Driver Signing for Kernel-Mode Software for x64-based Systems

Strangely, Verisign’s own online documentation seems to indicate that
it’s possible for an individual to get a class 3 certificate (various
proofs involving notaries required).

http://www.verisign.com/repository/CPS/CPSCH5.HTM

Verisign would, of course, be the first business to have conflicting
policy statements :-).

Don Burn wrote:

Every time over the last 4 years I have checked, VeriSign has said LLC, not
even a sole proprietor. Bottom line, is as a contractor, I will never ship
a driver of mine on 64-bit Vista.

It is funny that with the rules in Massachusetts, if two guys started a
company in a dorm room (for instance Harvard, call the guys Bill and Paul),
without going though a lot of hassle, they would not be able to ship
software involving kernel code for Vista 64-bit

–
Ray

If I were you, I would say:

Name: Don Burn
Company: Don Burn

Also, I don’t know about your state, but in Colorado it costs something like
$5 to register a trade name (AKA DBA). You’d still be a sole proprietor,
but could open bank accounts, have a phone line, a credit card, and,
presumably a Verisign certificate under the name of “Don’s House of
Drivers”.

• Dan.

----- Original Message -----
From: “Don Burn”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, February 01, 2006 8:57 AM
Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
Systems

> One thing to report is that this weekend, I worked my way through most of
> the forms to get a Verisign ID. I became disturbed at the number of
> places I needed to fill in data about a company when I don’t have one so I
> did not complete the process. Instead, I quiered Verisign about how an
> individual can get a driver signing ID and what to put in for a company
> when you do not have one (blank does not work). They indicate that they
> answer most questions in less than 8 hours, so far I have heard nothing.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> wrote in message news:xxxxx@ntdev…
>> By the way, we’re planning a major article on x64 driver signing in the
>> upcoming issue of The NT Insider. We’ve had good discussions with the
>> folks at Microsoft who are implementing this (and are planning more).
>> While we can’t PROMISE any break-throughs we SHOULD at least be able to
>> provide some answers that have a lower BS-factor than those provided in
>> the FAQ.
>>
>> The Jan/Feb issue of The NT Insider is planned to go to press next week,
>>
>> P
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@privtek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Dan,

Been there tried that it will not work. Going Sole Proprietor let
alone LLC is to me about as appealing a root canal without anesthetic.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting

“Dan Kyler” wrote in message news:xxxxx@ntdev…
> If I were you, I would say:
>
> Name: Don Burn
> Company: Don Burn
>
> Also, I don’t know about your state, but in Colorado it costs something
> like $5 to register a trade name (AKA DBA). You’d still be a sole
> proprietor, but could open bank accounts, have a phone line, a credit
> card, and, presumably a Verisign certificate under the name of “Don’s
> House of Drivers”.
>
> - Dan.
>
> ----- Original Message -----
> From: “Don Burn”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, February 01, 2006 8:57 AM
> Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
> Systems
>
>
>> One thing to report is that this weekend, I worked my way through most of
>> the forms to get a Verisign ID. I became disturbed at the number of
>> places I needed to fill in data about a company when I don’t have one so
>> I did not complete the process. Instead, I quiered Verisign about how an
>> individual can get a driver signing ID and what to put in for a company
>> when you do not have one (blank does not work). They indicate that they
>> answer most questions in less than 8 hours, so far I have heard nothing.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> wrote in message news:xxxxx@ntdev…
>>> By the way, we’re planning a major article on x64 driver signing in the
>>> upcoming issue of The NT Insider. We’ve had good discussions with the
>>> folks at Microsoft who are implementing this (and are planning more).
>>> While we can’t PROMISE any break-throughs we SHOULD at least be able to
>>> provide some answers that have a lower BS-factor than those provided in
>>> the FAQ.
>>>
>>> The Jan/Feb issue of The NT Insider is planned to go to press next week,
>>>
>>> P
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@privtek.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>

Yes, they keep contacting me for a certificate for my website (funny I
haven’t finished it). I ask can I get one for code signing? They say sure
become an LLC!!!

