This -is- out in the wild. This -is- on other CDs and is almost certainly embedded in other products. It's hard to say how long Sony has been doing this, or how many systems have been compromised by this rootkit, but one thing is certain: they did a horrible job of making sure other programs stay out of it, and chances are the damage is already very widespread.
According to the article, any process prefixed with $Sys$ will be hidden. This is so easy to exploit it's not even funny. The author of the article went out of his way to figure out what the rootkit was, where it came from, and how to get rid of it, but what else does this rootkit do besides hide files? Are there other complimentary or supplimentary programs available that already exploit this rootkit not listed in the article? This should be investigated heavily. Once we all figure out the full potential of this rootkit, we'll know the extent of the damage done, and what can be done with this software on machines that have already been compromised.
Hackers will have a field day with this one. It's just too bad that Sony and F41 likely won't be held accountable if their DRM software makes it possible for a highly destructive virus to take advantage of several thousand - if not more - compromised systems here in the U.S. (And worldwide, that number will only grow, of course.)
Props for stating what should be the obvious. The real reason this should be considered 'awful' is because it can blow your machine wide open to attack, over everything else that's horribly wrong with this.
Cat's out of the bag now. Congratulations, Sony. You fucked up big time.
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
Re:AT&T Wireless...No, Cingular...No wait...
on
Ma Bell is Back
·
· Score: 1
Wow, shit. They really weren't kidding when they said Ma' Bell was back. It sounds like SBC owns just about all of Ma' Bell's old infrastructure now.
In the spirit of Halloween, I will now attempt to reanimate the corpse of Judge Greene. Can zombies be nominated as Surpreme Court Justices? I seem to remember us needing one.
I believe that would be called the 'Big Crunch'. (http://en.wikipedia.org/wiki/Big_Crunch) It's the opposite of the Big Bang, and one of the theoretical manners by which the universe could ultimately end some few trillion years from now. Interestingly enough, it's believed by some people that each 'crunch' is followed some time afterward by another 'bang'. Theory of Corporations = Theory of the Universe? (And for the last time, 42 is not the answer, dammit.)
Google may not be aiming to become Big Brother, but they're certainly aiming to provide every single service they possibly can. Why they would do this is a pretty simple question to answer. They make most of their money through advertising, yes? And to make even more money off of said advertising, they sell data to advertisers, yes? The more services they provide, the more users they rope in, and the more - and more kinds of - data they collect to sell or use to their advantage as a business. Their business model thus far has proven to be virtually flawless and extremely profitable.
However, it is becoming apparent to me that they have other aims. Google is no longer the friendly, ethical being it once was. It has begun to evolve into something sinister. Google is expanding so rapidly and absorbing so much mindshare, both by raiding Silicon Valley and by garnering support from the Open Source community, that they now have the money and the human resources to do anything. Additionally, they can undercut any competitor, and they will. Expect to see these in the future:
* A Google ISP with free or extremely cheap connectivity worldwide.
* Google Phone, likely as a form of VoIP.
* Google TV, both on and offline, cable and wireless.
* Google Radio, both on and offline.
* Google Web Hosting.
* A Google ASP, providing applications on demand.
* Google Publishing, publishing digital content on demand.
* A Google record label.
* A Google printing service, printing books and newspapers on demand.
And much, much more.
This all sounds great, but the thing is, Google is poised to strike out at virtually every industry in the world that has anything to do with the transmission and distribution of any kind of information. They are going to be more than the 'Next Microsoft', as some here have put it. This will be a supermassive media monopoly; a black hole of information services from which noone can escape, with which noone can compete. They claim to support openness, but that only goes as far as what software and hardware you can use to access their services. In short order, they will be the only service providers around in many, many fields. That, in my opinion, is worse than not having a choice of how I utilize said services.
Call me a senseless fearmonger, but they really have their ducks in a row, don't they? The Authors Guild lawsuit aside, they're ready to go. They're getting ready to do some really huge things, at that, and in executing their plans, they could completely dominate the entire media and telecommunications industries within a matter of a few short years by simply undercutting all of their competitors with extremely cheap or free services, with the sale of valuable information - not subscriptions - as their bread and butter. It's possible, and they're proving that it is also feasable, and very profitable... but only if you're Google. I'm sorry, but replacing a few heaping handfuls of ugly monopolies around the world with one gigantic, unstoppable global monopoly is not a good idea, even if it's Google.
Let's not forget that the path to Hell is paved with good intentions. If Google does what I anticipate they will do, billions of dollars will be lost, thousands and thousands of people will be without jobs, and worst of all, we will all be forced to rely upon one single entity for many services essential in our day to day lives. That is always a very dangerous situation to be in. One can hope that the heads of Google are actually more sensible and less power hungry than this, and know when to stop. Alas, the word 'stop' does not appear to be indexed in Google's vocabulary. We all may be in for one very bumpy ride.
"Or do others feel that multibillion dollar companies get away with selling alpha software? As far as I can remember, most companies put out alpha and beta software to let users test it in production environments. I could name a few here, but we have all probably dealt with this issue."
One word: marketing. That's how you get away with selling alpha software. You market an alpha-qaulity product to look like something that works as good as it should, and if your marketing campaign successfully ropes in enough interested parties that can't analyze your codebase to see what shit your product really is, it will sell anyway due to the fact that you have convinced them to have faith in your product by other means. (Usually graphics, sound, and long lists of features.) It should also be noted that in the world of computing, marginal functionality in many cases is still enough to get work plenty of work done, but there is always room for improvement, especially in the case of the piece of alpha software I suspect you are speaking of. (Windows.)
WINE is a brilliant project. I'd like to see it move faster than it is, but one can't rush perfection. Now that WINE is bearing some real fruit - an actual beta release - perhaps support for the project will further build. I certainly hope so.
