Vista Security The 'Longest Suicide Note in History'?

rar42 writes "The Inquirer is reporting on an analysis of Vista by Peter Gutmann — a medical imaging specialist. This isn't the usual anti-Microsoft story — just a professional looking at what is going to happen to his computer if it is upgraded to Microsoft Vista. From the article: 'Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost,' says Gutmann."

Unnecessary Decline?

[P(0)(!P(k)+P(k+1)) (1012109)]

From TFA:

If I do ever want to play back premium content, I'll wait a few years and then buy a $50 Chinese-made set-top player to do it, not a $1000 Windows PC. It's somewhat bizarre that I have to go to Communist China in order to find vendors who actually understand the consumer's needs.

At first, I shared some cognitive dissonance with Gutman; China, however, is governed by Chinese and for Chinese: they're allowed to act in their own best interests.

The U.S., on the other hand, is beholden to parasites and corporations; and compelled into an unnecessary decline.

Re:Unnecessary Decline?

[ravenshrike (808508)]

China, however, is governed by Chinese and for Chinese

*cough* I think you meant by Chinese Corporations for Chinese Parasites who also happen to hold government positions.

Re:Unnecessary Decline?

[by Anonymous Coward]

The U.S., on the other hand, is beholden to parasites and corporations

*cough* I think you meant by Chinese Corporations for Chinese Parasites who also happen to hold government positions.

Fixed that for you, you quoted the wrong part of his post.

Re:Unnecessary Decline?

[BakaHoushi (786009)]

In the words of Douglas Adams:

People are a problem.

I think I just summed up this entire thread. As well as just about every news story on this (and any other) site.

Re:Unnecessary Decline?

[Dunbal (464142)]

Simply put, without big countries there would be no wars.

      You are dreaming in colour. Wars happen in all sorts of countries. There have been FEWER wars amongst big countries in the past few hundred years, than little countries. Just the big ones (Napoleonic, Franco-Prussian, WWI, WWII, Korea, Vietnam, Gulf) tend to be noticed more. Pretty much the entire African continent has been continually at war since the European powers pulled out... these countries are so small they hardly get noticed on the international scene, yet war is happening all the time there. Your comment is unfounded. Sure, the big countries tend to back one side or other in these small wars, but they're not the ones that START them.

Re:

[StrawberryFrog (67065)]

China, however, is governed by Chinese and for Chinese

You meant to say: China, however, is governed by a few Chinese and for those Chinese.

they're allowed to act in their own best interests.

I'm not calling the Chinese government corrupt; I wouldn't know. But governing a county in your own best interest is generally neither good nor allowed, that is to say, it's illegal.

The U.S., on the other hand, is ... not all that different?

Chinese DVD players

[tgibbs (83782)]

I currently have a Chinese-made upconverting DVD player. Chinese made because the US and Japanese manufacturers have knuckled under to the demands of the entertainment industry that no DVD player will output HD content over component video cables. (Now think for a moment just how mind-numbingly stupid this restriction is. Upconverting DVD players don't actually output video in true HD, because the movie isn't on the DVD in HD in the first place, and no process can add more information that was there to begin with. All an upconverting DVD player does is interpolate. An upconverted signal is the absolute last thing that any pirate could want, because it massively increases the amount of data required to copy the signal, without adding any information. So the entertainment industry, out of sheer ignorance has added a completely useless restriction that imposes considerable inconvenience on the consumer. Many older HD TV's only have component inputs, and even newer ones typically have only one HDMI or DVI input. And HDMI/DVI switchboxes are much more expensive than component ones. So consumers end up switching cables, shelling out extra money for switchboxes--or doing what I did, and buying a Chinese DVD player that is oriented toward the consumer instead of sucking up to the content industry.

Re:Chinese DVD players

[ConceptJunkie (24823)]

You're assuming that this is all to prevent piracy. The real truth is that the media companies simply hate us.

Wow, that's insightful

[Travoltus (110240)]

The world never had any entertainment before the dawn of DRM & copyright.

[sarcasm off]

Of course there was entertainment...

[NotQuiteReal (608241)]

Back before DRM and copyrights there was Banjo music.

