你电脑上的日期不太正确吧？

On Tue, Dec 11, 2007 at 08:54:42PM +0800, YuCheng Ting wrote:
> Everyone:
> 
> 我有翻译了一点东西，好辛苦，枯燥、技术性强。有些单词和句子都不知道怎么翻 
> 译，希望大家看看，给点建议。
> 
> English text：
> 
> 
> English Web site:
> 
> http://badvista.fsf.org/blog/analysis-of-microsofts-suicide-note-part-1
> 
> by oday — posted at 2007-01-09 17:59 last modified 2007-02-14 14:30 
> Copyright 2006 Oliver Day, Creative Commons Attribution 2.5 License
> 
> Oliver Day is a former corporate hacker turned student. While at eEye 
> Digital Security he wrote audits for the Retina Vulnerability Scanner 
> and was a Principal Security Consultant for @stake. He has written an 
> unpublished book on SAN security and found a variety of exploits in 
> web-based applications. He is contributing to BadVista.org a series of 
> posts about the presence and implications of the “content protection 
> scheme” in Microsoft Windows Vista. This post is the first in that series.
> 
> 
> In a controversial technical analysis Peter Gutmann goes into fantastic 
> detail about the recently released Vista operating system and its 
> content protection scheme. One thing became clear to me after reading 
> this analysis. Vista is being marketed to content producers, not 
> consumers. If Windows XP was Microsoft’s attempt to embed a browser into 
> the operating system then Vista is the attempt to embed DRM. Digital 
> Rights Management technology has been applied to literally every ring of 
> the OS architecture.
> 
> 
> Vista's target market is content producers and the underlying philosophy 
> of the user experience will be far different then what many consumers 
> expect it will be. Microsoft has attempted to plug the infamous “analog 
> hole” as much as is possible by forcing all data through encryption 
> algorithms. For those unaware of the “costs” of encryption it is 
> sufficiently high. Pushing HD audio and video content through 
> encryption/decryption routines is a tremendous strain on any system 
> currently available and in the near future. Even with the application of 
> Moore's Law a conservative estimate could place affordable and usable 
> systems within this new content system 5 years away. It will be 
> interesting to see how these restrictions will be spun by the large 
> marketing and PR teams since none of these innovations will benefit 
> consumers in any way. The job that has been handed to these PR and 
> marketing teams is to dress up a product designed with every restriction 
> a producer has asked for and make a consumer want to buy it. One of the 
> most quotable lines from the Gutmann analysis sums this up perfectly as, 
> “breaking the legs of Olympic athletes and then rating them based on how 
> fast they can hobble on crutches.”
> 
> 
> In the past when I have delivered lectures to web application developers 
> I would caution them to never trust user input. Perhaps developers took 
> this philosophy a little too far. The entire operating system now seems 
> to have turned against the user. Zero tolerance drivers and regulation 
> code will lock the system down if any type of deviance is detected. So 
> called “tilt bits” will signal an attack on the system if anything is 
> found out of the ordinary. These changes won’t enhance user security 
> unfortunately as they were designed to protect only “premium content”. 
> Medical data, credit card numbers, and other private things that do 
> deserve this level of protection are completly ignored. Untrusting of 
> any environmental changes the system will shut down or degrade 
> performance in response to a perceived attack.
> 
> 
> This is a marked turn from the past versions of the Microsoft operating 
> system. In the past one could take a hard drive from a Windows OS and 
> drop it into an entirely different system. The new hardware would be 
> detected and drivers applied on the spot. At most a single reboot would 
> bring the user back into a usable system. This type of resilience was 
> what impressed me during the early days of the new Windows architecture. 
> In those days Microsoft was fairly dominant but still pursuing new 
> customers. The new Vista scheme signals to me that they have exhausted 
> new customer acquisition and are now focused on milking their existing 
> market.
