Slashdot Mirror
Microsoft Media Player "Security Patch" Changes EULA Big Time
MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure,
you also want microsoft to have free reign on your PC.
How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion? If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?
Toronto-area transit rider? Rate your ride.
Nobody forces you to use WMP.
:D
Just use a different media player.
BlazeMediaPro, Winamp, more, take your pick.
oh and yeah, add microsoft.com to your hosts file
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
It's just to win points with DRM advocates. It's an underhanded means of controlling its "users" from the perspective of the DRM folks. I would be interested to know if there's been some discussion between MS and the DRM folks to ensure/track this sort of thing.
And in the balance: security vs control.
Either the villanous attackers are in control/capable of control
OR
Microsoft is in control.
Geez. It's a lose-lose situation.
One of these days they will go too far.
Every move Microsoft has made follows
Machiavellian politics to the letter.
It's no longer about money, it's about
power. Microsoft will continue to find
ways to gain more control of computers,
and eventually will try to directly
attack other operating systems and make
them illegal. Microsoft doesn't even have
to worry about serving customers anymore.
There's almost too much momentum to over-
come here, folks. The only way that our
computers will belong to us in the future
is to make sure that we control how they
are used. Keep the hardware in the hands
of smaller manufacturers who have to
compete. Keep the software in the public
domain wherever possible.
At this point, even Apple looks good com-
pared to Microsoft. They have to listen
to their customers, they have adopted con-
cepts from better operating systems and
made it easier for users to use a com-
puter for any purpose they desire.
It doesn't matter what OS you use; BSD, Linux,
Solaris, or any of the other options. But by
choosing something other than Windows you
will help keep control in your hands. At this
point it would take thirty years for Microsoft
to go out of business, but we need to be looking
ahead. Do not accept these incremental attacks
on your freedom.
...
mmm...Troll food. I'll answer anyway.
Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.
So, example scenarios:
You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.
Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...
Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?
The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.
I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.
Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.
They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.
Oh, wait...
"its purpose is
twofold: (1) to make a point about the absurdity of hidden "agreements"
that buyers cannot know about until after sale, and (2) to be able to
honestly say that I never accepted any EULA, and thus my use of the
software is limited only by copyright law, just like a book or a CD."
Hmm... and removing that EULA click-through page you won't be liable? And the other trueth is that if I close my eyes I'm invisible.
Come on. The second anyone finds that Winamp's been disabled because of something Windows Media Player installed behind the scenes, Microsoft will be fighting back a shitstorm unlike any other it's faced. I find it highly unlikely you'll log into your Windows machine one morning and find nothing will work other than Windows Media Player.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
If you develop on Windows, well, there's your problem.
-jhp
/. -- the Free Republic of technology.
Microsoft is well on their way to making hardware do this by itself. Then, all they have to do is invest a little more in America (ie: buy a few more Congressmen) and, voila, every computer in America has one of these suckers. Goodbye Linux. Goodbye ability to do whatever you want with your own music.
IWARS.
People, in general, disappoint me. Politicians even more so.
So we're updating machines at work to w2k by flashing an image on to the hard drive. Being the nice people we are, we've even backed up people's music for them. When we restored one woman's music, media player refused to run until it had been updated. So I updated it, checked that it ran the little demo it comes with and left. 10 minutes later I get a call that it won't play her music. Turns out that because the music had been ripped on what it thought was another machine, it refused to play it. Never mind that the hardware was exactly the same, except for the addition of 128 megs of ram. The hd had been formatted and a new os installed (essentially) so as far as media player was concerned, the files were now on a different pc and so it wouldn't play them.
I tried to explain to her that Bill Gates thought she was stealing music. I'm not sure it took though; I think she secretly thought we weren't letting her play it. Yeah, we'll back up a gig of music on the tape, spend the time restoring them and then not let you play them. She eventually just said she'd bring the cd's in again.
There may have been a way around all this, but for such an obvious non work related thing, wasn't going to do it. Didn't feel like installing winamp because she'd been so annoying and whiny about the whole thing.
Such overwhelming evidence of a 'pattern of abuse' would most likely NOT do well for you and your argument about 'not signing the EULA' in a court of law, if it comes to this stage. And quite frankly, it is coming to this, and we do need to fight it!
This smells so illegal... First include an application in the OS that has a security hole, a few months later act surprised that someone discovers it, firstly deny any such problem exists than finally recant and recognized the problem, build a patch a few months later but include in the attached legal document aa disclaimer for any responsibility for the patch, application(s), and OS, and that third-party applications may be disabled/removed/erased without the owner/user permission at any time. Grrr...
