We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
W2k writes "It's a well-known fact that Microsoft's Windows Vista operating system contains DRM features, intended to keep a user from manipulating protected digital content that passes through his system. One core part of the DRM in Vista is Protected Processes. In short, a protected process is given special privileges by the operating system to keep other processes from accessing its memory or injecting their own code into its execution path. For example, running a media player as a protected process would make it theoretically impossible for a hacker to read encryption keys for DRM:ed content from its memory space. Well, not any longer. ReactOS developer and well-known kernel hacker Alex Ionescu has published on his blog a tool that can protect or unprotect any process, no questions asked. Screenshots of the tool in action are provided, but no source code."
W2k writes | more than 7 years ago
At first it was amusing to read comments from slashtrolls-in-denial claiming that Vista is "selling badly". But now I am seeing people moderating those comments to +5, Insightful, which is downright WRONG. Vista isn't selling badly at all, not by any reasonable standard of measurement. Google for "Vista sales" and ignore the obviously biased sites ("Microsoft-Watch.com", yeah THAT sounds fair and balanced). What do we find?
I'm not a rabid MS fanboy but I think Vista is a fine upgrade to XP. My most recent laptop came with a "Vista capable" sticker, it installed without problems and has been running mostly smooth since. I don't exactly feel any pressure to upgrade my older workstation to Vista, although it's certainly got enough hardware to handle it. I do wish Microsoft would have spent a little more time polishing certain rough edges before public release. But in most areas, Vista is an improvement over XP. Saying it's "not an upgrade" is being ignorant at best.
In summary, whenever you see "poor Vista sales" on Slashdot, whoever is writing does not deserve an Insightful, or even an Informative. They deserve a -1, Wrong. And if you think ~20 million units and $5 BILLION net profit constitute poor sales, and that Microsoft should be worrying, then you must live in a very special (as in Special Olympics) world, and I would love to see what kind of sales figures you would consider "good".
Yeah, yeah, grousing about rejected submissions is lame, I get it. I'm gonna do it anyway. It does get on my nerves when I submit a story, watch it rise to orange in the Firehose, only to be completely ignored. Seven hours later, some Anonymous writes another submission about the same thing. That submission rises to green, but the editors just ignore it. More than 24 hours later, someone posts an (arguably) inferior story about the same thing, and lo and behold, it is published.
This was my submission:
Vista Protected Processes DRM broken Submitted by W2k on 12:59 Friday 06 April 2007
"It's a well-known fact that Microsoft's Windows Vista operating system contains DRM features, intended to keep a user from manipulating protected digital content that passes through his system. One core part of the DRM in Vista is Protected Processes. In short, a protected process is given special privileges by the operating system to keep other processes from accessing its memory or injecting their own code into its execution path. For example, running a media player as a protected process would make it theoretically impossible for a hacker to read encryption keys for DRM:ed content from its memory space. Well, not any longer. ReactOS developer and well-known kernel hacker Alex Ionescu has published on his blog a tool that can protect or unprotect any process, no questions asked. Screenshots of the tool in action are provided, but no source code."
This is what some AC posted 7 hours later, also didn't get published:
Vista "Protected Processes" Compromised Submitted by Anonymous Coward on 19:42 Friday 06 April 2007
An anonymous reader writes
"Protected processes, which were introduced in Windows Vista to allow DRM software to be hidden from the prying eyes of reverse engineers, have today had their security called into question by the release of D-Pin Purr (http://www.alex-ionescu.com/?p=35) by Alex Ionescu of ReactOS (http://www.reactos.org/) fame. His tool allows protection to be added and removed to or from arbitrary processes, circumventing the usual security checks. This could enable malware to hide itself from bona-fide scanning / removal software by hiding inside a secured process, and opens the door to some inventive attacks on the DRM pathways of Vista."
