Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Microsoft Software Linux

Cringely: MS To Hurt Linux Via USB Enhancements 877

frogspit writes "In this article, Cringely suggests that MS's proposed enhancements to USB to address security issues have the added benefit (for them) of hurting Linux."
This discussion has been archived. No new comments can be posted.

Cringely: MS To Hurt Linux Via USB Enhancements

Comments Filter:
  • by garcia ( 6573 ) * on Friday September 17, 2004 @01:02PM (#10277864)
    Oh, you'll be able to upgrade your 2004 or 2005 PC to Longhorn, but it will never work quite as well as a new 2006 PC actually designed to run the OS. This is called marketing, folks, and it is what keeps us buying new PCs and other electronic devices over and over again.

    Nah, they are going to make it move from marketing hype to marketing reality. They want to DRM the OS, the BIOS, and the peripherals so that they can lock out whoever and whatever they want.

    They have already made the deals w/Phoenix to make a MSFT certified BIOS that will enable them to not boot "insecure" OSs. They are in talks to get the RIAA to support a format to make CDs unreadable in machines other than those running Windows (I presume this would include insecure versions of Windows as well). They are working to get the MPAA to agree to allow them to distribute movie materials via WMP which will likely lead to DVDs "protected" with MSFT products.

    So they aren't just going to have use buying PCs over and over again to keep up with their protection schemes... They are going to have us buying everything over and over again.
    • by TopShelf ( 92521 ) on Friday September 17, 2004 @01:06PM (#10277914) Homepage Journal
      BAH - Microsoft would never get away with such blatantly anti-competitive, monopolist tactics. I predict the DOJ would be able to stop such activity by 2020 or so...

      By which time of course USB will be a distant memory.
      • by unicorn ( 8060 ) on Friday September 17, 2004 @01:29PM (#10278175)
        I don't think Longhorn will be shipped by 2020.
        • by yokimbo ( 525881 ) on Friday September 17, 2004 @01:43PM (#10278327) Journal

          I don't think Longhorn will be shipped by 2020.

          It'll be here. Main new features:

          • New default desktop background picture.
          • New "My Computer" icon.
          • New "Recycle Bin" icon
          • And lastly, a brand new "My Documents" icon.

          Do yourself a favor, run Linux or get a Mac.

          • Don't forget, new security holes. Given that we've now seen how Windows machines could be compromised with BMPs or JPGs (with suitably old versions), it's just a matter of time until someone figures out how to root a Windows box through an edit control.

            Also, you forgot to add, another in Microsoft's long running series of increasingly ugly boot screens. Even since Windows 3.1, each successive version of Windows had an uglier boot graphic.

            Oh, yeah, the new desktop theme will make everything looks like ch
            • Re:Not a chance (Score:5, Informative)

              by spectral ( 158121 ) on Friday September 17, 2004 @02:02PM (#10278568)
              It's already possible to root Windows through an edit control, unless they patched that bug. The way the windows security model works, if there's an edit control in an app that has system privileges (I think McAfee virus scan used to show one), and you get the HWND of this edit control, you can send a WM_TIMER message to it and tell it to callback to a function pointer, and execute arbitrary code. The problem comes from the fact that any user can send a message to any other HWND, and the code executes as the owner of the control, not the person who sent the message.

              Anyway. There's been slashdot articles about other media format interpreters being susceptible to buffer overflows recently as well, so you can't even claim that it's only Microsoft here. Yes, even on linux. *Gasp*

              I'm not even trolling here, I much prefer Linux to Windows, but this damned zealotry has to stop. I am, however, probably feeding a troll.. *sigh*

              • Re:Not a chance (Score:5, Interesting)

                by ConceptJunkie ( 24823 ) on Friday September 17, 2004 @02:29PM (#10278908) Homepage Journal
                No you're not. I'm actually a Windows developer. I'm just absolutely sick of Microsoft talking a good game but not backing it up.

                Just like a presidential candidate, MS has been promising to take security seriously for about 4 years now and yet, nothing ever seems to get better. Candidates make all kinds of bold promises, knowing full well that when it comes time to deliver, excuses can easily be made. Bugs get fixed reasonably well, but the rate new exploits show up has, if anything, increased. Linux is real competition, but MS's main strategy seems to be FUD and flexing their monopoly (see the USB story today).

                I often spend more time trying to get MS software to work than I spend writing my own code from scratch, so if I troll against MS now and again, it's for reasons like that.

              • Re:Not a chance (Score:5, Insightful)

                by Foolhardy ( 664051 ) <(moc.liamg) (ta) (23htimsc)> on Friday September 17, 2004 @05:22PM (#10280524)
                McAffe created an insecure program. It's not the first time a third party program has comprimised security. They failed to follow Microsoft guidelines (since NT 3.51), and I quote []:
                Services running in an elevated security context, such as the LocalSystem account, should not create a window on the interactive desktop, because any other application that is running on the interactive desktop can interact with this window. This exposes the service to any application that a logged-on user executes. Also, services that are running as LocalSystem should not access the interactive desktop by calling the OpenWindowStation or GetThreadDesktop function.
                You are supposed to create a client process that runs as the current user and use a pipe to communicate with your service.
                Interactive services are abused so often Microsoft would like to stop supporting them, but it would break too many third-party apps.
                Also, every window has an ACL; if a process isn't on the allowed list then it can't send messages. McAffe could have used the SetUserObjectSecurity [] function available since NT3.1.

                Not knowing how your target platform works is no excuse for creating an insecure application.
            • Re:Not a chance (Score:5, Interesting)

              by Baseclass ( 785652 ) on Friday September 17, 2004 @02:50PM (#10279137)
              Yes, Microsoft has done the impossible. I've always told my family and friends that it wasn't possible for image files to maliciously damage their PCs.

              I stand corrected however. Kudos to Microsoft.

