Windows RT Jailbreak Tool Released

An anonymous reader writes "Earlier this week, reports surfaced that the Windows RT operating system had been jailbroken to allow for the execution of unsigned ARM desktop applications. Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, and applauded the hacker for his ingenuity. Now, a Windows RT jailbreak tool has been released."

Re:windows rt

[Fluffeh]

what'sthat?

A new and innovative way to lock hardware to only the applications that you want your users to run.

*sips coffee*

Oh, and apparently it failed to live up to the owners expectations to be locked down.

Kudos

[gadzook33]

Kudos to MS for being good sports about it.

Re:Kudos

[DavidClarkeHR]

Kudos to MS for being good sports about it.

Why wouldn't they? Now that I can run (and compile) my own programs on it, I'd be willing to buy a windows RT tablet.

Well ... maybe.

Re:Kudos

[Jerry+Atrick]

They don't have a lot of choice. The 'hack' leverages the debug support. Can't remove that support while they desperately need devs and it won't be easy to safely plug exploits via it. While the debugger is available there's no point blocking the exploit, it's certain another will be found as quickly as they can fix them.

In a few months when they've had time to decide if RT is worth continuing expect them to do something drastic disruptive to block jailbreaks. While it's struggling there's no point.

Re:Kudos

[gadzook33]

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

Re:Kudos

[gadzook33]

I'm sure this won't be the popular opinion here but I'll bet money right now that they quickly wipe out jailbreaks on RT. Bear in mind that the *first* jailbreak is not trivial but an incredibly sophisticated break compared to the early iOS breaks. That being said, I agree with everyone that RT should be opened up. Where I work we've already given up on RT (and we're not too thrilled with 8). If MS wants to keep our business, they're going to need to lighten up.

Re:Kudos

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

Crysis on the Surface RT anyone?

Re:Kudos

[Barlo_Mung_42]

Did you know that you could already compile and run your own apps on it? They even give you the dev tools for free:
http://msdn.microsoft.com/en-US/library/windows/apps/hh974577

Re:Kudos

[DavidClarkeHR]

I guess...developing a lot of RT stuff are you? I'm an avid MS-tech developer and I'm not buying an RT device...hopefully the pro will come through. Not to happy about the fan :\

I'm a developer, and I use Visual Studio for lots of C projects, and some C#. I bought the RT specifically because of RemoteFX.

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

Crysis on the Surface RT anyone?

Exactly.

I bought my playbook the moment they announced the playbook keyboard because of the same reason. In this case, it's citrix at work and splashtop at home.

Re:Kudos

[icebike]

That they didn't lead the charge with a bunch of lawyers does not mean they won't try to
fix the problem.

The guy did them a service, finding a hole that they can now try to patch.
Further Microsoft knows that this will only be used by a quarter of the 28 existing Windows RT users, so its no big deal.

Re:Kudos

[icebike]

Seriously I don't understand why MS isn't touting RemoteFX as the "killer app" of the entire "tablet" world. I'm not buying the Pro, because there is literally no reason when my RT still runs Remote Desktop.

That makes a lot of sense. Tie up TWO machines to do the work you could otherwise handle with the tablet alone. I think MS marketing department has an opening for you.

Re:Kudos

[meta-monkey]

The fan?

Re:Kudos

[GigaplexNZ]

That link only applies to WinRT apps (ie the don't-call-it-Metro interface), it does not apply to desktop applications. This "jailbreak" only applies to desktop applications.

Re:Kudos

[ConceptJunkie]

Why wouldn't they?

Because in nearly 40 years, Microsoft has never been a good sport about anything, and the last thing Microsoft has ever wanted is any decrease in their ability to control what their users do.

Frankly, I'm surprised at their reaction. Maybe they already have a fix in the channels and know they will plug the hole soon.

I can't imagine Microsoft being so blase about this particular form of jailbreak, otherwise they wouldn't have bothered to implement the app lockout in RT in the first place. The whole point of Windows 8 seems to be, yeah, there are the usual improvements and bug fixes that come with each new release of Windows, but primarily the whole point of the product seems to be nothing more than laying the groundwork for their own walled garden, and to get a foothold in the mobile device market where they have been foundering for years.

