Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft

Microsoft News Update 512

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.
This discussion has been archived. No new comments can be posted.

Microsoft News Update

Comments Filter:
  • Netbios... (Score:4, Funny)

    by kc0dby ( 522118 ) on Wednesday August 28, 2002 @10:00AM (#4156290) Homepage
    I mean come on... We've been nuking win95 machines since '96... It's time to find a new protocol!
    • You make a good point. What system on the Internet even has this port open?
      • Re:Netbios... (Score:3, Interesting)

        by Tor ( 2685 )

        You make a good point. What system on the Internet even has this port open?

        Most Windows machines - that is - most computers on the Internet.

        I have a CGI script running from Apache on my Linux firewall, named "/scripts/root.exe". (This is actually a counterterrorism measure against a unrelated issue, namely the IIS hole and the Nimda virus). Part of what I am doing in this script is to use Samba ("nmblookup" and "smbclient") to determine the Windows name of the attacking machine, and then to send back a pop-up message warning the owner about their virus infection.

        I log these responses as well. I used to get a 75% "hit rate", that is, 75% of attackers exposed NetBIOS information (such as their computer name) directly on the Internet. Recently, my ISP (AT&T Broadband) have started to filter out incoming traffic to ports 137-139 - and since most requests come from people in the same IP address range as mine, most probes are thus unsuccessful nowadays. But among IP addresses from by other ISPs, I still get more machines that reveal this information than machines that don't.

        Needless to say, all of these machines would be exposed to "smbdie" - however most of them are probably still running Win98, and so are not affected.

  • Shifty (Score:2, Insightful)

    by rczyzewski ( 585306 )
    I still think Microsoft's actions are shifty. Ok, let's release some code, but not a lot of it or enough to be completely useful. We'll bring a few *nix users over, a few Mac zealouts back, and more customers for us because they no longer think of us as the "bad guy" because we showed we can be open source. BS. It's a half-assed solution to a ass-backward situation. If they can't do it right, should they even be doing it at all?
  • Well... (Score:5, Funny)

    by graphicartist82 ( 462767 ) on Wednesday August 28, 2002 @10:04AM (#4156318)
    On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net

    Well, one good way to help the propagation along would be to post a link to it on slashdot so thousands of script kiddies can get ahold of it... oh wait..
    • I would rather read here on Slashdot that there is a hack "in the wild", so that I can educate myself and defend myself. The chances that a script-kiddie would learn of this via google or astalavista or newsgroups before I do -- since they have an active interest -- is much more likely. If i didn't read about it here, the next chance I would have would probably be a) mainstream media discovery (unlikely), or b) via the next set of patches released via Windows Update or identified by CNET's catchup utility. And we all know how responsive MS is to security breaches...
    • Re:Well... (Score:4, Insightful)

      by VivianC ( 206472 ) <internet_update@@@yahoo...com> on Wednesday August 28, 2002 @10:46AM (#4156665) Homepage Journal
      On the plus side, someone might be able to use this to knock out the machines that are still flooding the net with CodeRed.

      Besides, anyone smart has NETBIOS blocked at the firewall already, right?
      • by Bastian ( 66383 ) on Wednesday August 28, 2002 @12:53PM (#4157732)
        If you let FTP traffic through. malicious code will get in through there. If you leave port 80 open, malicious code will get through there. If you leave port 23 open, malicious code will get in through there. If you let e-mail in, even if you virus-scan it, malicious code will get in. If there is a single floppy disk drive on your network, malicious code will get in. Same for CD-ROM drives.

        Firewalls can make things inconvenient for people (users as well as crackers), but there is always a balance that must be met between how much inconvencience the users can tolerate and how important it is to inconvenience crackers. That balance is never going to lean very far towards the 'inconveniencing crackers' side.
  • I was under the impression that the ability to crash a windows box with malformed NetBIOS data had actually been around for quite some time.

    Apparently, you can also crash a Windows box by pouring beer into the fan outlet of the power supply. Code to be posted soon.

