|
|
|
Ask Your Vista Questions Here.
|
|
|
The_Fiend
Suspended permanently
|
22. December 2006 @ 18:39 |
Link to this message
|
I say you're an idiot.
If you would have read any of the previous posts properly, you would realise that the fancy looks only hide the monster underneath.
Better protection ? who are you kidding here?
Vista is vulnerable to malware and exploits from 2004, and it still retains errors in the code that where first found in XP, and still microsoft claims this hunk of sh*t was coded from the ground up...
I've said it before, and i'll say it again : all you smacktards who want vista just because it "looks so great, and has such nice functions" should trade in your computers for teething rings.
Anyone that willingly subjects himself to all the DRM and all the "protections" that make microsoft's monopoly position bigger than it already was, and who then comes here asking "why can't i copy my dvd's anymore?" and stuff like that can rest assured that i will ridicule them to no end and i will relentlessly rub in that i warned you dummies about this.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
This message has been edited since posting. Last time this message was edited on 22. December 2006 @ 18:41
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
22. December 2006 @ 18:48 |
Link to this message
|
21Q
the reason you gloating is ye got vista to work.
i have vista working for months.
soon as the vista program is over i will be wiping the hard drive clean..and will install windows 2000...
even if its free or cracked ,movie studios,vista operating system and microsoft DRM own you they could not even get xp-right using 2000 base system !!!!!!!!!!! and they are pushing this crap...
i am informing the world that Vista Beta and final "was one of the worst operating system experiences that I've ever encountered."
|
|
The_Fiend
Suspended permanently
|
22. December 2006 @ 18:54 |
Link to this message
|
|
The worst thing is, who will these morons turn to when their precious new hunk of junk doesn't work ?
That's right, us "nerds" here at Afterdawn.
Tell me, does anyone here feel like even trying to fix the problems that this monster will cause ?
I say the first sign of vista trouble, we should lock the doors of AD, because if we don't, we will be washed down the drain by all the idiots coming here asking for help.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
AfterDawn Addict
|
22. December 2006 @ 19:07 |
Link to this message
|
|
soon drd will have a vista board installed..
the reason i was asked to be in the vista program,i was a beta tester for xp-poop crap operating system..
example of a xp-poop problem i seen in the last couple of days....sp-2 files get corrupted..and need repaired..
simple to fix just redownload sp-2 and reinstall..if xp lets you..
|
AfterDawn Addict
|
22. December 2006 @ 19:07 |
Link to this message
|
|
No fiend, we'll just get all the confused Vista users to pm you with their problems. And I thought I did not suffer idiots kindly! They'll never come back after you have enlightened them. LMAO
|
|
The_Fiend
Suspended permanently
|
22. December 2006 @ 19:17 |
Link to this message
|
|
Garmoon, you do that, and i'll be forced to skin you alive and eat whatever pets, children and other relatives you might have running around there.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
AfterDawn Addict
|
22. December 2006 @ 19:25 |
Link to this message
|
and The_Fiend sure knows how to take care of children..
|
Senior Member
|
22. December 2006 @ 23:24 |
Link to this message
|
|
Fiend, about vista, extremly well said. Hit the nail right on the head.
|
|
janrocks
Suspended permanently
|
23. December 2006 @ 02:07 |
Link to this message
|
|
The writing on the wall...
Bristol City Council has dumped Microsoft Office, Corel Word Perfect and Lotus 1-2-3 from 5,000 user desktops as part of a migration to the open source StarOffice 7.
The local authority estimates that the move will save it some £1.4m over the next five years.
The migration was prompted to help meet the government's requirements for improved efficiency in the public sector as set out in the Gershon Review.
According to the council, as well as saving money, the project aims to ensure a more consistent use of software systems across its departments and services where a mixture of products are currently used.
Most of the council's departments will transfer to the new software, although some 1,800 desktops in the city's education service, including schools, will remain on Microsoft Office for the time being.
This is because of the preferential financial terms that Microsoft currently offers for product licences to educational establishments, but has so far not been prepared to extend to other public sector users.
A limited number of other council staff will retain access to Microsoft Office applications where they need to manage the few documents with specific technical features not yet fully supported in StarOffice.
Councillor John Bees, Bristol's executive member for central support services, suggested that the council's decision marks one of the most significant migrations from Microsoft products in the UK.
"This is further evidence that the city council is determined to be as cost effective as it can in the way it works, while neither compromising the quality of its services to the public or the resources available to staff," he said.
"Our IT specialists have spent three years evaluating the options and investigating in detail the technical, financial and cultural issues involved in switching the majority of our desktops to StarOffice. We are convinced that this is the right way forward and will offer benefits all round."
|
AfterDawn Addict
|
23. December 2006 @ 02:42 |
Link to this message
|
|
@ The Fiend
You'd make a good Cajun, Sha. We'll eat anything, if it's prepared correctly with enough cayenne.
|
Senior Member
|
23. December 2006 @ 03:18 |
Link to this message
|
I'm not trying to gloat. I'm only saying what I think of it, srry if it came off as gloating. Plus I haven't had any problems with vista. It will ask you for about everything when you do something, I cant even run WinRAR normally. With the looks I was only saying it looked nice, I know that looks aren't everything. I have had xp have settings crash on me when I shut it off from when button when it freezes and now I have to dell with those. The worst I have had here is the mouse crazy for a second when ever I click continue. AS for malware I haven't gotten any. The source defenitly isn't ground up but its much better than xp.
This message has been edited since posting. Last time this message was edited on 23. December 2006 @ 03:31
|
AfterDawn Addict
|
23. December 2006 @ 09:21 |
Link to this message
|
i am informing the world that Vista Beta and final "was one of the worst operating system experiences that I've ever encountered."
IF YE GET AND USE VISTA THAT MEANS YE KISS THE MOVIE STUDIOS MICROSOFT AND MEDIA COMPANY'S ON THE ASS.
IRELAND
Cost analysis of Vista DRM: Part II
p2pnet.net news view:- Microsoft doesn't merely use DRM. To all intents and purposes it is DRM, better known as Digital Rights Management, Digital Restrictions Management or or just plain CRAP for Content Restriction, Annulment, and Protection, as ZDNet's David Berlind called it, eventually deferring to Richard Stallman's Cancellation, Restriction, and Punishment. We call it, simply, CCG, short for Consumer Control Gear.
But whichever way you dress it up, and whichever side of whatever fence you're on, bottom line, it's all about bottom lines. It's about finding ways to use legal systems around the world to force you do what the corporations want you to do, or not do, as the case is increasingly becoming, with applications and packages you mistakenly thought you'd bought and paid for, and usually through the nose.
"This June [2002] Microsoft started talking publicly about 'Palladium,' a system that combines software and hardware controls for 'trusted' computing and which it hopes to have in operation by 2004," we said in an early p2pnet post, going on:
"In Microsoft terms, 'trusted' means total system control for Bill and the Boyz and in fact, Palladium looks a lot like a variation on the 'Broadcast Flag' scheme through which the movie, electronics and record companies want to use purpose-built technology to make sure consumers [you] can't see, hear or use anything not owned, or approved, by them."
The post centred on TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA, an analysis by Britain's Ross Anderson, professor of Security Engineering at the Computer Laboratory, University of Cambridge. In it, among other things, he says:
For years, Bill Gates has dreamed of finding a way to make the Chinese pay for software: TC looks like being the answer to his prayer.
There are many other possibilities. Governments will be able to arrange things so that all Word documents created on civil servants' PCs are 'born classified' and can't be leaked electronically to journalists. Auction sites might insist that you use trusted proxy software for bidding, so that you can't bid tactically at the auction. Cheating at computer games could be made more difficult.
There are some gotchas too. For example, TC can support remote censorship. In its simplest form, applications may be designed to delete pirated music under remote control. For example, if a protected song is extracted from a hacked TC platform and made available on the web as an MP3 file, then TC-compliant media player software may detect it using a watermark, report it, and be instructed remotely to delete it (as well as all other material that came through that platform). This business model, called traitor tracing, has been researched extensively by Microsoft (and others). In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present). So someone who writes a paper that a court decides is defamatory can be compelled to censor it - and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticise political leaders.
The gotcha for businesses is that your software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. Such blatant lock-in might be prohibited by the competition authorities, but there are subtler lock-in strategies that are much harder to regulate.
Ross also says:
With existing MP3s, you may be all right for some time. Microsoft says that TC won't make anything suddenly stop working. But a recent software update for Windows Media Player has caused controversy by insisting that users agree to future anti-piracy measures, which may include measures that delete pirated content found on your computer. Also, some programs that give people more control over their PCs, such as VMware and Total Recorder, are not going to work properly under TC. So you may have to use a different player - and if your player will play pirate MP3s, then it may not be authorised to play the new, protected, titles.
