Xbox Linux Made Possible Without a Modchip

An anonymous reader writes "Free-X have released an exploit for the Xbox that will let you get Linux on the machine without any hardware mods at all... Microsoft is already threatening them with legal action. Here's the Free-X statement. Free-X say they had been trying to contact MS for a month but were ignored, which is why they've released the exploit. Should be interesting to watch this one."

After reading the articles...

[RobPiano]

It seems we've had a lot of false and misinterpreted information about this team and their exploit. I don't have an x-box and only somewhat understand why their exploit would work (integer underflow..?), but it atleast sounds interesting. Anyone on slashdot who gets it working please post a verification.

As far as the team... I think they should have submitted their findings to a legal firm of some kind instead of this not-so-holy covert behavior. Their behavior will only lead to troubles in court.

Atleast they'll have $100,000 to help them out, I think they'll need it.

Rob

Too Late for Microsoft

[aerojad]

Microsoft is already threatening them with legal action.

Too late. Just ask AOL at trying to stop WASTE when it came out. Up for a day, and mirrored more times then they will ever be able to count.

Microsoft lost right at the point they decided to not talk to them beforehand. They can shut these people down, but it's out there now, game over.

You're seeing history here, folks!

[RLiegh]

This is the EXACT kind of case the the corporations have waited to have fall into their lap. Expect this case to be rationale behind a storm of anti-OSS legislation in the VERY near future.

In short, we're even more screwed than we were before!

Increasing weirdness

[warmcat]

From the 'statement' link:

Since our attempts to contact Microsoft have become public knowledge our team has been accused of attempting to extort or blackmail Microsoft, this is not true as we have made every attempt possible to make contact with Microsoft to offer the following:

- A complete summary of all hacking technologies (many of these technologies have not been released).
- Source Codes.
- All attacks which have been developed but not yet released.
- To sign a Non-disclosure Agreement regarding our discoveries.
- Further research on exploits, which would be exclusive to Microsoft.
- Full names of all hackers involved upon agreement of legal protection from Microsoft.
- Assistance in the development of future security for the XBox by working with Microsoft.

For the exchange, we were requesting but not demanding the following:

- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period.

Disclaimer, until a few weeks ago I was very active in Xbox Linux.

This just seems to me to be a cheap attempt to chisel money and personal advantage under the cover of pretending to be doing it for the benefit of Xbox Linux. "Assistance in the development of future security for the XBox by working with Microsoft" indeed!!!!

Anyone who has spent any time with the Xbox Linux project will immediately recognize the author of the "statement" by its novel spelling and tone. It'll be interesting to see just how what goes around is going to come around.

Looks like they weren't bluffing

[gibbo2]

A popular opinion when they threatened to release this was "they're just blackmailing Microsoft, but they've got nothing".

Looks like a different situation now that they've laid their cards on the table.

Good work guys.

Re:honestly...

[Malcontent]

"Give me a break. Why would it make sense for Microsoft to encourage Linux installs on a product solely meant to play games and movies, when it doesn't even port it's cash cow software for the real desktop OS? "

To sell more xboxes?

Think about it, even if MS lost money on every one sold they would have bragging rights. They could go araound saying that the Xbox is most popular game system and spread FUD around like peanut butter on rye toast.

They have 40 billion in the bank and can afford to lose tens (if not hundreds) of millions dollars to gain a monoply on the game console market.

Also with each passing day the cost of a Xbox goes down and eventually they will actually make money on the thing.

Re:Full text of article in case of /. effect

[Angry Pixie]

Actually, it is blackmail. Several of the things they request do have a quantifiable monetary value to them, and to others in similar situations. This includes the creation of an authorized product, refund of costs incurred, legal indemnification, and access to product designs and specs. It doesn't matter if they're willing to sign an NDA. Blackmail isn't limited to just the "give me X dollars or I will do something nasty you won't like." Any argument that Microsoft won't be harmed financially due to the release of this exploit is weak because Microsoft doesn't have to show actual financial damages from this. But that's just the civil suit. These guys will have more to worry about from the Justice Department in the criminal case.

This is not a step forward for the Linux community. It is an embarassing set back that could further strengthen arguments against using Linux and supporting the Linux community. It's just damn irresponsible of them.

