Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Windows XP Key Generator Surprises No One

By rusty in News
Wed Feb 20, 2002 at 07:25:12 AM EST
Tags: Security (all tags)
Security

With Windows XP, Microsoft unveiled a new anti-copying system called "Windows Product Activation." Each XP CD comes with a product key, which is sent off to Microsoft along with your machine's hardware configuration when you first activate a new installation. The goal was to reduce "casual copying" by tying a Windows installation to a particular machine. Give your CD to a buddy, and he can't activate it because your hardware is already on record at MS.

But what happens when crackers figure out a way to generate valid activation keys? How could MS differentiate between the key that came with your CD and one that you generated yourself? K5er DaSyonic asked that very question here, back in July, posing a "Denial of Operating System attack." At the time, it was speculation. Last week, the problem got a whole lot less abstract. To no one's shock and surprise, the XP key generator now exists.


First reported on Heise.de [German, English via Google], a group called TheBlueList has released what is, by all accounts, a working XP key generator.

Heise reports being able to generate 25 valid keys in one night. Another site, Betanews, reports generating two working keys and twenty-nine failed keys in seven minutes. "Both keys were each able to correctly activate a retail copy of Windows XP in the test lab," wrote Betanews' Nate Mook.

"So," speculates The Register's John Lettice, "the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast."

A site called MSBetaNG offers the generator for download. I'm not sure how far away from a "circumvention device" it's legal to link these days, so I'm playing it safe. Please, no one post a direct link to the keygen itself here, because that would be almost guaranteed to land me, and K5, in legal trouble that we don't need. You're all clever, I'm sure you can find it.

So the big question now is, what happens when the virgin key on your full-retail box copy of XP has already been registered by someone else?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
WPA:
o Is toast 45%
o Will be fixed 5%
o Who cares? 48%

Votes: 151
Results | Other Polls

Related Links
o Google
o Windows Product Activation
o Denial of Operating System attack
o German
o English via Google
o Betanews
o The Register's John Lettice
o MSBetaNG
o Also by rusty


Display: Sort:
Windows XP Key Generator Surprises No One | 94 comments (86 topical, 8 editorial, 1 hidden)
microsoft (1.02 / 35) (#1)
by Noam Chomsky on Wed Feb 20, 2002 at 03:09:32 AM EST

The US is able to do this through it's economic structure that works globally. Of course, because of capitalism. Corporations control the game, thus they work through monopoly. Corporations are beginning to constantly merge together, and this power is falling into the hands of hands of plutocracy. This is embraced by the few (and fewer) who work through oblopoly (such as gas, oil companies.. AOL, Microsoft, IBM.. Levis, Tommy .. etc). It's becoming obvious that the United States free enterprise was never a motive for need. Instead it's workings carry out one agenda for greed, weapons, power and division.

Whoever you are... (2.00 / 8) (#41)
by demi on Wed Feb 20, 2002 at 03:26:09 PM EST

I love you.



[ Parent ]

haha. (1.00 / 1) (#79)
by valeko on Thu Feb 21, 2002 at 04:17:47 PM EST

You're obviously trolling, but ironically telling something pretty close to to the truth ... I thought you weren't supposed to recite common knowledge in trolls...


"Hey, what's sanity got going for it anyways?" -- infinitera, on matters of the heart
[ Parent ]

url redirection (3.12 / 16) (#4)
by cp on Wed Feb 20, 2002 at 03:30:40 AM EST

Why not just use one of the many free url-redirecting sites out there and link to the file "indirectly"? Better yet, why not string a couple redirect sites together so it gets batted back and forth a dozen times between others' sites before finally resolving to where you intended it?

Ha (4.42 / 7) (#7)
by rusty on Wed Feb 20, 2002 at 03:35:31 AM EST

Look, I'm on fire!

I don't know what the current state of the courts is on ludicrous no-linking legislation. I figured a link to a Google search for a website would be safe enough. Who knows how far they're willing to go with all that, but I'm personally not up for a big legal battle right now.

____
Not the real rusty
[ Parent ]

I think (4.14 / 7) (#18)
by Delirium on Wed Feb 20, 2002 at 06:30:14 AM EST

The current tentative line is that linking to a file itself is illegal, but linking to a page that links to the file is not. Thus 2600 was guilty for linking to the DeCSS code, but the NYTimes was not guilty for linking to 2600 (which in turn linked to the DeCSS code).

[ Parent ]
Call me a cynic (4.00 / 1) (#37)
by decaf_dude on Wed Feb 20, 2002 at 02:04:31 PM EST

But my view is that the rats sued 2600 because it's a (misunderstood) niche mag with no corporate backer; they'd never dare sue the mighty NYTimes.

I agree with you, though: 2600 is guilty, NYTimes is not - but for different reasons alogether.

--
http://slashdot.org/comments.pl?sid=89158&cid=7713039


[ Parent ]
E.g., Publishing How To Build a Nuclear Bomb (5.00 / 2) (#42)
by truth versus death on Wed Feb 20, 2002 at 03:49:02 PM EST

Not sure why one would think 2600 was any more 'guilty' than the New York Times. But there is a clear First Amendment Right's argument for linking to any binary content: the government itself, by way of the Copyright Office, considers compiled code expressive. Otherwise, Microsoft would have no rights to its Windows software (which is under discussion).

Since what 2600 was linking to was expressive content (unless the Copyright Office wants to remove copyright-protection for software), 2600 is clearly covered in its conduct by the Constitution of the United States.

Judge Kaplan errored big time.

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
Wow (5.00 / 1) (#44)
by dennis on Wed Feb 20, 2002 at 04:59:07 PM EST

the government itself, by way of the Copyright Office, considers compiled code expressive.

That's an argument I haven't heard before but now that you mention it, it seems obvious. Any lawyers here who can poke a hole in this? Because it seems like it would invalidate the DMCA, all encryption regulations, and maybe even software patents.

[ Parent ]

Holes (5.00 / 1) (#63)
by Loki The Younger on Wed Feb 20, 2002 at 10:04:40 PM EST

I'm no lawyer, but I've read a response to this argument from one. Basically, the problem with this argument is that code is expressive speech, but it is also functional speech (that is, it can do things as well as express ideas), and thus may not receive the same legal protections that purely expressive speech does. This doesn't mean that code receives no First Amendment protections, just that due to its functional nature, it doesn't receive the same protections that, say, political speech does.



[ Parent ]

Re:Holes (5.00 / 1) (#66)
by truth versus death on Wed Feb 20, 2002 at 10:59:41 PM EST

There's no such thing as "functional" speech, at least with a legal distinction, until Kaplan's erroneous ruling. And, by such flawed reasoning, the designs of a building or instructions on how to make a nuclear bomb can be regulated since they are "functional". Bah. You can't regulate speech based on how it might be used. You can only regulate it if it is in fact used in a certain narrowly defined way considered illegal. Distributing the source code or even executable binary for DeCSS is not using speech in any particularly "functional" way (as the distinction is meant). Actually executing the compiled code is using the "functional" aspect of the speech in a way which might be illegal if that function is illegal. But that still doesn't allow the U.S. courts or U.S. corporations to regulate speech in advance of it being used in an illegal way. You can't stop the distribution of an expressive work just because someone might follow the directions and do something stupid, even if the function requires the assistance of a computer.

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
Functional Speech (none / 0) (#67)
by Loki The Younger on Wed Feb 20, 2002 at 11:32:51 PM EST

There is to a legal distinction between functional and expressive speech. An example given in my article was a party in a contract saying "I accept". That is purely functional speech. Another example would be a minister saying "I now pronounce you man and wife." These statements are types of speech that do things.