Does that look familiar?
The Net should be all about freedom of speech and freedom of choice. And it is, as far as millions of people are concerned. But Microsoft and the others of its ilk view both concepts with horror and are hell bent on making sure you consume, consume, consume only product they make and they sell.
Once upon a time, manufacturers and retailers lived by the credo, The Customer is Ways Right. Not any more. In the digital 21st century, customers are always wrong and have been reduced to mindless 'consumers,' drones with no will of their own who eagerly slurp down whatever the huge multinationals such as Microsoft, Apple, Intel, IBM, AMD, Adobe, and so on, care to dish up. And that's the way the conglomerates and monopolies want to keep it.
Yesterday we ran a special from Peter Gutmann in New Zealand. It features a detailed cost analysis of Microsoft's Vista.
In the executive summary, he says simply:
The Vista Content Protection specification could very well constitute the longest suicide note in history.
And in the intro ...
... one important point that must be kept in mind when reading this document is that in order to work, Vista's content protection must be able to violate the laws of physics, something that's unlikely to happen no matter how much the content industry wishes it were possible. This conundrum is displayed over and over again in the Windows content-protection specs, with manufacturers being given no hard-and-fast guidelines but instead being instructed that they need to display as much dedication as possible to the party line. The documentation is peppered with sentences like:
It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features because this demonstrates their strong intent to protect premium content"
This is an exceedingly strange way to write technical specifications, but is dictated by the fact that what the spec is trying to achieve is fundamentally impossible. Readers should keep this requirement to display appropriate levels of dedication in mind when reading the following analysis ....
Below, in order of appearance, are several clips from p2pnet Readers' Write comment posts.
The underlying problem is that the homeputer has evolved from a device where information is created and shared, to a channel for "content consumption". When it fails to handle the increasing flow of "content", they ask you to buy a new one.
And ...
... maybe MS should add an 11th Law to their list* to avoid confusion. Law #11: If you allow your computer to run Microsoft Vista it is not your Computer anymore. ;-)
And ...
Could someone please define "premium content" for me? Because as far as I know, in all my years of computing since Windows 3.1, I've never ever had any use for this so called "premium content". Personally I think the vast majority of PC users out there don't either. I mean, granted the stuff Apple has been doing with their iPod and music service seems to have become pretty popular over the past several years, but this is about the only thing I can think of that sort of matters to anyone.
Hmm, perhaps "premium content" stands for anything that is afflicted with DRM then? Well if that be the case, then we really shouldn't have anything to worry about. Because as far as I know, most folks avoid the stuff, which is easily done and has been for a very long time now.
Basically all this article amounts to is a rant of theoretics based entirely on something that, on paper anyways, looks a little bit scary. I'd rather wait until Vista has been out for a few months before making any judgments if you don't mind. Until then I'm going to stick with my pirated copy of XP (which I've had since XP first came out in 2001) for as long as I can, thank you very much. Once support is pulled from that, which it inevitably will be some day (how else is M$ going to force everyone to upgrade?), then perhaps I'll consider finally moving to either Vista or Linux. Which ever direction the world has taken I guess, though neither of those would be my first pick if I had any say in the matter. But the reason why I say that is a whole 'nother ball of wax, so TTFN. ;-)
And ...
What is MS planning to do if (or when) Ati and Nvidia refuse to play ball and support all these restrictions. Since this stuff is only needed for allegedly premium content, what real need do their high-end 3d adaptors have for it? Noone buys a 1950XTX/8800GTX just to watch movies on after all. Noone buys an X-Fi to listen to mp3's either.
Unless MS offers to cover all these added development costs, i can see the hardware industry telling MS to re-insert it all back into whichever orifice it came from.
And ...
The information I got from sources at (names-withheld) vendors indicated that this was going to go into their entire product line. Because MS owns most of the market, no vendor can afford to opt out. Refusing to play ball isn't an option. - Peter (author of the article).
And ...
That sucks ass. I'll just use Linux when using XP is not an option anymore.
Also, who cares about this premium content shit? There's anough stuff already released to entertain you 'till you die, many times over. Tons of DVDs I haven't watched, and they can all be ripped, lots of CDs out there, the best music has already been made, current music sucks anyway. CDs can be ripped too. Not now, but eventually the cartels' business model will collapse.
The more restrictions they all put on people, to secure their wallets are fat, the more people become fed up with the model. I feel like getting a couple of rentals right now so that I can rip 'em, not because I need to, not because I want to, but because I can, I am in charge, and I will always make sure I am in charge, no mother fucking corporate assholes are ever going to dictate what to do at home, with my computer. No fucking way.
This is going to backfire on them, Blueray and HD-DVD movies have a nice copy protection mechanism, pretty strong, and if a device becomes compromised, they will just block it; do you think people who bought a brand X model Y high def optical disk player are going to be happy when their devices can no longer play any new releases, or if it becomes a brick after a non disclosed firmware upgrade. These people are going to be pissed. Because I simply don't want to be on that boat, I won't buy a high def optical disc player, therefore I won't rent or buy high def movies. I will get free stuff from my local library though.
Do you want games, there are tons of games out there, many of their copy protections can be bypassed, just don't get any Starforce games (that was really good to know, thanks Jon!). You want older console games, there are thousands of those. I still play pac man once in a while, the ROM of course, either on Windows or Linux, or Mortal Kombat, or Elevator Action, 1942. Etc... The point is there's so much stuff out there that who cares about what the cartels' future plans for content control are. It's not that I encourage people to break the law, just to be a rebel, it's that these guys are thugs, and I don't do business with thugs.
Plus the number of creative stuff, mostly software, some movies and some music, that are being released under more friendly, and non greedy licenses, is incresing very fast. Open source software, creative commons etc...
OK, enough rant.
And ...
That used to be my opinion too. Unfortunately it's far easier said than done. The problem is that Linux can be a huge pain in the ass to get up and running smoothly, so much so that I don't think the average user, whom probably makes up the vast majority of PC users our there, will want to bother despite all the great things that are touted about Linux. I know I've certainly lost a lot of sleep over the problems I've encountered with trying Linux out, and pulled out copious amounts of hair in frustration to match.
Me? Well I'm a more advanced user than your average joe, though I wouldn't call myself hardcore or anything. In fact I'd say I'm pretty close to being an average joe too. I do build my own PC's, do all my own software installs, my own troubleshooting, and so on. Despite for how long I've used some form of Windows or another, there are still vast parts of it that are a complete mystery to me. As much as I would love to switch to Linux and never use a Microsoft product again (and trust me, I would if it wasn't such a huge PITA), it just isn't going to happen. At least not any time soon anyways, with the way things are right now.
Take Ububtu for instance. Easy enough to install, and it even feels similar to Windows. But then you find you need a bunch of drivers, and as we all know, finding up to date bug free drivers is difficult even under the best of circumstances under Windows, where support is supposedly better. With Linux it's an utter nightmare.
A nightmare as well is getting everything installed and running just the way you like, without all the extra junk you don't want. On top of that you have all these gobbledygook config files that you will inevitably be forced to tweak before things will work correctly, if they ever do at all. Despite often having a nice GUI included in most distros, everything still requires command lines, the majority of which only the truest hard core geek could ever understand. Simply put, the switch from Windows to Linux is not something you can do over night. Don't believe me? Ask yourself how long it took you to learn all the ins and outs of Windows and all the apps you use with it.
Ok, so if your will is strong enough to get past all of that, then you now have to track down alternative programs to replace the ones you were used to using in Windows. While it is certainly possible to do so with some effort, you also end up having to learn how they all work as some will most certainly be fairly alien to the average joe. Expect to do a lot of troubleshooting here as well. Maybe I'm just an unlucky fellow, but I've never ever found any bit of technology that just simply worked out of the box the way it's supposed to without having to troubleshoot it first lol. Good luck if you have a lot of applications to replace too. The information overload, provided you can actually find decent information to begin with (I usually end up going in circles), can be enough to make your head explode.
Even if you are still willing to go through everything I've mentioned up until this point, one other obstacle remains. Not every Windows app has a counterpart under Linux (thank goodness for Firefox, Thunderbird, Open Office, and the like). In some cases there will be but one, and this means you have no choice but to use it. At least in Windows you have a great many applications to choose from, with costs ranging from a small fortune to completely free.
So basically you can choose to have freedom, or have freedom to choose, but you can't have both. This is certainly an area where the ideals of free open source software (a movement that I love, don't get me wrong) tends to hamper matters rather than help them. Sometimes the love to program just isn't incentive enough to create applications, and keep them up to date. Out of everything this may be the biggest problem I have with Linux, in that it is only as strong as the weakest link. That would be the human aspect of it all. I've lost count of how many times a really fantastic app or plug-in has gone down the tubes simply because the author lost interest.
