MS to eradicate GPL, hence Linux

If you can't beat 'em, criminalize 'em

Yesterday, as we all know, Microsoft fed an 'exclusive' story about its new 'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy who writes without irony of "high-level encryption"), presumably because they trusted him not to grasp the technology well enough to question it seriously. His un-critical announcement immediately sparked a flurry of articles considering what this means to the Windows user base.

And that's as it should be. But my question is, what does it mean to the Linux user base?

Well, of course no one knows yet; the Levy article is long on generalized promises but very short on details. We know that some hardware element will be involved -- some hardened slice of silicon on the mobo which will identify the computer and the user, and recognize other computers and their users. It, or a companion chip, will interface with some manner of PKI, current or future, so that only 'authorized' applications may run with privileges. MS wants us to think that the 'authorizer' will be the user, but we know better: there will undoubtedly be a DRM element in it, and its authorizations will override yours. There will also be a networking component, involving an elaborate PKI and vast data warehouses run by MS and its trusted partners.

So let's say Intel and AMD begin shipping Palladium-compliant boards as MS begins shipping the software to OEMs and shops. And let's say that the Redmond spin campaign, persuading users that this is actually for their benefit, takes hold, and consumer demand for the scheme begins to grow and it eventually becomes a de facto standard, like SSL today, for example.

Got root?
All right then, how do we get Linux and open-source servers and apps to work with networks using this master scheme? What changes will be necessary?

The first thing that comes to mind is the difficulty of getting my Apache Web server to work seamlessly with Harry Homeowner's Windoze box when he comes to my site for some eminently trustworthy business. Everything I download to him (and this may even include Web pages -- the scheme is that far-reaching) will have some manner of digital cert which MS and its family of cronies will have established beforehand. I don't see a problem here. The certs will be embedded in the content and I'm merely providing space for it to reside. Even pages and images can be digitally signed and Harry's box can simply accept them or not according to rules he's worked out for himself.

But what if Harry needs to transact business and/or send me something? Then I think it gets tricky for two reasons. First, I have to be able to assure him that I can't read what he sends (and neither can the script kiddies who root my site monthly), and second, I'll probably have to pass part of it along 'safely' (as defined by MS) to some other network under Redmond suzerainty where the bulk of Harry's whole life's data is stored and continually updated. And of course I'll need access to that data so I can be sure Harry is Harry and his Mark of the Beast (or whatever MS will call his Uniform Identifier) is valid.

So to validate Harry, and to update his Master Data File -- two bits of business integral to the Palladium scheme -- I'll need hardware, an OS and a server compliant with Redmond specs. Now MS says they're going to make the sources to the core of this technology open. But considering Microsoft's white-knuckled terror of Linux and open source products in general, combined with its established penchant for mining its products with hidden little pissers for the competition, I don't think it's paranoid to imagine that I may have to turn to a packaged product from a major MS partner/collaborator or a Linux distributor who's gone to the bother of obtaining certs for the kernel and the apps. But either way we'll have major GPL problems, as we'll see below. Indeed, this is going to be something of a reductio ad absurdum.

This certification scheme will rip the guts out of the GPL. That is, the minute I begin tinkering with my software, my ability to interface with the Great PKI in the Sky will be broken. I'll have a Linux box with a GPL, all right; but if I exercise the license in any meaningful way I'll render my system 'unauthorized for Palladium' and lose business. So instead, I imagine I'll be turning to my vendor for support, updates, modifications and patches. And I'll be dependent on them for support services at whatever price they can wheedle out of me because I dare not lose my Palladium authorization. I wonder if the cost of ownership of an open-source system will actually be lower than the cost of a proprietary system under such circumstances.

If MS can't wipe out Linux, at least they can throw their marketing might and obscene quantities of cash into the project of castrating and controlling it by rendering the commons hostile to Linux users who still have their balls. They can in a sense create a huge market for open/closed hybrids, just as I imagined above: a system that comes with a GPL which I dare not exercise, and with considerable costs of both purchase and ownership. Even Dell might get into the castrated Linux act when they see what sort of stranglehold the Palladium scheme will enable them to place on it.

But here's the diabolical bit. Linux distributors are going to lose big time if they remain faithful to the GPL. Palladium will either break the GPL, or if not, break Linux.

Harry's lament

I fully expect to see Linux on the desktop growing rapidly in the next several years. The major distros like SuSE and Mandrake are coming along nicely with classic Harry features like automatic updates. Hardware detection is getting better by the day. Open Office is rapidly approaching the point where it imports from and exports to MS office without difficulty. The 2.4.x kernel is finally showing signs of the 2.2.x's legendary stability. The KDE desktop is looking sharp and working nicely now with version 3.0. Mozilla is coming along wonderfully. And now Red Hat says it intends to commit seriously to the desktop market.

As the obstacles to Windows migration fall away, inherent virtues like better security and privacy (your Linux box does not automatically connect to servers at Microsoft whenever you search your hard disk, for example), freedom to configure, redemption from the MS update crack-addiction, and low cost of ownership will strike more chords with the computing public.

This terrifies MS as much as the enterprise Lintel phenomenon. And it's not just cost rationale at play here. There's a revelation in store for users once they have something to compare their Windows eXPerience against. As home users come to use and understand Linux, they'll automatically begin to perceive what a parasite Microsoft really is.

