Bill Gates yesterday confirmed that there is no official release date yet for the next version of Windows, named Longhorn. “Longhorn could be 2005 or 2006,” Gates told a small group of journalists yesterday at the TechNet/MSDN seminar in The Hague. “This release is going to be driven by technology, not by a release date. Which probably means it is going to be late.” In the meantime, tThe second Windows XP service pack will include a number of changes designed to allay security fears.
anyone know if DRM is a certainty in “Long Horn” ?
from what I’ve heard… yes, without a doubt.
This will certainly give Xouvert enough time to match (or even beat) the new GUI “features” that Microsoft has been trolling about lately. So this wait is definetly a good thing for Linux and other opensource projects.
From the article:
“From now on, Microsoft will install these patches automatically. And it will bring the size of the patches down to satisfactory portions. ‘We used to send megabytes of software to fix a 20 byte file,’ Gates said.”
This brings three immediate questions to mind of concern:
1) If they sent “megabytes” to fix a 20 byte file, what were the other million or so bytes for?
2) By bringing the size of the patches “down to satisfactory portions” does Bill mean a 20 byte file will fix a 20 byte file, or instead of several megabytes per 20 byte file maybe only 500K?
3) Why is Microsoft automatically installing anything on my system? Am I consulted about these updates by default?
> If they sent “megabytes” to fix a 20 byte file, what were the other million or so bytes for
Usually you want to send all affected/changed libraries because otherwise you are risking library/binary incompatibility.
>or instead of several megabytes per 20 byte file maybe only 500K?
I would think about 100-200 KB, depends on the kind of the patch and the affected libraries.
>Why is Microsoft automatically installing anything on my system?
Because MS is getting bashed for other people’s inactivity to not install updates and getting hit by worms. MS has to do something about this, as its own name is at stake, so they chose to auto-upgrade. It can be conceived as part of the service. If you don’t like this automatic update (I do), then don’t use Windows.
I certainly am not an MS insider but the way MS talks, you can almost bet on it. MS basically touts DRM as a necessary feature because people demand it. Of course, that is so far from the truth. The only people that want DRM are music and video companies so you won’t pirate their stuff.
I honestly believe that the future holds a lot of DRM from MS. Their whole “trustworthy computing” is based on DRM. They lock down the machine so that only “trusted” programs run. Do you think Linux will be trusted? Linux is a virus to MS and they will try to go as far as possible to block it. The problem with MS’s view of “trustworthy computing” is that they don’t trust you the consumer. Unfortunately, they are following the golden rule. Those with the gold make the rules. And MS is making the rules here. Until there is a significant revolution in computing, MS will dictate what goes in Windows and what doesn’t. The problem is that the average home consumer doesn’t care about revolutions; they only care about simple stuff.
I hope Linux grows and grows and supplants MS but I am a realist and know that MS is not going away anytime in the future. However, the more that people get fed up with MS “innovations” like DRM, the more likely that change will happen faster rather than slower. The bright side for Linux and other OSes is that the delay for Longhorn will give ample opportunity to create change. Despite what MS may give you in PR hype, they do not have a very tangible piece of software yet, so now is the time to mobilize for a revolution.
Let’s not the man hold us down anymore!
Usually you want to send all affected/changed libraries because otherwise you are risking library/binary incompatibility.
Ask client to send MD5 checksum of the library.
If it is of one of correct versions, apply the right 80 byte patch.
If it is something else, send the correct library.
Just how simple is that?
From the article: “From now on, Microsoft will install these patches automatically. And it will bring the size of the patches down to satisfactory portions. ‘We used to send megabytes of software to fix a 20 byte file,’ Gates said.”
This brings three immediate questions to mind of concern:
1) If they sent “megabytes” to fix a 20 byte file, what were the other million or so bytes for?
The other x number of megabytes were for the installer. Yes, you read it right, most of the bytes are associated with having a nice pretty installer. Imagine if they had a package system which would mean that the size of the file would only increase by a few bytes for the installation script.
