So we've launched the Zune. Yea us.
I personally won't be buying one - I'm sorta . . . bummed (to be polite) that it won't play my extensive collection of MSN & Urge Plays4sure music and I'm too lazy to burn it all to CD and rip it back to WMA sans DRM. What a pain in the ass that would be . . . that would take me at least a whole weekend.
I think I read that it also won't play DVR-MS files from Media Center which has me scratching my head since one of the key features of the device is the ability to play *video*. Since I record the Daily Show and the Colbert Report every night on my Vista MCE box but never seem to have time to watch them - I'd love to be able to shove them on a Zune and play them on a road / plane trip / in traffic (oh he did NOT just say that). Not to mention our $25 employee 'discount' is hardly noteworthy and will soon likely be matched by various online retailers. Boy I feel special. Not!
But I digress . . . given the short dev time on this product (I've seen quotes that we went from paper to RTM in 9 months with this thing) I can't help but wonder if there will be a rich aftermarket for it . . . not of device accessories - but of hacks / mods / cracks / etc. 🙂
To wit - the PSP is one of the most hacked portable devices to have ever been created . . . I don't track it real closely but I believe the first round of cracks involved placing a malformed TIFF image on the device which would overrun a buffer allowing arbitrary code exec. After that Sony patched that with a new firmware to fix the BO but I think that too was subsequently subverted, this time by placing a malformed save game data file on the device. Heh - we've certainly 'been there - done that' with the original Xbox - we know all about modified save game data files. 🙂 This is why the new 360 signs all the files saved to the hard drive or removable media and verifies the signatures before using them again. The PSP is so pwnt its practically a standard platform developers are coding too now complete with inevitable VNC port - so you can remote admin your mission critical servers from the comfort and safety of your PSP while you use it to surf for . . . well. My neighbor has teenage boys, both of whom own PSP's (one even owns a white Japanese import model!) . . . one of the boys is very excited to be sending his PSP away to get mod'd this Christmas. Yes - Santa is bringing him a mod for his PSP that will "make all his wildest dreams come true". He was describing to me the wonderous things that this mod will allow (I dont' know whether its a hardware mod or just a software hack performed by someone more clueful than him) and I nodded my head and smiled as I didn't fully understand what he was telling me but it sounded like he will be able to play just about every type of game for every type of game console ever made up to and including the PS2 . . . or something. That's a pretty impressive mod. These kids are huge gamers - they own every gaming console that has ever been created (except maybe that Gizmondo thing). They still have them and they still play them from time to time. But I think I have them talked out of buying a PS3. 🙂
Bah - off on a tangent again - so let's see - what else will Zune be competing with in the marketplace . . . hmm it's right on the tip of my tonge . . . they have kick-ass commercials . . . they're very pretty . . . oh that's RIGHT! The iPod. 🙂
Searching on iPod hacks / cracks etc - one finds that there's a plethora of options for these devices as well with the obligatory iPodLinux option as well and just about everything you can imagine to thoroughly and utterly own your iPod and show it who's its Daddy!
We've never been big fans of people who mod our hardware . . . the original XBox was a great learning experience for us . . . the XBox360 has been a fairly good success in reducing a number of mods / hacks / cracks / cheats etc. that were availble to Xbox users. I actually stopped playing H2 on Live due to the insane amount of kids who were hacking saved game data and altering their maps, characters, weapons choices etc. and cheating in live match ups. I very much look forward to playing H3 and sincerely hope that the integrity of the 360 holds up to prevent the rampant online cheating that happens to this day in H2. So far so good - the only mods I'm aware of are the ability to flash the firmware on the DVDROM to allow it to run copied / pirated games . . . I'm not aware of any actual game cheats or XB360 Linux type of applications. My point is - I think we got it right with the 360 (and time will tell if Sony got it right with the PS3). If I'm wrong - please feel free to post a comment. 🙂
Which brings me to Zune . . . Zune was developed in very rapid fashion . . . impressively fast actually . . . one of the driving goals of Zune seems to be its ability to strictly control content entering and leaving the device. All music emitted from the Zune via wifi is DRM'd to prevent that as a method for piracy. I suspect strongly that the wifi can't be used to sync with the PC (much to the dismay of geeks like me) or surf the web as a way of greatly reducing the attack surface of the device, again to prevent tampering / altering / piracy. The press and many technorati are scratching their heads as to why we'd give the device wifi but not allow it to do anything really useful with it - but if you think in terms of attack surface and data flow diagrams it starts to make sense. I mean seriously - c'mon folks - we're not a bunch of dolts - do you really think this was a 'missed opportunity' or a feature we simply 'overlooked' or 'forgot' to implement? Nah . . . that just doesn't make sense - I think we probably couldn't implement wifi sync'ing and Internet access securely in the time alloted . . .
Security and integrity of the device may also be the reasons you can't treat the HDD in the Zune as a standard removable device like you can with other competing players and why it doesn't integrate with WMP.
Net net - I have this crazy theory about the Zune . . . I have a theory that it's an attempt to be both useful / functional / desireable to the average consumer AND secure + tamper resistant in a way that competing devices are NOT in order to satsify another very important customer (the recording industry) so that they will continue to invest in making music and shows available digitally to devices like Zune.
Do I have any evidence to support these claims? Only what I've seen quoted by our execs recently about the aforementioned competing product (cough, iPod, cough) and the most common format of music being stored on it (pirated). 🙂
Will the security and integrity of the Zune kernel hold up and withstand the test of time? Only time will tell . . . hopefuls appear to have already registered the zunehacks.us domain and I have a few friends who are getting Zune's purely to fuzz the wifi interface and these guys are very good at what they do. 🙂 I am pretty hopeful . . . the Zune has been developed fairly recently so it should have been developed under the mantra of the Security Development Lifecycle . . . hopefully this means we won't see any 'low hanging fruit' type exploits (cough, TIFF / PNG image code execution vulns, cough). But with the 'Month of Kernel Bugs' going on right now with a common theme being 'remove disk, fuzz file system with a file system fuzzer, re-insert disk, see OS crash' . . . one has to wonder . . . what if . .