Ah ha! I found the original posts I was thinking of. Originally all this stuff was posted anonymously, and when people started saying Hoglund had ripped it off he put his name back on it:
Anyway that is the original, mostly un-bullshitified much longer post analysing what the Warden was doing. He took that, removed the parts that mentioned why he was looking at Warden in the first place, and turned it into his "ZOMG SPYWARE!!!" blog post.
Even so, this tells us a lot about Hoglunds attitude - at one point he actually compares Blizzard to the Gestapo. WTF? Talk about insensitive.
Wait so you say the TPM is an "undocumented functioning object", yet you also say that the TCG has published full specifications and... what's that?... there are even open source drivers to talk to it?
I think you need to buy a new tinfoil hat, this one seems to be interfering with your brainwaves.
Online game cheaters usually steal (points), destroy (other players enjoyment) and break laws (of the game). Cheaters, and the people who write cheating tools for games, are idiots who stopped developing at the age of 12. They apparently can't grasp the idea that multi-player games are entertainment, not a competition.
Now, I don't particularly care about people who cheat in single player games, to get to the next stage of the story in a role playing game or whatever. Cheats in that circumstance (usually magic key combos etc) simply let the player progress instead of getting frustrated and may actually enhance enjoyment.
But the rules are different when other people are involved. Look at what a mess cheating made of Counter-Strike - even if all the players are clean the very possibility there may be cheaters caused people to throw accusations around and ruin the enjoyment of the game for everyone.
The fact that Hoglund had the gall to make money off cheating in WoW says everything that needs to be said in my mind about his attitude and motives.
My view (as a programmer, former games programmer, former security consultant, former black hat, etc) is that that's basically though luck - it's not good enough game design, and that's that. Do not assume client security; upon assuming client security, do not pass goal, do not collect $200.
This attitude angers me. Do not assume client security? Do you know anything about how games like WoW or CounterStrike work? How exactly are you supposed to build a game which rewards the ability to sneak around when a hacked GL driver can make walls semi-transparent? How exactly can you build a game in which enforcing rules in real time is impossible? Do you seriously think everybody should go back to the days of turn based games?
There is no excuse for people making money out of multiplayer game cheats. It's immoral because it damages other peoples enjoyment of the game, and the people who program the cheats are definitely blackhats.
The Warden doesn't "spy" on you, that's a ridiculous assertion... what it did/does do is hash various bits of data including open window titles then send the hashes to Blizzard for checking against a database of known bad signatures (ie cheating apps). Hashes are one-way, there's no method Blizzard has for finding out what porn you're surfing, and they're unlikely to care even if they could.
In other words, at no point is the actual title of any windows transmitted.
Let's review this situation:
Hoglund makes money off letting people cheat in WoW. This damages the enjoyability of the game for many people, making him in my mind what is commonly called an "asshat".
He writes some bullshit article comparing the Warden to spyware, despite it sharing no characteristics with spyware at all. It doesn't try and prevent itself being uninstalled, users are perfectly aware it is there and comes with WoW - many like it, as it helps make the game fairer - and it does not send personally identifiable information back to Blizzard. In fact the hashing seems to have been put in specifically in order to preserve privacy.
It amazes me that such a transparent piece of bullshittery could have got as much press as it did, given that it's clearly a case of him trying to spite Blizzard after they shut down the money-making business of Wow!Sharp (it only went open source after they felt it had become useless). Ever since this sordid incident, Hoglund has been a dirty name to me and many others familiar with it, and I don't trust him at all.
Like I said, it wouldn't surprise me a bit if he released code showing how to hack the BIOS, just like he teaches people how to write rootkits despite them having (as far as I'm aware) no legitimate uses.
Though this does not and should not reflect upon his findings or the articles, it should be noted that Hoglund is not only a rootkit "expert" but also a blackhat who enjoys developing cheats for World of Warcraft. When the Warden came out and put a stop to this little business his Wow!Sharp software got nailed and (presumably) he began losing money.
In other words, anything this guy says or does is in my mind suspect.... he writes rootkits and other forms of "attacking software", so for all we know this asshole is getting ready to post example code to the net. It wouldn't be the first time.