2) By bringing the size of the patches “down to satisfactory portions” does Bill mean a 20 byte file will fix a 20 byte file, or instead of several megabytes per 20 byte file maybe only 500K?
I think what they mean is that rather than having a huge update, they modularise it. One for IE, one for OE etc etc and it will allow people to pick ‘n choose depending on whether or not they use it. For example, if I don’t use OE, why then should I be required to download and install an update for it?
3) Why is Microsoft automatically installing anything on my system? Am I consulted about these updates by default?
And if you system you’ll whine to Microsoft for not protecting you. What do you want? security or paranoia “I want to be consulted”? The number of people who say, “oh, I don’t want to have my system patched without my knowledge”, and then turn around and complain that their system is cracked or infected, really need to ask where their priorities lay.
There’s no pleasing the Linux Zealots.
You guys are nauseatingly boring and predictable.
Sounds like 2006 is a good year to make the Linux switch. It’s what I’m planning on doing. I sure don’t want DRM on my box, nor the other “features” Longhorn has in store for us. By 2006 Linux will be more than ready for the desktop.
The number of people who say, “oh, I don’t want to have my system patched without my knowledge”, and then turn around and complain that their system is cracked or infected, really need to ask where their priorities lay.
The solution to this isn’t so hard: Microsoft could just patch your system while notifying you at the same time that it is patching your system, and why. That’s what Apple does with OSX.
I think that Linux will have DRM but the only difference is that on Linux DRM will be used properly to protect copyright of music and movies, while on Microsoft it will be abused so that it blocks out competition to Microsoft products. Everyone knows this!
Microsoft has severe problems with their updates, especially since they take about 100 years to install. For anyone who hasn’t tried Linux, the updates take only 30 – 90 seconds. I don’t update my Microsoft WinXP on my notebook because it take forever to update!
Linux is ready for the desktop right now. I’ve been using it on the desktop for 18 months and I’ve been happy. The improvements are comming along, but it’s a good desktop right now.
actually, what you say is false.
trusted computing aware applications will just be using Palladium for the functions they need (it might be license authentication or data security, etc)
there is no enforcement of DRM only programs. you can run anything you like on the machine. windows does not interfere with installing Linux (they actually discuss this in the FAQ on their trusted computing site (can’t find the link, maybe some one else has it?)
what this does do, however, is make it dumb easy for say, the entertainment industry to leverage DRM capabilities in windows so that they could lock out information on a disk unless the DRM capabilities are available and it can authenticate a license.
“they actually discuss this in the FAQ on their trusted computing site (can’t find the link, maybe some one else has it?”
That is true, but that’s trusted computing. Microsoft’s NGSCB (formerly known as “Palladium”), is a separate endaevor that paralles many of the ideas in the Trusted Computing Platform Alliance.
Just remember that Microsoft’s aims are their own and they are separate from those of the TCPA.
actually, they are one and the same. it is the same FAQ.
I am getting so sick of this! Do you people actually think that DRM-‘enabled’ hardware is going to lock out non-MS-approved software?
Get a grip: do you really think that the major hardware companies will accept the fact that they have to dump a number of customers (=their non-MS using customers) ? Do you think Intel and AMD will ignore part of their customers, because MS says so? I don’t think so. They aren’t stupid!
Really, it’s about time some people format their brain.
And oh, don’t worry, I like Linux. I’m just not so damn ignorant!
Windows XP auto update does a great job so far.
step 1: little icon pops up saying patch is ready
step 2: you click icon and path is downloaded
step 3: little icon pops up saying patch ready to install
step 4: you click icon and the update installs
step 5: you possible must restart (more often than not)
What they need to do is eliminate all user clicks. Maybe one system settings that allows disabling of auto-update. But they should keep the icon
Next, they need to have fewer restarts.
Lasltly, at least for MS upgrades, they needn’t have each patch with its own installer. They should have the MS-PATCHER (TM). This way they’ll be guaranteed a consistent gui and smaller downloads.