Maybe the sluggish rate at which the U.S. is catching up with the rest of the world in regard to telecommunications will help to inspire folks to go out on their own and start fixing the problem themselves. For some reason, wireless mesh networks come to mind...
Just a thought:
"We have the technology. We can rebuild him."
Yes, we have the technology. But can we rebuild the net?
Placing a memory image on flash that can be loaded directly into RAM? Who knew? Didn't the Amiga do something like this with the Kickstart Chip, only it was ROM?
None the less, it's still a pretty neat concept, not to mention one that's been rather neglected. I wonder if this will become a big deal in the future. I hope it catches on with desktops soon, since this kind of thing could have a lot more applications than just fast loads. Moreover, I hope that software becomes available that could allow this to be done with existing flash devices. That'd be pretty nice, what with IDE flash registers and USB flash crud being available and all.
What question was I asking? And just how lame is the 'excuse' I
gave, which was actually just a portion of my source material? It may
be lame to you, but it's very, very true. How do I know? It's very
simple. I'm good friends or at least familiar with a great many of
those damnable 'average Joe college kids' you seem so staunchly
opposed to, and filesharing has made music enthusiasts out of many of
them, whereas they were hardly even interested in exploring music
beforehand. Unfortunately, I can't cite published source material for
my own personal experiences.
It's strongly implied that filesharers do indeed buy more music
than they would if filesharing weren't available, because it provides
direct exposure to unlimited amounts of content. They can sample
tracks from hundreds of albums - and the albums themselves - before
making a purchase, which is something that many folks I know personally
used to only be capable of doing by sharing CDs. Albums don't come
cheap, and while fifteen to twenty dollars may be a trivial expense
to you, it's a purchase many folks would personally want to be quite
certain of, given their budget. (If I was going to spend
that much money at once, I'd make sure I was spending it on something
I'd get a lot of use out of, no matter what it was.) That's often why
I try to borrow albums when I can, and why a great many people
download music so eagerly. Filesharing, combined with the rise in
popularity of streaming internet radio, have both been working to
greatly broaden the musical tastes of a great many listeners. I know
this, once again, from experience.
So why don't people use clip-sampling and other such methods to sample tracks? One, nobody wants to hear just part of a song, and I'll tell you right now, some songs start good and end really bad. (And vice versa.) Two, said services rarely provide clips from the whole album. Just how stupid is that? Anyone with even a remote interest in music knows that clip-sampling in its most common form is totally retarded. Meanwhile, filesharing is fast, easy, and gives you the entire track you're after. This is more than enough to entice most users into using it. Meanwhile, the difficulties encountered in clip sampling - and the half-assed attempts many companies make at hosting such services - repel many people, and frankly, I don't blame them. It's pitiful. Unfortunately, until now, clip-sampling was the most common and most widely accepted legal sampling method available, and as usual, the big content providers and publishers are now playing catch-up with technology. (As well as frantically chasing the Clue Train.)
And so the lameness is nullified, and your argument demolished
once again. Meanwhile, here's a real solution for the RIAA, as well
as the MPAA, which we've neglected in this discussion. Make a
complete library of all the material you've ever published, including any present-day material, available online using
either a centralized downloading network or a distributed P2P
network, which, might I add, dramatically reduces the amount of
bandwidth required from a single person to operate a download site. Either make the songs
available in a lower quality form this way, which would leave
something to be desired, and further increase interest
in purchasing the genuine article, or produce streams of content that
would be difficult to retain and, once again, low quality. Popularize
the service as a massive, free sampling network for music and movies - Don't
just plop it down and say, "Hey, it's a sample." I'm
talking a massive ad-campaign that will get people's attention - and
make certain that it's going to be easy to use and actually
convenient for users. More to the point, make sure it's quicker than
the other networks out there, and does more for the user than your
average P2P network. This could actually deliver results and give
people much less a reason to illegally download, since a quicker,
easier, legal alternative is available for all their sampling
needs.
First and foremost, as I believe I stated in my initial reply,
filesharers aren't even a real 'problem', but actually an asset. You
can look it up all over the net. Studies upon studies have been
performed, focusing on the buying habits of filesharers, and it's a
proven fact: people who use filesharing networks buy more music. Most
filesharers don't intend to download the music and keep it in that
form forever, but instead use filesharing as a tool to sample music
at no cost to the producer. Those are the average Joes, and hardly
the people that need to be targeted here. Suing college students, the
elderly, and computer literate pre-teens has yet to even make a dent
in the filesharing habits of the people that partake in P2P networks,
to boot.
On the other hand, hardcore pirates who, as you said, are nearly
impossible to stop are a real problem. Bootleggers who participate in
real piracy rings, selling content illegally, are a serious problem,
and a real menace to the music and movie industry no matter which way you slice
it. However, their specialty isn't sharing the music on a network.
Their specialty is copying albums and movies bit for bit and selling
the copies for a profit.
I'm afraid that I can't see the logic in your argument. At the
cost of sounding as though I defend pirates, I will admit that I
strongly disagree with you. Piracy is an ugly thing, and I don't believe that someone should be allowed to sell another person's work without permission, but surveillance, DRM, and lawsuits are not
the answer to this dilemma. If you can't see why already, fine.
You're entitled to that opinion, none the less...
You're missing the point. The point is, a definite double standard
exists here that should not be ignored. Yes, guns are different than
P2P software, but the principle remains: A device or product can not
be inherently evil. The user and only the user should be held
accountable for crimes committed using that device, regardless.
(Additionally, before I go on, I'm very much opposed to the notion
that guns cause violence. "Guns don't kill people, people kill
people.")