Interesting. I can believe this story - I've also been interested in some aspects of computer security, mostly higher level issues like how to design software installation mechanisms such that the nasty kind of deep integration spyware does becomes impossible, and I've often thought working for Microsoft in this capacity could prove quite satisfying. I'm still not a big fan of MS the company though, whilst they seem to have genuinely changed as a result of the DoJ experience their culture just doesn't float my boat right now.
Anyway, good luck with the job interview and I hope you are able to make a difference!
I don't really have to, given that (another) story about it just hit Slashdot. But go do some research, Safari has been riddled with instant code execution exploits... and when OS X first came out it was full of suid root progs with buffer overflows etc. I could give you a list, but why bother when Google will do it for me?
That's not quite true, ActiveX effectively connected web pages and large parts of system software toghether in non-obvious ways. Look at the WMF exploit - IE *itself* will detect the bad WMF and will refuse to render it. But if you wrap it up in such a way that you pass off rendering to the Windows Image&Fax Viewer app, then you can still get through!
I would be surprised if there was a way to pass data to the WIFV in Firefox... however, I would not be surprised if there were a way to do it using KHTML as KParts is basically designed to do similar things to COM...
What makes you think Apple has a head of security? I can find no mention of such a person using the common synonyms on Google.
Given Apples appalling track record of exploits (eg, 10.4 was found to be vulnerable within days of release) even despite not being targetted by the blackhats, I would not be surprised if their culture rates security far lower than Microsofts does.
Not really, for groups that have to be compatible with Win32 then the specification often is the source code. The official specs are already on MSDN and of course sometimes this just isn't enough, because you need to replicate things that aren't actually in the specs for applications to work. Just go browse the Wine sources for a while looking for comments of the form "MSDN says X, but Windows does Y". Then there's stuff like DCOM that's so convoluted that even after reading all of MSDN (the "specs"), and several books written by MS employees, how it actually works is still obscure.
The structure of NTFS is already mostly understood thanks to years of reverse engineering by the dedicated Linux-NTFS guys - the main problem now is just implementing the damn thing. The manpower required is staggering.
I rate the chances of Google customizing search results such that the searcher appears at the top of the results for their own name as being close to nil.
I'm still convinced that either one of us is logged in to Googles accounts system via Gmail or somesuch, or we're hitting different data centers.
This argument is often used to justify lack of gun control over an entire country. I'm not sure if that's the context you were implying, but if so then this argument only makes sense when talking about towns as opposed to nations.
In other words, I don't think your average burglar would be willing to fly across the Atlantic to do some robbing simply to avoid the possibility of encountering an armed home-owner.
Obviously, some crime is international, for instance after the introduction of EMV in France card fraud in the UK went up as fraudsters moved across the channel. But typically the sorts of crimes that move around like that are the type that wouldn't be stopped by guns anyway...
Existing speech recognition engines rely on statistical approaches just like this "miracle" product does to disambiguate sounds and words, and yes about 80% accuracy sounds right. Of course this is too low when competing against a keyboard, even though speech recognition could be a lot faster by the time you corrected all the mistakes it works out slower - hence the reason it's only used in limited applications.
I have virtually no accent at all, except for very mild British overtones, yet speech recognition has never worked well for me either.
For me, Windows XP with IE6, winehq.com is the first hit.
I strongly suspect that we're simply hitting different data centers which have slightly different indexes/searches OR are using different regional sites. For me WineHQ has always been the first hit on Google without fail, mostly due to the pages massive pagerank. It's a simple abberation in their search results which they may one day fix manually (I guess most people who search for Wine don't care about Windows emulators) as it's so high profile, but I wouldn't read too much into their algorithms by it.
Nonetheless, I'd make more money if it was protected from piracy, even if that protection didn't last for longer than (say) 8 months. Like I said, the maths behind it works pretty well.
As an aside, I find it pretty annoying that some people are abusing the moderation system by modding down my posts as "Overrated" to avoid meta-mod. Either choose a damn adjective or quit moderating guys!
And you know what? All of the above statements had significant elements of truth to them. Apple is doing nothing more than showing its products, accurately insofar as it goes, in the best possible light. Is this the least bit stunning?
Well, no, it's not but then I don't think the story was posted to try make us amazed and surprised.