Of all applications, the most notable to me is all those DirectX games, all of which absolutely requires Windows. There is just no getting around that short of giving up on PC gaming altogether. I own a lot of games myself, many of which I haven't even played yet (hard to resist the bargain bin lol).
It's sad, but that is the way it is. There just isn't any escape from Windows. No, I'm afraid that Linux will never ever take the place of Windows. Maybe several years from now, if we're lucky, but definitely not today. So then, what to do now?
Well, like I posted before we should probably just wait and see what really happens. Once Vista is readily available to all and enough folks are using it, then that is when we should be forming a real opinion of it. Freaking out because of assumptions, assumptions that are mostly theory based on what's on paper, doesn't make any sense at all. Reality is what we should be more interested in. Besides, all of this only applies to so called "premium content". I don't think a whole lot of PC users out there care about premium content one way or another. Certainly not the kind of person that visits a place like p2pnet lol. I certainly don't. Since Windows XP has always been more than capable of doing everything we need, "premium content" or no, we should probably just stick with what we already have and what we already know. If it ain't broke, don't fix it.
And ...
I know Linux used to be kinda crappy for someone coming from the world of Windows, but that was then, and this is now. And now, let me tell you, Fedora 6 and Ubuntu are working REALLY REALLY NICE. It is now trivial to download and install popular packages, and common open-source media players like VLC, mplayer, and Xine support way more formats than Windows Media Player. You can even run internet explorer and most win32 apps in Linux smoothly (I can use IE to watch youtube vids smoothly).
The only thing that Windows has going for it anymore is gaming, and that is taken care of with a dual-boot setup, especially since you don't need to many updates to a WinXP install if you're only using it for gaming. As well, there are just as many console emulators for Linux as there are for Win. I emulate snes/nes/neogeo/turbogfx/coleco/c64/atari/arcade games all the time on my FC6 system. There is also a growing category of open-source games that run in OpenGL, snazzy graphics and everything. I suspect one day Linux could surpass Win in this category as well.
In the end, an OS designed FOR THE USER instead of the corporate media monopoly is going to win, it doesn't matter how big MS is. The open-source movement is growing, and in the end it's going to be more efficient overall for everyone to have a free, well supported, publicly maintained high-quality OS platform. Eventually there will be more programmers putting more hours into open-source projects than Microsoft can keep up with.
If anyone needs some help getting Fedora 6 setup, there's a good tips and tricks page at http://www.gagme.com/greg/linux/fc6-tips.php that has the basic on installed media players and so forth....
Stay tuned.
http://p2pnet.net/story/10827?PHPSESSID=a08cb755bda54a11d314a
i am informing the world that Vista Beta and final "was one of the worst operating system experiences that I've ever encountered."
IF YE GET AND USE VISTA THAT MEANS YE KISS THE MOVIE STUDIOS MICROSOFT AND MEDIA COMPANY'S ON THE ASS.
IRELAND
IRELAND
This message has been edited since posting. Last time this message was edited on 23. December 2006 @ 09:30
|
|
janrocks
Suspended permanently
|
23. December 2006 @ 09:47 |
Link to this message
|
|
Which boils down to.... OPEN SOURCE.. Make it how you want it!!
Microsh*t's days are numbered.
|
AfterDawn Addict
4 product reviews
|
24. December 2006 @ 02:21 |
Link to this message
|
|
without letting consumers have fair use and personal data archiving of anything data it means the begaining of the end off free thought,once they are able to fully control things they don't like it will only get worse...
Copyright infringement is nothing more than civil disobedience to a bad set of laws. Lets renegotiate them.
|
AfterDawn Addict
4 product reviews
|
24. December 2006 @ 02:54 |
Link to this message
|
Quote:
[quote]without letting consumers have fair use and personal data archiving of anything data it means the begaining of the end off free thought,once they are able to fully control things they don't like it will only get worse...
Well Said!
Screw Microsoft!
lunix is getting there little by little the driver base is exspoanding once it encompasses 80% of DX 9 and virtual drive for XP or 9x for thos hard to run programs Lunix would be near prefect and great replacement for windose flavor of th decade but until then its more a hobbyists choice than a viable OS.
Copyright infringement is nothing more than civil disobedience to a bad set of laws. Lets renegotiate them.
This message has been edited since posting. Last time this message was edited on 24. December 2006 @ 03:04
|
Senior Member
|
24. December 2006 @ 03:38 |
Link to this message
|
|
That cost anal pt2 was so on the money, I would love to meet that person face to face and shake thier hand.
|
AfterDawn Addict
|
24. December 2006 @ 07:26 |
Link to this message
|
instead of using vista
Linux Desktop 2006: better than ever
Opinion -- I recently read a story that asked, "Has the Desktop Linux Bubble Burst?" Burst!? No, I don't think so. Actually, it still isn't even half as big as it will be when it's full.
Spread the word:
digg this story
The author goes on to explain that he feels this way because GNOME "lacks any form of a vision," while KDE4 is full of wonderful ideas, but not enough money and effort behind turning concepts into code.
I don't see that at all. I think both popular Linux desktop environments are making good progress.
But, you know what? I think focusing on KDE or GNOME is like looking at the trees and missing the forest. The last 12 months have seen extraordinary progress in the Linux desktop. I'd say 2006 has been the best year ever for the Linux desktop.
Let's start by looking at some of the latest desktop distributions.
Besides being a great desktop in its own right SLED 10 (SUSE Linux Enterprise Desktop), comes with all the corporate support trimmings that big businesses want before they'll even consider buying an operating system.
Novell's openSUSE, now at version 10.2, has actually, according to DistroWatch.com's Page Hit Ranking, become the most popular Linux distribution around in the last month. Red Hat isn't pushing its desktop offerings -- for now -- but Fedora makes a fine desktop. We haven't reviewed Fedora 6 yet, but I have it running, and it's fine.
MEPIS 6.01 is a solid, Ubuntu-based distribution that everyone at DesktopLinux.com likes, and we see a lot of Linux desktops. Or, if you prefer, you can go with the pure Ubuntu.
If you like Debian, take a look at the Windows-user friendly Xandros. Last, but in no way least, if you want to maximize your chances of all your hardware running, you should try Linspire's Freespire.
Now, compare any of those with the Linux desktops that were available in 2005. Each and every one is a significant improvement over its predecessor.
But, the Linux desktop has seen a lot more than better distributions. It also has taken giant steps forward in interoperability. The Portland Project has brought GNOME and KDE developers closer together than ever. More work needs to be done with interoperability, but the desktop developers are already hard at work on such things as standardizing Linux audio and printers.
Now, some of this development, like the establishment of the D-Bus IPC (interprocess communication) system may not look like much, but it is. The foundation that the Portland supporters are putting together will make the Linux desktop even stronger for both ISVs (independent software vendors) and users.
Let's also not forget that Microsoft's Vista may yet drive users to Linux. Yes, I've said that before, but now IDC's analysts are saying it. They predict that Microsoft's big-brother-like "client operating system anti-piracy efforts will backfire. Microsoft's anti-piracy campaign will drive customers toward Linux."
Burst? No, the Linux desktop has just had its best year ever. And, as the Portland project standardization efforts continue to be deployed in KDE, in GNOME, and in the desktop distributions, 2007 will be better still.
-- Steven J. Vaughan-Nichols
http://www.desktoplinux.com/news/NS3202338982.html
|
AfterDawn Addict
4 product reviews
|
24. December 2006 @ 07:32 |
Link to this message
|
|
ireland
ya but XP is better so meh until lunix is almsot as good as XP,I'll stick with XP.
Copyright infringement is nothing more than civil disobedience to a bad set of laws. Lets renegotiate them.
|
AfterDawn Addict
|
24. December 2006 @ 07:45 |
Link to this message
|
|
ZIppyDSM
i been throwing some crap at xp and 2000,meaning trying to break the operating system..
one example like user accounts..
i corrupted the main admin on both systems..
note,both had a admin and a user as a admin
xp would not boot,blue screen..
2000 first screen said main admin account corrupted.using secondary account to boot into windows.
drives are another problen in xp,but thats another story...
and the winner is===2000
|
Senior Member
|
24. December 2006 @ 07:48 |
Link to this message
|
Good atricle Ireland, because I know nothing about Linux except the fact that it could be difficult for people like me I to will be sticking with XP until they do not support it anymore, but in the meantime, by than I have a feeling that Linux will become more user friendly as you say now they are getting better, because of Vista and thier DRM and other prohibiters they can stick it up thier gege hole, I just wish that anybody in my nieghborhood had a Linux running so I could check it out personally, so many different types mind boggling.
|
AfterDawn Addict
4 product reviews
|
24. December 2006 @ 07:50 |
Link to this message
|
|
ireland
hehe ^^
I am used to XP it works more or less so I will keep it.