Is it possible for copyright protection schemes to be implimented
over P2P networks? Yes. Is it practical? That depends on whether or
not you want it to actually work. It would be difficult, considering
all of the different ways that files can be disguised and modified to
cover their identity, making the transmission of copyrighted
materials 'under the radar' a possibility if the network remains
open. There are also ways to copy music and movies that haven't even
been explored yet that could render DRM technology useless. (I have a
few in mind myself that I won't share here...) You would essentially
have to run a closed library of files, which just might work.
However, most P2P networks made for filesharing, including legitimate
forms of filesharing, do not operate this way because of the
difficulties and extensive costs that would be encountered in
indexing and cataloguing every single file the network hosts. Are
there other methods of going about this? Probably. In fact, I'd like
to hear them, because at this rate, these protection schemes will
need to be explored in order to protect future P2P networks and other
technologies from legal liability. (Granted these methods should rely
less on DRM and other potentially flimsy technologies and more on
tried and proven solid cataloguing techniques. Why is pretty simple.
DRM and copy protection technologies have a curious habit of getting
pwned rather quickly, and once they are, you're back to square one.)
But I digress. P2P technologies - as well as many other technologies
not listed here - have a lot of potential that is being endangered by
rulings such as the MGM vs. Grokster ruling. Perhaps I should make it clear right now that I
believe that eDonkey and Grokster are not entirely free of fault,
here. However... and I will return to my original point... A device
or technology can not be inherently evil. More to the point, P2P
technologies aren't the only targets on the RIAA-MPAA radar. No,
they're simply the most noteworthy technologies under attack here.
Thanks to the Grokster ruling - If my understanding of the ruling
itself is correct - the producers of ANY technology that could
possibly be used to pirate copyrighted material can be held
accountable for the behavior of their users. The so called Grokster
Standard further complicates proving the noninfringing uses of a
product and introduces a whole new layer of liability and
responsibility on top of all of the other restrictions and standards
innovators and entrepreneurs alike have to abide by.
So you see, this isn't even about eDonkey, or Grokster. It's about
technological restriction, and a profound lack of common sense in our
courts. The RIAA and MPAA are preemptively seeking out possible
infringement platforms and attacking them with blanket laws. This
stifles innovation and entrepreneurship severely. To think that in
the future, if I want to run a streaming internet radio station, I
might have to submit comprehensive activity reports and sign binding
legal agreements with these monopolistic coroprate behemoths, just
because my station has the potential to broadcast copyrighted
material... Creepy, huh?
To summarize, though, yeah, you have a bit of a point. However,
you have to understand that solid, working copy protection schemes -
or any solid, working scheme of any kind - are by no means easy to
implement, nor are they cheap. It requires constantly evolving
technology and a great deal of manpower to accomplish that go
Good point on your tangent. Very good point as a matter of
fact, and I'm glad you brought that up. That does seem exceedingly suspicious,
that the RIAA and MPAA would go so far out of their way to ensure P2P
technologies are soon made history, considering the known advantages and
benefits they could reap from these technologies and products.
With networking technology evolving by leaps and bounds and
internet connection speeds skyrocketing, P2P technology has become a feasible
substitute for actual publishing, with plenty of other added perks. It has
already been proven time and again that piracy is not the cause of the
financial woes that afflict the RIAA and MPAA, but rather, they are caused by
sagging sales due to the slowing rate at which new content is released, and a
sharp decline in the quality and diversity of said content. In fact, it has
been strongly indicated on repeated occasions that people who partake in filesharing services are much more likely to purchase music
and movies. (And as if that isn't enough, if my memory serves me well, didn't
Warner Brothers or some other corporation recently begin collecting data from
P2P networks as a marketing tool?) Why then would the RIAA and MPAA shoot
themselves in the foot by waging war against filesharers
and the networks and programs they use?
You already said why. It's a threat to their monopoly. The
more people catch on to P2P and related technologies, the harder it's going to
be for them to keep a stranglehold on the content market as a whole. Hundreds
of independent artists - musicians much moreso than
film makers, obviously - use P2P technology to make their content available to
listeners around the world, and market their content at almost zero cost to
them, for example. P2P technologies could be used to create virtual content
marketplaces that enjoy the absence of publishing and marketing costs,
available to customers all over the globe and free of restriction. This is the
kind of screaming-in-the-night pissing-your-pants nightmare scenario that the
content monopolies that make up the RIAA and MPAA - the RIAA especially - have feared for decades. Piracy is simply an all-too-convenient
scapegoat for their woes, and a cover for what may very well be their real
plan. Conquer filesharing, and you conquer the online
content market. Make it impossible for upstarts to enter this market, and
you're the only one getting a piece of the pie. Hell, you get the whole damn
thing. Fattie.
My apologies if it seems rude for me to essentially restate
your point; I simply wished to elaborate on it and throw in my own two cents.
It's definitely something worth considering, perhaps at the cost of sounding like
a conspiracy theorist. None the less, interesting stuff.
It's interesting that so many folks would bring up the issue
of accountability, really. As with any crime committed with the aid of an
instrument or piece of technology of some kind, the instrument itself can not
be held accountable for the act it was used to perpetrate. Common sense tells
us this. If only common sense were applicable to the Judicial Branch of the United States
government, perhaps we would see a sharp decline in incidents such as this.
If I remember correctly, the Supreme Court recently ruled
that a gun manufacturer - Smith & Wesson, to be exact - can not be held
accountable if their products are used to injure or kill innocent people. When
I read of this, I thought to myself, "Finally, common sense
prevails!" Did I think that because I want to defend gun manufacturers?
No; I've never liked guns, and I've never liked the people who make them,
either. I became fond of that ruling because it embodies an important
underlying concept: A device, even if it is designed for the sole purpose of
causing serious and immediate bodily harm, can not be inherently evil.
Therefore, the person producing these devices can't be made to answer for
someone else's crimes.