This sort of thing tends to get blown off by Apple fans as "what did you expect", but Apple have a history of using basically meaningless measures of performance in their marketing literature and this should concern us. Sure, we follow the tech news and see these kinds of stories and maybe we knew better in the first place.
But statistics and relative measures of performance are going to be how many people who aren't into tech, lawyers, teachers, mothers, and so on, decide what products to buy. A computer is a serious investment at the best of times, and this trend of having hardware manufacturers (not just Apple) constantly walking the line between lying and merely being "creative" is harmful to the market as a whole. After all, Adam Smith pointed out several hundred years ago that the free market assumes a perfectly informed buyer, and this kind of crap from Jobs goes a long way to making people who matter not perfectly informed.
You don't have to support a strategy just because it has a legitimate goal.
If I can't see any better strategy to achieve that goal, then yes I feel I should support it.
Throwing up your hands and saying "Well, I dunno boss" doesn't achieve anything. Ideas like the Baen Free Library are alternatives, "carry on as we are, but with no DRM" is not an alternative. Though FWIW I'm not sure how well the Free Library would work if there was some piece of technology that made reading eBooks as convenient and pleasant as normal paper books.
DRM does not prevent piracy and often infringes upon a consumer's legitimate uses.
There are many forms of DRM that prevent enough piracy to satisfy the content publishers or creators. This should be obvious - billions of dollars are spent on developing and maintaining these systems and it's done because they provide a measurable return on investment.
It is now creating security issues.
Spyware authors are creating security issues, let's not duck that fact, otherwise it's like saying banks are creating robbery issues. And recently an anti-virus firm was found to use rootkits too - does this mean that anti-virus tools are inherantly bad?
Noble goals are not enough, and the ends to not justify the means.
So what is your proposed alternative?
As a developer who writes both commercial and free software, I'd definitely put DRM on my creations if I were to release them commercially, because I've seen very compelling figures from a variety of software houses that make it clear it would be a good investment. Give me an alternative that allows me to keep my program proprietary and sold retail.
Hardware-assisted DRM may be different, but I can't see it right now.
It's quite simple really. Assume an operating system or piece of hardware that runs programs which come in a "bundle" file. These bundles are optionally encrypted. There is no cost to this encryption operation, it's a part of the OS SDK. If they are encrypted then the hardware and operating system makes a best effort attempt to stop reverse engineering of this application at runtime - for instance, there is no way to attach a debugger, you cannot dump the memory it's using, you cannot watch its IO (unless you are an expert in silicon hacking, of which there aren't many). Building such an OS/hardware combo is feasible. It doesn't even have to be closed source, if you think about it. Anyway, I digress.
You are, naturally, free to write a GPLd eBook reader for this operating system. And anybody could install, modify and use the reader with unprotected eBooks. The reader can also optionally load a decryption key from a file shipped inside the bundle. The standard source code download does not include such a key because the eBook copy control authority won't give you one unless you sign an agreement saying you'll try to protect it, which obviously isn't possible when you give it away for free on the 'net. Nonetheless it can load a key if one is lying around in the right location.
Anybody including the maintainer is free to supply this GPLd software, along with a decryption key for protected eBooks, so the reader will load it just like any other data and use it to render the eBook in the normal way. By getting this bundle (which includes a key) encrypted, the underlying OS/hardware platform effectively agrees to protect the program and its sensitive data for you.
Now the trick here is simple. You are not being prevented from modifying this software, because the reader sources are available for you to read, reuse and modify as you see fit. If you want a magic key file, then you need to find somebody who will give you Reader+Your Patch+Key bundle, which may or may not be easy but certainly isn't inherent to DRM and is more related to how flexible the original developers are.
Right now key authorities are usually big media conglomerates and only feel comfortable issuing keys to other big companies, but this isn't necessarily true. Nothing stops the eBook reader maintainer from getting a key, then simply doing what he's always done: reviewing and applying patches. You can even produce your own Bundle+Key+Patch combo, without the original maintainers involvement entirely, if you are willing to go license your own key! Again, with a sufficiently flexible organisation there's no reason this should not be possible for individuals as ultimately all these systems are backed up by the law. You sign a contract: fail to protect the key and you could wind up in court. Doesn't matter if you're a hobbyist at home or a mega-corp, you can still get taken to court.