Copyright infringement is nothing more than civil disobedience to a bad set of laws. Lets renegotiate them.
|
AfterDawn Addict
|
24. December 2006 @ 08:57 |
Link to this message
|
A LONG READ..................................
Vista security spec 'longest suicide note in history'
NZ boffin's claim
By Andrew Thomas: Sunday 24 December 2006, 16:43
VISTA'S CONTENT PROTECTION specification could very well constitute the longest suicide note in history, claims a new and detailed report from the University of Auckland in New Zealand.
"Peter Gutmann's report describes the pernicious DRM built into Vista and required by MS for approval of hardware and drivers," said INQ reader Brad Steffler, MD, who brought the report to our attention. "As a physician who uses PCs for image review before I perform surgery, this situation is intolerable. It is also intolerable for me as a medical school professor as I will have to switch to a MAC or a Linux PC. These draconian dicta just might kill the PC as we know it."
But this isn't just a typical anti-Microsoft rant. Gutmann's report runs to 6,000 words and contains hardly any FSF-style juvenile invective.
"Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost," says Gutmann on his homepage.
"These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry."
He also claims that Vista's content protection will 'have to violate the laws of physics if it is to work'.
I'm not going to comment on the details of the report and its implications but merely suggest that you read it for yourselves and come to your own conclusions. I'd also venture to suggest that Microsoft might want to comment on Gutmann's work. µ
L'INQ
A Cost Analysis of Windows Vista Content Protection
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
A Cost Analysis of Windows Vista Content Protection
===================================================
Peter Gutmann, pgut001@cs.auckland.ac.nz
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
Last updated 23 December 2006
Executive Summary
-----------------
Windows Vista includes an extensive reworking of core OS elements in order to
provide content protection for so-called "premium content", typically HD data
from Blu-ray and HD-DVD sources. Providing this protection incurs
considerable costs in terms of system performance, system stability, technical
support overhead, and hardware and software cost. These issues affect not
only users of Vista but the entire PC industry, since the effects of the
protection measures extend to cover all hardware and software that will ever
come into contact with Vista, even if it's not used directly with Vista (for
example hardware in a Macintosh computer or on a Linux server). This document
analyses the cost involved in Vista's content protection, and the collateral
damage that this incurs throughout the computer industry.
Executive Executive Summary
---------------------------
The Vista Content Protection specification could very well constitute the
longest suicide note in history.
Introduction
------------
This document looks purely at the cost of the technical portions of Vista's
content protection. The political issues (under the heading of DRM) have been
examined in exhaustive detail elsewhere and won't be commented on further,
unless it's relevant to the cost analysis. However, one important point that
must be kept in mind when reading this document is that in order to work,
Vista's content protection must be able to violate the laws of physics,
something that's unlikely to happen no matter how much the content industry
wishes it were possible. This conundrum is displayed over and over again in
the Windows content-protection specs, with manufacturers being given no hard-
and-fast guidelines but instead being instructed that they need to display as
much dedication as possible to the party line. The documentation is peppered
with sentences like:
"It is recommended that a graphics manufacturer go beyond the strict letter
of the specification and provide additional content-protection features,
because this demonstrates their strong intent to protect premium content".
This is an exceedingly strange way to write technical specifications, but is
dictated by the fact that what the spec is trying to achieve is fundamentally
impossible. Readers should keep this requirement to display appropriate
levels of dedication in mind when reading the following analysis [Note A].
Disabling of Functionality
--------------------------
Vista's content protection mechanism only allows protected content to be sent
over interfaces that also have content-protection facilities built in.
Currently the most common high-end audio output interface is S/PDIF
(Sony/Philips Digital Interface Format). Most newer audio cards, for example,
feature TOSlink digital optical output for high-quality sound reproduction,
and even the latest crop of motherboards with integrated audio provide at
least coax (and often optical) digital output. Since S/PDIF doesn't provide
any content protection, Vista requires that it be disabled when playing
protected content. In other words if you've invested a pile of money into a
high-end audio setup fed from a digital output, you won't be able to use it
with protected content. Similarly, component (YPbPr) video will be disabled
by Vista's content protection, so the same applies to a high-end video setup
fed from component video.
Indirect Disabling of Functionality
-----------------------------------
As well as overt disabling of functionality, there's also covert disabling of
functionality. For example PC voice communications rely on automatic echo
cancellation (AEC) in order to work. AEC requires feeding back a sample of
the audio mix into the echo cancellation subsystem, but with Vista's content
protection this isn't permitted any more because this might allow access to
premium content. What is permitted is a highly-degraded form of feedback that
might possibly still sort-of be enough for some sort of minimal echo
cancellation purposes.
The requirement to disable audio and video output plays havoc with standard
system operations, because the security policy used is a so-called "system
high" policy: The overall sensitivity level is that of the most sensitive data
present in the system. So the instant any audio derived from premium content
appears on your system, signal degradation and disabling of outputs will
occur. What makes this particularly entertaining is the fact that the
downgrading/disabling is dynamic, so if the premium-content signal is
intermittent or varies (for example music that fades out), various outputs and
output quality will fade in and out, or turn on and off, in sync. Normally
this behaviour would be a trigger for reinstalling device drivers or even a
warranty return of the affected hardware, but in this case it's just a signal
that everything is functioning as intended.
Decreased Playback Quality
--------------------------
Alongside the all-or-nothing approach of disabling output, Vista requires that
any interface that provides high-quality output degrade the signal quality
that passes through it. This is done through a "constrictor" that downgrades
the signal to a much lower-quality one, then up-scales it again back to the
original spec, but with a significant loss in quality. So if you're using an
expensive new LCD display fed from a high-quality DVI signal on your video
card and there's protected content present, the picture you're going to see
will be, as the spec puts it, "slightly fuzzy", a bit like a 10-year-old CRT
monitor that you picked up for $2 at a yard sale. In fact the spec
specifically still allows for old VGA analog outputs, but even that's only
because disallowing them would upset too many existing owners of analog
monitors. In the future even analog VGA output will probably have to be
disabled. The only thing that seems to be explicitly allowed is the extremely
low-quality TV-out, provided that Macrovision is applied to it.
The same deliberate degrading of playback quality applies to audio, with the
audio being downgraded to sound (from the spec) "fuzzy with less detail".
Amusingly, the Vista content protection docs say that it'll be left to
graphics chip manufacturers to differentiate their product based on
(deliberately degraded) video quality. This seems a bit like breaking the
legs of Olympic athletes and then rating them based on how fast they can
hobble on crutches.
Beyond the obvious playback-quality implications of deliberately degraded
output, this measure can have serious repercussions in applications where
high-quality reproduction of content is vital. For example the field of
medical imaging either bans outright or strongly frowns on any form of lossy
compression because artifacts introduced by the compression process can cause
mis-diagnoses and in extreme cases even become life-threatening. Consider a
medical IT worker who's using a medical imaging PC while listening to
audio/video played back by the computer (the CDROM drives installed in
workplace PCs inevitably spend most of their working lives playing music or
MP3 CDs to drown out workplace noise). If there's any premium content present
in there, the image will be subtly altered by Vista's content protection,
potentially creating exactly the life-threatening situation that the medical
industry has worked so hard to avoid. The scary thing is that there's no easy
way around this - Vista will silently modify displayed content under certain
(almost impossible-to-predict in advance) situations discernable only to
Vista's built-in content-protection subsystem.
Elimination of Open-source Hardware Support
-------------------------------------------
In order to prevent the creation of hardware emulators of protected output
devices, Vista requires a Hardware Functionality Scan (HFS) that can be used
to uniquely fingerprint a hardware device to ensure that it's (probably)
genuine. In order to do this, the driver on the host PC performs an operation
in the hardware (for example rendering 3D content in a graphics card) that
produces a result that's unique to that device type.
In order for this to work, the spec requires that the operational details of
the device be kept confidential. Obviously anyone who knows enough about the
workings of a device to operate it and to write a third-party driver for it
(for example one for an open-source OS, or in general just any non-Windows OS)
will also know enough to fake the HFS process. The only way to protect the
HFS process therefore is to not release any technical details on the device
beyond a minimum required for web site reviews and comparison with other
products.
Elimination of Unified Drivers
------------------------------
The HFS process has another cost involved with it. Most hardware vendors have
(thankfully) moved to unified driver models instead of the plethora of
individual drivers that abounded some years ago. Since HFS requires unique
identification and handling of not just each device type (for example each
graphics chip) but each variant of each device type (for example each stepping
of each graphics chip) to handle the situation where a problem is found with
one variation of a device, it's no longer possible to create one-size-fits-all
drivers for an entire range of devices like the current
Catalyst/Detonator/ForceWare drivers. Every little variation of every device
type out there must now be individually accommodated in custom code in order
for the HFS process to be fully effective.
