Windows RT Jailbroken To Run Third-Party Desktop Apps

An anonymous reader writes "We all knew it was just a matter of time, now it looks like Windows RT has been Jailbroken. From the article: 'The hack, performed by Clokr, exploits a vulnerability in the Windows kernel that has existed for a long time — since before Microsoft ported Windows from x86 to ARM, in fact. Basically, the Windows kernel on your computer is configured to only execute files that meet a certain level of authentication. There are four levels: Unsigned (0), Authenticode (4), Microsoft (8), and Windows (12). On your x86 Windows system, the default setting is Unsigned — you can run anything you like. With Windows RT, the default, hard-coded setting is Microsoft (8); i.e. only apps signed by Microsoft, or parts of Windows itself, can be executed.'"

Non Sequitir

[recoiledsnake]

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s. That cruft does exist now and is used to run things like Office and Notepad etc. but Microsoft can easily rewrite them in the future. What will happen to Putty, VNC and the like then? They will break,and then again we will blame Microsoft for it. That's the reason to lock it down.

Re:Non Sequitir

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s.

Yeah, it's all about freedom from backwards compatibility and legacy code!
Wanting to be like Apple and get paid every time a customer installs any software has nothing to do with it.

Re:Non Sequitir

[Big+Hairy+Ian]

MS locked it down so you could only run apps you bought from the app store same reason apple locks theirs down. I suspect atleast with MS upgrade probably patches wont turn your unlocked tablet into a brick.

Re:Non Sequitir

[tripleevenfall]

Good news, the Surface will never "brick".

(It will just become a more literal interpretation of the word "tablet")

Re:Non Sequitir

[JDG1980]

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s.

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system. Legacy compatibility and a huge installed base of applications are Microsoft's primary competitive edge, but Ballmer seems to have forgotten this in his Ahab-like quest to chase down Apple.

That cruft does exist now and is used to run things like Office and Notepad etc. but Microsoft can easily rewrite them in the future.

If Microsoft could have ditched legacy API usage for Office that easily, I think they would have done so already in the first release of Surface. At this point, the Office codebase is probably so FUBARed with 20+ years of spaghetti code and the need for backwards compatibility with 500 different document types that I doubt they could rewrite it completely even if they wanted to. Office for MacOS is almost a completely different product, done by a separate business unit. And if Microsoft ever releases a slimmed-down "Office" for iOS and/or Android, then those products will probably be written from scratch, and will not be 100% backwards compatible with anything other than OOXML.

(Of course, any competent programmer could write a better version of Notepad in a month, so that's really not a factor.)

Re:Non Sequitir

[shutdown+-p+now]

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system. Legacy compatibility and a huge installed base of applications are Microsoft's primary competitive edge

We are talking specifically about Windows RT running on ARM here. There's no legacy compatibility story to begin with, even if the restriction on MS-signed-only desktop binaries weren't there in the first place.

Re:Non Sequitir

[cbhacking]

Office for Mac and Office for Windows are at least 70% the same code, and that was a few years ago. They were targeting 90%, I believe. Already, all of the document rendering/layout/document format code (at least for 2010/2011) is supposedly identical, just recompiled for OS X. The GUI and certain features specific to each platform obviously must be different, and there's a compatibility layer which abstracts the core APIs used by Office from the OS they run on (supporting things like using the Windows Common Controls on Win32 to display file open/save/print/etc, and using the analogous controls on OS X when on that platform) and that compatibility layer obviously needs to be platform specific.

Re:Non Sequitir

In which context it makes even less sense and just sets up WoA as a separate product, not another facet of Win8.

Even selling some kind of "WinRT Enterprise" with this switch set to enabled would probably give them a nice boost for initial adoption - right now corporations thinking about migrating to mobile have to choose whether to rewrite their internal apps for Java, Obj C, .Net, Lua/JS with a crossplatform framerwork or HTML5 and backend, when they could have an easy option of "Recompile it for now and rewrite to Metro part by part in the meantime"

Re:Non Sequitir

[erroneus]

The cruft should not need to exist for a different processor architecture running applications written for the new and different processor architecture.

And by "cruft" I mean code which is unused or unnecessary. If it is used by Office and Notepad and neither application will be present, then it is "cruft" and should be removed from a nimble and light-weight Windows.

Putty and VNC would have to be rewritten for the new environment because Windows RT is "all new" and "written from scratch" without any of this "legacy code" I have complained about which many people here deny exists.

I get that Microsoft wants to participate in certain markets. What I don't get is why they are willing to extend and even magnify their bad reputation by porting the x86 Win32 kernel to a whole new environment when they could use others. "Pride"? I don't think it's in the best interest of the shareholders to make decisions like these.

Re:Non Sequitir

[hairyfeet]

Actually the reason they locked it down was because "What does Apple do? Well do that and charge 20% more because we are better than them dammit!". If you want to know more look up the "Windows Blue" memo which makes it clear the ultimate goal of Win 8 and above is to have only MSFT approved software running on MSFT hardware sold at MSFT stores for MSFT profit margins and...well that's pretty much it.

Windows Blue shows any original thought left the company ages ago and now they are gonna try their favorite gag of using their position in one market to force their way into another, the old IE trick, only they just don't have the power of the monopoly anymore as people don't rush out to buy the latest version like they did during Win 9X.

Of course the bigger question of TFA is why, why would anybody care? WOA is a complete and total failure, they had to call the factory and cut their order in half to keep from having a warehouse full of surface units so what is the point? The hope that all these surface units will end up on Woot! for $99? I think with the Ballmernator's ego he'd bury them in a landfill in NM rather than admit its a flop, just as he counted every Vista downgrade as a Vista sale to pad the numbers.

Re: Non Sequitir

A tile?

Re:Non Sequitir

[shutdown+-p+now]

In which context it makes even less sense and just sets up WoA as a separate product, not another facet of Win8.

That's exactly how it is intended - which is why it's called "Windows RT", and not "Windows 8" in the first place.

Even selling some kind of "WinRT Enterprise" with this switch set to enabled would probably give them a nice boost for initial adoption - right now corporations thinking about migrating to mobile have to choose whether to rewrite their internal apps for Java, Obj C, .Net, Lua/JS with a crossplatform framerwork or HTML5 and backend, when they could have an easy option of "Recompile it for now and rewrite to Metro part by part in the meantime"

Most enterprises that want to run their existing apps on a mobile device would just get an Intel-based tablet and be done with it.

Note that you kinda outline the problem yourself: even if you can enable RT to run arbitrary desktop apps, you need to recompile not just the apps, but also all the supporting libraries/frameworks. E.g. you can't run Java apps until someone takes JRE and builds it for ARM (and it's not going to be trivial, since JIT mucks around with assembly directly). It would need to be prominently supported for several years before there's significant uptake in porting that would make it viable for enterprises to consider - and why bother?

Re:Non Sequitir

[wmac1]

Even if it could be jail-broken, how people are going to develop native WindowsRT software? Is there any compiler and Windows RT (native) SDK available?

Re:Non Sequitir

Most enterprises that want to run their existing apps on a mobile device would just get an Intel-based tablet and be done with it.

If they're running Windows apps, most of them would just get an Intel-based laptop for half the price, install Windows 7 to replace Windows Metro, and be done with it.

Unless it's for a marketing drone who must have The New Shiny. But they'd probably prefer something with an Apple logo on the back.

Re:Non Sequitir

What I don't get is why they are willing to extend and even magnify their bad reputation by porting the x86 Win32 kernel to a whole new environment when they could use others.

Because if Windows can't run your old Windows apps, why would you run Windows?

Microsoft is built on backward compatibility, it's the only reason anyone picks Windows over other alternatives.

Re:Non Sequitir

[hobarrera]

There's no legacy compatibility story to begin with

There is for open source software and for developers.

Re:Non Sequitir

[shutdown+-p+now]

And how many of those would choose Windows in the first place?

Re: Non Sequitir

[VortexCortex]

A tile?

Sort of -- More like a facade.

Re:Non Sequitir

[tftp]

And how many of those would choose Windows in the first place?

Quite a few, if you count how many F/OSS applications are available on Windows. Majority of customers are not even in control of what OS they are running. If GIMP or Dia or OpenOffice are not available on Windows then it's like they are not available at all. Developers generally care about their customers, even though they may express no joy about the need to compile their product using a not quite compatible toolkit. It's always simpler to publish a tarball with sources and call it done. But that's not how most people install the software.

Re:Non Sequitir

[VortexCortex]

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system. Legacy compatibility and a huge installed base of applications are Microsoft's primary competitive edge

We are talking specifically about Windows RT running on ARM here. There's no legacy compatibility story to begin with, even if the restriction on MS-signed-only desktop binaries weren't there in the first place.

You may have failed to realize that Win32 doesn't mean 32 bit windows API. It simply means "Not the old 16 bit API" I write all my widgets from scratch, and I talk to OpenGL directly, no SDL, no freeglut3, no MFC, just straight Win32 and OpenGL to make the lightest weight most efficient programs, even on 64 bit systems. It's crazy as hell to do this, yes, yes, I'm glutton for punishment, ha ha, you jest, "re-invent every wheel", I know, but game developers are allowed to throw away every best practice in the name of performance... Besides, you don't see wagon wheels on a formula-1 car, eh?

That is to say, Win32 can be compiled on ARM, and then I compile my code that uses the Win32 API to get a window and event loop, and the "legacy" compatibility isn't an issue. Event pumps and windowing callbacks are going to exist no matter what API they build. If you're talking cruft, then it's that COM stuff and .NET and MFC and all the other stuff that's built on top of win32, not win32 itself.

IMO, Win8 is about MS trying to sandbox programs via VM (C#) and simultaneously provide cross platform support while taking a cut of every software sale made. Now, I'm not going to eat that app-store cost. You are. I'll just raise my price accordingly on MS's market to offset those fees... Sucks, but C'est la vie. If MS continues allowing "side-loading" then they can't force developers like me to sell programs in their store -- C/C++ is cross platform, and so is my code, so I just rebuild the binary for each target platform, it's not a big deal. Rebuilding everything in C# and suffering that vendor lock-in cluster fsck is really off-putting, considering my C code runs across the board on every chipset, even MIPS, and every OS (thanks to OS abstraction layer, and a bit of meta-programming for iOS and Android)... No such luck with C#, yet.

That's where MS wants to take their market -- Incompatibility land. IMO, I wouldn't play their shenanigans unless I had to, I don't think OS choice should limit software choice (and I don't think hardware choice (beyond performance) should limit OS choice. This is shit we had well and good SOLVED in the 70's. MS sees the road ahead: The bright future where all programs are cross platform -- The road to OS irrelevance -- they hate that future, they hate your freedom to choose to run any OS on your hardware. Hence SecureBoot (Which I've said time and again is Pointless), Hence C# only in App Store & XBL Indie Games, hence blocking any apps that aren't signed by MS, and not allowing users to add their own trust certs to the OS / Hardware. The jig is up. W8 is just one more battle in the Vendor Lockin war.