This is what finally gets posted onto the front page, more than 24 hours after my original submission:
Vista Protected Processes Bypassed Posted by CowboyNeal on 18:41 Saturday 07 April 2007
Anonymous Hero writes
"Security Researcher Alex Ionescu strikes again, this time with a proof of concept program that will arbitrarily enable and foremost disable the protection of so-called 'protected processes' in Windows Vista. Not only threatening Vista DRM and friends, it's also another step towards hardened and even more annoying malware. Normally, only specially signed processes made by special companies (decided by Microsoft) can be protected, but now the bad guys can protect any evil process they want, including the latest version of their own keylogger, spambot, or worm, as well as unprotect any 'good' one."
I've read the FAQ and I understand the whole omelette thing, but this is just stupid. Not only do I think my take on the story was better (more informative, more links, written first) but it took almost two full days for the story to make it onto Slashdot's front page! Even fscking PRINT MEDIA does better than that!
Alex Ionescu's blog entry: 2007-04-06 00:29
My submission to Slashdot: 2007-04-06 11:59
Slashdot story appears: 2007-04-07 17:41
Judge for yourself. All the times are UTC, unless I made a mistake (they're UTC+1 in the copy-pasted submissions above). So, what if there were "enough" stories posted already on friday and the editors simply decided to hold off posting anything else until saturday? Well, that doesn't still explain why they chose the (arguably) poorly-written submission over mine.
Will this long whine/rant change anything? Probably not. I am writing this as a reminder to myself not to submit any more stories. And to stop using the firehose, as the editors seem to ignore it anyways. In fact, I'll be quite content just reading the worthwhile stories (while blocking all ads) and modding down the trolls (which is easy since I seem to be getting modpoints several times each week now).
W2k writes | more than 10 years ago
Okay, so it's not updated that often, but I still wish people would read my blog every once in a while. I can't directly count the number of hits it gets atm, but something tells me it's lower than low, since I haven't gotten any comments posted in months. Then again, maybe that's because I don't allow anonymous comments. People may be reading but not writing.
Are anonymous comments a must for running a blog these days?
Btw, I'm eventually moving the blog over to Skynet, a content management system I designed which has a lot more bells and whistles than the current system (and it's rapidly becoming self-aware, hence the name). Oh, and I'll probably replace the comments system with a reply-only phpBB forum that gets a new thread created for every thing I post. With anonymous logins enabled.
W2k writes | more than 10 years ago
Aren't the options for upmods and downmods rather limited? I think we need some new ones, such as
+1 Cool (to replace the bland and seldom-used Underrated)
-1 Ripoff (copy-paste from website or other person's comment)
-1 Childish (poster is childish - easily spotted, uses the word "Micro$oft")
-1 Zealot (not trolling, just passionately stupid)
-1 Wrong (for factual errors, claiming John Carmack invented Linux etc.)
Obviously, with all these new -1's, Overrated could be made a thing of the past, too. Zealot and Flamebait are possibly overlapping a bit in meaning, so either could be dropped in favour of the other. The others, however, I really miss, especially Wrong.
As mentioned earlier, this editorial posted at AMDMB, chronicles Ryan Shrout's experience at a rather large LAN party this weekend. Here in the USA, we understand it to be our right to openly speak about our experiences in life, but quite possibly others do not feel that way.
Omid Rahmat of Tom's Guides Publishing, a.k.a TomsHardware.com, verified in an email to me that he made the following statements in reply to a reader's email explaining that he would not visit THG any more due to their recent actions.
From: Omid Rahmat [mailto:email@example.com]
Sent: Monday, June 30, 2003 8:41 AM
To: Name Removed
Subject: RE: MML2
Sorry to hear that, but Amdmb.com fabricated a story, and we gave as good as we got. We'll let the lawyers handle it.
If you choose to believe the amdmb.com version, fine, but we're not going to just sit there and have someone lie about us.
It seems as though that is exactly what they intend to do as Omid called Ryan Shrout this morning around 11:45AM CST and verbalized that Tom's Guide Publishing would be having their lawyers send Ryan a letter explaining that they would be suing them for libel. Ryan, being a "poor college student" working on his EE degree does not have the funds needed to defend an action of this sort, it is our opinion that this action is to force Ryan's hand and make him take down his page that chronicles the events.
I have committed to Ryan that I will personally help him with funding his legal council so he will not have to fold with the almighty dollar being the deciding factor. We have also put him in direct contact with our attorney we keep on retainer that specializes in Intellectual Property matters. I think Ryan is telling the truth and should not be stifled.
