Slashdot Mirror
Boycott of Music Industry's Hacker Challenge Urged
phu170n writes "Don Marti, technical editor for the Linux Journal, has called for a boycott of the hacker challenge recently announced by the music industry's SDMI collective. Looks like principle can be worth something (more than $10,000, at least) these days."
it's not a perfect digital copy of the file, its copying the output. you don't understand recording do you?
Silly slashdot, sigs are for kids!
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
I thought he was refering to his hair(mao)....
:)
Do you honestly think that if they try to use the DMCA down the road the government will eny them that irght? Hell no! Even if they give us the OK now, the government, who has alot of $$$ intrest in the RIAA, is gonna back them anyhow. We broke CSS fair and square, THEY left the keys out on that one, and it didn't matter one bit (for those not in the know, the literally left the key unlocked on a DVD, allowing the reverse engineering that became DECSS).
"God is REAL
Got 9 before the scroll disapeared.
19' at 1600 x 1200.
Um, unless they are horribly incompetent, one of the watermark's main goals is likely to be survivability over lossy media (MP3's, cassette tapes, ...), such that the watermark will be as interpretable as the music is listenable. Perhaps a computer program could be written to detect the watermark if it is not well hidden enough.
BTW I'm interested to see how they manage to watermark John Cage's 4:13.
It's 4:33.
Yes, "No person" means no person. It means that the SDMI folks are actively abeting a felony, and ought to be prosecuted to the fullest extent of the law.
"We're not just gonna kick your ass. We're gonna kick your ass, call up your mommy, and BRAG!"
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
Watermarks have nothing to do with CD's... Think about it... They're not going to do one-off pressings of their CD's unless they plan on selling them for $500-$1000 a piece... The set up charges are that much. No, they're embedding watermarks in files that they'll make available on a "pay per download" basis. Which is what everyone's been asking for, isn't it?
I remember rants around here a while back to the tune of "i wouldn't use napster if i could buy and download my music online". Well, here it is, it's coming. Is that what you really wanted? You'll be able to listen to it wherever you go, since with the watermark, copying isn't so much an issue. You can put it in your car sdmi player, your portable one, your computer, and anywhere else you go. You just won't be able to share your stuff with anyone else, friends maybe if you trust that they won't distribute your music online, but give it a couple years to sink in and Napster, Freenet, and Gnutella will be history... Or at least for people in the US who are sue-able, they will be.
No matter how you slice it, in order to add additional information to any file, you have some bits somewhere.
...the sixth from file one, ...etc, and run lame on the result to get 'unmarkedBritney.mp3'
If all SDMI wanted to do was mark a piece as authentic, every piece would have the same mark and there wouldn't be much incentive to break it. "Heh, this POS is by Britney Spears. I know because it's watermarked." "Couldn't you tell that by tinny, teenage voice singing about her life ending because her teenage boyfriend dissed her." "Ummmm..."
But authenticity marking isn't what they're after. SDMI is looking for encryption and user identification. This means each unit would get a different watermark. Breaking it is then a simple matter of buying 5 copies and doing a binary diff of the output of "mpg123 -s britney.mp3 > tempfile". Build a bogus watermarked file by pulling the first byte from file one, the second from file two,
Am I in trouble now?
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The SB Live! card (and probably others) has a digital mixer that allows you to "peak" at the digital output before it is converted to analog. That way, you get the real digital output. At least you get a wav this way and can always convert it to MP3, for which decoders can play watermarked songs.
Opus: the Swiss army knife of audio codec
My rationale is this: Right now, few consumers care about "secure" music - they just want the selection. If the industry provides this, no matter how encumbered, then they will be happy -- UNLESS the protection is too much of a hassle.
The objective should be to break all the easy schemes, making it a nightmare to go through the hoops necessary to use the software and devices in such a way that a hapless user could not possibly be getting digital content... This will be sufficient for the mass of customers to vote with their money, and end this senselessness.
As to why now, and not later?
Because I (or you, if you are so inclined) can do it in your name, publicly, and watch the news stories "secure digital music technology foiled by slashdot troll". There won't be much in the way of SDMI music for a while anyway, because the powers-that-be surely understand the "wait and crack it later" attitude.
Further, it can be a nice challenge, and if you aren't doing it for the money you could always help out the EFF...
As to some of the suggestions so far...
1. Converting to analog -> audio will not remove the watermark. (Nor will various compression-decompression, unless you had a nearly perfect psycho- aucoustic model..) I'm sure there are watermarking games possible with two versions of the watermark in the same digital content but they are probably not going to allow that.
The window here is to tweak the bits JUST enough to foil the player without damaging the content any more than it already has been...
Or to provide tweaks to SDMI devices to ignore the watermarking...
2. Using digital out, and finding non-SDMI compliant devices to store to. Note that WindowsME is already taking steps to avoid "rogue" drivers which store digital audio to disk, or output to SPDIF or a digital loopback. (www.microsoft.com/hwdev/audio).
I didn't catch that-- good point.
Frankly, if our software engineering skills are worth only $10k to them, they obviously don't need this too much.
I can just picture a bunch of arrogant marketting types sitting together:
And just think, people like these gave $5 million to the vice president last night...
I've lost track of the project quite a while ago, but I dimly recall a group that was going to engineer a clone of the Gravis Ultrasound when Gravis announced the decision to stop making consumer sound cards.
I couldn't connect to google for some reason and alta vista's advanced search didn't find what I was looking for. Does anyone else know what happened to this intrepid group of open hardware hackers?
As usual it is a matter of control and short-sightedness. The record corps figure that the old stuff that just a few people want can't generate enough revenue to make having it available worthwhile. And they are right when you look at current distribution models, but on the net they can offer a subscription service where that old Skip James tune just takes up a few megabytes on a server and doesn't require pressing, shipping, etc. That way they make money from the millions of vapid Britteny Spears fans as well as the fans of older/obscure artists. Hey RIAA, that is more money, not less.
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
So use a non-SDMI aware sound card which should be just about anything available right now. It also isn't enough to check for watermarked audio at the audio in because it is certainly legal for me to connect my CD player to the audio in of my computer and listen to the music through my computer speakers. Besides how would the sound card know that it's input is being recorded. Isn't that the software's problem? In which case, just use non-SDMI aware software which again is most anything available. I think the music industry doesn't understand the very basic truth that if the audio can reach my ear through some means, then it can be recorded again. Yes, the quality may not be as good depending on the method used for that recording but consider this: something like 90% of the audio data is thrown away when creating an mp3 because the average ear can't hear those frequencies anyway. Has this hurt the popularity of mp3s? Not at all. If we're all happy enough to trade music at 1/10th the quality of the original there is no way the music industry can stop us.
Actually, this is not the role that watermarking is intended to play in SDMI, at least not initially. It really is intended to play a part in access control, not tracking. The idea is that songs on all new CDs will have a generic, identical watermark saying basically "this music is copyrighted" and then SDMI-compliant mp3 players and stuff are supposed to find this watermark and refuse to play the file unless it comes packaged in one of their goofy little secure formats that implements access control and copy prevention, e.g. are keyed to the particular player or whatever. SDMI-compliant mp3 players are supposed to refuse to play watermarked music packaged in a regular unprotected mp3 file without access control.
So, actually, watermarking in SDMI is part of an access control scheme and not a scheme for tracking individual copies. Obviously this is totally hopeless access control scheme since you just need an mp3 player that doesn't implement their broken blocking mechanisms, but it's an access control scheme nonetheless.
I didn't realize that posting insanely paranoid delusions could get you moderated up so highly--I'm going to have to change my posting strategy. This'll bake your noodle--the whole reason the contest was announced was to identify the insurgents who post to Slashdot, so that they can later be prosecuted as co-conspirators and for incitement to illegal activities.
The only certainty is entropy.
They don't have the resources to monitor everyone. Perhaps we should *all* come up with a crack and flood them with submissions, real or not.
i.e. Place computer in attic, run soundcard cable out west window over roof and down the east side of the house, then throught the kitchen and into the back of the TV set where we record music to VHS tapes!
As far as The Challenge goes, they should have had a web site development challenge first.
Are you sure that they did not mean petition?
9 is the best I could get too.
If the DVD-CCA made such an offer, there encryption scheme would probably be a lot better and we'd be even more SOL.
It's 10 PM. Do you know if you're un-American?
From www.dictionary.com Notice definition number 2. What this is effectively saying is that, your protection mechanism does NOT have to work, it just has to be there.
Hooptie
P.S. Don't flame me by saying that it is a poorly written law, or that lawyers are evil. I know, and your are preaching to the choir.
"Heavens, it appears that my weewee has been stricken with rigor mortis!" -- Stewie Griffin
Recording Industry: Hi, Hacker. I'll pay you $10k to make it so that you can't copy our stuff, and let us continue to keep making billions of dollars more than we should.
Hacker: Sure... I'll do that for you... just give me a second to pull this MONKEY out of my BUTT!!
Ceci n'est pas une sig.
moo
You should've stopped your sentence right there. I know myself that the media companies (movies, music, etc) have eternally lost my trust. I won't trust them to author a digital music format that I can use.
(Maybe we can train them.)
I feel comfortable in being highly pessimistic as to the outcome of this one. *nod*
--
--
Me spell chucker work grate. Need grandma chicken.
That is the question. Whether tis nobler to help the powers that be begin relasing digital media, or to let them think they have a secure system and then hack it to hell once they've adopted it.
On the other hand, cassette recorders and MD recorders exist too, so it's not clear to me why watermarking mattters.
from my understanding of the technology, you can't actually remove the watermark as it is scattered throughout the song. So when they are offering a prize to "remove" this watermark, of course it will be difficult (impossible?) to remove this, but thats not the point... the point is, if you have a modded PLAYER then it will ignore this signature anyhow. Now for software this shouldn't be too much of a challenge but it might be a pain in the ass for component audio gear. Think about it, the next time you pick up a Sony stereo component, it will have regional/lockout control built in just like DVD players have but this time it affects music.
I guess in the end money talks, so if consumers ignore region locked components and buy open systems then it may sway the tide.
In the end it all comes down to consumer education.
- Toby
Isn't this the same industry that is pushing real hard to make it illegal to hack and publish ways to break commercial encryption schemes. Sure they are offering $10,000 now to anyone who can hack and break it, but what happens after it ships? My guess is that their tone will change and anyone who hacks it will be hunted down and persecuted.
:)
So hack this puppy all you want, just don't publish what you find until after it has been released and is widely used
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
If you win the 10K, I'll sell you my car. Seriously though, 10K is considered a lot of money by a lot of people. It may not put you on easy street, but it sure would help with bills.
The facts expressed here belong to all, the opinions to me. The distinction between fact and opinion is yours to decide.
While the folks at SDMI do for some reason seem to be completely incapable of designing a decent web page, the sdmi.org website was registered by SAIC. SAIC has a bunch of ex-military types working for them so it's likely that their watermark algorythms are better than their web design skills.
I got 7, and, then, I couldn't see the scrollbar anymore. At 1280 X 1024 on a 17".
Guess it really is under construction. >:)
Linux rocks!!! www.dedserius.com
www.dedserius.com
VB != VisualBasic
And a few paragraphs down:
(c) OTHER RIGHTS, ETC., NOT AFFECTED- (1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
So one paragraph says you can't, and the next says your rights to do it are not affected. Now the courts get to decide which paragraphs rule.
Yea, I would agree that the whole DMCA is a bit messed up, im amazed it passed when it did. It really changes what copyright was originally intended for. And a few posts up above, maybe I dont quite understand what Veteran is trying to say, but it would be good to have a slashdot discussion about it, ill be here all day =P
Ever since 1923, there has been no public domain. And fair use rights can be signed away in a contract (think shrinkwrap license on a CD).
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.
Sort of reminds me of a time when a company I worked for decided to put 'valuable equipment' under lock and key. So they locked it in one of the conference rooms... that had a three foot span missing between the top of the nine foot walls and the ceiling, and that had a one foot span missing, where the wall met the building exterior wall (because there was a radiator on below the window and they hadn't wanted to work around it at the time).