I don't mean to pick on MS, Apple is going down the same road with an app-store route for their desktop too. GNU/Linux, BSD, Android, and other FLOSS OSs are the only ones that get the software repository system done right, and not even stock Android allows user installing a new / additional cert trust (recompile). This is a fight over developers, it's the applications that matter, OSs have been irrelevant for quite some time now. It's only a matter of time -- MS can't win this one, they couldn't write secure code to save their ass, which is exactly what they'd need to do.

Re:Non Sequitir

[erroneus]

But this is an OS for a new type and use of computing with a new type of interface. It seems unreasonable that old applications would be particularly welcome or prevalent. I can see the attraction some developers might have -- just recompile and run on RT, but this solution that all the extra crap has to go along with it which will kill the memory and processor limitations not to mention eat up power which this new type of computing has precious little of.

Their approach completely defeats the purpose of these new portable computer devices.

And as you think about it -- to have decades old vulnerabilities exploited in this "brand new OS" is almost comical... it is at least as comical as Microsoft's implementation of TCP/IP being vulnerable to the same things as the BSD TCP/IP implementation. How do these things happen? Using other/old code to do things places too much trust and adds too much blindness to all of this "software engineering." If this is engineering, then building with Lego blocks is engineering.... actually building with Lego blocks is more engineering than Microsoft's notion of software engineering.

Re:Non Sequitir

[DuckDodgers]

That's where MS wants to take their market -- Incompatibility land.

Right. And in their defense, that's where they built their fortune. So no matter whether you like it or not, that's where their entire business model is. Of course they won't abandon it, their tiny physical device sales (Xbox360, Kinect, Surface tablets) and small services sales ( Windows Azure, Microsoft CRM, etc.. ) can't make up for all of the revenue they depend upon from Windows and Office.

But incompatibility benefits them at our expense, and I'm hoping (and I would be praying, if I was the religious type) that the future is Android, Chrome OS, Blackberry 10, Firefox OS, WebOS, Tizen, and of course Debian, Fedora, Suse, Ubuntu, Mint, etc...

Re:Non Sequitir

[shutdown+-p+now]

You may have failed to realize that Win32 doesn't mean 32 bit windows API. It simply means "Not the old 16 bit API"

I don't fail to realize anything - I know perfectly well that Win32 is a cross-architecture API. My point was that, from users' perspective (and especially for enterprise users, which is what GP was referencing), the compatibility story is nil because there are no existing apps that would run. Sure, most apps are just a recompile away, but someone would have to make that recompile.

IMO, Win8 is about MS trying to sandbox programs via VM (C#) and simultaneously provide cross platform support while taking a cut of every software sale made. Now, I'm not going to eat that app-store cost. You are. I'll just raise my price accordingly on MS's market to offset those fees... Sucks, but C'est la vie. If MS continues allowing "side-loading" then they can't force developers like me to sell programs in their store -- C/C++ is cross platform, and so is my code, so I just rebuild the binary for each target platform, it's not a big deal. Rebuilding everything in C# and suffering that vendor lock-in cluster fsck is really off-putting, considering my C code runs across the board on every chipset, even MIPS, and every OS (thanks to OS abstraction layer, and a bit of meta-programming for iOS and Android)... No such luck with C#, yet.

Just FYI, Store apps are not required to be managed. You can write 100% native apps in C++ for it - no VM, no GC.

(Yes, it does use language extensions for system APIs, although even those are optional. And yes, those extensions do look like C++/CLI. Nevertheless, they work differently, and they don't compile to managed code.)

Hence C# only in App Store & XBL Indie Games

Store apps don't support XNA. In fact, pretty much the only way to write a game for Win8 Store right now (unless it's something so basic that you can make do with XAML or HTML5) is to use C++ and Direct3D.

Re:Non Sequitir

[cbhacking]

Visual Studio 2012 (including the free Express variants) can compile for ARM. In fact, they have to, otherwise you couldn't write native apps (games, usually) for Windows RT at all. .NET code and HTML5+JS apps will run natively on RT without recompiling, but C++ apps - which is how most games are written, and some other software - require a recompile. It's trivial to do this recompile in VS, though - there's a drop-down option to build for x86, x64, or ARM.

Now, with that said, by default Visual Studio won't let you build an ARM *desktop* app, only a "Windows Store" (The Interface Formerly Known As Metro) app. This is very easy to work around, though - you either need to set one #define (or /D in the build command) or change the relevant header (the error tells you which one) and also change one XML build configuration (again, you'll get an error telling you which one). The instructions for doing so have been posted on XDA-Developers for months.

Re:Non Sequitir

Wanting to be like Apple and get paid every time a customer installs any software has nothing to do with it.

What in the holy blue fuck are you babbling about, Mr. FUD? The Apple apps stores don't require any such thing for customers that sign in to multiple devices (iOS or OS X) with the same Apple ID.

Re:Non Sequitir

[0123456]

Why would anyone in their right mind want to run Windows if it won't run their crusty old Windows apps?

Re:Non Sequitir

[Darinbob]

But they don't really do what Apple does. The "App Store" on my Mac is only accessed by a simple text menu entry under the Apple menu. Unlike Windows 8 metro, I never see any applications pointing me to the store, I don't get any applications tell me that they refuse to run without my having an Apple ID, and I can download and run software I get from anywhere on the web.

Re:Non Sequitir

It's the Apple 30% cut of any program sold, which people outside walled gardens don't need to deal with.

Re:Non Sequitir

[disambiguated]

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system.

There is some truth to this, but my feeling is that as long as Microsoft's own desktop software is Windows only*, that will be enough to keep the business desktop on Windows. But on top of that, you can count on ISVs producing RT versions of their software, but many still don't have much incentive to port them to anything else. Businesses want to standardize the desktop, even if it causes them some pain. That standard will continue to be Windows, because it is currently the standard, if for no other reason.

* Office, Outlook, Visual Studio, IE, and many others that most people never heard of but are common in business. The Mac version of Office lacks features used in business environments.

Re:Non Sequitir

without any of this "legacy code" I have complained about which many people here deny exists.

What are you high on? Who has ever denied that Windows has legacy code cruft? You're not enlightened for thinking that. It's very very well known.

Re: Non Sequitir

Are there enough for a mosaic?

Re:Non Sequitir

[wmac1]

Thanks for the information. How about a native C++ Windows SDK (i.e. headers, libraries, dlls for native desktop apps, MFC etc.)?

Re:Non Sequitir

[Code+Yanker]

Microsoft encourages you to use their billing system, but it is by no means required. You can give your program to users as crippled trialware if you wish and then just distribute the key for the full version via an in-app purchase. Microsoft only charges you for the in-app purchase if you use their built-in billing API, but you are free to use any billing service you wish and cut Microsoft out of the game completely. At this point, you have basically obtained free hosting for your binaries from Microsoft, in exchange for the contribution of your app to augment their ecosystem.

Last I checked, Apple put an explicit ban on the sale of digital content through iOS apps in a way that cuts Apple out of the gravy train.

No guarantee that Microsoft won't turn into Apple when/if it finally does gain a more entrenched ecosystem, but hey, that's business for you.

Re:Non Sequitir

[ConceptJunkie]

But... but... but... the Office document formats have been documented! Third-party compatibility shouldn't be an issue any more. Nor should MS have to rely on a quarter century of some of the cruftiest code on the planet to maintain their monopoly. They can simply create new apps with more flexible (and comprehensible) UIs and modern, efficient code to replace the legacy Office.

Right? Right?

Re:Non Sequitir

[ConceptJunkie]

Why would I want OOo? It's easier to use and sometimes even loads documents that Office chokes on? What's the fun in that?

Re:Non Sequitir

[JDG1980]

But... but... but... the Office document formats have been documented! Third-party compatibility shouldn't be an issue any more. Nor should MS have to rely on a quarter century of some of the cruftiest code on the planet to maintain their monopoly. They can simply create new apps with more flexible (and comprehensible) UIs and modern, efficient code to replace the legacy Office.

Yes, I know this was sarcasm, but it's still worth elaborating upon.

The modern Office file formats are indeed properly documented. The problem is that the formats are themselves heavily influenced by legacy crap, so the design is incredibly baroque and runs well into thousands of pages. You'd need a major corporate-led effort to get good compatibility with OOXML; independent developers aren't going to be able to do it. And even Google has had trouble with it in the past. (Perhaps they've gotten better by now; this article is about 20 months old.)

But with legacy Office documents, and with crap like macros and VBA, even Microsoft probably doesn't really know how they work any more. I actually fielded a call from a family friend a few days ago about being unable to open Word 2.0 and WordPerfect documents in Office 2007. (Apparently they still use those ancient programs in some departments of the organization he consults for.) Turns out that Word supports these formats, but it's turned off by default for "security reasons". In other words, they have a ton of old legacy code that doesn't meet modern security standards and that they can't or won't rewrite, but is needed for backwards compatibility. So they just turn it off by default and sort of hope it will eventually go away.

Re:Non Sequitir

[ConceptJunkie]

Yes, I realize that the legacy formats are a big issue here, because they still have to be reverse-engineered to be supported (and ironically, non-Microsoft software has a better reputation for compatibility than Office itself, which tells you something).

I didn't even want to mention the can of worms that is VBA because in addition to being a vintage 1990 development environment, it exposes the fact that Office apps are incredibly brittle and unstable.

But Office is still a monopoly, so it will remain a boat anchor on productivity and innovation for the whole software industry.

Re:Non Sequitir

[tftp]

sometimes even loads documents that Office chokes on

Sarcasm aside, it is preferrable that the incompatible document is NOT opened at all. The reason is that when OOO opens a partially corrupted file you do not know what was lost and what was added. You then add your own work on top of those uncontrolled changes and send it on. By the time everyone modified the document these losses or additions would be hard to recover from. Would you like to sign a legal document that your lawyer sent you if you are not sure that the document is intact? I'm not talking about digital signatures (which would indeed be a good assurance) - but just the simple fact that Word opens it and doesn't complain is a good test for many. Fiddling with the document in alternative software is a good fallback when you cannot request the new copy; but in business you usually can contact the author and deal with the incompatibility in the proper way. In my own experience, though, I never had a Word document that Word could not open. I don't claim that MS Word 6 from 1990's cannot produce a file that MS Office 2012 will fail on. I just never had such a situation myself, and I believe this is a contrived scenario.

Re:Non Sequitir

[dave.haku]

Yet this particular version of Windows is not intended for Win32 apps; it is intended for Metro apps. There are probably other reasons to keep Win32 cruft, Windows internal dependency is nightmarish.

