready enough. Hell, I'd buy it in two seconds.
The problem is, you need someone with deep pockets to finance all the boring aspects of making a unified-feeling distribution and fixing all the intricate bits (like CUPS or whatnot), but if they did, and slapped a big old IBM on the cover, it'd be dynamite. And having IBM on it would probably add a center juggernaut quality that might make hardware companies more interested in doing proper driver support.
Re:TP-M my ass. (Score:5, Interesting)
Probably right about the virus-scan. Outside the machine, the drive probably will look like it is full of garbage.
However, I don't think replacement will become impossible. If the machines won't allow replacement disks, this means that a disk failure will result in a useless machine; this will probably also get in the way of people wanting to add disks -- and the people wanting to put Linux on a second-hand machine will cry foul -- so this is going to fly as well as those boat-anchors those machines would become.
And this iteration of Longhorn at least will not require these chips... you won't have to buy new motherboards just now. But, perhaps further down the line this may become a required peripheral for Longhorn, but this will not be until most motherboards have it in place.
It looks like mostly a way of keeping stuff on hard-drives secret. As such this is not so bad in view of how frequent notebook-theft is, or how big the security problems of second-hand equipment are.
Steve Jobs - Balls of steel (Score:3, Interesting)
WINHEC finishes and then Tiger is released. Longhorn is shown to be an investment in distant future mediocrity and Tiger is released tomorrow.
"world peace and cheap antigravity"! (Score:5, Interesting)
Truth in Advertising? (Score:5, Interesting)
Windows 2000 -> Windows NT 5.0
Windows XP -> Windows NT 5.1
Longhorn -> Windows NT 6.0 or Windows NT 5.2?
Or maybe even Windows NT 5.11?
For those wondering what Microsoft HAS been doing (Score:3, Interesting)
Stripped? (Score:5, Interesting)
Is anyone here keeping a list of things that were supposed to be in Longhorn but aren't gonna be?
Six years for Microsoft to implement my solution (Score:4, Interesting)
Re:Steve Jobs - Balls of steel (Score:4, Interesting)
Interesting point. It's a possibility, but is there much crossover though?
The sort of people WinHEC is for are very committed Win32 API developers. They aren't necessarily interested in anything else, Linux, OS X, or any other *nix, whether its tech is inviting or not.
These folk have years invested in the Windows architecture and WinHEC helps them prepare for the future of THEIR platform.
If the timing had been a more general consumer or business focussed conference, where it was important to grab the hearts and minds of potentially swinging technology pundits, then the deliberate timing theory might have more weight.
I think the so-called "looks over the shoulder" the Windows camp gives OS X are largely mythical. Apple's relevance is very small in the grander scheme of things, is it not?
Maybe you've got a point though. The topics of WinHEC itself did seem to address future developments in Windows that are currently strengths of OS X.
Re:So... (Score:2, Interesting)
I only use M$ products at work, but when they first announced all the new features that Longhorn would have it looked promising. To me it looks like they bit off more they can chew in the timeframe they commited to, hence the dropped/postponed features.
Re:TP-M my ass. (Score:3, Interesting)
Speaking as a computer tech who make money out of cleaning up viruses that would be a real bitch
Also, if it relies on a chip on the motherboard, what happens if the m/b gets toasted? Would all the data be history?
Re:Truth in Advertising? (Score:5, Interesting)
DEVELOPER RANT: don't use if (win_version == nt5.1) use if (win_version >= nt51). It sucks, when I played around with the LH Alpha leaks, a lot of software didn't work out of the box because they didn't know what NT 6.0 is. Your firm may go bankrupt long before the LH release but don't go screwing your customers of any forwards compatibility.
But congrats to the Mozilla devs for having good native UI integration - Mozilla looks really good under LH 3653 and LH 4008 and the plex theme.
And among all the talk about LH being souped up XP in the past few days, isn't this feature called Aero still under lock and key? Or have M$ Shafted that too?
There is only one way to be secure. (Score:1, Interesting)
Microsofts patching model is a security hole in itself. If software can permanently change the state of a machine (especially if downloaded from internet!) the system is insecure.
No amount of virus scanning, port blocking, smart administration, new fangled encrypto-chip or other tweaking will ever be able to ensure that the system has not been comprimised.
As I said, ROMed boot images are necessary for security, but of course, not sufficient. However, solving the rest of the problem becomes larglely an exercise for the network administrator.
Just this one recognition can lead us to predict the future of computing with foresight. The days of multitasking applications on one CPU are over. Probably special purpose diposable/commodity hardware systems that run one application only are the solution. No more upgrades. No more self-running documents.
It is deeply unlikely that Microsoft will be the ones to bring this about. Security will be the death of Microsoft.