The question, of course, is whether source code, which does nothing by itself, counts as functional speech. Certainly source code, being a list of instructions, isn't functional in the same sense that the statements I listed above are. Yet it's clearly more functional than a purely expressive statement, such as "Bush sucks!" And although I have no ready examples, I'd be quite surprised if speech that consists of instructions on how to perform a (potentially) illegal act have indeed never been denied full First Amendment protection by the courts, as you appear to imply.

Note that I'm not condoning Judge Kaplan's decision. Personally I tend to agree with your assessment that the speech (source code) should not be restricted; the illegal activity should be (possibly). But your argument cannot, by itself, knock down Kaplan's ruling on First Amendment grounds.



[ Parent ]
Speech (none / 0) (#71)
by truth versus death on Thu Feb 21, 2002 at 02:05:45 AM EST

Your argument cannot, by itself, knock down Kaplan's ruling on First Amendment grounds.

Yes, actually it can. And, yes, actually it does. Even if there are many more arguments against his flawed ruling.

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
Functional speech (5.00 / 1) (#74)
by dennis on Thu Feb 21, 2002 at 09:45:51 AM EST

Seems to me if we want our laws to be consistent, we have two choices:

1) Compiled code is functional, in which case you can't copyright it, or

2) Compiled code is expressive, in which case you can copyright it, but it has first-amendment protection.

But instead of a consistent legal treatment, we say it's sorta both, which lets us treat it one way or the other depending on which best serves entrenched interests in any particular situation. This is bogus, imho. The rule should be iron-clad: if you can copyright it, the first amendment protects it.

[ Parent ]

Sigh (5.00 / 1) (#55)
by decaf_dude on Wed Feb 20, 2002 at 08:20:32 PM EST

Not sure why one would think 2600 was any more 'guilty' than the New York Times.
I guess cynicism/sarcasm of my first sentence whooshed right by you. I was saying that 2600 is guilty because they're a niche misunderstood mag with no corporate backers, while NYTimes is not guilty because... well, because they're the NYTimes. Get it?

--
http://slashdot.org/comments.pl?sid=89158&cid=7713039


[ Parent ]
Re:Sigh (none / 0) (#64)
by truth versus death on Wed Feb 20, 2002 at 10:33:01 PM EST

Understood.

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
hmm.. (none / 0) (#53)
by Mysidia on Wed Feb 20, 2002 at 07:53:34 PM EST

The current tentative line is that linking to a file itself is illegal, but linking to a page that links to the file is not. Thus 2600 was guilty for linking to the DeCSS code, but the NYTimes was not guilty for linking to 2600 (which in turn linked to the DeCSS code). So if asdf posts a link to http://whatever.example.com/index.html and the owner later replaces 'index.html' with some DMCA-illegal program, it's asdf's doing illegal things?

Do we ban books that contain references to page numbers in other books that encourage or describe illegal activity but at the same time not ban those that specify no page number?

Methinks the xxx link crud an absurdity, but then the US legal system might be one of the biggest absurdities of them all, at least so far as it's tried to apply itself to the web, the net, and really... technology in general[?].



-Mysidia the insane @k5
[ Parent ]
well (none / 0) (#56)
by Delirium on Wed Feb 20, 2002 at 08:50:50 PM EST

The analogies on both sides are all flawed in various ways, but bbviously I agree with you that the whole issue is ridiculous. The reasoning I've heard for the current position (note that it's still very much a tenuous position and courts have issued conflicting rulings) is that including a link to a program is "providing" an item in a functional sense, not "telling you where to get it" in a speech sense. Thus it'd be more akin to including a little packet of anthrax with your book on bioterrorism rather than merely providing instructions for how to acquire such a substance.

I agree it's a rather flimsy argument.

[ Parent ]

.sig (OT) (1.66 / 3) (#22)
by jonr on Wed Feb 20, 2002 at 07:59:55 AM EST

hehe... that comment does not exist anymore on slashdot. :)

[ Parent ]
Now now, rusty (none / 0) (#43)
by cp on Wed Feb 20, 2002 at 04:16:56 PM EST

Look, I'm on fire!
Hush, you'll spoil it for all the individuals who like to rate comments in knee-jerk fashion without following the link.

[ Parent ]
Intriguing question. (3.72 / 11) (#6)
by nr0mx on Wed Feb 20, 2002 at 03:34:13 AM EST

So the big question now is, what happens when the virgin key on your full-retail box copy of XP has already been registered by someone else?

I'd be interested in the legal ramifications of this action. Thinking logically M$ should be responsible for refusing to activate your legit copy. On the other hand, who knows just what rights you gave away when you bought the product.



No no no (3.30 / 10) (#9)
by Nickus on Wed Feb 20, 2002 at 03:52:17 AM EST

M$ would probably first refuse to activate your copy, force you to buy a new one, send BSA after you, sue you and throw you in jail since you are a software pirate. You have to be because the codes are unbreakable.



Due to budget cuts, light at end of tunnel will be out. --Unknown
[ Parent ]
Reading=Good (5.00 / 2) (#59)
by ahsyed on Wed Feb 20, 2002 at 09:29:01 PM EST

On the other hand, who knows just what rights you gave away when you bought the product.

Someone who read their EULA.

[ Parent ]
WPA was dissected by Licenturion.com (4.41 / 12) (#10)
by Vs on Wed Feb 20, 2002 at 03:57:17 AM EST

Almost a year ago (July 2001), Licenturion (Berlin, Germany based, despite the .com) came up with a detailed analysis of WPA and documented how your hardware id changed when replacing parts:

http://www.licenturion.com/fl.cgi?arg=0302

Strangely even Heise omits this reference.
--
Where are the immoderate submissions?

Heise had it before (4.00 / 2) (#13)
by moeffju on Wed Feb 20, 2002 at 04:32:45 AM EST

Just for your information, it was on Heise long ago. They just didn't mention it in this article again.

[ Parent ]
That's what I wanted to point out (3.00 / 1) (#24)
by Vs on Wed Feb 20, 2002 at 09:17:07 AM EST

You're right, I just didn't remember where I saw the article.
--
Where are the immoderate submissions?
[ Parent ]
The Ultimate Copy Protection (4.87 / 24) (#12)
by Eloquence on Wed Feb 20, 2002 at 04:01:18 AM EST

Did MS create WPA to make Windows uncrackable, uncopyable? Of course not. Like it or not, Microsoft hasn't become the behemoth they are by employing large amounts of dim-witted people. They have even frequently admitted that cracks would be inevitable. So why harass honest users while crackers still carry on their deeds? I think WPA serves two purposes, both of them revealing a lot about Microsoft.

The first purpose is to stop Joe User from installing the copy of Windows he got with his PC (now only labeled a "Recovery CD") on his friend's machine which still runs Windows 98. This assumes that neither Joe User nor his friend have access to channels where Win XP can be acquired in cracked form without WPA. In the current low-bandwidth world, this is not an unreasonable assumption (most users will probably be unable to handle complex cracking procedures and need to download a full "warez" version).

Still, the largely fictional losses due to piracy are IMHO not a big enough motivation to piss your users off on such a large scale. The second, more speculative purpose is to tie the OS closer to the Net. This is, obviously, a big part of the whole .NET strategy. Windows XP now includes built-in graphical terminal client and server capabilities (within MSN Messenger), which are the requirement for running software on a remote server. While Microsoft has always lobbied for powerful clients (PCs), it is not unreasonable to speculate that they will want to combine them with equally powerful remote servers -- without which certain applications will not run. This seems to be an integral part of the whole "Hailstorm" (now fluffily renamed into "MyServices") strategy for tying web services into applications. I hear that even trivial Microsoft games now require Net access, but I haven't verified that.

