Slashdot Mirror
DRM Hole Sets Patch Speed Record For Microsoft
puppetman writes "Wired columnist Bruce Schneier has an article up called 'Quickest Patch Ever', about a patch that was issued within three days to fix a vulnerability in Windows Digital Rights Management (DRM)." From the article: "Now, this isn't a 'vulnerability' in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: 'Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore.' But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this 'vulnerability' is in the company's best interest; never mind the customer."
So this is going to be the least installed patch for windows ever. untill they make it mandatory
I often have trouble remembering which way is out of bed in the morning.
What's their excuse going to be the next time a user vulnerability that has exploits in the wild has to wait for the next release cycle?
No matter what anyone in your company tries to tell you, this kind of rapid response is EXACTLY what we are clamoring for when we ask that you take security seriously. Please tell your bosses. Thanks...
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
is the phrase "it figures". Frankly, I'd expect nothing else from them.
Time to sit back and watch the show then...
From the article:
"It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files."
So it's not totally horrible... though I'm sure (and the article agrees here) that M$ will be quick to fix their fix.
This leads me to 2 questions: "can patching be regulated?" and "should patching be regulated?". It seems obvious the free market can't keep our computers secure. I've been wrong before though. I guess maybe it could if people didn't already have the expectation that they shouldn't have to pay for patches b/c Microsoft should fix their own faulty software.
I guess it's all pretty moot since open source is going to take over the world anyway.
Does this sig remind you of Agatha Christie?
For a second there, I thought it was Tuesday.
Reviewing just the first hour of video games.
'Quickest Patch Ever'... for Microsoft. Linux distros have definitely had patches available within 48 hours of a security hole being found. IIRC the samba team once fixed a hole within 24 hours and it was in most of the big distros within another 24.
And isn't it sad that the quickest patch they ever release is for a hole no user cares about? More proof that MS cares more about their corporate friends than users.
Developers: We can use your help.
"ut to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels."
what relationship? why is it important?
Do the get money from them? Is Steve B. banging a secretary in the RIAA office?
I just don't get it.
The Kruger Dunning explains most post on
I know it seems like semantics, but Schneier's piece is not an article. It's an editorial, an opinion piece -- even if it is based on some real event(s). We really should differentiate between the two, as I do prefer 'news for nerds', not 'opinions for nerds'. I've already got opinions o'plenty, and the comment section is where I like to see others' opinions. :)
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
DRM Hole Sets Patch Speed Record For Microsoft & Gets cracked again!!
Wincopy
fatal holes in the browser? whatever
allowing spyware to take over? who cares
DRM? we're on it!
The fast fix suggests that rapidness of response might be a function of "whose ox is being gored".
As TFA says, it's simple. A normal security hole costs the user money, not Microsoft. This "security hole" (indirectly) costs MS money so it gets fixed ASAP. MS is, if nothing, good at protecting its bottom line.
You have to remember that the minority of M$:s customer are it's users.
The majority of M$:s customers are in it for the ride and not for the destination.
You forgot Evil Corporations grubbing for $$$$$$
So this is going to be the least installed patch for windows ever. untill they make it mandatory
Actually, this is a very serious question: is the patch marked critical, or not? This is important, because:
1. If the patch is critical, it will get criticized for being, in effect, mandatory degradation of capability (by the tech-savvy). Also, this will make light of Microsoft's security policy, to call this sort of patch 'critical'.
2. If the patch is not critical, then - oh, the irony - by default, it will not be installable on computers failing WGA. Perhaps Microsoft will get around this. But, as WGA currently works, only critical patches are allowed to systems marked as 'non-genuine'. This would be amusing - pirated copies of Windows would not receive this unwanted patch, but paid-for copies would.
I can't find, in TFA or the sources it cites, any mention of the severity of the patch. Anyone know the answer to this?
I have an idea. Let's embrace and extend DRM in Windows. From now on, the operating system will not allow anything to read any information from anywhere. Your own files on your hard drive? Sorry, you can't access them, because you might accidently pirate your English class essay that you wrote last night, and Windows, being much, much, much smarter than you could ever dream of being in your wildest dreams, is therefore charged with the duty of making sure you don't do something illegal like that.
