What is Digg?Warning: The Content in this Article May be Inaccurate
Readers have reported that this story contains information that may not be accurate.Sponsored by Dragon Age: Origins
Can't get enough Dragon Age: Origins? Check out new footage. view!
DragonAge.BioWare.com - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
68 Comments
- ryware, on 07/04/2008, -2/+62Their is already a new version of FairUse4WM (1.2) that gets around Microsoft's fix. You can download it at any of the mirrors below:
http://ranobe.com/up/src/up134478.zip
http://www.content-type.com/-574985070/ver12.zip.htm
http://www.bigupload.com/code.php?code=0F905338
http://www.datafilehost.com/download.php?file=bc786249
http://www.bestsharing.com/files/ms0...ver12.zip.html
http://www.filehost.ro/167046/ver12_zip/
http://www.upitus.com/download.php?file=6f65c2b0 - BevansDesign, on 10/12/2007, -21/+78I'm guessing that it's a lot easier to patch a more or less stand-alone DRM than it is to patch a "fatal security flaw".
- zigamorph, on 10/12/2007, -12/+55Plus how do we know it wasn't just a one liner. I have found many times in my code just by changing one line of my code might fix a huge bug.
- ericnmu, on 10/12/2007, -9/+50Oh yeah, and they were busting their butts since 2001 to better IE6.
Quit fooling yourself. Money talks. - gmweezel, on 10/12/2007, -3/+43The Microsoft golden rule: The only real security threat is one that hurts the company.
- POPULATIONPASTE, on 10/12/2007, -15/+49Actually it's probably easier to fix a buffer overflow than it is to research how a 3rd party program circumvents DRM and then issue a fix. Not that it matters, the average user is completely oblivious to the fact that MS is sodomizing them without lube.
- CypherXero, on 10/12/2007, -1/+31I don't wanna even ask how you know that.........
- culbeda, on 10/12/2007, -3/+31And more importantly, they're on the cusp of introducing a new music service dependent upon their DRM, so let's just say they're "motivated" to keep those partners happy.
- misterjangles, on 10/12/2007, -3/+30I can't totally curse them because IT managers with large install bases to support complain when MS send a bunch of patches that potentially break their highly customized installations. Home users on the other hand bitch if the patches don't come soon enough. It's got to be ridiculously complicated to manage such a diverse userbase.
I do think its a little odd that a DRM patch goes through so quickly, though. It's interesting to see that they can move quickly when *they* want to. - theWaterboy, on 10/12/2007, -1/+21I am just happy to see that people are cracking DRM! Be it iTunes, or the WIndows counterpart.
I not only digg this, but I give it two snaps and a circle! - cquinnd, on 10/12/2007, -10/+25No, when you patch a buffer overflow, you then have to take into account all the programs an functions that might be affected by the new buffer condition.
Plus the stand-alone DRM was probably built with more of an idea of being
easy to patch if needed. - williamdyer, on 10/12/2007, -8/+21Um duhhh!
Customers (i.e. tax cows, peasants) are a pain. Valued partners, like the RIAA and MPAA, are like royalty. - ryware, on 07/04/2008, -6/+19There*
- thenutty1, on 10/12/2007, -1/+12Then we would be waiting until early '07......2107.
- crombenevolant, on 10/12/2007, -1/+113 days to patch the DRM, but I had to spend 3 hours last night manually removing then adding patches back on to get my media center to connect to my xbox360 again (known bug that Microsoft has been looking into for 3 months)!!!! Grrrrrrrr!
- Nougat, on 10/12/2007, -1/+11"They are doing what they can to make money. No buisness can survive if they always do what the consumer wants."
Indeed. When the customer decides "I don't want to pay for your product, I just want it for free," they cease being customers. - MisterCookie, on 10/12/2007, -2/+11Proof that the RIAA has too much power: They were even able to get Microsoft to issue a patch in a timely manner!
- Bob042, on 10/12/2007, -0/+9Well, how would the xbox 360 easily connect to a windows PC? It's not like they're made by the same... oh, wait.
- samnmax, on 10/12/2007, -0/+8FairUse4WM has already been updated to get around this patch.