Re:After reading the articles...

[grahammm]

How is putting hardware to a use not intended by the manufacturer "circumventing a coptright protection system"?

Re:Increasing weirdness

[Anonymous Coward]

Perhaps "someone" will "figure it out" and post whom they suspect the author is, as an AC...

how Bill could force a "fix" down your throat

[frovingslosh]

They could force a fix a number of ways, including if you ever "go live" and connect to them on the internet, but they could also make all future games include a dashboard "update" that would install itself whenever the game is run. So as long as you only run Linux (and they don't sneak anything in through Linux software with a trojan), you might be safe, but if you or anyone else ever plays a game on the x-box that was manufacturered after this date, they could get you.

Re:I think this will make Xboxen much more popular

[mikeophile]

Q4: Is it possible to play "backed-up" games with this?

A4: Yes it is possible to play pirated games by using this vulnerability but my proof of concept code will not allow this. You have to change the exploit to patch the kernel in memory. This is not very hard and I am not going to help you with this.

It seems that eventually the modded exploit will become available as well. So you'll have Linux plus the ability to play Xbox titles.

As far as cheaters go, yes they suck.

Wouldn't you rather be able to run your own Xbox Live server though?

For free?

Opera gives blacked-out page

[Empiric]

If any of you Opera users find the "Free-X Statement" link akin to a Spinal Tap album cover, the site hasn't been defaced or removed. Try another browser, Opera 7.0 appears not to render their page readably. Undoubtedly the site's fault, not Opera's, of course.

(me. [livejournal.com])

Re:After reading the articles...

[Kaeru the Frog]

Because it could be used to circumvent copyright. Of couse anything [msn.com] could be used to circumvent copyright protection. That's only one of the reasons why the DMCA is a bad law and every time a case concerning it appears in court I hope it is the one that kills the DMCA.

Thoughts

[knightPhlight]

New or old hat? :: This exploit, having been long awaited by linux hackers and warez kiddies both is different from both the 007 and MechWarrior hacks. It doesn't require the retail games making the hack free as in beer. Additionally, both require that the game is executed and a save is loaded to cause the overrun. To do this the disc must be in the DVD drive. Because the Xbox (without a third party BIOS) will reboot when the eject key is pressed, this severely limits what the DVD can contain (such as a bootable linux partition).

Patchable? :: Furthermore, Microsoft cannot permanently patch this hack through an Xbox Live update. Version 1, v1.2, & v1.3 Xboxes will always execute the current vulnerable code. Should they remotely update the dash; one would simply open the Xbox, write an old image to the hard drive, and reboot. In the process it would be trivial to add bert and ernie (the modified fonts). Xbox Live BIOS updates are not possible due to M$ imposed hardware limitations. Of course, third party BIOS updates are not a problem for those willing to open the case and get crazy with a little solder.

Availability? :: Legal or not, at this point it's not an issue for the end user. The base-64 posted by Mr. Esser isn't going away. Proof? Try this... [google.com]

X-Prize? :: Probably not. This cannot be executed or copied from a third party memory card ala 007. So opening the box is required. Partial payment maybe.

Be Careful

[acxr is wasted]

You Slashdot guys ought to be cautious about posting links to stories containing the exploit at hand. Remember what happened with the DVD encryption scheme and 2600?

Well, the damage is done..

[NanoGator]

.. I would *strongly* recommend that the Slashdot Community who's been all over this 'Linux on the XBOX' bs start doing something interesting with it, and I mean fast. It would look plenty embarrasing for MS if they went after them for releasing the exploit and then people started making good (and legitimate) use of it. If everybody just wants to play MAME on it with questionably legal ROMs, that won't help Free-X.

Might I suggest a DivX based media server that can rip DVDs? I know that seems to fly in the face of what I just said about MAME, however, its a good use for the XBOX, plus you'd only be ripping DVDs you own and with good reason. "I just wanted to have easy access to my library." Another suggestion would be to set up an XBOX as a TV based info center. It stays on-line all the time on Input 2 (or whatever channel your XBOX is on), when a commercial pops up, flip the channels and get your messages. Heck, set up a browser so that it cycles through your favorite news sites every 30 seconds and scrolls them or something.

