It sure didn't take long for this to happen with content protection in Windows Vista.

http://www.alex-ionescu.com/?p=24

Exhaustive information on this subject...

http://media.grc.com/sn/SN-073-lq.mp3

http://media.grc.com/sn/SN-074-lq.mp3

http://media.grc.com/sn/SN-075-lq.mp3

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

bottom line:

Vista is not the all new enhanced OS as promised but a DRM platform holding your new high performance hardware hostage ... putting users at the mercy of some 'tilt bits' (no, there is no 'kill switch' :-). and the sword of damocles (in the form of driver revocation) permanently hanging over our heads.

what once has been an open platform (the Personal Computer) will be turned silently into a neutered, closed entertainment appliance and all hardware manufacturers will have to play ball if they want to remain in business. and this will also affect linux in the long run. there will be no open source drivers for 'closed' hardware.

but since we have system resources in abundance ... who cares if a good portion is sacrificed just to ensure that no bus or interface will ever 'leak' precious hi-def content.

all this effort to enable a PC to securely play some hollywood flicks is even more ridiculuous when you can buy some cheap set-top box in the very near future for $50 that wil do exactly the same (the right combination keyed into the remote will probably override all those sophisticated protections :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"Vista is not the all new enhanced OS as promised"

Vista is far more than a DRM platform. Don't get me wrong, I think the DRM crap in Vista sucks, but that's one small part of the Vista OS.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

yet another interesting tech-blog about a driver signing and patchguard 'workaround'.

warning: some of these techniques described may render vista's DRM ad absurdum (already???) ... but as it happens so often in life, minor inconveniences cannot be helped :-)

http://www.alex-ionescu.com/

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"Vista is far more than a DRM platform. Don't get me wrong, I think the DRM crap in Vista sucks, but that's one small part of the Vista OS."

And the good points are ???

Ingress & Egress firewall built in

Completely from the ground up rebuilt TCP/IP stack that is more efficient

Kernel patch protection, at least for now in the 64-bit, which will become a big gain for security

DX10

The elimination of GDI as the desktop graphics engine, which actually increases security

The ability from within Windows built in tools to do a full backup and bare metal restores

Isolation of Internet Explorer from OS, making it far more difficult for the OS to be hacked from the browser

BitLocker full drive encryption

Improved battery life for laptops due to support for hybrid hard drives

Built in support for synchronizing data with other devices such as phones, which works a heck of a lot better than ActiveSync

Built in anti-spyware/adware utility in Windows Defender

Full support for QAM and CableCard TV Tuners

Completely revamped GUI, with built in support for sidebar gadgets

Improved search capability

Those are just a few things. :-)

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Kernel patch protection, at least for now in the 64-bit, which will become a big gain for security"

vista's 64bit patchguard is already knocked out ... and 64bit computing hasn't even really kicked off yet.

"Isolation of Internet Explorer from OS, making it far more difficult for the OS to be hacked from the browser"

virtualization isn't exactly new and certainly not limited to vista.

"Ingress & Egress firewall built in" ... "BitLocker full drive encryption"

better firewalls on the market ... and who in his right mind would trust MS encryption after their public acknowledgment of NSA 'support'? :-)

"Built in anti-spyware/adware utility in Windows Defender"

why would i have to pay extra money to close security flaws in an OS that shouldn't be there in the first place? OneCare is nothing but a money extortion racket!

"Completely revamped GUI, with built in support for sidebar gadgets"

again, look around at some customization web sites and check what they have to offer ... then you'll see the 'WOW'

and last but not least, this thread is about vista's drm ... so what do we hear from you about possible driver revocation, tilt bits and the attempt to turn an open platform into a closed home entertainment gadget? no matter how nice they'll wrap it for us, i ain't gonna buy it :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

Have to agree with you on the points you made in your last post mattie.

A good chunk of the code in Vista is based on previous MS products and the vulnerabilities and framework of that code is well known to those looking for vulnerabilities in Vista.

It has not taken long for other vulnerabilities to show up. There is a hole in the speech software that was released last week... and so on and so on.

IMO Vista will be not much more than what could be considerered as an Eye Candy Service pack on old code. It does have some improvements but those are at the cost of privacy as well as having to upgrade most of if not all of your hardware. One of my computers running Linux that is over 5 years old can give me more eye candy if I so desire.

Not meaning to turn this into a linux versus windows thread ( i do actually like windows now and then ) but ms could go a long way if they took a look at the structure of Unix and it's true modular design. Exploits when they do happen are often much more isolated from the system. Mac OS X sits on top of BSD.