If you take away the drive towards the walled garden and the idea of running Windows on tablets and phones, nothing about Windows 8 makes any sense.

Applause?

[guttentag]

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

Re:Applause?

[AdamStarks]

They could also just be reminding everyone that this "feature" is not officially supported. It's very possible that there are legitimate reasons to change the implementation of the security mechanism in ways that break the tool.

Keep in mind they didn't take any action against the homebrew Kinect stuff.

Re:Applause?

Linus Torvald hereby announces that he will be the only person with Root access on all Linux systems. He will not share the passwords with anybody.

Theo removes Root access even from himself.

Re:Applause?

[grcumb]

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

Translation: Thank you for carefully documenting how you jailbroke our new operating system. Your documentation will help us close that hole, even though it poses no security risk.

Also, now we know where to put the crocodiles.

Re: Applause?

[AdamStarks]

Since when did playing devil's advocate call for that kind of insinuation?

I must have forgotten to end my post with a cynical anti-M$ blurb. Ya know, a unique contribution that really enhances the discussion.

Re:Applause?

[cbhacking]

Note that this hack does actually make use of a genuine security vulnerability. Specifically, the user-mode system process CSRSS.EXE (Client/Server Runtime SubSystem) makes a bunch of calls into the kernel. The kernel checks that CSRSS is the process making these calls, but beyond that, it doesn't bother validating the parameters much, if at all. Some of the calls have parameters that, if deliberately modified, can be used for write-only access to kernel memory. That's what this hack is doing: changing a kernel-mode flag that controls what signature level is required on EXEs (RT defaults to "Microsoft", or 0x80000 x86 Windows defaults to "None" or 0x00000; this hack simply decrements that memory address by approximately 0x80000 depending on the state of the other flags).

This vulnerability has existed for years, and previously has not been worth patching. In order to exploit it, you need to attach a debugger to csrss. In order to attach a debugger to a system process, you must be Admin. If you're Admin, you *used* to be able to just attach a debugger to the kernel directly. However, doing so requires a bootloader option change, and Secure Boot on Windows RT device prohibits adding the debug flag to the bootloader configuration. Therefore, while this bug was never before a priority for MS to patch (why bother, when they can squeeze a bit of performance out of skipping the parameter checks and the security is functionally identical?), the fact that Admin on RT does *not* automatically also imply kernel access means they may re-evaluate the priority of the bug.

Re:Applause?

[gl4ss]

the kinect stuff is way, way more different.

they made a high level political decision about this being out of limits on RT. it's not a question about support or it's technically feasible, it was a question of promoting metro and the app market.

Re:Applause?

[ConceptJunkie]

It seems to me the homebrew Kinect stuff can only affect Microsoft by causing more Kinects to be sold. Jailbreaking RT obviates the whole reason it exists.

Re:Applause?

[AdamStarks]

There were arguments on Slashdot that the homebrew Kinect stuff actually could hurt Microsoft. They could no longer assume that 8 million Kinects sold meant 8 million Xbox 360 systems with the Kinect peripheral, which turn could make it harder to convince developers that there's an actual market for Kinect games.

I have no idea if that's true, I just remember it being brought up around here.

Re:Applause?

[cbhacking]

Similarly, jailbreaking RT can be argued to give it a new reason *for* existing. Before, it was a partially crippled device which had excellent battery life and portability, but you were so restricted in what you could do with it, no matter where you were or how long the battery lasted, that it wasn't as compelling a purchase. The Windows Store is ramping up quickly, but there will always be some classes of apps that just can't run in it, or at least not practically, and there will be more people who choose not to go through the effort of re-writing their UI for the new interface. It's a lot easier to take an existing Windows app's source code in VS 2012, open the Configuration Manager, select "ARM", and hit build again...

Re:Applause?

[ConceptJunkie]

Perhaps, but Microsoft has released libraries to use Kinect with Windows. I would think that they would be doing everything they can to come up with ways to use this innovative and successful device as a new peripheral for computers because:

1. There are possibly some really cool applications of Kinect technology that could enhance Windows (though I'm not too sure what they would be... certainly using a Kinect to control a Windows Media Center could be very useful).
2. There would be a reason to purchase a Kinect beyond using with the X-Box, which means more sales.