At least with something like that, something that the XBOX is better at than a cheap-o PC, the case can be made for wanting to make these mods to the unit. That'll weaken MS's case (they'll probably try to say that copy protection is bypassed or something), plus it'll take a few pokes at the DMCA as well.

I hope are people listening. MS has got an army of lawyers.

Re:Full text of article in case of /. effect

[abradsn]

Pointing out that we are infringing on one copyright agreement in order to perpetuate Linux interests is a bad move. The Linux community should desire to keep away from negative aggressive behavior, less we become more like our adversary.
Also, should we not leave the bully (ie. blackmail) tactics to those inside the corporate sphere?

I don't understand

[sweatyboatman]

I think calling this blackmail is a little over the top.

These guys discovered a flaw in the XBOX that Microsoft was unaware of. They contacted Microsoft and informed them of the flaw. Microsoft was not interested. MS refused to discuss the flaw. It's clear from the statement that they tried to talk to MS. MS could have said "We want the information and we want you to sign an NDA and we wont even give you a thank you." But they didn't. Informed of the issue, they ignored it.

The information about the flaw is not Microsoft's property. Nor did Microsoft ever suggest otherwise. The people who discovered it can do whatever they like with the information. In this case, they released it to the public over the web. I don't see how this is blackmail as it is common practice to report bugs (and their exploits) publicly.

See you in jail, script-kiddies

[blair1q]

Free-X made a threat, and requested valuable consideration to forestall the threat.

bing-bing-bing-bing-bing-bing!

extortion [lectlaw.com]

Hope you like green baloney, chillun.

Re:Woops, too late

[tankdilla]

I find this amusing and interesting. It's yet another example of the wild-wild-west type environment that the Information Age is in now. People come up with ways to beat the system, and corporate comes back with litigation (ie RIAA comes to mind). And every once in awhile litigation works, but other times it doesn't work, and thus people will continue to find cracks in the system. There are many analogies that can be drawn from this (and i know this isn't really new news, since the Xbox has been cracked for awhile now), but I'm wondering when these big companies will get tired of waging war through litigation and just start playing hardball with the rest of the Internet. At some point Microsoft has got to get tired of all the stuff they go through and deploy some hackers themselves, to protect their interests. And this idea isn't really too far-fetched. Just today, the US government put a bounty on Saddam's head. That is an outright act of desperation to get him. The gov'ment uses spies just like other countries to gain counterintelligence. And they do it in a sneaky way, making sure the press just reports the official business, but never questioning where intelligence or 'fortunate victories' come from. Eventually these corporations will need to take a hint and start some black/grey hat work of their own to support their interests. Most likely it is already going on. But if it is, I can't tell. They keep getting caught with their pants down so much to the extent that we're barely even suprised anymore. It's almost expected at this point.

Bush: We will not bend to these terrorist demands.

[CaptCanuk]

These poor guys will be the next to be blown up when 120,000 troops jump them on their way to work. Seriously though, reading their demands, they are very close to blackmail. Microsoft took the same position that the US took in "Air Force One": We will not bargain with terrorists. Sure, they didn't blow anything up or there isn't some ISO you can burn and stick in the XBOX and poof, no security, but they did hold a list of demands that most corporations would have a hard time filling. Video Game Console manufacturers make money on software game title sells (as opposed to losing money on hardware).

"For the exchange, we were requesting but not demanding the following:
- Complete access to all documentation (chipsets, video etc.) to assist in developing a better Linux for the XBox.
- A signed Linux loader.
- Protection from Microsoft or support if any organisation/government attempted to prosecute members of our team.
- Refunding of the cost occured during the agreement period."

Since they requested the following, they were turned down on all accounts. I sincerely hope their lawyers are good enough to stave off microsoft's (who will be working on july 4th all day i'm sure). I also hope this is a first step to sticking in and loading a bootable Suse or Mandrake install CD.

yes

[SHEENmaster]

Because he doesn't realise this is just a small step for XBox customers.

When Linux first booted on an XBox, that was a big step. Everything since then has been a small step, and will continue to be so until we can just drop a disc into an XBox and boot straight to Linux.