          • by Ann Elk ( 668880 ) on Friday September 17, 2004 @03:32PM (#10279539)

            You forgot the new & improved "ta-da" sound played when you boot the computer. This is a critical component -- it must be pleasing to the ear, as all Longhorn users will hear it several times a day.

    • by hummassa ( 157160 ) on Friday September 17, 2004 @01:25PM (#10278117) Homepage Journal
      1. I won't buy any hardware that hash such encumbrances, as an end-user.
      2. In my country DMCA-style laws won't pass because (a) they would be inconstitutional (b) we would not like them ... obviously GWB&cia can come here and "liberate" us from our democratic constitution or protect the rainforest or other gibberish like that, but somehow I hope not.
      3. I won't buy any such hardware as a sysadmin because of vendor lock-in and associated costs. I can graft a spreadsheet proving it as a bad business move in 5 minutes. I did it before.
      4. People in the USofA may buy stuff again and again but in other, not-so-rich parts of the world, we tend to make our stuff last a little bit more. My government-owned day-work computer is 4 years old and I'll have to cope with it for 2-3 more years. If USB ports were a problem here, they would be disabled in the BIOS and/or soldered.
      I probably had more to say, but I'm not feeling very well today.
      • by Doc Ruby ( 173196 ) on Friday September 17, 2004 @01:43PM (#10278323) Homepage Journal
        The DMCA is unconstitutional here in the USA, too, but that hasn't stood in its way. Don't get too smugly complacent. Watch out for the creep of DMCA laws in your own country, and support the development of tech that keeps us free from such laws and these marketing conspiracies.
        • by hummassa ( 157160 ) on Friday September 17, 2004 @02:04PM (#10278612) Homepage Journal
          It's really difficult to do such down here. To change the Constitution is kind of hard. We have a lawsuit called ADI ("Ação direta de inconstitucionalidade" -- inconstitutionality direct strike) that can be entered directly in our Supreme Court by any of our 30+ political parties, by our General Independent Counsel, or by any interested party (me for instance), and has been used a lot to strike unconstitutional laws passed by our Congress.

          But beyond that, our current political climate is pro-FreeSoftware, anti-USofAn-monopolies, anti-MS, very, very strongly. The country and the politicians (mostly) agree with Peru's Congressman Edgar Villanueva (see here []) arguments in favor of Free Software as a mean to save money in dollars that escape our borders when they go to MS, as a mean to protect our national security because we don't know the possible backdoors in proprietary-closed-sourced-software, as a mean to generate jobs in services, as a mean to generate know-how inside the country, etc.

          And, on top of it, many many techs like me are ready to get "in arms" in the case DMCA-shit/Software-patenting-shit creeps into our legislation -- we're watching it!
        • quid pro quo (Score:3, Informative)

          by why-is-it ( 318134 )
          Watch out for the creep of DMCA laws in your own country

          You got that right! In return for joining Bush's coalition of the willing, Australia's reward was a free trade agreement with the US. But before that takes effect, Australia has to harmonize their copyright and IP laws with those of the US - including an Australian version of the DMCA and software patents.

          Don't take my word for it - read about it here []

      • by vrt3 ( 62368 ) on Friday September 17, 2004 @01:59PM (#10278530) Homepage
        1. I won't buy any hardware that hash such encumbrances, as an end-user.

        Let's all hope that it will be possible in the future to even buy hardware without said encumbrances, and that it will interoperate with other machines.
    • I'm not, in any way, disagreeing with your assessment. But I think what will happen with the public at large is: If the financial burden is light enough, they'll go along with it. Microsoft just needs to find the threshhold of pain the public is willing to withstand and shoot just under it.

      IMHO (and this jusy may be because I've got a good paying job) I have no problems paying DishNetwork for their protected access to AV content. How is THAT different from a Microsoft Cartel doing the same thing for the same (or less) money?

      Sooner or later, you're going to want to jump over to that processor that's 5 times faster, and the drive that holds a TB or two, or your system will fail and you're stuck buying the stuff whether you want to or not.

      It's _kind_ of like the Froenhofer(sp?) MP3 licensing...did you notice it when you bought your mp3 player? I'm fairly certain you DID pay for the priveledge of using mp3s.

      As for buying stuff over and over, that's the primary tennet of 'planned obsolecense' economics.
    • I read the story, but my take on it is this: It's jaded overreaction. My arguments:

      Microsoft has historically bent over backwards to make their software backwards compatable. You can run all sorts of outdated hardware on the Windows OS. The only reason that current versions of Windows won't install on a 386 (via software lockout) is because MS doesn't want your computing experience to be ruined because of hardware issues. ("Hey, W2003 is crappy because it runs too slow on this 386!")

      Think about it, yo
  • by g-to-the-o-to-the-g ( 705721 ) on Friday September 17, 2004 @01:05PM (#10277902) Homepage Journal
    "To make USB ports really secure we'll need a modified USB standard," says one of the geeks. "The USB device makers will love this because they can sell another billion devices. We'll change the BIOS and the OS so that older, non-serialized, devices can be used but just for read-only applications. So you can still hook-up your older digital camera and download pictures. But to upload any data you'll need a new-standard USB device. Not only will these devices be more secure, but we'll earn a royalty on every one."

    As a gentooer, I'm not too concerned. This sounds like a replay of the sender-ID thing. I somehow doubt that manufacturers will gladly adopt this standard. Also, this doesn't make older USB devices stop working. I doubt it will be the end of Linux as we know it. Windows can support or not support whatever they want, it's not going to change Linux.

    To me, this sounds more like Cringely being Cringely.

    • And how does this make things "more secure"? Allowing me to download from a USB device vs. upload seems less secure. Do I already have a virus on my computer and don't want it to get to my older USB device? I guess it's not possible to download a virus from existing USB devices....
      • by Znork ( 31774 ) on Friday September 17, 2004 @01:29PM (#10278174)
        The idea is to prevent people from stealing corporate data via USB devices, as sources have noted that there has apparently been a huge upsurge in data smuggling by use of rectally insertable USB devices.