Thus, WPA will be an excellent test case for consumer acceptance of an OS that requires Internet connectivity. (WPA is also possible via phone, which is a very tedious process -- almost deliberately so. Definitely not something you want your grandma to do.) It is therefore irrelevant whether WPA is actually effective -- running applications or essential procedures on a server is the ultimate copy protection, and I would bet that Microsoft already has tons of internal memos analyzing the merits of such a strategy -- and possibly prescribing it.

.NET as a whole, if successful, will be the worst monopoly abuse Microsoft has ever committed. And you and I know that they will probably get away with it.
--
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!

WPA by Phone (4.60 / 5) (#21)
by pwhysall on Wed Feb 20, 2002 at 07:42:26 AM EST

WPA is also possible via phone, which is a very tedious process -- almost deliberately so. Definitely not something you want your grandma to do.
I must take issue with this point. I have activated several XP products over the phone (I work in a corporate IT department and have had to activate products such as Office XP and friends) and it was quite easy and painless.

The nice person from Microsoft (I've called MS UK on more than one occasion and they do seem to hire very nice people for the phones) talked me through the whole process, never rushing me, always repeating information that needed to be repeated and basically this was one log you couldn't fall off.

If you are capable of listening to what is said to you and following some very basic instructions, you can do WPA by phone.

As I'd never done this activation lark before, I chose to do it by phone rather than over the internet because at least if anything went wrong I could speak to a yooman bean.
--
Peter
K5 Editors
I'm going to wager that the story keeps getting dumped because it is a steaming pile of badly formatted fool-meme.
CheeseBurgerBrown
[ Parent ]

WPA by phone (4.25 / 4) (#35)
by Robosmurf on Wed Feb 20, 2002 at 11:43:17 AM EST

Actually, from my experiences, WPA is much better by phone than by internet.

The internet activation will only work the first time that code is used. If you need to reinstall or something changes, then you will need to activate by phone.

I ran into this when upgrading to XP, which destroyed the activation of Office XP, which then failed the internet activation...



[ Parent ]
Apparently different in DE and UK (4.50 / 2) (#48)
by Eloquence on Wed Feb 20, 2002 at 06:55:56 PM EST

In Germany, the activation process is completely human-less. You can't ask any questions, just enter numbers -- and if you mistype, re-enter the whole sequence. It's really quite annoying.
--
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!
[ Parent ]
So what d'ya want me to say ? (1.80 / 5) (#33)
by nr0mx on Wed Feb 20, 2002 at 11:42:49 AM EST

You just broke my heart, d'ja know that ? :(
I had grown to love the reality which you just tore to shreds.
What the hell, I suppose it'll be a couple of days wait for my next anti-M$ fix.

--
I live in the hope of a better tomorrow.

[ Parent ]

WPA not a "test case for consumer acceptance& (3.50 / 2) (#57)
by ahsyed on Wed Feb 20, 2002 at 09:21:56 PM EST

Windows is Microsoft's flagship product. It's second only to Office in revenue. Like you said, Microsoft is not filled with narrow minded idiots. Do you think those same people would make such a mainstream release as Windows XP a mere ginney pig? I highly doubt it. Usually test cases are done on smaller samples rather than a company's icon product.

Your argument is also contradictory. You start off by saying that MS didn't create WPA to lower pirating, but then you say "most users will probably be unable to handle complex cracking procedures and need to download a full "warez" version". So I would say even if that wasn't MS' true goal, it atleast worked (the best an anti-piracy mechanism can). Meaning even the Joe Hackers had a harder time getting their hands on XP (in the sense they couldn't just copy a retail CD), so that means the Joe Users definately can't pirate XP. I consider that a success.

Anti-piracy, much like security, is a cat and mouse game. The "elite" folks can get around both, while "common" folks can not. But you don't stop pursuing security, or anti-piracy mechanisms, just because those "elite" folks can break it. You make it harder and tougher for them.

[ Parent ]
Guinea frogs (4.50 / 2) (#60)
by Eloquence on Wed Feb 20, 2002 at 09:40:06 PM EST

Actually, I would imagine that Microsoft uses a boiling frog scheme for its Internet plans. That is, increase the heat in small, unnoticable steps. There were already tests on a smaller scale (bundling Internet features into Encarta, using self-downloading software managers instead of large packages etc.). WPA was merely one of the larger tests.

Also, I didn't say that MS did not create WPA to lower pirating, I said they didn't create it in the belief that it would make XP uncopyable or uncrackable. It does, however, (temporarily) lower pirating through a concept of "soft security", if you want. So I actually agree with you.
--
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!
[ Parent ]

Thanks F7... (none / 0) (#62)
by ahsyed on Wed Feb 20, 2002 at 09:50:25 PM EST

...since you're a better spell checker than I ever was. :) And I misunderstood your uncrackable/uncopyable statements, I apologize.

But I don't see this as temporary "soft security". It is only temporary for the computer users that know how to get around it (minority). It is permanent for the computer users that _don't_ know how to get around it (majority). Anti-pirating mechanisms, IMHO, are successful when those that can't get around them stay in the majority.

[ Parent ]
Temporary because .. (none / 0) (#65)
by Eloquence on Wed Feb 20, 2002 at 10:38:16 PM EST

.. the availability of complete warez versions will increase with bandwidth. Currently it's still kind of hard to find large apps on file sharing networks, because there are not enough high-bandwidth users willing to share them. But as Napster and Morpheus have shown, file sharing networks, including decentralized ones, can be used by virtually anyone.

Microsoft knows this, which is why I expect them to go down the whole software-as-service route.
--
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!
[ Parent ]

Not temporary because.. (5.00 / 1) (#75)
by ahsyed on Thu Feb 21, 2002 at 10:33:45 AM EST

XP was hoping only to stop piracy for XP. And if users are still majorly on dial-up, not to mention those that call in, then XP's WPA works. And I agree that when broadband is the majority, Microsoft will definately change their anti-piracy techniques to accomadate for Napster-like clients.

So WPA is temporary in the sense that it's going to be used for this release of Windows and maybe even the next. But it's not temporary in the sense that still only the "elite" can get around it while the "common" folk can not. And that's all that MS wanted.

[ Parent ]
Correction (none / 0) (#76)
by ahsyed on Thu Feb 21, 2002 at 10:35:36 AM EST

MS was hoping only to stop piracy for XP.

[ Parent ]
Great Horny Toad! It's all about spam! (4.00 / 3) (#58)
by martingale on Wed Feb 20, 2002 at 09:23:25 PM EST

You make an interesting case on the reasons for the product activation key, but let me mention some creative uses I can think of:

Until Windows XP, there has been no reliable (AFAIK) way of separating home consumers from corporate users, since both use the same version of Windows. Sure, there might have been "professional" OS versions and "home" versions, but corporate sysadmins would buy/install whichever version they wanted, as a function of price and needed capabilities. Similarly, home users would buy whatever version they wanted and could afford.

Intel notoriously tried to put a unique identifying serial number in every pc, but was (rightly so) publicly flamed for it. So there's no reliable way to know if a given Windows user is "corporate" or "home".

Enter product activation, which is not required by copies sold to companies. Each company's sysadmin can still decide to buy whichever version of Windows they want, but now there's a strong incentive to get the pricier corporate version and not deal with activation problems. Each home user as usual either gets the OEM version (with product activation) or goes out and buys the corporate edition.