In the end they had to close those 'security holes' but for at least a fgew months the security issue was laughable.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
They want the watermark detection to be built into every player, so that it will refuse to play even analog copies of watermarked material. Of course, this means that all you have to do is reverse engineer one of the millions of players they will be selling, and you know exactly how to find the watermark-- and how to remove it.
:)
Sounds a lot like how the DeCSS guys cracked DVD to me. One slip-up by a licensee and it's all over. Talk about a flawed system.
Good luck with this one boys and girls.
----- rL
The watermark could survive a D-A-D conversion (don't know if it will). Just because you can't hear it, doesn't mean it isn't there. Human hearing has a finite range of frequencies, beyond which the signal is inaudible.
Ever seen a "dog whistle", that humans can't hear, but your dog can?
The argument which I expect to be used in court is that any device which can be used to circumvent a digital copy protection scheme is the equivalent of a lock pick - and thus mere possession of them is a crime.
Once a law is on the books it is very difficult to get it repealed. There are millions of laws in this country - you pretty much know about all of the ones that have ever been repealed. The reason you have heard about laws being held as unconstitutional is that it is so rare an event that when it happens it is NEWS.
Prohibition was repealed because most people drank - drug prohibition has not been repealed because most people don't do drugs. Into which of those categories of bad law would the DMCA be more likely to fall? Just because most people WE know are involved with computers and understand the issues does not mean that most people in society as a whole are like that.
Yeah, as if THAT's going to happen. Perhaps after that, they'll come up with an algorithm to solve the traveling salesman problem in O(1).
"Up to" $10,000. yeah, right. "here's $50 bucks. now get back in your cage and hum until you can afford to buy music." /zard
They're also doing it in a way that is contrary to a few laws:
--
No. Not every CD is unique, the codes will in most cases work with any CD you come across. As a point of interest, would you care to elaborate how unique marking is to be done without one-off pressing?
The boycott is dumb. Whatever comes of this hacker challenge will be just be hacked again. Therefore I consider this 10 grand easy, quick money.
How long does it take to get sued by the MPAA?
Buses stop at a bus station
Trains stop at a train station
On my desk there's a workstation....
I don't rememeber it being that clear-cut - I wish I was a legal expert - isn't there something that Congress can do to get around that? I mean, this sounds like one of the examples of unconstitutionality that people have been bitching about, but my one-law-class-taken brain keeps regurgitating this weird sense of deja vu on this topic...
lf.o
Why not just create a device driver for the Windows sound API that plays its 'output' to a file in .mp3, .wav or whatever? Then making a duplicate is as easy as choosing the driver as the playback device in Windows and playing your SDMI tunes with your 'authorized' software.
I'll stand by my accertation that SDMI files are meant to be available only via download or other electronic distribution channels.
Heh. I never contested this assertion. My point was that CDs are unsecured digital music that did NOT put RIAA and company out of business. You were saying that to release unsecured music is commercial suicide. I don't think so.
they have been asking for the ability to download music from the internet without having to buy a CD.
And they got it! www.napster.com
Asking for the ability to buy digital music online is very, very different from asking for a watermark or any other kind of access control scheme.
there would be the possibility of repercussion if you did redistribute them.
RIAA is going to sue consumers who lost their music files? That's going to be funny to watch and a PR nightmare of major proportions.
And who's to say that your computer won't be an "approved device"?
I am to say. I have no intention of putting software/hardware that watches and catalogues my listening habits into my machine.
Can you honestly not see watermarking as a threat to anonymous filesharing?
Yep, I can. What I can see is a program to strip watermarks from music files appearing very soon after watermarking starts. Besides, who the RIAA is going to sue? Joe Schmoe who downloaded the file? To win a suit they'll have to show that it was he who put the file on the web and did it intentionally. I expect proving this to be quite hard.
Napster has centrallized servers to shut down, so they probably won't be around that much longer anyhow.
Ah. Some very smart lawyers are battling around the Napster case, but you, in your wisdom, already know the outcome, right?
Gnutella's pretty easily trackable as it is (or at least down to IP address),
First, use of programs like Freedom will make me NOT trackable. Second, Gnutella peers work basically in local clusters. Theoretically you can track file transfers, but it's hard, very expensive and not very useful.
A couple lawsuits, a couple jailterms
You seem to think that having a watermarked file floating around the net is enough to convict the original downloader. I don't think so.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
The simple fact of the matter is, there are lots of people out there who like cracking stuff like this, and have a lot of free time. No matter what they do, there will always be _someone_ who cracks the encryption, reverse engineers the player, whatever. I predict that within one month of release, SDMI's "secure" format will be cracked. And once even one copy gets on Napster or Gnutella . . . .
.
What they need to do is change their model. I think Stephen King's idea (sell chapters as people pay) is probably the best way. For example, Metallica could set up a website where people order their next CD, for say $10. Once the number of people who ordered the CD gets to 1,000,000, Metallica ships the CDs. Metallica gets guaranteed income, the people that pay $10 for the CDs are happy because they got the little jacket with the lyrics, supported the band, and can play it in their car without burning it, and the rest of the world gets their music for free.
Of course, ultimately I don't see what the RIAA's problem with online music is. CD sales reached record highs this year and Napster users are among the biggest CD buyers . .
-Coz
If anything, I dont see what will stop me from taking my audio out and putting it back into my audio in, play the digitally watermarked file, and just hit record. I know this isn't possible with DVD's because of CSS and how it does something in between the frames of the movies that a VCR cant understand. Does anyone know if the SDMI has anything like this built in? Soon as I record that to a wave file, I can then burn it to an mp3 and ill have my own mp3 of that file. It seems to me the only people that would support this is going to be the record companies, the RIAA, and all the lawyers and all that, pretty much the money grubbing evil people of the world that treat music as a commercial entity that the sole purpose of it is to make money. Music has never had these types of restrictions in the past, its scary to think how music will be treated 5 years in the future..
This way they can come up with all the schemes they want. If it runs under linux. All you have to do is hack the sound driver to redirect the music to a file? Why bother at all. If it ain't available under linux, I ain't using it. And if it is, I'll translate all my files to mp3's. So, big deal. They can talk all they want about secure music. I get it in the format I want reguardless of what they try. If it's streamed from the internet, I hack the network drivers under linux to redirect to a file. So when the stuff is available under linux, I don't have to hack it. Keep the boycott up!!!
What does happen if somebody cracks their protection? Do they go back to the drawing board, or do they buy the rights to the crack for $10,000, patent it, and then refuse to publish it?
My advide to anyone who thinks about taking up the challenge is to read the agreement very carefully. My hunch is that they will try to buy the rights to the crack.
Doesn't the circumvention of an digital security go against the DMCA? By that basis, isn't this objective of this "Contest" (read: PR Stunt) illegal? I think all we need is one really good smart ass.
"Yes, I did crack the SDMI watermarking, but I will not release the results to SDMI due to fear of prosecution under the DMCA. It's illegal to crack crappy security protocols."
Does fair use entitle you to a perfect digital copy? People have stated various ways to get one or two decent copies out even with the copy protection, but say that "it would degrade for each generation". Well, so what? Fair use doesn't allow for multiple generations of copies anyway.
Is there a way to get one decent sounding copy and have that first generation copy be acceptable? If so, fair use is just fine. I don't see any consitutional right to a perfect copy, and the main need for that perfection seems to be unfair use (multiple generation copies spread to those who didn't buy the music.)
Note, I am responding only to the stated assumptions by some on this discussion that a) you can get a slightly degraded first generation copy under this system, and b) it still would infringe fair use. If one of these assumptions is incorrect, I'd apriciate knowing it, but they aren't my assumptions so don't flame me.
-Kahuna Burger
...will work for Chick tracts...
"Correctly implemented, there is no way to detect or remove it. "
An implementation that was undetectable is not correct, it is worthless - You can't tell it's there.
If their players can detect the watermark, we can just use whatever technology they use to detect it. Then, we can remove it - if it's just a certain set of frequencies, we can remove those frequencies, etc.
-Dave Turner.
Become a FSF associate member before the low #s are used
'Poseurs'? I don't think I've heard that term since high school... probably a reason I haven't.
Punk snobs, talk about contradictions in terms...
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
Not really.
According to the spec, the analog playback is bandwidth limited. The spec is designed for devices that have digital and compliant speakers so you couln't mine a DVD-audio quality signal out of the playblack stream, but you could make a tape from it.
In order to hack it, you have to get access to the original watermarked and 'protected' content.
John
SDMI-compliant mp3 players and stuff are supposed to find this watermark and refuse to play the file unless it comes packaged in one of their goofy little secure formats
This is stupid beyound belief. They'll have somehow to make all non-SDMI players disapper from the face of the Earth, and, besides, prevent a watermark-stripping program from appearing.
Yeah, right.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Why not?
Does it harm the copyright owner in some way? Does it reduce their profits or otherwise reduce their incentive to create?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
GPL it?
but if I do crack it, it'll cost 'em a LOT more than $10K...
I agree with your response completely. I have no doubts about SDMI's execs intentions. I also think that 10K IS enough money to motivate a signicant amount of people to hack this tech AND report their findings to SDMI. I wish it wasnt so, but I fear that it is.
The facts expressed here belong to all, the opinions to me. The distinction between fact and opinion is yours to decide.
But what if you use something like a Soundblaster Live! with SPDIF in/out, and loop that? Nice digital copy... :)
First of all mp3's are patented and people are going to have to pay royalities to the company that made the algorithm so I say dont make an secure closed source audio format support and develop the open source free from patents and royalities the ogg format (and hey it sounds great too what more could you ask for?)
The Beaver The Best Things In Life Are Free And So Is Linux!
Win2K it is actually quite good. Definately better than "any good" ..
The bozos always think they can own everything forever. They don't even own themselves. It's so pathetic it's not worth further comment. Except, the price for being a quizzling certainly has gone up since the Revolution.
Depends where is it published. In some countries reverse engineering for interoperability is legal.
So if someone with an overgrown ego publishes not his findings in an inappropriate country just in order to be famous and k3wl we have the DeCSS case again. If someone with brain passes it along to the other side of the globe than... Oh well we all know where Micro$ networking was reverse engineered.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
AFAIK, DMCA only covers devices that effectively control access to a copyrighted work. In other words, if there were 10 million ways to get around the access control before it was ever released, then I don't think it's effectively controlling access and can't be covered by the DMCA.
You're confusing the meaning of "effectively". You're reading it as "robustly". The correct interpretation is "for all intents and purposes". Read this way, something "effectively controls access" if it can control access at all, not just very well.
I realize common sense demands your interpretation, but Judge Lewis Kaplan is the first judge to interpret that part of the DMCA, and that's how he read it, so that's the way it is.
Watermarks have nothing to do with CD's... Think about it... They're not going to do one-off pressings of their CD's unless they plan on selling them for $500-$1000 a piece...
Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.
they're embedding watermarks in files that they'll make available on a "pay per download" basis. Which is what everyone's been asking for, isn't it?
Asking for? I don't recall people crying out "Please, please, watermark the music files!!". Why would everybody ask for that?
You'll be able to listen to it wherever you go, since with the watermark, copying isn't so much an issue. You can put it in your car sdmi player, your portable one, your computer, and anywhere else you go. You just won't be able to share your stuff with anyone else
You are confused. Very confused.
First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.
Second, for the situation you describe to come to pass, the music you buy must be playable only on SDMI-compliant players and nothing else. I don't like this. I don't like buying music which can be played only on "approved devices". My computer probably won't be one.
Third, why would you care if your friends distribute your music online? Because the RIAA will know that it's YOUR copy of music that is floating on the net? And how would they know it? Will it be so that you could download music if only you would identify yourself (e.g. credit card) to the seller? I don't like this. Why shouldn't I be able to buy music anonymously? Besised, what could they do? "Your Honor, I believe my computer was hacked into and somebody stole my music files."
ive it a couple years to sink in and Napster, Freenet, and Gnutella will be history...
Dream on, baby, dream on...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Right or wrong, don't SDMI have the right to secure, proven encryption? If you don't like how the format works, don't buy it. If it ends up being universal and you can't buy unprotected music, that's your problem, you have no intrinsic right to someone else's music.