Kinda like buying a new car and not noticing the dealership & manufacturer deny and responsibility for any item and/or service. Then find that if the dealership and/or manufaturer doesn't like any third-party something(s) you put into/onto the car (tires, stereo, etc.) they can eject/confiscate/destroy the third-party something(s) at any time. In a few months you get some new tires from some dealer down the road and as your cruising home on the interstate at 60 the front tires are ejected. Later the court throws out the lawsuit since you violated the dealship/manufacturer EULA...
Time to buy another drive and try the various "open" OS's again....
IE's PNG support sucks balls.
As of version 5.5.2, Microsoft Internet Explorer will view almost any non-transparent PNG image and almost any binary-transparent indexed PNG image. IE 5.5 and 6.x work well with my site, which uses PNG and JPEG exclusively.
CMYK encoding
According to this page, PNG supports CMYK color space.
YCbCr, L*a*b
I couldn't find anything one way or the other about these color spaces.
Resolution Metadata, Extensible Metadata
The PNG format contains a field for the physical (pixels per meter) resolution of the image.
Will I retire or break 10K?
How is this interesting? When you sign or accept a contract, you are bound to it, whether you read and understand it or not. If you don't understand it, don't agree to it until you do understand it.
I note that most EULAs reservie the right to change the EULA at any time without notice. How about if when I click 'I Agree', I also say I hereby claim the right to alter this agreement at any time by posting notice in my underwear drawer!
Why not, it's just as fair. If the corporations don't like it, they shouldn't accept my money. If the courts have any sense of fairness left in them, they will either uphold both or rule both to be invalid.
This EULA's a precurser to M$ actually installing DRM and anti-anti-DRM software on your computer as part of the next security patch.
Big Daddy, Johnny, Burp, Aunt Zelda, Scott, Slurp, Big Momma
Let's take it from another angle: You buy an ice cream. When you open the wrap cover, you find a small agreement saying "in order to eat this ice cream, you must agree to also stand on your head and make a sound like a horny lion, ten times, in a public place". So what do you do, sign it or return the ice cream? No, because tossing it into the nearest waste basket would make your afternoon a nice walk in the park enjoying your ice cream - since just because somebody tries to force you into "agreeing" to something before using a product doesnt mean it's illegal for you to use it without agreeing.
A side note: That'd be "truth" you're looking for.
Tomorrow will be cancelled due to lack of interest
If this patch was distributed through Windows Update as a critical update, and thus was auto-installed on my machine through my XP Auto-Update configuration, then it's not like I've agreed to a new EULA, right? It was automatically installed; I was never given an opportunity to disagree to a new license.
You say the cons for Linux and Macs are that they don't have many games. However, why not just buy gaming consoles for play. There are at least two non-Microsoft competitors in that market--Sony and Nintendo. Maybe some of you have reasons not to like them (they seem to be obsessed with copy protection too), but I think they are much better alternatives to MS. As an extra bonus, you don't have to mess with hardware configurations and stupid compatiblity problems, or wait for long boots...
...and yes there are games that are computer only, however it seems to me that recently all the good games are on console anyway, and the computer game section of stores are almost dead. I mean last time I looked, The Sims was the most exciting game there! Lame.
has anyone realised that M$ can just say linux is "DRM circumventing" and destroy it on your PC.
this may seem a little far-fetched but even so they do seem to be running out of options
isn't this the same sort of "bundling" activity that got MS into trouble in the first place wrt Netscape/IE? It's not as pervasive on the front-end now (from the end-user's perspective), but it's all over the back-end... where the real money probably is. Not that I really give a crap either way -- I switched over to 100% OSS/Free software about 5 years ago, and I don't have any desire to actively trade in certain file formats. For that matter, I've only bought 2 music CD's since the format was first invented. Reason why? It didn't take long to realize what was going on in the industry, so I simply boycotted it altogether. I don't think I'm missing much either, judging by the crap on the car radio going into work this morning. The entire DVD thing was a real yawner for me; same shit, different day. When will the content owners actually take responsibility for enforcing their ownership, instead of foisting their problems (such as really antiquated business models) upon the IT industry and its users? For that matter, perhaps some of the IT industry has equally antiquated business models. Bah.
