Author Archives: Carson

It’s Over Already

Posted on by
Reply

It seems like the weekends fly by. It doesn’t help that I connected to work for a few hours today so I could get a little extra time in. I tried to distract myself with football, but watching the Chiefs soon started to piss me off and I turned it off. I think everything that could go wrong, did go wrong for my fantasy team. The game was a battle for the bottom and I have a feeling I lost (or won, depending on how you look at it). I’ll find out tomorrow because I’m too cheap to pay for Yahoo’s stat tracker for live results.

We did get one major thing accomplished this weeked. We went to the JC Penney portrait studio for some engagement photos. We ended up waiting almost an hour beyond the time of our appointment, but they did acknowledge that fact by giving us two free sheets of pictures. I’m hoping to add a page soon with some details on the engagement and wedding, so look for that soon. I think Amber has already created something, but I don’t remember where it’s at.

I just finished watching Family Guy a little bit ago. It was one of the funniest episodes in a long time. The jokes were a nice mix of classic throwbacks to earlier episodes and excellent random bits that make the show so funny. Recently I’ve thought a few of the gags were a bit overused (think drawing out last weeks Osama scene while he rambles for no apparent reason), but tonights was spot on. The ending wasn’t the best, but still an excellent episode. It’s still some of the funniest stuff on TV.

Seth MacFarlane’s other show, American Dad, has been pretty good lately, too. It’s a different kind of humor, but with a similar style. It’s a nice followup for the Griffin family. We need to see more of the fish.

Sony’s Rootkit Woes

Posted on by
Reply

For the most part, I’ve stayed away from this subject because it’s really complicated; much more so than the casual user or music listener really cares about. But it is important and it’s something everyone should have at least heard about. I wanted to have a better idea of what has really been going on before I tried to write about it. Most of the pages linked here are pretty technical in nature, but even if you gloss over the tech speak you can still get the gist. If I’ve misrepresented anything here, please let me know so I can correct it.

Starting some time ago, Sony started manufacturing CDs with new DRM software called XCP from First 4 Internet. The discs require you to install a special media player to listen on your computer, but there’s something more happening behind the scenes. This went generally unnoticed for quite some time, then F-Secure identified the software and finally Mark Russinovich made the problem well known. He ran a scan using some software he co-wrote and discovered evidence of a rootkit on his machine.

Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden.

This was a serious discovery, so naturally he started investigating. What he found was pretty scary. He linked a hidden process to the media player installed by a CD from Sony/BMG.

I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system. I launched Filemon and Regmon to see what it might be doing and the Filemon trace showed that it scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan. I was quickly losing respect for the developers of the software.

If I read that correctly, it’s scanning active processes eight times every two seconds. What purpose could that possibly serve?

But wait, there’s more. Mark wanted to remove the software from his computer. Sony claimed it was possible, and yet it was nowhere to be found in the Add/Remove Programs list, there was nothing about it on the Sony site (this is no longer the case), no help to be found at all. He took matters into his own hands and found that the software loads even in Safe Mode, meaning if something went wrong, you’d have a hell of a time fixing it. He was able to get it off his computer, only to find that his CD Drive had been disabled.

In the following few days, things have only gotten worse. Mark has made many more interesting discoveries and catalogued it all for us: Dangers and Phoning Home, First 4 Internet Responds, and his Uninstall Experience. I’d include more details here, but he’s already done a great job of that.

I’ve put together a summary of the information I’ve gathered from Mark and other articles on this issue.