The consequence is that a user of Windows XP-with-activation-key is highly likely to be a home user, and the activation key encodes the home user's hardware configuration.

One kind of thing this extra information is useful for is targeted advertizing. Windows XP "home" could be a spam magnet, whereas Windows XP "corporate" could be set up to refuse a lot of inappropriate advertizing so as not to alienate the companies too much. The possibilities are mindbending.

just my two cents.



[ Parent ]
MS aren't that bad ... (none / 0) (#91)
by sgp on Mon Feb 25, 2002 at 08:07:40 PM EST

The Evil Empire has better ways of making money than selling spamlists, though.

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Always remember the '80s. (4.00 / 1) (#94)
by haflinger on Mon Feb 25, 2002 at 08:45:16 PM EST

This assumes that neither Joe User nor his friend have access to channels where Win XP can be acquired in cracked form without WPA. In the current low-bandwidth world, this is not an unreasonable assumption (most users will probably be unable to handle complex cracking procedures and need to download a full "warez" version).
Bandwidth be damned.

Joe User probably has a CD burner. All he needs is a friend who has a burner who has a friend who has a burner who has a friend who has a burner ... who has a friend who visits warez sites. This is already happening with movies. Most of the people watching divX ;-) downloaded movies (and the other formats, too, of course) don't have T3s in their living rooms. Rather, they have burners, and friends with burners.

Burners are cheap and common.

Did people from the future send George Carlin back in time to save rusty and K5? - leviramsey
[ Parent ]

The number of licences (3.71 / 7) (#15)
by Zeram on Wed Feb 20, 2002 at 04:43:04 AM EST

I was actually thinking about this the other day, after I read about this crack on El Reg. Specifically:

So the big question now is, what happens when the virgin key on your full-retail box copy of XP has already been registered by someone else?

How many possible combinations could there be for the keys that M$ is generating for XP? I can't imagine that they would stop any where short of several hundered million, perhaps they may even drift into the billion range. Acording to The Register the crack utility took all night to generate 25 licence keys on a half way decent machine. Well I'm not a math major, but I think it's fair to assume that that means that the keys are fairly large and therefore there are quite a few of them. Even if you low ball the figures and say that M$ only has about 150-200 million licence keys available, what are the chances of hitting someone elses key? That doesn't seem like good odds to me.
<----^---->
Like Anime? In the Philly metro area? Welcome to the machine...
curiosity (3.50 / 2) (#16)
by axafluff on Wed Feb 20, 2002 at 05:36:02 AM EST

In a quick run of "bc", the arbitrary precision calculator, on Linux with the assumptions that the key is 25 characters and includes capital letters and digits, I got the following result for the total key space:

25^36 = 211758236813575084767080625169910490512847900390625

1 billion MS generated keys occupy about 4.72 * 10e-39 % of the total key space.
To get a perspectice on that number: I have 400 poker chips which I think is quite a few. The chance/risk that you will cash in more chips than you came with is about 10e-1 %.

[ Parent ]
Hmmm (4.00 / 3) (#17)
by Zeram on Wed Feb 20, 2002 at 06:13:48 AM EST

As I said I didn't delve into the math, but that does make sense. The real question is exactly what percent of the key space they are using. I know they plan to sell XP like there is no tomorrow, so I honestly can't see them using anything less than 500 million keys, but who knows... That is assuming they use the same keys for all versions across the world.
<----^---->
Like Anime? In the Philly metro area? Welcome to the machine...
[ Parent ]
Not quite that simple (3.75 / 4) (#26)
by X3nocide on Wed Feb 20, 2002 at 09:41:34 AM EST

It took the computer 7 minutes to generate two valid keys. The keyspace is far smaller than the 25^36 you cited. A valid cd key not only matches the well-formed-ness of a winXP activation key, but it must also be flagged for use at a MS server. Every valid key you find corresponds to a box labeled winXP on some retailers or maybe even comsumer's inventory.

Thats why it takes so long to verify generated keys. I think its safe to say that MS may try to limit IPs to 3 errors a day or something like that. That could be a pain for IT depts. running a proxy server, but then again, I don't know shit about networking.

pwnguin.net
[ Parent ]

Limiting IPs (4.00 / 4) (#29)
by dasunt on Wed Feb 20, 2002 at 10:13:24 AM EST

I have a small DHCP pool of about 10 addresses, and I've activated many a copy of Windows XP and Office XP. Unless they deny based on 3 failures to activate, I doubt they have such a policy in place.

(Yes, NAT would be about as useful, but sometimes I have machines on the bench that need to be tested as servers.)



[ Parent ]
Transposed numbers (4.57 / 7) (#27)
by Quest171 on Wed Feb 20, 2002 at 09:42:39 AM EST

To determine the number of possibilities of length 25 in base 36, the expression is 36^25, not 25^36. Which means that the result is actually:

36^25 = 808281277464764060643139600456536293376

And consequently, 1 billion keys occupy about 1.23e-28 % of the total key space. Which is still quite small, but not to the extent which 25^36 would lead one to believe.

[ Parent ]

not as big as you'd think (5.00 / 3) (#45)
by kataklyst on Wed Feb 20, 2002 at 05:36:51 PM EST

According to this thorough analysis of wpa, the number of possible keys is between 2 and 200 billion.

The key printed on your cd has 25 base-24 digits (12 of the 36 letters and numbers are dropped to avoid look-alikes). This is decoded into a 15 byte array. 31 bits encode the raw product key and the rest are a digital signature of the raw key. The signature is tested against a list of public keys on the cd. If it passes any of the tests, wpa generates an Installation ID to send to microsoft based on the raw key, your hardware, and which public key worked. Two decimal digits are used to identify the public key, so this could theoretically enlarge the keyspace by a factor of 100.

I haven't tried the key generator, but it sounds like it's pretty cpu intensive. I assume that means that they are brute forcing these digtal signatures somehow. Since the generated keys are reported to work, it seems likely that the wpa servers will accept any raw key hasn't already been activated.

[ Parent ]

It's possible that it's still secure (4.09 / 11) (#19)
by Delirium on Wed Feb 20, 2002 at 06:38:16 AM EST

A possible scenario that would result in the conclusion that WPA hasn't really been cracked (note: I don't claim that this is the actual situation, just a possible scenario):
  1. The number of "valid" keys (as determined by the local intaller's checks and the keygen) is extremely large, ensuring that you have a very small chance of generating a key which has been legitimately issued to a paying customer. Thus even if you generate a key that passes as valid, it will almost certainly not be one that has been legitimately issued.
  2. Microsoft keeps track of the keys it has legitimately issued. Thus your generated key will be flagged as one generated by a keygen.
If the second condition is true, the only way to get either a false positive (Microsoft says your generated key is okay) or false negative (Microsoft says your legitimate key is already in use) is to generate a key that has been legitimately issued. But if the first condition is true, this is nearly impossible to do.

Additional Note (4.50 / 4) (#28)
by dasunt on Wed Feb 20, 2002 at 10:06:44 AM EST

In the Microsoft Action Packs (a big binder of software they give to computer resalers & other places for a relatively small yearly fee), I believe there is one key given for several licenses of XP Pro. So they must keep track of how many times its been activated. Also, they do deny if the key has been activated before - I ran into this problem with a reinstall of Office XP on a machine with a slightly different hardware configuration. The solution is to call Microsoft, read off a string of numbers somewhere, and then input another string of numbers to reactivate it.