Microsoft is serving its customers' best interests. Their customers are system builders such as Dell, purchasing managers at businesses, and media companies.
The guy at the keyboard of a Windows Vista box, using Microsoft Office at work, and Windows Media Player at home is not the customer, he is the product.
This sort of story indicates something about Microsoft's priorities. It doesn't mean they're evil and/or going to software hell. It just indicates something about their priorities.
My turnips listen for the soft cry of your love
So let me see if I get this right... they'll wait a month for normal patches, sometimes longer for some that've been well known but they either can't fix or don't see the potential risk... but in general, if a new vulnerability is found on the Wednesday after black Tuesday, they'll wait a month (at earliest) to release a patch even if an exploit is in the wild... yet when it comes to protecting their cash cow, they'll fix it right away. In other words, screw the consumer... we can just damn well wait for updates to critical vulnerabilities, but when it comes to protecting their own revenue stream, they'll fix something right away. Not sure why I would've thought they'd do any different... but it would seem they rushed to provide a "bug fix" to protect their revenue stream, but won't rush to creat "critical updates" that customers need. Amazing...
Normally. Microshaft ignores security problems for at LEAST a month, they they deny that a problem exists for at LEAST another month, then they "study" the issue for at LEAST another month, then they "work on the problem" for at LEAST another month, and finally release a patch that does not really address the original problem and breaks a half dozen other things (and apparently inflicts even more sadistically controlling DRM on Microshaft's victims).
When the summary says "Within three days" they mean "three days after it was reported in engadget".
Coz,FairUSE4Wm was released on August 19th in the forum.Microsoft patched it on August 28th.So 9 Days.
Wincopy
Microsoft did not really "patch" their DRM. This wasn't a code change. Their DRM was designed to be updateable in the event that it was compromised.
There is a big difference in how fast you can roll out what ammounts to a configuration change and how fast you can roll out a code change.
That said, it didn't seem to do much good given that it was cracked again in a matter of days.
So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.
It's nice of Microsoft to let us know where their priorities lie. Obviously, things aren't as complex as Microsoft have let on (one of the many excuses for not getting patches out) if they can patch something that quick.
"Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore."
Really? I'm going to Windows Update as I write this. Mind you, good luck finding anyone who actually uses PlaysforSure. For those that are they've found out that stores selling Windows Media files are crap (you effectively rent your music - yay, what a great idea!) and they're looking to get out before they buy any more of the crap. Microsoft have some slight delusions of grandeur about the importance of their DRM software.
An opinion piece is an "article" ("piece" and "article" in the relevant senses are synonyms.) It is not a "news article". But the existence of the opinion piece is itself news, as are the underlying facts it relates too, so a Slashdot article pointing to it is not inconsistent with the slogan "News for nerds."
Of course, the full slogan is "News for nerds. Stuff that matters." Whether the second part is a limitation on, or addition to, the first is debatable.
It's a good thing I have automatic updates turned off. However, automatic updates in Vista will be turned on by default. If I ever end up using Vista, that will be the first feature that I disable which is a shame since automatic updates are a good thing if you can trust the company that performs them.
How is Linux DRM unfriendly? It's just as cozy as any other OS.
The KB891122 patch wasn't developed in response to FairUse4WM 1.0 -- MS started working on it after seeing an earlier bunch of tools (drmdbg and friends) that were released on the cover CD of a Japanese magazine a few months ago, but were too cumbersome in operation to gain widespread use.
FairUse4WM "merely" wrapped up the techniques used by these tools in a neat package, and got to the frontpage of Engadget. It was pure luck that MS had a patch available at the time, even though it took extraordinary effort on the behalf of its DRM partners to implement, and denied "legacy" OS users, as well as users of the latest Media Center version, the use of new DRM-protected tracks.
A patch for FairUse4WM 1.2 still isn't available, even though the tool was released last weekend.