Yamin
one possibility is that MS requires that OEMs use DRM-enabled hardware to run windows..then all the hardware makers need to do is sell hardware that has DRM able to be turned off and on.
this is very easy in the bios, Mother board makers can have DRM in then hardware and when Dell or Gateway or HP sets up their bios software, they just don’t allow the user to turn it off.
the off the shelf hardware of course would come with a fully configurable Bios so the end user can run windows or any other OS he/she feels like.
“Ask client to send MD5 checksum of the library.
If it is of one of correct versions, apply the right 80 byte patch.
If it is something else, send the correct library.
Just how simple is that?”
But then people say they’re spying at what is on your computer.
“The other x number of megabytes were for the installer. Yes, you read it right, most of the bytes are associated with having a nice pretty installer. Imagine if they had a package system which would mean that the size of the file would only increase by a few bytes for the installation script.”
Why exactly would an update only the system installs need a pretty installer? Ever notice how the downloadedable version of the patch is slightly larger than the windows update version? that is the nice pretty installer.
“Sounds like 2006 is a good year to make the Linux switch. It’s what I’m planning on doing. I sure don’t want DRM on my box, nor the other “features” Longhorn has in store for us. By 2006 Linux will be more than ready for the desktop.”
Back in ’99 it was gonna be ready for the desktop by ’01. And it ’01 it was gonna be ready by this year. And this year it’ll be ready by 2005. In ’05 it’ll be ready by ’07. See the pattern?
“The solution to this isn’t so hard: Microsoft could just patch your system while notifying you at the same time that it is patching your system, and why. That’s what Apple does with OSX.”
Where does it say it won’t inform you? It most likely will since auto update informs you. My guess is it’ll make auto update mandatory (which sucks for those of us who actually patch). There goes a few bytes of ram.
“Microsoft has severe problems with their updates, especially since they take about 100 years to install. For anyone who hasn’t tried Linux, the updates take only 30 – 90 seconds. I don’t update my Microsoft WinXP on my notebook because it take forever to update!”
Yes the updates are kind of slow. But so what? Set them download when you go to sleep. btw every dingus who leaves their system unpatched are responsible for all the exploits, since most of them are months after a patch has been made available.
Back in ’99 it was gonna be ready for the desktop by ’01. And it ’01 it was gonna be ready by this year. And this year it’ll be ready by 2005. In ’05 it’ll be ready by ’07. See the pattern?
those statements were made by people who have already been using Linux. but the fact is that Linux is today ready for the desktop. you just aren’t using it because it is diffrent.
As much as I sympathize with those who are against DRM, I believe that DRM is inevitable, and in the end will benefit rather than harm the computer industry.
What I am trying to say is that Digital Rights Management gives copyright owners the choice of enforcing their ownership. I don’t see anything wrong with that. Those who deem such protection unnecessary, or those who are willing to distribute their works freely are at liberty to distribute their products without DRM. There are however, no choice on the PC platform as of today to give those copyright owners the choice to enforce their entitlement.
What does worry me though, is the proprietary nature of the version of digital rights management now hatching at Microsoft. Major record labels and movie studios will feel no remorse in signing up to such a plan since they now lose so much more money due to piracy. The end result would be a coalition of large corporations controlling the digital distribution of movies and music and maintaining the status quo much like what things are today, and in the end locking out smaller competitors such as Linux.
I think you may be underestimating the power of MS when it comes to dictating the sales of hardware. The major hardware makers are basically MS’s bitches basically when it comes to selling Windows. Remember when Dell wanted to sell machines without an OS? MS basically told them in no way will you do that. Sure Dell circumvented it by loading FreeDOS on the machines but the point is that MS indirectly controls the hardware vendors that deal in Windows. It is not likely, but at any time MS could basically tell Dell to quit selling any machine with Linux on it or we will charge you full price for Windows, or even worse, we will revoke your ability to sell Windows on your machines.