If you read the spec it appears that SMDI hasn't done anything but create a bunch of acronyms. One technical detail I could gleen from the spec is that it appears they are going to try to use some type of public key cryptography to protect the stream to the portable device. Since the device identification stream has 'certificate' and 'issuing authority' fields.
Nonetheless, the protocols described in the spec are TOO weak and it looks like its subject to replay attacks all over the place. Using a CD Image would get you as many SMDI copies as you like. It is also likely that the SMDI to device stream is replayable if you record it.
These coroporate design by committee things always make me wonder about the mean intellegence of greedy corporate bastards. They can come up with acronyms all day, but try and get them to give you a decent protocol, just try it.
John
Dunno.
Watermarking of music is pretty damn hard. (ie, I can't figure out how to do it well, and I must have given it several minute's thought). You have to modify a sensitive signal in a robust and non-intrusive manner.
However, it is do able to fingerprint it; perhaps not as advanced as what was proposed here a while ago, but something with a +50% success rate (I am being precise here; statistically 50.001% would be ok). So now they'll have your player store fingerprints of every song it has played. Whenever it is connected to a network or network-nearer device, the fingerprints are forwarded (along with your uid, of course).
If this were implemented, the industry would get exactly what they wanted, and more. They could prosecute you for illegally playing a song (note the false positive allowance above -- they would have to amass a preponderance of evidence before they could persue you). They get super-valuable demographics info. They could sell you monthly or yearly subscriptions (buy all sony music for a year!). Popular consumers get rebates ('We've identified you as someone who "spreads the word" to youtr friends about great music! Come check out Columbia's newest pop sensation The Chiterlings!'), or even credit for word of mouth marketing.
They won't even have to verify every song, the system works like taxes -- they might audit you, so you are honest.
Ok, some details are hazy, but all that is needed is accuarateish tracking of individual's listening habits.
I've said it before, I'll say it again. The above is an evil scheme, but I'm fascinated enough by the implications to almost go along and implement it. I gotta admit, I may dislike big companies, but I am buyable. I'm just not cheap.
Company releases protekshun schema, then pirate krax. This is irrefutable nature of cyberlife. Wots the big deal? Maybe someone can get the money and get put on big watch list in the sky. It's gonna change nuttin'honey. And there's one thing everyone seems to forget about this subject. G33x d^L118 4 b#1l3 ovr*Zxy m0^3y!!!
Yes,
So everyone that enters, please use your full and correct name so that it's spelled properly on the arrest warrant. Also remember to make yourself available for the arrest sweep on the day the contest ends.
Thank you for your participation...
A lot of posts have pointed out that the watermarks work by using sound structures which we would not normally hear (eg subtle time shifts, masked tones, high/low frequencies etc), in order that it is preserved in D/A A/D conversions.
/exactly/ how lossy compression works. If we can't hear the watermark, there must be some lossy compression scheme which removes or changes it.
However, removing such structures is
Clearly the watermarking has been tested with the popular schemes (ATRAC, MP3 and so on). But they're not the only possible schemes. It is perfectly possible to come up with a lossy compression scheme which corrupts watermarks, without otherwise affecting the signal.
Why do I believe this? Well, because a compression scheme which does that is exactly what you would use to apply the watermark in the first place....
Its interesting that if we had an 'ideal' lossy compression algorithm, (which had an identical encoding for all sounds we would say sounded identical, and where any change to the encoded form was audible) then it would not be possible to watermark the sound.
BTW I'm interested to see how they manage to watermark John Cage's 4:13.
-Baz
The Navajo code talkers had to start making up new code words for words like airplane, aircraft carrier, etc. toward the end of the world because the Japanese could understand very much of the 'code.'
Regardless, your point still stands, it would take a phenominal code to survive a machine like Deep Crack that was built specifically to crack a given code.
That's the way I understand it, too, but I don't see how that could work in practice. What if the machine I'm storing the downloaded music on gets rooted via the latest sendmail bug and Joe Cracker copies the music via a few intermediaries to his Napster-like server? Now my watermarked copy of the song is floating around the 'net, even though I took more than reasonable precautions. Neither I nor the music police know the identities of any of the culpable parties and we're back where we started.
You can already do this to an extent. try emusic.com's subscription service, reasonable rates and a decent collection of music. I know they have quite a bit of hard to find punk, can't say anything about the other types of music you mentioned.
Don't work for them, just a happy customer
Actually, I'm pretty darn sure that they do want to improve the product, it's that the product that they want to improve happens to do a bad thing. It's kind of like wanting to improve the ebola virus.
I noticed there's a time limit. It's pretty clear that the goal of this hacksdmi project is to expose weaknesses now, before the system is widely deployed and invested into. They're about to spend a lot of money on it, and now is the time for last-minute fixes, since fixing it after deployment will be much more expensive/difficult.
The Right Thing to do is to hack it as early as possible, but not inform them. Then, after the system is widely deployed, spread the hack far and wide. To encourage people to not do the Right Thing, they offer the $10k prize with the time limit. That makes the situation interesting and enables dramatic plots.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
... since all it takes is 36 hours with SoftICE, a case of mountain dew and a competent software cracker to figure out where the decryption part is in the software player that will inevitably be released and how to replicate its behaviour in C.
Or, if they only release hardware to do the playing, some malaysian hard-core people will eventually crack the die open and scan the silicon. Or the format will just die out. Whatever.
I think we all can agree that There Ain't No Such Thing As Copy Protection.
-- That aside, the cash they're offering is peanuts. 10K is about UK£7000; I know people that can earn that in a month.
/.ers. And I wouldn't be THAT idealistic if I knew how to crack it!
:]
10K are peanuts, but as a kiddie that wants to "make money fast" you just have to win this competition and through the publicity you'll get a cool job and make more than 10K per month.
there's not much to think about from the kiddies point of view, not all peoples are idealists just like you and me and some other
However I agree that a kiddie won't stop after three weeks, so releasing the code afterwards produces at least as much publicity, let's hope they made a fairly good protection that will take some time to crack
boomi
- my mouse is fat!
I don't know what you're talking about; it works fine in lynx...
Sometimes I've believed as many as six impossible things before breakfast.
But the RIAA and the MPAA are mostly made up of representatives of the same corporations.
-Elendale (thinks he will be beaten by the time this is posted)
IANAT (I Am Not A Troll)
Unlikely. Once the fundamental algorithm to crack the watermark is known, generating code to implement it is trivial, and their scheme is good as dead.
No, I think they are honestly trying to create a secure watermark, or at least "prove" to the industry that they didn't bungle the encryption scheme like they did last time.
That being said, I still think it takes balls the size of minor planets to go out to the "hacker" community and ask them to help create the "perfect" leg irons that will be used in the future to enslave them... :-(
--
Your Servant, B. Baggins
If I remember correctly, that is exactly what happened in Britan. First a registration scheme, then confiscation. Oh, that old family heirloom mauser - give it here so we can crush it...
The question is "Does the music industry want to collect information on anyone who might be interested in attempting to crack their copy protection scheme?" The answer to that question is an unqualified "YES". Do they have the means to compile a database on everyone who tries? Yes, they do.
I did not say that all identity checks are designed to allow someone to get you. I listed a single example - gun registration - which DOES have a hidden agenda. It is exactly for that reason that the People of the US have ALWAYS resisted gun registration.
Nice try at attempting to discredit my writing by implied character assassination - but it won't play.
Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.
Those CD's are not each unique, any Windows CD key will work on any Windows CD. The Keys are unique sure enough but the CD's are all the same per pressing.
I do not doubt the existance of watermarks that can survive D->A->D for several generations, however.
/ \
\ / ASCII ribbon campaign for peace
x
/ \
Unless your 'input' is simply accepting the digital output stream (and not the analog signal generated by the output), the watermark will probably be lost - if the watermark is inaudible, I can't imagine that it would survive the digital->analog->digital conversion.
Shannon proved a long time ago that you can encode information, reliably, in an arbitrarily noisy channel. The noisier the channel, the less information you can encode in it.
This means that no matter how crappy your audio signal, if you want to encode say a 1024 bit number in it reliably despite D->A->D conversion and other things which introduce noise, you can do that. It might take a 10 second sample to completely encode all 1024 bits at inaudible noise levels.
Fuck with the analog in some way (for example, by adding a known signal to it) that will foul up the watermark-detection, then subtract that known signal back out of the "clean" digital data you recorded.
Watermarks are designed to be resistant to as much "fucking" as possible. Bad watermarks aren't very fuck-resistant, good ones are.
You don't need to use inaudible frequencies for a watermark, so filtering on frequency won't remove the watermark. You don't need good quality reproduction. Introducing lots of noise (white, pink etc.) of various kinds reduces the information density of the watermark, but that just means a longer time sample is required to detect the watermark (for a given confidence level).
Superb audio compression would remove any watermark (by definition, it's an inaudible signal so should not be stored in a compressed file). However, we don't have perfect compression which makes this a battle between the codec people and the watermark people.
Finally, to rub in how difficult it could get, the watermark is a form of steganography. Some kinds of watermark cannot be detected (that is, distinguished from noise-like signals) without knowing the right key. Some watermarks are very difficult to remove without knowing the right key.This bothers me, while realisticly they are just trying to build an effectivly watermarked audio sceme, I am torn between the ability of someone to prevent "theft" of there material, and my right to have an audio format that is playable on anything I own.
1. You do not have the right to play a digital audio file on anything device you own. Specifically, fair use does not guarantee the right to make digital copies.
2. You can make an analog copy with a cassette recorder, and then digitize that. This is iffy, but likely falls within fair use.
Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.
CD players are consumer devices. That means less functionality. The last thing joe consumer wants to do is type in a code in their CD player. That, plus, the only way they can make CD players accept codes is if they make them large enough for a keypad. I'll stand by my accertation that SDMI files are meant to be available only via download or other electronic distribution channels.
Asking for? I don't recall people crying out "Please, please, watermark the music files!!". Why would everybody ask for that?
People haven't been asking for watermarked files, but they have been asking for the ability to download music from the internet without having to buy a CD. This is the RIAA's attempt at an answer. Something a consumer can download and do whatever they want with, listen to it wherever they want, just not redistribute the resulting files.
First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.
Second, for the situation you describe to come to pass, the music you buy must be playable only on SDMI-compliant players and nothing else. I don't like this. I don't like buying music which can be played only on "approved devices". My computer probably won't be one
Yes. I wasn't trying to insinuate that that SDMI files would be impossible to copy. It's just that there would be the possibility of repercussion if you did redistribute them. And who's to say that your computer won't be an "approved device"? If the format is deemed to be trully secure (to the standards of the cryptographic community), then the RIAA could feasibly release all the specs to the world, so that they could all make their own players, rather than having to endure some kid for the netherlands reverse engineering the format in search of loopholes.
Dream on, baby, dream on...
Can you honestly not see watermarking as a threat to anonymous filesharing? Napster has centrallized servers to shut down, so they probably won't be around that much longer anyhow. Gnutella's pretty easily trackable as it is (or at least down to IP address), which leaves Freenet. Freenet uses encryption to disguise where files reside and who's requesting files, etc, but what does that matter if the person that actually made it available to Freenet is trackable? A couple lawsuits, a couple jailterms, and people won't be so eager to share their files anymore, or at least they'll make sure that they're allowed to share them in advance...
For instance, connect your soundcard "out" to your "in" and record--there's no getting around that.
Oh my. You are really new to this.