But wait! Isn't this what the GPL revolves around in the first place?! If I break the GPL, I could wind up in court, and this is how it is enforced. So, a asymmetric-key based DRM system is really just an extension of the law in a sense because at its heart it all revolves around contracts requiring key owners to protect them, just like the GPL is a 'contract'.
Anyway. Basically, yes, I think it's possible to combine GPL and DRM, though it requires infrastructure to support that. For instance, it would be hard to produce such an OS for x86 systems as there's no way you can prevent your OS from being run on a chip simulation, which in turn makes it hard to credibly claim this is a "best effort". At some point I would not be amazed to see Intel or AMD add some support for encrypted instruction streams that are decrypted on the chip itself so allowing optional prevention of VMware type virtualization.
I think it's been proven time and again, though, that DRM is a failed concept that actually hinders consumers more than it thwarts pirates.
DRM comes in different forms, and there are variants like the smartcard based schemes that are used to defeat signal piracy which don't bother or obstruct the consumer but do thwart certain types of pirates.
I rather think this is a poor position for the FSF to take - it's OK to trumpet about users rights, but the GPL has always been a compromise between the rights of the developer to enforce his philosophy upon other people who use his code, and the rights of people to be independent of that very same developer.
The GPL is an agreement that is enforced (theoretically) by lawyers. The law is a means of copyright enforcement, just as DRM is. They both "batter heads to please somebody else". DRM was developed entirely because the law proved ineffective at stopping mass copyright violation (police have better things to do). So how comes the FSF can be pro-law but anti-DRM, given that they are different ways to achieve the same goal of copyright protection? It all seems poorly thought out to me, very much the sort of entirely black/white thinking that Stallman is notorious for.
The obvious answer to the question is Hell NO! Students need to do their own work so that the University granting $StudentX with a degree doesn't loose credibility by certifying that "$GraduateX is now Capable of doing the job" when he really doesn't know his ass from a hole in the ground.
University degrees don't usually give people the capability to do a software-related job anyway.
Well, so far two people have said "scalability does not mean what you think it means". So what does it mean, in this context? Seems like it could mean many things - I interpret a scalable distro to mean a project that scales well as it grows in utility and number of people developing/using it. And Debian doesn't seem to scale - as they add more packages, it becomes harder and harder to do releases. Actually that's true of all distros but most of them have "solved" it by only making guarantees about a small core set. Not really a solution at all IMHO.
And as to Longhorn, well, you could argue that this project hasn't scaled management-wise... true. But so what? Does Debian really want to compare itself to the next version of Windows in the sense of "well we're not quite as bad as that"? Bear in mind Debian merely integrates, if you look at the amount of code actually produced by the Debian project it's quite small relative to Red Hat, and tiny relative to the Vista team.
How? Are you Taco posting anonymously for some as yet undetermined reason? Are you OSDN management? I think not.
I don't think slashdot is feeling much heat from digg to be honest. I've looked at that site a few times. I think it's not much serious competition:
Slashdot has threaded comments and moderation.
Now, I know Taco once said that 50% of people only ever view the front page. They just want news - fine. Maybe some of these people will prefer the digg formula. But that also means that a whopping 50% of visitors actually read comments. I know that the MAIN reason I keep coming back to Slashdot despite all its flaws is the combination of interesting stories and interesting people posting interesting things to them, comments which I enjoy reading. They teach me things or make me laugh. To do that you need threading and you need moderation. No two ways about it. Diggs comments are laughably worthless in comparison - they have quantitively more but they are usually content-free, so who cares?
Slashdots stories are rate-limited and chosen by people with a core "vision". Sometimes it's not clear what that vision is, sometimes there are dupes etc... well I'm willing to accept that. I can ignore the boring stories and dupes (or maybe as I don't read Slashdot every day won't have seen the original story) easily. The good thing is, I can check back on/. perhaps once a day, maybe every few days, and go through the posted stories and find the interesting ones quickly. Digg posts stories at such a rate it's not even worth trying.