Maybe 8 million Kinects no longer means 8 million X-Boxes, but what if it's 16 million Kinects instead?

On the other hand, jailbreaking RT means more people might be using it, but they wouldn't be using it in ways that Microsoft intended. Of course, if that happens, then it goes to show Microsoft's short-sightedness or narrow-mindedness in creating such a crippled product in the first place. Nonetheless, I would think that maintaining control of how their products are used is as important to Microsoft (for better or worse) as is their ability to sell them.

Re:Applause?

[ConceptJunkie]

True, but clearly Microsoft has clearly considered this scenario and rejected it.

Jailbreaking RT might be a great thing, but it's not what MS wants or they wouldn't have made it necessary in the first place. I think they place as much importance on control as they do sales.

I could personally do some cool stuff with a jailbroken RT machine since I run a lot of open-source software, but I would be afraid of Microsoft doing everything in its power to plug that hole and leaving me with a device that only runs don't-call-it-Metro apps.

If, on the other hand, they were to relent and not try to stuff the genie back in the bottle, it could be a win all around.

Ok

[M0j0_j0j0]

This is a very honest question, who would want to buy this Windows RT?

Re:Ok

[fuzzyfuzzyfungus]

People who can't tell a 'Surface' and a 'Surface Pro' tablet apart; but see that one is thinner and cheaper... Never you mind about those return rates.

Re:Ok

[OhANameWhatName]

Nokia.

Re:Ok

I don't know. But it's fair to say that before this jailbreak and Microsoft's pleasantly surprising reaction to it, I wouldn't have even considered the question. Now it might be worth looking at.

Re:Ok

[Sylak]

I would like a Windows powered tablet personally, and now that there's a way to deliver software outside of the Windows store, I've got a bit more incentive to buy one.

Re:Ok

[PPH]

Restate the question: Who would want to buy ARM hardware without knowing whether they would be locked into Windows RT forever. Or could rescue the hardware by loading some other O/S.

This is going to boost the market value of used ARM devices. It may have the perverse effect of selling some more Windows RT, as people don't have the useless brick issue to deal with should they tire of RT.

Re:Ok

[vux984]

The RT is notable for its better battery life too. Depending on the circumstances its the right option for the right person... not me personally, and probably not here in the slashdot echo chamber... but it would probably be the right choice for my mom.

Re:Ok

[cbhacking]

You could always deliver sideloadable APPX packages. They would require your users to install a developer license (free, supported, less complicated than this jailbreak tool, and doesn't rely on a patchable OS security hole) but it works fine. In fact, this tool requires sideloading such a package already.

The difference is that APPX packages (bundled "Metro" apps) only work for apps that run within an "AppContainer" sandbox. That means very restricted access to the whole system, no ability to run as Admin, no ability to run as a service, and almost no ability to run on the desktop (the final item is, unofficially, partially possible but it's a total hack). This "jailbreak" (I don't care for the term but can't come up with a better one) allows you to simply compile normal Windows binaries for ARM and run them like any other .EXE.

Re:Ok

[petermgreen]

Note that this "jailbreak" allows the user to trick the kernel into disabling the signature requirements for desktop apps.

It does not let them directly mess with the kernel itself or load an alternate OS.

Re:Ok

[Sepodati]

I'd buy one, but I'm just an average Internet user. Browsing, mail, maybe a video here and there. So long as few of the popular tablet games get copied over into the RT Store, I'd be totally content with it. For the right price, though, of course.

I'm sure there are plenty of other folks like me, but all you hear is the squeaky wheels around here.

I also have no problems using Unity or Windows 8... just to peg out your rage meter... :)

Re:Ok

[fuzzyfuzzyfungus]

It's not that it's necessarily an objectively bad product(reports are that 'metro' is actually an OK interface on the devices it was designed for), just that 'Windows RT' is the biggest break with backwards compatibility in the history of Windows, yet it is sold in a package barely distinguishable from Windows 8 devices that have roughly the behavior and backwards compatibility that people expect from 'Windows'.

Re:windows rt

[Decker-Mage]

Actually Microsoft had the same response, after thinking a bit, to the jailbreaking of Windows Phone 7. No matter how hard you try, if one human, or group of humans, comes up with a protection scheme, another will figure out a way through or around it. Nature of the beast and the sooner others (Sony!?) get a clue, the sooner everyone can start thinking of more innovative things to do rather than waste resources this way.