Live banjo music, played by relatives, close relatives. Very close relatives.

Re:Wow, that's insightful

[mcrbids (148650)]

Granted, I'm against the US' current copyright laws, but the simple fact is that China IS rampant with copyright violation that does nothing but make the illegal publishers rich.

What? Are you retarded? Other than the 100-ish year lifespan, copyright law is the one (of three) branches of "Intellectual Property" that actually gets it right!

All copyright says is that whatever you right is yours, from the moment of inception. Simple and easy. What about that are you against?

If you want to be "against" anything, try patents (which make an idea that you might legitimately and independently arrive at owned by some other guy who came to the same or similar idea by whatever means before you) or trademarks (which all but cancel copyrights in some cases, because while the copyrights of a work might have expired, trademarks do not, so even if/when the Disney "Steamboat Willie" movie is no longer copyrighted, the trademarks of Mickey Mouse remain intact preventing "unauthorized" reproduction...)

Pick your fights, and fight about something where you might do some good. Alternatively, take the time to figure out what you're talking about before being "against" something....

Re:Unnecessary Decline?

[cgenman (325138)]

Eventually to maintain that growth they'll have to start protecting rights or they'll become a victim like they have been victimizing the rest of the world. How good do you feel paying $10 to see a movie so the Chinese can pay a $1 for a DVD?

It's funny you mention that. I was in Thailand not too long ago, and the price of a legal, licensed VCD was about $1. Legal DVD's were about $40, because they were a luxury item that only the rich could afford anyway.

Companies charge whatever the market will bear. If movie studios think they can get $10 out of an American audience to watch a movie, that's what they'll charge. It doesn't matter what's going on in China, except to say that they'll throw up all sorts of technical and legal barriers to importing their cheaper goods from that region. Likewise, a new CD in Brazil can cost 3 - 5 dollars. Again, legally.

China and other less restrictive countries are looked upon as bastions of IP freedom because there are some major ways in which they are. India, for example, allowed knockoff drugs for a very long time on the grounds that it was immoral to value western company's exploitive drug pricing schemes above human life. Go to Taiwan and *gasp* you can get DVD players that will let you play movies you have legally bought and paid for in any region of the world. You can get CD's in other regions of the world where the corporations convicted of illegal price fixing actually compete with local music companies and pirate CD creators to come to a more reasonable cost structure. Heck, until a few weeks ago you had to travel abroad to get the cellphone you've purchased unlocked from that one restrictive provider.

All of the above seem reasonable, but are completely banned in the US. It's nice to go to a country where the huge companies do not simply write whatever laws they want, but have to contest with the needs of the consumer, who have alternatives to the restrictive legal route.

China is also not communist, but that's another issue.

Well then don't use it

[Average_Joe_Sixpack (534373)]

You're not supposed to use a consumer grade OS for mission critical apps anyway. So if you went with a vendor that builds its apps on such an OS, then you are at fault.

Re:Well then don't use it

[ceoyoyo (59147)]

Unfortunately there's very little choice. The systems that run medical scanners tend to run some form of UNIX, and you can buy a workstation for a couple hundred thousand that will do the same thing, or you can use the hospital's PACS web front end... which in most cases works pretty much exclusively with IE.

Brief Outline of Medical Imaging Information Flow

[Ears (71799)]

This is part of the subtext both of the original article, and of this most recent post, so I thought I'd share what I know about it. FWIW, I'm a radiologist--that is, an MD who interprets the results of imaging studies--and an informatics geek.

Images are created on whatever imaging device--CT scanner, MR scanner, ultrasound machine, digital X-ray machine--and manipulated by the device's controlling system to do simple annotations, reformatting, etc. This is typically a Unix-based system running custom software designed and maintained by the device's vendor. The images are not usually interpreted on these systems.

From there, the images are sent to the PACS (Picutre Archiving and Communication System) [wikipedia.org], which is just a gigantic central image database. These also tend to be Unix-based systems.