The soundcard out/in trick does not work. However, I have already hacked SDMI's method. It's a pretty simple hack. I will be informing the engineers of my hack. I am not interested in boycotting. Why? At DefCon in Las Vegas this year, I had a great conversation with Theo de Raadt. We were discussing the existance of zero-day exploits, and his relentless efforts to beat hackers to the punch with OpenBSD. My contention at the time was that if I have written a zero-day exploit, it is my own work, for which I am the original author, and I have the right to keep it a "trade secret" of sorts by not informing the public of the vulnerability. Theo didn't even have to think about my point (I assume he had heard it many times before). He just looked at me and said "Sure, the exploit is yours, and you can do what you want with it. But why be secret? Don't you want it to get fixed? Don't you want the technology to get better?" I guess that really struck me. There are many different types of hackers out there, and you can divide them up and classify them until you are blue in the face (check out a book called "Hackers: Crime in the Digital Sublime" by Paul A. Taylor), but I like to think of hackers as primarily falling into two categories. People that like to test the limits of the technology and push the envelope of the common body of knowledge, and people who just like to get what isn't theirs in a rebellious way. Theo pointed out that if you are any good at all, you will find more vulnerabilities. You will be able to exploit those new vulnerabilities. You will advance technology further, and you will start testing again each time it progresses. On the other hand, if you aren't any good, you may want to hold on to your exploit. You may fear that you won't be able to come up with anything that clever again. You may be disappointed when the vulnerability is fixed, because you can no longer exploit it for your own purposes. I think the problem here is that some of the Linux supporters don't really want the SDMI technology to get any better. They want the technology to be weak, and they want to be able to exploit it. They want the technology to fail. I understand this mentality, but for me, that is not what hacking is about. Keep in mind, that I do not want the cash prize either (it's always good to have money, but I am not going to wait for the contest to let them know what I have found). As for the very vague and uneducated "reasons" why the author of the article is opposed to this contest (read: opposed to the technology), he's pretty far off base. The SDMI technology does not prevent you from copying files. It does not prevent you from excercising your right to reasonable private use of the art. All it does is place a digital watermark on the file that identifies it as belonging to whoever paid for it. It's like a digital name tag. This isn't an intrusive concept at all. I label all of my CDs. Granted, I do not label all of the MP3s I download from Napster, but I am not opposed to technology that would allow me to either. As for concerns that this technology is a violation of privacy (an infringement of rights that, in my mind, is absolutely not permissible under any circumstances), I just don't see it. Having an identifier on my files is not a violation of my privacy. The biggest threat to privacy I can see here is that whenever I download music, someone might be able to catalogue the music that I am interested in by tracking the music that I encode on the servers. This is not a problem with the SDMI technology. This problem exists all over. What about Amazon? Do you think that MP3.com or Napster couldn't be used for similar evils? The fact is, any time you set up an account on someone's server, and start shopping, you are running the risk of being monitored. That is where the potential for violation of privacy lies. So what is the real problem with SDMI? What is the REAL reason for wanting it to fail? We like our MP3s. We like Napster. We like violating copyright laws. I admit to downloading tons of copyrighted music from Napster (Napster tripled my day-to-day bandwidth requirements). We use Stream Ripper all the time to rip MP3s from streaming audio for our private collections. We like taking what is not ours and getting away with it. And some people fear that SDMI will make it difficult for us to do so, which is probably true. If that is the case, then you will want to hack the technology anyway. You will want to publish your hack so that you can liberate the audio warez traders as a whole. SDMI will become aware of your hack. They will fix it. What they are doing by offering this contest is avoiding the security practice that we have objected to in Microsoft products, amongst others. They are allowing the standard to be tested before it gets pushed out to tons of end users. I don't think this is WHY they are doing the contest. They are probably doing it for publicity, as many have already noted. However, a side effect is that they are actually giving people a crack at it. And I thank them for that opportunity. I want the technology to get better.
Paper Pusher
Do you count the trouble of going to the store and buying a CD into it's cost? It's the same thing as finding it on Napster, except it's harder and uses gas and more time.
How is it harder to buy a CD? You drive a few minutes to the store, such as Best Buy, and instantly find the CD you want. On Napster, it might take you anywhere from 30 minutes to a few hours to compile and download all the songs for a given CD. Even then, you're often left with missing songs or poor quality.
As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it.
That's not important. What is important is how many of those people would pay a reasonable price to download the official, high-quality MP3 album from the rightful owner. I guarantee you the anwer is: the majority.
People don't steal unless one of the following is true: (1) They have to, i.e. no means to buy, or (2) it's easier to steal something than it is to get it legally, or (3) they're a criminal.
I think it's safe to say most people are not criminals, and most people with means to access the internet are able to afford purchasing music. That means the only reason left is (2): it's easier to steal it on napster than it is to buy the CD and rip to MP3. If the music industry would make it easier to buy an album in MP3 format than it is to steal it, they will have nothing to worry about.
You must be one of those, "people are inherantly evil," guys I keep hearing about.
The glass is half full.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
Not everyone on the NEt can use Napster. There are many people who can't install a simple program without help. Do you think these people are going to download and install Napster by themselves? And if only 2 million people use Napster, I would bet money that 1,999,999 at least have downloaded pirated music. HEll, you can't find anything else on Napster. As for the actually number of users...as of the press release on July 28, there were 20 million users of Napster. And I would bet that 99.99% of them have downloaded a copyrighted MP3. You don't need to download a whole CD, you only need to download a song. It could be the single that you didn't want to buy, or the song of that soundtrack that you liked, not a complete CD. And what happens as the NEt grows? When 75% of people are on the net, how many people will be using Napster?
If your numbers were accurate, CD sales would most definitely have gone down or at the very least, stagnated. Instead, they have increased.
Otherwise you are implying that without Napster, CD sales would have soared, but with Napster they've just made a small gain due to the loss attributed to Napster?
I have an extremely hard time believing that.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
MP3 is so widespread, and there are encoders and players for it already, that their format will not catch on.
If they were serious about really encouraging people to try and crack this, they'd offer $100,000 or more. Or let's just be glad they didn't think of that. You can get a lot of fairly bright people to walk away from 10K, but a six-figure bounty might be extremely hard to ignore.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
Finding the particular bugs in their system for the chance of $10k is not worth it. Anybody with the skill to do that can get standard consulting rates, which start at $200/h at the low end, which translates into at most 50h of consulting. Their offer is an insult. These companies are about to make a capital investment of billions of dollars; once the thing is on the market and the media are pressed, it cannot easily be taken back.
I think we should let them deploy the system as is rather than help them make it even more of a nuisance. Making it tougher to copy is not in the consumer's interest, and it doesn't even help the music companies (even if they think it does).
It's probably just to say that certain things are copies so that lawyers get more money. Anyone thinking of changing jobs?
I am a bad speler. Please ignore speling meestakes in me poast.
How are they going to stop me from buying songs as Chuck U. Farley, then bootlegging them to my heart's content? They will require me to pay by credit card. My credit card will become my proof of identity - the proof that I exist in the real world, at a known address, with a real door that can be kicked down. And if I lose my credit card, and my neighbour uses it to buy songs online, songs which he subsequently puts on Freenet? Oops, I'm liable. The credit card company might pay your bill when your card is stolen, but they won't go to jail for you.
We need an anonymous micro-payment system right now.
If the watermark is in the audio you will either hear it, or your MP3 encoder will strip it out. That's how MP3 encoders work, they strip out the stuff that you wouldn't hear anyway.
See that "Preview" button?
Uhh, how about this: the "Hack the HackSDMI Website Contest?"
:-) *grin*.
Free root login!
I'm not exactly sure myself how official SDMI is supposed to work, but I do work for a company that is doing "Digital Rights Management". This involves encrypting the content, and selling keys to decrypt it. This is based on "business rules" that can, for instance, state that you can watch the video up to N times in M minutes, then it's gone. This is really used, and in this case I can see the point, because it's for market surveys where the content should never be released outside the test.
I know that breaking the encryption will be very hard. The technology I'm working on (which is orthogonal to the encryption crap, thank God!), when combined with the encryption, will be very hard to crack. It's just a function of the way we do the video that requires the encryption be done a little differently, and I'd (unfortunately) be surprised if anyone could crack it.
IMO, watermarking is a much better solution, but only if it's not used as a keyed system (i.e. your CD-ROM/Rio/TV-remote having to "check the watermark against the business rules"). Watermarking allows the content owner to ID any given piece of media, down to the person who paid for it if they watermark each outgoing stream separately. If they find an illegal copy of it somewhere, say a dupe house in Hong Kong, they know exactly who to sue. For the record, I do think that Napster is over the edge of legality. Putting an mp3 up for the world to download is doing the exact same thing the Hong Kong copying houses do, without the $$. That doesn't make it any less illegal (when used for copyrighted, non-free content).
As for watermarking, the idea that you can subtract 1 from every byte is exceedingly naive. First, if you subtract 1 from each byte of an mp3 or other compressed music, you will end up with essentially a nice source for your random number generator, nothing more. Do it for video, and you get the same thing.
People have spent countless man-years developing watermarking systems. There are schemes that watermark video, such that you can decode the video (say MPEG-2 DVD), run it through a DAC, over a composite (RCA) cable into a VHS recorder, then play it back and capture the video on the computer, and *STILL* get the watermark out of it. Watermarks are something that (I'm guessing) have maybe a few bits per frame.
My opinion on the contest is that it is an attempt for the SDMI companies to get some free consulting, but I also think that if someone really can crack the scheme open so wide the lawyers go in to seizures, someone *might* get the hint that certain types of technologies (like encrypting the content and praying that someone won't realize you can just plug something in right after the decrypt to capture it) just plain don't work, and are a waste of time.
(anonymous for a reason)
I do think that we are in for some legal beatings - we make a lot of money and people hate us. The DCMA is just the first of many punches we are going to get thrown at us. I just want everyone to understand what is going to happen to us in the near future and why; that way it won't come as quite so much of a shock.
I'd offer $100k to the first hacker who can hack the SDMI encryption. Then I can advertise worldwide that it IS hackable, but no, I'm not interested in showing the public my "free speech" work of art I have hanging on the wall in my bedroom, A.K.A. "the code that cracked SDMI"
Okay, let me get this right. You get a "bad" copy off Napster, and want to pay for a good MP3 copy. Which you then share on Napster. So the next person who downloads that song (from you) gets a perfect copy. This person then has no reason to go and pay for a "good" copy, they already have one. If the song is popular, your copy spreads like wildfire, and no one needs to buy the "good" copy, they already have it. So, how exactly does this make money for the labels?
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
If the system gets cracked now, the system gets fixed and may be harder to crack. If the system gets released in its present state, (largely untested), then the damage is much greater if the crack happens after the system is released. The longer the system is out in the marketplace, the greater the damage to the credibility of SDMI if it is proven insecure.
Indeed. And if you look at the absolutely rediculous number of filtering options that the SBLive! has, I doubt that any watermarking could survive if we knew what it was.
I couldn't believe it, and I hoped that any true hacker wouldn't even touch it. I won't touch it.
-motardo
As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do.
No, they are trying to prevent people from using digital music however they see fit.
They simply cannot release the music in an unsecure format.
Why not? Encryption and SDMI will not stop piraters of music, it will only prevent regular people from easily listening to the music for which they've already paid... just like DVD.
The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?
What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.
Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.
Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.
So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
You are dead wrong.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
all the companies would have to do is show to the judge that the technology in question has no other valid use other than to make illegal copies of material, right? Isn't that what happened in the DeCSS case?
just a thought, and I know what I'm tossing out has been said a lot before, but it seems that any large enough company can throw lawyers at anything and find a way to either spin things so that they look like they are the victims in the court's eyes or...no wait, that seems to be all lawyers do, is spin info.
Moller
This bothers me, while realisticly they are just trying to build an effectivly watermarked audio sceme, I am torn between the ability of someone to prevent "theft" of there material, and my right to have an audio format that is playable on anything I own.
Guttermouth is a really good band.
But you know, if this is adopted, these guys will make more than $16M per year, so I'd publish it after the adoption of the technology, and the whole industry taking part in the deal, such that we get another DVD-case.
Bizar technology?
A lot of people seem to forget that the idea behind this SDMI scheme is not to stop Joe Sixpack from writing the audio to a file, or use a loopback recording scheme with his soundcard, but to be able to point the finger at him later.
Go ahead! Buy a Britney song online and download it in SDMI format. Sure, toss it in your Napster share directory! Hack away at it too, and re-record it all you want...
But when the RIAA then scans Napster files, it will be very easy to find out whose copy it is that is floating around there (providing the watermark is still discernible). You did pay for your original download with your credit card, didn't you? Who's 31337 now, when they charge a gazillion bucks in damages to you?
In a way, this is just like DeCCS: the watermark will not prevent copying, but is supposedly meant to stop piracy, while in reality pirates will circumvent it. All it will do will be limiting users choice (eg. no Linux player).
superblog.org: all your favourite blogs on o
DMCA allows "research" circumvention... Good luck getting a sane legal interpretation of that though. IANAL.