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Ray Trent” wrote in message
news:xxxxx@ntdev…
> Strangely, Verisign’s own online documentation seems to indicate that it’s
> possible for an individual to get a class 3 certificate (various proofs
> involving notaries required).
>
> http://www.verisign.com/repository/CPS/CPSCH5.HTM
>
> Verisign would, of course, be the first business to have conflicting
> policy statements :-).
>
> Don Burn wrote:
>> Every time over the last 4 years I have checked, VeriSign has said LLC,
>> not even a sole proprietor. Bottom line, is as a contractor, I will
>> never ship a driver of mine on 64-bit Vista.
>>
>> It is funny that with the rules in Massachusetts, if two guys started a
>> company in a dorm room (for instance Harvard, call the guys Bill and
>> Paul), without going though a lot of hassle, they would not be able to
>> ship software involving kernel code for Vista 64-bit
>>
>>
>
> –
> Ray
>

Peter Scott wrote:

When I went through the application process, I had to get a notarized letter
indicating that I am Kernel Drivers not because the company name is not
registered with the state, because it is. The reason is because the phone
number I gave as the contact number was not associated to the company name.

In the end, it was trivial to get the Digital ID. I would recommend that if
you are consulting and you are NOT registered as at least an LLC, to do so.
It costs about 20 bucks and about 30 minutes of your time.

In YOUR state, maybe. Incorporation rules vary wildly from state to
state. In Oregon, it’s $50 per year, plus an initial filing fee.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

> And what about companies and individuals outside the US ?

As far as I’m aware Verisign do operate over here :-). Note the response
from verisign

person enrolls themselves as an LLC or
something similar to that.

I’m guessing that an Ltd, PLC or LLP in the UK would work and I’d guess that
they have the same for SA or BVBA-SPRL or whatever…

I’m looking forward to reading the truth in NT insider…

/r

We’re english and have had no problems with the driver signing process
for Windows whatsoever. This was for hardware devices too so we had to
send those off. It seemed daunting at first, but we had no problems from
Verisign or Microsoft. Contrary to expectiations Microsoft were very
helpful when we were preparing our submission.

It wasn’t that difficult or complicated. I can see how it could slow
down the ability to get a ‘signed’ package with updated features or
*gasp* bug fixes into the field quickly, but we haven’t encountered that
ourselves yet.

BR,

Rob Linegar
Software Engineer
Data Encryption Systems Limited
www.des.co.uk | www.deslock.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Christiaan
Ghijselinck
Sent: 01 February 2006 23:54
To: Windows System Software Devs Interest List
Subject: Re: Re:[ntdev] Driver Signing for Kernel-Mode Software for
x64-based Systems

Final update, I got a response back from Verisign. It appears my
original
contention that one has to be incorporated is correct. The response
to the
question of how an indvidual would get a code signing certificate is
below:

And what about companies and individuals outside the US ? I think
Microsoft
will now loose the market in favor of Linux in the EU once more …

Christiaan

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

(#5947-000142-7180\1427180)

Thank you for your inquiry. The only way a Codesigning Digital ID can
be
issued to an individual is if the person enrolls themselves as an LLC
or
something similar to that. They would have to register the name to
their
local city hall so that we can authenticate the “organization” with
the
Secretary of State database. If you do not register as an LLC or
other,
then we would not be able to issue you a Codesigning Digital ID.

If you have any questions or need further assistance, please reply
back to
this e-mail.

Thank you,

Albert

VeriSign Customer Support

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as:
xxxxx@compaqnet.be
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@des.co.uk
To unsubscribe send a blank email to xxxxx@lists.osr.com

“Don’s House of Drivers” - LMAO…

Don, remember the “full faith and credit” clause in the constitution?
Incorporate in a different state. Everyone knows MA has crappy tax laws,
just go around it…

When you refer to the tax bracket you land in, I assume that refers to
the MA income tax? Idea: find a town here in TX with fewer than 10,000
residents and file your article of incorporation there; then, you don’t
need a business address - a PO Box is sufficient. Then use a mail
forwarding service to send you cooperate mail to MA… There is a one
time filing fee of $400 here in TX.

Once doing that, there will not be any double taxation, simple create a
corp or a sub chapter S and declare yourself as the only officer and the
lone share holder. Send your money threw the corp(here in TX), and then
pay yourself in dividends (after all, your the only share holder). Once
you declare a corp of some sort, the amount of crap you can deduct
almost doubles therefor placing you in a lower tax bracket then what
your in currently.

