Cringely: MS To Hurt Linux Via USB Enhancements 877
frogspit writes "In this article, Cringely suggests that MS's proposed enhancements to USB to address security issues have the added benefit (for them) of hurting Linux."
This discussion has been archived.
No new comments can be posted.
Cringely: MS To Hurt Linux Via USB Enhancements
Related Links Top of the: day, week, month.
Intel CPUs are not defective, they just act that way. -- Henry Spencer
Re:I hate this guy (Score:2, Informative)
MSFT isn't scared of linux on the desktop
That's not what Ballmer has been saying [linuxworld.com] recently.
Re:Not the end of the world... (Score:4, Informative)
Uhm....asumming Linux doesn't adopt this lame thing, it won't matter. Older devices will only suffer from read-only'age on windows. MS's evil business practices haven't been getting the warmest of welcomes lately. They can only go on for so long bullying everyone else and building on their monopoly. Eventually MS is going to be reduced significantly, it's just a matter of when.
DMCA (Score:5, Informative)
And copyrights...
Watch, MS will copyright some key element that allows the OS to interface with the USB devices - prohibiting anyone from making compatible software.
On top of that, if you simply bypass their key element - it's copyright circumvention because it bypasses that security check or whatever that MS implemented.
I'm not saying that's the way it's going to be - but it's a possibility.
In the end, though, it doesn't matter what MS tries to do - they're not going to cripple FOSS. The nastier they get, the less people care for their company and products. That means more people to FOSS and other competition - and less political influence for Microsoft to continue out it's battle. (Not that I want to see MS gone, but perhaps when they're not the biggest kid on the playground they'll have to behave themselves a bit more.)
Re:I'm suspicious of this too... (Score:3, Informative)
Places that are really security-conscious will put any computers with sensitive data on an internal, secure, non-Internet-connected network, make their machines physically secure so that they cannot be opened without a key or special equipment, and disable any ports on the machine if they can. Apparently, USB ports are still a vulnerability that these security-conscious companies would like to take care of.
Of course, companies who are really *that* security-conscious shouldn't be running Windows in the first place. Linux would be much more suitable in that type of environment.
Re:bad presumption.... (Score:5, Informative)
And MSFT knows this would make the original idea worthless. It won't happen. Upgrade or suffer with using old programs.
What about legacy auto/component players?
What about them? You want to listen to the new music then buy a new player. It's not exactly as if your VHS player plays DVDs. Sure, you can get VHS movies currently but I would go out on a limb to suggest that eventually they will be discontinued for DVD and its successors. You can continue to watch your old media no problem but you won't have access to the new features.
Here's to hoping the OpenBIOS project can workaroud some of this junk.
Sure, you can run all the free software in the world on your OpenBIOS computer. You will not be able to watch media, listen to media, surf the net, etc, because everything will require a "trusted" computer.
Yeah, it's paranoid, yeah it's probably unlikely, but this is where we are headed whether we like it or not.
Re:Not a chance (Score:5, Informative)
Anyway. There's been slashdot articles about other media format interpreters being susceptible to buffer overflows recently as well, so you can't even claim that it's only Microsoft here. Yes, even on linux. *Gasp*
I'm not even trolling here, I much prefer Linux to Windows, but this damned zealotry has to stop. I am, however, probably feeding a troll.. *sigh*
Re:DMCA (Score:5, Informative)
Ahh, but this avenue of attack has taken a severe blow from the courts recently. In the Chamberlain v. Skylink case, Chamberlain did much what you suggest with their garage door openers: put some software code in it that handled the key exchange between its transmitter and receiver. When Skylink came out with a transmitter that could open Chamberlain door openers, Chamberlain claimed Skylink was circumventing an access-control mechanism and took them to court over it.
Chamberlain lost. [corante.com] The court basically said, if it's your hardware, you've got the right to access it, and that Chamberlain's proposed construction of the DMCA was too unreasonable to accept. There had to be a genuine case of copyright infringement at hand before the DMCA's anti-circumvention provision could be invoked, and the court found there wasn't one in Chamberlain's case. (That in itself is a good statement; the DMCA itself doesn't actually state that, and until that ruling I had been thinking it could very well make an end-run around public domain works or fair use.)
I would think that trying to pull the same stunt around accessing your own USB device on your own computer would meet with a similar result. (Although, there's the matter of printer cartridges, which the courts haven't seemed to have issued a similar slap-down on...)
Sorry, but TFA is a total nonsense (Score:3, Informative)
More, I bet my hat the OSS implementation of anything standardized will be more compatible, more secure and less buggy than Microsoft one. Linux drivers included.
