02.04.06
Posted in General at 3:40 am by jw
As I posted previously in my PDC roundups, Microsoft will be requiring device drivers to be signed in the 64 bit version of Windows Vista. This is almost certainly because of the heat they’ve been getting from companies over the rootkits that have been slowly making their way around the net which can literally take control of your machine and cover their own tracks while doing it. It sounds like a good idea in theory but it will ultimately be a nightmare for Microsoft to maintain and support while the rootkits will still come out.
Here’s the basic scenario as Microsoft describes it. When Windows goes to load a device driver it first looks for the signed certificate that goes along with it (typically as part of the device driver .sys file but can be in a separate file for drivers not required to boot). When it gets that certificate it checks the chain of trust and if that chain is founded in a particular master certificate which belongs to Microsoft then Windows loads the driver. To sign a driver, a deveoper has to get one of these magic certificates from Microsoft which they state they will offer to anyone with a Class 3 certificate from Verisign ($500 yearly cost). From there it’s relatively easy to sign whichever driver you publish.
There are exceptions to the rule – Windows will load unsigned drivers if you have a kernel debugger attached (for example) and Microsoft has said they’ll work out some way of allowing unsigned drivers to be installed in test labs so people don’t have to sign drivers prior to testing. All of this sounds good in theory but it’s really just a smokescreen.
Now the initial problem with this scheme is the chilling effect it has on driver creation for 64 bit Vista. There are many open source packages out there at the moment which have unsigned drivers that are incredibly useful – the most well know is Ethereal but others include access to various file systems (Linux ext2/3, Mac HFS, various other Unix flavors) which will effectively be nipped in the bud because there’s no adequate method of maintaining key security for an open source project. You can’t publish the signing key because then anyone can take it and sign their rootkit. You can’t not publish the signing key because that violates the GPL. You’re screwed.
Secondly, it takes one driver with a bug to bring the whole system crashing to its knees. How many times have you seen Windows blue screen? These are typically caused by driver bugs and any of these bugs can be exploited by a rootkit to load itself into kernel mode. Driver signing tells you who published a driver but Microsoft can’t revoke the key for a specific driver without revoking the keys for all drivers from a company. Say the rootkit developer finds a bug in a specific driver from VIA, ATI, Intel or nVidia to exploit. The driver is signed and can’t be revoked without revoking every driver published by that company. The signed driver is exploited to load rootkit code and while you feel all secure with the fancy new signing technology it really hasn’t protected you at all.
Think about it – at last count there were well over 100,000 drivers available for Windows. How hard do you really think it will be to find one with a bug? Some drivers are actually designed to load other code (for example auto-update code) which becomes even easier to exploit.
Thirdly, it means that the rapid driver updates you see now for video cards and other system components will slow down. Typically video card point releases have been unsigned and pushed out to the public as quickly as possible. Now it won’t be as easy as they’ll have to go through the company signing process, which draws a lot of political attention inside companies. Releasing code is one thing. Signing it is totally different.
Lastly, the whole thing attacks Windows primary advantage over Linux and MacOS – hardware support. With the chilling effect manditory driver signing has on hardware support for Vista, Linux and MacOS will be pushed out as easily supported alternatives and far better initial test platforms for new and experimental hardware. If anything I expect this to provide a living hell for Microsoft and a boost in attention, support and stability for Linux and MacOS.
I haven’t even begun to discuss the anti-consumer effect this policy has when you tie it with DRM. Stay tuned for another post sometime when I get passionate enough.
Microsoft’s really shooting themselves in the foot here. Manditory signed drivers with no way for the user to turn the behaviour off is a critical mistake and I look forward to seeing Microsoft lie in the bed they are making.
Permalink
01.30.06
Posted in General at 3:51 pm by jw
Went out to CompUSA on Saturday and got my wife a Mac Mini. Ever since her old Blue and White G3 died she’s been at a loss for what to do when she wanted to surf the web while using her PC for games, not to mention the time she spends telling me how much better things would be if she was using a Mac. Well, now she’s happy again. The mini is an amazing little box – literally just large enough to put a CD into but it’s vastly more powerful than her old G3 and so long as I don’t mention that the G5’s are probably 5 times more powerful than the mini then she’ll be more than happy.
Actually getting the mini from CompUSA was a different and more interesting story – I knew exactly what I wanted when I walked into the store at Robinson and hung around the Apple section of the store for 5 or so minutes while the guy wearing the Apple shirt proceeded to unpack boxes and generally ignore me (this isn’t unusual, I’ve had that experience many times in this particular CompUSA Apple Store). Eventually he decides to pay me some attention and I have to ask if they have the minis as there was nothing out on display. He assures me they do and even goes out the back to check for me – yep, the $500 and $700 versions.
Now, I’d resolved to get the $600 version because I figured the 20% improvement in CPU speed (1.25GHz to 1.42GHz) would be noticeable and the extra 40G drive space would certainly help out, but as it wasn’t available and I really had no need to go to the $700 one I just saved a bit of cash and got the cheapest.
Next thing I know is the guy is explaining to me how incredibly horrible Apple’s service is and I really want to spend $150 on CompUSA’s 18 month plan. When I baulked at spending 30% of the purchase price on a warranty that literally covered almost nothing more than the standard Apple hardware warranty (12 months parts and labor) they proceeded to “explain” to me that if anything went wrong with the Mac then Apple would charge me $50 just to talk to them about it. I knew this was a flat out lie, especially given the only reason I’d ever talk to Apple is if I knew the thing was broken and it was definitely their fault so again I ignored him.