ARMless

[OhANameWhatName]

allow for the execution of unsigned ARM desktop applications

Awesome! Quick, somebody write some applications!

Re:ARMless

[ChunderDownunder]

Supposing RT does indeed include the full Win32 API to support Office, for many FLOSS applications it's theoretically as simple as a recompile.

e.g. when I evaluated a simple text editor that would work on both Linux and Windows, with easy installation, I chose geany (sorry emacs/vi users!) The code is cpu and OS agnostic, so there would be minimal porting to ARM Win32 provided the code for Windows didn't contain too many x86-isms.

Re:ARMless

[PRMan]

I don't think Windows RT includes the full Win32 API.

Re:ARMless

[Gwala]

Actually it looks like it does from my own examination of a Surface - it's just locked so that only Microsoft can use it.

Re:ARMless

[cbhacking]

Gwala is correct, and the purpose of this hack is to remove that restriction. There are a handful of apps which have already been ported. PuTTY, TightVNC, Bochs, and 7-Zip were the first. There are ongoing efforts to port more (including some mildly ambitious projects, like Firefox, Chromium, Thunderbird, Java, and Python).

Additionally, any pure .NET 4.5 app will run, unmodified, on the Surface RT after "jailbreaking". It has to be entirely 4.5 though; Windows RT doesn't include the legacy versions.

There's a thread on the XDA-Developer forums with a list of ported software: http://forum.xda-developers.com/showthread.php?t=2092348

Re:ARMless

[nwoolls]

People are already doing this. Notepad++, putty, bochs, and 7zip (with UI) are already ported.

Re:ARMless

[shutdown+-p+now]

4.5 is an in-place update for 4.0, so any app targeting 4.0 should also run.

Re:windows rt

[Microlith]

And then you end up in the situation jailbreakers are with iOS 6. There is still no jailbreak for the platform. And when one is released, Apple will patch it.

Playing silly cat and mouse games with vendors that do this is effort and time wasted. If you see value in using devices you purchase as you see fit, then buy from vendors that don't deliberately interfere with you and make those devices and the software for them better.

congrats!

[DrEldarion]

I'm sure the three people using windows rt are grateful.

Re:congrats!

I'm sure the three people using windows rt are grateful.

Those three people? They're WINNING.

They are not full of grate, they are full of windows.

Re:congrats!

Ha ha. Three? There are TENS of users now.

Re:windows rt

...No matter how hard you try, if one human, or group of humans, comes up with a protection scheme, another will figure out a way through or around it...

Not really. A properly implemented secure bootloader is pretty much impossible to circumvent. It is enforced, in part, by immutable hardware. Have they cracked RIM's Playbook yet? Nope.

That said, if there is even a teeny, tiny exploitable error in the chain of security (hardware->bootloader->OS->application) somebody is going to figure out how to break it.

Re:windows rt

[Sydin]

Most people who jailbreak don't do it for the value: they do it for the challenge. I doubt the ones who jailbreak iOS are thinking about all the cool new apps they'll get to run once they're finished: that's just a bonus. They're thinking that they want to be the one to break apple's security, to make apple scramble to fix it, and then to do it all over again.

Re:windows rt

[thoughtlover]

Actually, I jailbroke my iPhone so I could change the MMS server because I wasn't able to access that setting. But I don't think that's what you're talking about.

Microsoft applauded the hacker for his ingenuity

[hcs_$reboot]

I was not used to that behavior... Things change at Microsoft!

Not the same.

[DavidClarkeHR]

Did you know that you could already compile and run your own apps on it? They even give you the dev tools for free: http://msdn.microsoft.com/en-US/library/windows/apps/hh974577

That's like saying the ipad is open because you can get your apps by sending them through the app store. Not quite the same, but close enough that it doesn't make a big difference.

Re:windows rt

[meta-monkey]

The only reason I continue to use an iPhone is because it is jailbreakable. I'm still using 5.1.1, though, and won't upgrade to 6 until there is an untethered JB.

I see it as the best of both worlds. I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

I think that's a good mix for Apple, too. They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users. Call it plausible deniability, maybe? However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

Now to see whether MS buys these people off

[sethstorm]

If they can maintain their independence from Microsoft, unlike the sellouts from the WP7 era, more power to them.

