Tag Archives: Atari

Happy Birthday VMS

Posted on by

I just can’t help myself
I’m feeling like I’m going out of my head
Uncanny, strange deja vu
But I don’t mind
“Strange Deja Vu” Dream Theater

Micheal Janke at Last In – First Out has this great article entitled “There are some things about computers I really don’t miss…“. It’s a trip down memory lane designed to evoke that “what were we thinking” kind of reaction. Well it certainly had that effect on me, but also made me recall some really outstanding engineering that was going on at the same time. Since October 25th marks the birthday of one of those enormously influential, but incredibly underrated technologies, I decided to write about here. Now see what you’ve started Michael.

Way back in 1977 (October 25, 1977 to be exact) Digital Equipment Corporation released V1.0 of Virtual Memory System (VMS). To set the stage consider the following:

The Commodore PET and Apple II have just been released, the Atari 8-bit family won’t debut until 1979 and the IBM Personal Computer (PC) won’t be released until 1981. And Unix is an interesting toy in universities until it is enabled by the VAX11 architecture in 1978 when by that time there will be a whopping 600 machines running Unix in some form.

VMS or VAX11/VMS as it was initially released, was code named “Starlet” as it was the software companion project to the “Star” project, a 32-bit virtual address extension to DEC’s PDP-11 which ultimately culminated in the VAX 11/780. VMS programmers will recognize the STARLET.OLB and STARLET.MLB system libraries. Now you know where the name comes from. Throughout the years the name and platforms supported have evolved from the original VAX11/VMS V1.0 running on VAX 11/780 to OpenVMS V8.3 running on Alpha and Itanium systems. So what, OpenVMS was cool. What is the big deal? Well, it turns out that along the way VMS pioneered these features:

The upshot is that VMS was doing mission critical, highly available and secure computing while Unix was an interesting research topic and Windows NT (which was developed by Dave Cutler a Starlet project alum) was still vaporware. And doesn’t that list above give you some strange deja vu? How about “integrated database features”? Wait – isn’t that like the WinFS feature that was supposed to be in Vista but was shelved until (at least) Windows 7? And I’ve got to tell you that the first time I fired up Windows PowerShell it was definitely deja vu all over again. The irony is that while many nubes are whining that PowerShell is harder to use than a CMD shell, I totally get it. It’s just like a crippled, verbose DCL.

Sure there are some annoying things about VMS. At first. Like automatic file versioning. What VMS programming newby hasn’t run out of disk space with only two small source files before they realized that the system actually saved every version of those files by default. But what experienced VMS frog stomper hasn’t had their bacon saved by a judicious application of that same versioning feature (you just have to set it up right with DCL).

And then there are the stories and legends (at least one of which I know to be absolutely true), that go something like this:

Data center is being upgraded. In the course of cleaning up the IT guys discover an old VAX happily humming away in a closet. Nobody has any idea how long it’s been there or what possible use it could ever have served since a quick look at the console shows it running something called VMS which few of the IT guys have even heard of. So they unceremoniusly power it down. A short time later the help desk gets paniced calls from payroll: the main payroll system has gone off line for the first time ever.

Note: Blatant fishing for comments will ensue.

If you have any great VMS stories I’d love to hear them. Please comment away. I’d prefer that you have actual first hand knowledge of the voracity of the tale – but hey, if it’s good enough what the heck.

So anyway, to get back to the point, a fair portion of our “new and improved” features – particularly security and fault tolerance features – are in reality not so “new” as incremental improvements of, or directly borrowed from earlier systems like VMS. I think it’s a shame that OpenVMS never caught on the way that Unix, and later Linux did. Sure there are some obvious reasons for that, the high end hardware required, and the fact that OpenVMS has always been completely proprietary and very expensive. But you have to admit it’s certainly some excellent engineering.

To end on a high note, OpenVMS is not only still available, but still being actively developed (as far as I know). And you can get a development system to mess around with for a very low cost. Check out the OpenVMS Hobbyist Program.

So Happy 31st birthday VMS! I think I’ll celebrate by trolling the OpenVMS hobbyist site and contacting some of my old buddies in HP in Nashua to see if I can get OpenVMS 8.3 running on my Itanium box.

DRM is a security threat

Posted on by

For my entire career I’ve designed, developed, maintained and secured commercial software products. So it is definitely not lost on me that the revenue generated by sales of those software products is what pays my bills. If customers don’t pony up then my employers quit paying me. So believe me, I’m certainly not advocating that all software should be free (“as in free beer” to quote Mark Shuttleworth).

But at the same time I’m a software user. I use both open source software (free as in speech because I like to tweak it, and free as in beer because I’m cheap and I like beer) and commercial software that my wife thinks I spend too much money on. And I hate Digital Rights Management (DRM) software. Hate it. It’s inconvenient, intrusive and hey – I paid for the product and I don’t want DRM. For me that is reason enough.
Okay, I think most of us can agree that DRM is annoying and intrusive but how is that a threat to information security? Glad you asked. From a recent article on the Harvard Law Zeroday blog:

EA could help end DRM

The backlash over DRM has finally started to gather serious momentum. Everyday consumers started a campaign to give the highly anticipated game Spore one-star ratings on Amazon. Thousands of Amazon users labeled Spore a poor choice because of the SecuROM DRM system that is forced onto PC users machines that purchase the game. EA has backpedaled a bit and eased the restrictions on the number of installs per machine. They have even made a verbal (but unenforceable) promise to disable the DRM system by patch should they ever end of life the product. But so far EA refuses to give in to consumer demand that they simply get rid of the DRM system. They hold on to the claim that DRM helps reduce piracy. Yet 30 seconds of searching on a popular torrent site shows not only Spore but a cracked copy that totally removes all DRM from the game.
This is possibly the most insulting bit for consumers. People who are pirating the game actually enjoy more freedom in the sense that their system does not have SecuROM permanently installed onto the hard drive. In the recent class action suit the defendants publicly document how the DRM used in Spore remains installed even after the game has been removed from the users computer. SecuROM also operates at “Ring 0″ which is to say the core of the kernel layer which is clever in that it is hard to bypass the program yet dangerous because anything that goes wrong will completely destroy the users session. All of these facts are not made plain to consumers before purchasing the game. Only after they have purchased the game and start installation will they have the chance to read about the DRM system in the EULA. Retailers almost never allow returns on software once opened which leaves consumers who don’t agree with the surprise DRM in a very bad position.

I see, it’s that nasty malware that they foist on users’ machines that is the security threat. Sorry, good guess, but no cigar. That’s nasty for sure, but there is a very real and significant threat that is inherent to all intrusive DRM. To illustrate this I will defer to someone familiar with Electronic Arts (EA) software and who has way more gamer cred than me, my son Nick Webster. He reviewed the article above and responded thusly:

Atari implemented the same sort of system on Alone in the Dark. AITD didn’t get any cracks and remained untorrentable largely due to the suckiness of the game, crackers didn’t waste their time on such a poor excuse for a game.
That MIGHT be why EA is claiming DRM works, cuz no one stole Atari’s AITD. You can clearly see their logic, “They had this really BAD game that no one wants to play, but it had DRM so no one stole it. DRM MUST WORK!!!”. Assuming you haven’t suffered brain damage you can obviously see where their logic is wrong. The REAL solution to keep people from stealing your game WAS hit upon in AITD, though, just make the game BAD and have Yahtzee FLAME it that seems to help.
My general tactic with all of this is to just NOT EVER buy EA games. So far the only game I’ve  seen with any sort of REASONABLE DRM is UT3. They let you install it on as many comps as you want, you just can’t have more than 15 people logged ONLINE with your code at ONCE. Seems fair, right?
Or if you MUST be nasty about your DRM the BEST tactic is the old school one, leave some music on the CD that will be needed to load the game. Then the no-cd-cracks will hinder game play and frustrate the player, as Daemon Tools requires lots of work to get it to actually let you play games OFF the ISO.
Anyway… as a side note I DID go rate spore a 1 on Amazon the current rating for the game is like 1.5 stars… glad to see there are a lot of us out there.

Note: apparently Yahtzee doesn’t like Spore much either – so Nick could be on to something here!

Still not see it? I’m not surprised. It’s because Nick and the Zeroday author were both vague yet obvious in suggesting how to deal with intrusive DRM: They don’tthey torrent a cracked version of the software. This is where the very real and present security threat lies. Not only are warez sites notorious for purveying malware, but there are companies like MediaDefender that actually inject “spoof files into the [torrent distributors] network without permission … as part of its antipiracy efforts to dilute the pool of pirated content online”. Yikes! In fact this particular “antipiracy” effort caused a serious Denial of Service (DOS) attack on the popular – and completely legitimate – Revision3 network. So what happens when an employee decides to download a Spore crack from a warez site on your corporate network? Or what happens when your kid decides to grab it on your home network (note to self – check those firewall and IDS logs!).

The bottom line is this – at best DRM is ineffective and is counterproductive to the vendors antipiracy efforts. It is ineffective because people who want to steal your software and bypass the DRM can do it quite easily and it is counterproductive to your antipiracy efforts because it’s easier for users to deal with the pirates than it is to deal with the DRM. And what about the real sales lost due to DRM. Not the bogus sales lost to piracy (I posit that people who steal your software would not have paid for it, ergo they cannot be counted as lost sales), but the real sales. Some due in part to the free advertising you get from piracy. That’s right, I can’t count the number of software packages I have purchased after trying a “borrowed” copy. Nowadays I rarely have to resort to anything as nefarious as “borrowing” software since most shareware (I’m partial to small independent software developers) now employ a “try before you buy” model where I can try the full unencumbered program for several weeks before buying it. Just ask my wife how effective this model is – based on my software spending habits. But even though I can easily “borrow” a copy of Spore to try it out before I pony up $50 American, I absolutely will not consider it as long as EA insists on forcing the DRM on me. I may, however, go to Amazon and give Spore a 1-star rating.

But the point of this rant is: When your company implements a strictly self-serving mechanism that not only is ineffective in accomplishing it’s intended purpose, but has the (presumably) unintended consequence of promoting risky and (potentially) illegal behavior that increases the threat exposure on the network, I have a real problem with that. Sure we can disallow all P2P activity on our business networks – but what about users who need access to legitimate groups that rely on torrents to distribute their software like the Fedora project? Or we can teach our children that stealing software is wrong and they should always pay for it – but what about software that forcibly installs malware like EA’s SecuROM? I think the better lesson is “vote with your wallet” – don’t buy bad stuff that you don’t want – especially if it’s bundled with something you do want.

So how about it, EA? Why not do everyone a service and just say “no!” to stupid ideas like DRM. You won’t have to pay for it, and we won’t have to put up with it. Sounds like a win-win to me. And maybe I’ll consider buying your software instead of flaming you. Hey fifty bucks is fifty bucks. Or do you really need to suck up to Sony that badly. Whoa I better stop here – I feel a great conspiracy theory coming on.