StarDestroyer.Net BBS

This is flying around the tech-geek circles I know, from a chap called Peter Gutmann (Unji of Auckland Proff in IT) in NZ. Far too long to post into a quote box. Work safe, just very long and technical.

Gutmann on security issues of Vista
http://www.cs.auckland.ac.nz/~pgut001/p ... _cost.html

Has such gems as -

Elimination of Open-source Hardware Support

In order to prevent the creation of hardware emulators of protected output devices, Vista requires a Hardware Functionality Scan (HFS) that can be used to uniquely fingerprint a hardware device to ensure that it's (probably) genuine. In order to do this, the driver on the host PC performs an operation in the hardware (for example rendering 3D content in a graphics card) that produces a result that's unique to that device type.

In order for this to work, the spec requires that the operational details of the device be kept confidential. Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non-Windows OS) will also know enough to fake the HFS process. The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products.

This potential “closing” of the PC's historically open platform is an extremely worrying trend. A quarter of a century ago, IBM made the momentous decision to make their PC an open platform by publishing complete hardware details and allowing anyone to compete on the open market. Many small companies, the traditional garage startup, got their start through this. This openness is what created the PC industry, and the reason why most homes (rather than just a few offices, as had been the case until then) have one or more PCs sitting in a corner somewhere. This seems to be a return to the bad old days of 25 years ago when only privileged insiders were able to participate.

I'm going to wait until they address compatibility issues with XP games to even consider switching over. As it is I still feel kind of gipped. My laptop is one of the model numbers that would have been eligible for a free Vista upgrade, but because I bought it two weeks too early I don't fall under the acceptable timeframe. So I'm not exactly thrilled about that.

My opinion of Vista is it is a flying brick. It looks like a waste of time and money to do what you can with other systems.

Lisa wrote:My opinion of Vista is it is a flying brick. It looks like a waste of time and money to do what you can with other systems.

They however force us to upgrade with those DX10 games though.

Ok, maybe I'm a bit confused, but I think this guy is getting things mixed up. The hardware scan is used to mate an install to one machine, for licensing/anti-piracy uses. AFAIK, any one can write a driver and use it in Vista, but the need to be signed (although unsigned Nvidia drivers work right now, but require admin permission to install). MS has a plan (I don't know if its active yet) that will sell signed certificates to driver developers, from prices ranging from ~$200 to ~$500 (I don't know the pricing the details - I've only read the summary in a discussion dealing with GPU tuning programs and virtual drive software that require virtual drivers). The drivers don't have to be WHQL certified, just signed. The point is prevent malicious driver installs.

Fingolfin_Noldor wrote:

Lisa wrote:My opinion of Vista is it is a flying brick. It looks like a waste of time and money to do what you can with other systems.

They however force us to upgrade with those DX10 games though.

No one forces you to buy the games. Speak with your wallet.

Signed drivers are only mandatory on Vista64. Also, the protected output is only activated for content that requests it, IIRC.

Lisa wrote:

Fingolfin_Noldor wrote:

Lisa wrote:My opinion of Vista is it is a flying brick. It looks like a waste of time and money to do what you can with other systems.

They however force us to upgrade with those DX10 games though.

No one forces you to buy the games. Speak with your wallet.

Yah. Right. What do you suggest we do in our free time?

Also, eventually, MS will terminate support for XP as they did before.

This is old news. The article linked to has been talked about for months, and the consensus seems to be that while some of its concerns are valid, much of it is FUD.

Yah. Right. What do you suggest we do in our free time?

Play games on a console, Windows XP, Linux, or the Mac.

Yeah, this is bullshit. The first section is relatively correct where it catalogues the absolute fuck up that has been the computer side of playing protected content, but from there on we go on a wild ride of bullshit FUD. He takes the worst case scenarios that are severely unlikely to occur, mixes in some strawmans just to be sure that the situation is dire enough and then sprinkles some outright lies (or mistakes if you are feeling generous) to get just the exact shade of "OMG the sky is falling down" doomsday prediction.

Explaining every section and the ways that he fucked it up would probably produce something that at the very least doubles his already overly long article.

If you don't want to buy Vista, fine, but don't do it because of the DRM scare. If you don't use content that requires it, it will lie dormant (as in, being inert and not affecting the rest of the system - the article's examples of the contrary are FUD, including the quoted paragraph), and you wouldn't be able to play such content most likely in XP and earlier. As for playing that content, well, right now its simply not worth it worrying about it because its a mess and its better not to touch it with a 10 foot pole. If it gets sorted out or if it sinks and is forgotten will be determined by the future - but I'm guessing that the system as is will be difficult to defend, without a major reworking to be more friendly to consumers at the very least - however that would AGAIN obsolete current solutions. And, while there is plenty of blame for that sorry state to go around, MS and the CE industry are probably least at fault here since they are getting their marching orders from the content owners on most of the DRM thing - probably why it is such a mess.