C|N>K
Unfortunately the console will never be a good platform for real-time strategy games, or first person shooters. These games require a mouse and keyboard to play. Age of Empires (published by Microsoft) was one of the best selling PC games in history. The same goes for Turn-base strategy games as well. Civ3 anyone? I am all for RMS's ideology, but until I see a great RTS/TBS game on linux I will stick with Win2k. Console are fine for driving, sports, and fighting games, but when you need maximum control and aim, a PC is the ONLY way to go.
A mission for the enraged /. reader, discover what server(s), domains, IP addresses access a windows PC to check for DRM compliance and disable software.
Then publish this information on every website possible and allow everybody to update their firewalls blocking any sort of access to these places. And MAYBE send the information to Linksys so they can put a option in their "DSL/Cable Router" to block any sort of access to it.
Linksys may be able to increase sales by advertising just this feature to the average consumer.
Just find somebody who is less than 18 years old to install it. Since they are a minor and therefore unable to enter into a binding contract the EULA is void.
We're going to make information free Mr. Anderson, whether you like it, or not.
All of you people talking about removing/subverting/ignoring/legally challenging/etc. the EULA are ignoring an important fact.
It doesn't *matter* if you legally accept the terms of the EULA or not, since those terms merely spell out *how the software will operate anyway*.
Say there is a magic "Get out of EULA Free" card that came with your Microsoft Monopoly game.
Say you use it.
That's not going to stop the software from disabling other software on your machine, interfering with its operation in a supposed attempt to ensure "Digital Rights" are observed, or installing other components into your OS automatically, without asking you for permission.
The software *doesn't know from EULA*.
In other words, you can debate the legality all you want, but that's not going to change how the code operates, once it has been installed on your machine.
-- Terry
The Windows box has an EULA on it that you accept by opening the box. Using the program means accepting the EULA, even if you hack the program to hide the EULA on install. Go on, try this out in court, they'll laugh at you... "Yes, your Honor, I illegally altered the program so that it wouldn't show me the agreement, so I don't have to follow the agreement! Haha!"
Who the cares right now if it pays the rent.
Me UNIX/Java programmer, me unemployed. If a company wants to give me $$ to write VB or VBA or VC++ or C#. I can't very well say no.
And if you think that something like that could never happen to you. I really hope your right, because snobbery doesn't go very far in a tight job market.
In many situations, system administrators are responsible for system uptime and often given zero authority to enforce, create or even suggest policies which get in the way of whiny developers, regardless of the resultant increase in code quality[1]. Talented software engineers are a lot harder to find than talented system administrators because hiring managers perversely ignore most of the people who can do the job right, merely because said applicants are over 35. Most companies would rather try to replace a sysadmin than a software engineer because the chief job of the system administrator in a small-to-midsize organization is to hide and absorb institutional incompetence.
Then again, any software engineer who would demand root on a production system is probably insufficiently skilled to understand basic computing concepts like "separation of privilege" (as seen very recently in OpenSSH), "compartmentalization", "principle of least surprise", and so forth. Far from being engineers in any sense of the term, they're at best "code jockeys" and ought to be physically beaten on a daily basis with classic computer science texts. 90% of them are nothing more than whiners with degrees, and the other 10% design software for the users -- all of them including the poor sot who has to restart that crashy server at 2am every second or third morning.
I left the technology industry about a year ago, and until more of the antipatterns shake out I don't plan on returning. Unfortunately, the corporate circle jerk has much invested in maintaining these antipatterns so I don't expect the situation will get better soon. As much antipathy as I have for people, professional body piercing sounds like a far preferable career with less bullshit and higher hourly pay. For that matter, so would pizza delivery or auto parts order desk.-jhp
/. -- the Free Republic of technology.
it seems to me that this news is about the right this eula gives them to actually disable those programs because they do the kind of services you describe.
Fishy, isn't it?
Can you still talk about a free market if those kind of eulas are legal?
zoloto wrote:
;)
> You've neither agreed to the EULA, and you're
> protecting your system by patching it.
Unfortunately, while your method may keep one from agreeing to the EULA, it hasn't disabled any of Microsoft's software that carries out the problematic actions the EULA warns about.
The only thing your method does is enabling a person to use the software without agreeing to its license. Congrats, you just found a new way to invoke the wrath of the BSA!
"At this moment, it has control of systems all over the world.
And...we can't do a damn thing to stop it."
Miasaka, "Godzilla 2000 Millenium" (Japanese version)
Don't worry, Godzilla stopped it!
If you're M$ or other large corporation with money to spend on lawyers, he'll be bound. It will be cheaper to give away the machine than to fight in court (US court that is).
The moon is not fully subjugated. I demand a second assault wave preceded by a massive nuclear bombardment.