BTW, if you think MS is getting screwed by class breaks like this, think again. Content providers (think: RIAA members) will call in their non-refundable advances (usually over $25K per label!) received from distribution partners (think: music stores) for "material breach of contract". MS will fix the issue, the RIAA gets richer, and the guys that actually try to get music to you get screwed. Oh, well, they're used to it...
Not the desktop anyway. It's a monopoly. The actions of Microsoft are those of a monopolist.
Deleted
One of two things would happen: 1. Content providers would not serve the 90% of the market and go bankrupt, or 2. Somebody else (Apple, Real, etc.) would step up and serve the DRM market instead. This ignores that Apple's FairPlay was broken and unpatched for a long while before it was fixed, and the media companies didn't abandon them.
Finally, you need to be aware of the fact that even if the big record labels all went out of business, there would still be plenty of good music around. Actually, radio might even get interesting again if DJs go back to looking for artists instead of playing the top 16 songs in a rotation. People didn't suddenly start making music when they invented the phonograph.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
This makes no sense.
Migrate to "what" other OS with better DRM?
No publisher is going to publish their media on an OS nobody uses and no user is going to migrate to another OS just to get said DRM'ed media if that's all that its good for. If the publishers stopped publishing on Windows we'd simply be right back to where we were, oh, say, a year ago? You know.. with all the media you ever wanted for "free" via P2P. Simple fact is DRM has not stopped anyone from getting something they really wanted. People are using the pay-services for either a) convenience or b) the desire to be legal. If the MS DRM thing doesn't fly then the only choice the publishers will have is to either a) ignore the problem and cross their fingers or b) offer reasonable DRM-free alternatives. Or they can simply close shop... which given the quality of the entertainment producet lately isn't such a bad idea.
Don't tease me with talk of a better tommorow.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
First of all, the DRM code is most likely pretty self-contained, and is only interfaced with by a limited amount of code. (All the files run through some version of the Windows Media Encoder engine, remember?). So on that front, it's a hell of alot easier to patch an issue contained to DRM-land than it is to deal with something like IE, which has to interact with a much messier set of incoming files (the Web).
Even then, the reason you don't release a patch in three days is that you're probably going to screw it up and not actually fix the problem. Amazingly enough, that appears to be exactly what happened.
First of all, it's been cracked again. Look up FairUse4WM 1.2.
Second of all, from what I've seen, it's not pushed out via windows update, but rather the client you are using for music. For instance, Napster pushed out the new version via a tiny patch when I launched the client. There IS a way to trick your client into believing that you already have the latest version (thus preventing the forced update). Look it up in the doom9 forums.
This should keep the crack working until Napster pushes out a completely new version of the client that explicitly checks the version, or Micrsoft issues a regular update.
-T
P.S. Napster provided free of charge by my university. Hell, as a grad student, I guess I get paid to use it...
And isn't it sad that the quickest patch they ever release is for a hole no user cares about? More proof that MS cares more about their corporate friends than users.
Is it proof that MS doesn't care enough about users, or is it (by extension) proof that users don't care much about OS vulnerabilities? Sure, they may complain, but do they actually take action and demonstrate that they care, by switching to more secure OS's (by moving to Apple or Linux)?
After all, MS reacts to what its customers and business partners care about. The music companies go apeshit over stuff like this, but users (both corporate and personal) haven't really demonstrated that they'd rather take their business somewhere else, so why should MS give them anything more than lip service?
Stop by my site where I write about ERP systems & more
Patch turnaround time doesn't matter all that much.
What really matters is probably something like the mean time to patch install on vulnerable systems as measured from the time of vulnerability disclosure, or the % of patched hosts after a given fixed time period. Think about it: if you turn out a patch in 30 minutes, but it takes on average six months for the patch to get installed, how much did that marvelous engineering feat really matter?
It might matter a lot to a few people, but by assumption (6 month average patch rate) it didn't mean much to the average user.
Not all fixes pose the same risks or require the same amount of testing.