Re:Steve Jobs - Balls of steel (Score:2, Interesting)
The more I think about it the more I like the timing of it though. Apple have used their own WWDC as the platform for showcasing OS upgrades and I guess it would fit Jobs sense of timing to actually release Tiger around WINHEC time.
Not so much to hit developers but the rest of the potential users (and IT press) who have increasingly become watchers of those events.
DEVELOPER RANT - Version checking. (Score:5, Interesting)
DEVELOP RANT: don't use OS version tests if you can use feature tests instead.
Not a comment specifically directed at you, I don't know if you do this, but I keep running into software on all platforms that doesn't run on older versions even when patches, service packs, hotfixes, software updates, backported libraries, or compatibility fixes have removed the dependency on the specific OS version they hardcoded into the application.
One of the nice things about the Amiga is that all the developer documentation showed code checking library versions instead. Not perfect, but much better than OS version checks. Palm provided hooks to do functional checks down to the entry point level, but then spoiled it by shipping example code doing OS version checking.
Re:So what *will* Longhorn offer then? (Score:4, Interesting)
For just one example, where's the scriptability of compiled apps? I'm not talking about built-in VBA (hackcoughspit), but something more like Apple's system (SmallTalk? I dunno), or DCOP in KDE or GNOME (I forget which - a linux-based colleague once wowed me with how compiled, native, window-manager apps could be hooked by external scripts which received input and controlled the apps' behaviour.
Sure, ActiveX was a step in that direction, but it's not a "default" part of any Windows app - you have to code for it specifically and it's a nightmare. It's also a pile of shite, and insecure to boot.
I want to be able to write a script to hook when a certain colleague comes on-line in MSN Messenger, and automatically MSN him a file (fuck, I'd settle for only being alerted when someone from a certain group came on-line, but no-go). I want to be able to hook the end of a CD-burn and shutdown my machine. Or play a sound. I want to be able to script additional user-actions tied to a specific menu item in a specific program, or tied to a single menu item in every program that offers that menu item.
I know all these things can be done, either using kludgy workarounds, different apps or using VB/WSH/JS and ActiveX objects, but every solution is different. Nothing works the same. Most programs are entirely unscriptable, unless the programmer specifically tries to offer that functionality.
I want Visual Studio to expose DCOP-style scripting hooks for every app, unless you specifically turn it off (and even then, that shouldn't be easy). I want a proper, documented, sensible scripting language (or languages).
Sure, I can hear the calls now - "but users won't use those features - who even understands scripting apart from a few hackers, sysadmins and power users?"
But that's your fucking answer right there - the early adopters and pioneers, the people who advise on business-systems upgrades, and the people who bridge the gap and educate their fellow "ordinary users" so the skills trickle-down until everyone understands it. Fifteen years ago, who used and understood e-mail, or the internet? Hackers and sysadmins. And now?
Linux is successful because it's designed for hackers. Sure, it can be retrofitted for normal users too, but the reason it's still around is the thousands of hackers who tinker and play with it.
Microsoft is successful because of their enormous marketing budget, and their canny (and, to be fair, illegal) business practices. I'd even go so far as to say MS is successful in spite of their technology - it's generally inferior to FOSS, in my opinion, because they'll compromise on The Right Thing for marketing and vendor lock-in reasons.
If I were MS I'd be making my UI as scriptable and hackable as possible in an attempt to steal Linux's thunder. They've currently got the basic-user-desktop sewn up, although it's under attack from FLOSS. If they had any sense at all they'd be courting the hackers and power-users, to actually attack FLOSS where it hurt.
Build it and they will come.
Re:And to think I used to worry about this... (Score:2, Interesting)
I know it was meant to be a joke.. but who knows, all these incidents might actually spur them to *gasp* learn about their mistakes and actually make an uncrackable system.
For all I know, the latest WMV DRM has not been cracked yet... and if Palladium were as good as that we might be in for quite a bit of trouble...
Re:Soo..... (Score:3, Interesting)
Very cool idea and I can't wait to she how it works tomorrow.
-S
What is secure startup ? (Score:5, Interesting)
What does it do ?
If a remote website asks your pc "do you run windows Longhorn ?" it will not be possible to lie. You can not give an answer at all if you choose not to, but you cannot claim you run windows longhorn without actually running windows longhorn.
Why is this useful ? DRM. The way to avoid DRM is to (for example) run a display driver that captures images and prints them out. So now the remote website can ask you "what version/configuration of windows are you running, please specify your display driver."
You can choose to respond in 3 ways
-> not at all -> access denied
-> you can lie -> lie is detected -> access denied
-> you can tell the truth -> access granted
Obviously, in the last case, you are totally at the mercy of their software, which is obviously the whole point of Secure startup.
