EULAs, RFID tagging and other Halloween horrors
It is a scary, scary world out there
Letters It is Halloween, so we thought we'd get as scary as we could and head straight for Microsoft's Vista EULA. Security Focus' Scott Granneman took a look inside the new EULA and gave himself quite a fright. We hear the shock turned his hair white (no, not really).
The key issue here for us from a development/QA perspective is that we are entirely dependant on virtual machine for testing. So much so that one wonder how we ever meanaged without it (the obvious answer being 'slowly' and 'with less coverage').
But we'll still have to test ALL of these versions, whether we're legally allowed to run them in VMWare or not. So either the cheapo versions don't get tested, or we have to source whole new machines JUST to sit there with a copies of Vista on it. The prospect of having to dig Ghost out of the cupboard just to be able to revert a testbed to a snapshot is a painful one. It's an unreasonable ask from MS when we're testing our stuff for THEIR operating system.
Having said that, I'm not sure what the Action Pack will allow us, it may be we'll be less restricted than retail licence holders. But not all developers choose to use or can afford MSDN licences.
At the moment, there's nothing but the EULA to stop them using Vista versions however they like, but given MS' penchant for retrofitting piss-poor functionality restrictions, and rights-holders penchant for suing the arse off their customers these days, who'd want to gamble their business on that?
It never ceases to amaze me how Microsoft continually gets away with its hubris when there is the excellent Linux as a valid, valiant alternative to Redmond shenanigans. I still use Windows 98 and hell will freeze over before I install XP, let alone Vista. Sooner or later Microsoft is going to overreach itself, and maybe Vista will be the final straw.
I think you misread the virtualization clause. It says that if the software is installed on the device, you can't run another copy of the software in a virtualized environment. It doesn't say that if you run Parallels you can't run/install the licensed software. It just says you can't use it a second time in a virtualized environment.
The license still sucks.
The license transfer provisions in the Vista EULA make my 'grandfathers axe' style of machine usage rather expensive, I'd have thought. I installed Windows XP on a somewhat arbitrary mix of home brew computer parts some years ago now. I tend to do my upgrades piecemeal.
That hardware box has a different motherboard, CPU, RAM, hard drives, video card and other stray peripheral devices. The case is the same, with a shiny license code affixed, but that too could well change at some point.
With the EULA provisions contained in Vista, at what point does Microsoft consider the license to have been "transferred" to another machine?
never mind virualization, and security pros - what about gamers, and other frequent upgraders?
When does a 'device' stop being the old device, and start being a new one ?
I like section 5 (validation) point d. "You may only obtain updates or upgrades for the software from Microsoft or authorized sources."
So if some group (that hasn't given MS money for authorization) releases security fixes before Microsoft and you wish to use them (cf http://www.theregister.co.uk/2006/10/03/zero-day_ie_fix_encore/ ), not only is this disrecommended, not only would it void your warranty (in as much as a Microsoft warranty is worth anything), but in fact voids your licence to use the software in the first place.
That's not anti-competitive at all I'm sure, cough, cough.
The licence transfer thing used to have another gotcha in it and I bet it still does. If your company changes hands then (as you can't sell the licences on) you need to go and rebuy them again. No-one seems aware of this but if FAST pay you a visit you will find out very expensively.
Microsoft has reached the point where it is difficult to grow market share appreciably - instead, they need to grow revenue per customer and I suspect we'll see increasing restrictive EULAs as part of their effort to do that. On the other hand, it's common knowledge that consumers don't read these things - it's unlikely anyone could understand them without a law degree. If push comes to shove it will be interesting to see if courts will uphold the EULA or if common law expectations of merchantability and fitness for intended use will prevail.
Thanks for shining a spotlight on the issue and raising public awreness.
> How stupid does *** Microsoft, who fed him this line of bull - think we are? Very stupid. Very, very stupid. After all, mankind are more disposed to suffer....
About the virtualization, where's the problem? Virtualization is for pros and business use.
It's for testing, development etc. In that environment people don't tend to use home software (yeah, I know, many do but they're bonkers). So I don't see what the problem really is with this kind of restriction.
But it's nice to see that you're not biased in this article, really...
Mr. Granneman wrote: "And, I'll add, a further lowering of respect for Microsoft."
C'mon, further lowering, is this even possible?