A patch for a DRM component surely involves much less code churn, risk, and testing than a change to a core OS component (such as network stack or IE) would require.
Furthermore, as the original post indicated, no end-users are going to care about this patch or badmouth it in the press if it doesn't perfectly close the hole. And partner businesses aren't going to abandon their deep investments in Microsoft's platform just b/c of one hole. This scenario actually presents less pressure on Microsoft to have to get the fix right compared to other scenarios, meaning they can afford to do less up-front testing.
* I know someone will want to reply to this post to say: This is Slashdot, and you're looking for fairness?!? HahaaHAhaAHA! I know this is Slashdot, and so I know better than to expect to see fair reporting around here. Still, there's no harm in trying to raise the bar a bit.
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
I know this goes against the Slashdot groupthink but yeah, real customers (as in people) do get hurt by this kind of thing.
My brother used to subscribe to the Napster "all you can eat" music service, in which you basically rent music - you pay a fixed amount each month and just listen to however much you like. If you stop subscribing you lose access to the music. He liked this business model, because it suited the way he listens to music. I'm the same. There isn't any way to implement this without DRM, and if DRM is not robust, that business model will die. And then the silent section of the populace who doesn't read Slashdot, and doesn't really give a crap about DRM, will just get pissed off.
You've gotta love how one sided DRM debates here always are ... the artists and non-technical users are sort of presumed to not exist, or not be important.
That Microsoft is a company that is more sensitive to itself then those it serves, IE customers? OMG OMG OMG OMG. Yes, I can understand most of the reason why /.'s villainize Microsoft, but come on, what do you expect?
People seem to be overlooking who the customer REALLY is here. The bottom line lies in corporate back scratching for multi-$$$$ contracts and agreements
One business contract with a large label, Dell, or Sony is worth more than the mutterings and begrudging updates from Windows consumers. Most of us are not the customers, we're the consumers. Most people don't buy windows from microsoft, they buy it from Dell, or Gateway, or whoever else sold them their computer. The Dells, Gateways, etc are the customers. The game companies writing for xbox 360s, the phone vendors embedding wince, they're the customers.
Bottom line, If you're bitching about this update, you're a consumer. If you think it's a good thing, then you're the customer.
That article is completely misleading. This "Vulnerability" has been known about since January 2005, the tools to bypass it were available since then, they just didn't have a fancy GUI to make it easier. This is actually one of the LONGEST periods Microsoft took to patch something.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
If this improvement continues, we can actually anticipate someday Microsoft actually writing code that doesn't have holes. I'll not hold my breath!
Just like the bozos in congress that attach totally unrelated garbage to a bill trying to get passed, Microsoft will probably just attach it to another update that people will actually install...
DEAD DEAD DEAD DELETE ME
You are fucking full of it, spouting that "free market" nonsense. Your whole post has absolutely SHIT to do with markets, and everything to do with, indeed, regulation in a sense. That regulation being liability imposed by the law.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I agree, but what about the impact of EULAs? Current ones absolve the vendor of any and all responsibility. If the laws were changed as per your suggestion, all the software vendors would do is beef up their EULAs a bit more.
The average user does not read EULAs anyhow. They would be none the wiser if they ended up waiving a few more rights the next time they click "OK" to continue with the install.
It seems to me that changing the boilerplate text of the license would be an easy work-around, from the vendor's point of view.
*** Where are we going? And what's with this handbasket?
I mean, think of it. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore.
Good thing MS was on the ball with this one. Can you imagine how many billions would be lost if they waited, say, six months to fix that? They probably saved the entire econo--er, recording industry single-handedly!
</sarcasm>
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
You're missing the entire point of this article. This demonstrates (as if we didn't already know) that the consumers aren't Microsoft's customers. Consumers are the product which miscrosoft sells to their customers -their customers being the content industry (RIAA,etc).
The Media is the Message, but the People are the Product.