There tend to be two front-ends for looking at images in the PACS database. The first is the radiologist's interface, which is a high-end video workstation dedicated to showing medical images with the greatest possible fidelity. Most systems I've seen are Windows-based (Windows 2000, in our case) and run software which was built by the the imaging system vendors in the late 1990's. Much is made of the "lossless" nature of the images which are displayed; for example, when you log into such a machine, you're warned about how "This is a medical device" and that you shouldn't mess with it. Much is also made of "diagnostic-quality monitors" and high-end video cards to drive the monitors. This is an artifact from the early days of digital imaging interpretation in radiology, when there was a great deal of concern about whether the quality of the digital images would be adequate for us to figure out what was going on in Grandma's chest X-ray if we weren't looking at a piece of acetate. Most of these concerns have died away, as the differences in resolution and dynamic range turned out to be relatively minor and the added conveniences of being able to manipulate the images digitally turned out to be huge. For example, the new LCDs I seen being put on PACS workstations are off-the-shelf Dell 22-inchers, as far as I can tell.

Finally, there are "non-diagnostic" interfaces to the PACS images, which do tend to be web-based. These are so non-radiologist doctors can look at the images, too. Some are IE-based, and use an ActiveX control to display the images, and some use a Java applet. These are displayed with lossy compression (since someone might want to look at them from off-site via a VPN), and officially are not allowed to be used for interpretation. And in fact, I wouldn't want to; it's a lot harder to see subtle things on them than on a full-blown PACS workstation. Part of that is just the interface (it's hard to use those stupid ActiveX/applet things) and part of it is crummy/mis-configured monitors, but I suppose compression artifacts could also play a role.

So, to review: you go see your doctor, Dr. Smith, in her office, and she orders a chest X-ray for you because you're coughing and have a fever. You come to the hospital, and the nice technologist takes frontal and lateral view of your chest on the digital X-ray machine. He then goes back to the X-ray control room, and sees that the images are pretty good, and so he sticks your name on them, and a marker of the date/time and his name, and so on, and then sends them to the hospital's PACS system. I (the radiologist) am working at my PACS workstation, going through the long list of all of the CT scans, MR scans, and X-rays taken in the hospital. I get to your chest X-ray and look at it; I don't seen any sign of pneumonia, so I write a report (the subject of a whole different set of informatics) that basically says "Clear lungs" and that gets entered into your electronic medical record. Then, Dr. Smith back in her office can see your X-ray via her Web-based interface. If she wonders about something she sees, she can call me up and say, "What's that stuff at the left ape

Re:

[Mike McCune (18136)]

Venders build mission critical apps on Windows all the time. It is easier to use what you know than the best tool for the job.

http://www.securityfocus.com/news/6767 [securityfocus.com]

The worst case I ever saw in person was at an assisted living facility. Their pull chains (that the residents pull when they are in trouble) was being monitored by a PC running Windows 95 (this was in 2006).

>You're not supposed to use a consumer grade OS for mission critical apps anyway. So if you went with a vendor that >builds its apps on

It was supposed to be a C3 O/S !!!!

[Cassini2 (956052)]

Many industrial and medical applications run on Windows. You forget that Windows NT was advertised as a high-security C3 operating system. Many applications were ported on this advertising. Some of the lock-down permissions in Windows NT were pretty draconian, and worked really well.

With Windows Vista, Microsoft appears to be completely abandoning any pretense of high-reliability.

Many industrial and medical applications have fairly high reliability requirements. Using commodity software and hardware has some cost and reliability advantages. It is easy to source replacement parts, and implement hardware redundancy. Being able to easily obtain replacement hardware is a big advantage if downtime costs are large.

The problem is that Microsoft appears to have abandoned the high-reliability sector. Windows XP has a continuous stream of rolling updates for both XP and the Anti-Virus packages. The result is that your high-reliability application can stop working for no apparent reason. From all indications, Windows Vista will make this worse.

Recently, I have been looking harder and harder at Linux. Linux offers a much more stable platform, and I can customize the installation to make it much more difficult to corrupt. The issue is that such a high software investment has been placed in specialized Windows solutions, that it is difficult to port everything to another operating system overnight.

Dupe from Friday

[ahecht (567934)]

Same story at http://it.slashdot.org/article.pl?sid=06/12/22/172 7245 [slashdot.org]

Re:Dupe from Friday

[SpaceLifeForm (228190)]

In this case, dupes are a good thing.