Back to DRM. MS has disabled some common and industry standard a/v interfaces in Vista. That is one thing that i consider a huge negative point when it comes to Vista. Who is MS to decide what is the accepted standards ? Those that do not like the DRM features will either refuse to run Vista or will find workarounds as they become available.

Then again MS seems to have decided that the majority of people that will use the product will just use it for surfing, email, photos, and watching videos. Sad to see they lost sight of the 1000's of other uses for a computer.

DMK

"MS has disabled some common and industry standard a/v interfaces in Vista."

which makes it 'defective by design' ... plain and simple!

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"vista's 64bit patchguard is already knocked out ... and 64bit computing hasn't even really kicked off yet."

You missed the point of patchguard. It is a step in the direction of forcing valid app vendors to stop hacking the kernel to get their apps to work. That would make it far easier to detect root kits later once it isn't common practice to hack the kernel for valid apps to work.

"virtualization isn't exactly new and certainly not limited to vista."

This is new for what is already built into the OS. You can add apps to any OS, but what the OS is and how it is designed differently is still a characteristic of the OS. Bottom line is IE is substantially more secure in Vista than XP.

"better firewalls on the market ... and who in his right mind would trust MS encryption after their public acknowledgment of NSA 'support'? :-)"

We're not talking about aftermarket apps. We're talking about what is built into the OS. As far as that goes, the problem with software firewalls today is ease of use. Windows Firewall in XP doesn't provide great protection, but it is easy enough for the average user to use. Hopefully, Vista's will prove to be that way with better protection.

As for the NSA, that's hogwash. Microsoft's cooperation with the NSA is nothing new, and it to get their input on proper OS security practices in terms of what options should be set by the OS for various main groupings of environments. The difference with Vista is for the first time, the OS was released AFTER Microsoft got input for their security guide, and published the Vista security guide on the internet. Therefore, you can secure for the first time a Microsoft OS using best practices from Microsoft and other leading private and governmental agencies AS YOU DEPLOY IT!

Everyone saw Microsoft cooperating with NSA and automatically assumed some variant of wiretapping was going on. Absolutely not true!

"why would i have to pay extra money to close security flaws in an OS that shouldn't be there in the first place? OneCare is nothing but a money extortion racket!"

Windows Defender is free and built into the OS. Who said anything about OneCare?

Also, this is a naive look at the OS. Why does Windows have these security issues in the first place?

Linux security holes are found far more often than Windows, and no one is slamming Linux for that. Bottom line is code is written by humans, and humans are prone to error. If you want to slam Microsoft for something, slam them for putting compatibility and ease of use over security. Vista however was at the very least was not coded nearly as much in that direction as previous versions of Windows.

"and last but not least, this thread is about vista's drm ... so what do we hear from you about possible driver revocation, tilt bits and the attempt to turn an open platform into a closed home entertainment gadget?"

Because in this thread, it was claimed that is all Vista is. That's simply not the case. Also, this whole DRM thing is being blown WAY out of proportion. At the very least, most of the DRM code doesn't become active until you play HD protected content. If you don't like it, don't playback that content!

Also, driver revocation will only effect the ability to playback HD content. That's it. It's not like you won't be able to game, or generally use your computer if that were to happen. And on top of that, it is exceptionally unlikely revocation would ever happen. That would cost everyone, from the content producers, the hardware manufacturer, and Microsoft. On top of that, even if it did happen, most likely the hardware vendor would be given time to code a new driver and release it before the other driver is revoked.

And on top of all this, Microsoft had no choice other than not make Windows Vista have the ability to playback legal HD content. DRM is a part of HD content regardless of what Microsoft wants.

"no matter how nice they'll wrap it for us, i ain't gonna buy it"

You probably won't have a choice. Sooner or later, you're going to need Vista, or it's successor, which will also have DRM.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Microsoft had no choice"

that's interesting ... so such renowned computer security expert like disney, mgm, warner and co. are dictating microsoft ... gives the term micky mouse security a whole new meaning :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"A good chunk of the code in Vista is based on previous MS products and the vulnerabilities and framework of that code is well known to those looking for vulnerabilities in Vista."

Microsoft developed IE7 as a result of its development of Vista. Sure a lot of its code is the same, ditto previous versions of Linux, MacOS X, etc. Code being around a long time doesn't mean the code is bad. SSL is not that much different today than when i twas invented, yet you trust making online purchases, etc. using it every day. In fact, the code existing for a long time with hackers pounding on it is the only way to know how secure it is.