Again, it is not likely, but Microsoft has the power and pull to do this. The could basically destroy a Wintel hardware vendor if they wanted to. Granted there would be massive outrage at an action like this but hey Microsoft is a monopoly and rules with an iron fist. Until there is truly a revolution in computing and Linux (or other alternative OS) is widely acknowledged and easy to use (you have to think like an average computer schmo, not a tech-savvy person), Microsoft says jump and we ask “how high?”
what worries me is the UNREGULATED implementation of DRM. today, a copyright holder can ignore copyright laws that protect the consumer and implement the DRM scheme to help line his/her pockets with more money for rights to a product that the consumer already has under federal law after the time of purchase (pay to burn to CD for instance)
we need regulation of how DRM can be implemented so that the consumer is protected, otherwise, we will be entering a nightmare.
I agree with you, in fact, if you read what I said, I think that Microsoft WILL force OEMs to have DRM turned on n their hardware. but this in no way affects people who want to build and make computers for Linux or any other OS.
OEMs make custom Bios software to limit the ability of the user to change certain settings.
but motherboard makers will not limit a users ability so if you bought a motherboard off the shelf, you can turn on DRM (to run windows or have it available for your needs) or keep it off.
and MS does not have to really tell the OEMs that they have to have DRM on or risk loosing their license, all they need to say is that you must have DRM on or windows will not boot.
If you think that, just because Microsoft s sounds friendly about DRM now, that it won’t turn on you and abuse its power, then you obviously don’t remember how Microsoft got so powerful
Anyway, the danger of DRM isn’t that DRM hardware will not let you boot Linux. That would provoke the DOJ too far. Instead, the result will probably be a sea of Windows-only content. Right now, its possible to reverse-engineer Microsoft’s proprietory formats, and thus still run alternative platforms without being totally locked out of the world. But what happens when Microsoft automatically DRM-protects all your documents? MS users would ever know — they could simply give full-permissions to everyone by default — but alternative OS users would either of to break the protection (illegal because of the DMCA) or just be locked out. DRM is already screwing over alternative OS users. Linux users can’t subscribe to most streaming music services, because their systems are DRM encryped.
Also, DRM is a dumb idea in theory. It assumes that Microsoft can make a 100% secure system. Of course, that’s impossible. Once Paladium is broken, its broken for everyone. So criminals will be able to access your “secure” data, but not Linux/FreeBSD/etc users. Also, it just highens the “monoculture” effect. When there is One True (TM) DRM mechanism, it becomes easy for crackers to just break one and be done with it. When there are all sorts of different protection mechanisms in the wild, there is a much higher chance that your protection will not be cracked. Lastly, how absolutely stupid is it for a person concerned about the security of his documents to hand total control of is machine to a third party?
My bad….you are right about your agreement with my previous statements.
I hope you are right about motherboard makers because I am sure that if MS wanted they could probably exert some pressure there too. I don’t see them going that far but again, this is MS and who knows how they will feel.
On a related note, on Groklaw.net today there is an article about MS Israel being declared a monopoly officially by the government. Maybe this will be the first in a worldwide wave to create a dramatic ripple effct.
Back in ’99 it was gonna be ready for the desktop by ’01. And it ’01 it was gonna be ready by this year. And this year it’ll be ready by 2005. In ’05 it’ll be ready by ’07. See the pattern?
>>>>>>>>>>
You can’t listen to the fringe contingent. The mainstream of Linux users weren’t saying that it was ready for the desktop in ’99. Right now, the Linux companies think that it is ready for the corporate and government desktops (and it is), and or the absolute newbie (I need someone to set the computer up anyway) desktop. It is very likely that by 2006, Linux will be ready for the desktop’s of the power-user contingent that hangs out on OSNews.
“Do you think Intel and AMD will ignore part of their customers, because MS says so? I don’t think so. They aren’t stupid!”
Do you think that the big name x86 manufactures would allow one of their (software)suppliers to bully them around?
I wonder if the memory maker Kingston dictates to Dell that or Toshiba that makes the cd/dvd drives how the computers are to be sold.
MS calls the shots. It is sad and pathetic that it been allowed to come to this, but thats now the story.
Just call up Dell or Gateway, and order a computer without an operating system. MS doesn’t allow that…
“Just call up Dell or Gateway, and order a computer without an operating system. MS doesn’t allow that…”
Hey, I was talking about hardware manufacturers, not companies like Dell. I couldn’t care less if Dell sells non-MS computers, it’s just that Intel/AMD/Ati/Nvidia etc. will never make their hardware MS-only, because they loose customers when they do that. And trust me, they don’t want to.