        Now, some may say that there are other more practical ways of stealing data, like mailing it, ftp'ing it, dumping it over a http connection, reading it from a wlan or something, but as these things require a bit more thought than merely shoving the data up your arse, they are widely regarded as being unlikely security holes, so to speak. Others say that people have had access to cd's, floppy disks and printouts for a long time without data smuggling being a problem needing an industry-wide solution, but they apparently have not tried rectal insertion of these media.

        So to nip this problem in the bud, we need a new USB standard. The only alternative would be supergluing every corporate employees arse shut to prevent this flow of intellectual property out from offices around the world.
        • by pohl ( 872 ) on Friday September 17, 2004 @01:50PM (#10278401) Homepage
          but they apparently have not tried rectal insertion of these media....So to nip this problem in the bud, we need a new USB standard.

          The new standard should go back to the 25-pin D-shaped subminiature physical connector, which would make such insertion painful and dangerous.

        • by killjoe ( 766577 ) on Friday September 17, 2004 @02:04PM (#10278603)
          If your employees are willing to steal your IP then you are deep shit and this isn't going to help.

          If I was a disgruntled employee who had access to valuable information I would sell it to the competitor, if I could not carry the information with me I would sell my username and password to the competitor. While I was at it I would also ask a bunch of my co-workers for their passwords and sell them too.

          If your employees are out to screw you then can do it very easily. If not one way then another. Maybe you should ask yourself why they want to screw your first place.
    • by Daniel Boisvert ( 143499 ) on Friday September 17, 2004 @01:14PM (#10278007)
      As a gentooer, I'm not too concerned. This sounds like a replay of the sender-ID thing. I somehow doubt that manufacturers will gladly adopt this standard. Also, this doesn't make older USB devices stop working. I doubt it will be the end of Linux as we know it. Windows can support or not support whatever they want, it's not going to change Linux.

      This is entirely different than the Sender-ID thing, namely because Microsoft has HUGE influence over the hardware vendors, whereas their mail servers are only a (comparatively) small part of the market. With Sender-ID, MS can't afford to do their own thing and break interoperability with the rest of the world, because they're not a large-enough player. With PC hardware, they can and want to do just that, because it helps to ensure they retain their monopoly.

      If anything will stop them in my opinion, it's that the PC hardware vendors will hold off on implementing their DRM plans, knowing how much consumers hate them. Either that, or the first few chipsets sold with this DRM crap will fail miserably in the market, and hardware vendors will scrap it outright (much like the V-Chip crap with TV's awhile back).

      To me, this sounds more like Cringely being Cringely.

      Well, that much I can agree with. ;)
      • by Slime-dogg ( 120473 ) on Friday September 17, 2004 @01:26PM (#10278125) Journal


        Fortunately, most MS hardware specs fail in the marketplace.

        .NET isn't even able to save the pocketPC.

      • v-chip (Score:5, Insightful)

        by Detritus ( 11846 ) on Friday September 17, 2004 @01:27PM (#10278142) Homepage
        Every TV, 13" or larger, sold in the USA, has a v-chip. It's an FCC regulation and mandate. The vendors don't have a choice about it.
      • by clifyt ( 11768 ) on Friday September 17, 2004 @01:27PM (#10278150)
        " (much like the V-Chip crap with TV's awhile back)."

        Huh? VChips are in most TVs today.

        Its a great piece of helps the gov't allow parents to restrict what the parents want the kids to watch without having to pass draconian laws censoring the general public. I would never use it, but it it keeps even one religious freak from screaming about whats on the airwaves and getting in my congressmans face about it, I'm all for it.

        As a side note, I was trying to get an older TV of mine working as my current one just died last week...I was surprised when I went through the setup that it had the Vchip in it because I never messed with it. Simple to use and it doesn't screw with anything else. Thats the way technology should be...I have no problems with folks deciding what they want to watch in their own homes...
        • Its a great piece of helps the gov't allow parents to restrict what the parents want the kids to watch without having to pass draconian laws censoring the general public.

          My parents had a similar device. It was called fscking paying attention to what I was watching.

          Thats the way technology should be...

          Dictated by the government, no longer an option for individual consumers, and increasing the cost for everyone when only a small minority will use it? I'm not entirely convinced that's the way

    • by borroff ( 267566 ) on Friday September 17, 2004 @01:18PM (#10278053) Journal
      Cringely will keep being Cringely as long as Microsoft keeps being Microsoft. The computer industry could put Cringe out to pasture just being limiting themselves to boneheaded errors instead of predatory behavior. It's possible that he overstates the case, but we've gotten so jaded by other examples of this type of behavior that he may have to make a stink just to cut through the pervasive air of apathy.

      Sure, you can say that Microsoft is just trying to maximize their profit, but I would submit that in a perfect world, they would be doing that by offering a better product, rather than locking out the competition. Is it conceivable that they could have added these features in such a way that didn't make USB incompatible? Absolutely. And I bet everyone got a big laugh at that one.
    • by Alsee ( 515537 ) on Friday September 17, 2004 @06:08PM (#10280864) Homepage
      I somehow doubt that manufacturers will gladly adopt this standard.

      Really? I suggest you try to find a soundcard that isn't Secure Audio Path (SAP) compliant. Practically none of then advertize that fact because SAP is an anti-consumer intentioanlly crippling of the soundcard, however every Windows Compatible soundcard has it. They all have it simply because Microsoft announced that they HAD to have it to be Windows Compatible. If you try to play certain flagged WindowsMedia format files Windows will pop up an error message and refuse to play the file unless the soundcard is SAP compliant. Anyone who attempts to complain about the problem to Microsoft will simply be told that the problem is that their incompatible soundcard.