> 
> 
> In the next post I will look at who benefits (Intel, Hollywood, code 
> obfuscation providers) and who doesn’t (consumers) and some security 
> issues (driver revocations for DDOS)
> 
> 
>  >   “Some argue that the consumer gets little or negative ‘benefit’ 
> from this
>  >   increase, this is false. The consumer gets premium content on their PC”
> 
>  Pete Levinthal
>  Software Engineering
>  ATI Technologies, Inc
> 
> 
> This is a fair statement. Playing HD content from a Blueray or HD DVD 
> disk is clearly an advantage that end users would appreciate. So in the 
> sense that a benefit is an advantage I would say Levinthal’s statement 
> is accurate. However, benefit can also refer to “profit” which would 
> make his statement questionable. Considering that he mentions ‘negative 
> “benefit”‘ I think we should delve further into this connotation. Profit 
> is the positive difference between the amount spent and the amount 
> earned. So in purely mathematical terms the amount of “cost” to the end 
> user to play premium content must be lower then the amount gained in the 
> operation of HD playback for a profitable expierence. I believe it is 
> safe to assume what the amount gained is, HD playback. What isn’t so 
> clear is what the costs are. In the programmers universe cost is 
> generally associated with amounts of cpu cycles spent solving some 
> problem. Thus if a programmer writes a function for a program which 
> needlessly recomputes values it is considered “expensive”. An 
> accomplished programmer can write elegant solutions which do not incur 
> much cost.
> 
> 
> Keeping the previous definition of “cost” in mind I think it is fitting 
> to look into what the premium content protection really costs a user. 
>  From this analysis we can make a fair judgement on whether a user 
> profits overall from the ability to play HD content. According to the 
> Micosoft presentations here, here, here, and here the playback of HD 
> content requires no less then two rounds of encryption/decryption before 
> the video is sent to the display. First the video comes from the 
> original HD media in encrypted format and is decoded. That decoded media 
> is then encoded again using the AES algorithm and sent across the PCIe 
> bus. Once it reaches the other side of that bus it is decoded and then 
> sent across the HDMI interface to the display.
> 
> 
> The entire process is documented here in a presentation by Microsoft:
> 
> (picture)http://badvista.fsf.org/blog/images/Slide15.jpg
> PVP-OPM
> 
> Based on my own valuation of HD content playback I would say that the 
> price is either near or exceeding the gain of watching content on my PC. 
> Clearly the price of these computations goes down every 18 months* by 
> 50% according to Moore’s law. This led to my earlier prediction that an 
> affordable and usable system running Vista is perhaps 5 years away. 
> Before I close on this installment I want to give a preview of the next 
> piece I have lined up. This image struck me and has pervaded my thoughts 
> about this article.
> 
> 
> Why Do It
> 
> (picture) http://badvista.fsf.org/blog/images/Picture%201.png
> 
> This image from a presentation delivered by Dave Marsh (Program Manager, 
> Windows Media Technologies) captures how Microsoft frames this problem. 
> Perhaps not intentional but all too apparent in this image is their end 
> user acting deviously and maliciously hurting Hollywood, Microsoft, and 
> probably America.
> 
> * Wikipedia cites Moore as stating 12 months between the doubling of 
> transistors which given my previous statement would reduce the distance 
> of a usable and affordable system 3.3 years away. There are other 
> references in the article that state the chip making industry adheres to 
> the “doubling every 18 months”. My prediction was that of 3.5x current 
> capacities for an affordable system to play back HD content on a Vista PC.