You can compare Microsoft not allowing ISVs to write Win32 apps for WinRT (Which is WinNT underneath) to Apple not allowing ISVs to write OSX apps for iOS (Which is OSX underneath).

Re:Non Sequitir

If you want to know more look up the "Windows Blue" memo which makes it clear the ultimate goal of Win 8 and above is to have only MSFT approved software running on MSFT hardware sold at MSFT stores for MSFT profit margins and...well that's pretty much it.

Googling "Windows Blue Memo" only turns up a number of your posts from here and other sites suggesting people look it up. Where can I find said memo?

Re:Non Sequitir

[hairyfeet]

Sorry about that, the site where I read it has taken it down but you might be able to find it under just "Windows Blue" or Windows 9. the closest I was able to find to the original memo is this article that talks about the yearly update schedule but it doesn't have the memo. Frankly it doesn't surprise me as i figured that being a MSFT internal memo they would DMCA and C&D anybody that printed the thing as it was obviously a leaked internal document. if I'd have realized it was gonna be taken down i would have saved a copy and put it in a dropbox or something, I just figured "nothing is ever erased from the web" but I guess this memo wasn't newsworthy enough, my bad. I'll keep looking and if I find the full text again i'll be sure to save the page as a PDF and put it in a nice anon dropbox somewhere.

But I can tell you reading it has me looking at exit strategies and I've been selling and servicing MSFT products since Win 3.x, yes the plan is THAT dumb. it talked about how MSFT was gonna go full tilt into hardware, MSFT laptops and desktops and tablets and phones, that windows was gonna switch to a $40 yearly upgrade schedule that would tie into the appstore, how everything MSFT related was gonna be tied together to the appstore, from GFWL to your Windows login for a "seamless experience", and that it was gonna continue using ads in their product to "show application developers the ease of using the Microsoft advertising API" or some shit, by then I was looking for an Apr 1st date on the thing but nope, it was real.

Believe me if there was anybody that wanted Win 8 to just be another Star Trek Rule like Vista it was me, i've been making money with MSFT software for over 25 years now, but its obvious from reading that memo that the ultimate goal is to kill DIY and the OEMs and make MSFT into just another Apple complete with stores and pricing to match. I personally think its gonna go over about as well as WinPhone but I'm already watching Valve like a hawk to see how they solve the DirectX gaming problem in Linux and if they figure it out I'm gonna take a long hard look at the next Ubuntu LTS. MSFT has already put so damned many hoops on their licenses its getting harder and harder to make a buck and if the Blue memo comes to pass the money for anybody but MSFT will just dry up.

Re:Non Sequitir

[lsatenstein]

Microsoft locked Windows RT down because it wanted to slowly get rid of the Win32 cruft dating back to the 80s and 90s.

If Microsoft gets rid of the "Win32 cruft dating back to the 80s and 90s", then there will be no reason for anyone to choose Windows over any other operating system. Legacy compatibility and a huge installed base of applications are Microsoft's primary competitive edge, but Ballmer seems to have forgotten this in his Ahab-like quest to chase down Apple.

That cruft does exist now and is used to run things like Office and Notepad etc. but Microsoft can easily rewrite them in the future.

If Microsoft could have ditched legacy API usage for Office that easily, I think they would have done so already in the first release of Surface. At this point, the Office codebase is probably so FUBARed with 20+ years of spaghetti code and the need for backwards compatibility with 500 different document types that I doubt they could rewrite it completely even if they wanted to. Office for MacOS is almost a completely different product, done by a separate business unit. And if Microsoft ever releases a slimmed-down "Office" for iOS and/or Android, then those products will probably be written from scratch, and will not be 100% backwards compatible with anything other than OOXML.

(Of course, any competent programmer could write a better version of Notepad in a month, so that's really not a factor.)

===
Look at Notepad++

Re:Non Sequitir

[ConceptJunkie]

It happened to me the last time I tried to create a Word document from scratch back in 2006. I was using Word for the Mac and several pages into a detailed document Word crashed and I could no longer open up the document. Someone suggested later after I restarted from scratch (with OpenOffice) that Open Office might have been able to read the corrupted document. I've never seen applications that had to be so aggressive against their own bugs as the Office apps. I was in the unfortunate situation of having to do some VBA in Excel last year and frequent reboots were absolutely necessary to being able to get work done... and Excel claiming "Your document has been corrupted and needs to be restored" after a successful save was a daily event.

Furthermore, if you are relying on Office for legal documents, then you deserve what you get.

Re:Non Sequitir

> Win32 can be compiled on ARM

Really? Oh, I get it. You just google for win32.c and run it through a C compiler. Or is it win32.vbs?

All the users will be happy.

All 3 of them.

Re:All the users will be happy.

Dude, this stupid meme is getting fucking old. Just quit, it's not funny anymore. I know for a fact there is at least double the amount you quote that are using it.

Re:All the users will be happy.

[TemporalBeing]

All 3 of them.

who are not Microsoft employees, paid advertisers, etc.

Re:All the users will be happy.

2013 is the year of the Windows RT desktop...

Re:All the users will be happy.

Yeah, Oprah alone counts for half of them

Re:All the users will be happy.

[TuxWithoutPants]

You're implying that MS employees use their own crap?

Re:All the users will be happy.

[TemporalBeing]

You're implying that MS employees use their own crap?

The only place that the Surface was sold out was Seattle, with lines wrapping around the block (at least from what the media was saying). Given their 80k+ employees there, that's about the only reason - the employees and their families.

The biggest user of Windows Phone is also their employees - of course, only because MS gave everyone one. No telling how many actually stuck with them though.

Then again, MS never used their own Visual Source Safe product. (They do use TFS to some degree, but I doubt its organization wide.)

Re:All the users will be happy.

I would have to jump on this one. Besides some exceptions like VSS (which is already deprecated), TFS (which, while not company wide, is actually used by some teams within MS) and others that I can't frankly remember now, most of Microsoft products are used widely within the company by its employees. Of course this is not universal, but the attitude is generally positive towards eating your own dog food. Also, not everyone is bought into believing that every MS product is marvelous and some employees are even bitter about everything MS and like to think of themselves as rebellious, nevertheless, most of them dog-food with a positive attitude to make their products better, particularly the ones they work on.

What is Windows RT?

Never heard of it.

Re:What is Windows RT?

[Joce640k]

The fine article has a big link in the first paragraph: "What is WIndows RT?"

Oh, wait...

Not a Jailbreak

[0x15e]

This may border on being pedantic, but I'd call this a crack instead of a jailbreak. It sounds like they're just patching a kernel value ... not breaking out of a jailshell.

I expect MS will probably just find a way to patch it up in the near future.

Re:Not a Jailbreak

[jkrise]

I'd call this a crack instead of a jailbreak

In other words, the most commonly employed method by 'pirates' to get software for free to run on Windows systems?

I have personally not used Windows8 at all; but I hear from a local PC vendor that with Win8, you cannot get 'cracked' copies of Win8, but only 'cracked keys' to activate the damn thing; for kids who must have the latest OS at any cost on their PCs.

I expect MS will probably just find a way to patch it up in the near future.

No. I have seen MS for about decades now; they seen to think "If you're gonna pirate s/w; then pirate our s/w, or code that runs on Windows; don't take the trouble to learn other OSes or products".

Re:Not a Jailbreak

[mysidia]

I expect MS will probably just find a way to patch it up in the near future.

The "hole" though requires a hacker to tinker with memory.

I expect what Microsoft will instead do is restrict debugging access -- remote debugging ONLY available on special installs of Windows RT "Developer Edition"; requiring a special product key, to enable developer functionality.

The tablets sold to consumers won't be developer-enabled, therefore, won't have the remote debugging functionality required to tamper with kernel memory.

Re:Not a Jailbreak

Just what they need to promote a new OS and new devices in a world of two incumbents getting most software and a bunch of lesser contenders fighting for the resource Steve B. was so passionate about.

Re:Not a Jailbreak

[0x15e]

No. I have seen MS for about decades now; they seen to think "If you're gonna pirate s/w; then pirate our s/w, or code that runs on Windows; don't take the trouble to learn other OSes or products".

Except that this isn't about piracy; it's about control. MS, and probably Windows RT licensees won't be happy with losing control over what can be run on that OS.

Re:Not a Jailbreak

[jkrise]

MS, and probably Windows RT licensees won't be happy with losing control over what can be run on that OS.

As I understand, this crack allows legacy x86 code to be recompiled and run on ARM devices. Such as un-crippled Office, other legacy apps by 3rd parties.

Given that this results in sales of additional h/w and s/w by MS, I cannot imagine why they would be unhappy.

Customers ( a short term for Windows RT licensees) would also feel happy about being able to run 'normal' desktop x86 apps on RT.

Intel might cringe, but why would MS and buyers do so?

Re:Not a Jailbreak

[0x15e]

As I understand, this crack allows legacy x86 code to be recompiled and run on ARM devices. Such as un-crippled Office, other legacy apps by 3rd parties.

Why would MS want you to run an un-crippled Office on Windows RT when they could sell you a new version that's been "optimized" for RT? It might be great for end users but unfortunately, "good for end users" isn't necessarily profitable.

Note that when I say licensees, I don't mean end users. No one cares about those guys after the initial sale. When I say licensees, I mean system OEMs, who are much more valuable to MS.

Re:Not a Jailbreak

Nope

Cost too much to re-hire the development team, re-org the company and go back to change one bit.

It'll be labeled a "Feature" and they'll license it to the end user as a Anytime-Upgrade

Re:Not a Jailbreak

In other words, the most commonly employed method by 'pirates' to get software for free to run on Windows systems?

As opposed to the most commonly employed method by 'prisoners' to escape Justice and weasel out of their obligations to the Law?

Neither of these are really good words.

Is there a way to use this to install Linux?

[John+Hasler]

Or Android? If so it might be possible to render these gadgets useful, even if it does require going through a song and dance every time you reboot.

Re:Is there a way to use this to install Linux?

[djsmiley]

Theoretically you could run some kind of shell on there, so yes, you could run android or linux, but it'd still be running within windows.

And yes, you'd need to flip this bit each time you booted.

What is more interesting is the fact you maybe able to completely rewrite the whole thing; getting rid of windows entirely...

Re:Is there a way to use this to install Linux?

[Patch86]

I wonder idly if this could be used to run Wubi to install Ubuntu in that strange dual-boot-from-a-boot-file-that-sits-within-Windows way that it does. If so, that'd be a pretty big breakthrough.

Come to think of it, I have no idea how Wubi would react to a "secure boot" set up.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

That should be including Android, since Android is Linux. It is both the Linux kernel, and the typical user space tools you would find in a base GNU/Linux distribution. You can adb shell into a device and ls, cp, etc. and you can even get Busybox from the Google Play store. If you have the skills, nothing stops you from cross-compiling your own FOSS software and installing it as well. On many (almost all?) devices, you can also build and install a custom kernel, as has been done time and again.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

I'm glad to see that you are finally up to speed AC. Now if you could just learn how to create an account!