Part of the Tax reform passed 3 years ago relieves the tax placed of
dividends. If you declare YOURSELF a sub chapter S here in Texas, you
most likely would
legally be able to by-pass state income tax in MA because the money was
legally earned here in TX (where there is no state income tax) and NOT
in MA.

However, if you declare yourself a sub S corp, you do have to hold
yearly share holder meetings and document them(which you’ll be the only
share holder); it will seem kinda strange sitting at the table talking
to yourself while taking notes on your conversation, but hell, it’s
worth it.

And as a side item, you’ll qualify for the cert required to sign 64 bit
drivers.

Matt

Dan Kyler wrote:

If I were you, I would say:

Name: Don Burn
Company: Don Burn

Also, I don’t know about your state, but in Colorado it costs
something like $5 to register a trade name (AKA DBA). You’d still be
a sole proprietor, but could open bank accounts, have a phone line, a
credit card, and, presumably a Verisign certificate under the name of
“Don’s House of Drivers”.

• Dan.

----- Original Message ----- From: “Don Burn”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, February 01, 2006 8:57 AM
> Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for
> x64-based Systems
>
>
>> One thing to report is that this weekend, I worked my way through
>> most of the forms to get a Verisign ID. I became disturbed at the
>> number of places I needed to fill in data about a company when I
>> don’t have one so I did not complete the process. Instead, I quiered
>> Verisign about how an individual can get a driver signing ID and what
>> to put in for a company when you do not have one (blank does not
>> work). They indicate that they answer most questions in less than 8
>> hours, so far I have heard nothing.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Remove StopSpam from the email to reply
>>
>>
>>
>> wrote in message news:xxxxx@ntdev…
>>
>>> By the way, we’re planning a major article on x64 driver signing in
>>> the upcoming issue of The NT Insider. We’ve had good discussions
>>> with the folks at Microsoft who are implementing this (and are
>>> planning more). While we can’t PROMISE any break-throughs we SHOULD
>>> at least be able to provide some answers that have a lower BS-factor
>>> than those provided in the FAQ.
>>>
>>> The Jan/Feb issue of The NT Insider is planned to go to press next
>>> week,
>>>
>>> P
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@privtek.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Sounds like it’s time to move out of Mass. I did it 16 years ago, with no
regrets. Well, exactly one regret: affordable, fresh, live Maine lobster.

I’m not sure I understand your distinction between “going Sole Proprietor”,
and doing what you’re doing now. You’re (presumably) accepting payment for
services, without having an employment arrangement or a recognized
organization of your own (LLC, Partnership, S-Corp, C-Corp, etc.). If
that’s not a Sole Proprietorship on a schedule C, what is? Or, are you
saying that just the act of getting a simple trade name puts you in the same
boat with the PRM tax collector?

I suppose you could be taking short term W2 jobs as an actual employee, in
which case I can see no reason why your employer would not have their own
certificate to sign their own code. Of course that sort of arrangement
would be worse than the aforementioned root canal, to me. My teeth & gums
still hurt from the last few years.

Within the next couple of weeks, I am going to need to get my own (well
actually PrivTek, LLC’s) Verisign certificate. I’ll let the list know how
it goes.

• Dan.

----- Original Message -----
From: “Don Burn”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Wednesday, February 01, 2006 5:18 PM
Subject: Re:[ntdev] Re:Driver Signing for Kernel-Mode Software for x64-based
Systems