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
Microsoft used to release patches as they came up, but IT departments demanded that they instead use a monthly schedule, thus became the "every 2nd Tuesday of each month" routine. For the really serious problems they do issue out-of-cycle patches. And before any one suggests, "Release the patches as they come up for users and let IT departments use the 2nd Tuesday of each month routine", that's foolhardy because these days most malware is created by reverse engineering patches. So if MS were to make patches available to the general public while IT departments waited for a standard 2nd Tuesday security update, the bad guys would reverse engineer the general release patches and create malware that would be able to target the IT computers before the next 2nd Tuesday update occurred.
BTW, patches to WM-DRM aren't made through Windows Update, their made through a WM-DRM compliant player. WM-DRM patches are given to content providers, which attach the new "fixed" DRM to their content, then the next time a WM-DRM compliant player plays content from the provider that has been encumbered with the "fixed" DRM, the user is prompted to download the new DRM in order to play the content.
-- "I never gave these stories much credence." - HAL 9000
They could be waiting until this patch still gets, and then putting out another (securer) patch after ignoring it for a month.
"See, we put out a patch after three days, and just look how insecure it is! Obviously we should test for weeks on end before sending out patches in the future." they could say.
Guy asked me for a quarter for a cup of coffee. So I bit him.
With heavily armed bruisers deemed too sadistic to work in Bagram or Abu Ghraib.
Both. State agencies working night and day to find and severely punish patch slackards and a federal agency to abuse and oppress the state agencies. I would call this "a system of checks and balances" in my Royal Decree.
All software would be subject to patch regulation, but authors of free software would be punished as individuals, where authors of proprietary software would be punished in proportion to the number of unpatched users (who would, of course, also be punished). Thus, a vulnerability in Microsoft Office might result in thousands of users receiving a single lash apiece for failure to patch, but the employees and management of Microsoft corporation would receive thousands of lashes to be divided among them as deemed appropriate by the State Office of Patch Enforcement. The Federal Office of Patch Enforcement Regulation would of course dispute the distribution of lashes in most such cases and demand a re-administration along federally approved guidelines. My Royal Decree would refer to this as "effective oversight".
That's never stopped us before, why should we start getting reasonable about all this so late in the day?
VOTE ME FOR KING! At least I have a plan.
I've only recently figured out how to tweak the registry to allow me to disable automatic updates again. So all they have to do is change that registry setting and make it a critical update...
Even then it's not manditory. Just never update, they can't force you to update. I haven't updated Windows in more than 2 years. Just as well, now that CodeWeavers has released CrossOver Mac, I may not even need to run Windows after I get a Mac and transfer the files on my PC.
FalconShould there be a Law?
Ain't that the truth? Like TV and radio stations. The days when they served the public interest are long gone. Now, their customers are the advertisers and the viewers/listeners are the product. The whole thing has been turned on its head. I agree with another poster above: get rid of all the regulations surrounding broadcasters and their spectrum "rights" and let the free market have at it.
Microsoft did not really "patch" their DRM. This wasn't a code change. Their DRM was designed to be updateable in the event that it was compromised.
So is their OS, allegedly.
So you're saying somehow that an update isn't a patch?
Fine.
Then I don't want a security "patch" to fix [whatever is today's security exploit in XP], I'd like an "update" instead. Does that mean I'll get it in days instead of months?
-Styopa
Microsoft's level of quality in the Windows software offerings is similar to GM's level of quality in their car offerings -- good enough for most. Then they both put further efforts toward matching the competition's features and product line.
Finally, just talk a good game about quality to your sales people and the general public. New car buyers don't follow advice from professional drivers or mechanics, any more than consumers listen to IT pros or technicians about what OS to install.
I can just see it now -
they're probably a lot less worried about this patch breaking then, say, a critical networking component or one of IE's major dlls.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
if this patch were to open up a real security hole (as in hacker taking over PC security hole, not as in people being able to use their music in legal ways security hole) in Windows. That would rock if they were actually screwing consumers over even more by being the music industries bitch.
The Gospel according to lolcat
Free markets can keep your computer secure. However a free market requires you to stop using a monopolist's products and switch to one of the more secure competitor's products in order to function. If you're not willing to do that then please stop whining. Those of use who have switched are reaping the benefits.