  • Also (Score:5, Informative)

    by asv108 ( 141455 ) <asvNO@SPAMivoss.com> on Wednesday August 28, 2002 @10:06AM (#4156330) Homepage Journal
    According to this article [theregister.co.uk] anyone using cracked WPA activation or certain serial numbers will not be allowed to use windows update or install SP1. This will apparently not affect the OEM copies that have been floating around for month before the windows XP release date.
    • Re:Also (Score:3, Interesting)

      by Clue4All ( 580842 )
      This mostly applies to the stolen corporate keys for XP Pro. Anyone using them (20 keys at last known count by Microsoft) will be unable to install SP1, and they will also be locked out from all future updates. Yes, I'm talking to you with the key that starts with FCKGW. I've always wondered if those letters were intentional...
      • There's at least one keygen, so unless they also match against all known good keys it'll be little more than an irritation.
      • Re:Also (Score:3, Funny)

        by grytpype ( 53367 )
        >Yes, I'm talking to you with the key that starts with FCKGW. I've always wondered if those letters were intentional...

        FCKGW? Fuck George Washington? Must be the British!
  • by tiedyejeremy ( 559815 ) on Wednesday August 28, 2002 @10:07AM (#4156339) Homepage Journal
    • "We can block out rogue applications or compromised applications or broken applications," says the Singapore-based manager of Microsoft's digital media division, Winston Chan.
      The sting is that a content licence can be revoked at any time by the copyright owner on application to Microsoft, which will then yank the offending content off the air.
      "(Censorship) is not easily done because you need pervasive PC deployment and broadcast (media) is the primary channel," Chan says.
    Jesus, do I hear "big brother" talking about DRM, or what? I was thinking the RIAA was the new McCarthy, but to read this makes my skin crawl....
    • tiedyejeremy wrote:

      > Jesus, do I hear "big brother" talking about DRM,
      > or what? I was thinking the RIAA was the new
      > McCarthy, but to read this makes my skin crawl....

      It should. Microsoft is trying to use the RIAA and the MPAA (collectively known as the MSAA: Media Sharks Ass. of America) and the Hollings bill to be legislated into a 100% monopoly of the computer industry. I doubt that they could succeed in their Millenium plan ( http://research.microsoft.com/research/sn/Millenni um/mgoals.html
      -- especially "What would such a system be like?") without some kind of law behind them.

      Note how Microsoft is stressing control over applications as well as data, and the linking of .Net into DRM. You will see much more linking together of their various technologies in Palladium and Yukon (SQL Server as the basis of their new file system).

      Control over file formats will be crucial as well, since Yukon will be replacing all current file formats, putting all kinds of data under Microsoft's control. This will allow them dominance over all application categories, as anyone else still writing software will be following the same procedures laid out in the article for Corona.

      Microsoft's new EULAs allow them to install Millenium whenever they please on all systems covered by them. When they do install Millenium, I imagine it will come with a EULA forbidding its removal or any hindrance in its operation.

      If Microsoft succeeds in doing this, it will completely blow away any of their previous antitrust violations. They could conceivably, with government help, attain total dominance of the computer industry for the forseeable future. Their DRMOS patent combined with the Hollings bill would either put their OS competitors out of business, or force them to pay huge licensing fees. Thanks to the open source project Mono, they could extend Millenium to cover both Linux and even Apple.

      We are not without hope, though. As Microsoft's tyranny increases, so does customer anger. Alternatives to every one of its monopolies exist today. We can also count on Microsoft bungling things big time, in a way that might destroy them before they gain too much power.

      Our brightest hopes lie with Apple. Apple has power far greater than its tiny marketshare implies. Apple can rally the computer industry against the Hollings bill. Apple can gain marketshare, weakening Microsoft. Apple might be able to make the MSAA see reason. And if neccessary, Apple can use the tools it has bought to take down the MSAA and give power back to the artists and people where it belongs.

      And Apple has two great friends. One hates Microsoft with a nuclear passion. The other despises the media sharks. They will help their beloved Apple, or they will avenge it.