Re:Is there a way to use this to install Linux?

[HJED]

From my understanding of Secure boot, I don't think wubi would work because I think it modifies the part of the bootloader that is signed. It is also probably only designed for x86 systems and as Windows RT runs on ARM, it might not be compatible. (It at least partially acts like a boot loader which is quite architecture specific)

Re:Is there a way to use this to install Linux?

There is very little GNU, if any, in a typical Android device. Hardly GNU/Linux. Best to call it Linux.

Re:Is there a way to use this to install Linux?

[Microlith]

With the exception of Bionic, which is smaller and weaker than glibc. Android's compatibility with standard GNU-based Linux platforms is extremely weak.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

The entire Android software ecosystem is built with "standard" Linux (typically Ubuntu, but I've used a few others to do it), and has the Linux kernel at its core. While the build system has repo, that is a wrapper around gitFurthermore, it has the Linux kernel and ABI it is therefore fairly straightforward to build the software you find in a "typical" Linux distribution and install it, so long as one has the skills. This is the old naming argument again, which I'm not about to get into. The fact remains that Android is Linux, as we both agree.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

"Android's compatibility with standard GNU-based Linux platforms is extremely weak."

Due in no small part to the fact that there is no such thing as a standard GNU/Linux distribution. If you had experience developing for Embedded Linux systems you would realize how unfounded your "complaint" is. We have been using Busybox and non-glibc libc for over a decade.

Re:Is there a way to use this to install Linux?

[Microlith]

Due in no small part to the fact that there is no such thing as a standard GNU/Linux distribution.

No, due to the fact that they eschew GNU entirely, which is actually pretty common across Linux distributions with the sole exception of Android.

If you had experience developing for Embedded Linux systems you would realize how unfounded your "complaint" is. We have been using Busybox and non-glibc libc for over a decade.

I'm aware that Embedded Linux don't use glibc, they tend to use uClibc or (worse) something proprietary.

But Android is still deliberately separated from GNU/Linux platforms because Google wanted to control it all and cater to handset vendors that don't like having to comply with the GPL.

Re:Is there a way to use this to install Linux?

[John+Hasler]

> What is more interesting is the fact you maybe able to
> completely rewrite the whole thing; getting rid of windows
> entirely...

That's what I meant.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

"Google wanted to control it all and cater to handset vendors that don't like having to comply with the GPL."

You need to research Linux and its license. It is impossible to use Android without having to comply with the GPL. Every Android manufacturer is bound by the GPL.

Re:Is there a way to use this to install Linux?

asking a question isnt always feeding trolls
and what does an AC troll kbnow about the modding system?
dont bother with a reply
i forgot i dont reply to ACs then realized im not logged in -ive got work to do besides feeding trolls

Re:Is there a way to use this to install Linux?

[tepples]

My research tells me that manufacturers of Android devices are bound by the GPL only in kernel space. The user space tends toward the Apache license.

Re:Is there a way to use this to install Linux?

[marcosdumay]

Android isn't the only Linux distro that isn't GNU. You are correct in that.

Now, what part of that fact makes the GP complaint unfounded? Android could be a GNU/Linux distro, Google decided that it wouldn't, and this makes Android worse.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

You are both making the assumption that Android has to use Bionic. That is what makes the complaint unfounded.

Re:Is there a way to use this to install Linux?

[Zero__Kelvin]

Did you fail to read what the OP wrote? Or is it that you are intentionally trying to change the subject?

well then the appstore will NEED NO censorship oth

well then the appstore will NEED NO censorship other apps that crash the system. Also need to have a 3rd part app store like amazon app store for android

Despicable

This trend of making it hard/impossible to run what you want on your computing devices is just despicable. I predict that not many years from now there won't be a commonly-used platform where you can download whatever you want and run it. We may be way past the year 1984, but we sure seem headed for 1984.

Re:Despicable

[tripleevenfall]

Not so, I read on /. that Google, being the primary force for good on the Earth today, is going to produce a mobile OS which will free us from such things.

Re:Despicable

[Patch86]

Linux isn't going anywhere, and there are plenty of niche manufacturers out there producing purpose-built Linux laptops and desktops (well I say plenty...you know, relatively speaking). Presumably they'd see a fair surge of business if they became the only way to run Linux (rather than the hitherto standard method of buying anything you like from Dell/HP/whoever and just wiping the hard drive).

Re:Despicable

[marcosdumay]

I predict that not many years from now there won't be a commonly-used platform where you can download whatever you want and run it.

Well, I predict that not many years from now, whatever plataform(s) that let you run whatever software you download/write will be the one(s) that is(are) commonly-used.

There were previsions similar to mine and yours before, the ones similar to mine were always right, the ones similar to yours were always wrong. Maybe this time it is different, but I'll only belive it if somebody comes with a good explanation for why.

Now we can make a Beowolf Cluster!

[jfdavis668]

Imagine!

Re:well then the appstore will NEED NO censorship

[tripleevenfall]

"Need" implies there are people using it, which is a conclusion we might want to take off our mat for the time being.

Tomorrow is Tuesday...

[hillbluffer]

I foresee an update to Windows RT tomorrow (or soon thereafter) to plug this serious threat to user security (have to secure users from getting apps somewhere else that Redmond doesn't make money from)

Re:Tomorrow is Tuesday...

[cbhacking]

You do realize that sideloading "Modern" (a.k.a. "Metro") applications is fully possible and officially supported, right? The difference is that those have to run in an application sandbox that limits their capabilities and restricts the APIs they can call... in particular, they aren't supposed to be able to access the Win32 API, which is needed for making something that is recognizably Windows software (what Microsoft is calling a "desktop app" because it runs in the Desktop view of Win8 / Windows RT).

The breakthrough here is twofold:
1) Run homebrew / non-Windows-Store software outside of the application sandbox (at whatever permission level you like, all the way up to Admin, which is already possible for any desktop app that you can run on Windows RT).
2) Port legacy software to Windows RT with merely a recompile, rather than forcing people to re-write the software to use the new APIs.

There isn't really anything else that this hack permits which wasn't already possible on RT... but both of those are pretty big achievements.

Developing Applications

[Old+Aylesburian]

Am I missing something here? How can anyone develop new applications for Windows RT and test run them?

Re:Developing Applications

I dunno...http://msdn.microsoft.com/en-us/windows/apps/br229516.aspx

Re:Developing Applications

[Dudds]

Windows RT contains a complete Win32 API environment (all the standard DLLs are there: kernel32.dll, user32.dll, etc).

Visual Studio 2012 comes with the ARM compiler, so building executables is fairly easy. The restriction, to not allow ARM Win32 applications, only came late in the development cycle, so it's really only hacked in. Visual Studio will even allow native development for ARM applications, going as far to remote debugging the application, by simply adding a "enabled" setting to the ARM manifest file.

The Windows RT SDK for building executables is not required to link existing applications, only a library file is required and that is easily built (in the XDA thread, a tool was posted that builds library files from live DLLs).

Crack, Rip, Hack, Jailbreak ...

[bill_mcgonigle]

"Windows RT Gains Solution to Allow Customers to Run Any Software They Choose"

And we wonder why people don't "get" Software Freedom. Somebody please remember to name the next software-freedom work-around "murder" just to keep the bad PR going.

Re:Crack, Rip, Hack, Jailbreak ...

[Megane]

"... Except Linux"

Sounds like this is a hack to let unsigned apps in. While it's not impossible to have an app which is actually a Linux boot loader, it would actually have to take control away from the kernel first. All this does is tell the kernel not to check the app.

I'm rather surprised that El Reg didn't take an opportunity in their article about this to snipe about Linux still being locked out.

Re:Crack, Rip, Hack, Jailbreak ...

[Zero__Kelvin]

I propose "Caressed". The we can say we caressed our phone so that we can have our way with it.

Re:Crack, Rip, Hack, Jailbreak ...

[Darinbob]

How about "I got my phone totally wasted and then installed some unsigned apps"?

Which 3rd party apps are those?

[Barlo_Mung_42]

Still have to be complied to ARM right?

Re:Which 3rd party apps are those?

[DdJ]

Won't things that use the CLR run without recompilation?

Re:Which 3rd party apps are those?

[Dudds]

On the last few pages of the thread at XDA, there are links and screenshots of: PuTTY, Tightvnc, 7zip and BOCHS (just to name a few):
http://forum.xda-developers.com/showthread.php?t=1885399&page=23

Re:Which 3rd party apps are those?

[0123456]

Won't things that use the CLR run without recompilation?

Only if they don't call native code at any point, or only call native code that exists on ARM versions of Windows. If they bundle an x86 version of zlib.dll and call it to read .zip files, for example, you're probably screwed.

Re:Which 3rd party apps are those?

[s73v3r]

That would be for things using .NET. Legacy native code, written in C/C++, would have to be recompiled.

Re:Which 3rd party apps are those?

[cbhacking]

CLR = Common Language Runtime = "things using .NET". You basically just re-stated his comment...

Re:Whitelisting of a sort (& the future of sec

[dyingtolive]

Interesting post. I'm no security buff, but whitelisting doesn't sound like it's inheriently a bad thing, and I don't think anyone would argue so, but if that's the route you go, the default should have to be that the user themselves is gatekeeper, with the option of enabling it such that they can use another party to manage their walled garden for themselves.

Really, building your own walled garden of executables from places you trust actually sounds like a pretty clever idea. It also sounds like Linux repositories with a filemask of 110. Or maybe using a host file instead of DNS. :P

Re:Whitelisting of a sort (& the future of sec

[iamgnat]

Except the problem with your whole premise is that you forget the user.

Basically Apple "whitelists" what Apps can run under iOS (and are clearly moving that way for OSX too), yet people rail against it and even go so far as to remove the "whitelist" (e.g. jailbreak).

The problem comes down to who does the vetting and testing of an application to add it to a whitelist? If it is the user, they've proven they can't be trusted because they'll "vet" any new screensaver/antivirus/cursor application that comes along. If it is a central organization (Microsoft/Apple/Google/etc..) you then run into conflicts of interest in what they think you should do with the platform and what you actually need/want to do (e.g. what happens when you have a problem that can't be solved by any existing approved application?).

There is no simple single solution to the problem of security. A real solution by nature needs to be multilayered which means there is some complexity and ultimately users have to take responsibility for their actions. The idea that a single company/program can keep you safe just keeps perpetuating this idea that you don't have to pay attention to what your are downloading/executing and it's that mentality that allows malware to continue to be so successful.

"Metro" is a Walled Garden

[Microlith]

On your x86 Windows system, the default setting is Unsigned — you can run anything you like. With Windows RT, the default, hard-coded setting is Microsoft (8); i.e. only apps signed by Microsoft, or parts of Windows itself, can be executed.