"It has not taken long for other vulnerabilities to show up. There is a hole in the speech software that was released last week... and so on and so on."

Because that is NEW CODE! Vista initially will not be as secure because much of it is band new code that hasn't been pounded on by hackers! However, the features that I mentioned will make the OS more secure over time.

"IMO Vista will be not much more than what could be considerered as an Eye Candy Service pack on old code."

The complete rewrite from scratch of the TCP/IP stack alone proves that is not true. A lot of the advantages of Vista are "under the hood" and not easily visible to many users.

How about the fact that the GUI is not GDI anymore? Nevermind the eye candy it allows, but architecturally it is radically different! GDI was one of the sources of vulnerability in previous versions of Windows.

But you guys seem more intent on trying to prove Vista in the long run will be less secure or no more secure than XP, which isn't the case.

"Not meaning to turn this into a linux versus windows thread ( i do actually like windows now and then ) but ms could go a long way if they took a look at the structure of Unix and it's true modular design. Exploits when they do happen are often much more isolated from the system. Mac OS X sits on top of BSD."

And Apple along with the linux vendors could learn a lot from Microsoft. System administration and what not does not need to be difficult. With all the slamming Microsoft gets for security, I don't see anything near in the Mac and linux worlds that compares to freely available patch management Microsoft offers with WSUS and Windows Update.

Also, as a network engineer who predominantly works on Microsoft environments, rest assured the vast majority of security problems Windows users get nailed on are for things that are just plain stupid. For example, Macs are just as vulnerable surfing with Firefox with scripting enabled as Windows users are using IE. The only difference is Windows is attacked more than Macs are because hackers know that will yield far more victims because Windows is so widely used.

People run as local admins all the time.

People don't use firewalls to protect themselves.

People don't install patches despite the existence of Automatic Updates, or the fact Microsoft was shipping Service Pack 2 install CD's for free.

The only way linux and mac users can get away with no anti-virus software is because no one ever attacks the OS, even though there are more security flaws discovered for example in linux than windows code due to its open source nature. If linux and mac machines were more common, they'd be hacked more, plain and simple.

Bottom line here guys is if you want to slam Microsoft, fine, slam them for something they deserved to be slammed on, and keep it in perspective.

If you want to say DRM code may be causing some performance hits, fine, that's true. If you want to say DRM *may* be causing some instability currently in Vista, fine!

Saying Vista is only a DRM platform relegates the OS to tiny portion of all it is, and it's simply highly distorted view of what it actually is.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

regarding DRM Microsoft DID have the choice.

but when they 'called in the pros (the NSA) for security', they DIDN'T. america is a country at war. although they do not openly apply martial law, there are rules everyone must follow in order to export encryption (which not too long has been treated the same way as ammunition and was not allowed to exceed 40 bits)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"because Windows is so widely used"

and why is that linux based apache web servers are less prone to attacks than the less widely used windows IIS webservers?

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

and i'm not talking about general security here (even windows user can get away without av software, using limited accounts and virtualization) ... this is about DRM paranoia and its implications.

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"If at any time the graphics driver determines that something improper has happened, then it can set the appropriate tilt bit"

so, Microsoft is to determine what is proper or improper on MY computer?

now, i will NOT take this from some convicted software pirates!

http://www.vnunet.com/vnunet/news/2...

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"regarding DRM Microsoft DID have the choice."

Yes. And HERE are the choices:

A. Do not play back HD protected content.
B. Implement DRM technology that every other HD-DVD player had to do as well in order to play back the content.

You can try to make it sound like Microsoft could have allowed playback of HD content without the DRM stuff built in, and that simply isn't true.

"and why is that linux based apache web servers are less prone to attacks than the less widely used windows IIS webservers?"

Remember that Windows is a relative newcomer to the enterprise server market in respect to webservers, etc. Because of the relative freshness of the code, it had a lot of mistakes in it. Coupled on that many implementers who deployed IIS because it was easy to do and didn't know what they were doing, and you had the insecure IIS days of Windows 2000. IIS security wasn't bad if you followed best practices such as not install unnecessary components, used the IIS lockdown tool, etc., which many people didn't do.

Windows 2003 IIS is a heck of a lot more secure than the 2000 days.

And lets not forget Apache has had its fair share of security vulnerabilities as well.

We can debate all day now about current versions of apache and IIS and which one is more secure, but if there is a difference between either, it's not a big one.