Information on it and links to the program are here:
http://forum.doom9.org/showthread.php?t=114916 - adolfojp, on 10/12/2007, -3/+11Today on Digg
Microsoft takes too long to release a patch = bad
Microsoft releases patch quickly = bad - sophiaperennis, on 10/12/2007, -1/+9There's no such thing as stand-alone DRM. The DRM technology is very complex, and the integration of the functionality into software (Windows Media Player, with different versions) and hardware (the Music Players) requires a solid set of integration testing, as well as making sure that the patch doesn't break backwards-compatibility.
My favorite quote from the story: "Trying to make digital files uncopyable is like trying to make water not wet." - sdigroup, on 10/12/2007, -1/+9Doesent it always seem to be the case when Big media Controllers i.e RIAA MPAA tighten the rope around the neck. when they expect to get results. When 19% of unpatched M$ holes still exist. When Something as ridiculous as the WM DRM get pushed right to the front of the line. Very Sad indeed.
- Ystig, on 10/12/2007, -7/+13Indeed, I suspect this was so quickly patched not because the stakes are higher when it comes to DRM for Microsoft than they are when it comes to system security, but for quite the opposite reason: the stakes are far, far lower, with QA and testing being barely necessary, and the solution vastly simpler. It seems that Microsoft's DRM was written specifically with the intention of being highly modular and updateable. This is not a kernel-level patch or even a patch of anything that could be considered OS code. The danger of compatibility issues being produced by the patch is almost non-existent. It's a patch for a set of constantly changing windows media file specs which had been recently circumvented. Comparing the speed with which this was patched to the speed with which vastly larger system security bugs are patched is a frivolous game.
- lowerlogic, on 10/12/2007, -1/+6"No, when you patch a buffer overflow, you then have to take into account all the programs an functions that might be affected by the new buffer condition."
What? Simply adding a line of code to check the length of the data to be put into a buffer should not affect the program during normal operation. If someone tried a buffer overflow, the check would detect it and then the program could try to truncate the data or end itself before anything bad could happen. - Brahma, on 10/12/2007, -3/+8We never know what kind of fixes happen for the Security patches. It could be a couple of lines to a major re-write. The point is Microsoft should release patches as soon as possible rather than wait for the second Tuesday of every month.
- geekee, on 10/12/2007, -3/+8Security patches are issue at set times unless an exploit is in the wild. The problem with issuing security patches is that they are reverse engineered to create new exploits to use against unpatched systems. This is a well known phenomenon.
The article is mostly bs speculation by someone with an axe to grind. Schneier is not an unbiased source. - crapbox, on 10/12/2007, -1/+5About every 5-9 days my Ubuntu desktop annoys me with a notification that something needs to be updated. But I'm happy to do so.
- inactive, on 10/12/2007, -1/+4Yes, it's really that simple. Corporations don't really need timely security fixes or anything.
- blindReticle, on 10/12/2007, -4/+7"(they care about their record label partners much more than you or the Internet)"
Yeah 'cause the internet is full of wonderful people. - MattH, on 10/12/2007, -0/+3Here's where the real discussion about FairUse4DRm is happening
http://forum.doom9.org/showthread.php?t=114916
You will find the development discussion here also . - mntpng, on 10/12/2007, -0/+3I'm sure this "patch" will be marked critical. Oh wait... If it's marked critical, you won't be able to get the patch without WGA (Windows Genuine Advantage)? Perhaps this "patch" will be forced upon users with or without their consent?
- AZNL473ncy, on 10/12/2007, -1/+4I agree with jive,
Businesses are there to make money without or with very little care for the consumer, if the customer decides not to use the product, at that time they will HAVE to fix something so that they use their product and pay them more money.
Some businesses (MS) which *basically* have a monopoly in the market can charge whatever they want because it's the "standard" for the mainstream, and they don't see any alternatives. (I personally use XP and dual boot with linux).
Remember money talks so if you boycott MS then they will HAVE to fix their way of doing things. - farm3r, on 10/12/2007, -1/+4I agree with boycotting... :-)
M$ (yes M$ i am 3 and you jive can [custom swearword].....) doesnt behave ethically, it unfairly excudes competition ( thats fin€ by us) with inferior code, in effect is retarding our progress. - grumpyrain, on 10/12/2007, -0/+2Most of the time, the patching process is about keeping compatibility. DRM is the exact opposite, all they have to do is break compatibility. It is much easier to make a change to break something than to make a change that does not break anything.