      "At this moment, it has control of systems all over the world. And...we can't do a damn thing to stop it."
      Miyasaka, "Godzilla 2000 Millennium" (Japanese version), December 2000

      "No one's going to die, mister. Mothra's going to come and save us."
      Taiki Goto, "Mothra", December 14, 1996 (Days before Apple announced the return of Steve Jobs.)

  • HMM... as if script kiddies don't have it easy enough, lets put a link to a 'crash' script on the front page of slashdot... Do the editors on slashdot ever think before they post links?
    • Oh yeah, god knows nobody on slashdot can do a simple google search...
    • by idontneedanickname ( 570477 ) on Wednesday August 28, 2002 @10:32AM (#4156562)
      What's this "think" you're talking about? Can you eat that?
    • Yeah, lets not post a link and the rest of the world will be completely safe from this. Would your system crash differently if an experienced cracker exploited this by hand instead of some script kiddie? You are blaming the wrong people. Maybe the problem will just go away or it will fix itself. I have an idea, lets create a "trusted" inner circle of hand selected vendors with government or MS oversight to disclose bugs to only those that pay to the yearly slush fund. If you hide and conseal your software bugs then all security problems will go away. We could even fabricate or interpet an existing law that makes reporting potential software bugs illegal. With advanced management and filtering of potential software bugs (I suggest AMFPSB), everyone will be much safer and MS can save millions of $ a year on software audits. If bugs and proof of concepts went away then we could judge a software companies products on their marketing ability and not have to worry about the actual quality of the product.

      My opinion on this will not change with negative moderation.
    • by jsse ( 254124 )
      HMM... as if script kiddies don't have it easy enough, lets put a link to a 'crash' script on the front page of slashdot... Do the editors on slashdot ever think before they post links?

      You are absolutely right! /. editors are bastards! Do they understand kids nowaday?! Give them knives they'll kill; give them games they'll not go to school; give them money they'll spend on drugs. Do they ever think of the children? Do they really want our kids sending us back to dark age with these tool?! I want my kids become a MCSE, not some kind of script kiddies!
  • Dumb Question: (Score:4, Interesting)

    by Schnapple ( 262314 ) <tomkidd&gmail,com> on Wednesday August 28, 2002 @10:10AM (#4156364) Homepage
    OK, so the headlines are all "Microsoft is disclosing Windows Code", "Microsoft is disclosing Windows Source Code", "Microsoft is revealing/giving away Source Code". My question is this - it sounds from the headlines like Microsoft is taking source code from Windows, zipping it up, and handing it to everyone. However, all I've seen is documentation on API calls - not actual "source code". Am I missing something? Is source code forthcoming? Or is this all that Microsoft is revealing and the news media is vastly confused as to what "source code" actually is?

    By that logic, is this part of Microsoft's plan? Since Linux is seen as good by the general public for, amongst other reasons, giving away the source code, is Microsoft trying to make the (erroneous) impression that they're giving away source code as well?

    All you have to do is winess the general confusion when a game maker releases some source code ("The RtCW Source Code has been released! This means the game is free!") to see that the general public still doesn't "get" this idea.

  • by Neon Spiral Injector ( 21234 ) on Wednesday August 28, 2002 @10:14AM (#4156388)
    One article says Media Player 9 will allow the user to select how much information is set to content providers. But the other goes into detail about the new DRM featurs of MP9. One of the biggest is a 3rd party clearing house for certificate athentication and authorization.

    So you get a DRM enabled media file. When you play it, Media Player has to contact this server to find out if you are allowed to play it. They can track every time you play this file.

    Maybe you'll have a feature that protects your privacy, but if you don't let the player contact the clearing house, you can't play the files.

    Also, I'm sure everyone saw it coming. The reason Microsoft changed their EULA is because of this new DRM crack down. They want any program that can open a DRMed file to have to be authenticated, and they want to be able to disable any program that will attempt to get around these restrictions, and they don't want to get in trouble for messing up software you have installed.