And finally, for the last time, the collaboration between Microsoft and NSA that has come up has NOTHING TO DO WITH PROVIDING NSA WITH THE ABILITY TO BACKDOOR ENCRYPTION SCHEMES!

That may have happened, but it has nothing to do with this collaboration that suddenly has everyone worried. Microsoft was simply taking advice and publishing it from NSA about how to securely configure Microsoft OS's.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Microsoft was simply taking advice and publishing it from NSA about how to securely configure Microsoft OS's."

given a multi-billion dollar IT security industry and MS' budget, which isn't exactly a small one either ... and they're seeking support from some underpaid government workers who have a great reputation for spying on US citizens and finding non-existent WMDs?

"Remember that Windows is a relative newcomer to the enterprise server market in respect to webservers"

for the home user market you blame the fact the windows is so widely spread ... for the enterprise server market you blame the fact that IIS is a newcomer. your argumentation is a bit on the lame side, don't you think?

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"for the home user market you blame the fact the windows is so widely spread"

Hackers go for volume. If you don't recognize that, you don't have a clue about computer security.

Once again, there are far more published security vulnerabilities in linux than Windows by a landslide. This doesn't mean linux code is inferior; it's open source, so it's easier to find the vulnerabilities in linux. Yet, Windows is attacked far more. How do you explain that other than Windows is more prevailent? You can call the truth lame all you want.

"for the enterprise server market you blame the fact that IIS is a newcomer. your argumentation is a bit on the lame side, don't you think?"

I'm not blaming anyone about IIS in Windows 2003's security. If best practices are followed, JUST LIKE YOU HAVE TO WITH APACHE, it's secure. That was simply to explain why people say Apache is more secure than IIS. That used to be true; but it's not anymore, or if it is, the difference is negligible.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

oh that's interesting: open source is less secure because 'it's easier to find the vulnerabilities' ... at least open source programmers address any vulnerabilities with immediate patches and don't leave users in distress like MS.

need an example? IE6 was estimated to be vulnerable to exploitation for 284 days last year, even among users who patched it religiously. In contrast, Firefox was estimated to have left users exposed to unpatched flaws for a total of nine days over the same period.

FYI, the apache web server (the server that is trusted by the vast majority - see the survey below) which is to say the least equally secure as IIS (happy now) is yet another open source project.

http://news.netcraft.com/archives/w...

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"oh that's interesting: open source is less secure because 'it's easier to find the vulnerabilities' ... at least open source programmers address any vulnerabilities with immediate patches and don't leave users in distress like MS."

I didn't say it was less secure. I said there are a lot of vulnerabilities found in it that aren't actively exploited.

And what is the most common webserver doesn't mean it's the most secure. By that logic, Windows is the most secure client OS by far.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

hold on! didn't you just say 'Hackers go for volume' ... so here we have the volume AND open souce which is so easy to exploit ... must be one hell of a nightmarish situation for all those apache servers :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"And finally, for the last time, the collaboration between Microsoft and NSA that has come up has NOTHING TO DO WITH PROVIDING NSA WITH THE ABILITY TO BACKDOOR ENCRYPTION SCHEMES!"

How do you know?

If you actually do know by virtue of your employment or whatever, you certainly wouldn't be telling us. And if you happened to know that the statement wasn't true, you'd be even less likely to tell us.

Therefore, I am afraid we have no alternative but to suspect that MS and the NSA are collaborating in ways which should concern every single one of us greatly.

Especially those of us fortunate enough not to live in the USA. The NSA has absolutely no jurisdiction here in Britain or in any other country except the USA - but isn't in the habit of being told it can't spy on whomsoever it likes in whatever country it likes. And while I have even the slightest suspicion that MS is helping it to do so, I won't buy any new MS products.

and whenever you hear about MS cutting deals with the british government, rest assured, the MI6 (or whichever cloaked agency her majesty's spooks may hide in) is getting its fair share :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"If you actually do know by virtue of your employment or whatever, you certainly wouldn't be telling us. And if you happened to know that the statement wasn't true, you'd be even less likely to tell us."

Why would I know if Microsoft did that? I hold a Microsoft certification. That doesn't entitle me to inside information.

And once again, if Microsoft was doing that with the NSA, that is completely independent of the news of recent collaboration with the NSA. The recent collaboration in the news is GOOD NEWS for security, because Microsoft took advice from independent organization from Microsoft like the NSA and published their recommendations on how to properly secure Vista.

They may have collaborated with the NSA for all we know, but if that were happening. For all you know, the development of SSL could have been done with the collaboration of the NSA.