The analog transfer will probably introduce enough noise to destroy most watermarking schemes.
Proof please? Please give a demonstration that an analog transfer will degrade the frequencies of the watermark but not the music.
Microsoft put Win2k on the net and we all gleefully pounded on it (for the short periods it was up). Then they released. Is it any good? No.
Same with SDMI--they don't want to improve the product, they want to prove it uncrackable. If no breaks it, that will be evidence (to a person versed in using fallacies in place of logic) that SDMI will Make Money Fast For Artists. This gives them credibility and power.
Here's my recommendation: Hack it, but good. Hack it so good it can't be fixed. For instance, connect your soundcard "out" to your "in" and record--there's no getting around that. Alternatively you could hack it so good they have to go back to the drawing board for a year or two--giving MP3 (and Ogg Vorbis!) time to spread even further. If you haven't broken the rules (why are there rules in a hacking contest?) collect the $10k. If you have broken the rules, just post the results to lower their credibility.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Why bother with a moral victory? Just a legal one would be fine at this point.
Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier.
A little paranoid, are we?
Yeah, I'm so sure the government would be successful in that matter. Why exactly would they want to collect the firearms of "law abiding citizens"? All that'd do is give all the power to the criminals, since they don't register their guns.
And how exactly are they going to collect these guns from these law abiding citizens? Don't you think it would be a slightly risky proposition to try and go through a town and demand all the weapons? (I.e. what are your chances of having those weapons turned against you immediately.)
Nice logic...
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
No, you won't. A decent watermarking scheme could make *every bit* of the files different. Differential crypto on these things will be hard, because they are robust to white noise, and 'inaudible' noise introduced by popular lossy compression schemes like MP3. The only viable attack IMHO is to use a different lossy compression scheme to remove watermarks outright. You dont need to find the watermark for this to work, the attack is general against the concept.
this should be a patition sent out to each and every member
If you are in Africa, India, or some other place, $10k is a lot to pass. I am interested in the challenged, just for the challenge. If I happen to break it, I will tell them, but I will refuse to tell them how. They can shaft their $$$ up their @$$! In an ideal world, we will boycott them, but people from here still buy CDs and use amazon, so I think the call for a boycott is invain.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
$10,000 to test their technology? Let them get and pay their own people, rather than pay off (very cheaply at only $10K) the "hacking" community to do their dirty work for them. I think this boycott is an excellent idea. This will only help the RIAA even more, and make them even more powerful. They had their chance to work with the community, and they destroyed it by trying to close, rather than work with, Napster.
If you make a perfect digital copy, the watermark will be preserved perfectly also. You don't understand how this technology works, do you?
...which make it very easy to cheat in video games (their drivers allow driver level transparency of textures so there is no need to hack a game's files to cheat), I'm sure it would be possible to get some colorful sound card drivers which could easily circumvent any system of music protection...
-HobophobE
-HobophobE
Nothing laughs forever.
Actually, this is a bad example. A good friend of mine owns a Thompson machine gun, and it is 100% legal. He had to get a license for it, which is not possible to do for fully automatic weapons manufactured after a certain date. But, when the "ban" on fully automatic weapons went into effect, existing guns were grandfathered. Not that this invalidates your point about ex post facto, I just wanted to point out that machine guns are a bad example.
Not that we don't believe you and the others, but how about a screenshot for verification before the prizes are awarded.
Ties will of course go to the screenshot with the earliest time stamp.
---CONFLICT!!---
The list of people they have onboard (read=$) is staggering, and almost anyone that has been trying to get the RIO-type market going (mp3 portables) are also on board for making SDMI portables.
I know that mp3's are here, and can't go away. However, if companies start to make SDMI hardware, and stop making MP3 hardware... it won't be long before the MP3 hardware of today is obsolete. (Again, I'm talking about RIO's, etc). And consumers will only have that choice. How many MP3-car players are on the market? about 4? And they're all pricey. What happens in a couple of years when most new cars come with a built-in SDMI player? Same thing.
I just hope it'll become possible to write our mp3's into SDMI compliant files, and thus work on this new hardware.
Rader
You've got a point, but I think that breaking the encryption is a much better solution for us. If you reverse engineer the player, that's cool, you can play your files, but only until the Robber Barons Association sues the hell out of you for making the player. Of course, the same is true of a decryptor, but with 2 major differences:
1) you only need to sic a decryptor on a file once to turn it into mp3 or whatever other useful format you want, so you're not dependent upon the constant availability of your (illegal) player.
2) The song is actually in a useful (ie interchangeable) format. You can put it on your portable mp3 player, or burn it to CD, or whatever other means you want to allow you to listen, at your convenience, to the music that you've payed for.
The way I see it, as long as the song is in an SDMI format, they control it. They control what you can play it on, they can concievably track it, and they can make it expire (who was it talking recently about how corporations are trying to eliminate buying in favor of rental? I wouldn't be at all surprised if the labels decided to make you renew your music liscense every so often, with no option to buy outright.)
"No, it's not worthless at all. It can still be detected, but only by the people who put it there in the first place.Thus, you can't tell if a given piece of audio is watermarked, but the record companies can scan all the files on your public server and read the watermarks."
OK, but what good is that going to do them? They could already just *listen* to the song and know that it's "Oops, I did it again" (or whatever). It would only help them if it were in players, and then we could reverse-engineer it.
-Dave Turner.
Become a FSF associate member before the low #s are used
Those who do not learn from history are doomed to repeat it. By the way, the Chinese dissidents were astonished that the "People's Army" fired on them, after all, they were the people. Ask the survivors of Kent State if the National Guard's rifles were loaded.
I don't think there are very many people who believe the "We are the government" argument any longer; it might have flown in 1800, but 200 years later most people see through it.
What's worse, they're shooting themselves in the foot. The "contest" (hereafter referred to as "The Sham") runs from Sept. 15 until Oct. 7th. Why that window? Do you REALLY think that if someone is dedicated to cracking whateverthehell it is they're proposing, they'll give up after 3 weeks? Hell no - they'll pick away at it month by month until it's split wide open. Three weeks isn't going to do them a damn bit of good, IMNSHO.
Mr. Ska
Actually, the hosers are charging $10k for joining the SDMI Foundation. So it's not even a noticable amount of moola to them, given all the companies that are members. Chump change, strictly for chumps.
Search terms: "SDMI Foundation"
"Global Integrity"
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
To participate, just go to the website at www.hacksdmi.org after September 15, 2000 and read the public challenge agreement. If you agree to the terms, you will have until at least October 7, 2000 to do your best.
Sounds pretty useless to me. If someone wanted to really hack it, the first step would be to use multiple layers of anonymity to get access to the code, and then get 2600 or the EFF to publish it. Forget any industry-sponsored contest.
Aw, who cares, SDMI is toast anyway. Do they really think they can get everyone to abandon MP3? If so, can I have some of what they're smoking?
sulli
sulli
RTFJ.
Coverti says: "By Design, the Internet is inherently flawed. How can a Law created and enforced in one country, be enforced in another?" That's not a bug, it's a feature!
Find a demonstratable flaw in their system, but refuse to reveal how it works until the RIAA donates $10 million to the Electronic Frontier Foundation. The publicity it would generate for the issues at stake would be worth far more than the actual money.
The original Slashdot article disappeared from the main Slashdot page while I was posting this. Hmm.
What, you mean they can't release music the way they've been doing for the last century? Hogwash. They've been packing away the millions for all that time, too. And despite widespread "piracy". It's not like digital music is new, either. We've had CD's since before a lot of /. users were born.
Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
This is also hogwash. Compressed music is a second-rate substitute for the real thing. If I were to download a track from a Napster user, I would be getting considerably less than what the owner of the original CD paid for. It would be good enough for my car or the crappy speakers on my office PC, but painfully inadequate for when I want to sit down at home at my stereo and listen. Maybe when we have the bandwidth to transfer uncompressed CDs the way MP3s are transferred now, they might have a point, but still not a very good one.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales. Downloaders of pirated MP3s would probably buy about as many CDs as they do now, or maybe less, since their exposure to new music would be reduced.
--
Proud member of the Weirdo-American community.
Hacker challenge is it? Well, ever since the fiasco with DeCSS, will us hackers listen to the SDMI, which is nothing but the RIAA's DVD-CCA? Of course not. There was no need to call for such a boycott. I don't think even the hungriest hacker, whether true open sourcer or black hat script kiddie, would even think of touching that offer with a ten-meter cattle prod. We've all seen what happened with DeCSS. Now these corporate SOB's have got the gall to ask us for our help? I say screw em.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
> Looks like principle can be worth something (more than $10,000, at least) these days.
(more than at least $10,000, at least)
and for those of us who have $200 soundblaster live! platinum soundcards, it's even better, as they come standard with the livedrive SPDIF in/out on the front! If you were to copy the music to a wav and then compress that into a mp3 (or whatever compression algorithm happens to be cool at the time) you would prolly destroy any "inaudible" watermark, as the whole idea of music compression is to get rid of all of the unimportant stuff. mp3 is unaware of SDMI, so it doesn't know that the inaudible watermark is important, and it'd prolly just toss it.
and even if there was a generational loss, it wouldn't be that bad, and when you figure that most people will be doing this to trade music over the internet, can they really complain if it's free?
"I hope I don't make a mistake and manage to remain a virgin." - Britney Spears
I have an idea!
Let's raise money to a fund, and pay more to those how are willing to keep their findings to themselves (or even better, publish them after the challenge is over, and the shit is in use?)
Ost99
---- Sig. gone.
=)
"It is easier to fight for one's principles than to live up to them."
--Alfred Adler
I submitted this on Monday (2000-09-11 14:03:52 SDMI offers $10,000 challenge to hackers (articles,music) (rejected)), and I must admit I was shocked that it was found unworthy... but I am glad to see this is getting some attention... I find it rather cunning that SDMI would tempt hackers with $10K to help improve a technology that most ( I know its a generalization, but I believe it to be true) hackers would find offending, crack the technology, then release the crack publicly. Hopefully the boycott will work, but I have my doubts cuz 10 Large is a lot of dough!!!
The facts expressed here belong to all, the opinions to me. The distinction between fact and opinion is yours to decide.
In theory they would have to alter the sound to leave a permanent mark. If that is the case it is merely a task of identifying the mark and playing with SoundForge.
Anyway. I personally am against a boycott. The honor system for payment is not sufficient (despite Stephen King's wishes), and moving to a new media is a good thing. Help them out. Besides, I am personally rather curious at whether or not they can pull it off.
IANAL (I am not a Legislator), but it seems to me that this 'hack sdmi' challenge may be somehow applicable to RICO (RACKETEER INFLUENCED AND CORRUPT ORGANIZATIONS) statutes.
I found the definitions of RICO on the US House of Representatives' site.
The Hack SDMI effort is potentially an attempt to form a conspiracy to commit a federal offense, i.e., to crack an access control device, according to DMCA.
Further, a "pattern" of racketeering can be shown if two things are proven within ten years.
[
Just how is SDMI supposed to work? I understand (somewhat) digital watermarking, but how does that apply? It's not like I have to break the encryption or anything (like forging someone's signature)--I just have to remove it (like erasing the signature). Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't affect the sound but will destroy any watermark.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
But once you see fancy graphics in frames, as well as the phrase "shape the future", the corporate bullshit detector should go into screaming overload.
Hopefully I didn't put any [] around my words.
And superdk is wrong. When you play a sound file through a digital soundcard, as long as the sound card doesn't do hardware resampling (like the crappy SB Live), then the S/PDIF that comes out is a perfect digital copy of the bits on disk.
You can copy the output, but most consumer sound cards (as opposed to those used by recording pros) honor the SCMS copy-protection system, which just (to oversimplify) sets a don't-copy bit.
And even if you get a black-market SCMS stripper, any watermark will still be there. A lot of research money has gone into development of watermarks that will survive even D-A-D conversion.
The really bad news (if anybody bothered reading the site) is that the whole SCMS system assumes crypto in your speakers, so you won't be able to steal bits from the speaker wire, and your speakers probably won't even play evil un-watermarked hacker content.