They can set this selectively per environment as well. Microsoft sets it to "Unsigned" for the desktop but to "Microsoft" for "formerly-Metro" applications.

Re:"Metro" is a Walled Garden

[cbhacking]

Ummmm.... no. You can sideload "Metro" applications just fine (after running one command to unlock this capability). The packages must be signed, but they can be signed by anybody (including self-signed), so long as they chain to any trusted certificate. Visual Studio generates an install script for the package that checks whether its (also auto-generated) signing cert is trusted, and if not, offers to install the cert for you. You can also do so manually (just double-click the cert file and follow the usual import steps).

So, .APPX (Metro application bundle) files don't require "Microsoft" signing level. What about the binaries they contain, though? It turns out that those don't need to be signed at all. At least a month back, a different branch of the "run everything on Windows RT" project bore fruit; we could run "desktop" apps within the AppContainer of a "Metro" app. (WinRT isn't supposed to include the APIs to launch new processes directly, but you have to be linked against the system call interface on Windows anyhow, which means it's possible to just scan the address space for the NtCreateProcess entry point and call it.) These apps don't have to be signed *at all* even without anything like the hack posted here. They run with low Integrity Level and have (by default) extremely limited permissions (access the System32 directory, their install directory, and their data directory, and only the last of those with write permissions), but they do not have to be signed.

Summary continuation

[Translation+Error]

Since the summary ends before actually getting to the vulnerability it started to describe, here's the relevant text:

Now, in theory, you could change this hard-coded setting--but all Windows RT devices use UEFI, and so Secure Boot detects the altered code and locks the system down. Secure Boot doesn't stop you from changing the setting in memory, however

Re:Summary continuation

Since the summary ends before actually getting to the vulnerability it started to describe, here's the relevant text:

It's not a summary. It's plagiarized straight from the article. Some anonymous reader did not write that. Sebastian Anthony did.

Re:Summary continuation

"From the article:"

Dipshit.

Re:Summary continuation

Problems with reading comprehension, eh?

Too Late

Now that there is a win8 version in circulation which allows it, it is too late.

Re:Whitelisting of a sort (& the future of sec

Interesting post. I'm no security buff, but whitelisting doesn't sound like it's inheriently a bad thing, and I don't think anyone would argue so, but if that's the route you go, the default should have to be that the user themselves is gatekeeper, with the option of enabling it such that they can use another party to manage their walled garden for themselves.

Except that the root problem with security is the user. If users could be reliably trained to not follow links in phishing emails, to turn off cookies, or not execute random files the find on the metaphorical floor, there would be no need for any kind of whitelist.

Since that hasn't proven to be feasible, any system that lets the user override the system (by for example adding a third party repository to their trusted list) is doomed to fail.

I didn't forget the user, & MORE (see quote)

"* E.G.-> It'd be a LOT simpler for say, a home user all the way up to a network administrator on a HUGE corporate WAN to setup a list of PROVEN & fully vetted/code reviewed allowed apps to run (& all the rest would be disallowed...)" - by Anonymous Coward on Monday January 07, @12:17PM (#42506533)

See subject-line, & that quote of myself, vs your misinterpretation of what I wrote (or perhaps you just missed it)...

---

"Except the problem with your whole premise is that you forget the user." - by iamgnat (1015755) on Monday January 07, @12:36PM (#42506753)

Once more - See above...

---

"The problem comes down to who does the vetting and testing of an application to add it to a whitelist? If it is the user, they've proven they can't be trusted because they'll "vet" any new screensaver/antivirus/cursor application that comes along." - by iamgnat (1015755) on Monday January 07, @12:36PM (#42506753)

See above again - in corporate environs, where THE MACHINE IS NOT THE USERS but the companies? That'd be the network admins doing the testing (hopefully).

---

"There is no simple single solution to the problem of security. A real solution by nature needs to be multilayered which means there is some complexity and ultimately users have to take responsibility for their actions." - by iamgnat (1015755) on Monday January 07, @12:36PM (#42506753)

You're "preaching to the choir" here man... seriously, take a look below

(I.E.-> I've been doing security guides based on "layered-security"/"defense-in-depth", especially geared to 'end users' @ home with single systems, since 1997 online & doing pretty well @ it):

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

The unthinkable?

Microsoft decides to suck it up and puts in a simple UAC-like system where the user has to confirm that they want to run a potentially dangerous application that is not signed by Microsoft itself.

Based on the little I know...

[The+MAZZTer]

Once you can attach a remote debugger to a process you can pretty much run whatever code you want, it's just not user-friendly. The big thing here is that a system process is bypassing sanity checks on API calls (for speed, I assume) and so it's exploited to run arbitrary code in kernel mode, and then you have the whole system (in this case, it just flips the switch to allow any app to run, for the current session only I assume, it won't persist to the next boot).

MS may restrict the processes to which the debugger can attach to fix this, so you can't attach to any system process which uses the faster API calls lacking sanity checks. Assuming there's no way to get other programs to use those versions of DLLs, this would close the exploit, unless the user removes the hotfix (can you do that in RT?) or reinstalls Windows (if that's easy to do).

Either way a tool to package up the remote debugger side of things into something usable would be fairly trivial to make, just gotta capture the network activity of the exploit and then automate it so normal users just push a button and then trigger the proper breakpoint by adjusting the system volume.

Re:Based on the little I know...

[cbhacking]

It's not actually really running arbitrary code in kernel, just changing some kernel memory which causes the kernel to run different code. All the code running is already present in the kernel - this isn't a code injection attack, or even ROP - but instead merely flipping a switch that isn't supposed to be accessible from user-mode. Very minor nit-pick, but I wanted to be clear on that. If (for example) Microsoft had decided to not permit the "Unsigned" level at all, and had removed the code which executes that path, this exploit would not work in its current state. However, that would be a non-trivial change to the program loader, which is a pretty core part of the OS. By just changing a flag that the program loader already understands, MS is able to keep the source for Windows RT pretty nearly identical to that of Windows 8.

Re:Based on the little I know...

[cbhacking]

Self-reply with more info...

There is some code injected, but it's injected into the user-mode process CSRSS.EXE using the debugger, not injected into the kernel. The injected code modifies a struct which is then passed as a parameter to the kernel via a system call. This call can only be made by the CSRSS (Client/Server Runtime SubSystem) process, and the kernel "trusts" it more than it should (lack of sanity checks on the parameters). When the kernel processes the modified struct, it will change the required signing level flag within the kernel.

Re:I didn't forget the user, & MORE (see quote

[iamgnat]

See subject-line, & that quote of myself, vs your misinterpretation of what I wrote (or perhaps you just missed it)...

You mean the subject line that is simply showing as "Whitelisting of a sort (& the future of securi"?

As far as possibly misinterpreting you, I will admit your writing style is not as clear as it could be but you clearly go on about whitelisting being most/all of the security solution (to the extent you talk about it possibly replacing AV software). If that was not the point you were trying to get across, then I apologize but that is how it came across to me.

See above again - in corporate environs, where THE MACHINE IS NOT THE USERS but the companies? That'd be the network admins doing the testing (hopefully).

In this case the network admins/company are still the end user even if the result is that they represent more than one physical person. Using the iOS example without buying into Apple's development system there is no "authorized" method for the company to build an internal application and deploy it to their employees iOS devices. So in that case the corporate environment operators still have limited control to do their own vetting. Even still, I've been on the receiving end of "by god you will install this" in the corporate environment so you still have the "users can't be trusted" element there as well.

Whitelisting is the security holy grail, but as with all hardline security measures it forgets that there needs to be a balance between letting the user perform the work that needs to be done while still protecting them from themselves.

I spent some time in a secure environment that tightly controlled what ran on desktops and needed an application that was allowed, but not for the role I was filling. We spent 6 months going back and forth before finally getting approval and getting it installed. Because what I was doing couldn't wait those 6 months we had to work around the restrictions in the meantime. While I am sure of my personal computers, that I had to use them and email the data back and forth opened a vector for a potential problem (as well as violating the corporate rules so you can be sure I had it in writing from a couple levels of management that they approved of what I was doing).

The flip side of course is that I've also worked in environments where everyone had admin rights and could install anything the wanted (though the written policy said they "can only use approved software"). That environment was a constant headache for security and the help desk due to the near constant malware issues (which almost always manifested as performance problems).

Those are the reasons that a rigid whitelisting policy can't work in the real world. Exceptions have to be able to be made in a responsive manner, but that control still needs to be somewhat centralized. In a corporate environment this is relatively easy to do (in principle anyway), but when you start talking about home users that becomes near impossible as there is no way a large company (Apple/Google/MS/...) know what all their users need to do (and really have no business knowing that level of detail in my opinion) and the individual can't really be trusted either. Really the only way to possibly do it would be a community based system, but even there you need some kind of control to keep the likes of 4chan from polluting it by tagging malware as "safe" and Photoshop as "unsafe".

Why?

If people are so stupid as to buy a locked device, why make it better for them? Otherwise the might buy and unlocked device next time=better.

Re:well then the appstore will NEED NO censorship

[hairyfeet]

I think this article linked through TFA reviewing the WOA appstore sums it up nicely "But for now, x86 compatibility isn't just a check box: It's a doorway back to a land of sanity.". Kinda sad they are actually charging more than iPad for Surface when its quite obvious just from reading the reviews their appstore is completely broken and worthless.

BTW it may be a little petty of me, but since i called it months ago that the WOA and Win 8 appstore would be a trainwreck, since they couldn't make GFWL functional after years and a competitor that would be easy enough to copy they sure as hell wouldn't be able to pull off an appstore for a different arch so I'd like to say "I told you so" to those that doubted me and do the dance of smug superiority.

Lol ./-etrs ar at it again

Since when attaching the debugger constitutes a jailbreak?

Re:Lol ./-etrs ar at it again

[tepples]

Since when attaching the debugger constitutes a jailbreak?

Since the operating system allowed the user to attach a debugger without a recurring payment. This, as I understand it, is one difference between the Windows RT developer license model and the $99 per year model used by Xbox Live Indie Games, iOS, and Windows Phone 7.

Re:Lol ./-etrs ar at it again

[cbhacking]

The important point here, other than that yes, you can sideload and debug on RT without paying extra for the privilege, is that the value which must be changed is in kernel mode, but RT only allows user-mode debugging. The kernel debugger is disabled via Secure Boot (the bootloader understands the debug switch, but if you attempt to set it, Secure Boot will block you).

Typically, attaching a debugger to a user-mode process still doesn't let you modify kernel memory; the debugged process and the debugger itself are both running in ring 3, which means they can't write to ring0-only memory (the kernel's address space). The hack here is that there's a security bug in Windows where a trusted system process can make a call into the kernel which, due to lax parameter checking, can be used to overwrite a part of kernel memory. While the kernel *does* verify that it is this trusted process calling the vulnerable function, the kernel does not check that the process hasn't been modified by a debugger. Attaching a debugger to a system process requires Admin, but Windows RT allows running processes as Admin so that is not a problem.