    Good thing I use a free and open OS. But if this type of thing continues, all media produced will be encrypted and you'll have to contact the DRM server to view it. So it won't matter. Just wait until router manufacturers are convinced to not all their producted to transmit any packets that haven't been DRMified properly.
    • by Technician ( 215283 ) on Wednesday August 28, 2002 @10:30AM (#4156537)
      I wonder if a DDOS attacks on the clearing house will convince very many people this is a bad idea?

      "My Power Point presentation died... I want it fixed NOW!. What do you mean the copy can not be authorized with the clearinghouse? I wrote and transfered it to the auditorium computer! Make it play!"
  • Release of API (Score:5, Interesting)

    by crazney ( 194622 ) on Wednesday August 28, 2002 @10:14AM (#4156397) Homepage Journal
    Well, im not sure about everyone else.. But I know us developers at the WINE project have found the new APIs (documented here [microsoft.com]) to be anything but useful [winehq.com]..
    Well, the register does say "what Microsoft has got in there is a grotesque, badly-documented pile of poo it doesn't fully understand itself. [theregister.co.uk]" (in regards to the fact that the few new APIs microsoft released doco's on are other useless or all together wrong!.)

    David.
  • Link to the code but don't tell us non-coders how to defend against it. "NetBIOS enabled" can mean many different things, after all. NetBIOS enabled on the target interface or on any interface? Anybody with NetBIOS running on their internet interface is a fool to begin with and probably deserves to be crashed...

    Of course, even that could be solved easily enough with a router and/or port blocking.
  • You know, the funny part is I am actually willing to pay a reasonable amount to get the OS, and even a reasonable amount to use additional copies. But that into about discounts on the price is crap...
    Sell me the first license for whatever cost(although the current price is way to high, $49.99 for Professional/Home is much more reasonable) and charge a nominal fee for additonal licenses, like say $9.99....Honestly they would probably have less of a pirating problem if they would charge resonable fees....
  • Uhhh.... (Score:3, Interesting)

    by interiot ( 50685 ) on Wednesday August 28, 2002 @10:20AM (#4156446) Homepage
    • A new feature will enable computer manufacturers to selectively hide and display Microsoft's integrated programs displayed on the start menu of the operating system, including Microsoft's Internet Explorer Web browser, Windows Media Player and Windows Messenger programs.
    • During the federal antitrust trial, Microsoft argued that such a change would cripple the Windows program.

      The change will make it possible for hardware vendors to customize their systems by striking business deals to include alternative programs from companies like America Online and RealNetworks.

      It will also permit computer users to reselect the hidden Microsoft programs if they choose.

    Isn't this tantamount to purjury? Their claim that it would criple the system and that it couldn't be removed was obviously false, if all that was necessary to satisfy the courts was to remove the icon from the desktop. Sure, MS is allowed to spin things a bit in the media, but in the courtroom, nearly explicit lies are illegal, no?
    • Re:Uhhh.... (Score:3, Informative)

      by ThePilgrim ( 456341 )
      Actually no,

      Hide and remove are diffrent concepts. Just because the IE icon is not on the desktop does not meen that my program can't pullin the IE HTML render object, because the code will still be there on the box
    • "Isn't this tantamount to purjury? Their claim that it would criple the system and that it couldn't be removed was obviously false, if all that was necessary to satisfy the courts was to remove the icon from the desktop."

      In the courts of the United States, it no longer matters whether you tell truth or falsehood or whether or not you have broken the Law. The side that has more money will just keep appealing and delaying until the other cannot afford to pay for lawyers. And when it comes to having money, MSFT is not exactly in a shortage.