> Dan,
>
> Been there tried that it will not work. Going Sole Proprietor let
> alone LLC is to me about as appealing a root canal without anesthetic.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>
>
>
>
> “Dan Kyler” wrote in message news:xxxxx@ntdev…
>> If I were you, I would say:
>>
>> Name: Don Burn
>> Company: Don Burn
>>
>> Also, I don’t know about your state, but in Colorado it costs something
>> like $5 to register a trade name (AKA DBA). You’d still be a sole
>> proprietor, but could open bank accounts, have a phone line, a credit
>> card, and, presumably a Verisign certificate under the name of “Don’s
>> House of Drivers”.
>>
>> - Dan.
>>
>> ----- Original Message -----
>> From: “Don Burn”
>> Newsgroups: ntdev
>> To: “Windows System Software Devs Interest List”
>> Sent: Wednesday, February 01, 2006 8:57 AM
>> Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
>> Systems
>>
>>
>>> One thing to report is that this weekend, I worked my way through most
>>> of the forms to get a Verisign ID. I became disturbed at the number of
>>> places I needed to fill in data about a company when I don’t have one so
>>> I did not complete the process. Instead, I quiered Verisign about how
>>> an individual can get a driver signing ID and what to put in for a
>>> company when you do not have one (blank does not work). They indicate
>>> that they answer most questions in less than 8 hours, so far I have
>>> heard nothing.
>>>
>>>
>>> –
>>> Don Burn (MVP, Windows DDK)
>>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>>> Remove StopSpam from the email to reply
>>>
>>>
>>>
>>> wrote in message news:xxxxx@ntdev…
>>>> By the way, we’re planning a major article on x64 driver signing in the
>>>> upcoming issue of The NT Insider. We’ve had good discussions with the
>>>> folks at Microsoft who are implementing this (and are planning more).
>>>> While we can’t PROMISE any break-throughs we SHOULD at least be able to
>>>> provide some answers that have a lower BS-factor than those provided in
>>>> the FAQ.
>>>>
>>>> The Jan/Feb issue of The NT Insider is planned to go to press next
>>>> week,
>>>>
>>>> P
>>>>
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@privtek.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@privtek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

This is my last post on the subject. Personally, at the moment I am looking
for Microsoft to clarify its rules. Over the years, when I have checked
with Verisign I’ve been told become a corporation if you want a signing ID.
Microsoft has expressed increduality that this is a problem, and then
asserted it was not a problem since Verisign will work with individuals with
no company. After 4 years of trying to fix this, I at this point just want
either:

A statement by Microsoft that yes, individuals cannot get on WinQual,
cannot sign drivers for Vista 64-bit, etc.

Or:

A clear procedure on how an individual does get signing authority.

There are enough other problems that Microsoft has to deal with in this
area, that wasting more time on this is not worth it. Hopefully, the folks
at Redmond will be addressing the issues of what types of drivers can be
boot start, and how consulting firms working with customers can better
access the WinQual database for drivers the consultants have written.

On a personal note, I thank all the folks who have made suggestions.
The bottom line is I have explicitly choosen not to become a business and
instead run my operations through two contracting firms. Since I bring in
my own clients, I have been able to negotiate a very low rate that the firms
tack on my bill for all those things like accounting, and dealing with large
companies financial departments when they are slow on paying. In fact I
have been able to calculate that for last few lean years this arrangement
was the difference between a profit and a loss.

While I appreciate all the suggestions, they all involve me doing
radical changes that I don’t want.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

If you live in MA it doesn’t matter where you earn your money, you still
have to pay state taxes on it.

And MA taxes dividends (out-of-state ones, too) higher than salaries,
too.

Beverly

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of MM
Sent: Thursday, February 02, 2006 7:13 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Driver Signing for Kernel-Mode Software for
x64-based Systems

“Don’s House of Drivers” - LMAO…

Don, remember the “full faith and credit” clause in the constitution?
Incorporate in a different state. Everyone knows MA has crappy tax laws,
just go around it…

When you refer to the tax bracket you land in, I assume that refers to
the MA income tax? Idea: find a town here in TX with fewer than 10,000
residents and file your article of incorporation there; then, you don’t
need a business address - a PO Box is sufficient. Then use a mail
forwarding service to send you cooperate mail to MA… There is a one
time filing fee of $400 here in TX.

Once doing that, there will not be any double taxation, simple create a
corp or a sub chapter S and declare yourself as the only officer and the
lone share holder. Send your money threw the corp(here in TX), and then
pay yourself in dividends (after all, your the only share holder). Once
you declare a corp of some sort, the amount of crap you can deduct
almost doubles therefor placing you in a lower tax bracket then what
your in currently.

Part of the Tax reform passed 3 years ago relieves the tax placed of
dividends. If you declare YOURSELF a sub chapter S here in Texas, you
most likely would legally be able to by-pass state income tax in MA
because the money was legally earned here in TX (where there is no state
income tax) and NOT in MA.