> 
> //----------------------------------------------------------------------------------------
> 一下是初次译文:
> （译者：Yuch）
> 
> English Web site:
> 
> http://badvista.fsf.org/blog/analysis-of-microsofts-suicide-note-part-1
> 
> Oliver Day 是先前的一个学生黑客。当在eEye Digital Security时，他为Retina 
> Vulnerability Scanner（视网膜扫描的安全问题）写过一些审计报告，同时还是 
> @Stake 的Principal Security Consultant（首席安全顾问）。他已经在SAN 
> （Storge Area NetWork）写过关于安全的一些未公开的书，同时建立了各种各样 
> 的基于Web的应用。他在BadVista.org中写过一些列关于 Microsoft Windows 
> Vista“内容保护模式”（content protection scheme）中隐含的意义。这就是这些 
> 系列的第一个贴子：
> 
> 
> 在一次技术分析讨论中， Peter Gutmann介绍了关于最近发布的Vista操作系统和 
> 它的内容保护模式中荒谬的细节。一件事在你读了这个分析之后会十分清楚： 
> Vista是为市场中的生产商服务的，而不是消费者。如果Windows XP是Microsoft试 
> 图将浏览器嵌入到操作系统的一个过程，那么Vista就是试图嵌入DRM。数字版权管 
> 理技术将会出现在OS系统构架中的每一个环节。
> 
> 
> Vista的目标市场是内容生产商，在用户经验（原则、哲学）的直接支配下，将会 
> 与很多消费者期望的相差很远。Microsoft已经试图堵住声名狼藉的漏洞（analog 
> hole），就像所有的数据都要通过加密算法强制加密一样。为了那些没有意识到的 
> 加密“花费”，他（要求的性能）十分的高。将HD的音频和视频通过加密、解密算法 
> 处理在当前任何系统甚至在可预见的未来系统中，都是高耗能的。即使使用摩斯码 
> （加密）的应用程序，保守估计，这样的系统（可使用、可消费的）出现都要5年 
> 的时间。有趣的是，看到这些限制将会被大的购买交易和PR组所细化，虽然这些发 
> 明对消费者在任何程度上而言都是没有利益的。这些PR和市场组织控制的工作将会 
> 华丽地包装出一个产品，每一个限制都在上面，但是一个制造商已经在要求他们的 
> 用户购买使用它。在Gutmann的分析摘要中引用的最多的一句话可以很好的表现： 
> “打断奥林匹克运动员的腿，然后责骂他们为什么不用拐棍支撑跑快点”
> 
> 
> 在过去，当我发布一个演讲到web应用开发者的时候，我都会警告他们绝对没有让 
> 使用者再编辑它。尽管开发者没有意识到这个问题中的道理。一整个操作系统现在 
> 看起来都在反对使用者。零延迟驱动（Zero tolerance drivers）和规格码将会锁 
> 住系统防止任何侵权操作(deviance)。所以一个被叫做“tilt bits”的操作会在系 
> 统上引发一个攻击行为，在任何非常规（操作）被发现的时候。很不幸，这些改变 
> 将不会加强用户安全，正如它们是设计出来只是保护“额外的内容”。体检数据，信 
> 用卡号，和其它私有数据确实希望有这一层次的保护，但是它们却完全被忽略。在 
> 任何环境中的不信任的操作修改这个系统（配置）时，会导致关闭机器或者降低整 
> 个系统的性能，以用于处理可能的攻击。
> 
> 这是从Microsoft操作系统之前版本中转型的一个标志。在过去一个在Windows OS 
> 中的硬件驱动器，可以取下来后放到一个完全不同的操作系统中去。这个新的硬件 
> 将会被探测到，同时驱动程序将会及时应用。在至多一次重新启动之后将会带给用 
> 户一个可用的系统。这种回复能力是新的Windows构架在早些时候给我留下很深的 
> 印象。在那些日子里Microsoft十分霸道，但是还是希望着新消费者（的加入）。 
> 这个新的Vista模式给我的信号却是他们已经厌烦了新的消费者加入，而是集中精 
> 力压榨他们已经占领了的市场。
> 
> 在下一张贴子中我将会看到谁是受益者（Intel，Hollywood，code obfuccation 
> providers）还有谁（消费者）不是。同时还有一些安全问题（DDOS 驱动器撤销）
> 
> 
>  >“一些辩论说，消费者只能从这个增长中得到一丁点利益甚至是负面利益 
> （negetive benefit’），
>  >这是个失误。消费者将从他们自己的PC中获得额外的内容”
> 
>  Pete Levinthal
>  Software Engineering（软件工程师）
>  ATI Technologies, Inc（ATI 技术公司）
> 
> 