>Because MS is getting bashed for other people’s inactivity >to not install updates and getting hit by worms. MS has to >do something about this, as its own name is at stake, so >they chose to auto-upgrade. It can be conceived as part of >the service. If you don’t like this automatic update (I >do), then don’t use Windows.
Thats all fine and good, but I still prefer to know what is being installed on my machine before it is. Numerous times windows patches have caused other incompatabilities and software conflicts.
Also, what’s to stop them from installing other insidious software on our machines without our knowledge?
A quick scan at windows update will find several “fixes” for services I either have disabled, or not present on my machine. I have these things turned off for a reason, there is no need for Microsoft offer fixes for things I have already dealt with.
If there is an option (as there is no with the automatic updates feature in windows) to first review, and then decide to install certain updates, I have no problem with that. But they need to give advanced, and non-ignorant users the freedom to decide what is going to be put on our machines.
In principle I agree that they need to do something better for patch distribution, as many windows users don’t even know that windows update exists, and that it should be used. But this is more of a community responsibility issue than some omnipresent organization telling me, and forcing updates and patches on our machines.
“But what happens when Microsoft automatically DRM-protects all your documents? MS users would ever know — they could simply give full-permissions to everyone by default — but alternative OS users would either of to break the protection (illegal because of the DMCA) or just be locked out.”
What does this mean? Do you think that Microsoft is going to have the capability to decides who has the rights to edit a document that I create?
“Linux users can’t subscribe to most streaming music services, because their systems are DRM encryped.”
Well that will be solved as soon as DRM is put into the Linux kernel. Linus plans this you know.
Actually, a bunch of companies are doing that already. They are using the drivers for that. Try to get anything but a generic driver for say, anything from creative Labs for Linux.
And that company cannot claim that the userbase is too small to support, so my only other theory is that Microcrap has something to do with this.
“Also, what’s to stop them from installing other insidious software on our machines without our knowledge?”
Nothing at all. How many lines of code are on your hard drive now? How many do you have the source for? How much of the source code have you read? How much do you understand?
You better shut you PC off right now, before it is too late.
There was an interesting column by Dvorak about the performance loss of patched vs. unpatched XP systems. The comments section of the article showed how prevalent the phenomenon of “XP decay” was. Some people tested XP workstations side by side, one patched and the other not, and found there was a dramatic loss of performance for the patched XP system.
It seems that, for XP at least, you have to choose between “secure” and “fast”…
What does this mean? Do you think that Microsoft is going to have the capability to decides who has the rights to edit a document that I create?
>>>>>>>>
Palladium is just a way of enforcing permissions. Something can be Palladium protected (encrypted) but could have permissions that allow anybody to read it. All MS would have to do is ship a future version of Word that Palladium encrypted your documents, but allowed anyone to access them by default. So you could save a document with no protection, and all MS users could read it, because Palladium would decrypt the document and see that all users are allowed to see if. However, if you don’t have Palladium, you just won’t be able to open the document, even if you are supposed to be able to.
Well that will be solved as soon as DRM is put into the Linux kernel. Linus plans this you know.
>>>>>>>>>
Linux is not Windows. If I don’t want DRM, I can just apply a patch to remove it. I can’t do that in Windows. I don’t think Linux should have DRM at all, and I don’t agree with Linus on this point, but Linux DRM has no teeth and Linus knows it.
A quick scan at windows update will find several “fixes” for services I either have disabled, or not present on my machine. I have these things turned off for a reason, there is no need for Microsoft offer fixes for things I have already dealt with.
How is MS supposed to know why you’ve diabled those services? How do they know if you’ve done it only temporarily? What if you want to use them later? And Last I checked, they don’t offer patches uninstalled services (like IIS).
If there is an option (as there is no with the automatic updates feature in windows) to first review, and then decide to install certain updates, I have no problem with that.
You can select which updates to download and/or install with Automatic Update. UTFCP.