  • The EULA does not disclose the software’s use of cloaking and implies that it can be easily uninstalled (it cannot). It hides itself by modifying the Windows kernel without your permission. Sony denies the software poses a security threat.
  • This rootkit can hide the DRM files as well as anything else set up to take advantage of it (think trojans, worms, and viruses). Sounds like a hacker’s dream come true.
  • The hidden software scans your active processes constantly. 240 times per second. No one seems to know why.
  • If you do manage to get the software off your computer it will disable your CD drive.
  • Sony recently announced to the press that they were making an uninstall tool available, though they made no attempt to ensure their users knew about it. It is virtually hidden in the FAQ section of their website.
  • Sony’s “patch” can lead to system crashes and data loss because of the way it removes the cloak.
  • The rootkit has already been used to get around the World of Warcraft anti-cheat software and now new viruses are taking advantage of it.
  • The Sony CD player establishes a connection to Sony’s site and tells them each time you listen to your protected CD. This behavior could be used to record the ID of a CD and the IP address of the person who played it, though there is no evidence of this. However, simply by logging standard server activity this information would likely be collected. Sony says they don’t use it.
  • Uninstalling the software is a chore in itself with several hurdles to jump through. You have to tell them twice that you want to uninstall. Don’t forget the majority of users wouldn’t know they’d installed the software in the first place.
  • The CDs are trouble for more than just Windows users; they affect Macs, too, though the software comes from a different vendor called Suncomm.
  • This move by Sony likely breaks laws in many countries around the world. Sony claims the CDs have only shipped in the US, though this has already proven to be false.
  • A class action lawsuit against Sony has been filed in the state of California. Expect more to follow.
  • For now, Sony has halted production of the CDs but they have no plans to stop including it with their CDs.

Needless to say, this has people really upset for obvious reasons. I think it’s safe to say this takes the idiocy of DRM to a whole new level of “I can’t believe this.” I guess Sony figured that the only way to make DRM work was to hide it from the user. Maybe someday they’ll learn that you really can’t hide much from the public at all; there’s always a way around (a fundamental reason why DRM will never work). The worst part is that this software opens up a whole new issue with privacy and protection. The fact that Sony denies there is a problem is unforgivable. Their stories change each time new information is revealed which really leads me to believe they never thought anyone would figure out what they were doing. I’m not one to quickly start screaming about boycotts, but I will seriously think twice before I purchase another Sony product.

Pandora

Posted on by
Reply

I just saw this on Digg and it’s gotta be the coolest thing I’ve seen in a while. You put in an artist or song that you like and it analzyes the style of the music and makes suggestions of other songs and artists you might like. I’ve been using it for the past 15 minutes or so and it’s spit out some really good stuff. It’s free if you can live with some ads, or you can subscribe if you’d like. It works right from your browser, and it’s got a pretty slick Flash interface. I can see myself spending a lot of time here… Discover Music – Pandora

Where Have I Heard This Before?

Posted on by
Reply

I just finished reading another article on Nintendo’s philosophy (Nintendolosophy as Revolution Report has been saying for a while now) for the Revolution and the next-gen. The author centers mainly around the fact that Nintendo has no intention of publicly announcing the specs for their new system.

This doesn’t mean that we’ll never know what’s in the box. Developers will find out, developers will tell the media, and eventually the information will be there for anyone who wants to know. But there will probably be no fanfare, no graphs showing how much more powerful than your Xbox 360, your PS3, your GameCube, your toaster or your flush toilet the Revolution is. Why not? Because as far as Nintendo is concerned, it isn’t important, and you shouldn’t care.

I think this guy gets it! Nintendo isn’t worried about whether or not they can match the 360 or PS3 in terms of power and graphics because they know they will make games that people enjoy playing. How many people do you know that still have an original 8-bit Nintendo they fire up and play for hours? My favorite part of the article:

Ultimately, that’s also something Sony and Microsoft could learn from. Cell and RSX, PowerPC and Xenos, none of these things will matter down the line to anyone other than fanboys arguing on forums.

Am I Nintendo fanboy? Probably. But I can tell you one thing…I won’t be one of the ones arguing about power 10 years from now. “It’s all about the games.” Are you getting tired of hearing that yet? Nintendo seems to be the only one of the three that’s actually focusing on that fact.

I Called It

Posted on by
3

I just finished watching tonight’s episode of Lost after bowling a crappy series that barely broke 300. Approximately three weeks ago, just after the last new episode, I correctly guessed which character wasn’t going to make it through tonight. Needless to say, I quickly forgot about my crappy bowling. If you haven’t seen the episode yet, stop reading and come back later. Otherwise…

Continue reading

Yellowcard Happenings

Posted on by
Reply

I heard on the radio that Yellowcard guitarist Ben Harper is leaving the band to focus on his record label (the one that did Yellowcard’s first few albums). Hopefully it won’t hurt them much. Their new album is coming out soon and supposedly it’s got a heavier sound. More information at their official site. I’m looking forward to the new album either way. I hope they come to the Madison area sometime soon.

Update: I just had a chance to watch the music video for their new single Lights & Sounds. Pretty good stuff.