"Therefore, I am afraid we have no alternative but to suspect that MS and the NSA are collaborating in ways which should concern every single one of us greatly."

See above... You have no proof Microsoft ever gave backdoor info to NSA. Your evidence is that Microsoft collaborated on recommendations on how to securely configure operating systems and enterprise level messaging and database products. That's not logical.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Microsoft took advice from independent organization ... like the NSA"

give me a break ... maybe i have missed something and pigs CAN fly :-)

assuming the NSA an independent organization is about as ridiculous as the question: is the pope catholic?

let's assume for a moment you're right about it ... then we have Vista's security subsidized by US taxpayer's money.

no matter how you turn it, it smells rotten either way.

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

NSA publishes security guides for how to secure various operating systems and major enterprise applications such as messaging and databases. When I said "independent", what is meant by that is someone other than Microsoft making recommendations on configuration options we all have concerning how to securely configure these products.

There's nothing subsidized about it. Should the NSA review configuration options of these products that they use internally? Absolutely! They should be looking at these options and figuring out for themselves the best way to configure them. They simply share what they found with everyone, and give justification as to why they think a particular setting should be set for better security. They don't have to share that info, but don't you think that's a good thing they do?!

This is all publicly available, and NSA contributes to publications for recommended security configs such as the Center for Internet Security (CIS).

Microsoft also includes these recommendations in the Security Guide for Vista, as well as XP, 2003, and 2000. For the third time, there is only one difference between Vista and the rest - Microsoft and NSA published their recommendations BEFORE the OS was generally released to the public instead of after. That way, the OS isn't in the wide use before there is good information about how to properly secure it.

Please tell me how this is a bad thing.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Should the NSA review configuration options of these products that they use internally? Absolutely!"

i really wonder what internally used products you're talking about? windows at ft. meade? get a grip!

"Software emulation firm VMware ... has teamed up with researchers at the National Security Agency to create a nearly crack-proof computer that can place sensitive data in virtual vaults inside the PC ... the decision to run the VMware technology on top of Linux, not Windows, is key to a government agency like the NSA"

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

Large organizations are usually heterogeneous networks. If you actually think NSA doesn't have Windows servers and clients, you need a reality check. They do in fact have them.

By the way, Department of Defense has Windows clients and servers, too.

I have a firm grip on reality.

And, as I was saying, NSA releases security configuration recommendation guidelines to help secure your server.

http://www.nsa.gov/snac/

If you check www.cisecurity.org and their organization, you will find NSA contributed to those documents as well as NIST and DoD.

Check Microsoft's security guides, and you'll also see that they contributed to their security guide as well.

There's nothing in the guide that you can clearly see that shows any of these organizations encouraging you to keep your security loose so they have backdoors in. All of this documentation is provided to encourage proper security configuration to protect data and server integrity to anyone who may find it useful.

So, once again, and I hope it is clear as day by this point, the recent news of NSA collaboration with Microsoft has NOTHING to do with backdoors to any Microsoft OS or technology. If that is happening, it is not in the slightest related to this collaboration reported in the news.

And this collaboration reported in the news is a GOOD THING! It shows Microsoft is not taking a unilateral approach to security recommendations like they did with Windows 2000; they are welcoming input from people and organizations, private and public sectors, to provide information on proper security configurations to ensure data and servers are not breached. How you think that's a bad thing is incomprehensible.

And don't twist this into me saying introducing backdoors into the software for NSA use is a good thing. If that is happening, that's obviously bad, but you have no evidence that is happening. This collaboration in the news has nothing to do with it.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

now ... to bring this to an end:

all this 'GOOD THING!' talk will not change my inherent mistrust to an agency that is famous for eaves-dropping on its own citizens and excelled in finding non-existent weapons of mass destruction.

Bill Gates' extraordinary talent as a business man should not be mistaken for innovativeness, the poor security track record of Windows is legendary and Microsoft's history of monopoly abuse fills volumes ... for Microsoft (a money driven enterprise), Vista's primary reason for existing is to be sold but i ain't going to buy it (Vista's DRM, the topic of this thread, being only one of the reasons) ... period.

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

Right, so you're gonna hate on Microsoft no matter what. That's pretty clear by now.

Your problem is you do not recognize that large organizations, be it private or governmental agencies, aren't really monolithic. NSA has several parts to it, most of which are not related to wiretapping. For example, you do realize a lot parts to the military do not involve blowing stuff up. This collaboration to provide security config recommendations is a good thing, you have a hard time admitting that.