However, if you declare yourself a sub S corp, you do have to hold
yearly share holder meetings and document them(which you’ll be the only
share holder); it will seem kinda strange sitting at the table talking
to yourself while taking notes on your conversation, but hell, it’s
worth it.

And as a side item, you’ll qualify for the cert required to sign 64 bit
drivers.

Matt

Dan Kyler wrote:

If I were you, I would say:

Name: Don Burn
Company: Don Burn

Also, I don’t know about your state, but in Colorado it costs
something like $5 to register a trade name (AKA DBA). You’d still be
a sole proprietor, but could open bank accounts, have a phone line, a
credit card, and, presumably a Verisign certificate under the name of
“Don’s House of Drivers”.

• Dan.

----- Original Message ----- From: “Don Burn”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, February 01, 2006 8:57 AM
> Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for
> x64-based Systems
>
>
>> One thing to report is that this weekend, I worked my way through
>> most of the forms to get a Verisign ID. I became disturbed at the
>> number of places I needed to fill in data about a company when I
>> don’t have one so I did not complete the process. Instead, I quiered

>> Verisign about how an individual can get a driver signing ID and what

>> to put in for a company when you do not have one (blank does not
>> work). They indicate that they answer most questions in less than 8
>> hours, so far I have heard nothing.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting Remove StopSpam
>> from the email to reply
>>
>>
>>
>> wrote in message news:xxxxx@ntdev…
>>
>>> By the way, we’re planning a major article on x64 driver signing in
>>> the upcoming issue of The NT Insider. We’ve had good discussions
>>> with the folks at Microsoft who are implementing this (and are
>>> planning more). While we can’t PROMISE any break-throughs we SHOULD
>>> at least be able to provide some answers that have a lower BS-factor

>>> than those provided in the FAQ.
>>>
>>> The Jan/Feb issue of The NT Insider is planned to go to press next
>>> week,
>>>
>>> P
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@privtek.com To
>> unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@comcast.net To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: bbrown@mc.com To unsubscribe
send a blank email to xxxxx@lists.osr.com

While I’m intensly tired of listening to Don’s perpetual harangue about “Verisign won’t issue me an ID”, and I was about to send him a flame-o-gram telliing him so, it occurred to me that this actually DOES relate to the Driver Signing Program.

Don’s is the same problem first raised by Mr. Guid in one of his initial posts on this topic, sooo long ago. Namely, the x64 driver signing program kills any development of “open software” that would run in kernel-mode on Windows x64 systems.

I argued then to Mr. Guid that I didn’t want some high school student writing my file system code in any case, and that if the driver signing program kept unsuspecting folks from loading his driver on their systems, that was probably an ADVANTAGE not a disadvantage.

But, let’s consider the problem a bit more: As Windows-64 on the x64 gains momentum, we can expect that – in a few years time – many if not most systems will be x64-based. That means many folks will be running X64 systems at home, for work AND for play. And, heavens knows, there are TONS of hobby-type, onsey-twosey, strange, special purpose, nifty drivers out there written by (intelligent, professional) folks just for the pure pleasure of it and for the sake of helping others.

For example, there’s one driver that I’m familiar with that turns your parallel port into a quasi oscilloscope.

Now, I’m not saying the world can’t live without this “device”… but it IS a shame to stifle this kind of sharing and (cough, sort of, kinda) innovation.

If you want a more “legitimate” item, consider the work that’s being done by a vast community of folks on Software Defined Radio (one niche area in which I happy to be personally interested).

If Windows Vista on the X64 were the only Windows, or the most prevalent flavor of Windows, it’d sure be hard to support the open sharing of kernel-mode modules. Harry-the-ham-radio-guy isn’t gonna learn how to run KD so he can load the driver for his Software Defined Radio.

There’s GOT to be a way that “plain folk” can load an unsigned driver – Put warnings on their screen, force the background to red, or SOMEthing. But without that, there’s going to be a lot of folks that are pushed to move to Linux, I predict.

Peter
OSR

Peter,

That’s what several folks on this list meant when they referred to custom
factory hardware, for example.