The stock boy finally brings out the mini (the box is so tiny and cute) and he starts up on the whole warranty pitch as well, also going into how terrible it would be for me to rely on Apple’s warranty and how good value their $150 warranty is! Sheesh – I already told one person I didn’t want it, now another? He eventually shuts up when I tell him I’ll think about it after I take it home seeing I apparently have 14 days to consider their generous offer.
Now the cashier starts up, but while she’s talking to me another cashier interrupts and lets her know she’s got some work to do if she wants to win the daily prize for warranty sales. It all suddenly becomes clear. Turns out the sales guys were deliberately lying to me about Apple’s warranties so they could get the prizes for hocking off a warranty to me. Yeah – I’ve thought about it properly now and they can take their warranties and stick them where the sun don’t shine.
In other PC news, I downloaded trial versions of Hoyle Casino 2006 and also the 3D version. Casino 2006 seems pretty much identical to the 2004 one except the Facemaker bombs out if you install it anywhere other than C: drive. Given my current Windows installation is on D: (for reasons I don’t have time to explain), it took me several hours to work out the problem only to realize there’s really nothing new here. The 3D version is even worse – nothing like keeping the same gameplay (ie 2D overlay) but using crappy 3D models instead of the wider variety of semi-amusing 2D faces.
And in the vein of games not installing properly I picked up Enigma: Rising Tide from Best Buy (thanks to $15 of Reward Zone certificates) just for it being about the most interesting of a rather dull selection in the sub-$30 price range. Turns out it uses copy protection garbage that prevents it from working on Windows XP x64 and getting a No-CD crack for the game just made it crash a little further in. Works ok if I reboot my machine into regular XP but I really hate doing that (what’s the point of a 64 bit chip if you’re only using half the ALU width and half the registers).
Permalink
01.23.06
Posted in General at 3:28 pm by jw
I seem to have made it back from Vegas ok, and Pittsburgh made it to the Superbowl which will be an interesting match to see. The last few days in Vegas really weren’t that much to write about – pretty much spending most of my time working with the IBM people to learn as much as I could while I was there. I didn’t even get time to head out to the Hilton to see the Star Trek Experience, much to my wife’s disappointment (she was hoping for some fat loot).
There were plenty of goodies waiting for me when I got back home though! First of all was X3:Reunion, which was slammed by the critics but I’ve been a sucker for space flying/trading games since I got my hands on Elite way back in ‘86. Played maybe 10 minutes of it so far but it’s definitely very, very pretty. The people still have the same old uninteresting animations from X2, but who really plays a space training game for the cutscenes?
Next was my nice set of Shadowrun books that arrived from my recent playing around on eBay. This was really my first contested bidding experience and I have to say it went off pretty well. I guess the old trick of bidding with 5 seconds left really does work. In any case, I managed to get 1 2 3 4 lots which should keep me busy for a while. Now I have a regular group playing SR, this should get me a little more up to speed on the world and what’s going on around the place.
Permalink
01.18.06
Posted in General at 3:02 am by jw
Damn it’s hard getting up to class at 8:30am when you were up until 6am “team building” with the other guys from the company and some crazy nurses they found. I did learn stuff that I was actually here to learn though, just it’s probably not interesting to anyone reading this blog so I won’t bore you with enterprise level Java junk.
Permalink
01.16.06
Posted in General at 8:52 am by jw
Vegas is an interesting place. I wish Tahnia was here – I’d have a *lot* more fun!
First of all, watching the Steelers/Colts game in a pub in Vegas with 100 or so Steelers fans singing “Here we go, Steelers” was awesome. While I’m not America’s biggest football fan (I still enjoy the Rugby more than American Football), I did love to see my home team supported so heavily out here and to be part of the winning game that takes them to the AFC final. I don’t think anyone in the world could argue that being an exciting game.
So, after the game I hung out with some friends who decided to play the Blackjack tables here in Vegas and much to my surprise they did amazingly well, being up over $1000 together after a few hours. My gambling money (as usual) is severely restricted cause I just don’t have the cash to toss about and my luck is terrible as usual, playing the even odds on Roulette four times in a row and losing all four, followed by getting my only quarter jammed in a slot machine. That was the end of my gambling day – some things just obviously aren’t going to happen and I’m sure it’s all for the best.
After hooking up with the other guys from work for our official duties, we headed back to the gaming tables at around 10pm and my friend who was already significantly up for the day played another half hour to win yet another $200. Some people really do have all the luck. So, after sitting around the bar with four other guys for a few hours (and a few Jagerbombs) the lads got tired of boring scenery and decided to go to a Vegas strip club (topless only cause full nudity in NV means no serving drinks).
What surprised me most of all about the strip club was that while I found the strippers good to look at, seven years of happy marriage meant I really was totally uninterested in the other offerings the club had walking around sitting on people’s knees. Most of them were cute kids in slut costumes but talking to them really wasn’t a turn on. If I remember correctly, 4 different ones tried to hit on me with different and original lines before I figured out that sitting in certain spots was a bad idea. Once I figured out the right “not interested” signals things went much smoother.
Now, I haven’t been to a strip club since being married (not that my wife would really mind, just not been that interested) so in many ways the lack of difficulty I had in turning down the girls from their complete lack of comparison to my wife was refreshing. It’s nice to know that some temptations are just not there. I had a good time, but not the sort of good time the girls were hoping to sell me (they could drain your pockets faster than the casino tables), and got out of there with nothing more than a few hideously overpriced drinks to burn a hole in my wallet.
I’m pretty sure the fact I’m not carrying my credit cards or ATM cards with me around Vegas is helping a lot too – nothing like a half hour walk back to the hotel room to really convince you that spending more money isn’t a good idea.
Well, 6am is creeping up way too fast. Better get what sleep I can before classes start here in earnest.
Permalink
Next entries » · « Previous entries