Did you even READ my post entirely?

Not only did you falsely accuse me of NOT covering end users, WHICH I PROVED I DID QUOTING MYSELF IN MY OTHER REPLY TO YOU IN REGARD TO THAT -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42506997

---

NOT ONLY THAT!

You also MISSED that I noted "layered-security"/"defense-in-depth" (as I've been 'into that' for decades now via the proofs of that I put up in extremely successful security guides for end users, the ones that need them most)!

That quote? It's per the termination of my initial post here -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42506533

PROOF again, via this salient pertinent quote of myself from my initial post here:

---

"Whitelisting COULD help stop that too, per what I stated above, along with other "layered-security"/"defense-in-depth" measures commonly used today already." - by Anonymous Coward on Monday January 07, @12:17PM (#42506533)

---

Especially on THAT note?

You are PREACHING TO THE CHOIR on layered security/defense in depth especially to myself, and you also falsely accused me of NOT COVERING END USERS too... in regards to whitelisting!

---

AND, yet you got a +5 upward mod & my posts are downmodded to -1...

APK

P.S.=> Again, as I asked you in another post: EXPLAIN THAT, please...

... apk

Re:I can say that of your READING 'ability'

Please take your meds. Thanks.

Asking SAME question of YOU now

Why was my post downmodded here http://news.slashdot.org/comments.pl?sid=3364039&cid=42507429

?

* Especially since I covered END USERS being 'gatekeeper' as well as network admins in corporate environs in the link above!

(This I gotta see - Why? Well... Just to see if others notice what I do around this website, noted below...)

APK

P.S.=> So, why the downmod of my posts (nearly every one of them since my initial post you replied to)?

Again - I'd love to see YOUR answer to that!

(Not saying YOU did it or anyone I replied to - it's MORE to make a point how BOGUS the moderation system is here @ times, when trolls misuse it)...

... apk

Re:Asking SAME question of YOU now

[dyingtolive]

Honestly, I have a hard time knowing for sure. I couldn't have downmodded you, as posting prohibits moderation. This is, of course, ruling out sockpuppet accounts or any sort of malarkey like that, but you'll have to take me on my word it wasn't me.

To speculate on your question, I would suggest that it's probably something to do with the fact that you have a bit of a reputation for what I might call an erratic posting style. You're usually very long winded on a topic, and I've seen you post things that are strange tangents that don't really apply to the topic of the thread. Then again, I'm not sure if those are actually you, or perhaps impersonators mimicking your very unique style of writing.

All of these things somewhat make you stand out in a crowd, which makes you a target for anyone who needs one, deserving or otherwise. Tell you what: Try toning down the posting style to something more subtle for a couple posts. Maybe don't sign them apk. Maybe go with Alexander (I believe that is your name) or some other moniker. See if people react the same way. Call it a social experiment. :)

Re:I can say that of your READING 'ability'

Quit projecting your own "issues" onto others.

Explain this - I cleared up your misconception

AND, yet I get a downmoderation here -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42507627

Purely in response to HOW I use both custom hosts files AND DNS servers (external to my home filtering DNSBL based ones no less, vs. online threats no less, both in my routers AND network connection, layered security again, vs. using a home DNS system (which would be a waste of electricity, cpu cycles, RAM, & other forms of I/O as well as introducing the possibility of failure + DNS redirect poisonings).

"?"

* I'll be waiting...

APK

P.S.=> THIS I JUST GOTTA HEAR - not saying YOU did it, I could care less - it's MORE to point out how BOGUS the moderation system here really is!

E.G.-> So far in this exchange beneath my initial post?

---

1.) I've been falsely accused of 'forgetting end users' in this exchange - which I PROVED, literally quoting myself to do so, that I didn't (& 2 times to 2 different repliers who obviously "skimmed" my reply), both here http://news.slashdot.org/comments.pl?sid=3364039&cid=42506997 and here http://news.slashdot.org/comments.pl?sid=3364039&cid=42507429

AND

2.) I also listed using layered security methods in addition to my noting whitelisting (of which I am an expert for decades now on the former, & proved that too with examples of security guides I've done that did GREAT online since 1997 no less that employ it), then, the poster I replied to 'went off' on it, until I showed him I've been doing THAT for coming up on 2 decades now, implying I didn't note it -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42508567 when I clearly did (again quoting myself to prove I did )

---

Come on - "something's up" here... lol!

... apk

Fraudulent use of a developer license

[tepples]

You do realize that sideloading "Modern" (a.k.a. "Metro") applications is fully possible and officially supported, right?

Microsoft states that it "can detect fraudulent use of a developer license on a registered machine." What information is sent back to Microsoft when a developer license is used to allow Microsoft to "detect fraudulent use"?

Re:Fraudulent use of a developer license

[cbhacking]

So far as I'm aware, just the application name (specifically, the package name that it is registered on the system with) and possibly a binary list; I haven't fully explored it yet. This appears to be intended as an anti-piracy protection. I've got a number of sideloaded apps, including some which are relevant to this type of work and completely unsuitable for Windows Store development (I'm looking into an alternative approach that doesn't require a kernel security hole, but I'm nonetheless on the periphery of the developers who were working on this). If MS wanted to block the developer license I use for sideloading them, they could have done so any time in the past few months.

Of course, I could then just get another one... it's not like the licenses cost anything.

Re:Fraudulent use of a developer license

[tepples]

If MS wanted to block the developer license I use for sideloading them, they could have done so any time in the past few months.

Of course, I could then just get another one... it's not like the licenses cost anything.

I was under the impression that blocking a developer license would block that particular Windows OS product key from obtaining another one.

Scriptable?

[tepples]

You can sideload "Metro" applications just fine (after running one command to unlock this capability).

How hard is it to script the periodic commands to renew this capability?

Re:Scriptable?

[cbhacking]

Pretty easy, the task scheduler is included in Windows RT. It's a single Powershell command (must be run as Admin): Show-WindowsDeveloperLicenseRegistration. That pops an interactive dialog, but it's easy enough to get through.

I actually hadn't bothered to do this before (I have MSDN access, so the developer registration lasts for 3 months each time) but for those using the 1-month registrations, a scheduled task to renew it makes a lot of sense.

Re:How I use BOTH custom hosts & DNS... apk

I use a "white list" DNS server written w/ "python" running on my computer. python => smaller than an /etc/hosts file, less memory and i/o than an /etc/hosts file, & NO BUGS (pythons eat bugs lol => true fact!)

BQL

Ms only hardware??? then they will need to make

[Joe_Dragon]

Ms only hardware??? then they will need to make alot more choices then what apple has and lunix will get all the high end systems / good video cards.

Ms may even try to lock in video cards as well.

Re:Ms only hardware??? then they will need to make

[hairyfeet]

I'm afraid its true, look up "Windows Blue" which is straight from Redmond, the goals are 1.- Yearly upgrades with software tied to you running the latest version, 2.- MSFT hardware designed to target the "high end experience" ala Apple, basically they are consigning the OEMs to the bottom tier only and are gonna gouge the fuck out of them so I have no doubt they are having meetings with Google as we speak, 3.- Everything tied to your account and an appstore, so you won't be doing squat that MSFT won't know about and get a cut of. Oh and of course ADS built right into the OS, 4.- A MSFT store in every big city selling MSFTPhones, MSFTLaptops and desktops, and MSFTTabs, again shamelessly ripping off Apple.

But "Lunix" as you put it won't save anybody, its a corpse and worthless for home users thanks to its horribly fragmented design model where the kernel devs don't listen to the driver devs who ignore the DE devs who don't give a fuck about the X-Server and Pulse devs, etc which is why its so easy to kill on update, its not an OS, its just a bunch of little programs that are SUPPOSED to work seamlessly together but reality shows that to be bullshit.

For awhile I had hopes Google would save us but just as I predicted "do no evil" was nothing but "think different" for FOSSies and with their browser redirects and locking the fuck out of Chromebooks they are turning out to be just as douchey as MSFT and Apple. I have a feeling that historians are gonna look back on the teen years as "the death of the open system, where all hardware was replaced by glorified game consoles" because its all about the lock in and controlling the unit after sale now, you watch in 5 years you'll have PCs with everything soldered to the board that you have to toss when you need more performance or the company stops supporting it because like that old GameCube in the closet it'll be worthless, with no upgrades nor software to run on it since "this appstore requires v 4.6 and you have v 3.4, please buy a new system" and that will be the end of that unit. Damned shame as powerful hardware has never been cheaper but hardware baked DRM means you'll never get to do anything with it except use it to hand the corp more money through an appstore.

Oh, really? Python CAN'T DO kernelmode drivers

1st of all - I program in Python... it's LIMITED, compared to my favs. in C++ &/or Delphi. How MUCH so? See next:

Secondly: How the HELL do you figure running Python's RUNTIME ALONE, never mind the code for a DNS server is smaller than hosts?

You STILL have to give it a DNSBL for blocking AND it consumes memory to run period!

---

1.) DNS server, written in python? Yea, ok... sure - see subject-line above & this -> http://stackoverflow.com/questions/981200/can-windows-drivers-be-written-in-python

That means you're NOT RUNNING IN RING 0/RPL 0/kernelmode (fastest there is) because you CANNOT CREATE A KERNELMODE DRIVER WITH PYTHON, first of all!

Which MEANS YOU ARE RUNNING FAR SLOWER than tcpip.sys/IP stack, & less efficiently! Hosts are a TIGHTLY INTEGRATED PART OF the IP stack mind you...

---

2.) How could it also consume less RAM, cpu cycles, & other forms of I/O than a TIGHTLY INTEGRATED PART OF THE IP STACK in hosts files running in kernelmode/rpl 0/ring 0 & RUN FASTER + MORE EFFICIENTLY than the fastest part of the OS with over 40-50 yrs. of optimization put into it?

---

THIS?

* LMAO - This I just gotta hear... lol!

APK

P.S.=> Hosts files, don't crash (DNS servers, do). Hosts files aren't subject to recursive DNS setup attacks either... & more - but I want to hear your "explanation" above, lol! This ought to be good...

... apk

Re:Oh, really? Python CAN'T DO kernelmode drivers

I'd like to hear why u think a DNS server is a kernel driver? lol

PS => Python is written in C so it's as fast as C. /etc/hosts is a text file so it must be parsed -- very slow!

Good if they dont sell out like the Chevron devs

[sethstorm]

This would be good if they keep their independence from Microsoft and allow these phones to do some good.

Well, someone read my complaints

& upmodded my initial post from -1 to 0 so far -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42506533 & also where I cleared my name vs. false accusations here -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42506997 taking it from -1 to 0 again.