It would be nice if they included links to the technical details, but one can look up the KB articles indicated if one wants.
And yes after I RTFA, I realize Gates makes it sound like one will have no choice but to install the critical updates. I suspect they’ll make that the default at the least. The trick will be making it so these patches don’t require a reboot. I suspect that is why most people ignore them. They break the user’s workflow. We’ll have to wait and see what they really have in mind.
>>>Linux is not Windows. If I don’t want DRM, I can just apply a patch to remove it. I can’t do that in Windows. I don’t think Linux should have DRM at all, and I don’t agree with Linus on this point, but Linux DRM has no teeth and Linus knows it.
It will have teeth when Oracle and others require you to run certain RedHat enterprise distribution with trusted module turn on.
It’s exactly the same thing as Windows. You can turn off the trusted module in the next Microsoft windows os — but you can’t run certain apps without the feature turn on.
>>I am getting so sick of this! Do you people actually think that DRM-‘enabled’ hardware is going to lock out non-MS-approved software?
Yes, I do. Why else would MS be moving to integrate Windows with a machine’s BIOS (see previous OS news story on this)? What favorable end result for MS would that yield? MS-only boxes, obviously. Anybody who thinks MS wouldn’t stoop to that level hasn’t read a lot about the history of MS.
It was my understanding that for the DRM to work, MS’s software for it must be coupled with an extra hardware by Intel..is that right? Does Intel have this ready?
genaldar:
They can just do it the right way. Publish the information on how the sums is requested, never ask for more sums then are needed for secure patching, and so on. Then no one except MS haters would complain.
Or here is even better solution. Tell the correct MD5 sums to client machine, and if those don’t match, the client downloads the correct library. If they do, client downloads a patch. Then client machine doesn’t need to send any sensitive information at all.
It’s exactly the same thing as Windows. You can turn off the trusted module in the next Microsoft windows os — but you can’t run certain apps without the feature turn on.
>>>>>>>>
Actually, with Linux you can edit the code so the program thinks DRM is enabled, but isn’t.
I fear the worst…
MS Patching protocol will probably be found and figured out, and used to automatically spread worms, since every computer thats left on and has a boardband connection would be available for use in a massive massive ddos against whomever.
some german site a while back started examining the curernt windows protocol that examines your computer when you click “windows update”
i doubt it would be too long before someone with a lot of time on their hands (thats why its usually kids who are hackers,) figures this future exploit out.
>>>Actually, with Linux you can edit the code so the program thinks DRM is enabled, but isn’t.
ALl the software companies will only support you if you run on specific certified linux distributions (i.e. RedHat Enterprise edition). And RedHat’s Enterprise licensing doesn’t allow you to modify their OS. And HP wouldn’t indemify you against SCO if you apply un-authorized software patches.
That’s not the point. I have no problem with specific companies not supporting my random software configurations, but I have a problem with my OS vendor not allowing me the choice of having random software configurations. The point is that with Linux I have the option of editing the code (to take out DRM or do whatever I want) and compiling my own version of the software, and with Windows I don’t. With Linux, DRM won’t affect you at all if you don’t want it to.
PS> Before anybody gives me bullshit about people not needing to edit the code: my machine is currently running slightly modified versions of Qt (to make menu icons optional) and KDE Plastik (to scale better to my screen). There is a world of difference between having an option and not using it, and not having an option at all.
The problem is that there are probably just a few hundred people capable of going into the kernel source code and modifying it safely. It’s a big house of cards.
>>>The point is that with Linux I have the option of editing the code (to take out DRM or do whatever I want) and compiling my own version of the software, and with Windows I don’t. With Linux, DRM won’t affect you at all if you don’t want it to.
It’s not just tech support. You lose newer and more advanced features. Sure you can still compile the latest mozilla browser yourself, but you are going to lose some of the new features in mozilla 2.0 if you don’t turn the damn thing on.
As one individual said once on osnews, regarding DRM, they will try to tell you that there is nothing to worry about, as they are attaching electrical cables to your chair. There is no way in hell I can trust Microsoft with my privacy.