The fact of the matter is that Omid was not present at the event and does not know what happened first hand. I would guess that Omid might be getting his information from parties that are now concerned with keeping their jobs. Also worth mentioning is that Ryan has some recorded audio of THG and AMD representatives saying some very interesting things to him that would be terribly embarrassing, if not downright damaging, should they be released publicly.
We have tried to contact AMD about this, this morning, but have not been successful.
As of posting this, I have received another mail from Omid making the following statement:
We will deal with Mr. Shrout through the appropriate legal channels, and leave it at that.
In response to this, yours truly wrote the following to Kyle (who wrote the above news item):
Just a few comments on your recent news item entitled "THG to Sue AMDMB.com". Unlike yourself, I am not entirely convinced that Ryan is telling the truth, if THG are willing to go to such extreme lenghts as a lawsuit in order to set the record the way they want it.
Here in the USA, we understand it to be our right to openly speak about our experiences in life, but quite possibly others do not feel that way.
Well, THG apparently feels that Ryan did _not_ speak about an experience in his life, but was in fact lying. Which _is_ illegal when it constitutes libel. It's your US laws that makes it possible for THG to sue in this case.
Ryan, being a "poor college student" working on his EE degree does not have the funds needed to defend an action of this sort
Assuming that Ryan fabricated the story about what happened at MML2, the fact that he's a poor student doesn't alleviate him from guilt. Imagine what the world would look like if every criminal who could not afford to pay for his/her crime would be let off without punishment.
If Ryan has a case, he should be able to claim significant damages from THG. He should have no problem finding legal counsel who would represent him pro bono, given a sure-to-win case as this one would surely be, if Ryan has all the evidence he claims to have.
I think Ryan is telling the truth and should not be stifled.
Just out of curiosity, do you have anything to back up this assumption apart from your real-life impressions of Ryan? (You two have met as I understand it)
The fact of the matter is that Omid was not present at the event and does not know what happened first hand. I would guess that Omid might be getting his information from parties that are now concerned with keeping their jobs.
The fact of the matter is also that YOU weren't present at the event and thus, you also don't know what happened first hand. I would guess that you are getting your information from Ryan, which is now concerned with keeping his rep, his website, and his life's savings.
Also worth mentioning is that Ryan has some recorded audio of THG and
AMD representatives saying some very interesting things to him that
would be terribly embarrassing, if not downright damaging, should they
be released publicly.
Why haven't they been released already? Surely there'd be no reason for Ryan to withhold such incriminating evidence, especially given the recent surge of disbelief in his claims. Why wait until the trial?
Recordings are very easy to fabricate. Someone saying "hi, I work for THG, I'm gonna end your career Ryan" does not automatically constitute "evidence". Have you heard the recordings yourself?
W2k writes | more than 11 years ago
Every year or so, I take the time to install Linux on a spare PC, in order to see whether it's finally matured as a desktop-worthy OS. Let me briefly sum up my experiences with various distros until today:
Mandrake 8: Good but ugly installer, autodetected all my hardware except for my USB mouse(!). Very messy default UI and menus, ugly, tried to be newbie-friendly but succeeded poorly. KDE was very unstable for some reason. Attempt to tweak graphics settings (in order to reach higher res than 800x600) resulted in X suddenly refusing to start. Could not get it working again.
Debian: Nice, simple installer very much aimed at the advanced user. No auto-detection whatsoever. Never got X working. Debian to me seems best suited for people who are already Linux gurus and want a solid server platform (why don't they use FreeBSD?). I'll be sure to try it again sometime.
SuSE 8.2: Never even got to installing this. I read a review, saw some screenshots, and the general impression of it was that it was about as ugly and wannabe-friendly as Mandrake. Couldn't bring myself to waste the time and energy to try it.
Fast-forward to today. I should have tried Red Hat sooner, of course. I found the ISO's were conveniently available via BitTorrent, allowing me to max out my connection downloading them. Less than half an hour for three ISO's is GOOD. After burning the ISO's to three blank CD-R's, I proceeded to install RH9. The following sums up my experiences so far:
Installation was very simple and straightforward. Just click Next and make sure everything's set up properly, fine-tune where necessary. Package management very nicely handled. I liked the RH9 installer better than WinXP's, which is a first.