Deleted
Fixing this 'vulnerability' is in the company's best interest; never mind the customer.
Are people really this brain dead? Of course this is necessary for the customer. If DRM doesn't work then record labels will not distribute in Microsoft format. They will find a method that works in such a way that their music stays secure. The article is silly with its anti-Microsoft, anti-DRM rhetoric without even considering that there wouldn't even be online music sales without some kind of promise of secure DRM.
I love my sig.
The amount of testing needed for any patch, as variable or fixed as it may be, does not in itself justify the "second Tuesday of the month" approach.
I fully understand that there may be very critical patches that may take a few weeks to develop and test properly. I also fully agree that MicroSoft should not release those prematurely. However, it is not because one critical patch isn't ready that others that are ready must be queued up for up to a month. After all, if said critical one doesn't make the deadline, do they then also postpone publishing the others for an extra month? No. So why postpone at all the first time round? MicroSoft should just release each patch when it is ready, testing included. Not sooner, but also not later.
Linux user since early January 1992.
DRM is money, quick fix needed. Other horrible bug that needs to be patched (just pick one) not the same kind of emergency, after all is just joe schmo losing out to the evil haxxors of the world, he can wait until the next big patch.
Now we know what's really important to Microsoft. It isn't Vista, and it isn't Zero Day Vulnerabilities. Mess with DRM, however, and you're dead.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
So release "wild" exploit patches immediately and "unreleased" exploit patches monthly... That'd make everyone happy except for Microsoft who would have to turn around fixes quickly. In their defense, they actually did this with a wild exploit recently.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Microsoft sets DRM patch hole speed record
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
We tend to think of all patches as security patches, but that isn't the case. A change to DRM should not, on the face of it, appear among the security updates seen on Tuesdays.
My brother used to subscribe to the Napster "all you can eat" music service, in which you basically rent music - you pay a fixed amount each month and just listen to however much you like. If you stop subscribing you lose access to the music.
... the artists and non-technical users are sort of presumed to not exist, or not be important.
I used to subscribe to the Emusic service, which was the same except for the part about losing the music if you stop paying (or the server crashes, or the company goes out of business, or they think your keys may have been compromised, etc etc).
There isn't any way to implement this without DRM, and if DRM is not robust, that business model will die.
The only thing that can't be implemented without robust DRM is the "you lose your music" part.
And frankly, I want that business model to die.
Funny how Napster is a thing of the past, and the most successfull online music service doesn't make you lose your music and allows you to burn DRM-free CDs of your purchased songs. That's not very robust DRM.
You've gotta love how one sided DRM debates here always are
Yeah, because artists can only make money through DRM, and non-technical users love losing their music.
That's why CDs were never popular, and in fact you don't even see them anymore -- artists made no money off them, and customers hated being able to keep them forever and exercising their fair-use rights like making mix tapes for their cars.
Lots of times in the past, both creators and customers have bought into detrimental business models because there wasn't a realistic alternative or because they just didn't know any better. That doesn't make it a good business model.
Let me be frank here: The Napster business model is screwing both you and the artist, assuming the artists are going through an RIAA label.
Acting like you speak for them and only have their best interests in heart doesn't convince me that you do when this is so obviously bad for both. And no, it isn't a necessary evil at all.
The enemies of Democracy are
Its not ONLY about music, DRM From Wikipedia : We are talking about information, and WHO, WHERE and HOW, a user can access to that information (like a private document). Yes, maybe to the end-user this is not a BIG deal, but this could give access to sensitive information inside an organiztion... the whole DRM design goes to hell.
Just my 2 cents
Cheers
Rock and Roll
When you got an economic fire lit under their ass to the tune of millions and billions of dollars, sure they'll bust a patch out real quick.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
I've read that this "fixed" drm is already cracked again...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Seriously, I'm curious to know.
Comment removed based on user account deletion
The clock is still running. And its a personal privacy bug called Windows without curtains.