The only way to stop this nightmare would be to stop the spread of digital crypto-speakers, but good luck with that when they start being bundled with every new CompUSA PC.
I got 12 in mozilla, but I had to turn all the chrome off and scroll the eleventh frame with the keyboard. 2000x1500 pixel 125 dpi display.
Couldn't you just get as many as you want by cranking up your virtual desktop resolution?
Having both the input and output of the encryption algorithim makes it a LOT easier to figure out the algorithim, for I hope obvious reasons.
I got 12 in MS IE5.5, but I had to crank my resolution to 2048 x 1536 on my 19"er.
I'm going to patent a business model based on creating crappy products and marketing the hell out of them so that millions of brain-dead consumers engage in the lemming-like behaviour of purchasing tons of my garbage. Then I'm going to sue the RIAA, MPAA, and Microsoft out of existance.
Help save the critically endangered Blue Iguana
I don't have a problem with Mickey Mouse being copyrighted in perpetuity since they are producing new Mickey Mouse material continuously... but why should this affect some obscure out-of-print book from the 1920's?
You are in a maze of twisty little passages, all alike.
I really think this whole thing is just a big ploy to be able to buy and hide any code for breaking sdmi, NOT a way to further secure the format. They simply want to buy the code, my bet is, you have to sign a contract saying that this code is theirs and you cannot under any circustances give the code away or sell it (yea right) to anyone else. Welcome to Your Code or Your Life, the game show where we will kill you if you don't give us your code!!
Guttermouth is a really good band.
Seth
$5 / month hosted VPS on linux = awesome!
Broken links all around.
I really don't get it. Why send out press releases and letters that 'point' to a site that still under construction???
Any free service like Napster is going to be flooded with junk and people trying to be clever by mislabeling files.
An organized source, controlled by somebody who cares about the contents, is worth money.
Second, each CD/downloaded track will not have different watermarks. The most that's planned for in the spec is identifying the distributor.
Third, the common perception that all SDMI preople haven't a clue is false. There are some stupid people (I'm sure OSS projects have their share too) but there's also a lot of very clever people too, especially in the encryption field.
While perusing the SDMI site's wide selection of propaganda pieces, I ran across quite a few references to this company, who apparently are maqnaging tha whole magilla...
http://www.globalintegrity.com/
Not that I'd like to see them taken down, or anything. Be polite, but tell them your opinion of companies who do this sort of thing.
"There's two kinds of people in this world, those with loaded guns, and those who dig. You dig..."
-- The Good, the Bad, and the Ugly
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
You know, there are a number of arguments that have already been stated against this hacking contest, and I am sure more arguments that will be stated against it in the future.
:)
Personally, I don't think that any of this actually matters. I don't really care whether the RIAA gains industry credibility for the SDMI - if recording companies want to use it then more power to them. I also don't care if the current SDMI implementations are 'proven' to be un-crackable during the artificially restricted cracking period of three weeks - the only thing that this will cause is more trumpet-blowing by the RIAA.
The beautiful thing about the 'net and the hacker community is that I can guarantee at least a 1000:1 ratio of 'smart, motivated hackers' to 'mediocre corporate software engineers' on this one. Whatever the RIAA end up thrusting upon the industry and the unsuspecting public, it'll end up being cracked within the month. End of story.
Let them waste cash developing this white-elephant of a protection mechanism. Whatever they spend here won't be available for them to pay lawyers with
--
The gift of death metal does not smile on the good looking.
Maybe to audiophiles, but the average person can't tell a difference between a 128bit MP3 and the CD version. I know I can't. Everyone I talk to says that MP3 is "CD quality". That certainly says to me they can't tell the difference, and if they can, it's not enough to bother them. Only audiophiles with $5000 stero setups notice or care about the difference.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales.
No, it doesn't translate into $1000 of sales, but I would bet it translates into at least 1 CD sale lost. If you download $1000 worth of music, chances are there is something in that $1000 you would have paid for if you couldn't get it for free. I wouldn't suggest it's a 1 to 1 ratio, but I would guess that there is some correlation.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
So it looks like they trick people into checking their security for them, and then don't have to give them the cash anyway. Personally, I'd like to see someone remove the watermark and not tell them how it was done. Sure, they'd be forfeiting the possible prize money, but they'd also be delaying the introduction of SDMI. Like Don Marti, I don't copy music from others. And yes, protecting my fair use copying is worth more than $10K to me anyway.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
If no one breaks SDMI during the three week period, then they will just have ammunition to say that SDMI works. End of story. Move along.
For those who think that the industry will not get their way, I have a simple answer for you: System on a Chip (SoC). Custom integrated circuits that do all the decrypting, audio decoding, D/A, etc., will be made. Once its all on a single IC chip (and this can likely be done with a bit of work right now), your rights are gone.
I doubt anyone on Slashdot has access to clean room that they could an take apart an Integrated Circuit, figure out how to disable the protections, checksumming of code, etc., and then a fabrication plant than can make enough modified ICs that they could distribute them around. Consumers have lost their rights one by one; they just have not realized it yet, nor cared.
Sorry, but the gig is up.
Make a concerted effort is made to attack the strongest watermarking algorithms, and leave the weakest alone. Maybe, just maybe, the weaker ones will get rubber-stamped as the standard and everyone will be able to enjoy fair use of media without too high of a technical hurdle.
---
How much do you get paid per diem for consulting, or for a comprehensive cryptanalyis?
$10K isn't a prize. It is a joke.
Had I broken one of their candidate schemes, I would expect a lot more for my efforts -- or I would keep it for my own later uses, just in case the DMCA is later abrogated or amended.
That said, I think the boycott is not a bad idea, because if we wait until after the boycott is done, and then we wait until the protocols are widely implemented, and then publish hacks, they'll be in a DVD situation all over again. They can't recall DeCSS; let's make them wish they could recall SDMI. We can keep this up as long as they can.
But if you must start hacking it now, don't release anything until at least a while after the contest - and release it anonymously. I suggest Usenet for that purpose - or how about Gnutella? :)
Too bad the quote is totally flawed in its wistfullness. Aside from poetry (of which I can't think of an example off the top of my head), all of the things listed have been done for money.
The issue with this software, as I understand it, is similar to the issue with DVD - ie, you can have the files, but you have to play them with the "approved" software.
Now from where I'm sitting, that means that breaking the encryption really isn't of much relevance; the issue is of making player-software available cross platform. This could be done by cracking the encryption, but lets face it: it's a whole lot easier just to reverse-engineer the player-software that is released, which is exactly what was done for DVDs.
Okay, so the powers that be don't especially like that tactic either, but in truth it's better for them too.
(Spudley Strikes Again!)
OTOH- This contest shows a limited consent for `us' to attack the system. Any development against a scheme developed in this time period could have use this as a excuse. The entry need not be reported to them, as it may not be `major' enough to `get the prize', but they have, with this contest _GIVEN_ us a excuse and consent to hack at it, but not to use it. I would, however, suggest that we hold SOME of this idea until we are given access to the inital agreement.
I'm curious about the nature of the boycott. Why? A company wants to make sure a protocol is hacker-proof and can hold a copyright above water. That's a noble cause. The arguments people are making just aren't sound. They should be saying "But we want to copy the music illegally. That's why we're not going to hack it."
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Comment removed based on user account deletion
if you don't have to sign an agreement that basicly is morally equivelent to an NDA, I will be VERY suprised. If you do download whatever file they give to be hacked, be prepared to be REALLY fucking sued if you release code publicly that breaks there watermark.
Guttermouth is a really good band.
Today is September 15, but there isn't any more details on the site. Is this challenge really happening?
Great Windows SFTP Server!
Ok, I think it's fairly obvious how the bulk of the community feels about this idiocy. The important question though, is what are we going to do about?
I wonder if maybe we couldn't find some way to get this onto national television and let the world know what these idiots are doing. The reason why RIAA, MPAA, and other big industry conglomerates have been able to get away with things like CSS and potentially SDMI, is because the public at large doesn't know what it means, and if they do know what it is, they may not neccesarily know why they should care.
Somehow we need to get this into national press and make people aware of the potential damage these various technologies could do.
Then offer to sell it back to SDMI to help fund their other battles.
"big bad government" ain't no spectre.
Maybe it's not that bad now, but it can be.
Since government was created, people have had armed revolt as some kind of reasonable option; even if they didn't actually do it, the threat could keep the government from doing anything too Orwellian. At times they have used it. Do you really want to throw that away not only for your own generation but for every one that follows?
Er...excuse me, but aren't they inciting people to commit a crime? (or at lease something they fervently wish was a crime?) And...uh.. isn't incitement to commit a crime, a crime in itself?
See Applied Cryptography for more discussion.
Burris
I have to admit that the only watermarking concept that I really understand is the paper version. But by making insignificant variations to the digital signal, converting to analog and then re-digitizing again, I would guess that you could smear the watermark enough so that there would not be enough of it left to make a positive ID.
Hashing the HF part of the signal a couple hundred hz wont matter and hashing the lf part of the signal a couple of HZ will be un-noticeable to the human ear. Switching the hash a bit every couple of seconds should be enough to ensure that the watermark would be undetectable. I have to believe that what looks for the sig is a pattern recognition device of some sort.
Minidiscs do allow direct digital copying, depending on the model you buy. What they will not do is make copies of a copy digitally - this is part of Sony's generational copy protection, can't remember the name. You can only copy a master... and they are trying to integrate this with CD players, etc., so that it works across digital media. Sony saw this thing coming a while ago.
It's actually kinda nice in certain situations when you don't have a lawyer... no one can copy your music digitally, but you can always make more copies since you have the master.
Allowing only first-generation copying (unlimited) seems pretty fair to me.
[|]
The first rule of cracking the SDMI is you do not crack the SDMI. The second rule of cracking the SDMI is that you DO NOT crack the SDMI.
Come on people, some 1337 k1dd13 (actually a MS hacker) WILL crack the SDMI and when he goes to collect he'll have to sign an agreement to not publish his work. The SDMI collective will have the work (probably patent it so they can sue anyone that reverse engineers it) and the guy will have to keep quiet about it - that's how things happen now a days!
All browsers' default homepage should read: Don't Panic...
Don't make the assumption that just because most copy protection schemes have been cracked that all can be cracked.
Take encryption when the algorithm is strong enough it can't be cracked in a useful amount of time.
Most of the success we've had with cracking copy protection thus far has been due to corporate screw ups. If CSS had been a stronger algorithm it would not have been cracked in the usefull life of DVD's. Sure we're smart and good at what we do but we are also arogant.
It is my belief that we've had some sympathetic programmers that have intentionally made weak copy protection thus far. It may actually have been incompetetance but in either case it won't last forever. We have to change the way things work in government and in the way society views these things. We can't with confidence claim that we will always be able to crack *any* copy protection scheme industry tries to use. Up until now we've been dealing with incompetance and short sitedness this will not last forever.
Environmentalists are their own worst enemy. ~tricklenews.com
"If you have an mp3 player, you know what mp3's are.../snip/...you sure as heck ain't gonna buy SDMI hardware"
And what percentage of the people out there fall into that? Not enough. Sorry, but the people who are apposed to SDMI are a small percentage to the world that doesn't even know any of this crap is happening.
Not only that, but your 1cm cube idea is exactly what I'm talking about. If Sony comes out in a couple of years with two ear plugs (and that small) that hold 200GB+ of music, even I would be impressed enough to check it out. So that means through hardware obsolescence, we even lose some of the mp3 die hards.
"And if you don't buy it, Diamond sure ain't gonna want to make it anymore"
You need to check out some statistics, first. Portable mp3 player sales are miserable. It's a niche market. They're abysmally lower than projected, and are not building enough steam to withstand competition from the fully sanctioned, fully marketed SDMI solutions that will come out. And if MP3 portable sales are bad now, they're only going to get worse when SDMI comes out.
Diamond *IS* on board to make SDMI players. I am sure they'll dump the break-even MP3 players, and start making SDMI players. And the sheep out there.... they're going to buy this stuff up, without even knowing that they took the wrong stance.