Just some additional info



[ Parent ]
Who needs an XP keygen? (3.92 / 13) (#23)
by Funky Fresh on Wed Feb 20, 2002 at 08:56:28 AM EST

Anyone who bothers to pirate XP downloads a corporate select copy that doesn't require activation. It's even simpler than using a real, store-bought copy of Professional.

It could be stopped (none / 0) (#68)
by DaSyonic on Thu Feb 21, 2002 at 12:37:20 AM EST

Your point is correct, except this still requires a CD key, and in this case, a volume license key. Before this key generator there were only 2 or 3 being spread around. Microsoft could effectively block the key in an upcoming service pack.

With a key generator, this is now impossible.

Linux: Because a PC is a terrible thing to waste.
James Brents
[ Parent ]
Activate keys (4.12 / 8) (#25)
by sludge on Wed Feb 20, 2002 at 09:20:27 AM EST

Why isn't Microsoft activating the keys? Id software's cd keys won't be accepted by the key server unless they're activated because they've been printed on a cd somewhere in the world.

It seems Microsoft can't do this because the key contents contains information about your computer: data they can't predict. Well, their dual purpose key isn't proving to be quite as solid, is it?

As for people who say that any product is crackable, I would like to know how to crack the Quake 3 key checks so you can play on normal servers with your client. The game has been out since late 1999, and there has been no public crack to date. It is possible to have limited functionality without paying if you run the server, however.
SLUDGE
Hiring in the Vancouver, British Columbia area

LAN games (4.66 / 6) (#31)
by fluffy grue on Wed Feb 20, 2002 at 10:59:36 AM EST

Q3A also allows you to play on a LAN without a key. They're very lanparty-friendly, which is IMO a great move for them to make.
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

id and CD keys (5.00 / 1) (#49)
by msphil on Wed Feb 20, 2002 at 07:14:40 PM EST

Correct, with a slight addendum. You do not need a CD key to play on a LAN at all (I keep a copy of Q3A and Q3TA around at work, specifically so we can play CTF within the company during lunch). This has been asked of id in the past, and they were OK with it (although at the time I asked, I was asking on behalf of someone else).

This is fine for informal LAN parties, etc. If, however, you start running a business hosting LAN parties (i.e. your business is the LAN party), you do need licenses for the individual copies. Actually, you might need a business license from id, and you should definitely contact them before starting :-)

[ Parent ]

Uh, yeah (none / 0) (#52)
by fluffy grue on Wed Feb 20, 2002 at 07:53:01 PM EST

Isn't that what I said?
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

It depends on what the meaning of LAN party is... (none / 0) (#78)
by msphil on Thu Feb 21, 2002 at 03:19:05 PM EST

In some areas, LAN parties are also businesses. I just wanted to clarify that id has traditionally been OK with informal LAN parties (the policy carrying through to Quake 3 to my personal, certain knowledge), but not with businesses founded around LAN parties who have not yet negotiated a business id license.

I felt (and still feel) that is a minor but important distinction to make. Where I work, the business of LAN parties is what my co-workers refer to as "LAN parties", as opposed to our informal gathering and playing CTF at lunch or in the evening.

[ Parent ]

Don't forget respect (5.00 / 6) (#39)
by decaf_dude on Wed Feb 20, 2002 at 02:24:26 PM EST

id software is an example of how to conduct business in an ethical manner. They constantly produce new quality games, release the old ones to the community (open source), they don't assume that all of their users are thieves, accepting that some will copy their games regardless of what copy-protection features they put in.

I have done a fair share of proprietary software "sharing" (it's as inappropriate a term as "piracy", but in the opposite direction), but I wouldn't be caught dead using an illegal copy of anything from id. I just have way too much respect for them. Did I mention I also bought all my Linux distros and my OpenBSD CDs to date? You know, the whole "I'll treat you the way you treat me" thingy...

When personal ethics and law of the land collide, I'm not afraid to choose ethics as guidance in my behavior.

--
http://slashdot.org/comments.pl?sid=89158&cid=7713039


[ Parent ]
Tried it out on the spare machine (3.71 / 7) (#30)
by TheophileEscargot on Wed Feb 20, 2002 at 10:39:28 AM EST

I installed XP, unactivated, on the spare machine a little while ago, so I gave the generator a try.

On old hardware (300 MHz) it took a long time to run... over two hours and 90 cycles to get a single key. They say the odds are 1 in 40 of a cycle working, so that's a bit unlucky.

I didn't try very hard, but I couldn't see how to actually use the resulting key to activate XP. The activation screen wants a "confirmation" key in a different, longer format; and the found key didn't work in there. I expect there's some way to do it, but I didn't try too hard.
----
Support the nascent Mad Open Science movement... when we talk about "hundreds of eyeballs," we really mean it. Lagged2Death

This is what MS want (4.45 / 20) (#32)
by SIGFPE on Wed Feb 20, 2002 at 11:21:39 AM EST

In decreasing order of preference MS want...
  1. You to buy XP
  2. You to crack XP
  3. You to use another OS
(because it's better for people to be dependent on MS even if they're not paying because it helps set MS as the de facto standard.).

But they need to convince DOJ and anti-trust people that the order is

  1. You to buy XP
  2. You to use another OS
  3. You to crack XP
so it looks like they're not being monopolistic (and also maybe to claim tax losses through piracy).

So this keygen is exactly what MS want to exist.
SIGFPE

My brain just fell out. (2.28 / 7) (#36)
by nr0mx on Wed Feb 20, 2002 at 11:50:26 AM EST

I must have have a really open mind.

Your argument. Devious as the devil. Fits. Tailor-made to fit the M$ personality. Cool!

[ Parent ]

strong protection (4.00 / 2) (#72)
by chia on Thu Feb 21, 2002 at 05:11:42 AM EST

I've been thinking this for awhile too. Why is the Linux community happy when XP is cracked??

All that means is that more people will use it.

If XP was watertight and you had to buy a copy many people would switch to alternatives. Nothing that could not be cracked has ever become popular.

Sid Meier said the only reason Civ became popular was because it was cracked very early after release.

Is it a sham or not?..i dont know but the argument is strong.


Most people are other people. Their thoughts are someone else's opinions, their lives a mimicry, their passions a quotation. O Wilde
[ Parent ]
Product Deactivation (4.88 / 9) (#38)
by alpinist on Wed Feb 20, 2002 at 02:09:00 PM EST

There are some interesting angles to the whole key generator issue. First, is there a database at Microsoft that contains the keys that have been issued with the OS and sold to the public? If so, MS could deny the generated keys for not being in this database. If MS is not doing this, they could do it later down the road, and drop a trojan into Windows Update to verify issued keys and disable keys that don't belong.

If one uses a corporate version, it does not use WPA, but only requires a key, the same as Windows always has. Providing a valid, generated key that differs from the thousands of other people using the same key (The one I've seen on the net starts with FCK, amusingly enough) would help prevent MS from disabling the OS the way they did with the Office 2000 service pack. That service pack disabled all versions of Office with a key that started with a certain string, due to the fact that key was spread far and wide. This unfortunately managed to disable many valid installs of Office 2K.

But, disabling an OS is tricky, if not in the technical sense, then in the political sense. What if MS decides to disable the corporate version featuring the FCK* key set, and manages to shut down every desktop PC at Company X? Company X is going to sue MS for lost revenue and all other costs related to idling their entire workforce until they get things going again. If Company X has 2,000 PCs, this could take some time, as any `locking out' from the OS would probably mean a manual reinstall.