I know I personally, and therefore scores of people who ever released an open-source project posted the tarball and fired the announce and within five-ten minutes realized they botched something and have a new version out...
Think it's really impossible to quantify 'Qucikest Patch Ever', but the one you point out may be in the running for quickest patch any significant amount of people gave a damn about..
XML is like violence. If it doesn't solve the problem, use more.
Alright, Napster is nothing I'd buy into myself, but I don't understand the antipathy that some people have for it.
It's no freaking different than XM radio except that you build your own playlists and decide what you want to listen to. It's not that much different from Netflix, either, except Netflix limits the amount you can rent at once. For some people, it's a model that fits them perfectly.
You subscribe, you get access to everything, you listen to what you want, when you want. If at some point you decide that the service is no longer worth your money, you stop subscribing, and you can no longer listen to what you want when you want. What's so wrong with that?
As of now we can still turn off auto updates. If you do a weekly update manually on your windows machine and go to the site you can choose which updates you want. All you people holding their guts over this minor obstacle take a bottle of TUMS and chill out. Until the software giant falls from the fling of a slingshot the software giant will reign over over us all.
I was going to suggest this. When I really need to run something that's Windows-only, I run it in a WinXP virtual machine on my Linux box.
I was actually surprised at how spry Windows feels, when it's not bogged down by a lot of anti-virus/spyware/adware, automated backup programs, and the like. Of course, without those things it's not a terribly useful host OS, because it gets owned so easily (click on wrong link in Internet Explorer -> ActiveX control -> rootkit), but as a guest OS, I just disable all patching and auto-updates.
When I'm done with whatever I'm doing with it, I just roll the image back to its saved state and shut it down. Basically I can abuse the living shit out of it, and then just kiss it goodbye the second it starts acting up.
Obviously you need to take steps to make sure that you save your work somewhere not on the VM's drive (duh...), but I could definitely see the possibility for working like this. I still hate working in Windows, but Windows as a VM is orders of magnitude nicer than Windows running on the actual metal.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
You have taken on faith that M$ puts into patches what they say they put into patches. During the anti-trust trial, M$ swore that divulging the source code to Windoze would create a national security risk. Imagine that, they were hysterical before 911 but still have one of the easiest to crack OS's in the world. Next thing you know, they are selling the same source code to China and the former KGB. Now you trust them to not sneak in anything they please onto your system? Why? Isn't it part of their EULA that they can change any part of their OS on your computer with or without your consent?
Friends don't help friends install M$ junk.
thousands of companies worldwide could be losing millions from a security hole in IE or XP and they just can't seem to get out a patch for weeks and weeks but ohhhhh watch out when there's a problem with the almighty and all powerful DRM and the RIAA and MPAA might lose a buck or two. Then they can pull a patch out of their asses and deploy it in 3 days. Thou shalt have no other gods before DRM!
now stop reading and go play Dance Dance Revolution!
bullshit
MS can patch media related functions quickly because it ISN'T their core competance there aren't hundreds of thousands of mission critical applications running in enterprise environments worldwide that depend on specific functionality of the WMP10 DRM. for server, network, IE, or shell related things there are so they can't just fuck around with it till it works.
Snowden and Manning are heroes.
Nope. I once messed up the least significant bit of a character. The other 7 bits were fine!
"1" vs. "0"
Now that we know they can patch non-security bugs in 3 days if they put their mind to it, will someone sue them if they fail to take security bugs just as seriously?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This patch protects Microsoft. The other patches protect the users. It should be suprising that Microsoft looks after itself better than it looks after everyone else.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
The customer's security is important for Microsoft. That is what they (MS) say and it's true. We just must notice that the "Customer" for Microsoft is not the PC user or owner, but the media companies that sell DRM content !
One of the many M$ troll accounts that cloud around here challenged me to produce references to M$'s infamous Windoze source code national security claim swiftly followed by sale of said code to China and Russia. Of course, I'd love to trot that whole mess out again. Non free software exists on trust alone and M$'s performance there really shows what contempt they have for the US Government and their customers.The memory hole has not yet extinguished the information presented by eweek and Microsoft themselves. You can read it all yourself.