This attack on your freedoms needs to become widely known.

If they dupe this every other day until next June, it is good.

Re:Dupe from Friday

[tygerstripes (832644)]

If they dupe this every other day until next June, it is good.

If? You must be new here. Welcome to Slashdot.

Re:Dupe from Friday

[quentin_quayle (868719)]

I don't mind that it's a dupe. However, it is mis-titled.

It's not about Vista security. It's about Vista DRM.

The difference is that security is about the owner of the hardware establishing and protecting his control over it, while DRM is about a party A trying to claim some control over hardware belonging to another party B, on grounds that some pattern of bytes which A or a third party owns is currently instantiated, or might at some time be instantiated on B's hardware. When used for DRM, the term "security" becomes a meretricious euphemism designed to mislead an audience about who is securing what from whom.

Priorities

[bigberk (547360)]

For the kinds of purposes I'm interested in (research, science) this will make workers question the priorities of the operating system they are using. Is the priority to have maximum flexibility, performance, compatibility and extensibility (*nix) or to have maximum convenience for consumers (Windows).

Without a doubt, Windows is still the most convenient platform for consumers. But the priority behind the design is not purely performance and flexibility, but protecting content and other commercial interests.

We sure know the priority isn't security either

Re:Priorities

[kfg (145172)]

Without a doubt, Windows is still the most convenient platform for consumers. But the priority behind the design is not purely performance and flexibility, but protecting content and other commercial interests.

Houston; we have doublethink.

KFG

Re:Priorities

[diegocgteleline.es (653730)]

We sure know the priority isn't security either

In fact, if they only wasted the half of the time they wasted in DRM in security improvements...

I mean, if you read the DRM protection [microsoft.com] work...they completely redid everything that could break DRM, they break compatibility, they're even planning systems that need to re-do the hardware to require encryption on the *system*bus* just to keep hardware hackers from stealing contents at that place and hence making the DRM useless.....

If they had wasted all those efforts in improving security...vista would be the most secure consumer os available

Re:Priorities

[zCyl (14362)]

I mean, if you read the DRM protection work...they completely redid everything that could break DRM, they break compatibility, they're even planning systems that need to re-do the hardware to require encryption on the *system*bus* just to keep hardware hackers from stealing contents at that place and hence making the DRM useless.....

The message is clear. They believe their monopoly can be best maintained by catering to producers, rather than to consumers. Consumer choice is not driving that market.

Re:Priorities

[Dunbal (464142)]

Consumer choice is not driving that market.

      Consumer choice never drives the market in a monopoly situation. You get what I feel like producing, and you pay what I feel like charging. If you don't like it, tough.

Re:Priorities

[Deathlizard (115856)]

The message is clear. They believe their monopoly can be best maintained by catering to producers, rather than to consumers. Consumer choice is not driving that market.

And it's going to hurt them. probably long term and big time.

Zune is a failure vs Ipod because consumers don't want to deal with DRM everytime they want to listen to something, especially when there are hundreds if not thousands of music players that will play non DRM files. Including the Ipod.

Vista will fail for similar reasons. Business is happy with XP and will support it until Microsoft doesn't, and maybe adopt Linux after that. Consumers will only upgrade when they buy a new PC, and will stay around even after support is killed. if Apple starts opening their mouth about vista DRM screwing their music experience, they might just buy a Mac next time. Hell I don't know why Apple hasn't done a "Buy a Mac and get an Ipod Free" deal as of yet. It would definitely get a mac in the door faster.

It's looking the same way for office2007 business wise. I know we look at it and say to ourselves "training nightmare". I'm sure we're not the only ones saying that especially since our business is Higher education. I can only imagine what a commercial business is saying.

Apple and Microsoft had the power. They had the power to give both AA's the finger and work directly with the artists. They had the power to ignore them completely and let the users rip until the cows come home. They had the power to screw these Hi-def DVD formats until they relaxed the standards to work with existing hardware and software. Unfortunately, Apple seems to be giving the RIAA the finger while somewhat bowing down to the MPAA's HD lockdown Schemes, and MS is asking both AA's which lower cheek to kiss in a futile attempt to gain some more exclusive content that Apple's going to get anyway because their the market leader. Even then, all MS is really going to get in the end is more demands from the AA's when they could have easily just stayed the course they were going and force the AA's to conform to the digital age or die.