Sure, if a company was producing a dangerous product that
didn't have any real legitimate applications whatsoever, they could - and
probably should - be dealt with. However, the point remains: Here we have a gun
manufacturer, whose products may well kill hundreds every year here in the United States
alone, but it's not their fault that people are using their guns to commit
serious crimes. It is the motive of the buyer and how the product is actually
used that truly matters, not the product itself and the person who made it
available. (After all, firearms have other places in our lives. Home defense,
hunting, sport, or simply collecting guns, for example.)
You can probably see why I almost shit myself when I first
heard about the Grokster ruling. The Grokster ruling is, in itself, a shining example
of the ass-backwards logic that exists in the courts these days. A gun
manufacturer can't be held accountable if their guns kill someone, but it's
Grokster's fault if I pirate a poorly compressed copy of The Boondock Saints
using their product. Excuse me? Of course, it also goes to show where the
government's priorities really are: satisfying campaign contributors and
special interest groups. I know I'm really going off on a tangent here, but if
you think about it, it makes a lot of sense. The NRA doesn't think gun
manufacturers should be held accountable if their guns kill people, but the
RIAA and MPAA think it's Grokster's fault if someone uses their products to
pirate music and movies. Let's play a nice, fun game of 'Follow the Money',
shall we? Wait. We don't have to. It's blatantly obvious.
It's extremely unfortunate that any company can be made to
buckle under this kind of pressure. Many new technologies are now endangered by
the Grokster ruling, not because they can be eliminated outright, but because
it takes so much time, money, and patience to deal with the courts that nobody
in their right mind without a few million dollars and an army of lawyers would
even try to defend their products.
I just find it very strange that the Smith & Wesson ruling's
logic doesn't apply elsewhere. Sure, if a product is defective, and that defect
results in bodily harm or the destruction of property, that's the
manufacturer's fault. However, if a product does not cause bodily harm or the
destruction of property by its own volition, and must first be activated or
otherwise utilized by a human being to present any kind of danger, it's the
user's fault.
Therefore, the proprietors of a filesharing network and the
programmers who created the client software used to access said network can not
be held accountable if other people utilize their network to engage in illegal
activity. While I do believe that the network's owners should do what th
I agree. It's really interesting how people from all over the world scream and shout about how the 'terrorists' - I.E. nameless enemy flavor of the week - will never overcome them, and yet they can't stop thinking about them. They're constantly gripped by fear and uncertainty. (And perhaps doubt as well, which means that the terrorists are FUD'ing the world.) They change their lifestyles and their habits, hiding themselves away more and more, and look upon everyone as a possible enemy, which in part leads to incidents such as this. Talk about a nasty little double standard we've come across. First we shout from the rooftops, declaring our pride, our strength, our will to overcome all the challenges we encounter, and then we turn around, run, and hide ourselves away in little caves, so the big bad terrorists won't hurt us. Sounds kind of pathetic, considering that it's hardly an every day occurrance here in the U.S. or over in the U.K., but there again, it doesn't have to be.
Paranoia - not guns, not bombs, not poisonous gases or radioactive dust, not airplanes, trains, buses, or boats - is the true weapon of any terrorist. Look at the name. Terrorist, root word 'terror' - someone who uses force or violence to intimidate and coerce people and governments in order to further their cause. The terrorists aren't just winning. They've already won. Perhaps they didn't achieve the exact goal they had in mind, but they've definitely beat our asses, and they did it mentally. It would be unfair to even blame them for robbing us of our sense of security and our fortitude. They only set the stage for those things to happen. We did all the hard work for them. (Not that what they did isn't despicable in every way. Frankly, people that pull shit like the bombings in London can go die in a fire, preferrably one they didn't start on purpose.)
The truth is, the world has never been a safe place. Terrorism isn't something new, it's been going on all over the world for lord only knows how long. We've always had enemies, and now that they finally have the balls to attack us, we're going to have to grow some nads ourselves in order to stand up to them. Of course, the government's idea of asserting itself against our enemies is to instead also look upon its own people with a scrutinizing eye, and perhaps not too far removed from reality, shoot first and ask questions later. Let's face it, people. The impact of terrorism is a social and psychological problem, and they've been engaging in quite masterful psychological warfare. Let's fight back by showing them we're not afraid of them.
What happened to this man is awful, as was the incident where that other guy got himself shot to death. I certainly hopw that this is never, ever repeated again, but I'm almost certain that it will be. How unfortunate it is for us that no matter how much bravery we exhibit, our police will still behave like cowards.
Slashdot Mirror
You are an evil, evil man.
You're also hitting the nail right on the head.
This -is- out in the wild. This -is- on other CDs and is almost certainly embedded in other products. It's hard to say how long Sony has been doing this, or how many systems have been compromised by this rootkit, but one thing is certain: they did a horrible job of making sure other programs stay out of it, and chances are the damage is already very widespread.
According to the article, any process prefixed with $Sys$ will be hidden. This is so easy to exploit it's not even funny. The author of the article went out of his way to figure out what the rootkit was, where it came from, and how to get rid of it, but what else does this rootkit do besides hide files? Are there other complimentary or supplimentary programs available that already exploit this rootkit not listed in the article? This should be investigated heavily. Once we all figure out the full potential of this rootkit, we'll know the extent of the damage done, and what can be done with this software on machines that have already been compromised.
Hackers will have a field day with this one. It's just too bad that Sony and F41 likely won't be held accountable if their DRM software makes it possible for a highly destructive virus to take advantage of several thousand - if not more - compromised systems here in the U.S. (And worldwide, that number will only grow, of course.)
Props for stating what should be the obvious. The real reason this should be considered 'awful' is because it can blow your machine wide open to attack, over everything else that's horribly wrong with this.
Cat's out of the bag now. Congratulations, Sony. You fucked up big time.
I'd like to take this opportunity to dissect the article in question here, to point out just how positively obscene this is. There are a few key points I'd like to highlight that I feel we should all take into consideration.