Disabling presents another problem, in that Joe User will just reinstall his duplicate/pirated Win XP and not run Windows Update again, thus creating more machines that never get updated and feature a host of popular vulnerabilities. Then, the stage is set again for another Code Red, et al, to find it's way onto the front pages. MS does not want their name associated with security holes any more than it already is, because the success of .NET, the strategy they've bet the company on, depends on it.

So in the end, WPA was designed to keep Joe User from sharing his copy of XP with his friends, or installing it on his laptop or the other computer in the family room. I believe they're right in saying that most unauthorized copying goes on this way. And I'm sure they knew WPA would be defeated by whoever was determined enough. As SIGFPE said in another comment, MS firstly wants people to buy it, if they don't buy it, crack it. The last thing MS wants is you to decide to stop using their products entirely. A Windows user is still an asset to Redmond, even if they didn't pay for that copy of XP.


They can't sue Microsoft for lost revenue. (4.60 / 5) (#46)
by nstenz on Wed Feb 20, 2002 at 05:57:11 PM EST

Company X is going to sue MS for lost revenue and all other costs related to idling their entire workforce until they get things going again.
Unless someone finally wants to test the 'click-through license' deal, they can't sue MS. The EULA deems them not responsible for any lost revenue or downtime.

[ Parent ]
EULA (4.50 / 4) (#47)
by alpinist on Wed Feb 20, 2002 at 06:52:41 PM EST

That's a good point. But, the disabling would be an intentional act by MS, not the customer. I think someone could poke holes in the EULA with that, but IANA Lawyer...

At the least, it would be yet another MS security/reliability bungle that the press would swoop on pretty fast. I've noticed lately that people are paying a lot more attention to security holes in MS products, including the US Government.

[ Parent ]
EULA stuff (5.00 / 1) (#54)
by nstenz on Wed Feb 20, 2002 at 08:15:28 PM EST

I think they could get in deep $#@! over it if someone could prove one thing- the intentional disabling of the keys was malicious.

However, I think malicious could be a rather broad term in this case, as it could be shown that Microsoft knew what effect their actions would have. Microsoft knows disabling valid keys will make the product unusable for a genuine consumer, and they are effectively taking money without providing a usable product or service. However, Microsoft would merely need to quickly remedy the situation by providing a new valid key to show good faith and throw that argument right out the window.

That's a lot of "however"'s.

[ Parent ]

KeyGens aren't the issue (IMHO) (4.76 / 13) (#40)
by arcterex on Wed Feb 20, 2002 at 02:27:05 PM EST

Some friends and I had a conversation about this some time ago, and some good points were raised. Basically there are the following people who are going to get Windows XP:
  1. pirates, or "try before you buy"ers, who will download it from sites, the usenet, etc
  2. corporate users, who will get the corporate version that does not require activation and allows copying
  3. "normal" users who get it when they purchase their pc. Think of them as mom and dad.
The second class, the corporate users, are going to get one copy, with a fat licensing fee, and pass it around the office. Chances are that copy is going to make it into a few homes of employees as well. Because it's the corp. version, no key activation is done, and as long as you have the CD key, no product activation is done.

So they don't have to worry about it, or get pissed off by it, or get bitten in the ass by it.

The first class are going to get a copy from a pirate site or the UseNet (that's where I got mine) and based on personal experience, it's going to be the corporate version. This version, you guessed it, requires no product activation.

So who does that leave to get screwed over by WPA? The last class, mom and pop, who decide to upgrade their system one day and find they have to call into MS to tell them this. Or who get the MS-SS breaking down their door because they lend the CD to their friend, aunt edna.

Well, maybe not, but you get the picture. The only people that this is going to "catch" are the 'normal' home users, and the people that are going to be completely missed are the ones that are causing this in the first place, the pirates and corporations who are avoiding licensing fees.

Exactly. And... (4.50 / 2) (#73)
by lightsweep on Thu Feb 21, 2002 at 09:06:48 AM EST

...I know "someone" who would normally have purchased a retial copy of XP and installed it on his three computers (he's a consultant with two laptops and a server for different job circumstances). Paying $199 for the Pro upgrade and installing it three times he would find reasonable.

Paying 3 x $199 is too much. So what did he do? For the first time in years, he downloaded a pirate corporate copy.

That's not to say he's on moral high-ground, but from a practical standpoint, MS "priced themsleves out of his honesty", if you will, thanks to WPA.

[ Parent ]

Interesting, yet not. (3.42 / 7) (#50)
by regeya on Wed Feb 20, 2002 at 07:33:13 PM EST

It''s just one of several hundred examples of how copy protection, like gun control, harasses only honest customers, and does nothing to curb illegal use.

[ yokelpunk | kuro5hin diary ]

True, yet not. (4.50 / 2) (#69)
by esjewett on Thu Feb 21, 2002 at 12:45:37 AM EST

Because the analogy is hopelessy flawed. To begin with, you can think about the differences in distribution techniques between guns and software. Until we can distribute cheap, working copies of guns over the internet, you've got a problem. So if you want to argue gun control, maybe you should argue gun control.

[ Parent ]
Good argument, yet not. (none / 0) (#77)
by regeya on Thu Feb 21, 2002 at 01:40:26 PM EST

When you realize that 1.) cheap, illegal copies of "popular" firearms are available and 2.) there's no such thing as free Internet access, it works.

I don't want to argue gun control. I want to argue against wrong-headed, stupid measures that are meant to stop the "bad guys" and end up harrassing only legal users.

Get it this time?


[ yokelpunk | kuro5hin diary ]
[ Parent ]

Actualy (none / 0) (#83)
by Amesha Spentas on Fri Feb 22, 2002 at 12:59:37 PM EST

When you realize that 1.) cheap, illegal copies of "popular" firearms are available and 2.) there's no such thing as free Internet access, it works.

Well the "Cheap" copies of guns are still usually several hundred dollars. Where a "Cheap" (Read pirated) copy of XP is free or nearly free. So cheap is relative. Also in most countries the possession of firearms is regulated, whereas only in some overly draconian countries is access to the Internet regulated.

Second there is such a thing as free Internet. See http://www.nyx.net/ for one very old example that's still around. (They were my first ISP back in 93.)

I don't want to argue gun control. I want to argue against wrong-headed, stupid measures that are meant to stop the "bad guys" and end up harrassing only legal users.

Damn, I want to argue bad segues into a horrible analogy.

Registered to die for the government at 18, and had to pay postage on the registration form - AnalogBoy
[ Parent ]

Actually? Actually ... (none / 0) (#86)
by Hobbes2100 on Sun Feb 24, 2002 at 12:30:11 PM EST

> Well the "Cheap" copies of guns are still usually several hundred dollars.

Have you (do you) live in a city? Have you gone to a pawn shop. Have you talked to someone on a corner? Have you heard of the term "Saturday Night Special"?

Put frankly, you can have a gun in your posession for less than $50 ($49.99 in an urban area near you.

>Second there is such a thing as free Internet.

Well, it might be free to you but someone is sucking up the cost. Also, you have some hardware overhead. But, fine, if you're looking for Windows XP you probably have most of the hardware.

Regards,
Mark
Sed quis custodiet ipsos custodes? --Iuvenalis
But who will guard the guardians themselves? -- Juvenal
[ Parent ]

Re:Gun control (none / 0) (#80)
by Sheepdot on Thu Feb 21, 2002 at 09:47:02 PM EST

Because the analogy is hopelessy flawed.

Indeed, much like the analogy that "Big Government" is akin to "Big Microsoft" or "Big Tobbacco", or, at least, amongst those of the same ideology as you regarding gun control.