I wish that M$ had given into the demands, or at least an authorized Linux bootloader. That would make things easier for Linux fans everywhere, and it would've prevented the easing up of piracy.

Re:Typical

[mausmalone]

even though I have no stake in this, I've gotta admit that I'm really disappointed in these guys. Normally, they'd only have to worry about the DMCA. Hacking an unshared system you own is not a crime in any way. Telling people about your experiences isn't either. The only concern is that this technology can circumvent systems designed to enforce copyrights, thereby making it a violation of the DMCA. It does have significant legal uses, and is only presented in such a manner.

Then they go and do this whole threaten/blackmail/extortion thing... doesn't really paint them in a good light. They'd be able to really champion this cause, if they didn't have to go and act like a bunch of script kiddies. Getting Linux on the X-Box without any hardware hacks is an amazing accomplishment, worthy praise and acknowledgement. Unfortunately, anyone who reports on this is gonna focus on the offensive stance they took and paint them as menaces.

And before I complain about them having egos anymore, I should digress and say that if I was good enough to hack an x-box with just software, I'd be pretty self-assured, too.

Too easy...

[borgdows]

It's time now to hack a *real* protection system made by a *real* console maker -> Nintendo Gamecube.

good luck everybody! (and you'll need it)

Usual hypocricy

[TheCabal]

I submitted a story about these guys a day or two ago, but of course it was rejected because it painted them in a less than favorable light (blackmail and all).

I'll ask the question again: Is this how the Open Source movement is going to seek legitimacy? By attempting to blackmail people?

Re:Typical

[evilviper]

MS after: Shut up! Sue them! This kind of thing is why we hate open source. They want to take our intellectual property and turn it into an experimental plaything.

Then next time, don't demand a Linux loader, demand a FreeBSD loader... They are always saying how much they love the BSD license, and they have a track record of using FreeBSD themselves. Then they couldn't use that arguement at all.

Re:Woops, too late

[GMontag451]

No, they didn't have to exploit anything. IBM published full documentation on the BIOS. All they had to do was "clean-room" engineer it. In other words, they had some guys paraphrase the documentation, and then had some other guys who had never seen the documentation implement a BIOS that did all the same things.

Re:Woops, too late? This is what MS wants....

[CaptnMArk]

People, just buy an mini-itx system. It's much more open, hackable and flexible.

Re:Well, the damage is done..

[Zork the Almighty]

Those are some good suggestions. Here's my (ordered) list of Xbox Linux Killer Apps :
Tivo / media server
MAME/Console emulator
Region Free DVD player
highly portable internet game server
video phone (with a USB camera and broadband)
digital camera / MP3 player software (so you don't need a PC)

Re:After reading the articles...

[Anonymous Coward]

..Circumvention only used for interoperability, which is allowed by DMCA.

Guess you didn't think of that before you vomitted up the troll label. Or maybe you're just "thick".

"You should never challenge a powerful company..."

[cliveholloway]

Right, you mean like these two did [mcspotlight.org]?

Terrible waste of time, eh?

.02

cLive ;-)

Re:Full text of article in case of /. effect

[Alsee]

how can such exploit be legal? If your door lock is easy to tamper with, is it implicitly legal for me to break in?

It is perfectly legal for you to "tamper" and "break in" if it's a lock on YOUR OWN DOOR. It doesn't matter if Microsoft built the lock, you bought the house.

The people using the exploit are using in on a machine THEY OWN. They can do anything they like with it. They can smash it with a sledgehammer or toss it in a blast furnace and vaporize the sucker. Of COURSE they can "pick the lock".

-

Re:I don't understand

[ahoehn]

I agree that this is a form of blackmail. We all have dirty little secrets we would like hidden from the general public, and that's why we're disgusted by personal blackmail. But companies have no such protection. We expect full disclosure; if there's anything that can be used as blackmail against a company we invest in, we want to know about it. There's a big difference in the sleazyness factor of corporate and personal blackmail.

That said, I don't like the way they tried to profit from their discovery, but I don't think it's as nasty as when similar things happen in the personal arena.

Re:How about Windows?