If a graphics chip is integrated directly into the motherboard and there's no
easy access to the device bus then the need for bus encryption (see
"Unnecessary CPU Resource Consumption" below) is removed. Because the
encryption requirement is so onerous, it's quite possible that this means of
providing graphics capabilities will suddenly become more popular after the
release of Vista. However, this leads to a problem: It's no longer possible
to tell if a graphics chip is situated on a plug-in card or attached to the
motherboard, since as far as the system is concerned they're both just devices
sitting on the AGP/PCIe bus. The solution to this problem is to make the two
deliberately incompatible, so that HFS can detect a chip on a plug-in card vs.
one on the motherboard. Again, this does nothing more than increase costs and
driver complexity.
Further problems occur with audio drivers. To the system, HDMI audio looks
like S/PDIF, a deliberate design decision to make handling of drivers easier.
In order to provide the ability to disable output, it's necessary to make HDMI
codecs deliberately incompatible with S/PDIF codecs, despite the fact that
they were specifically designed to appear identical in order to ease driver
support and reduce development costs.
Denial-of-Service via Driver Revocation
---------------------------------------
Once a weakness is found in a particular driver or device, that driver will
have its signature revoked by Microsoft, which means that it will cease to
function (details on this are a bit vague here, presumably some minimum
functionality like generic 640x480 VGA support will still be available in
order for the system to boot). This means that a report of a compromise of a
particular driver or device will cause all support for that device worldwide
to be turned off until a fix can be found. Again, details are sketchy, but if
it's a device problem then presumably the device turns into a paperweight once
it's revoked. If it's an older device for which the vendor isn't interested
in rewriting their drivers (and in the fast-moving hardware market most
devices enter "legacy" status within a year of two of their replacement models
becoming available), all devices of that type worldwide become permanently
unusable.
The threat of driver revocation is the ultimate nuclear option, the crack of
the commissars' pistols reminding the faithful of their duty [Note B]. The
exact details of the hammer that vendors will be hit with is buried in
confidential licensing agreements, but I've heard mention of multimillion
dollar fines and embargoes on further shipment of devices alongside the driver
revocation mentioned above.
Decreased System Reliability
----------------------------
"Drivers must be extra-robust. Requires additional driver development to
isolate and protect sensitive code paths" -- ATI.
Vista's content protection requires that devices (hardware and software
drivers) set so-called "tilt bits" if they detect anything unusual. For
example if there are unusual voltage fluctuations, maybe some jitter on bus
signals, a slightly funny return code from a function call, a device register
that doesn't contain quite the value that was expected, or anything similar, a
tilt bit gets set. Such occurrences aren't too uncommon in a typical computer
(for example starting up or plugging in a bus-powered device may cause a small
glitch in power supply voltages, or drivers may not quite manage device state
as precisely as they think). Previously this was no problem - the system was
designed with a bit of resilience, and things will function as normal. In
other words small variances in performance are a normal part of system
functioning. Furthermore, the degree of variance can differ widely across
systems, with some handling large changes in system parameters and others only
small ones. One very obvious way to observe this is what happens when a bunch
of PCs get hit by a momentary power outage. Effects will vary from powering
down, to various types of crash, to nothing at all, all triggered by exactly
the same external event.
With the introduction of tilt bits, all of this designed-in resilience is
gone. Every little (normally unnoticeable) glitch is suddenly surfaced
because it could be a sign of a hack attack. The effect that this will have
on system reliability should require no further explanation.
Content-protection "features" like tilt bits also have worrying denial-of-
service (DoS) implications. It's probably a good thing that modern malware is
created by programmers with the commercial interests of the phishing and spam
industries in mind rather than just creating as much havoc as possible. With
the number of easily-accessible grenade pins that Vista's content protection
provides, any piece of malware that decides to pull a few of them will cause
considerable damage. The homeland security implications of this seem quite
serious, since a tiny, easily-hidden piece of malware would be enough to
render a machine unusable, while the very nature of Vista's content protection
would make it almost impossible to determine why the denial-of-service is
occurring. Furthermore, the malware authors, who are taking advantage of
"content-protection" features, would be protected by the DMCA against any
attempts to reverse-engineer or disable the content-protection "features" that
they're abusing.
Even without deliberate abuse by malware, the homeland security implications
of an external agent being empowered to turn off your IT infrastructure in
response to a content leak discovered in some chipset that you coincidentally
happen to be using is a serious concern for potential Vista users. Non-US
governments are already nervous enough about using a US-supplied operating
system without having this remote DoS capability built into the operating
system. And like the medical-image-degradation issue, you won't find out
about this until it's too late, turning Vista PCs into ticking time bombs if
the revocation functionality is ever employed.
Increased Hardware Costs
------------------------
"Cannot go to market until it works to specification... potentially more
respins of hardware" -- ATI.
"This increases motherboard design costs, increases lead times, and reduces
OEM configuration flexibility. This cost is passed on to purchasers of
multimedia PCs and may delay availability of high-performance platforms" --
ATI.
Vista includes various requirements for "robustness" in which the content
industry, through "hardware robustness rules", dictates design requirements to
hardware manufacturers. For example, only certain layouts of a board are
allowed in order to make it harder for outsiders to access parts of the board.
Possibly for the first time ever, computer design is being dictated not by
electronic design rules, physical layout requirements, and thermal issues, but
by the wishes of the content industry. Apart from the massive headache that
this poses to device manufacturers, it also imposes additional increased costs
beyond the ones incurred simply by having to lay out board designs in a
suboptimal manner. Video card manufacturers typically produce a one-size-
fits-all design (often a minimally-altered copy of the chipset vendor's
reference design), and then populate different classes and price levels of
cards in different ways. For example a low-end card will have low-cost,
minimal or absent TV-out encoders, DVI circuitry, RAMDACs, and various other
add-ons used to differentiate budget from premium video cards. You can see
this on the cheaper cards by observing the unpopulated bond pads on circuit
boards, and gamers and the like will be familiar with cut-a-trace/resolder-a-
resistor sidegrades of video cards. Vista's content-protection requirements
eliminate this one-size-fits-all design, banning the use of separate TV-out
encoders, DVI circuitry, RAMDACs, and other discretionary add-ons. Everything
has to be custom-designed and laid out so that there are no unnecessary
accessible signal links on the board. This means that a low-cost card isn't
just a high-cost card with components omitted, and conversely a high-cost card
isn't just a low-cost card with additional discretionary components added,
each one has to be a completely custom design created to ensure that no signal
on the board is accessible.
This extends beyond simple board design all the way down to chip design.
Instead of adding an external DVI chip, it now has to be integrated into the
graphics chip, along with any other functionality normally supplied by an
external chip. So instead of varying video card cost based on optional
components, the chipset vendor now has to integrate everything into a one-
size-fits-all premium-featured graphics chip, even if all the user wants is a
budget card for their kids' PC.
Increased Cost due to Requirement to License Unnecessary Third-party IP
-----------------------------------------------------------------------
"We've taken on more legal costs in copyright protection in the last six to
eight months than we have in any previous engagement. Each legal contract
sets a new precedent, and each new one builds on the previous one" -- ATI.
Protecting all of this precious premium content requires a lot of additional
technology. Unfortunately much of this is owned by third parties and requires
additional licensing. For example HDCP for HDMI is owned by Intel, so in
order to send a signal over HDMI you have to pay royalties to Intel, even
though you could do exactly the same thing for free over DVI. Similarly,
since even AES-128 on a modern CPU isn't fast enough to encrypt high-bandwidth
content, companies are required to license the Intel-owned Cascaded Cipher, an
AES-128-based transform that's designed to offer a generally similar level of
security but with less processing overhead.
The need to obtain unnecessary technology licenses extends beyond basic
hardware IP. In order to demonstrate their commitment to the cause, Microsoft
have recommended as part of their "robustness rules" that vendors license
third-party code obfuscation tools to provide virus-like stealth capabilities
for their device drivers in order to make it difficult to interfere with their
operations or reverse-engineer them. Vendors like Cloakware and Arxan have
actually added "robustness solutions" web pages to their sites in anticipation
of this lucrative market. This must be a nightmare for device vendors, for
whom it's already enough of a task getting fully functional drivers deployed
without having to deal with adding stealth-virus-like technology on top of the
basic driver functionality.
Unnecessary CPU Resource Consumption
------------------------------------
"Since [encryption] uses CPU cycles, an OEM may have to bump the speed grade
on the CPU to maintain equivalent multimedia performance. This cost is
passed on to purchasers of multimedia PCs" -- ATI.