It would appear that Sony has deliberately begun shipping rootkits with its DRM protected CDs. According to the article - and this is a pretty good definition, by the way - "Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden." In a nutshell, this means that the program shipped with the CD in question here - and possibly other Sony CDs - is designed to hide itself and other programs from view. In other words, once installed, it will allow Sony and any other interested party familiar with this particular rootkit to operate programs on a compromised system without the user knowing it.
Let's take a step back here to consider the implications of this. Sony is distributing a rootkit, but what does this have to do with DRM? Well, if you really think about it, it has everything to do with DRM. A DRM program that cannot be seen or easily accessed can operate secretly, monitoring and manipulating the system behind the user's back. Any future DRM software Sony distributes could infiltrate a computer secretly, and burrow deep into the system files of said computer.
According to the article, the rootkit was produced by First 4 Internet. Upon investigating the company itself and the products and services it offers, the author dredged up this lovely little nugget of joy: "... However, the fact that the company sells a technology called XCP made me think that maybe the files I'd found were part of some content protection scheme. I Googled the company name and came across this article, confirming the fact that they have deals with several record companies, including Sony, to implement Digital Rights Management (DRM) software for CDs." That right there should be proof enough that this is no accident, and anything but legitimate DRM. Not only does having a rootkit handy make the DRM difficult to thwart, but also allows it to operate secretly.
Now, you'd think that you could just remove this software, right? Wrong. Dead wrong, as a matter of fact. The author of the article had a hell of a time removing the rootkit, actually, and not only that, at any given time, it was consuming between one and two percent of the CPU's power - a small 'penalty' for even having it. (And any programs it's hiding would also have to leech off the CPU and RAM as well.) As he attempted to remove this shit, he discovered even more about the software: "As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting." Suddenly, this is more than a performance issue. This software could theoretically disable a system should it break or be manipulated by the software it's hiding. It would appear, however, it is possible to remove, but only after eviscerating a handful of driver files, registry entries and keys, and other lovely goodies from your system. The rootkit and the DRM attached to it do not have an uninstaller, and unless you take the same steps the author took to remove this flaming pile of garbage from your system... Well, he puts it pretty well:
"The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files wit
Wow, shit. They really weren't kidding when they said Ma' Bell was back. It sounds like SBC owns just about all of Ma' Bell's old infrastructure now.
In the spirit of Halloween, I will now attempt to reanimate the corpse of Judge Greene. Can zombies be nominated as Surpreme Court Justices? I seem to remember us needing one.
I believe that would be called the 'Big Crunch'. (http://en.wikipedia.org/wiki/Big_Crunch) It's the opposite of the Big Bang, and one of the theoretical manners by which the universe could ultimately end some few trillion years from now. Interestingly enough, it's believed by some people that each 'crunch' is followed some time afterward by another 'bang'. Theory of Corporations = Theory of the Universe? (And for the last time, 42 is not the answer, dammit.)
Google may not be aiming to become Big Brother, but they're certainly aiming to provide every single service they possibly can. Why they would do this is a pretty simple question to answer. They make most of their money through advertising, yes? And to make even more money off of said advertising, they sell data to advertisers, yes? The more services they provide, the more users they rope in, and the more - and more kinds of - data they collect to sell or use to their advantage as a business. Their business model thus far has proven to be virtually flawless and extremely profitable.
However, it is becoming apparent to me that they have other aims. Google is no longer the friendly, ethical being it once was. It has begun to evolve into something sinister. Google is expanding so rapidly and absorbing so much mindshare, both by raiding Silicon Valley and by garnering support from the Open Source community, that they now have the money and the human resources to do anything. Additionally, they can undercut any competitor, and they will. Expect to see these in the future:
* A Google ISP with free or extremely cheap connectivity worldwide.
* Google Phone, likely as a form of VoIP.
* Google TV, both on and offline, cable and wireless.
* Google Radio, both on and offline.
* Google Web Hosting.
* A Google ASP, providing applications on demand.
* Google Publishing, publishing digital content on demand.
* A Google record label.
* A Google printing service, printing books and newspapers on demand.
And much, much more.
This all sounds great, but the thing is, Google is poised to strike out at virtually every industry in the world that has anything to do with the transmission and distribution of any kind of information. They are going to be more than the 'Next Microsoft', as some here have put it. This will be a supermassive media monopoly; a black hole of information services from which noone can escape, with which noone can compete. They claim to support openness, but that only goes as far as what software and hardware you can use to access their services. In short order, they will be the only service providers around in many, many fields. That, in my opinion, is worse than not having a choice of how I utilize said services.
Call me a senseless fearmonger, but they really have their ducks in a row, don't they? The Authors Guild lawsuit aside, they're ready to go. They're getting ready to do some really huge things, at that, and in executing their plans, they could completely dominate the entire media and telecommunications industries within a matter of a few short years by simply undercutting all of their competitors with extremely cheap or free services, with the sale of valuable information - not subscriptions - as their bread and butter. It's possible, and they're proving that it is also feasable, and very profitable... but only if you're Google. I'm sorry, but replacing a few heaping handfuls of ugly monopolies around the world with one gigantic, unstoppable global monopoly is not a good idea, even if it's Google.
Let's not forget that the path to Hell is paved with good intentions. If Google does what I anticipate they will do, billions of dollars will be lost, thousands and thousands of people will be without jobs, and worst of all, we will all be forced to rely upon one single entity for many services essential in our day to day lives. That is always a very dangerous situation to be in. One can hope that the heads of Google are actually more sensible and less power hungry than this, and know when to stop. Alas, the word 'stop' does not appear to be indexed in Google's vocabulary. We all may be in for one very bumpy ride.
