Coffeehouse Thread

17 posts

My Apologies

Back to Forum: Coffeehouse
  • Wiseman

    now microsoft open a channel to let us dicuss here,i have to talk about this....

    i read about this TCPA FAQ at 2 years old

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

    of course i read that chinese version because i'm from China,Hong Kong SAR,and my english is very poor

    microsoft WANT TO take control of all microsoft product user,i know winows xp have backdoor already

    now microsoft enable this Totally Crap feature on Service Pack 2 and windos 2003 service packs 1

    i know .NET technology is basic on that technology

    do you(include Bill Gates) think it will cause less and less user usng microsoft product

    don't tell me bu11sh1t things(e.g. because of security issue etc.)

    hope Bill Gates will read this topic

    Wiseman

  • OSUKid7

    Worst. Topic. Ever.

  • Manip

    I'm not worried about Microsoft's entire ID on a chip game.. but what does worry me is the exclusion of OpenSource and competition in general due to it. If all your information is encoded in Word files and encrypted using your PC's ID and Linux / Mac don't have access to the chip (because the spec was not released or something) then they will not be able to decrypt it, even if on the correct machine. It could also help to keep things in one format.. if the owner of the encryption doesn't offer to take it off your files then your stuck, you can't get third party tools to do it because that is the nature of the encryption.

    This entire security concept also realise on security though obscurity to some extent. For instance imagine if you did roll out support for these chips on Linux, couldn't someone just modify the kernel to fake the chips unique ID to make it appear as another PC? It is obscure because it realise on nobody being able to access or change the Windows operating system, so open source could not use it.

    How long before someone realises a chip that can dynamically change ID's ? a day.. a week.. a year? Look at Mod-chips on the X-Box. I mean with one that can change dynamically shops will not be able to stop the spread because the ID will come along with the MP3 for which it was purchased.

  • Jackco

    m8 I don't think trusted computing (TCG) the way to go because it cannot accept any hardware without the TPM chip on it. soon normal computers won't be able to access the internet because you have buy a new TCG PC with a modem which contain the TPM chip. wait a min I don't want new hardware to access the internet get lost. this kind of technology can take snapshot every min which invade peoples privacy and technology is trusted computing don't make me laugh it more like treachery computing. I don't care if it there to stop piracy but I do care more for the publics and the publics fighting for there right. I hope the gorverment will listen to the public but I don't think they will. The european  have already protested against the software patents crap they will do the same with trusted computing because they don't care if it stop piracy they care more about freedom and fighting  for ther rights. all Microsoft care about is the benefits from the Trusted Computing what limit peoples rights.

    Take my advice people like Bill Gates, The Crew and the rest people who work for microsoft don't give toss if it invade your privade they have got no xps with the poor people trust me. I don't care about microsoft because they have got done for the monopoly they pulled out the hat and can not be forgiven for they action pulled. I liked the old USA better then the new USA.

    all I can say is good ridden and BOYCOTT MICROSOFT!!!

  • Knute

    <yawn/>

    ~ Knute

  • ZippyV

    - Nothing that that site claims is true.
    - Windows XP does NOT have a backdoor. Think about this: There are millions of computers. Why would Microsoft want to check out each and one of them?
    - TCPA is NOT NGSCB!
    - .NET technology is based on managed code. If a program is not trusted (because it was downloaded from the internet) the .NET runtime will block access to certain system resources like hard drive and register. Is this a good thing? Yes! Will it stop virusses? No, chance of getting infected will be lower.
    - NGSCB FAQ from Microsoft:
    http://www.microsoft.com/technet/security/news/ngscb.mspx

  • miseldine

    I must admit, any attempts to control my computing use concerns me. Not because I think Microsoft or any other vendor will want to peek into my email and read the begging letters I send to the bank, but because it can/might limit my ability to distribute what I own, or what others want me to have.

    The culture of mistrust that surrounds Microsoft in some quarters of the computing community is partly its own fault. Just look at the many settlements that come through seemingly each week.

    For a company with MS's track record in both being mistrusted in their practises, as well as in practical security (just look at the Passport password fiasco a few months back), it's going to take huge steps for Microsoft to regain the trust before NGSCB and DRM (I'm thinking Office 2003 here) start to look attractive to many.