"the fact that it's virtually impossible to buy a PC that doesn't have Windows already installed"
This is not a fact. It is myth and FUD and anti-Microsoft religious raving.
My local computer shop (World of Computers, Milton, Cambridge) will sell you a computer with or without an operating system of your choice, and will even install an operating system you give them when they build your machine. I know that Cambridge is different and special, but it can't be *that* different and special - this must be possible in other places as well ... and if it isn't you can always buy mail order from WoC.
That's not "virtually impossible", a better description would be "standard service from a main supplier to a city of 100,000 people".
We can confirm that both Oxford and Cambridge are *that* different and special.
Great article; here's some free marketing advice for Microsoft: release Vista before Thanksgiving so it can be served as the main course--that's about the only use I can see for this underwhelming makeover of XP.
Monopolies are bad. For us, yes. But also for Microsoft.
The smallpox virus of real choice is spreading across the newly-discovered continent of computing diversity and Microsoft is looking like a native who never got exposed to the virus when young.
Can we expect them to get away with just a few nasty scars, or are they going to die a painful slow death? I don't know, but I do think we should give them an infected blanket..
And on that unsanitary note, we'll ask you to click on the button below, and turn to page two...
I think the EPO got some spam and assumed it was a patent application.
'Among the claims: "The process of the elemination of the electric and gravitational fields characterized in that one eliminates (or almost eliminates) the electric or gravitational field in eliminating the electronic neutrinos and antineutrinos of the corresponding surrounding space with the help of the T-rays, transforming them into the electrons and positrons, easily eliminable/for, for instance, the Perpetual Motion Machine in separating the charges without the work and re-putting the field or for the 'Flying Carpets' of the transport/according to Claims 4 (6,7)."'
Well, how can anyone claim that's unclear? It's completely unambiguous. It says, in terms obviously designed by a lawyer, "the applicant is mad as cheese and would like to be kept under sedation for the protection of himself and of society as a whole, please."
Feathers are ruffled and fur flies as the passport office enforces its smiley travellers. Teeth are a definite no-no.
My despair level raises every day with stories of the bleeding idiots this country is now populated by.
If their plans are so important why didn't they check how much time they had left on their passports before, ooo 10 minutes before they are due to travel.
Idiots, bleeding idiots.
You have to admire these poor sods for not giving the puffed up tossers at the passport office a damned good slapping for that. I'm not sure I could be so restrained.
I happened to catch this story on GMTV this morning*. They had some travel journo on who spoke about what was and what was not acceptable for a passport photo, and several samples were shown on-screen.
I recognised these images straightaway because they are on the sheet provided with every passport application form and I studied them carefully when I renewed my daughters' passports earlier this year. My photos were not rejected (I even managed to get my 5 year old twins NOT to smile, which takes some doing, but wasn't even necessary).
This was clearly beyond the Edwards family, and also the presenter who didn't ask them why they hadn't bothered to follow the clear instructions; they just claimed that they "didn't know". I realise that there is a technology angle as well as the question of governments controlling even more aspects of our lives but really this comes down to not RTFM.
*This was a fluke. I do not normally watch breakfast TV.
Ex-Microsoft man joins the queue for a seat on a rocket. Plenty of people wrote in asking if we could persuade Bill to join him, but more important, was his claim to be the "first nerd" heading for space. As one Reg Editor said, aren't astronauts, almost by definition, nerds?
Surely Mark Shuttleworth has prior claim to first nerd in space!
Reassuring to know the MicroSoft policy, of claiming others pioneering work as there own, carries on into space and beyond!
We'll have chips with everything and in everyone, according to a report. RFID tags to track us, that is. Not the deep-fried potato kind. Which frankly, would be OK with us.
Thankfully this new system is foolproof and will finally allow undesirables* to be tracked at long last. These chips work everywhere, I understand, and are impossible to take out or replace. Thus acquiring a chip from someone and engaging in identity fraud is also unthinkable and consequently impossible. Maybe the Beeb ought to start showing 'The Prisoner' or possibly even 'Gattaca' or 'Logan's Run' again to drum up support for mandatory tagging.
*And desirables too. I'm sure there's good money to be made in cyberstalking. It would be for their own good, to be sure.
Somewhere on The Register in the last couple of days was the suggestion that we could publish our fingerprints on the Web, ensuring that they would no longer be the reliable form of identification they are at present. Is there a site that already does this?