RH9 autodetected my hardware except for my NIC (3Com 3CR990) and there was an IRQ conflict with my sound card that fixed itself when I changed a setting in the BIOS. I found the 3c990 driver on 3Com's site, however it wouldn't "make" straight out of the tarball forcing me to edit the driver's C code by hand to get it to compile. The driver had been out since 2000, I wonder why it wasn't included in RH9 by default. Once compiled, installation of the module was fairly painless.
RH9 looks GOOD. Antialiased fonts, nice wallpapers, lovely Gnone skin. Again, this is an area where I prefer RH9 over WinXP. Not that I place heavy emphasis on cosmetics, nooo:)
Installing drivers for my nVidia Geforce2 MX was fairly painless - RH9 doesn't let me exit X(!) by default, I had to edit inittab.conf and reboot(!) for it to let me close the X server. After that, installing the nVidia drivers was painless and I was enjoying Tux Racer shortly thereafter.
RH9 has a very nice set of included apps. OpenOffice.org is great (though not a full MS Office replacement - where's the FrontPage workalike?). Mozilla Browser/Mail I already know and love from Windows. A simple but functional CD burning app was also included. Thanks to the nice package system (see above), I did NOT end up with a thousand apps I didn't need, as happened with Mandrake.
Automatic updates via RHN (Red Hat Network) were quick and painless. More convenient than Windows Update, but better as it's not limited to OS components.
Samba was tricky to set up (the graphical frontend is buggy) but I eventually got it working. Very useful.
Why does RH9 auto-mount CD's, but not floppies? Took me a while to figure it out. Sendmail seems to have a problem, it hangs the system for a fairly long time when it loads during boot. Haven't found where to turn it off yet - unchecking it in RH9's services manager didn't work.
I'm gonna try installing Quake III Arena next. Wish me luck. So far I pronounce Red Hat 9 mature enough for Joe Sixpack to use as a home desktop/workstation (so long as he doesn't need to play too many games - not the fault of Linux mind, but of the game developers).
However, I wouldn't trust Joe Sixpack to install RH9 by himself. Anything that requires editing a.conf file by hand, or even worse, editing C code, is TOO HARD and shouldn't be necessary. Driver installation should be a three-click prodedure - two (a double-click) to launch the installer, another (single click) to accept the EULA. It is this simple on Windows, I see NO reason whatsoever why it can't be on Linux, except for lazy programmers. Yes, I know most of them don't get paid. No, I don't think that's an excuse.
Another thing that needs to change is the attitude towards newbies of some Linux user. I'm sure there are many that are very supportive of semi-clueless newbies like myself, but the most vocal ones - at least in the help channels I visited - are not. I get the impression that many Linux users don't WANT more people to use their OS, and consider the recent user interface enhancements bad. This is counter-productive to the wide adoption of Linux and the Linux community should take a united stance against such behaviour.
By the way, you will note that I say Linux, not GNU/Linux. While I agree that the latter is more technically correct, I have decided to subscribe to the notion that defines "Linux" as "an operating system built around the Linux kernel". Using this definition makes talking about Linux much easier, since it does not require distinction between the operating system and the kernel. It is arguable how often such distinction is actually necessary. Another reason why I don't use GNU/Linux is that I personally dislike RMS, mostly because of his ideals, which I consider misguided. More about that in some other writeup. I do, however, like Linus Thorvalds. He's an engineer and an artist, much like I like to think of myself.
For the interested, these are the specs of the computer I installed RH9 on: Athlon Thunderbird 1GHz, 512MB PC133 RAM, Asus A7V, nVidia Geforce2 MX, Sound Blaster Live! Value, 100GB WD Caviar, 22GB IBM Deskstar, HP CD-Writer 9310i, 3Com Etherlink 3XP. Plus a bog standard CD-ROM reader and floppy drive. Everything was auto-detected by RH9 except for the NIC, see above.
