Vista's Suicide Bomb: who gets hurt?

Mostly Wintel, we reckon


Analysis So have fun fighting the battle against CPRM and alike but please do not be surprised when you fail, after all the war has been lost, long live the new world order: proprietary devices, proprietary interfaces, copy protection, limited functionality, and prepare you credit card accounts for all those monthly rental and service charges you will be paying for every "computer controller consumer electronics device" you use.

 - Hale Landis, March 2001

If you read just one thing over the holiday break, make sure it's Peter Gutmann's cost analysis of Windows Vista, that we noted here. It's an eye opening 20 minutes.

Gutmann describes in great detail the various measures Microsoft has taken to lock down Windows on behalf of Hollywood. This isn't a comprehensive look at all of Vista's DRM - Gutmann barely touches on Microsoft's new activation framework; this is beyond the scope of his enquiry.)

To recap: in order to playback HD-DVD and BluRay content, Microsoft agreed to degrade video and audio functionality in Windows. Gutman points out that when "premium" content is being played, component video - YPbPr - and S/PDIF interfaces are disabled. Third party hardware that fails to obey these orders may have its be "certified" status revoked by Microsoft - leaving the user with minimal (eg VGA) functionality.

Additional hardware specifications decreed by Microsoft, which are intended to alert the system that the "secure path" may have been compromised, open up a potentially devastating new vulnerability for net-connected PCs. As Gutman describes it -

Vista's content protection requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren't too uncommon in a typical computer... Previously this was no problem - the system was designed with a bit of resilience, and things will function as normal. In other words small variances in performance are a normal part of system functioning.

This creates a new attack vector for malware:

Non-US governments are already nervous enough about using a US-supplied operating system without having this remote DoS capability built into the operating system.

With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack. The effect that this will have on system reliability should require no further explanation.

In short, the Vista specifications explicitly cripple the PC. We say "specifications" quite deliberately, for in a sense this is a game of chicken.

This DRM only affects the playback of next-generation DVDs; which isn't a real problem for anyone quite yet: players cost $1,000 at the moment and there's next to no content available for them. In the coming few months, far more ordinary users will be affected by the DRM designed to prevent unlicensed use of Windows itself, than by these Hollywood mandates.

Nevertheless, Gutmann calls Vista multimedia DRM the "longest suicide note in history" - a phrase with some resonance to British voters [***].

This is evocative, but perhaps errs on the side of understatement. It may be more accurate to think of Vista's DRM as a suicide bomber waiting to go on his mission. For if and when Windows Vista optical multimedia DRM is activated, it destroys Windows Vista DRM reputation in the market as a multimedia playback device. The blowback will be felt most by Microsoft, the PC industry, and third party hardware manufacturers. In other words, the biggest loser would be the Windows market.

Quite rightly, Gutmann points out immediate disadvantages - such as the increased cost to hardware manufacturers who have been obliged to "secure" their digital pathways because Hollywood and the CE industry couldn't be bothered to secure their own. (The i/o interface S/PDIF is wide open). This is a cost which is passed on to consumers, whether we use the functionality or not.

DRM explodes - not many dead?

But if implemented, and the "big switch" is finally turned on, how much would it really matter?

Often discussions about DRM degenerate into self-serving hysteria about "the end of culture". So we're grateful that Gutmann took the time to state a fact so obvious, that it's often overlooked:

"If I do ever want to play back premium content," he wrote, "I'll wait a few years and then buy a $50 Chinese-made set-top player to do it, not a $1000 Windows PC. It's somewhat bizarre that I have to go to Communist China in order to find vendors who actually understand the consumer's needs."

Quite so. (I hardly think my "culture" is being thwarted when I can simply slip my over-priced next-generation DVD into an over-prived next-generation DVD player. Or download the file via Bittorrent.)

Compromising the open PC platform for the sake of playing back BluRay and HD-DVD simply nukes the PC in the consumer electronics market - but that's somewhere it arguably should never have been in the first place. Despite Wintel's best efforts, the PC makes for a lousy home entertainment hub. It's still too fussy, complicated and expensive: a case of technological overkill driven solely by the vendors, led by Microsoft and Intel.

Exactly six years ago, we broke the story of what was (and perhaps still is) the most nefarious stunt ever attempted on the open PC platform: the attempt to add CPRM into the specification for industry-standard hard drives, ATA. This provided a mechanism for content producers to lock down media to a specific machine, and would have arrived on the market by stealth. After the resulting outcry, the plans were dropped, and CPRM lives on as the standard DRM for removable flash media such as SD cards.

Consumers are now better educated, and we can be far more confident that a restricted PC will land on the market with a dull thud - and never be heard of again.

But some of the issues remain, not least for free software authors. As Richard M Stallman eloquently described it at the time:

"If users accept the domination of centrally-controlled data, free software faces two dangers, each worse than the other: [our emphasis] that users will reject GNU/Linux because it doesn't support the central control over access to these data, or that they will reject free versions of GNU/Linux for versions "enhanced" with proprietary software that support it. Either outcome will be a grave loss for our freedom."