    It's vital to Microsoft's future to be trusted, and that's why the recent initiatives to get employees blogging and sites like Channel 9 so appeal as we get to see the real minds behind the code...and it's not a shock to see they're dedicated, intelligent, full of ideas, and open to change.

  • sbc

    ZippyV wrote:

    - .NET technology is based on managed code. If a program is not trusted (because it was downloaded from the internet) the .NET runtime will block access to certain system resources like hard drive and register. Is this a good thing? Yes! Will it stop virusses? No, chance of getting infected will be lower.

    How would you set a program to be trusted? Would you need a certificate for the program to access the hard drive? Just because Microsoft/Verisign don't trust it, does that mean you can't?

    Where would this leave Open Source (which changes frequently and will not be able to get a certificate based on cost).

    What you want is a free certification service, which will allow developers to have certificates without it costing them. It wouldn't be part of the default certificate store, so you will be alerted that it is not from a trusted source, but give you an option to run the code anyway (much like what you get with self-signed certificates).

    Also .NET technology should not need the registry (which can easily get slow, bloated and corrupt) - configuration done through application.config files (or web.config for websites). XML configuration files would make an application far more flexible and transferable (i.e. to run on another PC, just copy the files).

  • FrankCarr

    ZippyV wrote:
    - Nothing that that site claims is true.


    Which is to say you didn't read anything the site and just made a gut reaction. It links to news articles and press releases by the TCPA participants to back up the claims.

    What worries me is the level of control proposed by a number of TCPA companies. They need to know that a large group of consumers will reject this kind of control, for example, preventing users from making 'fair use' copies of CDs or other material or essentially shutting down low-cost, free, or open-source software by requiring stringent and expensive licensing.

  • Shining Arcanine

    Wiseman wrote:
    now microsoft open a channel to let us dicuss here,i have to talk about this....

    i read about this TCPA FAQ at 2 years old

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

    of course i read that chinese version because i'm from China,Hong Kong SAR,and my english is very poor

    microsoft WANT TO take control of all microsoft product user,i know winows xp have backdoor already

    now microsoft enable this Totally Crap feature on Service Pack 2 and windos 2003 service packs 1

    i know .NET technology is basic on that technology

    do you(include Bill Gates) think it will cause less and less user usng microsoft product

    don't tell me bu11sh1t things(e.g. because of security issue etc.)

    hope Bill Gates will read this topic

    Wiseman


    That doesn't look like a reputable source of information. I'm reading through it and I have found lies and out of context quotes. Go to Microsoft's website and search for information, you will find facts.

  • spiderLab

    If I controled this OS and there was a backdoor and this OS was installed on 3 billion computers and I was a realy realy bad guy there would be 3 billion ideas in my head Smiley

    What is installed on the computer

    What Ideas /thoughy are writtin in the users douments

    Scanning users email messages could give me great insight
    (and use  them for own marketing)

    and at least what about the bigest company in USA relation to its goverment? Any deals here?

    T




  • ZippyV

    Certificates are only a way to see if the program has been tampered with and to control the source.
    If programmers or company's want to create their own certificate they can always generate them with the Certificate Services available on Windows Server 2003 Enterprise. (Or OpenSSL if you use Linux)

    The security system the .NET runtime relies on is like the security zones in Internet Explorer. It's client-side, no internet connection is neccesary. You can change it at any time if you want.

  • sbc

    Does that mean you can add the .NET app that you trust to the trusted sites list? When its there it has access to the drive? What about certificates for those on Windows 2000 Server and who cannot afford a license server (unless you can create them for free)?

    An app at least should have the same access rights the user has - read/write access to My Documents, desktop, APPData\AppName.

    Although if it were a truly portable program you could drop it in any folder you like.

    The better designed programs (and some games like Sim City 4) create a folder in My Documents that they have full access to; also the write to the users temp folder (rather than try to use C:\Temp\ or C:\Windows\Temp\)

    I think the best method for programming is to try and do it as a standard user - that way you will know your program will work properly without needing admin rights)

  • ZippyV

    sbc wrote:
    Does that mean you can add the .NET app that you trust to the trusted sites list? When its there it has access to the drive? What about certificates for those on Windows 2000 Server and who cannot afford a license server (unless you can create them for free)?