The answer to this will be more parasitism: Palladium is a means of infesting the commons with hostile digital fauna. As these new services and applications become more plentiful, the need for the Linux desktop to deal with them according to Redmond spec will increase as well.

Kernel hackers will have their hands full figuring that one out. How do you make Linux interface with a security chip in such a way that untrusted applications are sandboxed without taking root away from the machine's owner? I think the answer is, 'you can't,' and I imagine Redmond thinks so too. And what will Palladium mean to application development? More overhead, that's what. Certification authorities charge for their services. Some applications in development may have to be scrapped due to the costs of certification.

Eventually, as Palladium contagion spreads, the home Linux box will need certified open-source apps to run DR-managed content. Here goes the GPL again. So I've got this certified app. Fine. I've got the sources. Fine. What happens if I decide to build my own binaries? They won't be certified. They won't work. So what does the GPL mean to me then? It means I can build, or modify and build, an application which will lack the digital cert which it needs in order to run the content it was designed to run. Only the binaries will be certified (as a moment's reflection will make obvious). This is a nail in the GPL's coffin. Yes, I can improve the app and give away or maybe even sell my improved version; but first I have to prove that it qualifies for certification, and second I have to pay for the cert. And when I release it, source and all, only the certified binary will function.

The entire concept of root will be out the window. If I build my own or re-compile my existing kernel, my certs won't work. I won't be permitted to log in to the Microsoft Digital Empire or any of its numerous colonies because that little chip on my mobo is going to freak out. Perhaps even my certified apps will fail to run. And I can no longer present my Uniform Identifier at the digital immigration turnstiles which MS will be setting up as I meander through cyberspace. "Sorry, we don't know who you are; you'll have to turn back...."

So how is this going to work in practical terms? Will the Linux distributors release certified kernels and apps and utilities? I don't see how they can avoid it. But what happens to the GPL in that case? Will the certification authorities decline to certify the distro if the kernel and app sources are included? Or will the machine simply lose its Palladium authorization and fail to work properly if apps or the kernel are re-compiled or built from external sources?

Either way, the GPL is perverted. Any GPL'd kernel, utility, application, whatever, that's designed to be Palladium compliant will have to be distributed without certified sources. There's simply no way to ensure that a source archive can only be used to build compliant binaries, unless GCC is deliberately broken in some radical way and the security hardware won't allow other compilers to run (except similarly broken ones).

Will there be a hybrid Linux/hardware package coming out to address this? A sort of black box -- a mere desktop appliance not unlike an X-Box or a Palladium-enabled Windoze box -- with no compiler, and only user privileges, and some hardware chip that prevents modifications to any of the binaries except by digitally-signed RPMs pre-approved for Palladium compliance? That means basically that MS has got root on my machine, and of course it would rip the guts out of the GPL to boot. [Reader Stephen Crane points out that Rule Set Based Access Control (RSBAC) might well suit such a product, which would then make MS not root but the 'Security Officer' of my Linux machine.]

It's the very fact that this appears insoluble to me that helps me realize that MS has put tremendous, careful thought into it. To make the commons Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very clever and admirably diabolical.

Of course here I'm assuming Palladium won't become the next Microsoft Bob. It could meet with severe consumer rejection, as I hope it will. And so we end with a question for lawyers, not for me: is a technically-valid, letter-of-the-law GPL which you can't practically exercise violated or not? You've got your sources and everything in the distro is GPL'd -- only any binaries you choose to build on your own will isolate you from the commons. I think MS believes it's found a loophole here. Whether it will work or not is another question.

In any case, it's time for Tuxers to take the gloves off. ®

Other stories you might like

  • New audio server Pipewire coming to next version of Ubuntu
    What does that mean? Better latency and a replacement for PulseAudio

    The next release of Ubuntu, version 22.10 and codenamed Kinetic Kudu, will switch audio servers to the relatively new PipeWire.

    Don't panic. As J M Barrie said: "All of this has happened before, and it will all happen again." Fedora switched to PipeWire in version 34, over a year ago now. Users who aren't pro-level creators or editors of sound and music on Ubuntu may not notice the planned change.

    Currently, most editions of Ubuntu use the PulseAudio server, which it adopted in version 8.04 Hardy Heron, the company's second LTS release. (The Ubuntu Studio edition uses JACK instead.) Fedora 8 also switched to PulseAudio. Before PulseAudio became the standard, many distros used ESD, the Enlightened Sound Daemon, which came out of the Enlightenment project, best known for its desktop.

    Continue reading
  • VMware claims 'bare-metal' performance on virtualized GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual updates across CPU, GPU, and DPU lines
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading
  • AWS puts latest homebrew ‘Graviton 3’ Arm CPU in production
    Just one instance type for now, but cheaper than third-gen Xeons or EPYCs

    Amazon Web Services has made its latest homebrew CPU, the Graviton3, available to rent in its Elastic Compute Cloud (EC2) infrastructure-as-a-service offering.

    The cloud colossus launched Graviton3 at its late 2021 re:Invent conference, revealing that the 55-billion-transistor device includes 64 cores, runs at 2.6GHz clock speed, can address DDR5 RAM and 300GB/sec max memory bandwidth, and employs 256-bit Scalable Vector Extensions.

    The chips were offered as a tech preview to select customers. And on Monday, AWS made them available to all comers in a single instance type named C7g.

    Continue reading

Biting the hand that feeds IT © 1998–2022