Destroying a cancerous cell is pretty simple. Destroying it without affecting nearby cells is a lot harder. Although my analogy falls down because DRM should be the cancer. - kaod, on 10/12/2007, -0/+2for those of you arguing that DRM is easier to patch then a security flaw, the point is irrerelevant. whether it was a 2 line patch or a 5000 line patch, the point is that the DRM patch BROKE the patch cycle and was downloaded immediatley. score one for the "ms are sucking corporate *****" opinion.
- JrGhoull, on 10/12/2007, -1/+3this is surprising....why? obviously a company is going to do anything that it considers important as quickly as possible. consumers of course being not so priority, especially when it comes to MS.
- gcauthon, on 10/12/2007, -2/+4@sophiaperennis
In other words, you make digital files uncopyable by putting them in the freezer. - Giga, on 10/12/2007, -0/+2Oh the unthinkable that something reached the front page! Come on, if this didn't reach the front page, some equally lame story would have taken it's place. If you don't like it, don't read it...
- nixfu, on 10/12/2007, -1/+3
Proving once again that Microsoft care MUCH MORE about making their croneys and pals in the media like the MPAA and RIAA happy than they do screwing over the rights of their customers. - geekdreams, on 10/12/2007, -2/+4XP Home = Weekly patches
XP Pro = Bi-annual patches
Easy. - greenvortex, on 10/12/2007, -0/+2In my job I have to support over 100 PCs with Microsoft OS. I get to suffer first-hand the effects when their security patches are too slow (geez, our locked-down server got hacked...hmmm) and too fast (geez, this server worked fine before the patch was applied...hmmm). Microsoft's "patch Tuesday" system is just a bulls**t way to save them money while I suffer because the overpriced software they sold us has more holes than a cheese grater. I take great offense at this DRM patch being released so quickly, while I wait for dozens of security holes to get fixed. Even if it was an easy code fix, WHY IS IT SO IMPORTANT THAT IT CAN'T WAIT FOR PATCH TUESDAY LIKE ALL THE SUPPOSEDLY CRITICAL SECURITY FIXES? Do I have an axe to grind against Microsoft? I sure do, because I use their crapware every day.
- grumpyrain, on 10/12/2007, -0/+1Why do people think it is more expensive for MS to release patches as they are ready and instead hold it for patch Tuesday? Wake up people. Most (though not all) security flaws are not actively exploited until after a patch is released. That means that once a "responsibly reported" security flaw is released, you have a timebomb on your hands. To hold all such patches until a known day minimises the risk of an exploit hitting critical mass. In effect, it forces a zero day attack to ensure critical mass. I happen to agree that MS does toe the RIAA/MPAA line, but the release of this patch was never going to trigger a zero day exploit. It will just be a cat and mouse game between hackers who hate DRM and MS who needs to show it can enforce DRM for the whole Zune thing to work out.
- cleverboy, on 10/12/2007, -0/+1>> "Not true: a hacker may want to crack DRM so that other people
>> can give them copies of movies etc. They may never *buy* DRM
>> material." - zoxed
That true. Just the same though... the hackers are being "watched". You don't want these content providers, like the RIAA assuming every "stolen" or "trafficked" bit of content is a lost customer, but that's what they do. All they think then, is what legal measures they can strike against piracy to increase their sales. They don't think, "Wow, we lost that customer because we tried to protect ourselves."
>> "I agree *but* if you want BigNewMovieX you may not have the choice.
>> You can be pure and avoid buying the movie completely, or you can
>> compromise and buy it." - zoxed
But... you like... totally just described the choices. :: eyebrow raised :: More and more, I'm totally surprised by the people in my life that make life choices that are jarring. Like becoming vegetarian or not watching any TV any more. Choosing NOT to watch a movie in order to get better product in the long run is a great thing (maybe you'll catch it on cable). DVDs have exploded due to consumer appetite for them. The more people go out to watch stupid Hollywood movies, the more Hollywood makes them.
>> "You may then crack it open and share it with the world as a
>> protest. If enough people do this the DRM may be dropped as
>> superfluous." - zoxed
Unfotunately, there doesn't seem to be any logic in what you're saying, only a disconnected assumption that is often repeated and ASSuMEd ad infinitum.
Ask yourself this... If a company produces content with copy-protection on it, and non-customers are constantly finding ways to break your copy-protection in spite of your existing sales... would this cause you to think, A.) "I should remove the copy-protection and make it easier to distribute", or will it make you think, B.) "Boy, I'm glad I have copy-protection. If I didn't, i'm sure I'd have even less sales"? My bet is on "B".