  • by Carnage4Life ( 106069 ) on Wednesday August 28, 2002 @10:21AM (#4156452) Homepage Journal
    On Roblimo's (Supposed Editor-in-Chief of OSDN) webpage [roblimo.com] he claims that
    My official job title is Editor-in-Chief for OSDN, but I'm more of an in-house editorial consultant than a controlling "boss" editor because we have a great staff that needs little or no direction. Now and then I offer a little advice, but I usually wait until I'm asked instead of forcing my words of wisdom (wisdumb?) into unwilling ears.
    well it may be that most of the Slashdot editors (timothy, CmdrTaco, hemos, etc) know how to use their own discretion but it is painfully obvious to anyone who's been a Slashdot reader for any decent amount of time that Michael needs adult supervision. If he isn't bitch slapping comments or posting blatantly wrong information then he's insulting Open Source luminaries like Tim O'reilly and twisting their arguments.

    However he has now topped himself by linking to a script kiddie tool to what may be an unpatched bug on a website that gets hundreds of thousands of hits a day. What the fuck? Do you see MSNBC or C|Net linking to r00tkits whenever a Linux vulnerability is released?

    Roblimo as Editor-in-Chief, you are responsible for his work and quite frankly he is the worst part of the Slashdot experience (now that I've upped my threshold to 4).
  • by edgrale ( 216858 ) on Wednesday August 28, 2002 @10:23AM (#4156466)
    Are we talking about MS02-045 [microsoft.com] ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!
  • by Damek ( 515688 ) <adam@NOSpam.damek.org> on Wednesday August 28, 2002 @10:23AM (#4156473) Homepage
    From the article:

    "Welcome to Windows Media Player 9 Series," the opening screen of the Privacy Options panel reads. "Microsoft is committed to protecting your personal privacy. To enhance your experience with features including album art and pay-per-view-services, data must be sent and received over the Internet and/or saved on your PC. The options below enable you to customize these privacy settings."

    OK, so right from the get-go users are presented with the issue of sending information from their computer. Certainly this is an enhancement feature, if done correctly and the user really has control over what is going on. In the long run, the real power and benefit of computers and networks comes with sharing information, and as people become more comfortable with it, software that includes network features will be more powerful and more popular. For example, see the popularity of the CDDB in CD players.

    However, how do you really know what sort of information your software is sending over the network? As we start to take advantage of network features, it will become impossible to rely on personal firewalls to curb outbound traffic - you want your CD player to send some ID to the CDDB so it can retrief the correct tracklisting for the CD you're playing, so you have to tell your personal firewall to allow your CD player to connect to the net. After that point, you are trusting the CD player to behave properly and not betray you.

    The article acknowledges this:

    "As more applications become Web-aware in order to provide services and information back to the user, consumers need to be aware of the quid pro quo that's taking place and exactly what information is being provided to the vendors," Gartenberg said. "What Microsoft appears to have done here looks like a step in the right direction, if it makes it into the final product."

    So the issue boils down to trust. Do you trust Microsoft? I'm sorry, but I do not. No matter what they put in their GUI as far as options go, you can never quite be sure about what their software is sending back to them.

    With open source, at the very least you're allowed to look at the code and see what your software is really doing...
    • ... what's being sent over the network via packet-sniffing. Granted it would be a pain in the butt though. Plus they could encrypt data they send to some level. guh. But if we see data which appears to be encrypted while looking at those packets, and if the software doesn't warrant any kind of encryption, then we can raise the red flags and ask questions.

  • Source code (Score:2, Interesting)

    by caluml ( 551744 )
    Has anyone reading this **ever** seen any MS source code for their OS's?

    There's one guy here (hello Dave) that counters my open-source arguments with, "Oh but you can now get the source-code to WinCE", but that doesn't hold water for me.
  • by Otis_INF ( 130595 ) on Wednesday August 28, 2002 @10:27AM (#4156505) Homepage
    http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp [microsoft.com]

    But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.