[M3wThr33]

That's what this exploit is doing. It's going to allow a lot more people to tinker around with the XBox. I'm really excited about this, because for a small memory card(I can borrow someone else's) and $180, I can have a Divx player or virtually anything. It's only a matter of time before the BIOS can be flashed without touching a screw...

Come on!

[Martigan80]

- Refunding of the cost occured during the agreement period.

So you are telling M$ that you want to be reimbursed for your work? Technically you are reverse engineering the product. So according to current laws you want to be reimbursed for acting illegally?

I'm just saying that even though we don't like the laws, we are still accountable for them. So they acted willingly to break the laws and then want rights to the design and money?!?!?!

I am all for the advancement of Linux, but come on people.

Re:Why don't they fix the exploit?

[Alsee]

Actually, they update the dashboard (what the exploit plays with) when you install the Xbox Live stuff

Any attempt to update the XBOX is merely a request from an outside source for the XBOX to update itself. But once you have control of the XBOX you can program it to ignore that request to update itself.

When you connect to XBOX Live they check to see what version you are running, but all they can find out is what the XBOX tells them. If you control the XBOX you can have it tell them anything you like.

They are going to run into the exact same problem with Palladium and TCPA. Once someone digs the key out of the hardware, or finds any other vulnerability, then they own their system. They can run an undetectable virtualized system. They'll have "god mode" over it and af far as the rest of the world can tell they are running a secure and "trusted" system. Hell, the security situation could wind up being worse because they are pretty much going to force you to "trust" other people running the system. It just means you're going to get screwed over worse when a computer you were forced to "trust" isn't in fact secure.

-

Re:After reading the articles...

[darien]

Actually, the EU seems to be heading in the opposite direction - while the US passes laws that make it easier for companies to get rich off individuals, the EU keeps issuing "statutory instruments" that make it progressively harder for businesses to enforce anything at all. And even if you are convicted of some sort of made up IP crime, you can always take the matter to the European Court of Human Rights, which pretty much always finds for the individual, because the EU Convention on Human Rights is a very broad and generous document.

Linux's reputation is getting a battering

[Ciderx]

This whole debacle makes the Linux community looks like little spoilt brats and about a million, billion miles from being a serious competitor to Microsoft. Even this morning, the mad Open Source kid in my team was sqwaking down the phone about this like some immature little hacker. And that's all this is about - getting a one-up over Microsoft over something so, so dumb not for any real purpose but for stupid bragging rights. This whole thing is a sham and anyone who condones this action or the blackmail attempt by this team is a disservice to the Linux community. rant over!

Re:I don't understand

[NewtonsLaw]

It's not necessarily blackmail.

For example, I uncovered a very significant security flaw in the online banking system of a local bank.

It took me some time to determine the scope, cause and effect of the problem -- and my time is money.

I then contacted the bank I advised them that they had a problem which, if not fixed, would almost certainly be picked up by others -- some of who might not be so benign.

I offered to hand over the results of all my work in return for payment for the time I'd spent (at my normal hourly rate).

They agreed and were most satisfied with the transaction -- since it most likely saved them a small (or large) fortune.

Was I blackmailing the bank?

After all, I wasn't about to hand over the results of my investigation without payment.

No, of course it wasn't blackmail. It was just the same as a plumber saying "I won't fix your toilet unless you pay me."

Of course there was no "threat" involved in my offer -- although if they'd chosen not to pay and fix the problem I may have informed the media that there was *a* problem (customers surely had a right to know if it wasn't going to be fixed)

In the Xbox case, Microsoft were offered a business transaction. The price would have been a signed version of Linux for the Xbox in return for the chance to close off the vulnerability and delay public awareness that it existed.

Clearly Microsoft decided that the price was too high -- after all, they've got to pay that building full of lawyers whether they're actually suing people or not so why not just resort to legal action instead?

Re:Woops, too late

[EzInKy]

Though I agree with some of what you say the bottom line is the purchaser of an X-Box owns the machine, not Microsoft. He can do what ever he wants with the hardware once he has the sales receipt in his hand.

Re:Woops, too late

[baldvin]

(I'd also feel better if uses for this machine running Linux weren't better served with a cheapy PC.) Xbox is silent. And it is very cheap, considering how much does it take to buy a pc that is this silent. I, and lots of others, do not have separate room where I could put that cheap pc. If Xbox is mine, I'd like to use it... because I need it. That means, there is a valid reason to use it for a different purpose, as a server, even if you didn't see it.