      It just isn't possible to survive in the PC hardware market if your product doesn't work with Windows. How many people will buy a USB-product that doesn't work when you plug it into a Windows PC? How many support calls and returns would they get when the product doesn't work and Window pops up a message saying there is something wrong with the product?

      Every BIOS maker is making a Trusted Computing BIOS simply because Microsoft dictated that only a Trusted Computing BIOS will be fully compatible with the next version of Windows. The expectation is that Trust chips will be standard on ALL motherboards in a few months simply because Microsoft dictated that only a Trusted compatible motherboard will be fully compatible with the next version of Windows.

      Microsoft now has the power to dictate virtually any hardware they like because any manufacturer who does not comply will be driven out of the business by those competititors that do comply and have their hardware shipped with every new Windows PC.

  • Linux will adapt (Score:5, Insightful)

    by Tyndmyr ( 811713 ) * on Friday September 17, 2004 @01:06PM (#10277916)
    Now, before this becomes flooded with people screaming against the latest evilness from MS, I'd like to say that, while I haven't actually seen the lisence, I highly doubt it prohibits someone making an alternative driver for the USB port. Certainly, some bright coders will be working on this. I'm just not seeing this as a major problem for linux, though I do agree that MS does dominate hardware standards.
    • by GreyPoopon ( 411036 ) <gpoopon@gma[ ]com ['il.' in gap]> on Friday September 17, 2004 @01:19PM (#10278059)
      Somebody mod the parent up, or please post a reason why this is any more a Linux kill than any other new piece of hardware. I'm trying to find some information about why somebody couldn't just create a Linux driver to interact with the new USB devices. Is there a patent at work here that I'm not aware of?
    • DMCA (Score:5, Informative)

      by GoMMiX ( 748510 ) on Friday September 17, 2004 @01:28PM (#10278155)

      And copyrights...

      Watch, MS will copyright some key element that allows the OS to interface with the USB devices - prohibiting anyone from making compatible software.

      On top of that, if you simply bypass their key element - it's copyright circumvention because it bypasses that security check or whatever that MS implemented.

      I'm not saying that's the way it's going to be - but it's a possibility.

      In the end, though, it doesn't matter what MS tries to do - they're not going to cripple FOSS. The nastier they get, the less people care for their company and products. That means more people to FOSS and other competition - and less political influence for Microsoft to continue out it's battle. (Not that I want to see MS gone, but perhaps when they're not the biggest kid on the playground they'll have to behave themselves a bit more.)
      • Re:DMCA (Score:5, Informative)

        by optimus2861 ( 760680 ) on Friday September 17, 2004 @02:30PM (#10278913)
        Watch, MS will copyright some key element that allows the OS to interface with the USB devices - prohibiting anyone from making compatible software.

        On top of that, if you simply bypass their key element - it's copyright circumvention because it bypasses that security check or whatever that MS implemented.

        Ahh, but this avenue of attack has taken a severe blow from the courts recently. In the Chamberlain v. Skylink case, Chamberlain did much what you suggest with their garage door openers: put some software code in it that handled the key exchange between its transmitter and receiver. When Skylink came out with a transmitter that could open Chamberlain door openers, Chamberlain claimed Skylink was circumventing an access-control mechanism and took them to court over it.

        Chamberlain lost. [] The court basically said, if it's your hardware, you've got the right to access it, and that Chamberlain's proposed construction of the DMCA was too unreasonable to accept. There had to be a genuine case of copyright infringement at hand before the DMCA's anti-circumvention provision could be invoked, and the court found there wasn't one in Chamberlain's case. (That in itself is a good statement; the DMCA itself doesn't actually state that, and until that ruling I had been thinking it could very well make an end-run around public domain works or fair use.)

        I would think that trying to pull the same stunt around accessing your own USB device on your own computer would meet with a similar result. (Although, there's the matter of printer cartridges, which the courts haven't seemed to have issued a similar slap-down on...)

    • by Mysticalfruit ( 533341 ) on Friday September 17, 2004 @01:42PM (#10278314) Homepage Journal
      I'm sure some smart coder would create an alternative driver to work with the USB port. The problem would be the gackle of MS lawyers that would come after him. Barring him, they'd go after every ISP that hosts the driver. Then they'd go after every person who every downloaded the driver, etc.

      I actually don't think that USB will be what the big fight will be over. I think Cringely has the right idea, just the wrong piece of hardware.

      My fear is MS getting into bed with the BIOS people and creating a closed standard DRM BIOS. So when you go pop in the boot CD of your favorite distribution you get the bios error:

      "Bootable Media doesn't not contain valid authentication signature".

      That's my fear.
  • Enhancements (Score:3, Interesting)

    by Zorilla ( 791636 ) on Friday September 17, 2004 @01:07PM (#10277929)
    If enhancements were to be made to USB, information on the specs would have to be provided as well, and hopefully not just to those who fork up the dough for it. In this case, saying it would hurt Linux would be saying that the development for an enhanced USB interface would take a really long time. I doubt it would be true if support was important enough. Was supporting USB 1.1 and 2.0 in Linux really a pain at all when it came out?
  • I hate this guy (Score:5, Insightful)

    by stratjakt ( 596332 ) on Friday September 17, 2004 @01:08PM (#10277940) Journal
    There IS a new USB standard in the works and it is at the heart of Microsoft's sudden interest in USB security. Co-developed with Intel, the new USB standard specifically excludes Linux and probably OS X devices as well. I'm told the Intel folks are quite embarrassed about this, but feel powerless to do anything about it.

    Links? Can you back this up with any actual facts?

    Show me the new published standard that "specifically excludes linux and probably OS/X".

    And if he's so sure it specifically excludes Linux, why is he doubtful about OS/X?

    I call bullshit and flamebait on this entire article.

