Domain: sidespace.com
Stories and comments across the archive that link to sidespace.com.
Comments · 16
-
DRM in a nutshell...
DRM depends on proprietary software. You are encrypting a file, then giving the user the key to decode it, while telling the program in question to decode the file, but only allow it to be used in one of a few ways (eg. display PDF, but don't print).
Such a system is untenable with proprietary software (just need to find the right memory address), and absolutely impossible with open source software, as you can simply remove the line in the program that tells it what actions not to allow. (See xpdf). With proprietary DRM systems, the companies just hope it's difficult enough to decipher the compiled code of the proprietary programs, that it takes a while before someone finds the right spots in memory to probe/change, and publishes the details... Then, they make trivial changes to the DRM system, and call it a new, "fixed" version that everyone should start using quickly (before someone figures it out).
The only thing DRM can do effectively, is to prevent the first opening of the file. After you send that first key (eg. via server), no matter what the DRM involved, the user can (trivially) strip the DRM off, and do whatever they want with the unencrypted file.
If that is what you want... I would suggest using public-key encryption to protect the file instead of a commercial "DRM" system. Either PGP or SSL (keys in combination with a password) can make absolutely sure only the intended recipient can make use of the file, even if others obtain copies of it. If you are expecting any more control over what others do with the file, you are simply denying reality.
All that said, here is one open source DRM system: http://www.sidespace.com/products/oggs/ -
Open source DRMThough I'm hardly one to argue with Bruce Perens, I think the (theoretical) system he's talking about is what I was alluding to in my earlier footnote. You can have an "open source" software DRM system, if you put the "black box" in hardware. The software then doesn't have anything critical in it; it just passes bits to the hardware module which actually does the trickery. However, this really isn't that great a system, it's still just a black box. It might make the system more difficult to reverse-engineer than a software implementation (to get some idea of the workings of the hardware chip you might need serious scientific equipment, not just a PC and a debugger), but it's still just obscurity.
I recall the discussions about a GPLed DRM system also, and my recollection was that it was widely criticized for being impossible to achieve without a hardware module, or binary blob. At some point, you need the black box that does the magic and hides the keys from the user. Even if you pile on layers and layers of encryption onto the key (which is basically what AACS does), somewhere you have to decrypt the content in order to let the user view it. If you have a system that's open, where the code that's being executed at any given moment can be analyzed, then you're never going to be able to avoid letting the user get their hands on the key. (Or even more easily, just letting them get their hands on the decrypted content.)GPLed opensource product that institute DRM. It went something like a ssha encryption of the binary content and the provider generated an encrypted key based on your key which was based on your account information(from the provider). Then whatever player you were using needed a plugin that used another program to decrypt the media and stream it into the player.
Just to follow on your example, in such a system, the plugin would probably have to be a closed-source binary blob, or else you could just modify it to intercept and spit out the decryption key as it was being received from the provider. (I'm not trying to personally attack you -- what you created there was as good a DRM system as most of the real ones on the market, but it's running into the fundamental limitation of DRM.) It's all smoke and mirrors.
Anyway, after doing a little Googling, I think the "open source DRM" thing a while back was related to someone on the Gstreamer project discussing adding support for DRMed formats -- but it's still not clear how they'd accomplish that. Some people have pointed towards Sun's drm-opera project as one possible avenue, but AFAIK that's nothing but vaporware, and it too was widely criticized as being impossible when Jonathan Schwartz announced it. According to this article there have been two past attempts to create "open source DRM": one was OpenIPMP in 2002, another was Media-S, more recently.
OpenIPMP has a SourceForge project page, although the latest update was a year ago. Apparently there's some code that can be downloaded, but aside from that they are cagey on how it works, and heavy on buzzwords. Nothing about it makes me suspect that they have really discovered anything huge (and a DRM system that didn't rely on obscurity would be pretty huge). If anyone is familiar with the project and wants to comment, I'm genuinely curious.
Media-S apparently evolved out of an effort to make a "Secure OGG" format. They at least have an FAQ. Basically, they're going for the straightforward 'binary blob' route:If Media-S is open source, how can the encryption be secure?
If a company wishes to use Media-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to Media-S (such as a change of encryption engine or pri -
Re:UGV good, DRM bad?
So far, the balance of the comments seem to be in favour, or at least neutral to the idea of implementing Linux within a device that will no doubt end up killing a good few people. In contrast, should Linux ever be used for DRMs, which have, as far as I know, not killed anyone, most people here would be up in arms, if the recent story on GPL and the DRM is to be taken as a guide.
First of all, basically everyone recognizes the right of the military to use Linux; heck, anyone, whether good or evil, has an equal right to use it. So no one disputes that Linux can be used for DRM (after all, Linux is (and always will be, according to Linus) under GPL 2, not 3).
Second, whether or not you agree with the wars the military is currently fighting, as long as you recognize that military force is necessary in *some* cases and can do in *some* situations, you can see a good use for this technology. On the other hand, many Slashdotters probably see no "good" use for DRM. Personally, I see it as more of a nuisance than anything ethically wrong (you're not forced to use it if you don't want to), but the main point is that it will always be futile. If the data is there, in some form, unless the manufacturer/content provider/software developer is in complete, absolute control of what the user is using to access the data, there will always be some person who cracks the DRM. Unfortunately for the copyright holders, it's a pointless endeavor.
