Microsoft News Update

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.

Privacy Control or DRM?

[Neon+Spiral+Injector]

One article says Media Player 9 will allow the user to select how much information is set to content providers. But the other goes into detail about the new DRM featurs of MP9. One of the biggest is a 3rd party clearing house for certificate athentication and authorization.

So you get a DRM enabled media file. When you play it, Media Player has to contact this server to find out if you are allowed to play it. They can track every time you play this file.

Maybe you'll have a feature that protects your privacy, but if you don't let the player contact the clearing house, you can't play the files.

Also, I'm sure everyone saw it coming. The reason Microsoft changed their EULA is because of this new DRM crack down. They want any program that can open a DRMed file to have to be authenticated, and they want to be able to disable any program that will attempt to get around these restrictions, and they don't want to get in trouble for messing up software you have installed.

Good thing I use a free and open OS. But if this type of thing continues, all media produced will be encrypted and you'll have to contact the DRM server to view it. So it won't matter. Just wait until router manufacturers are convinced to not all their producted to transmit any packets that haven't been DRMified properly.

Re:Privacy Control or DRM?

[Technician]

I wonder if a DDOS attacks on the clearing house will convince very many people this is a bad idea?

"My Power Point presentation died... I want it fixed NOW!. What do you mean the copy can not be authorized with the clearinghouse? I wrote and transfered it to the auditorium computer! Make it play!"

Roblimo I Am Calling You Out

[Carnage4Life]

On Roblimo's (Supposed Editor-in-Chief of OSDN) webpage he claims that

My official job title is Editor-in-Chief for OSDN, but I'm more of an in-house editorial consultant than a controlling "boss" editor because we have a great staff that needs little or no direction. Now and then I offer a little advice, but I usually wait until I'm asked instead of forcing my words of wisdom (wisdumb?) into unwilling ears.

well it may be that most of the Slashdot editors (timothy, CmdrTaco, hemos, etc) know how to use their own discretion but it is painfully obvious to anyone who's been a Slashdot reader for any decent amount of time that Michael needs adult supervision. If he isn't bitch slapping comments or posting blatantly wrong information then he's insulting Open Source luminaries like Tim O'reilly and twisting their arguments.

However he has now topped himself by linking to a script kiddie tool to what may be an unpatched bug on a website that gets hundreds of thousands of hits a day. What the fuck? Do you see MSNBC or C|Net linking to r00tkits whenever a Linux vulnerability is released?

Roblimo as Editor-in-Chief, you are responsible for his work and quite frankly he is the worst part of the Slashdot experience (now that I've upped my threshold to 4).

WMP9: it still comes down to trust

[Damek]

From the article:

"Welcome to Windows Media Player 9 Series," the opening screen of the Privacy Options panel reads. "Microsoft is committed to protecting your personal privacy. To enhance your experience with features including album art and pay-per-view-services, data must be sent and received over the Internet and/or saved on your PC. The options below enable you to customize these privacy settings."

OK, so right from the get-go users are presented with the issue of sending information from their computer. Certainly this is an enhancement feature, if done correctly and the user really has control over what is going on. In the long run, the real power and benefit of computers and networks comes with sharing information, and as people become more comfortable with it, software that includes network features will be more powerful and more popular. For example, see the popularity of the CDDB in CD players.

However, how do you really know what sort of information your software is sending over the network? As we start to take advantage of network features, it will become impossible to rely on personal firewalls to curb outbound traffic - you want your CD player to send some ID to the CDDB so it can retrief the correct tracklisting for the CD you're playing, so you have to tell your personal firewall to allow your CD player to connect to the net. After that point, you are trusting the CD player to behave properly and not betray you.

The article acknowledges this:

"As more applications become Web-aware in order to provide services and information back to the user, consumers need to be aware of the quid pro quo that's taking place and exactly what information is being provided to the vendors," Gartenberg said. "What Microsoft appears to have done here looks like a step in the right direction, if it makes it into the final product."

So the issue boils down to trust. Do you trust Microsoft? I'm sorry, but I do not. No matter what they put in their GUI as far as options go, you can never quite be sure about what their software is sending back to them.

With open source, at the very least you're allowed to look at the code and see what your software is really doing...

Re:Well...

[VivianC]

On the plus side, someone might be able to use this to knock out the machines that are still flooding the net with CodeRed.

Besides, anyone smart has NETBIOS blocked at the firewall already, right?

Re:My MS Activation Story: True Story.

[rseuhs]

Why should Microsoft care as long as you keep sinking in your money?

The main point of this story is not how incompetent Microsoft is. - The main point (IMO) is that this is yet another story about yet another Windows-user that will go to hell and back to use Windows but will not even look at alternatives because Microsoft has successfully implanted the delusion that only Microsoft can solve their problems.

In a free market customers do not put up with crap like this.

I don't feel the slightest pity for you. If you chain yourself to a single vendor with no way out you are asking for being raped. And it's irrelevant if that single vendor is called Microsoft, Apple or Sun.

And you know what the message for Microsoft is?

The message is "If they are willing to spend 10 hours on the phone, they are also willing to pay 200$ more"

Firewall != ivory walls

[Bastian]

If you let FTP traffic through. malicious code will get in through there. If you leave port 80 open, malicious code will get through there. If you leave port 23 open, malicious code will get in through there. If you let e-mail in, even if you virus-scan it, malicious code will get in. If there is a single floppy disk drive on your network, malicious code will get in. Same for CD-ROM drives.

Firewalls can make things inconvenient for people (users as well as crackers), but there is always a balance that must be met between how much inconvencience the users can tolerate and how important it is to inconvenience crackers. That balance is never going to lean very far towards the 'inconveniencing crackers' side.