    MSFT isn't scared of linux on the desktop, they have absolutely no reason to be.
    • Re:I hate this guy (Score:5, Insightful)

      by CatGrep ( 707480 ) on Friday September 17, 2004 @01:31PM (#10278184)
      And if he's so sure it specifically excludes Linux, why is he doubtful about OS/X?

      In the case of OSX, Apple may be able to pay a licensing fee to get the new USB hardware standard included in their machines. Apple controls it's own hardware and though they make heavy use of Open Source (Darwin, FreeBSD) they have no problem with paying licensing fees if they're reasonable.

      MSFT isn't scared of linux on the desktop, they have absolutely no reason to be.

      And they had no reason to be scared of losing the browser wars either (which they had assumed they had won), but lately IE has been losing quite a lot of market share to the likes of FireFox, Mozilla and Opera (but especially FireFox).
  • by revery ( 456516 ) * <> on Friday September 17, 2004 @01:09PM (#10277947) Homepage
    Is it bad that after reading this article, my sole reaction was to run through our building yelling "USB belt buckles!!" like some sort of geek version of Paul Revere...

    I'm so embarrassed....


    Was it the sheep climbing onto the altar, or the cattle lowing to be slain,
    or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.
  • by poot_rootbeer ( 188613 ) on Friday September 17, 2004 @01:11PM (#10277963)

    Cringely and his sources seem to believe that Longhorn's USB device restrictions will be based on the concept of "trusted devices", that the hardware itself will have to know whether or not to let the USB host access it.

    I don't see it that way. The implementation I envision is a "trusted user" approach, in which it is access rules defined in the computer's operating system that determine how USB devices can be used.

    A flag in the Registry for each user. When a USB device is connected, depending on its value, the OS will give the user either full read/write access, read-only access, or no access, and will mount the USB volume accordingly.

    Perhaps there are real advantages to the method Cringely believes MS will implement, but I don't see them.
    • by bmwm3nut ( 556681 ) on Friday September 17, 2004 @01:24PM (#10278104)
      but the hardware will treat all devices as "not trusted" unless the (microsoft) OS says "this user is trusted" open the device. the problem isn't that devices (or users) aren't trusted by the OS, it's that the hardware is enforcing the trust. and that to beable to talk to the hardware you'll need to license the protocol or something from microsoft, which will lock out open source/free solutions.
  • Not Practical (Score:5, Interesting)

    by Timber_Z ( 777048 ) on Friday September 17, 2004 @01:11PM (#10277971)
    As big as Microsoft is, they can't simply make useless all usb drives out there with a flick of a switch, as the artical sugests.

    More likly, Longhorn will by default allow standard behavior from usb devices.

    If and only if the administrator of the OS flips a switch will the usb port be (Disabled / Read only / {Custom USB Writeable})

    So while they may require a Longhorn only usb drive, in certain scenario's, regular ones should still work in most situations.

    This is of course only conjecture, only time will tell for sure what will happen.
  • by Assmasher ( 456699 ) on Friday September 17, 2004 @01:13PM (#10277986) Journal
    ...he's the one actually spreading FUD.

    Given Microsoft's already tenuous relationship with the Department of Justice's anti-trust division, sure you don't think they would attempt to lock out Linux and OSX do you? They would get the hell sued out of them.

    Second, what's to stop Apple or another hardware company from coming up with a different solution to the problem that works with Windows and therefore does not suffer from diminished market application?

    Third, and here's where I get crazy, I believe that at some point in the next five years, Microsoft is going to produce Linux software (for crazy reasons that I'll keep to myself until they begin to sound less crazy.)

    • I vote: not so crazy. I am of the opinion (and have been for a couple of years now) that they have a top-secret lab in an underground bunker where they are secretly working on a Windows desktop environment running on a Linux kernel, as well as Linux versions of Office and all their main applications.


      That's what I'd be doing if I were them. They can afford to hedge their bets on this one if they are really as scared as everyone says they are. One of the serious advantages of FOSS platforms is because the up-front costs are so low, you can start development before you decide if you have a product or not.
    • by Astadar ( 591470 ) on Friday September 17, 2004 @01:43PM (#10278321)
      I don't think MS has any fear of "getting the hell sued out of them." They can stall the procedings until their move has crushed the competition (see all previous disputes) and then offer a token "We're sorry, we won't crush Netscape again" apology.

      Getting sued (and being found to be an illegal monopoly) has hardly slowed Microsoft's tactics.
  • by brucmack ( 572780 ) on Friday September 17, 2004 @01:14PM (#10277992)
    How are they making the open standard somehow Windows-only? Doesn't the fact that it is an open standard mean that someone can just put the support for the new standard into Linux and be done with it? Or does the new standard actually rely on some propriatary software from MS?
    • Doesn't the fact that it is an open standard mean that someone can just put the support for the new standard into Linux and be done with it?

      No. First off, you assert that USB is an open standard. It may currently be, however, M$ intends to make some changes to the USB hardware that would require anyone who wants to put the new USB hardware on their motherboard to pay a licensing fee to M$. The licensing fee would be minimal and probably only used as a pretext to assert that there is IP that needs to be
  • by Anita Coney ( 648748 ) on Friday September 17, 2004 @01:14PM (#10278005) Homepage
    I just don't get why USB hard drives are such a security risk. Any employee who wanted to steal a bunch of data is not going to be stopped by this. All he would have to do is open up his computer and borrow the HD for a weekend.

    Heck, he could just email the data to himself at home!

    And let's be serious, how many employees really have access to valuable and confidential information?!

    When I first heard about this alleged security problem I immediately thought, what's Microsoft's real purpose? Cringely might be on the right track.
    • And let's be serious, how many employees really have access to valuable and confidential information?!

      And people that have sensitive information are trusted Company employees anyway (or should be). This is a human problem, not a USB/stealing data problem.

      I will get on to my HR Dept. It will give them something to do. Nick
    • It's a lot easier to smuggle a USB drive in and out than to take apart a computer and remove the hard drive. Taking apart a computer when you're not supposed to is not exactly inconspicuious.