Re:And we are not suprised

[dafoomie]

2. The only companies to produce BIOS codes would be IBM, and people that paid IBM royalties

Compaq secretly agreed to pay IBM royalties on each PC they sold, so IBM would drop the suit. The agreement's existance was a secret until recently.

8. CD-R's would have been outlawed and require a liscence to buy or own
Some countries charge a "tax" on each CD-R sold that goes to the RIAA, because that CD "might" be used to pirate their music. I think Canada and Sweden do this, among others. If they get money on each CD-R, that should constitute a licence to fill it with downloaded music. But I think a lot of crazy things.

5. All operating systems that ran on PC's would have to be liscenced from Microsoft

Refer to the "Microsoft Tax" on most PC's made by the big companies, no matter what OS is on them.

You're dead on though... It's scary to see how much of that is actually going on today.

Two wrongs don´t make a right

[Anonymous Coward]

I think MS shouldve been told about the vulnerability regardless. And the exploit shouldve been released only after at least one month had passed. Asking Microsoft to support Linux under the threat of immediate disclosure of a vulnerability is just plain wrong and we would all cry foul if this was done to Linux, FreeBSD or Apache.

By the way, I think MS can fix the vulnerability for new systems. For existing users attached to XBox Live, Microsoft can even send a patch thru the net. And for the rest, a CD in the mail would do the trick (with a few extra perks just to get people interested).

Re:Woops, too late

[Dr. Evil]

"Give us what we want that's not in your own best interests or we'll tell people how to break your machine and potentially lose more money by having people buy XBOXes for uses other than buying the games that make them money."

It's a little more like:

"You know that problem you wouldn't help us with? Well, we figured it out, but we don't think you'll like the solution. Can you help us with an alternative solution which is in your best interest? No? Ok, then we'll just do it our own way."

Re:Woops, too late

[Anonymous Coward]

To me, the most critical thing in the hobby market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the hobby market?

Almost a year ago, Paul Allen and myself, expecting the hobby market to expand, hired Monte Davidoff and developed Altair BASIC. Though the initial work took only two months, the three of us have spent most of the last year documenting, improving and adding features to BASIC. Now we have 4K, 8K, EXTENDED, ROM and DISK BASIC. The value of the computer time we have used exceeds $40,000.

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these "users" never bought BASIC (less thank 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?

Is this fair? One thing you don't do by stealing software is get back at MITS for some problem you may have had. MITS doesn't make money selling software. The royalty paid to us, the manual, the tape and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in hobby software. We have written 6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very little incentive to make this software available to hobbyists. Most directly, the thing you do is theft.

What about the guys who re-sell Altair BASIC, aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at.

I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at 1180 Alvarado SE, #114, Albuquerque, New Mexico, 87108. Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software.

Bill Gates

General Partner, Micro-Soft

Isn't this all just a bit pointless?

[Theovon]

Compared to what you can get in a Walmart PC, isn't the Xbox kindof unimpressive technology? I mean, what are you going to do with Linux on Xbox anyhow? Certainly not cluster computing -- the Walmart PC would be cheaper and faster. Graphics? Buy the Walmart PC and add a Radeon -- then you'll have faster graphics than the Xbox.

What could you possibly get from running Linux on Xbox that you can't from the cheaper, faster Walmart PC?

Font Names

[BigBadBri]

You just gotta love anyone that uses 'Bert and Ernie' for the font names.

I'm surprised Big Bird never got a look in.

Seriously, though, If Microsoft want to market a crippled general purpose computing device, I'm not surprised that people are going to want to hack it just for the hell of it.

Good luck to the guys, and a big up to the Sesame Street gang.

Closed Platform as Mixed Blessing

[cait56]

For better or worse, the concept of selling a closed platform is legal. This is especially true if the buyer has adequate information to know that it is a closed platform. I would prefer a mandatory big red WARNING label to be affixed to all closed platforms saying "The retail price of this unit reflects a subsidy from the manufacturer. This subsidy is provided in anticipation of future revenues. Therefore this unit will only work with software lisenced by the manufacturer."