APK

P.S.=> Which proves /. isn't COMPLETELY controlled by trolls (though it is infested all to hell with them, multiple accounts and all - anyone want proof of it? Ask, I've actually GOT it!)...

... apk

Re:Well, someone read my complaints

It wasn't upmodded. I reversed my troll mod by posting the "please take your meds" post. Notice how there is no mod history, that's the proof it was my undoing.

Seriously dude, given your mental condition there is simply no way you'll ever get a +1. Sorry to have gotten your hopes up.

Whitelisting will need NO Centership other then ap

[Joe_Dragon]

Whitelisting will need NO Centership other then apps the crash the system.

and more then 1 app store as well a 100% free zone for both dev's and users.

Thanks whoever "re-upmodded me"... apk

Per this post of thanks of mine earlier for it -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42510145

* Probably was trolls "playing games" again, what with their multiple registered 'luser' accounts they use to upmod their own posts (Jeremiah Cornelius, webmistressrachel, & the 'dual identity' troll tomhudson/Barbara, not Barbie - as just a FEW I know do it, & how, why, when too (if ANYONE wants proof of that too? Ask, & "ye shall receive"))...

APK

P.S.=> See subject-line above, & thank-you to whoever set those 2 posts of mine right again @ least (many more of mine here are STILL downmodded, but those are a start)...

... apk

It's better than walled gardens & how/why

http://betanews.com/2012/01/25/the-top-10-web-security-threats-you-should-avoid/

Pertinent quote/excerpt:

---

"The compromised website is still the most effective attack vector for hackers to install malware on your computer with 47.6 percent of all malware installs occurring in that manner, says security firm AVG.

Another 10.6 percent are tricked into downloading exploit code -- many times, without their knowledge -- by clicking on links on pages to sites hosting malware...

It also found that faked pharmacy sites are a popular attack method, seen in about 10.4 percent of all attacks.

Fake antivirus scanners remain a popular malware injection method at 8.4 percent"

---

* Fact is, what I noted, in compromised sites, comprises 77% of malware installations - not what users download & install themselves (ala shareware/freeware sites like download.com etc./et al)...

APK

P.S.=> That's the TOUGH part - the 'driveby download attack' in maliciously scripted sites, bad links to sites, etc.-et al, & why I built this app:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

---

It speeds you up, makes you surf more reliably, but mostly more SAFELY (you can't get burned by what you can't touch)...

It works, to STOP USERS from 'hitting' or rather, being HIT, on known maliciously scripted hosts-domains/servers/sites... & it's updated every 15 minutes here in a 'special build' I use, but users can do it every 12 hours on THEIR end using it.

The rest of what I do?

"Std. layered security/defense-in-depth" ala these guides I've done online since 1997-2008 for Windows users -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

HOWEVER: What I personally find VERY EFFECTIVE vs. the 'driveby attack' on sites with malicious code or bogus bad links? In COMBINATION with blocking I do in custom hosts files noted above??

Opera & it's "By Site Preferences"... how so?? Ok:

By ONLY allowing scripting, cookies, plugins, frames/iframes, javascript, java, etc. on SOME sites only that REQUIRE THEM FOR FULL FUNCTION!

The rest are in global policy, disallowing their usage (lessening the chance of attack since those items are OFTEN exploited, massively)...

... apk

Re:Whitelisting of a sort (& the future of sec

No the idea is to get you used to the fact that you can't have anything that's not approved
or otherwise certified. The day will come when you buy a new refrigerator but before you can
turn it on you have to visit a website to register it and accept an energy plan for it. And no...
you won't be using that electricity to grow pot in your garage anymore.

Whew - Gotta admit: HELL OF A POINT! apk

I assume people and companies (governments too) are honest (mostly)... that can be a "problem", for me (or essentially, I figure, anyone who operates honestly period).

Why? Well... simple:

I.E.-> If you don't THINK like a crook? You'll GET "CROOKED"...

APK

P.S.=> It's tough for me to "channel that 'inner-criminal'" here so I don't think about points like yours - HOWEVER/again: That is 1 HELL OF A GOOD POINT you made

(That is, IF things get so 'nuts' that corporations get THAT bad, that is)...

... apk

The IP stack is (learn to READ)... apk

"I'd like to hear why u think a DNS server is a kernel driver? lol" - by Anonymous Coward on Monday January 07, @05:33PM (#42511265)

Did I state DNS servers are? No. I said the IP stack is (tcpip.sys, & it loads @ bootup + turns on fully once you are in Windows logged on & services start making request on it with client apps too)...

Fast as it gets, written in C & Assembly, and with over 40-50 yrs. of optimization poured into it as well!

---

"Python is written in C so it's as fast as C." - by Anonymous Coward on Monday January 07, @05:33PM (#42511265)

It's INTERPRETED 'code', not a TRUE 'stand-alone' self-contained executable... & there is a LARGE DIFFERENCE in speed right there, for starters!

APK

P.S.=>

"/etc/hosts is a text file so it must be parsed -- very slow!" - by Anonymous Coward on Monday January 07, @05:33PM (#42511265)

Clue - ANY lists you load into DNS? Same thing... loadtime from disk (they are NOT 'automagically' in RAM)...

Secondly:

The app I wrote? Makes hosts files SMALLER & FASTER by using smaller blocking addresses, AND, removing redundant entries (as well as problematic ones with say, CDNs)... & more.

THIRDLY:

Parsing a hosts file in RAM is fast once it's loaded!

Loaded - either by the FAULTY with larger custom hosts files DNS clientside cache in Windows (Linux has no such fault, it is 1 thing I will give it hands-down in fact over Windows), OR, by the kernelmode diskcaching subsystem, as I do it here...

... apk

Re:The IP stack is (learn to READ)... apk

A whitelist DNS server can store data in memory &/or disk as a hash table. I bet u like hash :) lol. /etc/hosts is O(N) speed but a hashtable is O(1) speed. That means it's faster than /etc/hosts. Also, the /etc/hosts file is re-loaded and re-parsed every time u do a DNS lookup => http://svnweb.freebsd.org/base/stable/9/lib/libc/net/

it ain't jailbroken until

linux installs and runs with ease on arm-based winrt tablets (e.g. surface).

Re:Whitelisting of a sort (& the future of sec

[steelfood]

Accessibility by definition grants extra ability to those who have less or no skill.

There's nothing wrong with accessibility in general. But it incurs a cost. By granting the unskilled extra power that they have no skill in weilding, accessibility makes the landscape that much more dangerous. There are those who are willing and able to become skilled, and through an increase in accessibility, there will be an increase in these people. But this happens at the cost of having to deal with everybody else, who are not interested in such things and willingly accept the collateral damage.

It's like guns (which I mention because it is a popular topic being debated), or vehicles (which I mention because this is Slashdot, and a car analogy is necessary). Accessibility to guns or cars makes the landscape that much more dangerous for the very same reason. For cars, it's getting into accidents. For guns, it's hitting an innocent bystander (or oneself). Accidents are fairly frequent. Bystanders getting shot happens less so, but occasionally when police start firing into a crowded area (individuals are not bystanders when they are the target).

One can argue that in the hands of a skilled operator, a gun would be that much more dangerous for everyone. There certainly is merit to this argument. But that particular argument comes with a presumption of a self-destructive actor, which in all cases would be equally devastating (within context). The same self-destructive actor in a car analogy would drive a car just to ram other people's cars off a cliff road, or a semi just to T-bone a full schoolbus. There are such actors, these events are impossible to stop irrespective of overall population skill (though one can argue that a skilled operator has a small chance of preventing such actions). A better, more effective method of prevention would be to attack the self-destructive impulse itself, and operating skill does not factor into this at all.

I don't support strictly regulating computer usage the way that cars are (albeit loosely) regulated. But I do understand where companies are having trouble finding that middle ground, the spot where they can offer a powerful product to everybody such that anyone with skill can make full use of it, but where they can also limit the unskilled to very specific abilities. Companies are at both the mercy of the consumer who can choose to use a competing product, and of the 3rd party vendor who can choose to develop for a competing product.

Android, I think, comes very close to this, but there are still numerous destructive (within context) things unskilled individuals can inadvertantly do with an Android device. For starters, surrendering habits and other personal information to Google or other companies, and allowing and encouraging this behavior, constitutes dangerous behavior, though possessing a cell phone effectively amounts to having a 24/7 tracking device so the point is moot for many pieces of information.

Windows, stemming from the computing paradigm of yore, did not control the users actions at all, which resulted in the mess that is Windows. Developers and users alike made a mess of the ecosystem. Meanwhile iOS and Windows RT is a bit too controlling, resulting in developers' annoyance for the former and full abandonment for the latter. There are other problems with Windows RT (and Windows 8) from the user interface side. but that I leave for a separate discussion.

(As for gun control, there are certain measures which I support, in particular, focusing the control on bullets and taking the mental health (history) of a gun buyer into account, but there are other measures I oppose on the grounds of being ineffective, draconian, or both. But that is neither here nor there.)

Wrong again... lol! apk

Still interpreted code slow, no getting around that - you use a Python created DNS server>

That's just the way it goes for you... period!

* You FAIL #1 of 2 (see next below on your 'point')...

APK

P.S.=> On hash tables - ok: Even binary search patterns & indexing CANNOT beat my placing my top 20 favorites into the host @ THE TOP OF THE FILE!

That's what your hash table does, & I beat it with SMART PLACEMENT, lol...

(Try it, do the math over 2 million entries, since that's what my hosts file has - the way I do it noted above? Well - I actually come out FASTER for my favorites top 20 @ the TOP OF MY HOSTS FILE once loaded into the kernelmode diskcaching subsystem!)

The rest of what's in my hosts file? Blocked - I could care LESS about 'getting to them' since they are known malicious & BLOCKED - (you "FAIL" yet again!)...

... apk

Re:Wrong again... lol! apk

lol "Genius" -- the entire hosts file must be processed (very slowly, imo) every time you do a dns lookup that's not your top 20 u => FAIL

PS => Is goatse in ur top 20?

PPS => a slow O(1) algorithm is still faster than fast O(N) algorithm when N is big (like your hosts file) => http://en.wikipedia.org/wiki/Big_O_notation

How much code is GPL differs

[tepples]

I agree that it is illegal to distribute Android without agreeing to the GPL. The difference between Android and GNU/Linux lies in how much code is affected by the GPL. Unlike GNU/Linux, Android limits the extent of GPL covered code to the kernel, so any changes to user space need not be distributed to the public as source code.

Re:How much code is GPL differs

[Zero__Kelvin]

Yes. That was my point. The OP stated that "Google wanted to control it ALL and cater to handset vendors that don't like having to comply with the GPL". (emphasis added) Since we both agree that they still need to comply with the GPL, nor does Google control it all, we clearly agree that the OP made a ridiculous statement, right?