    (good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")
  • by burgburgburg ( 574866 ) <splisken06NO@SPAMemail.com> on Wednesday August 28, 2002 @10:27AM (#4156512)
    According to the Microsoft whitepaper found here [microsoft.com], there are 11 components of XP that automatically download material from the Internet. If you've ever clicked the "always trust Microsoft" box (something unlikely here, I realize, but many have), then things like Media Player will download and install new media codecs without any notice, for example. Another thing that we're all concerned with relate to DRM: a built in feature of XP will silently download and install "revocation lists", which list programs that are not allowed to play DRM-encoded content.
  • by Anonymous Coward on Wednesday August 28, 2002 @10:32AM (#4156560)
    From Russ at BugTraq:

    Before too many more messages;

    1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.

    2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.

    3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.

    4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).

    5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.

    The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.

    Cheers,
    Russ - NTBugtraq Editor
    • The fact is that 99.9999% of home users only use windowsupdate to secure their boxes. A great majority of those, don't update regularly enough to make this exploit a non-issue.

      Yeah, stupid red button, yeah stupid user didn't secure his box. End result is no different than if the exploit were a true blue win buster... It's still a borkable box.
  • The potential further exists for oppressive governments to use the revocation feature to censor what we see and hear. In this Orwellian scenario it would be possible to erase from the collective consciousness striking images of the lone student facing down a tank in Tiananmen Square ...

    But instead of censoring, he says, Microsoft's aim is more mundane - simply to use the free player to sell more .NET servers.


    I suppose that being able to censor anything on people's computers will sell .NET servers like hotcakes? Maybe in communist China. With enough bad press I think a lot of companies will think twice about buying server software from microsoft. Oh right... we don't have much choice.

    So what do new Windows versions have to offer me? More restrictions, more limitations, more tracking of my viewing/usage habits, a direct interface with the "copyright clearing house" to check every time I go to play an MP3 if I actually have 'rights' to play it.

    I stopped "upgrading" at windows 2000. I suggest you do too.

    mike
  • by KelsoLundeen ( 454249 ) on Wednesday August 28, 2002 @10:38AM (#4156609)
    And MS plans (apparently) to "bomb" any cracked installations of XP. (I gather some sort of cracked DLL or file monkeyed with the WPA and allowed for pseudo-activation.)

    MS is still not clear about this. But I'm curious if MS finally got the hint and is now planning to keep a database of all "authentic" Windows XP keys. If this is the case, then I assume the various keygens won't work. (Or they'll work, but when it comes time to activate, you'll find that you don't actually have an "authentic" key.)

    Slightly OT, but I thought I'd share my own XP activation experience. It happened last night and it bascially stumped Microsoft.

    The short story goes something like this: I'm an MSDN subscriber. My MSDN subscription entitles me to Windows XP keys that will activate up to 10 pcs. So far so good.

    Anyway, I go to the MSDN site, log in with my usual username and password. Generate my keys. Get my "10 activation" key for Office XP, Pro XP, Home XP.

    Now, according to the license, these generated keys will activate 10 pcs for each application. (In other words, I can put WinXP Pro on my workstation at work and my workstation at home. This counts as two "activations" on two different PCs and is completely within the terms of the license. Each computer, of course, has to be for "development" purposes -- which, oddly enough, they are. My computer at home is actually a computer I use when I telecommute. And I develop on it. So, again, I'm completely within the terms of license agreement.)

    Okay, so that's the background. Here's the good part: I install WinXP Pro on my home "work" workstation using the MSDN supplied key. (The copy of WinXP Pro I'm installing, BTW, is the ISO I downloaded from the MSDN site. The copy of Windows XP I'm legally entitled to according to the terms of my MSDN unverisal subscription.)

    The MSDN issued key passes the first XP keycheck -- the check that appears before it actually installs. No complaints, install goes smoothly. I boot to the desktop. All's fine. Looks like it installed perfectly.

    Except Windows tells me my key is no good.

    But wait! It *took* the key when it asked for it, right? Yes. It took it.

    I re-enter the key. (And, yes, I'm using the MSDN supplied key on the MSDN ISO -- not the volume license CD, the actual ISO downloaded from the MSDN site.)

    Still says my key is no good. It then generates an installation ID -- an obscenely long number -- and tells me that I have to call the 1-888 toll-free activation center.

