Given that the Sony DRM fiasco rolls on, why not spin a few more punditry thoughts?
Firstly, what a screw-up from an economics perspective. The CD should be the premium, DRM-free product. The downloads are the price-discriminated limited-use products with lower bitrates, transfer and play restrictions etc.
What on earth entered their mind by putting DRM on CDs? CDs are supposed to be expensive. They’re gift items, rendered in tangible polycarbonate and aluminium foil. They don’t compete with downloads, as the markets only partially overlap. Just because it’s music doesn’t mean it is a solution to the same user need.
Secondly, this problem is getting heaped on Sony’s head, but really it’s Microsoft’s issue. The security model for XP is broken. The view Windows has of the world is as a pre-networked OS. It tries to protect the resources of the computer from multiple programs and users trying to trample over them at the same time. As long as you aren’t contending for simultaneous access, what’s the problem?
But the threat now comes from outside, and the threat is to the user’s privacy and security — their data — and not to the PC per se. Yet Windows doesn’t track where each file originates from, and ask for the user to intervene when program A unexpectedly starts over-writing system or other program files. Even with an auto-run CD, Windows should pop up with a request that says “This CD is attempting to replace the drivers for your CD/DVD drive. Is this what you really want? Click here to learn more.” (Maybe that last link leads to a live page only visible to people who’ve paid their Windows subscription maintenance tax in future ;) )
Ideally every program would declare in its manifest what permissions from the OS it needs, and Windows would render those in human-readable form. “By installing this iTunes program you give it permission to access files in My Documents\My Music, and to transfer that data over your Internet connection. Do you agree?” Note that the message comes from Windows, not the iTunes installer, in this example. Indeed, Microsoft should standardise the installation process. Time to buy out or crush Wise.
The alternative to up-front declaration of all permissions is intercepting system calls one-by-one and getting user authorisation. This is likely to result in a stream of unwelcome OS pop-ups. (Although I feel a patent coming on whereby the OS manages to quietly let the program roll on until it wants to do real harm and batch up those requests secretly in the background. Or maybe the OS scans the binary for different system call types in advance and asks permission before running the executable.)
I suspect there’s a lot of very interesting research to be done in taking several hundred permissions to access system resources like CR ROM drives, printers and shared memory and boil them down into a few simple questions that any user can be reasonably expected to understand. Perhaps it’ll be something like “Program X wants to have the same permissions as Program Y you already use, plus the following: …”? Who knows! Probably a PhD there for the taking for someone in solving the problem, if you can find anyone able to blend the cognitive science and computing skills.
Back to the rant.
Windows keeps backups of changed program and configuration files, but it’s all a terrible kludge with no integration into the install and security system. There’s no decent “undo”, where you can declare that you really didn’t find a particular program trustworthy and you would like to get rid of it and all it’s done to you.
MacOS isn’t much better. OK, autoplay of CDs is disabled by default, which is an improvement. You’ll be asked for an administrator password too, which should alert you that something is up. (Only the lowest corporate minions with Windows live without admin rights.) You can easily create “fake” users in Unix to represent a particular application. For example, web servers typically run under the “apache” user. But Unix shows its age, and these are also all unstandardised fixes on top of a broken security model. The granularity is wrong; it’s not a list of known users on a computer who are attacking each other, but an unknown and unbounded number of external parties. Time to move beyond the simple user model, folks.
I’m not sure if Windows has an equivalent of Unix “chroot jails” that lock programs within a subset of the filesystem, but that’s an example of the direction we need to take. But this has to be generalised to all system resources. By default a program should be able to do nothing unless the user gives consent. The world should look more like a Java sandbox, although Sun have never really got the deployment model sorted out there either.
So until there’s a sensible resemblance of real security in general-purpose smart computing devices at the edge, telcos weilding IMS solutions are going to have a “safety” marketing play. Come to our closed network, we’ve got a security model that works (for a price).
And quite rightly so. Expecting them all to have sysadmin and network engineer skills isn’t the answer. The IT folks must sort their lives out and stop building Everything 2.0 on security quicksand. Intelligence at the edge means responsibility at the edge, and at the moment we aren’t living up to the needs of the users.