I’ll use DRM on Linux because than I know that it will be done the right way.
That’s what patches are for. It’s enough to know what funcionality you’re getting via the patch while you can safely remain oblivious to the code changed.
i just find that a little too convenient myself.
What if some of them conflict with 3rd-party software that you absolutely need? Will Microsoft be liable if their patches break your system?
It’s difficult to predict how Microsoft will use DRM as a strategy, however you can be guarunteed (that the english language sucks) that they do have a strategy to block out the competition. We’ll have to wait and see, but it’s not hard to imagine that music and video production companies will make deals only with Microsoft and not the Free Software Foundation (FSF). I think that Linux users might be forced to buy Richard Stallman songs that he produced in this garadge before he could afford real drums and when he used upside down garbage cans and empty soup cans to as substitutes. The other choice will be Eric Raymond and the piano. Don’t worry, the FSF will build their own free music if the recording industry chooses to go the proprietary route.
Apple already locks out any os other than os x on their newest systems. Why doesn’t that scare any of you? But the thought that ms might, I repeat might, try to do the same has you shaking in your boots. Even if they did abit and asus would still have non-locked boards since their stuff isn’t really used in oem machines. Heaven forbit we lose gigabyte and msi.
I agree kobold nobody except that vocal minority of “I hate ms because they’re evil and out to get everyone” would care if they did an md5 check. Your second idea is interesting, but I don’t know if its implementable.
1) If they sent “megabytes” to fix a 20 byte file, what were the other million or so bytes for?
The installer. Patches assume that the setup engine is never present or up-to-date on the target machine, therefore they always carry the full installer core and GUI. This makes them more robust, but also a lot bigger
3) Why is Microsoft automatically installing anything on my system?
Because if you are ignorant or irresponsible enough not to even think about it, it’s better for you and everyone else. If you do know and care, you disable automatic updates
Am I consulted about these updates by default?
Usually, user confirmation is necessary
MS Patching protocol will probably be found and figured out, and used to automatically spread worms, since every computer thats left on and has a boardband connection would be available for use in a massive massive ddos against whomever.
Patches are digitally signed. If your certificate database or base system haven’t been compromised, you can tell true patches from the fake ones by their digital signature
some german site a while back started examining the curernt windows protocol that examines your computer when you click “windows update”
Come on, it basically turned out Windows Update is a… search engine! just a damn search engine for, guess what? updates for Windows. Oh my, oh my! Windows Update asks for the vendor and model of my sound card before it lets me download updated drivers! the bastard identity thieves at Redmond! they’re profiling me! etc. etc. etc.
I should also point out that the group that researched Windows Update had to force hooks into Internet Explorer because they couldn’t just sniff the connection, as it ran through SSL. In other words, Windows Update is even safer than a search on Google
Every time I use Windows Update, my hard disk is searched and any good files are copied and sent to Redmond for inspection.
The GPL protects us because even though it’s certain that Microsoft will steal the code, they can’t use it if it is liscensed under the GPL.
I think that the GPL rivals Linux itself as the best technology.
Indeed. We must remember whom we are dealing with here. If Bill had a history of being altruistic with the welfare of all mankind at heart as he attempted to bring to the world the best and securest software, we would all be well advised to let him handle the DRM for 90 something percent of us. But that’s not quite the case, is it? It’s the same as hiring a security guard, really. You would not be advised to hire an ex-convict to watch your property when you’re not there…
“Yes, I do. Why else would MS be moving to integrate Windows with a machine’s BIOS (see previous OS news story on this)? What favorable end result for MS would that yield? MS-only boxes, obviously. Anybody who thinks MS wouldn’t stoop to that level hasn’t read a lot about the history of MS.”
Wow, you completely didn’t read the article, in which Gates says not only does he have no plans to integrate Windows with a BIOS, but that Microsoft hasn’t spoken with Pheonix in 5 years and Gates considers the BIOS obsolete anyway since Windows XP barely uses any of it.
So much for that FUD.