If there is any time for Apple and Linux to start pushing themselves, now's the time.

I'd prefer a less pre-loaded stance

[eschasi (252157)]

This writeup would be more useful if the author could maintain even a marginal pretense of objectivity. His constant use of loaded images ("grenade", "suicide note", "violate the laws of physics") works against him, and this butter-wouldn't-melt-in-his-mouth gem actually gave me a sad laugh when seen in context with his full note:

This document looks purely at the cost of the technical portions of Vista's content protection. The political issues (under the heading of DRM) have been examined in exhaustive detail elsewhere and won't be commented on further...

By "elsewhere" he must mean "in other sentences in this document." His facts, which he rarely backs up, are extremely suspect given his inability to separate his prejudices from his presentation. Considered as a persuasive essay, I'd give it a D. Which is not to say that I like DRM. It sucks, and Vista may become an unparalleled disaster because of it. But the author is far more adept at scoring points than he is at making his points persuasive.

Re:I'd prefer a less pre-loaded stance

[aralin (107264)]

You know this is a problem when dealing with Microsoft. You come into the process as objective person without prejudice to them and then you study the subject. If you study in a sufficient detail, you will become so enraged by what they are doing and that you are now hopelessly prejudiced against Microsoft. Look at the judge Jackson in the Microsoft trial. That is a person who's living depends on being objective and he got so pissed off by studying Microsoft practices that even he was not able to keep being perceived as impartial and so his ruling got thrown out by court of higher instance.

The most sad part is that Microsoft is abusing this by pointing to every such study as prejudiced and often rightly so. But what is the general public to do now? You either have experts that study the matter and become prejudiced or you have those with only superficial knowledge who can keep the illusion of objectivity but more often than not they do not know enough about the matter. Often to the point to believe studies paid by Microsoft as being a source of objective information. And if you want to keep the illusion of objectivity you need to cite those and it just seems wrong to me.

Sometimes you are just not supposed to be objective. Some topics do not invite that form of discussion. Is the Earth flat? I don't think anybody expects you to present the supporting opinion in equal length. Did holocaust happen? Again, not really a question in need of giving equal space to both sides. So why 'Is Microsoft crooked and do they intentionally cripple their product to harm consumer and competition?' needs any more discussion even after it was affirmed by Findings of Fact published by a federal judge? The matter of do they or don't they has long been settled. At this point the only question should be: "How exactly are they trying to cheat this time?"

Re:

[elgatozorbas (783538)]

Sometimes you are just not supposed to be objective.

Why not?

Some topics do not invite that form of discussion. Is the Earth flat? I don't think anybody expects you to present the supporting opinion in equal length. Did holocaust happen? Again, not really a question in need of giving equal space to both sides. So why 'Is Microsoft crooked and do they intentionally cripple their product to harm consumer and competition?' needs any more discussion...

Disclaimer: I don't want to choose sides here. But apar

Re:I'd prefer a less pre-loaded stance

[Cassini2 (956052)]

It is quite difficult to work in industries were Windows Vista might be used, and not wind up with a pretty mean-spirited anti-Microsoft argument. Typically the train of reasoning goes like this:

1. Power plant uses Windows PC's to monitor "x".
2. If "x" can't be monitored, we shut the power plant down. This is "fail-safe".
3. If enough power plants shut down, then we have to shut down the power grid. Shutting down the power grid affects the entire east-coast. When the power grid is shut-down, we automatically shut down all power plants. This is a fail-safe response. After the power grid is shutdown, it takes a few days to restart things.
4. If we shut down the grid, then several people will die (via indirect sequences of events). At a minimum, many people will be placed in high-risk situations, and large numbers will be inconvenienced.

What would it take to shutdown a network of identical Windows PC's making up a power system? A piece of malware, a rogue anti-virus update, etc. It really wouldn't take all that much to wipe out the power grid for the east coast. A series of inept coincidences could potentially succeed.