Not that we know of. Anyone volunteering to start one?
The inimitable Morely thinks he can detect a faint whiff of male bovine excrement around a certain mobile telco's company name:
I'm sorry, but "3" is positively the most idiotic name for a company ever conceived. It makes "Orange" look positively intelligent and inspired, by comparison.
Look at it this way: "British Telephone" is a name that gives the consumer an idea of what sort of business in which the company might engage (notwithstanding the people who say BT has no business in that business; that's another story altogether). "British Rail" is probably somehow involved with transportation, or possibly badger extermination. "The Royal Opera" may possibly be somehow connected with Italian singers.
"Orange" is obviously in the citrus fruits business.
But "3?" Do they run the numbers game, or calculate profits/losses percentages for Dawn French, or bloody WHAT do they do?
Whoever came up with that name is clearly an MBA, and should be deported to Romania in a minimum of 3 seperate crates. No amount of advertising can possibly make up for the complete lack of trademark/product connectivity. Only a deliberate saboteur, or a fresh-minted college Business major, could have ever decided that a good name for a company was a single-digit prime number.
More on RFID, this time the plans to tag people at airports:
"People will be told to wear radio tags round their necks when they get to the airport" Okay, now it's obvious that these people didn't do their homework. Animal trials have proven the best procedure for installing a radio collar:
1. Get the subject alone. You don't want to spook the other cattle --er, passengers.
2. Administer an anaesthetic. For safety's sake, this should be in dart form, shot from a high-powered air rifle.
3. Track the subject until the anaesthetic takes effect.
4. Take advantage of the sleep to install the radio collar, measure the subject, note any distinguishing marks, and give the subject a silly nickname like Frodo or Ling-Ling.
5. Hire a television personality (like Animal Planet's Jeff Corwin) to accompany you on a mission, to help raiseawareness of the plight of this magnificent beast(tm).
"One solution might be to require people to use their tags to get through gates placed throughout the airport, he said. Perhaps a little like a shepherd might gate off his pasture and check the tags on his sheep as they passed into this field"
There's a reason why the term "sheeple" came into being. This is only the ultimate use for years of training of the population by governments everywhere.
Tagging passengers at airports is a great idea. No longer will I sit frustrated on a plane waiting to leave the gate for an extra half an hour while staff try to find an idiot passenger who is sitting in the airport bar having forgotten the time. Staff will know where he is and bring him to the plane so it can leave on time.
What a complete waste of money !
Security benefits, well I remain to say the least 'sceptical' - after all, it's going to be trivially easy to remove/replace/swap the tags.
Another benefit I've read in another report is finding lost children - ahh teh old favourite "Pulease, think about the childrun" agument.
Lastly, finding passengers who've checked in and then gone awol - if it's such a big problem, why do we build airports that encourage this ? Friends tell me that they've been through foreign airports where you check in and are then restrained to a small area and can't wander off.
Of course the real reason is that we run our airports will long delays between check-in and boarding and the system is geared up to allowing us to spend the time emptying our wallets in the not so very cheap facilities - so really it's all about money, the other arguments are simply a diversion !
And finally, some help understanding the government's ideas about an almost ID card:
"The government has learnt lessons from other programmes where technical details have been set in stone too early,"
= We are going to make the more common mistake of not defining what we want before we have the system built.
Indeed, the incremental ID plan will involve putting off decisions about what and how it will be done until later.
= We don't know what it will be or how it will work - but we are still going to buy it (sorry, make you buy it) anyway.
What really matters is how ID cards are sold to the people.
= The key component is the spin, if it doesn't spin right we'll be dead in the water.
The benefits for the citizen will include the way it is adopted by the private sector. So it'll be easier to buy a car or take out a loan. She also hinted that it might be used to buy alcohol or shop online.
= In spite of what we've said, every dom, dick, and harry will have access to the system.
The other big sell for the government is its role as benevolent protector from the identity demons – those unscrupulous people who would steal and sully your good name.
= As opposed to the government who avoid stealing it by making theft legal.
"The National Identity Register is not a super-database which holds all the information about individuals known to the government,"
= We haven't figured out how to do that bit YET.
And we'll leave the last word to a terrified beer drinker.
Well, it is Halloween, isn't it?
I am scared, very very scared
See you on Friday for more. ®