"Or do others feel that multibillion dollar companies get away with selling alpha software? As far as I can remember, most companies put out alpha and beta software to let users test it in production environments. I could name a few here, but we have all probably dealt with this issue."
One word: marketing. That's how you get away with selling alpha software. You market an alpha-qaulity product to look like something that works as good as it should, and if your marketing campaign successfully ropes in enough interested parties that can't analyze your codebase to see what shit your product really is, it will sell anyway due to the fact that you have convinced them to have faith in your product by other means. (Usually graphics, sound, and long lists of features.) It should also be noted that in the world of computing, marginal functionality in many cases is still enough to get work plenty of work done, but there is always room for improvement, especially in the case of the piece of alpha software I suspect you are speaking of. (Windows.)
WINE is a brilliant project. I'd like to see it move faster than it is, but one can't rush perfection. Now that WINE is bearing some real fruit - an actual beta release - perhaps support for the project will further build. I certainly hope so.
Maybe the sluggish rate at which the U.S. is catching up with the rest of the world in regard to telecommunications will help to inspire folks to go out on their own and start fixing the problem themselves. For some reason, wireless mesh networks come to mind... Just a thought: "We have the technology. We can rebuild him." Yes, we have the technology. But can we rebuild the net?
Placing a memory image on flash that can be loaded directly into RAM? Who knew? Didn't the Amiga do something like this with the Kickstart Chip, only it was ROM?
None the less, it's still a pretty neat concept, not to mention one that's been rather neglected. I wonder if this will become a big deal in the future. I hope it catches on with desktops soon, since this kind of thing could have a lot more applications than just fast loads. Moreover, I hope that software becomes available that could allow this to be done with existing flash devices. That'd be pretty nice, what with IDE flash registers and USB flash crud being available and all.
In A.D. 2005, war was beginning.
BUSH : What happen ?
ICANN : Somebody set up us the root
AMBASSADOR : We get signal
BUSH : What !!
BUSH : Main screen turn on
BUSH : Its you !!
E.U. : How are you gentlemen !!
E.U. : All your domain are belong to us
E.U. : You are on the way to destruction
BUSH : What you say !!
E.U. : You have no chance to survive make your time
E.U. : Ha ha ha ha ....
AMBASSADOR : President !!
BUSH : Take off every 'Zig'
BUSH : You know what you doing
BUSH : Move 'Zig'
BUSH : For great justice
RUMSFELD : THEY'RE CALLED F-16'S, DUMBASS
What question was I asking? And just how lame is the 'excuse' I gave, which was actually just a portion of my source material? It may be lame to you, but it's very, very true. How do I know? It's very simple. I'm good friends or at least familiar with a great many of those damnable 'average Joe college kids' you seem so staunchly opposed to, and filesharing has made music enthusiasts out of many of them, whereas they were hardly even interested in exploring music beforehand. Unfortunately, I can't cite published source material for my own personal experiences.
It's strongly implied that filesharers do indeed buy more music than they would if filesharing weren't available, because it provides direct exposure to unlimited amounts of content. They can sample tracks from hundreds of albums - and the albums themselves - before making a purchase, which is something that many folks I know personally used to only be capable of doing by sharing CDs. Albums don't come cheap, and while fifteen to twenty dollars may be a trivial expense to you, it's a purchase many folks would personally want to be quite certain of, given their budget. (If I was going to spend that much money at once, I'd make sure I was spending it on something I'd get a lot of use out of, no matter what it was.) That's often why I try to borrow albums when I can, and why a great many people download music so eagerly. Filesharing, combined with the rise in popularity of streaming internet radio, have both been working to greatly broaden the musical tastes of a great many listeners. I know this, once again, from experience.
So why don't people use clip-sampling and other such methods to sample tracks? One, nobody wants to hear just part of a song, and I'll tell you right now, some songs start good and end really bad. (And vice versa.) Two, said services rarely provide clips from the whole album. Just how stupid is that? Anyone with even a remote interest in music knows that clip-sampling in its most common form is totally retarded. Meanwhile, filesharing is fast, easy, and gives you the entire track you're after. This is more than enough to entice most users into using it. Meanwhile, the difficulties encountered in clip sampling - and the half-assed attempts many companies make at hosting such services - repel many people, and frankly, I don't blame them. It's pitiful. Unfortunately, until now, clip-sampling was the most common and most widely accepted legal sampling method available, and as usual, the big content providers and publishers are now playing catch-up with technology. (As well as frantically chasing the Clue Train.)
And so the lameness is nullified, and your argument demolished once again. Meanwhile, here's a real solution for the RIAA, as well as the MPAA, which we've neglected in this discussion. Make a complete library of all the material you've ever published, including any present-day material, available online using either a centralized downloading network or a distributed P2P network, which, might I add, dramatically reduces the amount of bandwidth required from a single person to operate a download site. Either make the songs available in a lower quality form this way, which would leave something to be desired, and further increase interest in purchasing the genuine article, or produce streams of content that would be difficult to retain and, once again, low quality. Popularize the service as a massive, free sampling network for music and movies - Don't just plop it down and say, "Hey, it's a sample." I'm talking a massive ad-campaign that will get people's attention - and make certain that it's going to be easy to use and actually convenient for users. More to the point, make sure it's quicker than the other networks out there, and does more for the user than your average P2P network. This could actually deliver results and give people much less a reason to illegally download, since a quicker, easier, legal alternative is available for all their sampling needs.
Meanwhile, you conjoin th
First and foremost, as I believe I stated in my initial reply, filesharers aren't even a real 'problem', but actually an asset. You can look it up all over the net. Studies upon studies have been performed, focusing on the buying habits of filesharers, and it's a proven fact: people who use filesharing networks buy more music. Most filesharers don't intend to download the music and keep it in that form forever, but instead use filesharing as a tool to sample music at no cost to the producer. Those are the average Joes, and hardly the people that need to be targeted here. Suing college students, the elderly, and computer literate pre-teens has yet to even make a dent in the filesharing habits of the people that partake in P2P networks, to boot.