If this was a review, I'd give Red Hat Linux 9 nine out of ten points for user interface, seven out of ten for technology, ten out of ten for installation, nine out of ten for the free support (docs, online help, automatic updates) and eight out of ten for compatibility. Score subject to change as my experience with RH9 develops further.
W2k writes | more than 11 years ago
It's kind of funny, strange and scary at the same time - these last few months, it feels like I've got five mod points waiting for me when I log on to Slashdot every couple days. I suppose I must be a really good moderator (I have never received an unfair metamod, how's that?) or the system is broken in some way.
It's especially strange since I am one who does NOT agree to many of the views that seem to dominate among the more vocal members of the Slashdot crowd - such as the notion that Microsoft is "evil" and that Windows is a pile of shit. I find Windows (specifically, XP/2003) to be a very capable operating system, which I consider Linux to be unsuccessfully playing catch-up with - more about this in some other journal entry, perhaps. Anyway, since my moderations reflect this, it's a wonder that they're still letting me mod. I suppose that while Slashdot's editors aren't very fair or unbiased, the Slashcode is. Deep down, we all know what's right and wrong, regardless of whether we consist of flesh or code.
W2k writes | more than 12 years ago
...or better yet, the current editors need to introduce more stuff to let the users affect content. My main idea on this is:
Letting the users vote for what stories make it onto the front page. I've submitted a couple of stories, all with perfectly suitable material. I'm a professional journalist, I can say without doubt that nothing was bad, spelling, grammar or content-wise, about those submissions. No, there weren't any other submissions on the same topic posted instead. Still, none of those submissions made it onto the front page. I know that many people like to grouse about perfectly valid submissions getting rejected, and there is no way to find out WHY your submissions were rejected.
My suggestion: Add a new page to Slashdot, where as-yet unpublished stories are listed. They will, of course, have to undergo some rough screening by the moderators, but every story that's not an obvious duplicate or total garbage (spam, porn, goatse.cx, etc) gets listed. Beside each story is a selection box with ratings from 1-10, and a display of the current average rating of each story. When a user rates a story, the average rating is updated. After the story has been voted on x times, or has been sitting on the page x hours, it is either scrapped or published on the front page, depending on the rating. Any stories with a rating above x gets published, IMHO this value should be something like five, maybe seven.
Now, to make this a bit more feasible: Let's say only subscribers get to vote. Or only users with karma => 20 pts. Letting EVERYONE vote would probably be a mistake, but it's a great feature for those who subscribe.
A thought: Apart from the titles, the first three lines of the story could be included, or a link to read the entire thing. It might be hard to judge the quality of a story by just the title.
Another thought: If this system was implemented, I'd subscribe. JUST for the ability to vote on upcoming stories.
Third thought: While the above is probably not going to be implemented anytime soon (if at all), for now I'd be content with the editors having to specify a REASON WHY for each submission that's rejected. Really.
W2k writes | more than 12 years ago
C = Deep end with sharks
C++ = Deep end with sharks and wave machine
VBasic = Kiddie pool
ASM = Concrete box where you build your own water molecule by molecule
Pascal = Extra-deep Kiddie Pool with kiddie piss in it
JAVA = Veruca infested foot shower
W2k writes | more than 12 years ago
2001-12-18 13:14:28 MPAA "warns" technology firms (articles,news) (rejected)
2002-01-16 22:14:35 WMA coming to car stereos (articles,hardware) (rejected)
2002-01-27 20:05:20 AMD unveils 2 666 MHz Athlon prototype (articles,hardware) (accepted)
2002-01-29 14:39:11 Security hole in Netscape and Mozilla (articles,security) (rejected)
2002-01-30 14:26:17 BBC bans use of non-MS PDAs (articles,news) (rejected)
2002-02-12 22:32:21 3DMark2001 Second Edition released (articles,games) (rejected)
2002-02-21 12:35:50 OSS helps nazis make hate games (articles,usa) (rejected)
2002-03-08 17:11:54 IBM says 120GXP drives shouldn't be relied on (articles,news) (rejected)
I find it amusing that the only story that was accepted, was also the only one that was a total and utter fake. It was never actually posted to the/. front page, though.