      Places that are really security-conscious will put any computers with sensitive data on an internal, secure, non-Internet-connected network, make their machines physically secure so that they cannot be opened without a key or special equipment, and disable any ports on the machine if they can. Apparently, USB ports are
    • And let's be serious, how many employees really have access to valuable and confidential information?!

      More than you would think apparently. Sysadmins, DBAs, developers... depending on your business model of course. At the very least, your organization would have sysadmins who would have full access to all the systems. Not one guy, but a group of sysadmins.

      Even if MS gets all those hardware manufacturers on board with DRM, TCPA, etc, I am not concerned. There will always be that one company who makes
  • Intel (Score:3, Interesting)

    by roman_mir ( 125474 ) on Friday September 17, 2004 @01:15PM (#10278013) Homepage Journal
    PC companies build what Microsoft tells them to because doing otherwise risks having their hardware go uncertified, or even worse, simply not function with Windows. - I wonder what processors would MS software run if not Intel's, I don't completely understand how MS came into position to dictate its terms to the hardware manufacturer. I wonder how much time will it take MS to come up with their own processor and the rest of it (sort of like Apple but without IBM) maybe they MS will can even cooperate with Sun on this front.

    In any case USB is definetely an important piece of hardware and ubiquitous at that. I don't believe that the home users will care about the security of their USB devices more than they care about security of their browsers and email clients. If the new standard is released it maybe picked up by very security minded folks, like the security services, but MS will have tough time convincing most companies to switch to yet another hardware platform (at least within the next 5 years.)

  • by telstar ( 236404 ) on Friday September 17, 2004 @01:16PM (#10278017)
    I expect USB ports to disappear about as fast as 3.5" floppy drives....
  • by erroneus ( 253617 ) on Friday September 17, 2004 @01:18PM (#10278046) Homepage
    One such abuse that I came away with was using your monopoly status to influence other industries. Maybe I'm wrong about this, but it seems to kind of fit as I'm sure other people are writing at this very moment.

    I can almost see this initiative getting spat upon basically because one of the brilliant and golden features of USB was the ability to use the device "universally" not only between like computers, but also unlike computers such as Macintosh. If Apple had any say in the development of USB standards, they should be gearing up their legal engines right about now because this "Universal Serial Bus"s claim to fame is now being threatened.

    As far as making it also as a "Linux hurter/killer" I'm not quite so sure about that. It seems to me that we can use Windows drivers WITHOUT worrying about patent infringement issues. It is being done with various Wireless cards and stuff, so why not enhance what's already been done and link-n-load the Windows drivers for the new hardware right into our systems? I think this approach barely presents a hiccup for the next few years unless MS rewrites the kernels of every OS they are currently supporting and rumos has it Win98 will be extended due to popular demand AGAIN.

    I think a lot can be prevented with protest and also with clear and active development in the area of using Wine and Windows drivers with Linux. They'll see how futile their effort really is and it makes me wonder if they really think this stuff through....
  • We Have Six Years (Score:5, Insightful)

    by hirschma ( 187820 ) on Friday September 17, 2004 @01:20PM (#10278072)
    This is all well and good, but it isn't going to happen any time soon. But, it is very likely to happen, given today's reality.

    See, XP wasn't as big a success as Microsoft anticipated. Right now, about half the PCs out there are still running older versions of Windows. The majority of those are running Windows 98 (!). The rest of running some form of XP. Yes, half the PCs sounds like a big success, but it doesn't ensure hegemony. No one is going to ship an XP only piece of hardware, today. Tomorrow, possibly.

    Keep in mind, also, that this is about three years since XP appeared. Longhorn isn't going to install on any current machines, most likely.

    Now, given this statistic, how long is it going to take for Longhorn to get to 50%? You'd best believe that product is going to be shipped, during the Longhorn period, that works on the last two version of Windows, - Win2k and XP. USB device producers aren't going to come up with new models of anything that won't work with the majority of computers out there. Well, maybe Microsoft will.

    I'm guessing that it will take at least until 2010 before the majority of PCs have are Longhorn enabled. When that happens, it'll be a the beginning of a problem. Possibly longer if corps go kicking and screaming, which they will.

    Non-MS computer enthusiasts/anti-DRM advocates have at least 6 years to get enough alternative desktops out there to prevent this. I hope that the commercial Linux distro makers and Apple are listening. They need market penetration _now_ to prevent eradication later. Or we'll see the end of personal computing as we know it next decade.
  • I don't get it... (Score:5, Insightful)

    by misleb ( 129952 ) on Friday September 17, 2004 @01:21PM (#10278087)
    Can someone explain to me why you can't just include access to USB devices as part of a user's policy in Windows? In linux, you can easily set permissions on devices just like files. Why does there need to be some hardware level standard? Is it so people can't boot off the USB/CD/floppy and grab data that way? Seems like a losing battle to me. If someone has access to data at work, there are any number of ways to get it offsite. Somehow I doubt the convenience of USB will encourage people to steal data that they wouldn't otherwise take. There are any number of security issues that should be considered before USB storage.

    Why wasn't this an issue years ago (when data were small) with floppy drives? Couldn't people also burn sensitive data to CDs and take that home? Most PCs and Macs come with CD burning capabilities as a matter of course. Want to get the data offsite? Drop the CD/floppy into the mail and send it.

    Then again, maybe USB storage is just that convenient and hard to detect. Still, it seems as though if someone has access to the data and wants to get it offsite, they'll find a way. Maybe USB devices will be the next "microfilm" of future spy/thriller movies.


  • by fzammett ( 255288 ) on Friday September 17, 2004 @01:26PM (#10278129) Homepage
    Look, we can all sit around all day and come up with conspiracy theories about how MS is trying to kill this competitor or that competitor... And some of the time those theories are even going to prove correct because, well, MS *is* exceptionally savy to the point of being bullies and even worse many times... But this article is nothing but FUD from someone on the OSS side of the fence. He might be right in the long-run, but for now it's just a glorified conspiracy theory.