(Some interesting reading: http://www.theregister.co.uk/2005/07/27/p2p_users_ legal_downloads/
http://www.guardian.co.uk/arts/news/story/0,1171 %201,1536886,00.html
http://news.com.com/2100-1023-898813.html )
On the other hand, hardcore pirates who, as you said, are nearly impossible to stop are a real problem. Bootleggers who participate in real piracy rings, selling content illegally, are a serious problem, and a real menace to the music and movie industry no matter which way you slice it. However, their specialty isn't sharing the music on a network. Their specialty is copying albums and movies bit for bit and selling the copies for a profit.
I'm afraid that I can't see the logic in your argument. At the cost of sounding as though I defend pirates, I will admit that I strongly disagree with you. Piracy is an ugly thing, and I don't believe that someone should be allowed to sell another person's work without permission, but surveillance, DRM, and lawsuits are not the answer to this dilemma. If you can't see why already, fine. You're entitled to that opinion, none the less...
You're missing the point. The point is, a definite double standard exists here that should not be ignored. Yes, guns are different than P2P software, but the principle remains: A device or product can not be inherently evil. The user and only the user should be held accountable for crimes committed using that device, regardless. (Additionally, before I go on, I'm very much opposed to the notion that guns cause violence. "Guns don't kill people, people kill people.")
Is it possible for copyright protection schemes to be implimented over P2P networks? Yes. Is it practical? That depends on whether or not you want it to actually work. It would be difficult, considering all of the different ways that files can be disguised and modified to cover their identity, making the transmission of copyrighted materials 'under the radar' a possibility if the network remains open. There are also ways to copy music and movies that haven't even been explored yet that could render DRM technology useless. (I have a few in mind myself that I won't share here...) You would essentially have to run a closed library of files, which just might work. However, most P2P networks made for filesharing, including legitimate forms of filesharing, do not operate this way because of the difficulties and extensive costs that would be encountered in indexing and cataloguing every single file the network hosts. Are there other methods of going about this? Probably. In fact, I'd like to hear them, because at this rate, these protection schemes will need to be explored in order to protect future P2P networks and other technologies from legal liability. (Granted these methods should rely less on DRM and other potentially flimsy technologies and more on tried and proven solid cataloguing techniques. Why is pretty simple. DRM and copy protection technologies have a curious habit of getting pwned rather quickly, and once they are, you're back to square one.)
But I digress. P2P technologies - as well as many other technologies not listed here - have a lot of potential that is being endangered by rulings such as the MGM vs. Grokster ruling. Perhaps I should make it clear right now that I believe that eDonkey and Grokster are not entirely free of fault, here. However... and I will return to my original point... A device or technology can not be inherently evil. More to the point, P2P technologies aren't the only targets on the RIAA-MPAA radar. No, they're simply the most noteworthy technologies under attack here. Thanks to the Grokster ruling - If my understanding of the ruling itself is correct - the producers of ANY technology that could possibly be used to pirate copyrighted material can be held accountable for the behavior of their users. The so called Grokster Standard further complicates proving the noninfringing uses of a product and introduces a whole new layer of liability and responsibility on top of all of the other restrictions and standards innovators and entrepreneurs alike have to abide by.
So you see, this isn't even about eDonkey, or Grokster. It's about technological restriction, and a profound lack of common sense in our courts. The RIAA and MPAA are preemptively seeking out possible infringement platforms and attacking them with blanket laws. This stifles innovation and entrepreneurship severely. To think that in the future, if I want to run a streaming internet radio station, I might have to submit comprehensive activity reports and sign binding legal agreements with these monopolistic coroprate behemoths, just because my station has the potential to broadcast copyrighted material... Creepy, huh?
To summarize, though, yeah, you have a bit of a point. However, you have to understand that solid, working copy protection schemes - or any solid, working scheme of any kind - are by no means easy to implement, nor are they cheap. It requires constantly evolving technology and a great deal of manpower to accomplish that go
Good point on your tangent. Very good point as a matter of fact, and I'm glad you brought that up. That does seem exceedingly suspicious, that the RIAA and MPAA would go so far out of their way to ensure P2P technologies are soon made history, considering the known advantages and benefits they could reap from these technologies and products.
With networking technology evolving by leaps and bounds and internet connection speeds skyrocketing, P2P technology has become a feasible substitute for actual publishing, with plenty of other added perks. It has already been proven time and again that piracy is not the cause of the financial woes that afflict the RIAA and MPAA, but rather, they are caused by sagging sales due to the slowing rate at which new content is released, and a sharp decline in the quality and diversity of said content. In fact, it has been strongly indicated on repeated occasions that people who partake in filesharing services are much more likely to purchase music and movies. (And as if that isn't enough, if my memory serves me well, didn't Warner Brothers or some other corporation recently begin collecting data from P2P networks as a marketing tool?) Why then would the RIAA and MPAA shoot themselves in the foot by waging war against filesharers and the networks and programs they use?
You already said why. It's a threat to their monopoly. The more people catch on to P2P and related technologies, the harder it's going to be for them to keep a stranglehold on the content market as a whole. Hundreds of independent artists - musicians much moreso than film makers, obviously - use P2P technology to make their content available to listeners around the world, and market their content at almost zero cost to them, for example. P2P technologies could be used to create virtual content marketplaces that enjoy the absence of publishing and marketing costs, available to customers all over the globe and free of restriction. This is the kind of screaming-in-the-night pissing-your-pants nightmare scenario that the content monopolies that make up the RIAA and MPAA - the RIAA especially - have feared for decades. Piracy is simply an all-too-convenient scapegoat for their woes, and a cover for what may very well be their real plan. Conquer filesharing, and you conquer the online content market. Make it impossible for upstarts to enter this market, and you're the only one getting a piece of the pie. Hell, you get the whole damn thing. Fattie.