Don’s just the most vocal, the rest seem to have already given up.

Welcome to the clue train. Nice to have you on board.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 02, 2006 1:35 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
Systems

[snip]

There’s GOT to be a way that “plain folk” can load an unsigned driver –
Put warnings on their screen, force the background to red, or SOMEthing.
But without that, there’s going to be a lot of folks that are pushed to
move to Linux, I predict.

Peter
OSR

Hmmm. Really?

That’s not what *I* mean when I referred to niche hardware vendors back in my original posts several days back. *I* was referring to all the folks in *small companies* (sometimes very small) that make hardware for small, limited, focused, markets. These aren’t community efforts, and once these folks know about the requirement for x64 signing, they’ll line-up to be porked by Verisign for their $500, and they’ll sign their drivers.

It’s annoying. It’s another step they’ll have to learn about and then take. And it’ll probably delay their having drivers available for Windows x64. But that WILL work itself out over time. At least, for them, it’s possible.

These guys aren’t to be confused with the community-based developers – whether you like the term open source or not is a matter of religion so I won’t use it – who effectively have no chance of being able to sign their stuff. This includes hobbyists and students.

For stuff produced by THESE guys, there’s gotta be a bypass.

Of course, figuring out how to craft that bypass – that’ll work at boot time, that can be widely distributed at close to zero code, that won’t cause Mom and Dad’s eyes to glaze over when they see it, and that can’t be exploited by hackers is going to be a neat trick.

Do you have that one solved, Phil??

Peter
OSR

It seems this thread will never die.

Why wouldn’t the niche vendors just punt and choose linux instead? For
this market it seems that would be a more attractive option. Either way
I doubt there is much concern from the bean counting side of Redmond
about losing either the hobbyist/community ‘market’(?) or the
specialized niche hardware market. The eye of sauron is focused on the
top of your tv.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 02, 2006 4:59 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver Signing for Kernel-Mode Software for
x64-based Systems

Hmmm. Really?

That’s not what *I* mean when I referred to niche hardware vendors back
in my original posts several days back. *I* was referring to all the
folks in *small companies* (sometimes very small) that make hardware for
small, limited, focused, markets.

OK, I deserved that.

IF I were in Don’s shoes, I might be a bit expressive about the logical
discontinuities between the various segments (can you say silos?) of
Microsoft that don’t *EVER* seem to communicate. I don’t think Don’s
business model is unreasonable, and I can see how this particular policy
makes it considerably more difficult to maintain. Since talking to
Microsoft privately and at every other turn doesn’t seem to have any
effect, I don’t begrudge his appeal to the court of developer opinion.

(Not that I think it would matter much if every dev on this list told
Microsoft that this particular certificate requirement for this particular
signing program is bogus, I think they are far more swayed by their OEM
customers that pay them millions per quarter, and I can’t fault them for
being their most responsive to their largest source of income.)

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Thursday, February 02, 2006 2:59 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
Systems

Hmmm. Really?

That’s not what *I* mean when I referred to niche hardware vendors back in
my original posts several days back. *I* was referring to all the folks
in *small companies* (sometimes very small) that make hardware for small,
limited, focused, markets. These aren’t community efforts, and once these
folks know about the requirement for x64 signing, they’ll line-up to be
porked by Verisign for their $500, and they’ll sign their drivers.

It’s annoying. It’s another step they’ll have to learn about and then
take. And it’ll probably delay their having drivers available for Windows
x64. But that WILL work itself out over time. At least, for them, it’s
possible.

These guys aren’t to be confused with the community-based developers –
whether you like the term open source or not is a matter of religion so I
won’t use it – who effectively have no chance of being able to sign their
stuff. This includes hobbyists and students.

For stuff produced by THESE guys, there’s gotta be a bypass.

Of course, figuring out how to craft that bypass – that’ll work at boot
time, that can be widely distributed at close to zero code, that won’t
cause Mom and Dad’s eyes to glaze over when they see it, and that can’t
be exploited by hackers is going to be a neat trick.

Do you have that one solved, Phil??

Peter
OSR

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Why wouldn’t the niche vendors just punt and choose linux instead?