To begin with, you can think about the differences in distribution techniques between guns and software. Until we can distribute cheap, working copies of guns over the internet, you've got a problem.

Software is sold in a regulated medium of stores. Guns are sold in a regulated medium of stores. Software is sold through a medium that is not yet regulated. Guns are sold through a medium that is not yet regulated.

Drugs are also sold through this medium. We are told we cannot regulate the medium because the demand is there. The demand for guns is there as well. Perhaps efforts at gun control would be better used to stop demand, rather than cutting the supply.

In this token, it is impossible to use the argument of "drug control" being an impossible task and yet "gun control" a possible task. Let's see how well you handle that one. :)

So if you want to argue gun control, maybe you should argue gun control.

Naw, let's stick with arguing the analogy, I think we've shown sufficient reason to believe that the analogy cannot be discounted so quickly.

[ Parent ]

What? (none / 0) (#82)
by Amesha Spentas on Fri Feb 22, 2002 at 12:40:20 PM EST

Guns are sold through a medium that is not yet regulated. Um isn't this the exact opposite of your previous line, Guns are sold in a regulated medium of stores. Also your analogy of drugs and guns is also flawed. Drugs are perpetuated though physical addiction. Guns are not.

Most people who own guns are law-abiding folks who, if ordered, would probably turn over their guns. For an example see England. Secondly there would be an immediate benefit to restricting guns. Lowering the mortality rate of children who are accidentally shot and killed and even adults that are killed by the accidental discharge of guns. This would be a thing of the past if only the police & criminals possessed guns. You know the good ole Cops & Robbers.

Naw, let's stick with arguing the analogy, I think we've shown sufficient reason to believe that the analogy cannot be discounted so quickly.

Ok but prepare to be singed because of it. You're right BTW it took one complete paragraph to discount the analogy. Not quick by my standards.

Registered to die for the government at 18, and had to pay postage on the registration form - AnalogBoy
[ Parent ]

Turning up the hearing aid ... (none / 0) (#87)
by Hobbes2100 on Sun Feb 24, 2002 at 12:42:08 PM EST

Software is sold in a regulated medium of stores. Guns are sold in a regulated medium of stores. Software is sold through a medium that is not yet regulated. Guns are sold through a medium that is not yet regulated.

Perhaps you should think in terms of formal logic here. Saying "P" is true does not mean that "not P" is false. However, it does mean that (not "P") is false.

Put simply, Sheepdot was was says that both software and guns are sold through both regulated and non-regulated means [the sale of software through non-regulated means is at a very cheap price $0.00).

Who is to say that the desire to own guns isn't motivated by physical chemistry resulting from a feeling of power and control? I think power can be a very powerful drug. Don't you?

How many accidental deaths [of children] due to firearms were there last year? How many other accidental deaths [of children] were there? You might think that one is enough to justify disarming a populace. I don't. Do I know where the line is? No. But, I don't think we've crossed it (at least, not with respect to this issue independently of all other arguments).

Regards,
Mark
Sed quis custodiet ipsos custodes? --Iuvenalis
But who will guard the guardians themselves? -- Juvenal
[ Parent ]

C (none / 0) (#88)
by Sheepdot on Mon Feb 25, 2002 at 12:03:06 AM EST

<I>Guns are sold through a medium that is not yet regulated. Um isn't this the exact opposite of your previous line, Guns are sold in a regulated medium of stores. </I>

<P>My point, which despite attempting to make *very* clear, is that guns and software are sold through both legal, and illegal means. Do you own illegal software? Do you even question the legality of it or care about it? Neither do the gun owners that illegally own their guns. Guns, like software, are sold through two mediums, a legit market, and a black one.

<I><P>Also your analogy of drugs and guns is also flawed. Drugs are perpetuated though physical addiction. Guns are not. </I>

<P>Prove the physical addiction of marijuana. As far as I know, it is much a matter of debate. Some people would rather die than give up their drugs. You cannot convince me that there are not those that would do the same for their guns. I am one of those. I intend to kill the man that comes to take my gun. This is not an irrational statement, because by the time this event occurs, I can assure you the world is already not one in which I wish to live.

<I><P>Most people who own guns are law-abiding folks who, if ordered, would probably turn over their guns. For an example see England. </I>

<P>Yes, England is a perfect example.

<P><Blockquote>"The same thing happened in England. The government cracked down on guns following a 1996 massacre of schoolchildren in Scotland. A terrifying crime wave ensued. The U.S. Department of Justice announced, in 1998, that the rate of muggings in England had surpassed that in the U.S. by 40 percent. Assault and burglary rates were found to be almost 100 percent higher in England than in the United States."
</Blockquote><a href="http://www.patriot.org/articles11.htm">Source</A>

<P><I>Secondly there would be an immediate benefit to restricting guns. Lowering the mortality rate of children who are accidentally shot and killed and even adults that are killed by the accidental discharge of guns. This would be a thing of the past if only the police & criminals possessed guns. You know the good ole Cops & Robbers. </I>

<P>Immediate benefit? How do you suppose crime rates change for the better when criminals know you have nothing to protect yourself with? How much say do you think you have under a government that denies you a right to self-preservation?

<P>You're belief in the infailability of the police state astonishes me.

<I><P>Ok but prepare to be singed because of it. You're right BTW it took one complete paragraph to discount the analogy. Not quick by my standards. </I>

<P>Trust me, *I'm* not the one who's being set aback by this. The analogy rings louder than before. A pity you won't be responding.




[ Parent ]
Let's see.... (none / 0) (#90)
by Amesha Spentas on Mon Feb 25, 2002 at 03:57:30 PM EST

Ok, lets address some of your arguments. Oh, and BTW you might want to make sure that HTML Formatted is set before posting. I personally use the Preview button to make sure it all went through ok.

my point, which despite attempting to make *very* clear, is that guns and software are sold through both legal, and illegal means. Do you own illegal software?

Yes, and my point is that there exists a huge difference between buying illegal guns and purchasing pirated software. For one small thing people who purchase illegal guns are normally planning to use them to commit other illegal acts. Robbing banks, Carjacking, Mugging, Murder, Etc ... Otherwise they would buy legal weapons. Whereas, people who purchase and use pirated software do not usually use that software to commit further crimes. And no, I have never purchased illegal software. I Use illegal software, but it was always given to me or offered for free. Such is the ability and mindset of most of the people who pirate software. Contrast that with the people who sell illegal firearms. They are most definitely in that business to make a profit. This is why purchasing or selling weapons has usually been in a separate category of crime then the purchasing / selling / giving away, of software. Also there is no waiting list to buy software and if someone were to try to implement one, most people would consider him or her insane. A waiting period has been established for firearms and most people believe it has helped.

The two types of illegal activities are worlds apart with regards to severity, accessibility, and potential further harm to the public. This is why I said the analogy was flawed. You are not comparing apples to oranges; you are comparing apples to assault rifles. This is why I believe the analogy is flawed.

Prove the physical addiction of marijuana. As far as I know, it is much a matter of debate. Some people would rather die than give up their drugs.

Yes the physical addiction of marijuana is a question of much debate. However most of the other illegal drugs, like Crack, Cocaine, Heroin, or Opium are well known for their addictive abilities. No one that I know of disputes those drugs. But even drugs position of illegality is in question. The argument however was wither it was a good analogy to illegal software.

"The same thing happened in England. The government cracked down on guns following a 1996 massacre of schoolchildren in Scotland. A terrifying crime wave ensued. The U.S. Department of Justice announced, in 1998, that the rate of muggings in England had surpassed that in the U.S. by 40 percent. Assault and burglary rates were found to be almost 100 percent higher in England than in the United States."

