Sony DRM and Rootkits

As Mark Russinovich discovered, Sony is now stooping to the level of using rootkit techniques to keep customers from copying its music. Considering the amount of damage that they could do to a computer system with this kind of software, I think they are opening themselves up to a serious liability issue, especially since the software is uninstallable. How far is too far? This is over the line in my opinion.

Computing Wish List

The IBM BlueGene/L is now running at over 280 TeraFlops. Man, I'd love to have one of these in my basement.

PDC 2005 Content Available Online

As Michael Swanson points out in this blog post, you can now access the presentations and video from the 2005 Professional Developer's Conference online at http://microsoft.sitestream.com/PDC05/. The content is being hosted online for 6 months. This is a generous offering from Microsoft. I know I'll enjoy browsing this content over the next few months. In addition, you can purchase the DVD online as well for offline viewing.

DIFxApp and Catalog Files

I am working on writing a Windows kernel driver for a little project. As part of the project I decided to write a friendly .msi installer package that would install the driver along with the user-mode portions of my program. It turns out to be a surprisingly difficult/arcane task. After hours of struggling I think I finally figured out the solution. I am documenting it here so that other people can hopefully find this post and have a much easier time of it.

Note: I am using WiX 2.0.3309 and Driver Install Frameworks for Applications Version 2.0 (also known as DIFxApp 2.0) to install the drivers.

DIFxApp requires you to sign your drivers for it to install them. Actually, there is a test mode to get around that, but for most cases, you must sign them. The options for signing are to use an Authenticode certificate or a WHQL certificate once your driver passes Windows driver certification testing. I opted for the Authenticode certificate. I'll spare you the long story...

Here are the steps (simplified a bit) required to create a DIFx package with a signed catalog file.

1. Build your driver and create the .inf file for installation. Creating the .inf file is not easy either but at least there is a lot of documentation available if you search for it. I'll leave that part to you.

2. Create a .cdf file that describes the content you are cataloging. In the simple case, this is just your driver and the .inf file. Here is a simple example:

[CatalogHeader]
Name=mydrv.cat
ResultDir=.PublicVersion=0x0000001

[CatalogFiles]
<HASH>mydrv.inf=mydrv.inf
<HASH>mydrv.infATTR1=0x10010001:File:mydrv.inf
<HASH>mydrv.infATTR2=0x10010001:OSAttr:2:5.00,2:5.1,2:5.2
<HASH>mydrv.sys=mydrv.sys
<HASH>mydrv.sysATTR1=0x10010001:File:mydrv.sys
<HASH>mydrv.sysATTR2=0x10010001:OSAttr:2:5.00,2:5.1,2:5.2

3. Run makecat on the .cdf file to generate the catalog.

makecat -r -v mydrv.cdf

4. Run signtool on the catalog to add a digital signature.

signtool sign /f mycert.pfx /p password /v /a mydrv.cat

or

signtool signwizard

if you prefer.

You will probably want to put a timestamp on the catalog with the /t option as well, but it is not required.

5. Build your installer package. In my case, I am using WiX. Here is what the driver component tag looks like.

<Component Id="mydrv"
Guid="D10731D9-F126-4a70-8F79-54BC5F4C9A00"
DriverForceInstall="no" DriverSequence="0" >
<File Id="mydrvinf" Name="mydrv.inf" DiskId="1"
src="mydrv.inf" />
<File Id="mydrvsys" Name="mydrv.sys" DiskId="1"
src="mydrv.sys" />
<File Id="mydrvcat" Name="mydrv.cat" DiskId="1"
src="mydrv.cat" />
</Component>

I could not find the documentation for creating a proper .cdf file for driver signing anywhere. Also, Microsoft ships an example signed .cat file in the DIFx kit, but surprisingly, they don't include the .cdf file that was used to generate it. I worked backward from the contents of the .cat file in order to figure out how to build the proper .cdf. If someone else knows of a place where this documentation exists, I'd be interested in knowing about it. Or, if you see a mistake, feel free to correct me.

Class action lawsuit launched over iPod Nano scratch marks

Class action lawsuit launched over iPod Nano scratch marks: "A class action lawsuit has been filed against Apple Computer, Inc. by a group of iPod Nano owners, claiming the product is too easily scratched. Is it a legitimate complaint or a new benchmark for frivolous lawsuits? "

This is the kind of frivilous junk that gives litigators a bad name. I wonder if Apple could sue Hagens Berman Sobol Shapiro and David P. Meyer & Associates for legal harassment. David P Meyer and Associates even has a claim form on their main web page so that they can collect complaints from iPod Nano owners. It seems to me that this case is an argument for tort reform.

Microsoft and Google Instant Messaging Icons

I went to Microsoft Office Update to get the latest patches for office and was surprised to see that the icons in Outlook for instant messaging have changed. They now look amazingly similar to the presence icons in Google Talk. Is it just me or does anyone else think this is really odd? In fact, the resemblance is so great that for a minute, I thought that Google had installed an add-in into my copy of Outlook that I had't noticed before.