There are benefits to a closed platform to consumers.

• It allows a manufacturer who is optimistic to assume the risk that there will be an inadequate supply of software for the platform. If they don't produce their software, they just ate their subsidy.
• It allows all software to be signed and authenticated. Responsibility for any hardware damage caused by a software installation can be easily assigned to the lisencee who supplied the software.

The down side is simple. The consumer is being mislead by an artificially low up-front price into being locked into continued payments of a monopoly tax on each piece of software they purchase.

I believe the only solution is for the FTC to require platform vendors to offer their product in an unbundled format. You can buy an XBOX that will run third party software, but it might cost you $150 more.

Re:Lindows on Xbox

[Anonymous Coward]

You dont own them more money in games sales, but you also dont have the right to tamper with something you have agreed NOT to tamper with. I am sick of all this ego-centric self-serving thinking. Somone (well...microsoft) decided to release something at possible loss but protected by the law, so what right do you have to just violate that? Its selfish and nothing more. Just because you CAN do something doesnt mean you are allowed to under the law. Is there no respect for society here or what? THERE ARE MORE IMPORTANT THINGS THEN YOUR PERSONAL WANTS. Boggle.

Re:After reading the articles...

[Anonymous Coward]

This might sound off-topic, but I am reminded of the FCC and its recent ruling in favor of giving the most powerful media companies even greater monopoly power. (Most Americans aren't even aware that Colin Powell's son heads the FCC.) The problem has even gotten to the point that the media was powerful [fair.org] and arrogant enough to censor [adage.com] anti-war broadcasts. Remember also when Dan Rather granted Saddam an interview just before this second war, but this so bothered a White House staff bent on coercive social engineering that they blitzed every major TV station with broadcasts of the Pres.

One just gets the feeling that more and more, law and government are in bed with the largest conglomerate corporations to control and screw the lowly individual. That is what unchecked capitalism brings, and what we are trying to force upon the entire world.

Re:Woops, too late

[Anonymous Coward]

Did you even read Free-X's version of the story. They tried contacting Microsoft many times, even before going to the press, and got stonewalled every time. Microsoft couldn't even be bothered to meet with them to verify the exploit was genuine. This is sounding like the Microsoft of olde, who liked to refuse their software contained any security flaws what so ever.

No right to making a profit.

[MikeFM]

Once a machine is sold the seller should have no say in what I do with it. I paid for it afterall. If I want to run Linux on it that's my right. If I throw it in a closet and never use it that's my right also. Either way M$ would lose the same amount of money on the deal.

It seems to me that this group gave Microsoft a fair offer, to let them run Linux on what they have legally purchased, without having to play dirty. Since Microsoft didn't even try to make a counter offer I guess they shouldn't complain. They probably will use the DMCA to attack this group but IMO that just proves what a shitty bit of law the DMCA is.

Re:Woops, too late

[flyneye]

Aw c'mon punkin'.
I dont think anyone buys into the belief that if they purchase a tangible piece of equipment,that its still controlled by the whim of its creator.
No matter how many unread agreements they clicked,signed or were implied.
Put simply Microsoft is stupid for their "now you own it now you dont"business model.NO ONE and i mean NO ONE but anal lamers would agree let alone comply(remember this is the real world)
Best off if all remember: once i hand you the money and walk off with the merchandise,you have NO say so about what i do with it no matter how many lawyers you hire,no matter how many legislators you bribe.Its mine and if you want it back you better be able to fight with your hands.
That thought spent,I would also like to call up a lil history where wild bill gates sold mail order software for a "poplular electronics kit computer" and then stomped around and shook his fists when the code was copied and shared LONG BEFORE MICROCRAP EXISTED.Most people quit banging their head on a brick wall after the first strike but not a pinhead like Bill Gates!He instead makes a career out of flattening his pointy head.
So,with that in mind feel free to do whatever you like with whatever you bought and feel justified in knocking the teeth out of the losers who would play stupid games with IP.
Hey world i got news for you, if you want to keep IP secret,dont tell anyone,dont implement it and dont sell any examples.Anyone is allowed to make money from their ideas but like helium in a balloon,once its out,its out(no matter what non workable laws ignorant politicians write to increase their legacy.)
Damn,if only people would use common sense and their knowlege of people and the way the world is,instead of trying to force their unworkable fantasies of how it should be into effect.
In short:Screw Microsoft,we've no pity left for the bruise on his forehead.