    No, I said the security system is LIKE the trusted sites list in ie. If you want to see how it works look in your config screen, click system managment, go to .NET Framework configuration.
    I think Windows 2000 advanced server has also the Certificate services.

    sbc wrote:
    An app at least should have the same access rights the user has - read/write access to My Documents, desktop, APPData\AppName.


    Really? Also if it's executed automatically when you click on a link in a webpage?

    sbc wrote:
    Although if it were a truly portable program you could drop it in any folder you like.


    All .NET programs can be deployed via xcopy.


    sbc wrote:
    The better designed programs (and some games like Sim City 4) create a folder in My Documents that they have full access to; also the write to the users temp folder (rather than try to use C:\Temp\ or C:\Windows\Temp\)

    I think the best method for programming is to try and do it as a standard user - that way you will know your program will work properly without needing admin rights)

    SimCity 4 is an excellent game and I love Maxis for their high quality programs (except the last 3 expansion packs for the sims). BUT, I think the game still need administrator privileges and that's not acceptable. Also, the My documents folder is for documents or media files (movies, pictures, music) only, not for configuration files for a game. A better way is to store that stuf in the application data folder of the user.

  • sbc

    ZippyV wrote:

    Really? Also if it's executed automatically when you click on a link in a webpage?

    I'm thinking of standalone apps, not web pages. At the moment they all run OK at the moment. I am thinking of Longhorn and beyond. What I mean is I hope it doesn't go too far - to only allow certified applications to run - and that may mean expensive certificates (but also allow the option for running only certificated apps). A kind of sandbox mode, where if a program requests access to different parts of the hard drive (outside the temp folder, and application data folder) asks for your permission to do so (unless it has been digitally signed).
    ZippyV wrote:

    SimCity 4 is an excellent game and I love Maxis for their high quality programs (except the last 3 expansion packs for the sims). BUT, I think the game still need administrator privileges and that's not acceptable. Also, the My documents folder is for documents or media files (movies, pictures, music) only, not for configuration files for a game. A better way is to store that stuf in the application data folder of the user.

    I think config files should go into the application data folder, but some files may be OK in My Documents. i.e. save games, custom content.
    That's really up to the developers though. Games should also be installable as a power user  - no excuse for needing admin rights as DirectX is part of the system (XP and beyond, perhaps rights needed for 2000, but only if DirectX is an old version)

    What would be nice if there was a special folder for games. A sort of My Games folder - with links to installed games, and save game directories. It would be easier to get to games that way rather than Start >> Programs >> Maxis >> Sim City 4 >> Sim City 4 you would go Start >> Games >> SimCity 4

    Games would be better if they installed to C:\Games\GameName. When under Program Files, you may not know which folder the game is in (i.e. SimCity4 in Maxis folder, but looking for a SimCity4 folder)

  • ZippyV

    In reaction to the first part of your post:
    It IS executed as a standalone application. With non .NET applications you should normally get a download box, choose a save path and after download you can open it. But .NET apps are executed immediately (unless they are packed within an installer or not meant to be started right away).
    About the certificates: please think 5 minutes about what you are saying. Windows would lose a lot of programs when programmers would have to buy certificates.
    Did you read the link to the faq I posted?
    Q: Will other software products still run on machines with the TPM?
    A: Yes. If the software runs on systems today, it is very likely that it will continue to run on systems with a TPM.
    Another thing:
    Nexus-related features must be explicitly requested by a program.

    Quote from sbc: "(unless it has been digitally signed)"
    Spam and Spyware are also digitally signed. Don't trust signed mail, activex controls or programs.

    2nd part of your post:
    I agree with you on the special folder with shortcuts for games. I think that will be implemented in Lonhorn.

  • sbc

    Perhaps ActiveX should be scrapped in Longhorn (or given very little access rights)?

    Spywareblaster is good for stopping spyware. It simply stops the ActiveX app from running at all by setting the 'kill bit' in the registry.

    Will the registry still exist in Longhorn? Hopefully not - or at least in a reduced format for backwards compatibility.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.