With secure startup websites that only want microsoft browsers visiting them (your bank, your employer,
Re:You are an idiot (Score:2, Interesting)
Microsoft isn't stupid. They know that if they take too long on an upgrade, customers will start investigating alternatives. And if they slip a few percent in market share, there may be a high chance of them slipping a lot more.
Remember when 3DFX owned the 3D accelerator market? Any idea how they're doing now? Oh, that's right. They got usurped by their competitors, went belly up, and got acquired by NVidia.
This is a good thing, isn't it? (Score:3, Interesting)
Why is everyone bashing Microsoft for dropping it?
Rejoyce!
Re:You are an idiot (Score:0, Interesting)
Long horn is not too long in coming as you put it. There are many people who still don't touch Server 2003 (us included) because it is untested technology. Most large business that run on MS platforms are not going to look elsewhere, rather they will look at Server 2003 when longhorn debuts. MS has its market locked in. It is in the business market as a whole, not the server market or desktop market. It sells solutions, not an OS or a specific software package. It sells the complete package.
Yes, I remember 3DFX very well. In fact I have an old voodoo 1 card in my closet. I paid $200 for it just so I could play GLQuake. Are you honestly trying to compare the resources 3dfx had with the behemoth that is Microsoft. MS can afford to loose money for years, they can make a bad product and it won't put them out of business. They are not only the 800-lbs. gorilla, they are also the room it sits in and the house that has the room in it.
Perhaps is people like you stopped focusing negative attention on other companies and started focusing positive attention of getting Linux up to snuff and ready for the world of secretaries, insurance adjusters, accountants, and millions of other people who use MS for their jobs you would contribute more then your redundant lament that MS is scared of Linux.
Jesus fucking Christ, either take some action to better the cause you are fighting for or shut the fuck up.
Re:It's all marketing spin to keep it in the news (Score:3, Interesting)
Umm... yeah. Spotlight not only searches documents, it searches mail, photo, contacts, and other databases. And it does it *way* faster than the "wait a half hour for your entire drive to be searched" command line method.
Advanced in what fashion? Multimedia handling has been mature for ages. The only thing new in Multimedia handling that I am aware of is a couple more codecs and DRM. Linux supports pretty much all the codecs.
Windows has WMP and OS X has iTunes. Both manage your music effectively, and without issue. Both systems also have good integrated video components. No need to compile a piece of software that's illegal in this country. Both play DVDs without fuss, and both handle shakey multimedia files without crashing the video subsystem. (Although VLC and Xine seem to be much better than MPlayer on this.)
Are you aware of a system that has more reliable plug and play? True, there is no "one true system" but the distributions I have used were extremely effective in this department.
OS X? I just plug devices in, and they work. Period. Under Linux, I'm lucky if my mouse doesn't freeze up. (See my journal for this pet peeve of mine.)
If you meant functional cd/dvd burning being included with the OS, Linux is quite a few steps ahead of the competition.
The last time I used Linux CD burning, I had to run from hell and back just to configure the burner program. I ended up as a very unhappy customer, with several CDs that didn't work right on the XP machine they were intended for. (U was helping my sister with setting up her new XP machine, only to find that OpenOffice, Mozilla, and the other goodies all had 8.3 filenames on the CD.)
Re:TP-M my ass. (Score:3, Interesting)
I should say that soon the linux boot/virus scan disks will theoretically be able to read these nasty secure startup drives.
I don't think so. It depends on exactly what Microsoft implements as "secure startup", but what I would expect is that they'll hash the kernel plus important drivers and services into the TPM, then bind an encryption key to that system state, then encrypt the rest of the disk contents with that key (well, really, with keys encrypted with that key, but whatever).
The result will be that if you boot a different OS, even one that knows about the TPM and hashes its own state, the bound key will not be accessible (because the hash value will be different) and the disk contents will not be accessible. That's the whole point of a TPM, really.
In Microsoft's favor (ewww, I can't believe I said that), if they do this "secure boot" thing correctly, and also have "rollback" functionality to go back to a last-known-good state (which XP already does, I think), then if you try to boot an infected machine, the OS will realize that it's in an altered state, restore the last checkpoint and reboot, thereby eliminating the virus whose installation caused the problem.
Of course, the bad thing is that, depending on what they hash, installing an "unofficial" sound card driver could cause precisely the same thing to happen.
I predict, however, that shortly after MS "secure boot" rolls out, you'll start seeing live CD Linux distros that feed the TPM exactly what Windows would feed it so that Linux boots up with the same TPM state and therefore has access to the bound keys, and everything else. Reverse engineering the decryption and the file system structure will be the hardest part of producing these distros, not the TPM-related stuff.
(Note: There are some complications with the above scenario depending on how much TPM support the BIOS has, and how it's configured. Suffice it to say that I think the above will be possible, though you may have to tweak BIOS settings and then re-install Longhorn to get it in a state where it is possible.)