Also, NSA was not the one responsible for faulty intelligence about WMD's. That would be predominantly CIA, along with other countries who provided intelligence, including Britain.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

get real, you can blame the Brits for a lot of things but not for your spooks screwing up :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

Uh, British Intelligence fed the CIA with the info that Saddam was supposedly trying to get yellow cake from Africa.

Also, virtually every country who had intelligence in Iraq agreed they had WMD's. Not blaming them exclusively or even predominantly. Just saying they agreed Saddam had WMD's, and offered specific evidence to that in some cases, especially Britain.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"every country who had intelligence in Iraq agreed they had WMD's"

that's what Donald Rumsfeld said on his famous press conference and simply not true!

but of course HE knew about WMDs, didn't he get the receipts from Saddam? :-)

and now cut the fox news hogwash and let's get back to the issue at hand ... here's the summary:

1. Vista's DRM significantly hogs down system resources (an average of 90 polls per second is more than paranoid!) and is one of the reasons vista requires higher spec hardware at the customers' expense.

2. it is an attempt to turn the open platform 'personal computer' into a 'closed' home entertainment appliance.

3 to implement DRM into vista was Microsoft's CHOICE because they want to control the way, hi-def content is going to be distributed (MS could have simply left it to the content owners to protect their content, who need the platform PC more than PC users need the content industry).

4. and last but not least: tilt bits make a Vista PC is vulnerable to a forced reboot by any process, any virus, any worm, any voltage fluctuation that can cause a tilt bit to be set.

now let's discuss these 'GOOD THINGS', will ya?

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"that's what Donald Rumsfeld said on his famous press conference and simply not true!"

Please say you're joking that Britain did not provide intel about WMD's in Iraq.

FYI, I was against ever getting involved in Iraq. I'm definitely not a part of the right wing crowd by any stretch of the imagination.

"1. Vista's DRM significantly hogs down system resources (an average of 90 polls per second is more than paranoid!) and is one of the reasons vista requires higher spec hardware at the customers' expense."

You're omitting most of the code is not running when an HD-DVD or BluRay disc or other protected HD content isn't being played. And once again, there's no way around this. Protected content requires this in order to be played back. Microsoft simply is making that possible on Vista.

"2. it is an attempt to turn the open platform 'personal computer' into a 'closed' home entertainment appliance."

I don't know what you mean by this statement. The technology to playback HD protected content is closed irrespective to Microsoft and Windows Vista.

"3 to implement DRM into vista was Microsoft's CHOICE because they want to control the way, hi-def content is going to be distributed (MS could have simply left it to the content owners to protect their content, who need the platform PC more than PC users need the content industry)."

That is completely inaccurate! HD protected content is already encrypted. The encryption schemes are already in place. Microsoft's choice was to code Vista in such a way that would convince the content authors to allow the content to be played back on Vista machines that meet spec, or no Vista machine would legally be able to play back protected content.

If Microsoft tried to thwart these content protection schemes, they would be held legally liable. So again, the choice was no Vista machine would be able to playback this protected content, or conform to spec, and it could be allowed to. They chose the latter.

While you could disagree with this decision, on principle, I don't at least for specific versions of Vista. I wish there was an MCE specific version of Vista this stuff was in, and that's it. But Microsoft deemed that all versions should have it, which I obviously disagree with.

"4. and last but not least: tilt bits make a Vista PC is vulnerable to a forced reboot by any process, any virus, any worm, any voltage fluctuation that can cause a tilt bit to be set."

Precisely why I think it should have been in a specific version of Windows designed for media content playback. The bottom line is it is additional code that may not be required, and any code can have security vulnerabilities in it.

However, I don't know how you figure it forces systems to reboot.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

Here is a quote from the section of Microsoft's document which covers tilt bits. Section 2.3.3, page 13

"Tilt bits are provided in the DDI as the driver’s mechanism for reporting that a hacker is suspected. If at any time the graphics driver determines that something improper has happened, then it can set the appropriate tilt bit—for example, if the hash of an output status message doesn’t match the message. If any tilt bit gets set, then Windows Vista will initiate a full reset of the graphics subsystem, so everything will restart, including re-authentication".

if you wish to download the complete document:

http://download.microsoft.com/downl...

As for Microsoft's poor choice to implement DRM, read Peter Gutmann's cost analysis very careful (take yourself the time, it's fascinating reading :-).

http://www.cs.auckland.ac.nz/~pgut0...