    The FUD flows both ways folks, let's not forget that. You think MS is the only one using dirty tricks? The OSS side has a massive contingent of zealots to go along with the truly gifted, intelligent, talented and insightful members of the community, and they many times have a much louder voice than the good ones. MS has plenty of legitimate flaws, but so too does the OSS community. The sooner we all come to that realization, the sooner we might be able to change the world.

    This article isn't a good example of fulfilling that goal, indeed it's a good example of what we should be trying to avoid!
  • Bias (Score:5, Interesting)

    by RzUpAnmsCwrds ( 262647 ) on Friday September 17, 2004 @01:27PM (#10278146)
    This story is ripe with bias. Microsoft isn't stupid or powerful enough to force everyone to abandon all of their USB devices.

    That's why neither this nor NGSCP (Palladium) are of any concern.

    Everyone wants to FUD about how Microsoft is going to make a BIOS that "locks out linux", or a USB standard that locks out old devices. It's not going to happen. 5 years from now, you're still going to be able to run Linux on your computer, and you're still going to be able to access your USB devices in Longhorn and Linux.

    Now, certain devices - music players, primarily, will probably be "secure" (DRM encumbered). But you'll probably still be able to use them in Linux, so long as someone writes the drivers. The new Microsoft USB-spec is just a way for media players to confirm to the OS (and DRM framework) that they will obey the DRM restrictions.

    It's pointless to debate this anyway. It hasn't happened yet. Remember back in 2001 when Slashdot was spreading FUD about Palladium? As it turns out, we can still run Linux on our computers, and we will be able to do so for the immediate future.
  • by OrangeTide ( 124937 ) on Friday September 17, 2004 @01:28PM (#10278152) Homepage Journal
    Wouldn't a floppy disk have posed the same problem years ago? Especially since data was a lot smaller back then and you could really fit all your customer data on a 360K double-sided double-density 5.25" floppy?

    So basically Microsoft is just realizing a problem that is 30 years old? It's so easy to "hide" a floppy inside a notebook or calendar. The only solution back then was diskless workstations (which is something only Novell did back then, at least for x86).

    Personally I have no use for some Windows machine that won't support USB 1.1 and 2.0. From the article it looks like MS is wildly considering not having USB support in Longhorn. And instead substituting something that isn't USB and defining it to be the "new" USB, even though it's not completely backwardly or forewardly compatible with "old" USB. Plain old Linux, MacOS X and Solaris will continue to support USB.

    I don't really care if I will no longer be able to get some flakey $3 USB device, I'm fine with paying $30 for an equivalent device of higher quality. It's not like the super cheap commoditized USB devices work in anything but Windows. (and only older versions of windows, since the two-bit asian company isn't updating their buggy drivers)
  • by moberry ( 756963 ) on Friday September 17, 2004 @01:29PM (#10278166)
    The consumer population will not go along with the idea of "sorry, your old device won't work. please buy a new one". Why do you think there are RS-232 ports on computers STILL, i havent seen a serial device in years. Two things could happen

    • MS does this, and everyone switches to firewire, or some other hot new standard
    • Manufacturers write drivers for there devices, and go on supporting them

    IMHO, i think that manufacturers will just package generic USB drivers with there devices.

  • by phkamp ( 524380 ) on Friday September 17, 2004 @01:31PM (#10278189) Homepage
    The problem here is that Microsoft is acting on a legitimate and actual problem which gives people headaches in the real world.

    If they they attempt to implement a longhorn only solution, they will likely get so many people up in arms that it will never happen, and as a result another legitimate problem becomes taboo and remains unsolved.

    We've seen this already more than once. Just think about harddisks with built in encryption.

    I would LOVE for my bios to ask me for the password to my disk so that if somebody steals my laptop they don't get my data.

    (Shameless plug: In particular I would love it if a sensible encryption was used, see f.)

    Unfortunately, Microsoft tried to own the multimedia market by having harddisks with encryption where only _they_ had the keys.

    Now nobody even dares discuss the idea and concept of encryption in the harddisk.

    One taboo after the other...

  • by SmallFurryCreature ( 593017 ) on Friday September 17, 2004 @01:32PM (#10278207) Journal
    His entire argument hangs on the assumption that the tech industry will swallow the poisoned new USB hook line and sinker. Yet he himself points to several instances when the tech industry did not follow what the "ruler of the PC" said was to be done. The fact that compaq broke IBM-compatible by going to the 386 and all the bus standards IBM tried to introduce that failed.

    Intel recently tried that rambus and failed. Motherboard makers knew their market and went against the leader. MS has tried soundcards and failed. People stuck to creative labs (soundblaster).

    MS has tried to flex it muscles often enough and yet it rarely works and seems to be working less and less. Name a big PC company that is not doing linux however small. Do you really think MS likes that Dell ships linux machines?

    If MS really had as much muscle as this guy seems to think then we wouldn't have had a fraction of the linux stories that we have had.

    So hardware makers have not bowed to MS before (well not always) so why should they with USB? His scenario just doesn't make sense. You see there is the tiny little problem of people not upgrading their OS. Oh I am not talking about the /. people and their like. I am talking about the millions still running windows 98, according to MS own figures.

    Say I make a new device and make it a requirement that you first have to upgrade your OS? Oh yeah that would work. Companies don't even like to say "Windows 98 or later" to avoid scaring away the 95 crowd. Exactly how many products do you see that only work with windows XP SP2? Do you remember how long things like joysticks and mice came with both USB and either a PS/2 or a gameport cable?

    Also MS can not exclude old devices. If they could they would have ditced ISA support ages ago. They haven't. If longhorn suddenly wouldn't work with your old MP3 player you wouldn't buy a new one, you simply wouldn't upgrade.