I think the current update system on XP works fine for people that know about it. It first tells you that patches are available, the severity, what they fix, links to the knowledge base artical.You choose which patches to download. When they are downloaded it again lets you choose which patches to install. You can’t ask for much more freedom than that.
The trouble is the people who don’t know about it. I’ve seen people who have been using XP for a year, every couple of hours they get a notification balloon “Stay current with automatic updates” the trouble is they just ignore it. It is for these people that Microsoft should turn on automatic patching by default.
If you know enough to know that there is automatic patching, then you will know enough to turn it off if you want to. By turning it off you will probabaly have to agree to take responsibility for the security of your own machine.
Regarding patch sizes the new version of the MSI installer is working on all those issues. XML files describing which patches need to be installed in which order. Full roll-back capabilities for individual patches. etc. If MS could ensure that every machine had an up to date installation engine installed then all that would be required would be the patched library and a script file.
So the final issue is the rebooting. Most patches don’t actually require reboots it is just a way to make sure that all programs reload the newer version of the library. If there was a way of working out which applications were actually using the library, and telling you to restart just those it would be better. Also system services could just be stopped and restarted with minimal fuss. Thats another area the new MSI system is working on.
>>Just call up Dell or Gateway, and order a computer without an operating system. MS doesn’t allow that…<<
I did just that with Dell two times in the past three months. Granted, they were servers, but you can order computers from Dell without an OS installed.
“Sounds like 2006 is a good year to make the Linux switch. It’s what I’m planning on doing. I sure don’t want DRM on my box, nor the other “features” Longhorn has in store for us. By 2006 Linux will be more than ready for the desktop.”
By that time, so will AmigaOS, MorphOS, Mac OS XI, and several others.
“The solution to this isn’t so hard: Microsoft could just patch your system while notifying you at the same time that it is patching your system, and why. That’s what Apple does with OSX.”
Actually this is nice in theory, but a problem for enterprises. MS Patches have a history of breaking applications, so all patches need to be tested first to make sure they do not. Any type of auto-install i snot a good thing for MS. For home users it is fine, just not in an enterprise environment. I don’t know OSX so it may work fine there, but with MS it does not.
Where does it say it won’t inform you? It most likely will since auto update informs you.
I didn’t say it didn’t; I was refuting an argument based on the premise that it didn’t. Didn’t you read what I was quoting?
Apple already locks out any os other than os x on their newest systems.
That’s simply not true.
http://www.yellowdoglinux.com/products/
This would not be possible if OS X locked out any other OS.
Actually this is nice in theory, but a problem for enterprises. MS Patches have a history of breaking applications, so all patches need to be tested first to make sure they do not.
Look, ALL I AM SAYING is that there is no need for Microsoft to ensure security by auto-installing without notifying the user. That’s all my post says. Reading anything else into it is just that: reading something else into it.
I have not said (a) Microsoft is in fact installing software without the user’s knowledge (I don’t use their OS, and I don’t care to inform myself); nor (b) that auto-install is a necessary thing for security.
I am only pointing out that CooCooCaChoo’s attempt to justify a hypothetical installation of software without the user’s knowledge, is not a valid argument.
“Just call up Dell or Gateway, and order a computer without an operating system. MS doesn’t allow that…”
Well, then somebody better tell Dell! Look at the PowerEdge 400SC on the page. They have been selling this system without an OS for quite some time now.
http://www1.us.dell.com/content/products/category.aspx/enterprise?c…
“Apple already locks out any os other than os x on their newest systems. Why doesn’t that scare any of you?”
Then why does Yellow Dog Linux run great on these systems? Just a question….
“Every time I use Windows Update, my hard disk is searched and any good files are copied and sent to Redmond for inspection.”
The sad thing is people actually believe that FUD.
It does become believable when they have in the past collected information on the files you played with media player. I believe they got nailed and turned that off by now though. At first they said they were not going to, but that was pre DOJ.
“Look, ALL I AM SAYING is that there is no need for Microsoft to ensure security by auto-installing without notifying the user. That’s all my post says. Reading anything else into it is just that: reading something else into it.”
If that is the case I definitely misunderstood your post, or rather took it literally. My apologies.