"Rather than address questions from Gutmann himself, or from the technical press and analysts, Dave Marsh, Microsoft's lead program manager for video chose his own questions to answer, and passed them along to a colleague, who posted them on his blog.

http://windowsvistablog.com/blogs/w...

Naturally these include several answers to questions Gutmann didn't ask, but avoiding the press by selecting awestruck bloggers instead is Microsoft's preferred way of dodging hard questions these days."

Rather than making protected separate Media Center Software available, Microsoft decided to cripple EACH version of Vista, subsequently decreasing stability and reliability of millions of work computers. Why they chose to do so completely escapes my logic.

FYI, HD content (taken from hd-dvd AND blu-ray disks alike) has already hit the torrent world - BEFORE the official release of Vista to the general public - rendering the whole shebang pretty useless :-)

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

So they jacked the price up in order to include what is already shown to be a useless feature. A feature that, whatever MS says, they were *not* forced to include but chose to include. (Because had they just said "we're not doing that", do you really think the studios would have put out product that wouldn't run under Windows?)

And I remain concerned about the NSA thing. No, we don't know that MS have given the NSA a backdoor into Windows. But neither do we know that they haven't - and if they have, that makes Windows Vista illegal in a large number of countries.

A graphics subsystem restart is NOT a complete system reboot.

I've read Gutmann's cost analysis of DRM. It's an interesting read, but he presumes a lot of things that aren't true.

A. He assumed low res would effect all things displayed on the desktop should it be decided the system isn't compliant. That's not the case, only the HD window would be effected.

B. He claims that this forces hardware vendors to include DRM technology in their cards. They don't have to, it's their choice.

C. He claims this will drive costs of video cards by effectively abolishing unified drivers. He claims this is the case because with a unified driver, should one card be deemed not up to snuff and revoked, it will do this to all cards.

This ignores the fact that driver revokation of a major graphics card driver from Nvidia or ATI would hurt all parties involved, from the content manufacturer to the video card manufacturer to Microsoft because consumers who suffer from this will blame all parties involved. It is highly unlikely any major graphics card provider will ever have a driver revoked.

And even if it did, it doesn't cripple the system if a driver is revoked. It simply can't playback HD protected content in HD resolutions. Whoopty do!

I also find it pretty entertaining you're slamming Marsh for replying before Microsoft has an official reply if they ever do. The guy at least addressed some of the issues and clarified/corrected assumptions from Gutmann that were made due to ambiguity in the original Microsoft white papers concerning DRM. He at least addressed some points and corrected many misconceptions, such as Gutmann claiming that medical imagery would be crippled if playback of HD content in another windows were running at the same time. While Gutmann's claim wasn't maliciously proposed, it was nonetheless something that needed to be corrected and clarified.

Look, I disagree as I've stated many times about how Microsoft has chosen to implement this DRM, but it is not the "sky is falling" problem you're making this out to be. It's a minor issue, and it certainly shouldn't inhibit someone from going to Vista if they don't care about playback of HD content and find other features of the OS attractive.

"So they jacked the price up in order to include what is already shown to be a useless feature."

Did I miss something? I don't see how Vista is anymore expensive than XP was. Looks to me like comparable versions of Vista are $10 more than XP. Adjusted for inflation from 2002 to 2007, that means Vista if anything costs less. So again, this simply isn't true. Not to mention Vista isn't XP; it has more features than XP does.

"A feature that, whatever MS says, they were *not* forced to include but chose to include. (Because had they just said "we're not doing that", do you really think the studios would have put out product that wouldn't run under Windows?)"

This has fallacies built right into it, many in fact. You're missing this point - HD protected content ALREADY had this DRM within it PRIOR to the release of Vista. If Vista didn't have support for the hardware, etc. to decrypt the content (HDCP, etc.), the content WOULD NOT HAVE RUN!

Also, Hollywood in this situation has a far better position to bargain with. The vast majority of people do not watch movies on their PC's in any significant amount. Sure, a business traveler may pop in a movie in the airplane on their laptop from time to time, but compare that to the amount that same traveler watches a DVD on their TV with a DVD player is far less.

At the same time, Microsoft is trying to get more into media playback devices with the Zune, Media Center Edition, etc. At least to some degree, they had to go this way. Again, I disgree with them putting it in every copy of Vista.

"And I remain concerned about the NSA thing. No, we don't know that MS have given the NSA a backdoor into Windows. But neither do we know that they haven't..."