[/quote]


For the very same reason they don’t do so now: (a) They have customers who use Windows, (b) it’s easier to find programmers who can code their GUI app on Windows

But I’ll grant you, this advantage is rapidly dwindling. Given that you can create a damn nice and familiar looking UI using HTML (or, if you’re really keen, AJAX), and that you can pick up an embedded web server for zero, that “look and feel” advantage that Windows has is disappearing.

Agreed. But this initiative isn’t been driven from the “bean counting side of Redmond.” And, I THINK, sooner or after it’s too late, the folks out there are gonna realize that if they stifle innovation on Windows – even community-based innovation – that’s not a good thing for the future of the platform.

Peter
OSR

On Feb 2, 2006, at 4:18 PM, Roddy, Mark wrote:

Why wouldn’t the niche vendors just punt and choose linux instead?

Follow the users. They all run Windows. My primary concern isn’t
oddball low-production hardware that can dictate OS (although it’s a
reasonable concern).

I doubt there is much concern from the bean counting side of Redmond
about losing either the hobbyist/community ‘market’(?)

I dunno, I would think it’s good business to make sure that you have
the hobbyist crowd well taken care of. To the extent that Microsoft
is losing sales to Linux right now, it’s because some guy had a hobby
ten years ago.

The eye of sauron is focused on the top of your tv.

hahaha

-sd

Steve Dispensa
MVP - Windows DDK
www.kernelmustard.com

Actually, my last four years of discussions have also been on how the
original driver writer in the case of contractors and consultants, can get
access to WinQual data. Of course step one was get an ID (no more to be
said by me).

I believe Microsoft is trying to work on this subject, and it is important.
For instance, I have had multiple firms approach me on rewriting code by at
least two well known driver consultants. The reason I was approached was
that there were significant problems in the code, and WinQual was showing
the drivers as buggy. Right now there is not a good way, even if the owning
firm wants to, to share the bug reports with a consultant or contractor
(except for them to manually copy the data and email to the consultant). So
these consultants I am referring to keep making the same mistakes over and
over again. Having a feedback mechanism in place is the most important
thing we can do for quality.

I will actually disagree with Peter’s belief on a way to override. While
this will work, I would much rather see a mechanism in place that allows the
community-based developers to get a signature without major cost and or
effort. This could be yet another level of signature with all of the
suggested flags and warnings, but it should allow access to bug reports on
WinQual. I believe this is the only way we will keep improving Windows for
these drivers.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

wrote in message news:xxxxx@ntdev…
> OK, I deserved that.
>
> IF I were in Don’s shoes, I might be a bit expressive about the logical
> discontinuities between the various segments (can you say silos?) of
> Microsoft that don’t EVER seem to communicate. I don’t think Don’s
> business model is unreasonable, and I can see how this particular policy
> makes it considerably more difficult to maintain. Since talking to
> Microsoft privately and at every other turn doesn’t seem to have any
> effect, I don’t begrudge his appeal to the court of developer opinion.
>
> (Not that I think it would matter much if every dev on this list told
> Microsoft that this particular certificate requirement for this particular
> signing program is bogus, I think they are far more swayed by their OEM
> customers that pay them millions per quarter, and I can’t fault them for
> being their most responsive to their largest source of income.)
>
> Phil
>
> Philip D. Barila
> Seagate Technology LLC
> (720) 684-1842
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
> Sent: Thursday, February 02, 2006 2:59 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
> Systems
>
>
> Hmmm. Really?
>
> That’s not what I mean when I referred to niche hardware vendors back in
> my original posts several days back. I was referring to all the folks
> in small companies (sometimes very small) that make hardware for small,
> limited, focused, markets. These aren’t community efforts, and once these
> folks know about the requirement for x64 signing, they’ll line-up to be
> porked by Verisign for their $500, and they’ll sign their drivers.
>
> It’s annoying. It’s another step they’ll have to learn about and then
> take. And it’ll probably delay their having drivers available for Windows
> x64. But that WILL work itself out over time. At least, for them, it’s
> possible.
>
> These guys aren’t to be confused with the community-based developers –
> whether you like the term open source or not is a matter of religion so I
> won’t use it – who effectively have no chance of being able to sign their
> stuff. This includes hobbyists and students.
>
> For stuff produced by THESE guys, there’s gotta be a bypass.
>
> Of course, figuring out how to craft that bypass – that’ll work at boot
> time, that can be widely distributed at close to zero code, that won’t
> cause Mom and Dad’s eyes to glaze over when they see it, and that can’t
> be exploited by hackers is going to be a neat trick.
>
> Do you have that one solved, Phil??
>
> Peter
> OSR
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@seagate.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Don,