    What they can do is create a win-usb. Like those win-modems and win-printers that exist. Are they a threath? Well only if you care about the "my crap piece of cheap tech that everybody told me was crap but it was such a deal and now it doesn't work with linux it sucks" people.

    If MS really plans to do it they would fail as they have failed as they and others have failed before when trying to control the PC.

    The PC is free and there are to many players who have everything to loose by MS or anyone else gaining control.

  • *sigh* (Score:4, Insightful)

    by dacarr ( 562277 ) on Friday September 17, 2004 @01:36PM (#10278242) Homepage Journal
    Microsoft, if this is much more than conspiracy theory, is blowing it out their hole.

    If there's a new USB standard by Microsoft that's back compatible with everything, one of two things will happen: it will be ignored (ergo, nothing will happen), or it will be adopted, ergo it will be reverse-engineered or otherwise documented, then redeveloped for Linux, then - guess what - included in the Linux USB modules, if not the base kernel itself, probably sprinkled with holy penguin pee within a few hours of the release if the intellect of the Linux dev people is any indication.

    Gotta admit, though - Cringely has really outdone himself.

  • by igorsway ( 669877 ) on Friday September 17, 2004 @01:45PM (#10278350)
    China is supporting the development of a Chinese-centric version of Linux. Assuming it takes off, China carries enough weight in the market-place that there will always be a viable hardware alternative to MS-only devices. Any standard that doesn't support the marketplace in China will die a quiet, unmourned death.
  • by peacefinder ( 469349 ) * <> on Friday September 17, 2004 @01:49PM (#10278390) Journal
    What PC makers (and to a lesser extent device makers) risk with this is irrelevance.

    If Microsoft locks in the next motherboard standard, people may stick to the current standard in droves. Maybe I lack imagination, but it seems to me that just about any PC on the market right now is Fast Enough for most everone's daily use. While special purposes (like gaming) need special hardware, there's little reason for the bulk of home or business users to do a performance upgrade on the desktop in the near future. Several companies already thrive on producing processors and machines a generation or two off the leading edge... why would this change?

    Several big manufacturers may go along with this, since they need to generate a reason for consumers to upgrade. But not all will, and not all who do will throw out the current open standards.

    Cringely's example of IBM and Compaq is a good one. IBM tried to lock in their PC standards while viable alternatives existed, and they got creamed in the marketplace every time. Apple did the same thing, and they got creamed too.

    Why should it be different this time? Microsoft could maybe have pulled this off a few years ago, but now all the PC and USB device manufacturers know that viable alteratives to Microsoft Windows exist. (OSX, Linux, BSD.) It's too late.

    Surely some manufacturers will place a bet on Microsoft's competitors and support dual or open standards. Those that do may struggle for a time, but they will reap the marketshare reward in the end.
  • Cringely topic (Score:3, Interesting)

    by eddeye ( 85134 ) on Friday September 17, 2004 @02:06PM (#10278639)
    Cringely walks a very thin line between troll and pundit. The only divider is that line at the top of your browser which says "". Can we get a Cringely topic in the prefs? His columns appear here with some frequency.
  • Yikes. (Score:3, Interesting)

    by Enahs ( 1606 ) on Friday September 17, 2004 @02:13PM (#10278715) Journal
    I'm sitting here at work, posting a comment on Slashdot, and as I type this, a Lexar JumpDrive is plugged into my keyboard.

    To think that at some companies there is at least one immediate-termination violation here is frightening. My company seems to love the fact that I take stuff home; as an hourly employee, I don't get paid for the work I do at home! ;-D
  • by Maljin Jolt ( 746064 ) on Friday September 17, 2004 @02:41PM (#10279025) Journal
    Nothing in this universe can technically prevent to do in software what can be done in hardware. And vice versa. Future Secure USB emulator in some old PDA will do the job well.

    More, I bet my hat the OSS implementation of anything standardized will be more compatible, more secure and less buggy than Microsoft one. Linux drivers included.

    Funny part of it is, banning USB disks will bring on alredy existing technology: ethernet disk drives. SATA over IP. With Microsoft's history of networking code nonquality, there is nothing to be afraid of.
  • by Mars Ultor ( 322458 ) on Friday September 17, 2004 @04:06PM (#10279902) Homepage
    Let's see, I believe the Xbox was "locked down" to prevent people from using it as a cheap console-style PC right? And let's all admit that as far as security hardware control goes, it's been a real success [].

    On a similar note, it seems that Microsoft's record at coming up with and implementing hardware standards is a little spotty [] at best (think about how well-used uPNP is these days).

    My point is that the market will dictate whether or not this becomes widely used - Ma & Pa computer user are not going to be buying a new PC every year just because microsoft says "jump", just as there son and/or daughter will be more than happy to "fix" that old computer to make sure that there usb key fob still works fine.

    Whether it's a hardware or software hack, there's always going to be ways around any system such as this, and I have faith that Linux developers will find a [legal] way to address this issue if it comes up. Oh and seriously, some references would be nice when I read this kind of hyperbole. Don't know where he obtained his journalism credentials, but I bet I could get my rocket scientist diploma from the same place with no problems.
  • by MysticalMatt517 ( 772389 ) on Friday September 17, 2004 @05:28PM (#10280577) Homepage
    We can spend all day yelling about how evil Microsoft is, we can whine about the future of the industry, and we can shout our declarations that we will never purchase DRM'd material.

    It still doesn't change that copyright needs to be fixed.

    Microsoft isn't the only evil corporation out there using copyright as a weapon instead of what it was intended to be. We can bat down stuff like Sender ID, heck, we might even get this USB stuff licked, but the abuse is just going to keep coming. Sooner or later there will be too much of it for our protest signs to even make a difference. The real fix to this whole mess is to update copyright law so that it is relevant agin.

1 Angstrom: measure of computer anxiety = 1000 nail-bytes