Oh, I'd like to finish by fanboying Taco. It's great that he's communicating back with his customers and community like this. I'm also happy to see that he's walking the line between being sticking to his guns and listening to his users pretty well IMHO. Not many people could walk the tightrope necessary to do that and the quantity of Slashdot competitors that litter the landscape would be a testament to this.
Slashdot Mirror
http://www.wowsharp.net/forums/viewtopic.php?t=702 4
Anyway that is the original, mostly un-bullshitified much longer post analysing what the Warden was doing. He took that, removed the parts that mentioned why he was looking at Warden in the first place, and turned it into his "ZOMG SPYWARE!!!" blog post.
Even so, this tells us a lot about Hoglunds attitude - at one point he actually compares Blizzard to the Gestapo. WTF? Talk about insensitive.
I think you need to buy a new tinfoil hat, this one seems to be interfering with your brainwaves.
Online game cheaters usually steal (points), destroy (other players enjoyment) and break laws (of the game). Cheaters, and the people who write cheating tools for games, are idiots who stopped developing at the age of 12. They apparently can't grasp the idea that multi-player games are entertainment, not a competition.
Now, I don't particularly care about people who cheat in single player games, to get to the next stage of the story in a role playing game or whatever. Cheats in that circumstance (usually magic key combos etc) simply let the player progress instead of getting frustrated and may actually enhance enjoyment.
But the rules are different when other people are involved. Look at what a mess cheating made of Counter-Strike - even if all the players are clean the very possibility there may be cheaters caused people to throw accusations around and ruin the enjoyment of the game for everyone.
The fact that Hoglund had the gall to make money off cheating in WoW says everything that needs to be said in my mind about his attitude and motives.
This attitude angers me. Do not assume client security? Do you know anything about how games like WoW or CounterStrike work? How exactly are you supposed to build a game which rewards the ability to sneak around when a hacked GL driver can make walls semi-transparent? How exactly can you build a game in which enforcing rules in real time is impossible? Do you seriously think everybody should go back to the days of turn based games?
There is no excuse for people making money out of multiplayer game cheats. It's immoral because it damages other peoples enjoyment of the game, and the people who program the cheats are definitely blackhats.
In other words, at no point is the actual title of any windows transmitted.
Let's review this situation:
It amazes me that such a transparent piece of bullshittery could have got as much press as it did, given that it's clearly a case of him trying to spite Blizzard after they shut down the money-making business of Wow!Sharp (it only went open source after they felt it had become useless). Ever since this sordid incident, Hoglund has been a dirty name to me and many others familiar with it, and I don't trust him at all.
Like I said, it wouldn't surprise me a bit if he released code showing how to hack the BIOS, just like he teaches people how to write rootkits despite them having (as far as I'm aware) no legitimate uses.
In other words, anything this guy says or does is in my mind suspect .... he writes rootkits and other forms of "attacking software", so for all we know this asshole is getting ready to post example code to the net. It wouldn't be the first time.
Anyway, good luck with the job interview and I hope you are able to make a difference!
I don't really have to, given that (another) story about it just hit Slashdot. But go do some research, Safari has been riddled with instant code execution exploits ... and when OS X first came out it was full of suid root progs with buffer overflows etc. I could give you a list, but why bother when Google will do it for me?
I would be surprised if there was a way to pass data to the WIFV in Firefox ... however, I would not be surprised if there were a way to do it using KHTML as KParts is basically designed to do similar things to COM ...
Given Apples appalling track record of exploits (eg, 10.4 was found to be vulnerable within days of release) even despite not being targetted by the blackhats, I would not be surprised if their culture rates security far lower than Microsofts does.
Not really, for groups that have to be compatible with Win32 then the specification often is the source code. The official specs are already on MSDN and of course sometimes this just isn't enough, because you need to replicate things that aren't actually in the specs for applications to work. Just go browse the Wine sources for a while looking for comments of the form "MSDN says X, but Windows does Y". Then there's stuff like DCOM that's so convoluted that even after reading all of MSDN (the "specs"), and several books written by MS employees, how it actually works is still obscure.
The structure of NTFS is already mostly understood thanks to years of reverse engineering by the dedicated Linux-NTFS guys - the main problem now is just implementing the damn thing. The manpower required is staggering.