Overall, I see DRM on Linux as making life for us Linux users a little harder and annoying. That said, if some kind of open source DRM is developed so that we can use DRMed media without much hassle, that's great. So in a nutshell, DRM is a waste of time, but DRM development on Linux might mean we have to waste less of our time working around a proprietary DRM. -
Ok, so what happens to projects like Media-S?
How about Media-S, which is a GPL'd DRM?
It's almost a philosophy question. Will Media-S dissolve in a puff of logic? Can the GPL create a rock so big it can't lift it?
-
Re:Open DRM
Like this?
-
Re:Very good
Well, if they're going to have DRM, they might has well have open-source DRM. On top of Ogg, no less.
I could live with that standard. -
who cares about MPEG anymore?
Now we have Ogg Vorbis and Ogg Theora is coming so who gives a shit about that MPEG thing?
Soon we'll be able to broadcast audio and video freely with a system that is 100% mpeg free thanx to ogg and icecast
The MPEG Committee is all about making money, they don't care about a free digital/media world. I only trust the non profit xiph.org foundation. (and if it's DRM u want then go for this :)
-
Re:It's better then WMA
The competition for this was legitametely between AAC and WMA because those are two proven technologies that happen to include DRM.
It's not like it's impossible to add DRM to OGG. (of course that's still in beta...) -
Re:Hi Ogg
Hi Ogg, nice to meet you, i just broke up with MP3, want to go out?
Hwahahahaha!
Why bother pursuing a relationship? All audio formats are the same, you'll just get hurt in the end. -
Re:Why does everyone automatically yell OGG?
-
Ass Backwards
Microsoft is a champion of DRM (under various names) to control and monitor users. So I would not put it past them to do what Amnesty International suspect them of doing.
DRM is just a tool. It's actually a tool to protect rights -- copyright. Is the right to own property not a human right? By your twisted reasoning the following groups are to be suspected of human rights violations due to their support of DRM.
- Microsoft
- Open Source Project Athena
- Apple Computer
- Open Source Project Media-S for Ogg
- RealNetworks
- Sony
DRM is all about producer control using private keys that you, the user, has no access to. Contrast this to Cryptography where strong cryptography can be used to ensure your privacy and that you are in control.
Please explain how DRM would actually be used to violate human rights. It's designed to allow distrubution of material to large groups. Cryptograhy is designed to keep secrets among a very small group -- just the tool that that the bad people actually need.
-
Re:DRM?
This is just expanding iTunes into a product who's viability isn't tied solely to the iPod's success. Ogg and mp3 are out because they don't have DRM, but WMA is in because it does. Simple as that.
It is iPod getting WMA support, as others already stated.
But beyond that, I thought this was discussed several times already in response to previous related stories. First of all, iPods fully support MP3 format, so MP3 is in no way "out" and WMA "in." That's pure nonsense. Second, you can add encryption and DRM to any compression method with relatively same level of effort. There is nothing inherent in AAC or WMA that they "support" DRM and Vorbis and MP3 don't. Any of those streams can be encrypted and wrapped around with their respective containers. No DRM for Vorbis? Bullshit! A simple googling would show you otherwise.
So, moderators, stop moderating this trolling as insightful. If you don't know what you are moderating, then either go find out, or move on to the next post. -
Re:Ogg Vorbis supportAparently there is a progect to add DRM support for Ogg Vorbis:
http://www.sidespace.com/products/oggsFor more information on Ogg, here's the Ogg Vorbis General FAQ
Also here is a page that describes the quality of Ogg Vorbis encoding with comparison samples to listen to. Sound quality is subjective so listen for yourself. -
RIAA Using HoneyTokens
Another good example would be the RIAA putting bogus music files on P2P networks. For example, if you query and download a file that is named "Metallica - Enter Sandman.mp3" then chances are you have other files that are of dubious lineage.
The sword here cuts both ways, unfortunately.
----
Like listening to music? Then use Fission, the MP3 player with a brain! -
Commercial Solution
We make a product that puts a TCP/IP wrapper around Microsoft Access databases. This wrapper means you can seamlessly query these databases remotely from either Windows or Linux without having to worry about sharing violations.
Our product name is UniverSQL and I would be more than happy to send you a demo if you email me. We provide full technical support and GUI admin and query tools that run on both Windows and Linux.
Regards,
Tyler -
Admire the hilt on this pig sticker.At first glance it's not so bad. Looks like they simply encrypt files and demand a license through their client to decrypt them so you can hear it. The devil may be in the details and the moral premis is evil.
How does the client prevent piping of the decrypted output? Without that, you might as well skip the encryption. With that you get right back to the nasty non free world of files you can't write and someone else owns your computer.
DRM is an attempt to prop up and extend the whole dead tree publishing model that has no place in the digital world. Trying to force the restrictions of old technology on new is evil. Creating restrictions that older did not exist in older technology is even worse. DRM seeks this and is an abomination. A new revenue model must be made and people should be encouraged to share their information as well as create it. Obscuring information so that permision is required for each and every read, and that's what this can do, is even more restrictive than printed work which is durable and human readable.
GPLing this code is like making a dagger out of gold.