As a Professional Engineer, a person who is supposed to be able to advise companies on this stuff, it is extremely difficult to avoid sounding excessively alarmist. I work on industrial applications that are supposed to be fairly high-reliability. It is very difficult to keep Windows PCs isolated from the outside world. If you don't isolate the PC's, then you are vulnerable to Windows service-packs and Windows Anti-Virus software shutting down your production line. How do you even explain the problem to people? Everyone uses a Windows PC, and a Windows PC could never hurt them, right?

What do I recommend? I don't know the answer. Mostly, I try not to think about it too much. With the large amounts of specialized Windows software, it is difficult to think of any easy fixes.

Not an "upgrade", just a different flavor

[by Anonymous Coward]

Microsoft was legally forced to remove version numbers from Windows as the software they ship was technically no longer improved.

Cat got my tongue!

[RAMMS+EIN (578166)]

``This isn't the usual anti-Microsoft story just a professional looking at what is going to happen to his computer if it is upgraded to Microsoft Vista.''

Doesn't any professional investigation of Vista inevitably end up being an anti-Microsoft story?

(Just kidding. I actually think Microsoft put a lot of good things in Vista - although I'm not convinced it's a good product, and I'm definitely not dying to use it)

if its a good OS, todays ver is the final

[cheekyboy (598084)]

Look at linux... its not like we have Linux 3.0 and Linux 4.0 where nothing old works.

Its still linux. 8 year old stuff still compiles mostly, its fluid.

If windows was so great, it would stay at one version XP forever, with unlimited updates forever, SP4 SP21. etc...
Just because they are forced by marketing to make a new version is admiting its core is crap and needs a rewrite.

They could just as easily update/replace portions of XP gradually, six monthly. And make sure each other component isnt
too tied to others. ie WMP shouldnt need IE7 or something else... it should be detect and use if available.

This whole idea of , lets stop current dev and all new dev is placed into a new 'version' edition is total marketing crap, and
old school stuff of the 80s. Modern complex systems should never have a major rebuild, its always small step updates, like real
biological evolution.

OSX is basically the same, but again its articially versionized because of just new components added, and the silly side effects like
newly compiled made software not working on old OSX's even if they use no new features, thats my biggest pet pieve of OSX. Sometimes
its only the result of the installer package, not the code it self which would work fine. If X library is less than version Y, then dont use
those features.

Btw does apple make the old OS10.1 and 10.2 upgrades from 10.0 FREE NOW? what about any one left in 10.2 land, do they get a free 10.3 upgrade
once 10.4 is widely installed? Having too many versions installed out there should be a worry for them, they should allow all 10.3 machines to upgrade
for free. It would surely be cheaper to have no support for pre 10.3 if you provide free upgrades.

Re:if its a good OS, todays ver is the final

[dspisak (257340)]

"8 year old stuff still compiles mostly, its fluid."

Uhm, so is Linux the bedrock of computing or is it the agile warrior able to adapt to its changing foes? I'm a bit confused.

I don't know what 8 year old code you think would still compile against todays Linux. Between major changes from the pre 2.0 kernel days to now I can think of plenty of code that would break.

And then you've got your personal best friend in the world, a new version of glibc just around the corner to break things once in a while, but thats not Linux per se since Linux is just a kernel. But its all of the FOSS/FSF software that makes a Linux DISTRO.

Now show me a piece of 8 year old code that will compile on a current distro without barfing or having its ./configure script changed and I might begin to see your point. But I doubt your argument holds true for enough pieces of FOSS software to be truly relevant.

Primary Sources, FTW!

[Grym (725290)]

Here's a link [auckland.ac.nz] to the actual paper referenced in the article.

I would post the entire paper, but it's too large. Here are some notable excerpts:

However, one important point that must be kept in mind when reading this document is that in order to work, Vista's content protection must be able to violate the laws of physics, something that's unlikely to happen no matter how much the content industry wishes it were possible. This conundrum is displayed over and over again in the Windows content-protection specs, with manufacturers being given no hard- and-fast guidelines but instead being instructed that they need to display as much dedication as possible to the party line. The documentation is peppered with sentences like: "It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content". This is an exceedingly strange way to write technical specifications, but is dictated by the fact that what the spec is trying to achieve is fundamentally impossible. Readers should keep this requirement to display appropriate levels of dedication in mind when reading the following analysis.