In order to prevent tampering with in-system communications, all communication
flows have to be encrypted and/or authenticated. For example content to video
cards has to be encrypted with AES-128. This requirement for cryptography
extends beyond basic content encryption to encompass not just data flowing
over various buses but also command and control data flowing between software
components. For example communications between user-mode and kernel-mode
components are authenticated with OMAC message authentication-code tags, at
considerable cost to both ends of the connection.
In order to prevent active attacks, device drivers are required to poll the
underlying hardware every 30ms to ensure that everything appears kosher. This
means that even with nothing else happening in the system, a mass of assorted
drivers has to wake up thirty times a second just to ensure that... nothing
continues to happen. In addition to this polling, further device-specific
polling is also done, for example Vista polls video devices on each video
frame displayed in order to check that all of the grenade pins (tilt bits) are
still as they should be [Note C].
On-board graphics create an additional problem in that blocks of precious
content will end up stored in system memory, from where they could be paged to
disk. In order to avoid this, Vista tags such pages with a special protection
bit indicating that they need to be encrypted before being paged out and
decrypted again after being paged in. Vista doesn't provide any other
pagefile encryption, and will quite happily page banking PINs, credit card
details, private, personal data, and other sensitive information, in
plaintext. The content-protection requirements make it fairly clear that in
Microsoft's eyes a frame of premium content is worth more than (say) a user's
medical records or their banking PIN.
In addition to the CPU costs, the desire to render data inaccessible at any
level means that video decompression can't be done in the CPU any more, since
there isn't sufficient CPU power available to both decompress the video and
encrypt the resulting uncompressed data stream to the video card. As a
result, much of the decompression has to be integrated into the graphics chip.
At a minimum this includes IDCT, MPEG motion compensation, and the Windows
Media VC-1 codec (which is also DCT-based, so support via an IDCT core is
fairly easy). As a corollary to the "Increased Hardware Costs" problem above,
this means that you can't ship a low-end graphics chip without video codec
support any more.
The inability to perform decoding in software also means that any premium-
content compression scheme not supported by the graphics hardware can't be
implemented. If things like the Ogg video codec ever eventuate and get used
for premium content, they had better be done using something like Windows
Media VC-1 or they'll be a non-starter under Vista or Vista-approved hardware.
This is particularly troubling for the high-quality digital cinema (D-Cinema)
specification, which uses Motion JPEG2000 (MJ2K) because standard MPEG and
equivalents don't provide sufficient image quality. Since JPEG2000 uses
wavelet-based compression rather than MPEG's DCT-based compression, and
wavelet-based compression isn't on the hardware codec list, it's not possible
to play back D-Cinema premium content (the moribund Ogg Tarkin codec also used
wavelet-based compression). Because *all* D-Cinema content will (presumably)
be premium content, the result is no playback at all until the hardware
support appears in PCs at some indeterminate point in the future. Compare
this to the situation with MPEG video, where early software codecs like the
XingMPEG en/decoder practically created the market for PC video. Today, thanks
to Vista's content protection, the opening up of new markets in this manner
would be impossible.
The high-end graphics and audio market are dominated entirely by gamers, who
will do anything to gain the tiniest bit of extra performance, like buying
Bigfoot Networks' $250 "Killer NIC" ethernet card in the hope that it'll help
reduce their network latency by a few milliseconds. These are people buying
$500-$1000 graphics and sound cards for which one single sale brings the
device vendors more than the few cents they get from the video/audio portion
of an entire roomful of integrated-graphics-and-sound PCs. I wonder how this
market segment will react to knowing that their top-of-the-line hardware is
being hamstrung by all of the content-protection "features" that Vista hogties
it with?
Unnecessary Device Resource Consumption
---------------------------------------
"Compliance rules require [content] to be encrypted. This requires
additional encryption/decryption logic thus adding to VPU costs. This cost
is passed on to all consumers" -- ATI.
As part of the bus-protection scheme, devices are required to implement
AES-128 encryption in order to receive content from Vista. This has to be
done via a hardware decryption engine on the graphics chip, which would
typically be implemented by throwing away a rendering pipeline or two to make
room for the AES engine.
Establishing the AES key with the device hardware requires further
cryptographic overhead, in this case a 2048-bit Diffie-Hellman key exchange.
In programmable devices this can be done (with considerable effort) in the
device (for example in programmable shader hardware), or more simply by
throwing out a few more rendering pipelines and implementing a public-key-
cryptography engine in the freed-up space.
Needless to say, the need to develop, test, and integrate encryption engines
into audio/video devices will only add to their cost, as covered in "Increased
Hardware Costs" above, and the fact that their losing precious performance in
order to accommodate Vista's content protection will make gamers less than
happy.
Final Thoughts
--------------
"No amount of coordination will be successful unless it's designed with the
needs of the customer in mind. Microsoft believes that a good user
experience is a requirement for adoption" -- Microsoft.
"The PC industry is committed to providing content protection on the PC, but
nothing comes for free. These costs are passed on to the consumer" -- ATI.
At the end of all this, the question remains: Why is Microsoft going to this
much trouble? Ask most people what they picture when you use the term
"premium media player" and they'll respond with "A PVR" or "A DVD player" and
not "A Windows PC". So why go to this much effort to try and turn the PC into
something that it's not?
In July 2006, Cory Doctorow published an analysis of the anti-competitive
nature of Apple's iTunes copy-restriction system ("Apple's Copy Protection
Isn't Just Bad For Consumers, It's Bad For Business", Cory Doctorow,
Information Week, 31 July 2006). The only reason I can imagine why Microsoft
would put its programmers, device vendors, third-party developers, and
ultimately its customers, through this much pain is because once this copy
protection is entrenched, Microsoft will completely own the distribution
channel. In the same way that Apple has managed to acquire a monopolistic
lock-in on their music distribution channel (an example being the Motorola
ROKR fiasco, which was so crippled by Apple-imposed restrictions that it was
dead the moment it appeared), so Microsoft will totally control the premium-
content distribution channel. Not only will they be able to lock out any
competitors, but because they will then represent the only available
distribution channel they'll be able to dictate terms back to the content
providers whose needs they are nominally serving in the same way that Apple
has already dictated terms back to the music industry: Play by Apple's rules,
or we won't carry your content. The result will be a technologically enforced
monopoly that makes their current de-facto Windows monopoly seem like a velvet
glove in comparison.
Overall, Vista's content-protection functionality seems like an astonishingly
short-sighted piece of engineering, concentrating entirely on content
protection with no consideration given to the enormous repercussions of the
measures employed. It's something like the PC equivalent of the (hastily
dropped) proposal mooted in Europe to put RFID tags into high-value banknotes
as an anti-counterfeiting measure, completely ignoring the fact that the major
users of this technology would end up being criminals who would use it to
remotely identify the most lucrative robbery targets.
The worst thing about all of this is that there's no escape. Hardware
manufacturers will have to drink the kool-aid (and the reference to mass
suicide here is deliberate [Note D]) in order to work with Vista: "There is no
requirement to sign the [content-protection] license; but without a
certificate, no premium content will be passed to the driver". Of course as a
device manufacturer you can choose to opt out, if you don't mind your device
only ever being able to display low-quality, fuzzy, blurry video and audio
when premium content is present, while your competitors don't have this
(artificially-created) problem.
As a user, there is simply no escape. Whether you use Windows Vista, Windows
XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other
OS, Windows content protection will make your hardware more expensive, less
reliable, more difficult to program for, more difficult to support, more
vulnerable to hostile code, and with more compatibility problems.
Here's an offer to Microsoft: If we, the consumers, promise to never, ever,
ever buy a single HD-DVD or Blu-ray disc containing any precious premium
content [Note E], will you in exchange withhold this poison from the computer
industry? Please?
Acknowledgements
----------------
This document was put together with input from various sources, including a
number that requested that I keep their contributions anonymous (in some cases
I've simplified or rewritten some details to ensure that the original,
potentially traceable wording of non-public requirements docs isn't used).
Because it wasn't always possible to go back to the sources and verify exact
details, it's possible that there may be some inaccuracies present, which I'm
sure I'll hear about fairly quickly. No doubt Microsoft (who won't want a
view of Vista as being broken by design to take root) will also provide their
spin on the details.
In addition to the material present here, I'd be interested in getting further
input both from people at Microsoft involved in implementing the content
protection measures and from device vendors who are required to implement the
hardware and driver software measures. I know from the Microsoft sources that
contributed that many of them care deeply about providing the best possible
audio/video user experience for Vista users and are quite distressed about
having to spend time implementing large amounts of anti-functionality when
it's already hard enough to get things running smoothly without the
intentional crippling. I'm always open to further input, and will keep all
contributions confidential unless you give me permission to repeat something.
If you want to encrypt things, my PGP key is linked from my home page,
http://www.cs.auckland.ac.nz/~pgut001.