But we'd be more confident if consumer groups and governments kept the manufacturers to a minimum standard of disclosure. For the market to arrive at an informed buying decision, it needs all the information.

So should Vista DRM require such technical counter-measures to play next-generation DVDs, then so be it: but these must be marketed as such.

And despite protests, Microsoft has proved itself perfectly able to produce a "reduced functionality" - in its own words - version of Windows on demand. It once cheerfully produced a version that didn't boot at all, for a US district judge.

Naturally, this reduced functionality version should be marketed separately. We suggest clear labelling - such as putting the shrink-wrap version in a BioHazard bag.

And the name? "Windows Vista SE".

For "Suicide Edition", of course. ®

Bootnote The phrase is attributed to right-wing Labour MP Gerard Kaufmann describing his party's 1983 election manifesto.


Other stories you might like

  • Has Intel gone too far with its Ohio fab 'delay' stunt?
    With construction unceremoniously underway, x86 giant may have overplayed its hand

    COMMENT The way Intel has been talking about the status of its $20 billion Ohio fab project, you would be forgiven if you assumed that construction on the Midwest mega-site has been delayed in light of Congress struggling to pass a large subsidies package that would support new American chip factories.

    When Intel delayed a groundbreaking ceremony for the Ohio manufacturing site two weeks ago out of frustration over the subsidies inaction, some headlines may have given you the impression the semiconductor giant was putting off construction entirely.

    However, an Intel spokesperson made it clear to The Register and others at the time that the start date for construction had not changed.

    Continue reading
  • Hive ransomware gang rapidly evolves with complex encryption, Rust code
    RaaS malware devs have been busy bees

    The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process.

    Researchers at the Microsoft Threat Intelligence Center (MSTIC) uncovered the Hive variant while analyzing a change in the group's methods.

    "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," the researchers said in a write-up this week.

    Continue reading
  • What do you mean your exaflop is better than mine?
    Gaming the system was fine for a while, now it's time to get precise about precision

    Comment A multi-exaflop supercomputer the size of your mini-fridge? Sure, but read the fine print and you may discover those performance figures have been a bit … stretched.

    As more chipmakers bake support for 8-bit floating point (FP8) math into next-gen silicon, we can expect an era of increasingly wild AI performance claims that differ dramatically from the standard way of measuring large system performance, using double-precision 64-bit floating point or FP64.

    When vendors shout about exascale performance, be aware that some will use FP8 and some FP64, and it's important to know which is being used as a metric. A computer system that can achieve (say) 200 peta-FLOPS of FP64 is a much more powerful beast than a system capable of 200 peta-FLOPS at just FP8.

    Continue reading
  • Meta's AI translation breaks 200 language barrier
    Open source model improves translation of rarer spoken languages by 70%

    Meta's quest to translate underserved languages is marking its first victory with the open source release of a language model able to decipher 202 languages.

    Named after Meta's No Language Left Behind initiative and dubbed NLLB-200, the model is the first able to translate so many languages, according to its makers, all with the goal to improve translation for languages overlooked by similar projects. 

    "The vast majority of improvements made in machine translation in the last decades have been for high-resource languages," Meta researchers wrote in a paper [PDF]. "While machine translation continues to grow, the fruits it bears are unevenly distributed," they said. 

    Continue reading
  • Tracking cookies found in more than half of G20 government websites
    Sorry, conspiracy theorists, it's more likely sloppy webdev work rather than spying

    We expect a certain amount of cookie-based tracking on retail websites and social networks, but in some countries up to 90 percent of government sites have implemented trackers – and serve them seemingly without user consent. 

    A study evaluated more than 118,000 URLs of 5,500 government websites – think .gov, .gov.uk. .gov.au, .gc.ca, etc – hosted in the twenty largest global economies – the G20 – and discovered a surprising tracking cookie problem, even among countries party to Europe's GDPR and those who have their own data privacy regulations.

    On average, the study found, more than half of cookies created on G20 government websites were third-party cookies, meaning they were created by outside entities typically to collect information on the user. At least 10 percent, going up to 90 percent, come from known third party cookies or trackers, we're told.

    Continue reading
  • Iceotope attracts funds for liquid cooling from global investors
    Round led by Singapore's ABC Impact, which sees growing market for the technology in Asia

    UK-based liquid cooling company Iceotope has scored £30 million (c $35.7 million) in a funding round led by Singapore's ABC Impact private equity provider, which sees a growing market for the technology in Asia.

    The investment syndicate providing the funding comprises Northern Gritstone, British Patient Capital, Pavilion Capital, and an existing investor, Edinv. Also included is SDCL Energy Efficiency Income Trust, an investment company dedicated to energy-efficiency projects.

    According to Iceotope, the investment syndicate also includes nVent, a specialist in heat-management systems and enclosures. In addition to investing, nVent has formed a trading agreement with Iceotope on modular integrated solutions for datacenters, edge facilities, and high-performance computing (HPC) applications.

    Continue reading

Biting the hand that feeds IT © 1998–2022