Vista's content protection mechanism only allows protected content to be sent over interfaces that also have content-protection facilities built in... Since S/PDIF doesn't provide any content protection, Vista requires that it be disabled when playing protected content. In other words if you've invested a pile of money into a high-end audio setup fed from a digital output, you won't be able to use it with protected content. Similarly, component (YPbPr) video will be disabled by Vista's content protection, so the same applies to a high-end video setup fed from component video.

Alongside the all-or-nothing approach of disabling output, Vista requires that any interface that provides high-quality output degrade the signal quality that passes through it. This is done through a "constrictor" that downgrades the signal to a much lower-quality one, then up-scales it again back to the original spec, but with a significant loss in quality... Amusingly, the Vista content protection docs say that it'll be left to graphics chip manufacturers to differentiate their product based on (deliberately degraded) video quality. This seems a bit like breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.

Vista's content protection requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren't too uncommon in a typical computer (for example starting up or plugging in a bus-powered device may cause a small glitch in power supply voltages, or drivers may not quite manage device state as precisely as they think). Previously this was no problem - the system was designed with a bit of resilience, and things will function as normal... With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack. The effect that this will have on system reliability should require no further explanation. Content-protection "features" like tilt bits also have worrying denial-of- service (DoS) implications. It's probably a good thing that modern malware is created by programmers with the commercial interests of the phishing and spam industries in mind rather than just creating as much havoc as possible

Since when is Gutmann a medical imaging specialist

[The Monster (227884)]

From TFA:

"Peter Gutmann's report describes the pernicious DRM built into Vista and required by MS for approval of hardware and drivers," said INQ reader Brad Steffler, MD, who brought the report to our attention. "As a physician who uses PCs for image review before I perform surgery, this situation is intolerable. It is also intolerable for me as a medical school professor as I will have to switch to a MAC or a Linux PC. These draconian dicta just might kill the PC as we know it."

Gutmann is a CompSci guy who has been a biggie in the crypto community since about forever. You'd think an 'editor' would know that. Alas, Slashdot has people with the title, who don't do a job that deserves it.

Medical Imaging Specialist????

[perry (7046)]

Peter is a security guy. He's written widely used crypto software. He is not a medical imaging specialist. Where did /. get the idea that he's a medical imaging specialist???

Re:

[Pinky3 (22411)]

From a quote in the Inquirer article. ",,,INQ reader Brad Steffler, MD, who brought the report to our attention. 'As a physician who uses PCs for image review before I perform surgery, this situation is intolerable.' "

OK, so the submitter couldn't distiguish the quote from the INQ submitter from the subject of the article, but at least he didn't make the whole thing up.

Al

biased analysis, with a crunchy core of truth

[by Anonymous Coward]

The tone of the article and analysis is very slanted, but the one basic statement that cannot be argued with is the following:

"...spend time implementing large amounts of anti-functionality when it's already hard enough to get things running smoothly without the intentional crippling."

The days of PCs as a general purpose, low cost, programmable machine are done if content protection at the hardware level becomes reality. Things *barely* works as it stands, you can't add all this complexity and intentional obfuscation and think it will continue to work.

obviously fud

[farker haiku (883529)]

fta: Disclaimer
Any opinions expressed on this page are not in fact mine but were forced on me at gunpoint by the University of Auckland.

He a shill! :)

Peter who?

[pedantic bore (740196)]

No matter how good a medical imaging specialist Peter Gutmann happens to be, I think I'm going to wait for some security experts to weigh in on Vista issues before I jump to any conclusions.

Re:

[Thanatopsis (29786)]

You realize the original poster confused the original computer science guy with some one commenting on his article right?

BTW the link to the paper is here.

http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_c ost.txt [auckland.ac.nz]

Progress requires that RIAA/MPAA be screwed over

[ConfusedSelfHating (1000521)]

The record and film industry do not want new technologies to be available to the public. They will fight bitterly until the last, until the new medium is forced on them. And then they will make money on it. Think of home video. The film industry brought the VCR manufacturers all the way to the Supreme Court until they lost. Now the film industry makes significantly more money in home video sales than in the theatres. Technology must be imposed non-consentually on the content providers. The manufacturers need to release their products regardless of the complaints of the content providers.