Re:windows rt

[GigaplexNZ]

Sydin was referring to the developers of the jailbreak tools, not the users.

Re:windows rt

[the_humeister]

Exactly why I bought an SGS 2 so I can put Android 4.1 and Debian 7 on it.

Re:Microsoft applauded the hacker for his ingenuit

But in the same written statement, MS said it will be patched in the future.

What's the point?

[lseltzer]

I really don't see the point of jailbreaking this device. There is no native Windows software that will run on it because that's all x86 code. You could run .NET code (at least some, we don't know if the full .NET is in there). And while it's possible to write native Windows programs for ARM, who's really going to do that for the few systems that are jailbroken? BTW, there is no simple jailbreak procedure to invoke this. It's complicated.

Re:What's the point?

[cbhacking]

The "why" is twofold. First of all, it's there, and we could. People have been working on this since literally launch day. Hackers gonna hack. Second, the Surface RT (and presumably other Windows RT devices) actually make very nice highly portable computers. With the familiar Windows interface and standard system tools, plus the keyboard and mouse provided by the cover, and excellent battery life... the only thing they are missing is software. The restrictions on third party apps (the AppContainer sandbox) makes it difficult to do things like create a decent IM client that is permanently connected without any lag, or an x86 PC emulator. Furthermore, all of the UI and much of the program code will need to be re-written (in most cases, at least) even if you want to target a Windows Store app.

This jailbreak largely solves the second problem. While closed-source software is still not going to be available, it turns out to be very easy to persuade Visual Studio to build desktop apps for Windows RT (something it's not *supposed* to do, but is fully capable of) and people have been working on re-building open-source software pretty much all day. The list is growing slowly at the moment, but it is growing.

As for complicated... not really. The most complex part is installing the sideloaded Metro application, and there's a script that almost completely automates that part. The rest is easy; run the tool, press Volume Down when instructed to do so, hit Enter and you're done.

Rabble Rabble Rabble

[AlphaBro]

I know this is /. and we rabble rabble hate M$$$$$ rabble, but can someone point me to another company that actually applauded the hackers who jailbroke their hardware? The standard reaction is quite the opposite.

Re:windows rt

[sjames]

It's time wasted unless you do it for entertainment purposes. Some people enjoy crosswords, some prefer cracking and jailbreaking.

It's not a half bad way to learn about software and systems in great depth and detail.

Re:windows rt

[Microlith]

I see it as the best of both worlds.

But its not. You're patronizing a hostile vendor.

I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

Then perhaps the right answer is, instead of giving money to a company that is hostile to you, that you should look around for a vendor who provides what you want. Android's done a good job at crippling that market however.

They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users.

No. iOS 6 proves that this argument is and always has been shit. Apple doesn't give a flying fuck about jailbreakers and will fight them until they've got nothing and thus far Apple is winning.

However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

You'll eventually jump ship.

Not a Jailbreak

[mic0e]

A jailbreak is some sort of privilege escalation from inside a locked-down system, using bugs in the system. This "hack" just consists of attaching a debugger to the running system, which is perfectly allowed, and modifying the live memory. That might be hard, since debug symbols are probably not released by Microsoft and source code is not available, but it is by no means anything security-relevant.

Re:Not a Jailbreak

[mic0e]

Anyway, it's great marketing for Microsoft - this is the first time I actually hear about the Surface on the news in a 'positive' way.

Re:Not a Jailbreak

[cbhacking]

You came *so close* to understanding, and then you lost it.

This hack involves the following steps:
1. Probe the address of a kernel flag.
2. Attach a debugger to the user-mode CSRSS.exe and modify a function call it makes into the kernel using info from step 1.
3. Execute the function call to change kernel-mode memory.

Step 1 is fairly legit, even though it's not really supposed to be possible from a WinRT app.
Step 2 is completely legit, assuming step 1 succeeds.
Step 3 is the tricky one. This is not a kernel debugger, those are *NOT* allowed on Windows RT devices. But, it's changing *kernel* memory (because that's where the relevant flag resides). HOW'D THEY DO THAT?!?