> 这是一个公平的评论。从蓝光（Blueray）或是HD DVD中播放HD（高清）内容的优 
> 势就是终端用户的增值体验。所以在这个层面上说，利益就是优势，我才说 
> Levinthal的评论是正确的。但是利益也能偏向于“利润”，所以使他的评论有点值 
> 得怀疑。考虑到他提及的“负面利益（negetive ‘benefit’）”，我认为我们应该深 
> 刻的对此暗示进行研究。利润的确是在消耗的次数和获得的次数之间有所不同。所 
> 以在纯粹的数学术语上，用在终端用户重复播放额外内容的“花费”次数肯定是较低 
> 的，然后在HD重放的操作中获取的次数，却是为了有利可图。我相信，如果假设获 
> 得的次数是HD重放次数的话，那么它是安全的。不明朗的问题是什么是消耗的东 
> 西。在程序员的世界中，消耗与解决问题所花费的CPU周期的数量有关。一但一个 
> 程序员写出一个程序的函数，需要重复计算的不必要指令，那么这就是被认为是 
> “高消耗”的。一个成熟的程序员能写出高雅的程序，而不会招致额外的CPU消耗。
> 
> 
> 保持脑海中先前“消耗”的定义，我认为看一看额外内容保护消耗了用户的一些什么 
> （资源）是比较适合的。从这个分析中我们可得出一个公正的评价，看一个用户能 
> 否从播放HD内容的这一点上获取全部的利益。从Microsoft在这里、那里、这里、 
> 那里称述的内容，重放HD内容之前需要少于两轮加密/解密的发送给屏幕。第一次 
> 的视频是来自于原始HD媒介，是从加密格式中解码而来。这个解码的媒体数据然后 
> 通过PIC-E总线，又再次使用AES算法加密回去。一但数据到了总线的这一边，它就 
> 是解码的，然后经过HDMI接口发送到屏幕上。
> 
> 
> 这整个处理过程从Microsoft称述的文档看来如下：
> 
> （一张图：http://badvista.fsf.org/blog/images/Slide15.jpg）
> PVP-OPM
> 
> 我自己对HD节目重放的观点就是，价格与在我自己的PC上观看节目之间，是十分相 
> 关的。很明显，按照Moore定律，计算机的价格会在18个月内降低 50%。这样的 
> 话，我们可以预测得到，一个购买的起并且可运行的Vista系统将会有5年之遥。在 
> 我将要结束这个部分的时候，我想要给出下一部分的一点资料。这张图十分使我震 
> 惊，并且贯穿这篇文章始终。
> 
> 我们为什么这么做？
> 
> （一张图：http://badvista.fsf.org/blog/images/Picture%201.png）
> 
> 这张图是Dave Marsh（Windows Media Technologies，项目经理）所称述的内容中 
> 获取的，表达了Microsoft如何制定了这个问题。尽管不是故意的，但是这张图的 
> 意图很明显，他们的最终用户 （their end user acting deviously and 
> maliciously hurting Hollywood, Microsoft, and probably America. 不知道如 
> 何翻译。）
> 
> -- 
> Yucheng Ting
> Just A Student Now
> For the Game And Freedom
> 
> Email: yuchting at gmail.com
> Phone: Always Changed And Contact Me By Email
> 
> _______________________________________________
> zeuux-universe mailing list
> zeuux-universe at zeuux.org
> http://www.zeuux.org/mailman/listinfo/zeuux-universe
> 
> ZEUUX Project - Free Software, Free Society!
> http://www.zeuux.org
-- 
http://www.fwolf.com/
Behold, the fool saith, "Put not all thine eggs in the one basket"--which is
but a manner of saying, "Scatter your money and your attention;" but the wise
man saith, "Put all your eggs in the one basket and--WATCH THAT BASKET."
		-- Mark Twain, "Pudd'nhead Wilson's Calendar"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.zeuux.org/pipermail/zeuux-universe/attachments/20071205/7708f928/attachment-0001.bin