    I call. I give my installation ID. Wait, I'm told, that's not the right installation ID. Generate another one.

    I generate another installation ID. (There's a button that can do this when you install XP.)

    I read it back. It's still not a valid installation ID.

    The activation center guy said he never saw this happen before. Am I reading the correct ID? Did I transpose any digits?

    Nope. It's all correct. Read it from right to left, he tells me. I do. Read it from left to right, he tells me. I do.

    Wow, he says. I've never seen this before. You have a valid key, he tells me, but Windows is generating an *incorrect* installation ID.

    I say, well, I don't care what's going on, I want this thing activated.

    Pause. Sir? Can you read me the ID again?

    I do. This is the sixth or seventh time I read the ID. Nope, he tells me. Still no good. He puts me on hold. I stay on hold. Sir, he tells me. I'm sorry. Sorry? We can't do anything. You what?

    We've never seen this before.

    You're kidding.

    If you have a correct key, you should get a correct installation ID.

    Yes, I say.

    Can you read me your key?

    I read it. Read it again. And again.

    Sir?

    Yes?

    The key is correct.

    I know the key is correct.

    Can I put you on hold again?

    So I sit and wait. And wait. All told, I've been "activating" for 30 minutes by this time.

    Guy comes back on the phone. Sir? We can't do anything.

    You're kidding.

    He apologizes. He tells me again that he's never seen this happen. You're sure you're using a legit copy?

    I explain my MSDN subscription (active, BTW), my MSDN key, my MSDN ISO download.

    I'm sorry, he tells me. Try MSDN.

    I call MSDN.

    Go through the same thing.

    Wow, the MSDN tech support guy says. I've never seen this before.

    What now?

    Good question, he tells me.

    He puts me on hold. Consults with a manager.

    Sir? There's nothing we can do.

    Give me another key.

    I can't. I don't have authorization.

    Give me someone who has authorization.

    We can't generate another key until the morning.

    You're kidding. I'm stuck?

    I'm afraid so. I've never seen this before, he says.

    By this time I'm furious. I want this motherfucker activated.

    Finally, the guy puts me on hold.

    Sir? I've got a brand new copy of Windows Pro Retail. In my hands. I'm going to read you the key. But you didn't get this from me.

    You're giving me another key?

    You didn't get this from me, he repeats.

    He reads the key. I read it back. That's all I can do, sir, he tells me.

    I appreciate it. (Trying to stay calm.) Thank you.

    I'm only doing this because you've got a problem we can't fix. You have a valid key, but it's not generating a valid installation ID.

    By this time, over an hour has passed. I'm still trying to activate.

    He has me enter the new key. I enter it. Try to activate. Comes up with a message: "This key has no more activations."

    I wig out. You're fucking shitting me, I tell me. You're fucking shitting me.

    Okay, he says. He explains that we'll have to wait until tomorrow morning to get the key re-activated. He'll make sure it gets re-activated first thing. But that's all we can do, he says. I can't do any more tonight.

    I tell him that this -- my situation -- is why people pirate software. It's quicker to get a keygen and generate a phony key than to go through this, waste my time and waste my money.

    He's sympathetic. I understand, he says. But we'll get this fixed.

    Then: Sir?

    Yes?

    You didn't get that key from me.

    Flash forward: right now. It's the next morning. I'm at my desk. I'm reading Slashdot. I'm on hold with Microsoft tech support. I've called three different tech supoort numbers this morning.

    They cannot get my copy of Windows XP Pro activated. They cannot re-activate the "mystery" key that my friend last night gave me.

    This is the first time they've seen this problem.

    Can we get some more specifics? they ask me.

    New hard drive, new CDROM, new motherboard. Everything is new.

    They're mystified.

    I'm still on hold. I'm reading Slashdot while I'm on hold.

    A moment ago: Sir? Can you read your key?

    I read it.

    Yep, they tell me. That's a valid key. Wow. I've never seen this before.