If you were to look at it as an equation, what you'd be looking for is this logic: "Would the amount of people that do NOT purchase my content due to copyright-protection" become *immediate* customers if I just remove it, and furthermore, would those NEW customers out-weigh the customers LOST (who do not mind the copy-protection) that now choose to simply get an easy copy from a friend (without needing to jump through hoops and/or waiting for a "crack" from anonymous hackers) instead of buying a copy for themselves?
Keeping it sober, I can only imagine that the sales figures get worse without right-management (or DRM) than with it. Even if you added to that, lowering the price of the good as well.
You know how it works. ANY content ONLY has a finite number of people interested in viewing it (whether its free or not). Let's call that 100% or 100 people. Once you charge for the content, you have less people willing to see it. Let's say 75% is now left (assuming its really really cool). Now, out of the 75% that would pay you something ($1-$3), only 50% of those would pay a reasonable fee... $10 (looking at the marketplace). The other 25% (of the 75%) will only buy it heavily discounted (below martet value). Out of that 50%, only 40% will buy it with DRM implemented into it. --However, here's the twist... with NO DRM only 30% of the original 50% will actually end up BUYing it, even though they still consider it worth the money. The other 20% just get a copy from a friend and are more than happy with that. So, with DRM, the company sells 45% but without DRM they only sell 30%.
Where it would HURT the company... and this is the IMPORTANT point. Is if the amount of CUSTOMERS who would otherwise BUY, REFUSE to buy the content, due to the DRM. If instead of 10% (of 50%) refusing to buy with DRM... if 30-40% of buyers refuse to buy it with DRM, suddenly, the company is in a crisis (they're only getting 10-20% of their potential audience to purchase). They'd make more money WITHOUT the DRM than they'd make with it.
It's a complicated series of issues to battle, and really work off of REAL consumer habits and time-tested percentages based on past sales cycles. - tropican8, on 10/12/2007, -0/+1Maybe because people are thinking that somewhere down the line Microsoft released something faster, or that a DRM vulnerability is not a security vulnerability. They seem to be forgetting that though its not a problem for an end-users, its still a serious flaw in Microsoft's DRM, something the record labels were not aware of when they signed an agreement with them. Bruce Schneier, the author of the article, as well as the Blowfish algorithm, seems like a pretty reliable source for info about security patches, but maybe that's just me. The title of the digg article is a tad misleading however, lots of exclamations with very little info. The story would have probably gotten more diggs had the submitter mentioned DRM in the title.
- forgetfulca, on 10/12/2007, -0/+1Beware astroturf. getting this marked as accurate smells like situation-management to me.
ie, informed people will decide (or not) that the story seems valid, uninformed people will be likely to be skeptical (and therefore more supportive of MS) . - OBKenobi, on 10/12/2007, -0/+1You're lucky you caught that in time, otherwise you would have to be hauled off to Spelling Jail, where you would have been tortured by spelling Nazis.
I'm glad that MSDRM has been cracked again. Every time this happens, MS has to run around in circles and waste a ton of $$$ to fix it. Perhaps they will realize that resistance is futile.
MS, you can't fight the will of the entire world. Especially that of your paying customers. You only serve big-business and fed interests so much, you have to serve your customers too! - dtreese, on 10/12/2007, -0/+1I'm just happy I got to read "sisyphean."
- zoxed, on 10/12/2007, -1/+2No: the point is that the DRM hole gets patched *quicker* and lots of security flaws are fixed slower.
- jerrygofixit, on 10/12/2007, -0/+1Why is this 'possibly inaccurate'? Are people from the digg community in denial??
- forgetfulca, on 10/12/2007, -0/+1zigamorph
"Plus how do we know it wasn't just a one liner. I have found many times in my code just by changing one line of my code might fix a huge bug."
Doesn't matter if it is a one-liner, most of the work involved in rolling out a software change is not in the fix, but in the distribution. There's qa testing to make sure that the fix doesn't break something else, the overhead involved in adding it to the list of patches available, the criteria to select target machines, etc. I would be very angry if MS is skimping on the quality assurance side of this just to make sure this restrictions managements stuff is being 'fixed' -
Show 51 - 68 of 68 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is