Turns out that the kernel trusts CSRSS a lot, and doesn't validate the parameters of some calls it makes. Some of those parameters can be used to modify kernel memory. It's a write-only process, but we know the target address (from step 1) and we know (approximately) what the desired value is - more accurately, we know the difference between the initial value and the desired value, which is good because the exploit works by decrementing the value - so that's usually not a problem.

Anyhow, this fully meets your definition of a jailbreak.
"some sort of privilege escalation": Yes, from Admin (required to attach the debugger) to kernel. Not normally a boundary that matters, which is why a multi-year-old exploit was left unpatched and we were able to use it, but on Windows RT there is in fact a boundary between Admin and kernel.
"from inside a locked-down system": Pretty much obvious, although it's worth noting that this hack requires already being able to sideload a sandboxed app and attach a debugger to a user-mode system process, which is a lot less locked down than some other systems.
"using bugs in the system": Yep. The kernel could, and arguably should, prevent CSRSS from sending it invalid parameters like that; the API in question isn't actually supposed to allow decrementing an *arbitrary* memory address.

That said, it's earned MS a lot of press coverage in the tech community, and there's been a lot of excitement over the hack amongst RT users, so hopefully they don't patch this out without providing an alternative method (or until we find one ourselves...)

Re:Not a Jailbreak

[ledow]

Take a simpler view of it.

Using a stock device, and some external software that's easily available and can send certain commands, you can modify the device remotely and run arbitrary code on it.

Sounds like a jailbre, ak on a closed to me. It's like saying that plugging in a USB device into a laptop gives you admin access, or that you can send certain packets over the network to a machine and end up with admin access.

Those functions shouldn't be available remotely, the processes should have permission to modify kernel memory and there shouldn't be a magic binary switch that lets you run arbitrary programs - if MS are actually serious about locking down the machine.

This is no different to any other jailbreak, some of which are as simple as getting to an internal command prompt, some of which involve exploiting save game files to cause a crash. But they all gain access to a "locked-down" machine using nothing but what's installed on the machine and a remote device.

Physical access to a machine is game-over, anyway. We all know this. But this is about something which doesn't require anything more than a USB cable or network connection and sending the right packets to the remote debugging service to gain full access.

Re:Nice but not new and may be better ways

[dbIII]

RemoteFX adds a WDDM driver for a physical GPU (or cluster) that can be partitioned in a VDI

Yes, which is why I mentioned TurboVNC which has been doing the same sort of thing for a couple of years. I think I know how RemoteFX works, what I don't know is how it performs.

Can you run AutoDesk Rev-IT on your tablet with TurboVNC or OpenGL over X11?

Similar things of course even back in 1999 with that p90 and a 64CPU beast at the other end of a 10Mb/s pipe, I'd say exactly the same thing now with TurboVNC exporting a Windows7 screen running Rev-IT or blender or whatever.
Of course where RemoteFX and TurboVNC fail is they are just streaming bitmaps and they can't get the sort of acceleration you could get by sending less bits to do the same job in the form of OpenGL objects - like you could do back in 1999 and earlier with X. So while you may get something prettier than your local hardware could render in real time the frame rate is going to suck without a really fat pipe (so forget about wireless tablets doing it well) and you need at least some grunt in the graphics hardware to keep on refreshing those bitmaps so you may as well be rendering it locally anyway from 3D information on the server (eg. use OpenGL).
I can't see RemoteFX or TurboVNC as a viable option for something with a lot of 3D graphics and requiring decent frame rates. With your Rev-IT example I'm assuming it's a different story if it's like other solid modelling packages and there's not a lot of change to refresh (compared to a 3D game with lots of movement, textures etc) so any of the three options is going to look OK.

Re:windows rt

[meta-monkey]

Maybe so, but in the meantime, I like my iPhone. When my contract is up next year, if jailbreaking is over, I'll jump ship.

Re:Microsoft applauded the hacker for his ingenuit

Whereabouts?

The quote I see is

We’ll not guarantee these approaches will be there in future releases.

... which isn't saying they WILL patch it, just that it's not a supported thing that they will guarantee will always be there. That's fair.

Re:windows rt

[unixisc]

It's the ARM version(s?) of Windows 8

Re:windows rt

[Kelbear]

What makes it innovative?