    • And they say Linux is hard to install.
    • Sir, can you read me the ID again?
    • Yeah. It happens. MSDN subscribers were the bane of working for MPA (product activation) because they cause the most problems, and expect us to fix them. We don't generate keys. We don't know how to, or get paid enough to troubleshoot. All we do is get read a string of numbers, and read one back. When we get an error, we read from a script. We don't even work for Microsoft.
  • by Sloppy ( 14984 ) on Wednesday August 28, 2002 @10:50AM (#4156703) Homepage Journal
    Oh goodie, it runs under WINE.
  • How ironic (Score:5, Interesting)

    by hacker ( 14635 ) <hacker@gnu-designs.com> on Wednesday August 28, 2002 @10:52AM (#4156716)
    Does anyone else find it funny that the SMBdie script that is used to supposedly crash Windows machines by sending a specifically-crafted SMB packet... is a Windows executable?

    In the era of security conscious people, running someone else's .exe file is really stupid, even if you think it might be funny.

    And this tool got front-paged on Slashdot. How stupid can you possibly get?

  • "We can block out rogue applications or compromised applications or broken applications," says the Singapore-based manager of Microsoft's digital media division, Winston Chan. "From the Microsoft standpoint we will get feedback from individual (content) companies and use the licence to lock out those applications. If an application has been broken, we only have to update the licence server. You have to go through the process with Microsoft and be issued a certificate."
    Does this mean that if MoRE crack RealPlayer's key, then all copies of RealPlayer worldwide suddenly stop working?
  • by Rogerborg ( 306625 ) on Wednesday August 28, 2002 @11:09AM (#4156892) Homepage

    About posting a link to an exploit tool?

    How many of you posting or modding this up also support the free exchange of ideas, including how to back up or media shift a DVD, or extract a portion for review?

    You think there's a difference? Bullshit. Your argument is "raise the cost of entry to put off casual abusers". How is that different from the argument that (e.g.) librarians or teachers can gain access to knowledge to let them make copies or extracts from a DVD, if they know exactly who to ask and how to ask them?

    That's the trouble with the free exchange of ideas. It's easy to pay lip service until you see something that you don't like being made freely available, at which point the prissy voice gets put on and cries of "Well, that's just irresponsible!" get made. One more step down that line, and you'll be exhorting us to think of the children.

    One issue, one standard. The issue here is the free and frank and convenient exchange of knowledge, including knowledge that you don't want people to have. Pick a position.

  • That's all I want to know. MP7/8 worked fine on my Win2KPro PC at work, but fritzed up my CD burner software completely; it wasn't until our hardware administrator told me there was a known incompatability that I took it off and had a working burner again.

    Of course, my CD burner software came with the PC, and it's at least one and a half releases out-of-date. But it sounded like our hardware admin knew this to be a consistent problem with MP7/8. I'm still using MP6, along with Media Jukebox when I absolutely have to.
  • Microsoft has ported DivX [wired.com] (not the codec) to the PC with Windows Media Player 9. Now get out there and explain the analogy to your non-technical friends and colleagues.
  • by guttentag ( 313541 ) on Wednesday August 28, 2002 @01:26PM (#4157990) Journal
    Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't.
    Please remember that this "settlement" with the Bush administration (which received a large amount of money from Microsoft in the way of campaign donations) has not been approved by the judge yet. And it has been flatly rejected by the states.

    When Microsoft began implementing it, even though the judge may still reject it, I cautioned that this is a classic example of Microsoft attempting to subvert the will of the law/consumers by instituting a de facto condition.

    • "We'll just integrate Internet Explorer into Windows so it won't matter whether people want to use it. It'll be a de facto standard."

    • "We'll just start implementing our slap-on-the-wrist settlement so it won't matter if the judge or the states approve it. The government will be pressured to let us off the hook because the people will believe that we've paid our dues. This will all blow over."
    By writing about the settlement without noting that it has not been approved, and flatly rejected by the states, you're playing right into Microsoft's hands. Shame on you.

"Pok pok pok, P'kok!" -- Superchicken

Working...