From eWeek, 2002:
If you need to, you can always reference the anti-trust evidence, which is still published and available. The quotes in the article are more than enough for me.
A quick Google Search digs up all the articles here and a parade of Wintel rags falling over themselves to toe the party line. ZDNet echos Alchin again in 2004, a year after they had already sold out! Something called Neowin joins the chorus of woe that someone might look at the source code to W2k or NT4 and see how crappy it is. All as if any real hacker needed it.
The very next year, 2003, M$ announced sale to the highest bidding governments as noted above. Included was China and other friendly countries. But you know, Bill Gates it's just business buddies being chummy. Microsoft would never place the interests of Communist dictators over the rights and well being of their fellow citizens, would they?
The double talk going on at M$ was glaring and all of was bullshit. Access to the OpenBSD source code has not made OpenBSD less secure, it's made it better. The whole episode represented more perjury and a three year FUD attack on free software than it did treason, but you have to wonder what they really believe. Looking back, it's a low point in US corporate history that will only be made worse when they unravel like Enron did. The biggest lie of all is that the Microsoft Monopoly is based on anything more than mass delusion.
I ask you once again, do you trust Microsoft to do as they say? With your business? Code so crappy, it can't be shared but is shared with your worst enemies. If you do, you probably will tell me that Windows XP is easy to install, has good uptimes and other nonsense like that. I'm not sure anyone really believes anything other than Windoze is "good enough because I'm using it for one or two specific tasks." No, that's not good enough and Vista's imminent flop is a good chance to move on to something better. The market is filled with better contenders and M$ will not be missed.
Friends don't help friends install M$ junk.
Not installing this patch is a method of circumventing the DRM.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
The last time I checked my eMusic account, it was not an all-you-can-eat service. By subscribing, you're allowed to download a fixed number of songs each month (non-cumulative). So I don't think you can compare them. (Unless, of course, eMusic was different when you used it; I'm a relatively new subscriber)
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
If it's pushed during some odd days, a few days after a vulnerability, stay away from it. If MS takes their time to hammer it out and push it on a Patch-Tuesday, it's safe for use.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
For other 99.9% of us who never heard of Vongo, it's a subscription-based movie download service from Starz (an American cable channel). Basically, it looks kinda like a Napster of movies where you're allowed 3 movies at a time and the distributors' rights are managed by Microsoft Windows Media DRM (and you, the viewer, get none).
Why the parent would give up torrents is far beyond my comprehension.
Anyone know how the GetFileVersionInfo() call works? Does it just read the IBX file version as a sequence of unencryted bits from the .key file? If so, why not just take a hex editor to it and 'update' your old version to one which fill pass the DRM checks?
Unless, of course, eMusic was different when you used it; I'm a relatively new subscriber
Yep, it used to be different. Sadly, the problem with an all-you-can-eat service is that some people can easily abuse the system. People downloading more music than it was physically possible for them to listen too cost too much for a relatively small service company. I dropped my subscription when they changed, since it no longer worked for me. I had basically never heard of most band on emusic, so I would download ten albums of different bands and listen to them over the course of a month to decide which I liked, then download more of those. A fixed number of tracks isn't as ammenable to this kind of exploration. Oh well.
Emusic had their own business model problems, but they have nothing to do with the presence or absence of DRM (well other than the RIAA studios not getting on board).
The enemies of Democracy are
I have found the best security fix I could do on my laptop was to wipe the drive and install linux. I haven't had any problems with spyware, malware, viruses, trojans, or DRM. Aint life grand?
"If the patch is critical, it will get criticized for being, in effect, mandatory degradation of capability"
What makes you think M$ cares what users think, let alone tech users?
Newsflash: Microsoft is a M O N O P O L Y. They don't give a crap about C U S T O M E R S.
They'll mark it "critical." Of course.
"And the meaning of words; when they cease to function; when will it start worrying you?"