Actually with all my clients, if they have a WinQual account I insist that
they create an account for me to log in with and view WinQual stats. This
does NOT require a Verisign ID from my perspective and it takes only a push
of a button or two on their part to ‘approve’ an account that I can log in
with. The account is limited, since I can only view and download the WinQual
data but it helps out in how things are handled.

If they don’t have a WinQual account, I associate their driver to MY WinQual
account, which you do have to have a Verisign ID.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, February 02, 2006 3:50 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
Systems

Actually, my last four years of discussions have also been on how the
original driver writer in the case of contractors and consultants, can get
access to WinQual data. Of course step one was get an ID (no more to be
said by me).

I believe Microsoft is trying to work on this subject, and it is important.
For instance, I have had multiple firms approach me on rewriting code by at
least two well known driver consultants. The reason I was approached was
that there were significant problems in the code, and WinQual was showing
the drivers as buggy. Right now there is not a good way, even if the owning

firm wants to, to share the bug reports with a consultant or contractor
(except for them to manually copy the data and email to the consultant). So

these consultants I am referring to keep making the same mistakes over and
over again. Having a feedback mechanism in place is the most important
thing we can do for quality.

I will actually disagree with Peter’s belief on a way to override. While
this will work, I would much rather see a mechanism in place that allows the

community-based developers to get a signature without major cost and or
effort. This could be yet another level of signature with all of the
suggested flags and warnings, but it should allow access to bug reports on
WinQual. I believe this is the only way we will keep improving Windows for

these drivers.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

wrote in message news:xxxxx@ntdev…
> OK, I deserved that.
>
> IF I were in Don’s shoes, I might be a bit expressive about the logical
> discontinuities between the various segments (can you say silos?) of
> Microsoft that don’t EVER seem to communicate. I don’t think Don’s
> business model is unreasonable, and I can see how this particular policy
> makes it considerably more difficult to maintain. Since talking to
> Microsoft privately and at every other turn doesn’t seem to have any
> effect, I don’t begrudge his appeal to the court of developer opinion.
>
> (Not that I think it would matter much if every dev on this list told
> Microsoft that this particular certificate requirement for this particular
> signing program is bogus, I think they are far more swayed by their OEM
> customers that pay them millions per quarter, and I can’t fault them for
> being their most responsive to their largest source of income.)
>
> Phil
>
> Philip D. Barila
> Seagate Technology LLC
> (720) 684-1842
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
> Sent: Thursday, February 02, 2006 2:59 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] Driver Signing for Kernel-Mode Software for x64-based
> Systems
>
>
> Hmmm. Really?
>
> That’s not what I mean when I referred to niche hardware vendors back in
> my original posts several days back. I was referring to all the folks
> in small companies (sometimes very small) that make hardware for small,
> limited, focused, markets. These aren’t community efforts, and once these
> folks know about the requirement for x64 signing, they’ll line-up to be
> porked by Verisign for their $500, and they’ll sign their drivers.
>
> It’s annoying. It’s another step they’ll have to learn about and then
> take. And it’ll probably delay their having drivers available for Windows
> x64. But that WILL work itself out over time. At least, for them, it’s
> possible.
>
> These guys aren’t to be confused with the community-based developers –
> whether you like the term open source or not is a matter of religion so I
> won’t use it – who effectively have no chance of being able to sign their
> stuff. This includes hobbyists and students.
>
> For stuff produced by THESE guys, there’s gotta be a bypass.
>
> Of course, figuring out how to craft that bypass – that’ll work at boot
> time, that can be widely distributed at close to zero code, that won’t
> cause Mom and Dad’s eyes to glaze over when they see it, and that can’t
> be exploited by hackers is going to be a neat trick.
>
> Do you have that one solved, Phil??
>
> Peter
> OSR
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@seagate.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com