WRONG again & how/why... apk

Ok - What's @ the top of my hosts file? My 20 favs.!!!

(Which beat up to 2++ million INDEXED by hash table entries)...

Please - Do the math!

You'll see EXACTLY what I mean, mathematically (even in a binary seek, which is generally easier to use than hash tables, is sorted, & faster usually too).

Hash Tables: Which are a BITCH to get right for diff. kinds of datasets too mind you... they're touchy shit!

(Binary trees & seeks are better & take less RAM to implement, & I still beat those too, up to 2++ million entries by putting my favs I spend a GOOD 95% of my time online at, which my hosts NEARLY has... very close now!)).

* You FAIL again...

Why?

I rarely DO DNS lookups!

I figured out WHERE I spend my time online is why/how, & put them @ the top of my hosts file (loaded into RAM via the kernelmode diskcaching subsystem).

HOWEVER - When I do DNS lookups?

They're from filtered vs. malicious threats FAST online DNS servers I noted earlier...

Double-win!

Lastly/Again: You use a DNS server WRITTEN IN PYTHON for Pete's sake - SLOW INTERPRETED CODE!!!

vs.

Tcpip.sys which uses hosts, in ring 0/rpl 0/kernelmode + the diskcaching kernelmode subsystem in RAM, housing my hosts once loaded!

APK

P.S.=> You STILL don't "get it" do you? Usermode stuff is way, Way, WAY slower than kernelmode, & always WILL be - I use smart placements to beat even hashtable indexing OR b-tree seeks, because I rarely DO dns lookups (since I know where I spend my time online, mostly here in fact)...

... apk

Lesser of two evils

[tepples]

Android caters to manufacturers that don't like GPL compliance by minimizing the amount of what they have to do that they don't like. Say a manufacturer has two relevant options: either A. do what it doesn't like to a small extent, or B. do what it doesn't like to a large extent. The manufacturer is more likely to tolerate doing A as what it considers the lesser of two evils. In this case, Android is A and a GNU stack is B. With Android, they have to distribute source code only for changes to the kernel. With GNU/Linux, they would have had to distribute source code for all modifications, including the launcher modifications that manufacturers use to distinguish their products from those of other manufacturers.

Re:Lesser of two evils

[Zero__Kelvin]

" With GNU/Linux, they would have had to distribute source code for all modifications, including the launcher modifications that manufacturers use to distinguish their products from those of other manufacturers."

Tell that to Red Hat and any Distribution that supports an NVIDIA or ATI proprietary driver. They implemented a new WM because they needed something that made sense for Smartphones, and there was nothing freely available. They created Dalvik to avoid licensing costs. You clearly don't understand the GPL at all. It is 100% possible to use some user space tools from GNU and still write other tools that work in user space that you don't redistribute because you didn't reuse a GPLed code base. In fact, that is exactly what you have with Android.

Python SLOW interpreted usermode SPEED fails

"I use a "white list" DNS server written w/ "python" running on my computer. python => smaller than an /etc/hosts file, less memory and i/o than an /etc/hosts file, & NO BUGS (pythons eat bugs lol => true fact!)" - BQL by Anonymous Coward on Monday January 07, @03:34PM (#42509307)

1.) You use Python interpreted SLOW code (many orders of magnitude slower than a single self-contained TRUE 'stand-alone' executable, let alone DRIVERS (tcpip.sys & the local kernelmode diskcaching subsystem, which power mine - far, Far, FAR FASTER... tons so!)

2.) You use USERMODE/ring 3/rpl 3 SLOW code (vs. tcpip.sys + the local kernelmode diskcaching subsystem) since PYTHON CAN'T DO KERNELMODE DRIVERS (many orders of magnitude faster than usermode, & certainly even moreso than your INTERPRETED SLOW python code).

3.) My 20 favorites @ THE VERY TOP OF MY HOSTS file outperforms hashtable indexes (up to 2++ million entries). You don't deny this - the math proves me right!

---

A.) You also CLAIM a 'whitelist' DNS list - what about blacklist for protection vs. KNOWN online threats? You WILL perform DNS lookups eventually, you know, and in recursive mode (more than potentially hazardous)!

B.) Your DNS locally IS in recursive mode, opening up the door to DNS-poisoning redirection too!

C.) Even I perform remote DNS lookups, albeit only perhaps 1 in every 100 lookups since I know where I go online & spend 95%++ of my time, & perform OCCASIONAL dns lookup queries, albeit, to FAST remote DNS servers NOT WRITTEN in SLOW INTERPRETED CODE, & that also filter vs. online malicious threats - yours doesn't apparently: YOU'RE LEAVING THE BARN DOOR OPEN TO "LET THE TRASH COME BLOWING IN"...

---

Here's what custom hosts files can do, for SPEED alone (from your own /. peers, & a security-expert from a division of SYMANTEC as well):

(Especially on the note of loads & parsing (which you claim is 'slow'))

---

SLASHDOT USERS EXPERIENCING MORE SPEED USING HOSTS FILES QUOTED VERBATIM:

---

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ and http://winhelp2002.mvps.org/hosts.htm FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525)

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050)

"I have several notorious slow adservers in my /etc/hosts" - by jandrese (485) on Friday August 17 2007, @01:00PM (#20263547)

"They're visually annoying and distracting. They're a waste of bandwidth. Sometimes they're even noisy. I block them with a hosts file" - by Kris_J (10111) on Monday October 10 2005, @11:12PM (#13761572)

"Am I the only one that uses a hosts file? Takes care of more than just ads. It's to the point now that when I see ads, I'm shocked. I've had them blocked for years. They may be able to stop adblock, but good luck trying to outlaw a hosts file." - by mrbcs (737902) on Friday November 23, @06:59PM (#42077997)

"127.0.0.1's in my hosts file. Some shady ads do cause trouble, and similar methods can be used

Python SLOW interpreted usermode SECURITY fails

"I use a "white list" DNS server written w/ "python" running on my computer. python => smaller than an /etc/hosts file, less memory and i/o than an /etc/hosts file, & NO BUGS (pythons eat bugs lol => true fact!)" - BQL by Anonymous Coward on Monday January 07, @03:34PM (#42509307)

What about BLACKLISTING PROTECTION vs. AdBanners (+ known malicious sites-servers/hosts-domains & botnet C&C servers + bogus DNS servers as well as trackers/spammers/phishers) filtering for security on your 'whitelist' DNS slow Python usermode interpreted code (ontop of speed savings this all yields)?

Adbanners (& other items noted above), that:

1.) SLOW DOWN YOUR WEBSURFING
2.) INTRODUCE MALICIOUS CODE (many evidences thereof next below)
3.) ROB YOUR BANDWIDTH YOU PAY FOR?
4.) TRACK YOU

& more...?

You don't GAIN SPEED, PRIVACY, or SECURITY THAT WAY EITHER! I do, by using a custom filtering hosts that is BOTH a 'blacklist' & 'whitelist'... lol!

Even Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked) uses this feature of hosts (it is a HIGHLY RESPECTED antispyware software).

Additionally - SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing

---

PLUS:

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/20

Read your consolidated FAILS... apk

On both SPEED & SECURITY: Speed -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42516867 and Security -> http://news.slashdot.org/comments.pl?sid=3364039&cid=42516923

* Reply to each point in each post...

(With your "rebuttals" & good luck - you'll NEED it!)

(You're OUTNUMBERED, OUT-THOUGHT, & just plain 'outgunned' by many, Many, MANY orders-of-magnitude on BOTH speed & security - From myself, your /. peers' findings, security experts, + just plain FACTS!)

APK

P.S.=> I look forward to it actually - as there is NOTHING QUITE LIKE "busting up a troll" with facts - especially one doing ONLY a WHITELIST using usermode SLOW code (vs. drivers in kernelmode) that is INTERPRETED SLOW in Python on top of it (as far as performance) - for security? A whitelist doesn't cut it alone, not until the topic of my initial post "kicks in" & I don't think it ever will on PC desktops (users LIKE control + personalization, not lack of it)...

... apk

Agreed, NOT you (was trolls)... apk

You also understand HOW EASY/SIMPLE it is to have multiple accounts here to mod others down, and yet not remove moderations from "other alternate registered 'luser'" guises too (as well as modding up multiple accounts)...

THAT'S ALL I WANTED TO SEE - THAT OTHERS HERE KNOW HOW IT WORKS THAT WAY... why?

---

I've literally CAUGHT, red-handed, an entire PACK of trolls around here that hangs out, literally, @ a domain they own called "TrollTalk.com" (not kidding on that either). They are:

1.) gmhowell
2.) Jeremiah Cornelius
3.) webmistressrachel
4.) countertrolling
5.) PLUS lastly - the WORST OF THE LOT & STUPIDEST -> tomhudson alias Barbara, not Barbie (whom I ran out of here since I caught he/she doing that very nefarious thing).

* I've had others attempt to "impersonate me" here as well... but I am 'long-winded', like the post of mine you replied to - but, I did in fact, CONSIDER USERS (though you thought I didn't).

---

On HOW I POST (long-winded etc./et al):

Sometimes, there is NO 'short & sweet' way of putting a point out, so I have to go into detail, provide examples, & go on 'tangents' as you say ( but I usually ALWAYS "circle back" to where I was & my main point I was attempting to make IF you read my entire posts...).

It's just "my style"...

---

Oh, lastly - if you DOUBT any of the above (on the 'trolltalk.com' crew I noted above, multiple account using trolls? Don't - I can LITERALLY provide proofs of them doing so AND 'gaming' (cheating) the moderation system here in fact...).

APK

P.S.=> Anyhow/anyways - Above ALL else: Thank-You for replying & thanks for your time + understanding of "how it really works" around here, & the BOGUS broken so-called "moderation system"...

... apk

On a 'social experiment' (been there/done that)

It worked - I was getting REGULAR frequent upmods (like I used to before trolls around here began 'targetting' me)... you're correct, but "been there/done that" too!

E.G./I.E.-> Posting as "pure AC" (minus the 'APK' @ the termination of my posts as a signature of sorts, & the ellipses ... apk on my subject-lines also).

This life, imo @ least? IS a matter of style... it's ALL about style in fact. If folks want to be 'cookie-cutter' clones of 1 another? Fine... it's just NOT for me is all!

* It seriously "boggles my mind" that people act like that online, because I sincerely & seriously DOUBT they would in 'the real world'... why?

It'd get you a PUNCH IN THE JAW most likely!

APK

P.S.=> Again thanks for your time & understanding... apk

Does this mean it can run Linux?

I hate to be that guy, this being slashdot and everything... ... but does this mean that it might be able to run Linux?

If I knew that I could get a tiling wm, a term, and a browser running on Linux on one of these, with a minimal amount of fucking around with it, I'd go out and buy one this instant.