Sources
-------
Because this writeup started out as a private discussion in email, a number of
the sources used were non-public. The best public sources that I know of are:
"Output Content Protection and Windows Vista",
http://www.microsoft.com/whdc/device/stream/output_protect.mspx, from WHDC.
"Windows Longhorn Output Content Protection",
http://download.microsoft.com/download/9...6_WinHEC05.ppt,
from WinHEC.
"How to Implement Windows Vista Content Output Protection",
http://download.microsoft.com/download/5...ED038_WH06.ppt,
from WinHEC.
"Protected Media Path and Driver Interoperability Requirements",
http://download.microsoft.com/download/9...5_WinHEC05.ppt,
from WinHEC.
An excellent analysis from one of the hardware vendors involved in this comes
from ATI, in the form of "Digital Media Content Protection",
http://download.microsoft.com/download/9...2_WinHEC05.ppt,
from WinHEC. This points out (in the form of PowerPoint bullet-points) the
manifold problems associated with Vista's content-protection measures, with
repeated mention of increased development costs, degraded performance and the
phrase "increased costs passed on to consumers" pervading the entire
presentation like a mantra.
(Note that the crypto requirements have changed since some of the information
above was published, for example SHA-1 has been deprecated in favour of
SHA-256 and SHA-512, and public keys seem to be uniformly set at 2048 bits in
place of the mixture of 1024-bit and 2048-bit mentioned in the presentations).
In addition there have been quite a few writeups on this (although not going
into as much detail as this document) in magazines both online and in print,
one example being PC World's feature article "Will your PC run Windows
Vista?", http://www.pcw.co.uk/articles/print/2154785, which covers this in the
appropriately-titled section "Multimedia in chains". Audience reactions at
WinHEC are covered in "Longhorn: tough trail to PC digital media" published in
EE Times (http://www.eetimes.com/issue/fp/showArticle.jhtml?articleID=162100180),
unfortunately you need to be a subscriber to read this but you may be able to
find accessible cached copies using your favourite search engine.
(In case the above hints aren't obvious enough, if you work for nVidia, ATI,
VIA, SiS, Intel, ..., I'd *really* like to get your comments on how all of
this is affecting you).
Footnotes
---------
Note A: I'll make a prediction at this point that, given that it's trying to
do the impossible, the Vista content protection will take less than a day to
bypass if the bypass mechanism is something like a driver bug or a simple
security hole that applies only to one piece of code (and can therefore be
quickly patched), and less than a week to comprehensively bypass in a
driver/hardware-independent manner. This doesn't mean it'll be broken the day
or week that it appears, but simply that once a sufficiently skilled attacker
is motivated to bypass the protection, it'll take them less than a day or a
week to do so.
Note B: I see some impressive class-action suits to follow if this revocation
mechanism is ever applied. Perhaps Microsoft or the content providers will
buy everyone who owns a device that inadvertently leaks content and is then
disabled by the revocation process replacement hardware for their system.
Some contributors have commented that they can't see the revocation system
ever being used because the consumer backlash would be too enormous, but then
the legal backlash from not going ahead could be equally extreme. For anyone
who's read "Guns of August", the situation seems a bit like pre-WWI Europe
with people sitting on step 1 of enormously complex battle plans that can't be
backed out of once triggered, no matter how obvious it is that going ahead
with them is a bad idea. Driver revocation is a lose/lose situation for
Microsoft, they're in for some serious pain whether they do or they don't.
Their lawyers must have been asleep when they let themselves get painted into
this particular corner.
An entirely different DoS problem that applies more to HDMI-enabled devices in
general has already surfaced in the form of, uhh, "DVI amplifiers", which take
as input an HDMI signal and output a DVI signal, amplifying it in the process.
Oh, and as a side-effect they just happen to remove the HDCP protection.
These devices are relatively simple to design and build using off-the-shelf
HDMI chips (I know of hardware hackers who have built their own protection-
strippers using chip samples obtained from chip vendors. If you have the
right credentials you can even get hardware evaluation boards designed for
testing and development that do this sort of thing).
Now assume that the "DVI amplifier" manufacturer buys a truckload of HDMI
chips (they'll want to get as many as they can in one go because they probably
won't be able to go back and buy more when the chip vendor discovers what
they're being used for). Since this is a rogue device, it can be revoked...
alongside hundreds of thousands or even millions of other consumer devices
that use the same chip. Engadget have a good overview of this scenario at
http://www.engadget.com/2005/07/21/the-c...ny-red-button/.
Note C: We already have multiple reports from Vista reviewers of playback
problems with video and audio content, with video frames dropped and audio
stuttering even on high-end systems. Time will tell whether this problem is
due to immature drivers, or has been caused by the overhead imposed by Vista's
content protection mechanisms interfering with playback.
Note D: The "kool-aid" reference may be slightly unfamiliar to non-US readers,
it's a reference to the 1978 Jonestown mass-suicide in which Jim Jones'
followers drank Flavor Aid laced with poison in order to demonstrate their
dedication to the cause. In popular usage the term "kool-aid" is substituted
for Flavor Aid because it has more brand recognition.
Note E: If I do ever want to play back premium content, I'll wait a few years
and then buy a $50 Chinese-made set-top player to do it, not a $1000 Windows
PC. It's somewhat bizarre that I have to go to Communist China in order to
find vendors who actually understand the consumer's needs.
A reductio ad absurdum solution to the "premium-content problem", proposed by
a Slashdot reader, is to add support to Windows Vista for a black-box hardware
component that accepts as input encrypted compressed premium content and
produces as output encrypted (or otherwise protected) decoded premium content.
In other words, move the entire mass of hardware, driver, and software
protection into a dedicated black box that's only used in media PCs where it's
(arguably) required.
Now compare this add-on black box to the canonical Chinese-made $50 media
player. Why would anyone buy the black box (which will almost certainly cost
more than $50) when they can buy a complete dedicated media player that does
the same thing and more?
|
AfterDawn Addict
|
25. December 2006 @ 09:08 |
Link to this message
|
December 25, 2006
Flaws Are Detected in Microsoft?s Vista
By JOHN MARKOFF
SAN FRANCISCO, Dec. 24 ? Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.
On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user?s privileges on all of the company?s recent operating systems, including Vista. And over the weekend a Silicon Valley computer security firm said it had notified Microsoft that it had also found that flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company?s new Internet Explorer 7 browser.
The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site. That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating system and other vulnerabilities.
Determina is part of a small industry of companies that routinely pore over the technical details of software applications and operating systems looking for flaws. When flaws in Microsoft products are found they are reported to the software maker, which then produces fixes called patches. Microsoft has built technology into its recent operating systems that makes it possible for the company to fix its software automatically via the Internet.
Despite Microsoft assertions about the improved reliability of Vista, many in the industry are taking a wait-and-see approach. Microsoft?s previous operating system, Windows XP, required two ?service packs? issued over a number of years to substantially improve security, and new flaws are still routinely discovered by outside researchers.
On Friday, a Microsoft executive posted a comment on a company security information Web site stating the company was ?closely monitoring? the vulnerability described by the Russian Web site. It permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.
?Currently we have not observed any public exploitation or attack activity regarding this issue,? wrote Mike Reavey, operations manager of the Microsoft Security Response Center. ?While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date.?
On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was also investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability.
Microsoft has spent millions branding the Vista operating system as the most secure product it has produced, and it is counting on Vista to help turn the tide against a wave of software attacks now plaguing Windows-based computers.
Vista is critical to Microsoft?s reputation. Despite an almost four-and-half-year campaign on the part of the company, and the best efforts of the computer security industry, the threat from harmful computer software continues to grow. Criminal attacks now range from programs that steal information from home and corporate PCs to growing armies of slave computers that are wreaking havoc on the commercial Internet.
Although Vista, which will be available on consumer PCs early next year, has been extensively tested, it is only now being exposed to the challenges of the open Internet.
?I don?t think people should become complacent,? said Nand Mulchandani, a vice president at Determina. ?When vendors say a program has been completely rewritten, it doesn?t mean that it?s more secure from the get-go. My expectation is we will see a whole rash of Vista bugs show up in six months or a year.?
The Determina executives said that by itself, the browser flaw that was reported to Microsoft could permit damage like the theft of password information and the attack of other computers.
However, one of the principal security advances of Internet Explorer 7 is a software ?sandbox? that is intended to limit damage even if a malicious program is able to subvert the operation of the browser. That should limit the ability of any attacker to reach other parts of the Vista operating system, or to overwrite files.
However, when coupled with the ability of the first flaw that permits the change in account privileges, it might then be possible to circumvent the sandbox controls, said Alexander Sotirov, a Determina security researcher. In that case it would make it possible to alter files and potentially permanently infect a target computer. This kind of attack has yet to be proved, he acknowledged.
The Determina researchers said they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.