I'm still convinced that either one of us is logged in to Googles accounts system via Gmail or somesuch, or we're hitting different data centers.
Lack of drivers springs to mind, eg AirPort cards have not been supported by existing Linux/PPC distros up until very recently IIRC.
In other words, I don't think your average burglar would be willing to fly across the Atlantic to do some robbing simply to avoid the possibility of encountering an armed home-owner.
Obviously, some crime is international, for instance after the introduction of EMV in France card fraud in the UK went up as fraudsters moved across the channel. But typically the sorts of crimes that move around like that are the type that wouldn't be stopped by guns anyway ...
I have virtually no accent at all, except for very mild British overtones, yet speech recognition has never worked well for me either.
Continued being great?
I strongly suspect that we're simply hitting different data centers which have slightly different indexes/searches OR are using different regional sites. For me WineHQ has always been the first hit on Google without fail, mostly due to the pages massive pagerank. It's a simple abberation in their search results which they may one day fix manually (I guess most people who search for Wine don't care about Windows emulators) as it's so high profile, but I wouldn't read too much into their algorithms by it.
As an aside, I find it pretty annoying that some people are abusing the moderation system by modding down my posts as "Overrated" to avoid meta-mod. Either choose a damn adjective or quit moderating guys!
Well, no, it's not but then I don't think the story was posted to try make us amazed and surprised.
This sort of thing tends to get blown off by Apple fans as "what did you expect", but Apple have a history of using basically meaningless measures of performance in their marketing literature and this should concern us. Sure, we follow the tech news and see these kinds of stories and maybe we knew better in the first place.
But statistics and relative measures of performance are going to be how many people who aren't into tech, lawyers, teachers, mothers, and so on, decide what products to buy. A computer is a serious investment at the best of times, and this trend of having hardware manufacturers (not just Apple) constantly walking the line between lying and merely being "creative" is harmful to the market as a whole. After all, Adam Smith pointed out several hundred years ago that the free market assumes a perfectly informed buyer, and this kind of crap from Jobs goes a long way to making people who matter not perfectly informed.
If I can't see any better strategy to achieve that goal, then yes I feel I should support it.
Throwing up your hands and saying "Well, I dunno boss" doesn't achieve anything. Ideas like the Baen Free Library are alternatives, "carry on as we are, but with no DRM" is not an alternative. Though FWIW I'm not sure how well the Free Library would work if there was some piece of technology that made reading eBooks as convenient and pleasant as normal paper books.
There are many forms of DRM that prevent enough piracy to satisfy the content publishers or creators. This should be obvious - billions of dollars are spent on developing and maintaining these systems and it's done because they provide a measurable return on investment.
Spyware authors are creating security issues, let's not duck that fact, otherwise it's like saying banks are creating robbery issues. And recently an anti-virus firm was found to use rootkits too - does this mean that anti-virus tools are inherantly bad?
So what is your proposed alternative?
As a developer who writes both commercial and free software, I'd definitely put DRM on my creations if I were to release them commercially, because I've seen very compelling figures from a variety of software houses that make it clear it would be a good investment. Give me an alternative that allows me to keep my program proprietary and sold retail.
It's quite simple really. Assume an operating system or piece of hardware that runs programs which come in a "bundle" file. These bundles are optionally encrypted. There is no cost to this encryption operation, it's a part of the OS SDK. If they are encrypted then the hardware and operating system makes a best effort attempt to stop reverse engineering of this application at runtime - for instance, there is no way to attach a debugger, you cannot dump the memory it's using, you cannot watch its IO (unless you are an expert in silicon hacking, of which there aren't many). Building such an OS/hardware combo is feasible. It doesn't even have to be closed source, if you think about it. Anyway, I digress.
You are, naturally, free to write a GPLd eBook reader for this operating system. And anybody could install, modify and use the reader with unprotected eBooks. The reader can also optionally load a decryption key from a file shipped inside the bundle. The standard source code download does not include such a key because the eBook copy control authority won't give you one unless you sign an agreement saying you'll try to protect it, which obviously isn't possible when you give it away for free on the 'net. Nonetheless it can load a key if one is lying around in the right location.