"As long as we have music CD's, which we will continue to have"
New music CD's outsell ALL the old music CD's combined each week. People don't want to just play and listen to their old CD's. They'll want to buy the latest Britney Spears crap, and it'll only be in this new format. What's a teenager to do!? Buy it without blinking! Besides, it'll come with a sticker saying "Even better format" or something, and they'll be happy.
Sorry, I agree with your wishful thinking, but it is at the moment wishful. And the SDMI & Big-5 consortium is getting ready for a big BANG, and they're going to throw as much momentum as they can with this format release. They'll finally have downloadable music, kiosks as each store, SDMI hardware that comes out with new features, gizmos, posters, popup cardboard cutouts, and some Backstreet Boys Hardee's commerical or something.
And if this ball rolls long enough, then all the major hardware companies will do what is profitable --which is make hardware that is selling. And if that means SDMI only compliant hardware, then that's what they'll do to stay in business (no hardware company is going to go out of business just because it's the "right cause". Heck, they might not even believe in our cause. Money talks)
Rader
Firstly, $10k is not alot of money. If it is that safe why not put up $100k. If the question was put another way like, we will pay $10k if you find a security breach in our work, would the response be different? Hacking is the mechanical life in the machine of software. Failure can happen where you least expect it.
Also check this:
http://www.ihatelinux.com.
--
This space left intentionally blank.
For any of you thinking about trying to crack SMDI, keep in mind that by removing the watermark, you are guaranteed squat. The page says "you may earn up to $10,000" (emphasis mine).
The $10,000 figure is just there to draw attention to the sham. I don't think they are legally required to give _any_ money away.
They probably will, but only fo rthe PR value of it. It probably won't go to the first person to crack it, or the person who had the best crack, but the person they like best.
Just something to think about.
This is supposed to be great art. So why does it look like a bunch of decapitated naked people? -- Calvin
By "rights" I meant the right to use the player you want, and *not* just those chosen by some group. I also mean the right to make a backup copy (do NOT read pirating, thank you). I have an MS Office 95 disk that is no longer readable in spots, and I forgot to back it up. As a result, I do not have a copy of Office to use. I likely will *never* be able to backup Office 2025 should it ever come out. I will not be able to make mix CDs out of CDs I own by that time either.
From what I've seen, the average person does not care enough to act. If the media makes it sound great (and all news media boils down to about five companies in the US), people will jump on it. Slashdot is a prime example; people complain, but how many letters to legislatures have been written by the users here? If even ten percent of Slashdot's readership actually took action, changes to society likely would happen. But only one-thousandth of Slashdot's population likely does anything on any issue posted here one way or another. The rest just write here, and take no action in the real world. Remember there is a *real* world out there, and not just the virtual one of the Internet.
It used to be anyone could build a piece of hardware, including stereos and televisions. Heathkit used to be in this business. However, hardware quickly got too complicated for the average user to build. Now, we are moving to the point that the average engineer can't build a compatible product without paying $$$ in license fees and agreeing to non-disclosure agreements with restrictions on what the resulting product can and can not do. This is where the line has to drawn.
I wasn't talking about removing the watermark. Its obvious that the SDMI coalition is having the contest because they want to
1) learn about any hackable flaws in their watermarking system
2) fix them before setting the standard
My point was that its pointless anyway because even if they accomplish #1 and #2, there are still going to be ways around their silly little format (removing watermarks or not).
Convert to analog and re-dititze. All encryption and watermarking gone!
Review your chosen company name, slogan, and button names (Note: Your choices can be edited later using our online Website Manager tool). If you would like to make changes now, click the Previous button above.
Upon purchasing, you will be able to add your own text and images into each page of this website using the Website Manager. Best of all, the Website Manager requires no technical knowledge. Adding your information to this website is as easy as typing an e-mail.
Businesses need copyrights to protect their property and profits. Internet users need privacy rights clarified and enforced to protect their property and personal rights.
By Design, the Internet is inherently flawed. How can a Law created and enforced in one country, be enforced in another? If we allow laws to cross international borders, then would we be liable for Islamic laws that prohibit alcohol, women, and hacking text?
If ISPs and Webhost censor their servers, then users will go to gnutella, freenet, or any other peer-to-peer NOS.
I suppose like the war on drugs, it will begin with a educational program at the elementry schools "Say no to peer-to-peer networking.."
www.covertlinks.cjb.net
"How you live will determine how you will die" www.covertlinks.cjb.net C0VERTl
this contest sounds similar to a thing the LA Police dept did a while back. They invited a bunch of gangsters to come showcase their grafitti art and then arrested them when they matched the one on canvas with the ones on the street. its kind of like the microsoft hack our 2k contest too. these things are fishy.
--
|-_-| . o O ( bEef!)
hackhacksdmi.org. (Still available at this writing!) :-)
No, no, no... your lock-door analogy is all wrong... For every better lock there is a bigger hammer to knock the door down with.
"Hot lesbian witches! It's fucking genius!"
It doesn't matter how hard you work to encrypt something, a way to decode it will very likely be found.
Sure, there are exceptions. For example, during WWII, the US forces code was never cracked by the germans or the japanese. Why? Because even if they DID crack the code, all of the people who were responsible for sending and recieving the encrypted messages were using Navajo in the messages.
But since computers don't speak Navajo, but in ones and zeroes, such a thing is not possible.
And more importantly, I'm missing the point of this encryption. As i've got a very strong feeling that CD's aren't going to just disappear in at least the next 20 years, you can't encrypt the CD tracks without making all of the older CD players obsolete.
Of course, I could be horribly wrong. I'm pretty damn good at that sometimes.
Vorro
---------------------------
A wise man speaks because he has something to say.
A foolish man speaks because he has to say something.
____________________________
What did the Buddhist say to the hot dog vendor?
"Make me one with everything."
Hey, I wrote the parent of this message and it got marked as Anonymous Coward.
What Gives?
meept!
meept!
hey, i think that everyone should attemt to hack this thing, but instead of telling the industry people, we'll just share the process on our top secret, hacker-internet-underground.
you all know about that right?
Silly slashdot, sigs are for kids!
I am starting to see the music and film industrys' points about DeCSS and the illegal copying of music.
The problem with DeCSS is that it makes a copy of the media in a decrypted form, albiet as a big file. If DeCSS were to act as a streaming server to an MPEG3 client player through a pipe, I don't think that the film industry would be able to have leverage in court.
Given that it makes a copy of the movie in an open format, this gives broad powers to the copier to make as many copies as he/she likes. Nothing stops you from copying DVD content through analog means (except maybe a VHS scramble). You shouldn't be doing that anyway. If you need to for an acedemic project or a demonstration, you can just aim a high quality camera at your high quality TV and record. This is of course a rough method.
Just as in this hacker challenge. The music industry wants to have a way to detect illegal digital copies of their music. If you remove the watermark, then they know that the copy is illegal and the player won't play.
The problem is not just people copying NSync CDs. They're rich and they've made the record company a ton of money. If too many copy smaller bands CDs, they may have to quit music because the can't make money. The RIAA, as they see it, is acting in the interest of their members.
But, the real problem with the music and film industry is that they are not willing to try new Internet business models. This will push many artists to go directly to their fans. As a musician, I could not see selling my music any other way but over the Internet. (BTW I don't publish my music.) I would not want any record company holding the copyright to my music. Also, I would not want people to pass around my copyrighted works across the internet without paying me what I am due.
Many artists are using the internet to sell their wares, and it is paying off. One artist (who?) got $100K for a CD they haven't even recorded yet (heard this on NPR). Stephen King is selling chapters to his new book on the honor system and getting paid.
Personally, my favorite format was the Beatnik format. It includes copyright information and can be optionally encrypted. It can include General MIDI as well as digital audio and your own samples. I haven't looked at the standard in a few years, so I don't know it's status. It was pioneered by Thomas Dolby's company, Headspace. These are more useful to digital musicians than to traditional musicians because they incorporate MIDI and sampling.
Don't get me wrong. The DMCA is an idiotic law, especially when it comes to software. It probably makes the cp and ftp commands illegal. But if people want to control access to their copyright material, material that they own, then it is their right to use whatever the law and technology provides. And it's our choice not to use, view, or listen to that material.
I wonder if they paid Stockbyte (new window) or whoever for their stock photography? That would really put an interesting spin on things, if their own website was using stolen graphics.
ofcourse the fact that remarkably few germans, italians and japanese people (0, to be exact) spoke navajo helped quite a bit too.
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
http://www.hacksdmi.org/1.htm this is a link off the page can you say cookie cutter. We know how they can afford it now they sure didn't spend it on the website.
I've heard that referred to as "audiojacking". Frankly, I don't see this as a credible solution to the problem: transmitting the signal over an 1/8 inch stereo cable represents conversion to an analog signal, with concomitant signal degredation.
Granted, you only have to do this once to get it into a different audio format. Granted, the signal degredation on that one pass is liable to be pretty minor, espeically given good connections and a short, high-quality cable. But I'm an anal bastard and it bugs me. So there. :)
Who do you think these people are? Why do you think they are doing this contest? None of the companies involved in the watermarks design wanted this test. It was imposed upon them by the SDMI consortium. You know, watermarking is a very very hard problem. They know that their schemes might be defeated, and I think it's much more cool to have this challenge than not too. "Thanks, SDMI, but no thanks. I won't do your dirty work for you." Come on... Every scheme that has been presented have been deeply analyzed by each of the team that are presenting them, and also by independant consultants. You feel like helping the evil empire by trying to hack them? Fine. Then, don't. The only thing that could make me not try to hack them is if I have to sign an NDA. Breaking their scheme is a scientific challenge. No more, no less. Now do whatever you want with it. I'll give it a try myself...
Yes, but it also adds up to less control. Remember that seems to be all that the RIAA and the MPAA are interested in these days. Remember also how badly they treat artists. IMHO, the best possible resolution of this entire affair would be the major record labels dying out. Possible, too. Remember that, as a result of the trial publicity, people are starting to get interested in online music...
-RickHunter
Where's my money?
Will SDMI be an open standard? Will compression/decompression/signing algorithms be public?
No? - then don't think of this as supporting the RIAA. Don't think of this as undermining MP3s, or Ogg.
This is another chance to prove that obscurity does not lead to security.
I dont think the cd burner is the device that is circumventing the watermark, its the program that controls the cd burner. You go get Easy CD Creator, and it wont do a bit for bit copy, it might say it in one of the options, but try to burn a copy of age of empires 2, and have it pass the cd check, it wont work. If you use clonecd, it will work, because that program gets around the cd check. With your thinking, hard drives are copyright circumvention devices, because I could copy the cd to my hard drive just as easy. Do you really think that they will try to push to make hard drives illegal? A burnt cd is just the medium that the information gets placed on, a cd burner only does what the cd burning program tells it to, so, in essence, i think that the program itself would be the one that would get targeted.
The greatest trick the devil ever pulled was convincing the world that he doesn't exist.
As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do. They are trying to make music available online, and to make it secure. They simply cannot release the music in an unsecure format. The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing). So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
How convenient !
I really respect Mr. Chiariglione as the father of MPEG. I learned about him since a friend of mine worked with him. He's some sort of myth: Italian, graduated in Tokyo as electornic engineer, speaks fluently 7 languages. He's smart enough to know what he's doing.
Maybe he even knows that it's all worthless.. go on.. encrypt as much as you want.. all I need is a SB 16 with a working input line !
Play the "secure" format and run an analog cable from one sound card's output to the other sound card's input, re-digitize and conver to MP3.
The analog transfer will probably introduce enough noise to destroy most watermarking schemes. One analog transfer won't appreciably degrade the music quality, and once you have it in MP3 format, you can make digital copies to your heart's content.
The SDMI proponents are idiotic if they think they can prevent hacking.
Therefore, this is a cracking contest, not a hacking contest.
Whether or not it could be cracked in a contest wouldn't prove whether it could be cracked in real life (indeed, I believe that there is no such thing as an uncrackable cipher) but I'm glad people are boycotting this. The reason I'm glad is because it is a public show of contempt for the content industry, and I'm glad it's getting a lot of press.
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Salon's article on this clearly implies this is a big ol' PR stunt.
What the cracking community needs to do is to be very vocal on it's non-participation in this 'event' instead of silently ignoring it. Anyone up for DoNotHackSDMI.org?