Okay, and you can say the same thing about unix vendors or Apple. The difference in this case is because you heard MS and NSA in the same news article, you're more suspicious.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

"Because had they just said "we're not doing that", do you really think the studios would have put out product that wouldn't run under Windows?"

no, the studios need the market (with or without DRM) and microsoft wants to control the distribution.

"this forces hardware vendors to include DRM technology in their cards. They don't have to, it's their choice."

and the alternative would be? oh yeah ... being out of business the very next day! LOL

"but it is not the "sky is falling" problem"

as an enterprise CIO i would not surrender my company's computers to tilt bits and driver revocation (and neither can i see the intelligence community doing this :-).

mr. marsh's poor choice to answer the severe implications through some 'awestruck' blogger (and dodging he hard questions) will not make anyone with little understanding of serious comuting resting assured. this is absolutely unsatisfying and based on too much likelihood and vague assurances.

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

"no, the studios need the market (with or without DRM) and microsoft wants to control the distribution."

Huh?! Dude, they ARE the market. Microsoft is not the content creator, and they don't control the content. Again, DRM in HD protected content was there before Vista was ever released. Microsoft doesn't control anything in this. They simply made Vista able to playback this content that was already protected by technology already in place.

"and the alternative would be? oh yeah ... being out of business the very next day! LOL"

Why, because the video card can't playback DRM protected HD content on their PC at full res? Again, it's not like most people watch this content on their PC, they watch it on their home theater.

"as an enterprise CIO i would not surrender my company's computers to tilt bits and driver revocation"

Yeah, because you're gonna really freak out when your employees can't watch a movie they're not supposed to be watching at work anyway in full res. *rolling eyes*

Tilt bits aren't even in the equation until someone actually is playing back HD content. Again, I'm sure business CIO's are really gonna be receptive to employees watching movies while working. Give me a break...

"mr. marsh's poor choice to answer the severe implications through some 'awestruck' blogger (and dodging he hard questions) will not make anyone with little understanding of serious comuting resting assured. this is absolutely unsatisfying and based on too much likelihood and vague assurances."

It cleared a lot of things up for me. Of course he dodged the questions that constitute problems with this DRM model; he's a Microsoft employee. And do you really think Gutmann is right about everything in his white paper? NO! I've already pointed out several mistakes he made, some due to just wrong logic, others because Microsoft's white papers on the subject was unclear.

Look at some of the points you're making. It's pretty clear you are running almost exclusively on things Gutmann said that have been corrected by Marsh. Did you even read Marsh's response?

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

now if you're launching a new product which is raising the gravest concerns, you think a statement, submitted through a blogging 'friend/follower', saying the scenarios are 'highly unlikely to happen' is satisfying potential customers?

c'mon - i understand, being certified by microsoft requires you to sing their song - but this is ridiculous!

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

I'm against the DRM broadly in Vista, but how is this "the gravest of concerns." I don't get it.

And being an MCSE doesn't mean I have to sing their song. But it does bug me when people make things out to be a bigger deal than they actually are. DRM is not the "sky is falling" thing you're making it out to be. You're blowing this way out of proportion.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

tilt bits that are putting the system stability at stake, possible driver revocation (no matter HOW little the likelihood) and content protection features (already obsolete!) that increase CPU resource consumption aren't issues 'blown out of proportion', regardless your tedious efforts to play them down.

Microsoft has set out to govern and regulate your 'personal' computer, hardware AND software, by their own policies (deciding what is 'improper' and what not) and they should not get away with it.

Today's subliminal thought is: 'Calm down ... it's only ones and zeros.'

How do tilt bits put system stability at stake?! Your only claim to that is a complete reset of the graphics subsystem could be initialized by tilt bits. That's not a reboot, and it's not even clear if this means a pause or flicker with the content playback window or the entire GUI. And even if they did, they only become an issue when you playback HD protected content!

And once again, CPU resources are ONLY hit when playing back HD content. If it bothers you this much, DON'T PLAYBACK THIS TYPE OF CONTENT!!!

Microsoft has not set out to govern and regulate anything. They are not the ones who have decided what is improper or not. That was already done by Hollywood. You're making it seem like this DRM is an invention of Microsoft.

For the billionth time it seems I've had to say this, this DRM technology was used on HD-DVD and BluRay well before Vista was ever released. The only thing Microsoft has done is added code into Vista, sanctioned by Hollywood so that Hollywood would give their approval, to allow PC's to be able to play this content back legally. Had Hollywood not have used this DRM technology on HD protected content, Microsoft would have never put this into Vista. This DRM was never concocted by Microsoft; Hollyw