Anybody including the maintainer is free to supply this GPLd software, along with a decryption key for protected eBooks, so the reader will load it just like any other data and use it to render the eBook in the normal way. By getting this bundle (which includes a key) encrypted, the underlying OS/hardware platform effectively agrees to protect the program and its sensitive data for you.
Now the trick here is simple. You are not being prevented from modifying this software, because the reader sources are available for you to read, reuse and modify as you see fit. If you want a magic key file, then you need to find somebody who will give you Reader+Your Patch+Key bundle, which may or may not be easy but certainly isn't inherent to DRM and is more related to how flexible the original developers are.
Right now key authorities are usually big media conglomerates and only feel comfortable issuing keys to other big companies, but this isn't necessarily true. Nothing stops the eBook reader maintainer from getting a key, then simply doing what he's always done: reviewing and applying patches. You can even produce your own Bundle+Key+Patch combo, without the original maintainers involvement entirely, if you are willing to go license your own key! Again, with a sufficiently flexible organisation there's no reason this should not be possible for individuals as ultimately all these systems are backed up by the law. You sign a contract: fail to protect the key and you could wind up in court. Doesn't matter if you're a hobbyist at home or a mega-corp, you can still get taken to court.
But wait! Isn't this what the GPL revolves around in the first place?! If I break the GPL, I could wind up in court, and this is how it is enforced. So, a asymmetric-key based DRM system is really just an extension of the law in a sense because at its heart it all revolves around contracts requiring key owners to protect them, just like the GPL is a 'contract'.
Anyway. Basically, yes, I think it's possible to combine GPL and DRM, though it requires infrastructure to support that. For instance, it would be hard to produce such an OS for x86 systems as there's no way you can prevent your OS from being run on a chip simulation, which in turn makes it hard to credibly claim this is a "best effort". At some point I would not be amazed to see Intel or AMD add some support for encrypted instruction streams that are decrypted on the chip itself so allowing optional prevention of VMware type virtualization.
DRM comes in different forms, and there are variants like the smartcard based schemes that are used to defeat signal piracy which don't bother or obstruct the consumer but do thwart certain types of pirates.
I rather think this is a poor position for the FSF to take - it's OK to trumpet about users rights, but the GPL has always been a compromise between the rights of the developer to enforce his philosophy upon other people who use his code, and the rights of people to be independent of that very same developer.
The GPL is an agreement that is enforced (theoretically) by lawyers. The law is a means of copyright enforcement, just as DRM is. They both "batter heads to please somebody else". DRM was developed entirely because the law proved ineffective at stopping mass copyright violation (police have better things to do). So how comes the FSF can be pro-law but anti-DRM, given that they are different ways to achieve the same goal of copyright protection? It all seems poorly thought out to me, very much the sort of entirely black/white thinking that Stallman is notorious for.
University degrees don't usually give people the capability to do a software-related job anyway.
And as to Longhorn, well, you could argue that this project hasn't scaled management-wise ... true. But so what? Does Debian really want to compare itself to the next version of Windows in the sense of "well we're not quite as bad as that"? Bear in mind Debian merely integrates, if you look at the amount of code actually produced by the Debian project it's quite small relative to Red Hat, and tiny relative to the Vista team.
How? Are you Taco posting anonymously for some as yet undetermined reason? Are you OSDN management? I think not.
I don't think slashdot is feeling much heat from digg to be honest. I've looked at that site a few times. I think it's not much serious competition:
Now, I know Taco once said that 50% of people only ever view the front page. They just want news - fine. Maybe some of these people will prefer the digg formula. But that also means that a whopping 50% of visitors actually read comments. I know that the MAIN reason I keep coming back to Slashdot despite all its flaws is the combination of interesting stories and interesting people posting interesting things to them, comments which I enjoy reading. They teach me things or make me laugh. To do that you need threading and you need moderation. No two ways about it. Diggs comments are laughably worthless in comparison - they have quantitively more but they are usually content-free, so who cares?
Oh, I'd like to finish by fanboying Taco. It's great that he's communicating back with his customers and community like this. I'm also happy to see that he's walking the line between being sticking to his guns and listening to his users pretty well IMHO. Not many people could walk the tightrope necessary to do that and the quantity of Slashdot competitors that litter the landscape would be a testament to this.