I would be curious to see if the crime rate has maintained this elevated level or if perhaps it even dropped to a lower level then before. Also I wonder if the number of shootings and death also rose with this increased crime rate.

Immediate benefit? How do you suppose crime rates change for the better when criminals know you have nothing to protect yourself with?

I guess the question is wither or not you equate the ability to keep your possessions to personal safety. You have enumerated points where people are more able to keep from being mugged or burglarized. Even assaults could fall into this category if the difference is being beaten to being killed. The counter question to you would be, if you have a gun and you are reasonably sure the person you are robbing does not have one are you more likely to kill that person? Please don't argue the point that guns help prevent those crimes in the first place; because most violent crimes (I.E. Involving the criminal using guns) are committed out of desperation. Those same people are still desperate with and without guns.

How much say do you think you have under a government that denies you a right to self-preservation?

Do I believe that a government that would deny me the use of firearms is identical to a government that would deny me a right to self-preservation? No. Do I believe that a government that would deny me the right to self-preservation could still allow me to possess firearms? Yes. Do I live in a country where I cannot live without carrying around a gun? No. I have never owned a gun. (Some might say that that is a problem right there, but I would also say that I have never used crack cocaine and I still think I can hold a discussion on its merits/disadvantages.) And I have never been mugged/burglarized/assaulted.

You're belief in the infailability of the police state astonishes me.

Yes, and your belief in the infallibility of the crime state astonishes me.

I believe that means are what achieve the ends. I believe that if you must possess a weapon of lethal force over a weapon that can incapacitate.

(Once again please don't argue that mace is not that effective, etc... I know, I also know that other more effective means are and can be developed and that most of that development has been spearheaded from the military. The same group that is supposed to be the most lethal of means a government can employ.)

Then a problem exists with the means with which we employ to achieve a crime free country.

Yes, police states have notoriously low crime rates. So yes, guns and police states can lower crime. The question is do we want to use them, do we have to use them. Is our crime so bad that that guns are the only solution. It seems that you can imagine using only 2 means to prevent crime, Guns and Police States; fortunately my imagination is not so limited.

Trust me, *I'm* not the one who's being set aback by this. The analogy rings louder than before. A pity you won't be responding.

Well you are right, my comments have generated more commentary then your original post. Fortunately for me that I enjoy stirring up debate and discussion without having to resort to actually trolling. This way we can argue about important things without having to resort to name-calling. This I like. I'm not sure I understand what you mean about me not responding. I do usually try to answer any questions put my way.

Registered to die for the government at 18, and had to pay postage on the registration form - AnalogBoy
[ Parent ]

when will we see WPACRACK@home? (4.00 / 2) (#51)
by alfredo on Wed Feb 20, 2002 at 07:40:22 PM EST

This could be one way for a group to put wrench in the works if they cracked a few million keys and activated them. They would need to find a way to mimic an unactivated PC, or find a way to unactivate their machine quickly.



Simple (none / 0) (#93)
by sgp on Mon Feb 25, 2002 at 08:23:29 PM EST

Just instead of posting them all on UseNet, serve them up via a CGI script, one at a time

There are 10 types of people in the world:
Those who understand binary, and those who don't.

[ Parent ]

Miss Cleo told me about it! (4.00 / 4) (#70)
by DaSyonic on Thu Feb 21, 2002 at 12:51:08 AM EST

As the predictor of the potential doom that has now come true, I guess my only reply can be: I told you so :)

I feel that Microsoft's only option now is to pretend all is good and that nothing is wrong. Just leave activation the way it is, but have every activation request over the Internet/Phone approved. This would still make them meet their goal of causing people to be aware of the EULA. It would also potentially scare casual copyright infringers. But it would also not cause harm to anyone who has purchased their copy of Windows XP legally, and had their key used taken by the generator.

Then perhaps in Microsoft's next innovation, they just stick with the same thing: activation being nothing more than a big hoax. Or do away with it all together.

Linux: Because a PC is a terrible thing to waste.
James Brents
DIE WINDOWS! (3.50 / 2) (#81)
by alt on Fri Feb 22, 2002 at 12:17:41 PM EST

Goddamn it!!!! All the Windows zombies out there need to STOP PIRATING WINDOWS!!!!!!!

It is in MS' interest to keep the illegal code flowing! If the only WindowsOSs being run were legal ones, MS would only have 70% of the market!!!! THe other 30% would be divvied up between Mac, OSS and Sun!

We need consumer choice! NOT Vendor Lock-In!!!

STOP PIRATING WINDOWS! LET IT DIE THE HORRIBLE DEATH IT DESERVES!!!!!





Ironic story title (none / 0) (#84)
by ptemple on Fri Feb 22, 2002 at 06:14:25 PM EST

Windows XP Key Generator Surprises No One (News)

Does no-one else find the word in brackets ironic in light of the sentence that precedes it? My personal advice to those that ask me about buying WinXP is (a) to avoid it and buy Win2k instead, but if they insist then (b) buy WinXP but download and install a cracked Pro version so it doesn't screw up when they upgrade their hardware. I'm not sure about the exact legality of running a cracked version if you hold a license to the original, but I doubt a court would impose any fine even if M$ should persue it.

Phillip.

Master of irony (none / 0) (#85)
by rusty on Sun Feb 24, 2002 at 02:29:31 AM EST

Let no one accuse me of not having adequate supplies of irony in my diet.

____
Not the real rusty
[ Parent ]
This isn't the end of the game (3.66 / 3) (#89)
by CmdrTroll on Mon Feb 25, 2002 at 12:43:01 AM EST

As somebody who has cracked countless shareware programs, I can tell you that if Microsoft is smart, they have already beaten the hackers who released the key generator.

Typically, a shareware vendor who wishes to issue a "lifetime upgrade" key for a piece of software, which allows unlimited free upgrades for future versions, will sell unlock codes / "serialz" that pass several integrity checks: f(s), g(s), h(s), ... z(s). He then includes a key checker in each version of his software, according to the following schedule:

  • v1.0: check f(s), pass if okay
  • v1.1: check f(s) and g(s), pass if both are okay
  • v1.2: pass if f(s), g(s), h(s) are all okay
You get the idea. Well, what if v1.2 and successors are service packs? What if they are IE security updates? Since a randomly generated key that satisfies f(s) is unlikely to satisfy g(s) ... z(s) if the functions are chosen wisely, but all legitimately issued keys satisfy f(s) ... z(s), Microsoft can easily send down a "pirate kill" in their next service pack. And they don't need to send a blacklist to do it (except to check for leaked site license keys). And they don't need two-way communication with your PC.

And if that happens, what will you pirates say about it then, after your OS has uninstalled itself? At least don't say you weren't warned.

Stealing software doesn't pay.

-CT

The real question... How long will XP last? (none / 0) (#92)
by sgp on Mon Feb 25, 2002 at 08:13:36 PM EST

The real question is how long will Windows XP last? Many people are currently unhappy that Win9x is no longer officially supported, but at least they can keep running it, upgrading hardware on it, and installing it on PCs.

In 3-5 years time, whenever MS decide that XP is too old to bother with, they simply stop serving activation keys. There is now no legal way to reinstall or upgrade (hw) your Windows XP PC.

Now that's what gets me ...

There are 10 types of people in the world:
Those who understand binary, and those who don't.

Windows XP Key Generator Surprises No One | 94 comments (86 topical, 8 editorial, 1 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!