Last week, the chief technology officer of Trend Micro, a computer security firm in Tokyo, told several computer news Web sites that he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Windows Vista for $50,000. Over the weekend a spokesman for Trend Micro said that the company had not obtained the information, and as a result could not confirm the authenticity of the offer.
Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet.
http://www.nytimes.com/2006/12/25/techno...agewanted=print
|
AfterDawn Addict
|
25. December 2006 @ 15:55 |
Link to this message
|
Windows Vista Capable and Premium Ready PCs
Choose a Windows Vista Capable or Premium Ready PC for the Windows Vista edition that's right for you.
Are you looking to buy a Windows XP-based computer today but want to make sure that it can run Windows Vista? There's no need to wait. When you buy a new PC that carries the Windows Vista Capable or Premium Ready PC designation, you?ll be able to upgrade to one of the editions of Windows Vista while taking advantage of all the opportunities offered by Windows XP today.
What is a Windows Vista Capable PC?
A new PC that carries the Windows Vista Capable PC logo can run Windows Vista. All editions of Windows Vista will deliver core experiences such as innovations in organizing and finding information, security, and reliability. All Windows Vista Capable PCs will run these core experiences at a minimum. Some features available in the premium editions of Windows Vista?like the new Windows Aero user experience?may require advanced or additional hardware.
A Windows Vista Capable PC includes at least:
* A modern processor (at least 800MHz1).
* 512 MB of system memory.
* A graphics processor that is DirectX 9 capable.
Windows Vista Premium Ready PCs
To get an even better Windows Vista experience, including the Windows Aero user experience, ask for a Windows Vista Capable PC that is designated Premium Ready, or choose a PC that meets or exceeds the Premium Ready requirements described below. Features available in specific premium editions of Windows Vista, such as the ability to watch and record live TV, may require additional hardware.
A Windows Vista Premium Ready PC includes at least:
* 1 GHz 32-bit (x86) or 64-bit (x64) processor1.
* 1 GB of system memory.
* Support for DirectX 9 graphics with a WDDM driver, 128 MB of graphics memory (minimum)2, Pixel Shader 2.0 and 32 bits per pixel.
* 40 GB of hard drive capacity with 15 GB free space.
* DVD-ROM Drive3.
* Audio output capability.
* Internet access capability.
Read all of the Windows Vista Capable footnotes.
Review the Windows Vista minimum supported system requirements.
Windows Marketplace has a selection of Windows Vista Capable and Premium Ready PCs that are available today.
Windows Vista enterprise hardware planning guidance is available on TechNet.
Can the Windows Vista experience vary on different PCs?
Yes. Windows Vista is the first Windows operating system with a user experience that adapts to take advantage of the capabilities of the hardware on which it is installed.
All Windows Vista Capable PCs will be able to run at least the core experiences of Windows Vista.
All Windows Vista Premium Ready PCs can deliver even better Windows Vista experiences, including the new Windows Aero user experience.
Does buying a Windows Vista Capable PC mean that I will receive a free upgrade to Windows Vista?
No. A PC that is Windows Vista Capable or Premium Ready means that the PC is ready for an upgrade from Windows XP. You would still need to purchase the edition of Windows Vista that you want to install on your Windows Vista Capable or Premium Ready PC.
http://www.microsoft.com/windowsvista/getready/capable.mspx
|
|
Advertisement
|
|
|
AfterDawn Addict
|
26. December 2006 @ 14:50 |
Link to this message
|
Is Vista Really Bug-Plagued as the NY Times Claims?
By Scott M. Fulton, III, BetaNews
December 26, 2006, 6:36 PM
Last week's discovery of a non-critical bug affecting the old 32-bit Windows API, which BetaNews reported on at the time, was picked up by The New York Times this morning, although its severity was substantially elevated in the process. Under the headline "Flaws Are Detected in Microsoft's Vista," the message box problem was touted as triggering "an early crisis of confidence in the quality of its Windows Vista operating system."
Yet tests of the flaw conducted by BetaNews suggest that, while the bug can crash Windows XP, its roots in the Win32 API dating back to Windows 3.1, coupled with the fact that the source code for the proof-of-concept appears to be straight ANSI C, directly contradict the Times' implication that the bug somehow afflicts Internet Explorer 7.0.
In fact, BetaNews' tests of the original proof-of-concept code, as posted to a Russian security researchers' group Web site, turned up a significant flaw in that code, which would prevent it from being compiled on a modern operating system.
It's a "type" violation, as in "type of variable:" The characters which the code passes to the MessageBox API function are declared in a standard 8-bit-per-character string that has not been terminated by a zero value. Versions of the API in use since Windows 95 use Unicode characters for strings instead, meaning the 8-bit string must be explicitly converted to a wider, 16-bit string before being passed to the newer function.
The omission of this critical conversion -- which is a single-line ANSI C macro, but an obvious one nonetheless -- suggests that perhaps security engineers and journalists alike merely took the programmer at his word without questioning his accuracy first.
Still, after we made that small modification to the code, it did indeed crash Windows XP. The code makes up to 10 repeated calls to the MessageBox function with the use of a particular flag whose purpose is to bypass the home application, so that the message is displayed as though it were being sent by the operating system itself. After the seventh call to that function within the loop, XP displays the infamous Blue Screen of Death.
But what a check of the event log failed to reveal was any evidence of an elevation of privilege, which is the event that the Times report claims the Russian developer warned about. In fact, both the original post and a mailing list message apparently written by the same developer which links to that post, merely specify that the bug causes memory corruption, perhaps due to a fault with event logs processing - evidence of which BetaNews was able to detect in the logs. The developer's mailing list post warns of the possibility of a "potential remote exploitation vector," but does not list details.
In fact, it was the Determina security advisory which posited that a logged on user could be enabled to run arbitrary code with system-level privileges. However, it did not go on to explain how such a feat would be possible after the system crashed.
A recent Secunia security advisory lists the bug as "less critical," acknowledging reports of its having apparently been witnessed on Windows Vista, but refraining from saying that the bug affects Vista explicitly. Instead, it lists recent versions of Windows XP, Windows Server 2003, and Windows 2000, but intentionally leaves out Windows NT.
Next: BetaNews tests the proof-of-concept code for itself
At first, we attempted to address this matter by compiling the proof-of-concept code in Visual C++ Express in Vista, though we were precluded from doing so in short order, for reasons having more to do with integrating the old Win32 library into Vista than with the specific message box call. So we built a C++ project in Visual Studio 2005 under Windows XP using a compatible profile, and moved the resulting executable file into the Vista environment.
Indeed, after the third invocation of the MessageBox function, Vista did crash. Following a reboot, we noticed what appeared to be a corruption of the Security log files. Events were recorded during the period of the crash, including the "previous system shutdown...was unexpected" event. But not being able to detect what happened by virtue of a bug that corrupts the log file, is a serious problem.
With the Security log being corrupt, we then noticed certain critical administrative functions which would normally invoke UAC from a standard user account, in order to elevate privilege in order to run, simply denied access to the standard user account instead.
Our Windows XP Professional logs were not corrupted by the bug. However, in XP, no security events were recorded. Instead, the logs indicate that the application did attempt to have Windows record an event in a log file to which the application had not been granted access: specifically, SQL Server Express, whose services are not used by the application. XP's log files also acknowledged the unexpected system shutdown.
Based on the evidence we were able to see with our own eyes, here's what's appears to be happening:
An old Win32 function was designed to present messages to the user as though they came directly from the operating system, without any security checks beforehand (in the early '90s, few thought they'd ever be necessary). We know from searching existing documentation on the function that it does check the first one or two characters of message data for certain control characters, such as an exclamation point that indicates Unicode designed for typing right-to-left (called the RTL code, reserved for Arabic, Hebrew, and other scripts).
When the MessageBox function receives what may be a control code, specifically \??\, prior to the crash point, the application apparently attempts to access a log file. Maybe it's using an old method to gather this file, but in any event, it's the SQL Server Express log file (at least on our setup) that responds with an access denial. At some point when this attempt is repeated, Windows crashes.
Determina believes that this legacy code allocates a memory buffer, which it then leaves open after the application crashes. But since the crash apparently takes the system down with it, there doesn't appear to be a window of opportunity for a malicious user to execute random code.
Certainly there's a serious problem here -- one that has not been resolved in Windows Vista, despite a year-and-a-half of beta testing -- but our testing reveals no evidence of that problem fitting the standard template of a malicious user elevating his privilege and assuming control of Windows. Instead, any exploit involving this code would be limited to "nuisance code" that crashes Windows, and perhaps corrupts security files.
But this exploit code is not browser code, and that's important because it clearly falls outside the all-too-familiar profile, invoked by the Times description this morning, where "Web users could become infected with malicious software simply by visiting a booby-trapped site."
http://www.betanews.com/article/Is_Vista...aims/1167176211
|
|