Re:windows rt

[ixidor]

they said the same thing about playstation. then geohot got bored, and broke it ... seems maybe just no one had tried before what with the boot linux option that WAS there.

ARM desktop apps?

[Rob+Y.]

You can compile and run your own apps on it if you happen to have completely rewritten them as metro apps. I wonder whether this jailbreak could unleash a protest movement to enable compiling WIN32 desktop code for ARM. Do the tools even exist for that?

Just because Microsoft wants to force-feed their phone/tablet ecosystem - and are willing to screw win32 developers to do it - doesn't mean there aren't plenty of win32 dev's with code out there they'd like to port. Microsoft should've provide a way to either make that code runnable in desktop mode on ARM or to minimally rewrite it to a metro wrapper that closes some security holes, etc, but allows an upgrade path. Maybe a popular revolt would do the trick.

Seriously, the attempt to deprecate desktop mode in Windows 8 is its biggest shortcoming - and I say that having just happily bought a new Windows 7 desktop yesterday (to run Linux on, but hey...). But apparently the old monopoly magic is gonna make Windows 8 succeed on PC's. Not so much on tablets.

Re:ARM desktop apps?

[cbhacking]

Not only do the tools exist for developing desktop apps for RT, they're actually the same (free, for the Express versions) Visual Studio tools used for developing Metro apps. You have to change one configuration file to stop it from bitching at you about not being able to create ARM desktop apps, and you'll find the list of .LIBs is sorely lacking, but the fix for the first was posted on StackOverflow weeks (months?) ago, and the second is easily fixed by "cutting" LIBs out of DLLs using scriptable programs which come with the build tools.

In fact, this hack would be mostly pointless if such tools didn't exist. Just because RT can now run desktop apps doesn't mean that it can run legacy (x86) software... at least without an emulator, which was one of the first things ported. Most programs recompile pretty smoothly, once you've gotten the tools set up. Just load the .SLN file in VS, select ARM as the target, and hit Build.

Re:Microsoft applauded the hacker for his ingenuit

[ConceptJunkie]

I see their compliment sort of like a scene in an action movie:

"Ah, Mr. Bond. Your escape from my heavily armed henchmen was clever. Very clever, indeed. But let's see how clever you are when I drop you in the piranha tank."

It's good PR on their part to not act offended, but I would bet they are.

Re:windows rt

[JonBoy47]

I see it as the best of both worlds.

But its not. You're patronizing a hostile vendor.

I'm also an iPhone user. I don't see Apple as a hostile vendor; they're a vendor of more failsafe products

I do like Apple's walled garden because of the polish, quantity, and diversity of the app offerings, but I want to be able to knock a hole in that wall every now and then when I want to do something they don't want me to do (wifi tethering, custom lock screens, custom notification badges, etc).

Then perhaps the right answer is, instead of giving money to a company that is hostile to you, that you should look around for a vendor who provides what you want. Android's done a good job at crippling that market however.

They get to lock down the OS so the vast majority of non tech-savvy customers don't wind up breaking their precious iDevices installing malware, but the holes still exist for the more adventurous users.

No. iOS 6 proves that this argument is and always has been shit. Apple doesn't give a flying fuck about jailbreakers and will fight them until they've got nothing and thus far Apple is winning.

However, if they ever succeed in truly battening down the hatches and making jailbreaking impossible, I'll be forced to jump ship.

You'll eventually jump ship.

Re:Flashing shitty windows 8 with Android rom?

[mcl630]

No. It just lets you run unsigned desktop applications.

Re:windows rt

[JonBoy47]

The Apple walled garden results in a more failsafe user experience compared to alternatives such as Android. The higher price-points of their devices also attract a customer-base that is not averse to actually purchasing apps. In addition to a user-base more inclined to buy apps to begin with, the walled garden virtually eliminates malware, and greatly reduces the level of piracy of paid apps. Developers can make money on the iOS platform much more readily than on Android, despite the smaller marketshare. For me as a user, this translates directly into higher quality, more usable and polished apps on iOS compared to Android. Apple actively combats jailbreaking as a proxy war against app piracy, third-party in-app purchase capability, and unauthorized wifi tethering. The first one is Apple protecting the value of their platform, the second is protecting their bottom line, and the third is carrier placation.