I don't know why Microsoft is bending over for the media companies. They should just publically state that any mandated copy protection will hurt the ability of corporations to develop their own proprietary software. I'm sure there is at least a dozen companies which will gladly provide written statements about how the copy protection hurts their business. Microsoft then gives the media companies the middle finger. Pirates rape the media companies in innovative ways by releasing the content in manners not approved by the owners. The media companies are forced to create new media delivery methods to match consumer demands. This increases their revenues which were stagnant because of media executives who couldn't innovate their way out of a paper bag. The consumer benefits from new options in the market. Everyone benefits from the rape.

I don't believe piracy for profit should be legal. However, I don't believe that non-profit piracy is that bad. Many people would never purchase the movie or television show. Many people later purchase the legal version of the pirated product. For example, let's say a Slashdot reader named Jim missed out on the first 8 episodes of Heroes. He had heard it was a really good show, but didn't want to watch number nine first. Let's say that Jim downloaded the episodes in non-approved manner and watched them. Now Jim is a loyal Heroes watcher. Or let's say that Jim downloads technical books, finds which ones he likes and then purchases them online. Does Jim contribute to the media companies bottom line or does he hurt the media companies bottom line?

I'm new here but...

[monoqlith (610041)]

Could someone please like, read....something before they post a summary? I found no indication that Gutmann is a medical imaging specialist from his web page or report. He's a computer scientist who specializes in compression and encryption, which actually makes him a little bit qualified to perform a professional review of the new operating system.

The only thing remotely medicine related here is a quote from 'Brad Steffler MD.', a surgeon who claims that Microsoft's restrictive DRM methodologies make it more difficult for him to do his job.

if you want to read LSNiH then just read the EULA

[RobertLTux (260313)]

http://www.microsoft.com/about/legal/useterms/defa ult.aspx [microsoft.com]
this is a microsoft hosted page that you can pull up any EULA you want (MS products only of course)

Microsoft requires the right to DISABLE YOUR COMPUTER if it fails a validation check (WGA BOFH style anyone?)

Re:

[fishbowl (7759)]

>PS: Linux users are breaking the LAW every time they watch a DVD using their OS.

Untrue.

Distributors of some types of DVD decoding software may be doing so in violation of civil statutes in certain jurisdictions, but I must ask you to cite the specific prohibition you claimed in your PS:. Chapter and verse of the applicable law, please, don't waste our time with "DMCA". I know all about the DMCA, the DVD/CCA/CSS issues, etc.

Re:A biz idea for the new year

[by Anonymous Coward]

Here's an interesting tidbit from the WINE folks [winehq.org]:

Direct3D10, which will ship with Windows Vista in a few months, doesn't seem to be a large cause for concern. At first glance it appears to be more of an evolutionary change rather than revolutionary. New shader support will be needed, but extending ours once OpenGL supports it should be pretty easy. Stefan mentioned Microsoft is currently offering a lot of incentives for Windows developers who develop D3D10-only games since they'll only be usable on Vista - there's no plan to backport D3D10 to XP. Dan Kegel asked if that means we should port Wine's forthcoming D3D10 implementation to Windows, which would be relatively easy when we switch to WGL.

I don't know if that's all a good idea...

[Svartalf (2997)]

...but from the PR standpoint, it's a WIN. I'm all for discouraging Windows use, but I'm also one for personal
choice. And if it means someone has to give people crutches in the short-term to score points in the long run
so be it.

Re:

[celardore (844933)]

Legally circumventing the TV licence fee.

If you're watching BBC programmes in the UK then there is no such legal circumvention. The law is very comprehensive in that area and has covered computer viewing for years.

You're wrong. The TV licence covers the receiving and recording of broadcasts as they are being broadcast. I've got the documentation on my lap right now. The website clarifies this here. [tvlicensing.co.uk] This does not cover the shows that are available for viewing on BBC sites such as BBC Two's Watch Now [bbc.co.uk]. (IANAL though)

I don't much care for the TV licence.