Funny part of it is, banning USB disks will bring on alredy existing technology: ethernet disk drives. SATA over IP. With Microsoft's history of networking code nonquality, there is nothing to be afraid of.
Re:Best reason to vote Bush out (Score:1, Informative)
You are confusing "reproductive rights" (== right to reproduce or not reproduce == right to have sex/not have sex/use condoms, etc/self-sterilize) vs "right to kill babies". Your "reproductive rights" are unenfringed.
Hint: if an organism that is the product of 6 months of development from a human ova, has full human rights laying in a hospital crib, it should have full human rights anywhere else, reguardless of physical location, or connection to anything or anyONE else.
Re:Best reason to vote Bush out (Score:2, Informative)
im probably best defined as a libertarian(sp?) with some conservative qualities.
ignoring the flaming i am sure i will recieve over this upcoming can of worms...
as far as abortion, what about the rights of the baby? at what point is it considered an entity with rights? conception? 1st trimester? 2nd trimester? 3rd trimester? birth? when they reach legal adulthood(18 in the US)? if the latter, should parents be able to kill their born children since they arent old enough to be considered a legal adult and therefore have rights? there is an old quote that goes somewhat like "my right to swing my fist ends at the other man's nose". so while you might have these reproductive rights you referenced, does not the baby have the right to life and by killing it you are infringing upon those rights?
quid pro quo (Score:3, Informative)
You got that right! In return for joining Bush's coalition of the willing, Australia's reward was a free trade agreement with the US. But before that takes effect, Australia has to harmonize their copyright and IP laws with those of the US - including an Australian version of the DMCA and software patents.
Don't take my word for it - read about it here [google.ca]Re:DMCA (Score:2, Informative)
Copyrights and patents are not the same thing. You can't copyright a way of doing something. They'll certainly copyright their code, but that doesn't matter to anyone developing alternate drivers -- since they never see the code, they can't possibly infringe on the copyright.
Patents are another issue. If they can patent something critical and get it adopted as a standard (even a de facto standard), they can cause serious problems for free software. Is it just me, or does that seem to be what they've been trying to do lately?
File permissions (Score:2, Informative)
You can already lock down USB devices with i:scan (Score:1, Informative)
How will this work? (Score:3, Informative)
Is he suggesting that hardware manufacturers are going to build a piece of hardware that will only work on Longhorn?
OK, I'm starting to see devices that require Windows XP so I guess so, but I can't imagine that one day we'll wake up and find that it's impossible to buy USB drives that work under Linux. If they do start making these drives that are compatible with the Longhorn standard, they'll be reverse-compatible with the older standard as well so they can maintain the OS X/WinXP/etc market. No problem.
The result if this happened would be that those with Longhorn would be unable to use their existing devices except as read-only, and those with older/different OS's would be able to use whatever they heck they wanted. Not exactly good publicity.
The only way something else would happen is if Microsoft told vendors "You can't make dual-mode driver chips; we own the standard and we'll hunt you down if you try to mix our new standard with the old standard." This seems like asking for a lawsuit though.
USB 2.0 sucks anyway. (Score:1, Informative)
Firewire is technically superior to USB 2.0 in every respect.
Even though Firewire "a" is rated at 400Mbit/s and USB 2.0 is rated at 480 Mbit/s, Firewire usually has a higher sustained transfer rate than USB 2.0.
Firewire has more power than USB 2.0
Ilink is Firewire without the power. Why??? This is a stupid idea.
Firewire "b" is rated at 800Mb/s. Smokin!...for those of us who could actually use it. Such as in multiple daisy chained devices.
Re:Not a chance (Score:2, Informative)
You do need to find an edit control running as "root" on the same desktop though. Which means that if someone really hates you, "Run As" is not safe.
you can send a WM_TIMER message to it and tell it to callback to a function pointer, and execute arbitrary code.
You can avoid that hole. Well, sometimes you can avoid that hole. Anywhere that you control the message loop, you can validate WM_TIMER messages before handing them over to DispatchMessage. Of course this means that you have to handle any modal operation in your own code, including message boxes and common dialogs. Not pleasant at all, but somewhere within the realm of possibility.
The problem comes from the fact that any user can send a message to any other HWND, and the code executes as the owner of the control, not the person who sent the message.
The problem comes from the fact that WM_TIMER passes a code pointer in its parameters, that it execute the code at all. And it's not that messages are insecure, allowing anyone to send messages to any window is a valuable IPC pathway. (well, blocking cross process WM_TIMER would probably be fine.) It's that Windows trusts them despite their insecurity.
A similar bug probably exists with window properties and drag&drop. (I haven't actually tried changing the pointers from external code.) Windows trusts code pointers stored in insecure locations. Bad stuff.