But you DONT own the firmware

[nurb432]

While you do currently ( but not much longer i do forsee ) own what hardweare you buy, any firm/soft-ware that came with the device you only have a license to use.. at their terms.

X-Box Media Player

[rufus t firefly]

I'm really amazed that no one brought up the X-Box Media Player [xboxmediaplayer.com]. Honestly, it's the *only* reason I have considered purchasing an X-Box. At 150 USD for a used one (or less; I haven't been shopping recently), it's the cheapest VCD/SVCD/MP3/DivX/DVD/etc player I could get (since Mini-ITX boards with nice setups are still more money than that). I wonder who is going to be the first to modify the loader for it...

Re:Blackmail

[fermion]

Honestly whether is blackmail or not is moot. It is, in the end, normal business. MS does this with it's customers, giving them a choice between upgrades they don't need or massively expensive full version later on. The car companies, and most recently the airlines, have done this with the U.S. government demanding massive welfare payments to the corporation in exchange for not having massive RIFs. Consumers to this all the time, threatening to post bad reviews if their complaints are not solved.

It seems to me that all these kids wanted was a job. They proved their technical skill to do the work, they showed the perseverance, and appear to be rather clever. Sure the could just send a resume to MS, but who would have looked at it. We are told to be aggressive when looking for a job, but when someone actually is they get accused of blackmail.

How does this validate anything?

[tkrotchko]

"They've essentially validated the need for the DMCA. "

This is a non-sequiteur.

If I buy a piece of hardware, its not my responsibility to validate that vendor's business model, particularly since you haven't signed an agreement with the vendor agreeing to support that business model.

"Microsoft sells XBOX at a loss"

Maybe. Maybe not. I frankly don't care. They are competitive in selling price with other game consoles; it isn't my job to make sure their cost of manufacture is in line with the price of sale.

So I get my XBOX home, I hack it, or a friend hacks it. But it now functions in a way that Microsoft doesn't like.

Maybe. Maybe not. I frankly don't care. I bought it, its mine. I can use it to play games, I can use it as a skeet target, I can use it to prop open the basement door. Hell, I might even use Linux on it. If Microsoft will let me smash it with a hammer, if they'll let me use it to prop up my book shelf, but they won't let me use it to use Linux, I'd say MS is being pretty particular on how they want *MY* equipment to be used.

Just because Microsoft wants you to do something, why are you obligated to do it that way? I don't see the logical connection between the two. If Microsoft is willing to give me some benefit for restricting my use of the XBOX, they probably should have made me agree to it before I bought it.

Re:This is what MS says

[Psykechan]

"The software included in the Xbox product is licensed to you, not sold." It's on page 20 of the Xbox manual. [xbox.com] This exploit involves the dashboard which is MS property even if it's on your Xbox. It is not yours to do with whatever you would like.

Other nice parts of the manual state that your warrenty can be voided if your system is damaged by a virus. I asked MS about this once and they couldn't give me an answer beyond "don't worry about it". Unfortunatly, my experience with MS products says I should worry about it.

Re:Woops, too late

[Anonymous Coward]

Tell him his job is pointless - but if he's a professional, he knows this already.

I'm holding the finished NGSCB crack (codenamed Judas) right now. Yes, it's early. No, you can't stop it working without changing the spec. And that's all I'm saying for now :)

Re:IP in the EU rights charter

[darien]

Hey, this guy actually did some research! Good on him!

It is true that the second section of of Article 17 declares that "intellectual property shall be protected." However, as you imply, that's all it says: there's no inherent provision for DMCA-style übercopyright. Meanwhile, the first section of that same Article states that

Everyone has the right to own, use, dispose of and bequeath his or her lawfully acquired possessions.

While it admittedly doesn't explicitly say that you have the right to hack your XBox and publish your findings, I'd strongly suspect a European court would go for this interpretation rather than the one that would allow a company to disenfranchise the individual. The European Commission wants to keep that power for itself.