PS - Evil thought. Take a virtual OS product like Wine, strip out everything but the stubs. Now run all your real Windows programs inside the “emulator” that provides the security that Bill G. refuses to sell you. Total compatibility guaranteed, as everything gets passed through to the “real” OS. But nothing runs natively. And then watch the howls as MS sees Windows being 0wn3d by a third party intermediator who can now start pointing the Win32 APIs at other parties who want to supply MP3 playback etc. Yow!
Posted by Martin Geddes at 03:40 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/615.
Unlike most other industries, the computer industry has two giants in Intel and Microsoft which control the supply of two most important components. The rest of the industry revolves around Intel's CPU and Microsoft's Windows-Office combo. If computing has to be made available to the next-generation of users, this Wintel stranglehold needs to be broken.
Or at least the users should expect, when they purchase an OS to be able to adapt it to their "needs".
But this requires that the OS must be "open" and "interoperable".
When I buy a suit I expect to be able to lower or shorten the hem or the sleeves or to make it slighly bigger or smaller in a way to fit my size.
Nobody would buy something that doesn't fit...
So should be an OS.
I should be able to make it "fit" to my needs.
This should be the minimum price a Monopoly should pay...
Patrizia
http://woip.blogspot.com
Posted by: at November 24, 2005 08:50 AMLast time I looked, I coulda sworn AMD was ahead of Intel in chip sales.
Personally I think that Microsoft should be made to separate the OS from the applications. i.e. create 2 companies, One sells Office and all the other applications, the other makes the Windows operating system. Given how long it takes them to put out a new version of Windows, I reckon they could disentangle themselves in about a decade!
I'm an AMD fan but despite the headlines (September http://www.xbitlabs.com/news/cpu/display/20051017144150.html and October http://www.cooltechzone.com/index.php?option=content&task=view&id=1974)
It's important to keep in mind that AMD outsell Intel only in the US retail market. This retail market makes about about 10% of the total market, so although its an intersting indicator of things to come (the retail market tend to point to people like me who build their own kit and act as recommenders for others). http://www.notebookreview.com/default.asp?newsID=2616
Now in the server market, AMD is making headway too, thanks to the Opteron processor at the high end (superior performance, and better performance per watt), and at the low end in the corporate because the low end Athlon/Sempron CPUs have better price/performance and better performance/watt.
But Intel has a vastly superior manufacturing capcity than AMD, so despite having a better product (at the moment, and probably for the next 2 years) it's going to take a while before you see AMD overtake Intel in total sales. But that isn't so relevant, what is relevant is that there is competition in the CPU market, which has seen companies take different routes in tackling the same technology barriers and yet produce compatible solutions.
It's interesting that despite it's "aggressive" marketing practices, Intel has not been subject to the same level of hostility and bad feeling that Microsoft has, and has been subject to far fewer anti-competitive practice lawsuits. I think this is because Intel has been more transparent in it's investment (All that manufacturing capacity and R+D didn't come for free), and that it was wise enough to insitute training about anti-competitive practice as standard many years ago. Sure, some of it's decisions seem driven by marketting - they won the Mhz battle at the cost of now being in a techology cul-de-sac, but overall it's often been buyers who have encouraged poor purchasing and marketting practice (such as government departments specifying that they only buy "Intel" kit, rather than specify for instance "x86 compatible").
Perhaps much of what I'm trying to say was said by Martin a long time ago in "OPINION://Regulate market conversations, not markets" http://www.telepocalypse.net/archives/000079.html
Posted by: at November 27, 2005 05:59 AM
Martin,
What you're describing does sound a little bit like the CLR.
Is that where you were headed?
-cj-
Posted by: at November 27, 2005 11:00 AMYes, except that the CLR is really only as good as the OS house it lives in. Because you aren't forced to run all code via the CLR, it's pretty useless as a security fence.
Posted by: at November 27, 2005 02:54 PMAh, a subject dear to my heart. Yes, privileges should attach to code, and yes, users will be driven to madness by the obvious approach ("Do you want to allow shimgvw.dll to call PlayMetafile?").
HP Labs has done some tantalizing but underreported research to make a Windows desktop both restricted and usable. There's a report at http://www.hpl.hp.com/personal/Alan_Karp/polaris.pdf, which in a nutshell explains that they wrap an application in a policy package that grants it certain privileges, then copy the files the user wants to work on into something (vaguely!) like a chroot.
They've tried the system on normal people but I question whether they've done enough testing to prove it workable.
Posted by: at January 20, 2006 05:31 AM