The Disparity Bit

Everyone is talking about the way Windows Update silently updates itself when set to 'notify only' (but not when set to 'off', apparently). Bruce Schneier calls it 'a huge deal'.

And it is. But only if you never considered what it really means to run a proprietary OS like Windows.

Microsoft can remotely, silently modify your OS any way they choose. Does that scare you? What can you do about it? Only install their patches manually? But you still won't have a clue what those patches do. Not install them at all? The holes in a completely unpatched Windows XP give the entire world remote control over your PC, not just Microsoft.

Microsoft can make your computer cooperate with some external entities against you. Do you think that's worse than 'mere' remote vulnerabilities? But how do you know your existing, unpatched OS isn't already betraying you? (It was when it downloaded that update.) How are you going to protect yourself against that?

Use a host-based firewall? Your OS can bypass it; it works through Microsoft callbacks and lives on Microsoft sufferance. Use an external firewall? How can it tell the difference between legitimate browser access to tfosorcim.com and software calling home?

Running Windows in a tightly locked-down VM is a hard but tractable engineering problem. Running it on bare hardware with Internet access is like keeping a huge tiger susceptible to radio mind control in your living room. You build a Faraday cage around your house and keep a tranquilizer gun in your pocket, and you pat it on the head after it feeds. Eventually the force of habit puts you off your guard and you let your children play with it and pull the tiger's tail. But the tiger only needs to bite your head off once for this to be a losing proposition.

Windows only needs to let someone bring down or take over a billion computers worldwide once for all of today's troubles with 10-million-PC botnets to look like really small peanuts.

I'll end with an insightful (and obvious) comment from Schneier's blog:

To say that those keys are "high value" is a bit of a gross understatement. Imagine that you had a key that would let you arbitrarily load software onto 90+% of the computers in the world. How much would something like that be worth to the right person? [...] Heck, it's probably more than a lot of people working at Microsoft are going to make in their entire lifetime. (And you just wanted to get the code long enough to cause a problem, it would definitely be worth enough to kill a few people for.) That's a nuclear-weapons-grade secret.

Alex Ionescu has released (working binary, no code, to prevent it being used by malware authors) a program that circumvents the Vista Protected Processes by letting the user mark any process as protected or unprotected.

I'm not a Windows internals expert by any stretch of the imagination, and I don't even have the code in question. But while Alex gets the title of his post right - Why Protected Processes are a Bad Idea - he doesn't explicitly answer that question. A naive reading of his post would simply tell you that Protected Processes are a bad idea because the implementation's broken. So I wanted to add this commentary:

If you can't implement the desired separation of privileges with the permissions system you've already got, much more important things are broken than DRM.

Paul Graham says it. I guess that makes it official.

I've been saying pretty much the same thing for several years now. To my friends, anyway, and not on this blog, but they know where they heard it first.

And my reasoning is completely different from Paul's, because personally I rather dislike the classical old-fashioned AJAX approach. A modern cross-platform language and toolkit like PyQt or Java, or the common denominator of all modern browsers, as expressed in the Javascript library of your choice: which do you think makes for a more fun and productive programming environment?

Maybe another time I'll blog about other reasons Microsoft is going down.

All accounts of the evil of Vista DRM are careful to remind us that no users ever asked for DRM. Microsoft have sold out to the MPAA, they wail. And almost noone stops to consider if this is really true or not.

They're all making the same mistake promulgated by Microsoft and the MPAA's PR. They assume that the primary users of Windows are the people who run it on their private PCs at home to "consume" media. The same people who soon won't even get to choose what version of Windows they run, as big integrators like Dell stop selling XP.

But the real mass-users of Windows, the ones with power to influence Microsoft, are big corporations and governments.

And corporations want DRM very, very much.

Last time I wrote that the threats presented by Novell's OpenXML support plugin for OO.o don't outweigh the benefits of having such support. Even broken and partial support is still better than nothing because it enables companies to do a one-off conversion, with a manual pass if need be, to migrate away from MS Office. And it lets individuals, and companies which aren't ready yet for that migration, read evil OpenXML documents sent by other companies (or your government, in some cases).



Of course OpenXML support in OO.o can also encourage people not to move away from MS Office, because if the metaphorical neighbours' kid who insists on using free software can read the documents your MS Word produces, he won't refuse to fix your computer. (A lucky few even have a government that wants to use open formats.) And it can also make people see OO.o as an inferior MS Office clone, because it can work with MS Office files but not as well as MS Office does itself, and it loses a bit of formatting data every time it opens them.



But by that measure we should also condemn projects like Samba and Wine. They too deliver inferior and late implementations of proprietary Microsoft technologies. I haven't heard any cries out of Groklaw that Samba betrays the free software community. (And don't talk to me about pure-Samba no-Windows networks. You could have all the same features on top of NFS or whatever if a tenth of Samba's development effort had gone that way instead. Samba's purpose is Windows compatibility, period.)



And what about the existing partial and inferior support for the MS Office .doc .xls etc. formats in OO.o and every other free office suite in existence? What about the FAT and NTFS filesystem support in Linux? I seem to remember PJ being proud of the community for such massive effort and dedication to often thankless projects of reverse engineering.

Groklaw is running a story with the heading, 'Novell "Forking" OpenOffice.org'. PJ writes,

There will be a Novell edition of OpenOffice.org and it will support Microsoft OpenXML.

Except that, reading the article and comments and other sources such as Miguel de Icaza's post on the subject, there doesn't seem to be a fork. Not in any conventional sense of the word. Instead there is (or will be) an OO.o plugin that adds OpenXML support. The plugin has a BSD-style license, and if it requires changes to OO.o itself (which it shouldn't), those changes would have to be published under the LGPL (OO.o's license) or a compatible license.

I've written here before about some reasons free, openly developed software generally has fewer security issues than proprietary software. However, one would expect Microsoft to beat the odds, since they're capable of funding any development process they want. They can hire world-class programming and QA teams and make sure at least their software contains no bugs or vulnerabilities.

Of course we all know that doesn't happen, but it might one day. I'd like to point out that there's another fundamental reason Windows and Office, or any similarly proprietary OS and applications bundle, can't be as secure as a good Linux distribution. Since I used to be a Gentoo Linux packager, I naturally consider package management to be the indispensable quality Windows lacks.

Everyone's abuzz with the Microsoft-Novell deal. (Groklaw coverage ^{1 2 3} and surely more to come; you can also pick it up on Slashdot or anywhere else.) It's a trap! They're coming! Ack, they're using patents, run for the trees!

So what's the big deal? Microsoft's strongest suit has always been marketing and FUD, rather than technology. This isn't an unexpected development by any stretch of the imagination. The only thing which might be surprising about it is the Novell side of the affair. And I always did think there was something weird about Novell, with their support of mono. Anyway, unless you're a Novell customer who now feels he has to switch, you probably don't really care what Novell do or don't do.

The new Vista license has been published by Microsoft, and people have been pointing out the differences from older Windows versions.

Reposted from my old blog - the old comments are there.

---

Dr. David Brin complains (first and second blog posts) that kids today can't learn the basics of programming in a way that is fun and, above, all, trivially accessible to every computer-owner. There's no lingua franca of modern programming - a language that is both ubiquitous (comes with every PC) and accessible (very simple and suitable to learning basic imperative programming).

A storm of comments was generated by the Salon article. Most respondents didn't seem to understand Brin's real points. To be fair, the article itself was rather misleading. In any event, I'm responding here to what Brin wrote in his later replies, the first of which is here, starting with the words "your letter is cogent and intelligent". (Permalinks to individual comments on Blogger don't seem to be working.)