My apologies if it seems rude for me to essentially restate your point; I simply wished to elaborate on it and throw in my own two cents. It's definitely something worth considering, perhaps at the cost of sounding like a conspiracy theorist. None the less, interesting stuff.
It's interesting that so many folks would bring up the issue of accountability, really. As with any crime committed with the aid of an instrument or piece of technology of some kind, the instrument itself can not be held accountable for the act it was used to perpetrate. Common sense tells us this. If only common sense were applicable to the Judicial Branch of the United States government, perhaps we would see a sharp decline in incidents such as this.
If I remember correctly, the Supreme Court recently ruled that a gun manufacturer - Smith & Wesson, to be exact - can not be held accountable if their products are used to injure or kill innocent people. When I read of this, I thought to myself, "Finally, common sense prevails!" Did I think that because I want to defend gun manufacturers? No; I've never liked guns, and I've never liked the people who make them, either. I became fond of that ruling because it embodies an important underlying concept: A device, even if it is designed for the sole purpose of causing serious and immediate bodily harm, can not be inherently evil. Therefore, the person producing these devices can't be made to answer for someone else's crimes.
Sure, if a company was producing a dangerous product that didn't have any real legitimate applications whatsoever, they could - and probably should - be dealt with. However, the point remains: Here we have a gun manufacturer, whose products may well kill hundreds every year here in the United States alone, but it's not their fault that people are using their guns to commit serious crimes. It is the motive of the buyer and how the product is actually used that truly matters, not the product itself and the person who made it available. (After all, firearms have other places in our lives. Home defense, hunting, sport, or simply collecting guns, for example.)
You can probably see why I almost shit myself when I first heard about the Grokster ruling. The Grokster ruling is, in itself, a shining example of the ass-backwards logic that exists in the courts these days. A gun manufacturer can't be held accountable if their guns kill someone, but it's Grokster's fault if I pirate a poorly compressed copy of The Boondock Saints using their product. Excuse me? Of course, it also goes to show where the government's priorities really are: satisfying campaign contributors and special interest groups. I know I'm really going off on a tangent here, but if you think about it, it makes a lot of sense. The NRA doesn't think gun manufacturers should be held accountable if their guns kill people, but the RIAA and MPAA think it's Grokster's fault if someone uses their products to pirate music and movies. Let's play a nice, fun game of 'Follow the Money', shall we? Wait. We don't have to. It's blatantly obvious.
It's extremely unfortunate that any company can be made to buckle under this kind of pressure. Many new technologies are now endangered by the Grokster ruling, not because they can be eliminated outright, but because it takes so much time, money, and patience to deal with the courts that nobody in their right mind without a few million dollars and an army of lawyers would even try to defend their products.
I just find it very strange that the Smith & Wesson ruling's logic doesn't apply elsewhere. Sure, if a product is defective, and that defect results in bodily harm or the destruction of property, that's the manufacturer's fault. However, if a product does not cause bodily harm or the destruction of property by its own volition, and must first be activated or otherwise utilized by a human being to present any kind of danger, it's the user's fault.
Therefore, the proprietors of a filesharing network and the programmers who created the client software used to access said network can not be held accountable if other people utilize their network to engage in illegal activity. While I do believe that the network's owners should do what th
I for one welcome our new CALEA overlords. (But seriously, this is retarded.)
I agree. It's really interesting how people from all over the world scream and shout about how the 'terrorists' - I.E. nameless enemy flavor of the week - will never overcome them, and yet they can't stop thinking about them. They're constantly gripped by fear and uncertainty. (And perhaps doubt as well, which means that the terrorists are FUD'ing the world.) They change their lifestyles and their habits, hiding themselves away more and more, and look upon everyone as a possible enemy, which in part leads to incidents such as this. Talk about a nasty little double standard we've come across. First we shout from the rooftops, declaring our pride, our strength, our will to overcome all the challenges we encounter, and then we turn around, run, and hide ourselves away in little caves, so the big bad terrorists won't hurt us. Sounds kind of pathetic, considering that it's hardly an every day occurrance here in the U.S. or over in the U.K., but there again, it doesn't have to be. Paranoia - not guns, not bombs, not poisonous gases or radioactive dust, not airplanes, trains, buses, or boats - is the true weapon of any terrorist. Look at the name. Terrorist, root word 'terror' - someone who uses force or violence to intimidate and coerce people and governments in order to further their cause. The terrorists aren't just winning. They've already won. Perhaps they didn't achieve the exact goal they had in mind, but they've definitely beat our asses, and they did it mentally. It would be unfair to even blame them for robbing us of our sense of security and our fortitude. They only set the stage for those things to happen. We did all the hard work for them. (Not that what they did isn't despicable in every way. Frankly, people that pull shit like the bombings in London can go die in a fire, preferrably one they didn't start on purpose.) The truth is, the world has never been a safe place. Terrorism isn't something new, it's been going on all over the world for lord only knows how long. We've always had enemies, and now that they finally have the balls to attack us, we're going to have to grow some nads ourselves in order to stand up to them. Of course, the government's idea of asserting itself against our enemies is to instead also look upon its own people with a scrutinizing eye, and perhaps not too far removed from reality, shoot first and ask questions later. Let's face it, people. The impact of terrorism is a social and psychological problem, and they've been engaging in quite masterful psychological warfare. Let's fight back by showing them we're not afraid of them. What happened to this man is awful, as was the incident where that other guy got himself shot to death. I certainly hopw that this is never, ever repeated again, but I'm almost certain that it will be. How unfortunate it is for us that no matter how much bravery we exhibit, our police will still behave like cowards.