Given that the Sony DRM fiasco rolls on, why not spin a few more punditry thoughts?
Firstly, what a screw-up from an economics perspective. The CD should be the premium, DRM-free product. The downloads are the price-discriminated limited-use products with lower bitrates, transfer and play restrictions etc.
What on earth entered their mind by putting DRM on CDs? CDs are supposed to be expensive. They're gift items, rendered in tangible polycarbonate and aluminium foil. They don't compete with downloads, as the markets only partially overlap. Just because it's music doesn't mean it is a solution to the same user need.
Secondly, this problem is getting heaped on Sony's head, but really it's Microsoft's issue. The security model for XP is broken. The view Windows has of the world is as a pre-networked OS. It tries to protect the resources of the computer from multiple programs and users trying to trample over them at the same time. As long as you aren't contending for simultaneous access, what's the problem?
But the threat now comes from outside, and the threat is to the user's privacy and security -- their data -- and not to the PC per se. Yet Windows doesn't track where each file originates from, and ask for the user to intervene when program A unexpectedly starts over-writing system or other program files. Even with an auto-run CD, Windows should pop up with a request that says "This CD is attempting to replace the drivers for your CD/DVD drive. Is this what you really want? Click here to learn more." (Maybe that last link leads to a live page only visible to people who've paid their Windows subscription maintenance tax in future ;) )
Ideally every program would declare in its manifest what permissions from the OS it needs, and Windows would render those in human-readable form. "By installing this iTunes program you give it permission to access files in My Documents\My Music, and to transfer that data over your Internet connection. Do you agree?" Note that the message comes from Windows, not the iTunes installer, in this example. Indeed, Microsoft should standardise the installation process. Time to buy out or crush Wise.
The alternative to up-front declaration of all permissions is intercepting system calls one-by-one and getting user authorisation. This is likely to result in a stream of unwelcome OS pop-ups. (Although I feel a patent coming on whereby the OS manages to quietly let the program roll on until it wants to do real harm and batch up those requests secretly in the background. Or maybe the OS scans the binary for different system call types in advance and asks permission before running the executable.)
I suspect there's a lot of very interesting research to be done in taking several hundred permissions to access system resources like CR ROM drives, printers and shared memory and boil them down into a few simple questions that any user can be reasonably expected to understand. Perhaps it'll be something like "Program X wants to have the same permissions as Program Y you already use, plus the following: ..."? Who knows! Probably a PhD there for the taking for someone in solving the problem, if you can find anyone able to blend the cognitive science and computing skills.
Back to the rant.
Windows keeps backups of changed program and configuration files, but it's all a terrible kludge with no integration into the install and security system. There's no decent "undo", where you can declare that you really didn't find a particular program trustworthy and you would like to get rid of it and all it's done to you.
MacOS isn't much better. OK, autoplay of CDs is disabled by default, which is an improvement. You'll be asked for an administrator password too, which should alert you that something is up. (Only the lowest corporate minions with Windows live without admin rights.) You can easily create "fake" users in Unix to represent a particular application. For example, web servers typically run under the "apache" user. But Unix shows its age, and these are also all unstandardised fixes on top of a broken security model. The granularity is wrong; it's not a list of known users on a computer who are attacking each other, but an unknown and unbounded number of external parties. Time to move beyond the simple user model, folks.
I'm not sure if Windows has an equivalent of Unix "chroot jails" that lock programs within a subset of the filesystem, but that's an example of the direction we need to take. But this has to be generalised to all system resources. By default a program should be able to do nothing unless the user gives consent. The world should look more like a Java sandbox, although Sun have never really got the deployment model sorted out there either.
So until there's a sensible resemblance of real security in general-purpose smart computing devices at the edge, telcos weilding IMS solutions are going to have a "safety" marketing play. Come to our closed network, we've got a security model that works (for a price).
And quite rightly so. Expecting them all to have sysadmin and network engineer skills isn't the answer. The IT folks must sort their lives out and stop building Everything 2.0 on security quicksand. Intelligence at the edge means responsibility at the edge, and at the moment we aren't living up to the needs of the users.
PS - Evil thought. Take a virtual OS product like Wine, strip out everything but the stubs. Now run all your real Windows programs inside the "emulator" that provides the security that Bill G. refuses to sell you. Total compatibility guaranteed, as everything gets passed through to the "real" OS. But nothing runs natively. And then watch the howls as MS sees Windows being 0wn3d by a third party intermediator who can now start pointing the Win32 APIs at other parties who want to supply MP3 playback etc. Yow!
Posted by Martin Geddes at 3:40 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/615