This is not the way to build a lasting empire.
If their music is so fscking valuable, why is it they can only pony up $10,000 (and maybe not even that much)? After (unless some miracle occurs) suing Napster and MP3.com out of existance for alleged damages in the hundreds of millions of dollars, this is the best they can do?
I guess there are two possible options:
1. They are not serious; this is just a weak publicity stunt.
2. They are a bunch of jackasses.
3. Both of the above.
Help save the critically endangered Blue Iguana
Just a point there: there's no such thing as "uncrackable", evidence notwithstanding. All you can say is that a given crypted text will take more than a feasible cost (time, money, computational power) to decrypt. Sooner or later someone would've thought "oh yeah, that's Navajo" but it's no longer worth knowing, really.
.|` Clouds cross the black moonlight,
Just like when I left the last job; I made sure that recovering ~/.ssh/ from both my HD and NFS drives would cost them more than would be sensible; short of destroying the HD altogether (not a wise move), I just copied enough things over the files before the final unlink() call as to garble it all. Not that they'd even *want* to recover anything of mine anyway...
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
The fact of the matter is that they will end up developing some stupid format which only works on microsoft OS's, and is more throuble than it is worth to break. What they can not do is stop producing CD's for people that want to play music in their car or those old diskman floating around.... they can't change the CD format. what they also can't do is stop someone from hooking the output from their stereo into the input of their sound card. they'll try out-lawing mp3 encoders, but they will always be out there.
I like Stuff - http://voda.dhs.org/
Let's see...
They create a framework that protects against cracking (ha! but we all know better).
They create this framework from the work of crackers, competing to win *up to* (note what the article says!) $10,000, with no mention of any second or third prize winners (or, perhaps, $10,000 gets split up amongst the top competitors?)
*Should* the upcoming laws in the EU allow software to be patented, they, of course, are going to patent it every way possible.
I say (kudos to Beastie Boys!)...
Crack it like this
Crack it like that
Crack it with a whiffle-ball bat!
Leave that sucka bruised, battered, bleeding, and feeling like a sex-crime victim! But, of course, don't disclose any information to them. Crack it so badly that before they even *release* their framework, the hackers have already put together (based on the info given to 'em by the crackers) bios flashes, software, the whole nine-yards (read: prior art) that allow the enabling-disabling of the SDMI encryption system.
Of course, then again, I may just be talking out of my ass. Probably the later.
- I'm making a page dedicated to procrastinators! I'll let you know when I get started.
watermark or no watermark, i have a possible answer.
there are quite a few new sounds cards comming out with digital (S/PDIF for example) outputs as well as digital inputs. if i play this music and my output is digital then i can also RECORD it digitally through a similar input. digital to digital will have no generation loss and the watermark has nothing to do with it. basicly it's just piping digital output to a digital recording device.
Silly slashdot, sigs are for kids!
There is always a demonstrable flaw.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I hereby promise I will not submit any code or algorithms to the contest. And I swear, it's not because I don't know what the hell I'm doing. I'm boycotting, dammit!
--
This is not my sandwich.
Well, there's legally a public domain.
There's a public domain, but its content is pretty much fixed: no works will ever expire into it.
For instance, if you sign an NDA, the information you get isn't required to go into public domain. I'd love to see them try to pull that.
One word: EULA. The "you may not copy" clause does not terminate when the copyright expires (which is effectively never). And it's trivial to put a binding EULA on a CD or DVD: a seal placed over the center of the disc reads "by breaking this seal you agree to the EULA printed inside the back pages of the booklet." All rights can be contracted away.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
That is the real reason for the 'hacking contest'. Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier - so is the real purpose of this contest to allow the music industry to collect information on who is interested in trying to crack their copy protection scheme. Anything you do in this 'contest' may be used against you in a court of law at a later time and date.
We're there Dood! Yeee Haaa!!
#!/bin/sh
while (true)
do
w3c -n http://www.HackSDMI.org/
done
oh....my!
They are just boycotting the fact they are invited to be a "proof" of the fiability of the watermarking scheme.
And as long as the rules are not publicized, there is no problem wanting to hack with a watermark-remover under GPL, whose copyright is to the author, let him (or her) take the money, and publicize the method of removal.
Publish quickly the result in Europe, software patents are still, perhaps for a few month, illegal here.
It remind me of the macrovision protection, where the legal protection against "analogic hackers" is based on the fact that macrovision owns the patents on the easy ways to remove the protection, thus permitting to prevent construction and distribution of macrovision remover.
So, if you hack (no problem), publish your results in such a way that the hacking is unpatentable.
Check out the site...
Sure there is the frames thing, wanna know why? Check out this (you can see it from the main page if you look carefully...), oh yea and they use the (noframes) tags....
Just in the wrong way...
PS: www.HackSDMI.org is running Apache/1.3.6 (Unix) mod_ssl/2.3.3 OpenSSL/0.9.3a on Linux
--
From: Aaron "PooF" Matthews
I thought the the DMCA forbid anyone from circumventing *any* copy-protection scheme...
If they make even a cursory attempt at such a contest, they can later claim that they gave crackers a chance to test the security of the protocol already (since crackers often use "security testing" as an excuse for their activities). I think it's a smart move. However, I do hope the RIAA rots in hell.
The problem with SDMI is not that it tries to enforce copy protection - we all know that this "feature" will become a moot point in a matter of days after its initial release. The problem is that it is owned by the RIAA, and therefore they can control the medium ("you can't build a player unless you omit this feature and add this security..."). They can't do that with MP3, and it seems that it's really pissing them off.
-John
later, when the record companies have poured billions into the technology, somebody will discover a flaw
Now, would that be a dedicated employee, in which case we the people will never hear about it, or will it be a hax0r who'll get lots of press and then probably be taken to court by the RIAA?
Don't get me wrong, I agree with the boycott, but I wonder about what will happen when it is released and (inevitably) hacked.
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
The House Between - Original Sci-Fi Series
Looking at this challange and thinking about the DeCSS case, I wonder how inviting people to 'break' thier code would effect thier ablity to squash the information from coming out into the public. I think it would be intresting to see how the DMCA would apply if someone broke thier system and posted the results publicly. Would the 'no reverse engineering' part still have weight after the company asked publicly for people to do so? Just wondrering how this will play out...
By making an explicit request that the programming community find weaknesses in the SDMI
protocol, they have relinquished most of their rights under DMCA.
They have granted us explicit permission to reverse-engineer their code, uncover their "Intellectual Property", and release that information to the public.
A few years from now when they try to use DMCA to protect their protocol, they are going to find it offers them no relief.
It is a basic legal principle that you cannot invite someone to enter your house and take what they like, and then turn around and have them charged with trespassing and burglary. The SDMI consortium has given us the keys to their house, and an open invitation to take the good silverware.
I say we take them up on it...
TOWM
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Any news from the site : because here it is 09:13, Sept 15 (Us&Canadian eastern time), and nothing worth the trouble is showing on http://www.hacksdmi.org/. And like someone pointed out, they have a like to their site into their own site that will create an interesting Escher-like "Recursive Frame stack fault" into you Browser.
As for the boycott : they are clearly trying to avoid a DECSS-like failure.
Maybe they have the same level of confidence for their crypto technical than for their www one ?
This shows that DECSS teached some lessons.
But like usual, thos BIG-CORPORATE-FAT--ETC guys understood the teaching the wrong way, because if their "new" system is not cracked it three weeks, it's going to be cracked in four, five... until the sun blows. And even if the crack is declared illegal their will be a part of the world whete someone will sell it, and the bootleging-vox populi will do the rest.
For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.
On the other hand, like every #$$^#@#$ marketing guys, they gave the delays, blissly disregarding the rules of the game. And like usual the requirements seems to be late.
Bu I will advise for the boycott, because their goal is not clear. Apparently they are going to put a bunch of differents technologies under public scrunity. They seemed to learn at that principle of free software : the most testers you have, the better the product. But testing FOR them will be against our interests. Let them test, and if they cannot get people competent enough to point the flaws in their systems, it means they did not deserve that.
[Pruneau
DISCLAIMER: Its long!
Basically they believe that the gaol of these hackers (if they find any) will be for the money or fame. After the three weeks they will give up and go home and never think about it again. However they are just going to end up giving these contestants a taste of flesh and they aren't going to stop. I'm just not that good with words so here are someone else's:
They are fools that think that wealth or women or strong drink or even drugs can buy the most in effort out of the soul of a man. These things offer pale pleasures compared to that which is greatest of them all, that task which demands from him more than his utmost strength, that absorbs him, bone and sinew and brain and hope and fear and dreams -- and still calls for more.
They are fools that think otherwise. No great effort was ever bought. No painting, no music, no poem, no cathedral in stone, no church, no state was ever raised into being for payment of any kind. No parthenon, no Thermopylae was ever built or fought for pay or glory; no Bukhara sacked, or China ground beneath Mongol heel, for loot or power alone. The payment for doing these things was itself the doing of them.
To wield onself -- to use oneself as a tool in one's own hand -- and so to make or break that which no one else can build or ruin -- THAT is the greatest pleasure known to man! To one who has felt the chisel in his hand and set free the angel prisoned in the marble block, or to one who has felt sword in hand and set homeless the soul that a moment before lived in the body of his mortal enemy -- to those both come alike the taste of that rare food spread only for demons or for gods."
-- Gordon R. Dickson, "Soldier Ask Not"
Go to the HackSDMI Website. Click on the link to www.hacksdmi.org, and continue recursively. The person who can get the most cascaded frames before their browser crashes wins.
Before one learns to fly, one must first learn to walk. Before one learns to develop a secure framework for digital music, one must first learn to use the target attribute.
:wq
The music industry can kiss my ass, like I'm going to HELP them do something like this. it doesn't matter anyway, anything like this can be worked around with less than $10 in hardware
Our friendly neighbors over at Salon have This similar article up in which they even go as far as taking a light hearted jab at slashdot not having anything about the topic matter up by they time of their posting. They also mention something about being opinionated, but thats just their opinion I'm sure.
Trying to be different, just like everyone else.
Well, there you have it- go and collect your $10,000 ... if you actually think that would work! ha!
Kinda curious and clicked on the buttons below the HOME button (on the right). These people do not even desgin their own web work, designing this site through Network Solutions "Web Manager".
EEERRRIPPPPSSS!!! -Ren
The biggest security hole sits between the keyboard and chair.
-Andrew McAllister
Why not crack SDMI anyway? Find where its week, wait untill after they started to release SDMI stuff, and then post it somewhere. It'l be too late to make any changes, unless they decide to recall every SDMI player and all protected music. Either way it screws them over.
I always prefer to start the year off with a bang - or, to be more precise, a series of loud hums, a crackle or two, and
Hack the http://www.hacksdmi.org/ website. So that when someone tries to sign up for their challenge they are simply routed to another site or some other such annoy pointless thing to discourage. For instance, Put a frame on the homepage and have a link that put the home page in that frame.
I had a poke at their website, and downloaded their "architectural specification", but it seems that they've made no decisions on what actual algorithms to use. Given that this is so, can anyone work out what the hell they're challenging us to do anyway? The lack of links from the "hacksdmi" website to detailed specs and source code is worse than suspicious: if they expect me to do their securitly analysis for so little they had best at least make it easy for me.
--
Xenu loves you!
What's the point of boycotting the contest. S, somewhere, will hack SDMI (mayeb some 15-year old kid in the Netherlands), as part of the contest or just for fun/challenge. Even if SDMI revises the standard, someone will hack that too, and its DeCSS all over again. I say we should *all* try to hack SDMI, and every other fascist copy protection scheme out there. Not just so information can be free, but to show the idiots that come up with these things (and the even bigger idiots that trust them) how futile the effort is. The simple fact is, if I have data on my machine, I can do whatever I want with that data. Period. It may not be legal, it may not be easy, but there is always a way to crack copy protection, and only by continually defeat these schemes can we fight against them.
---- I made the Kessel Run in under 11 parsecs.
I thought we were already planning on doing that? :)
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
Why should the boycott stop with this stupid little hacking challenge? Why not boycott any music affiliated with RIAA? Sure, your old music will begin to get boring... but it would give you some time to find new groups.
I think if we're really going to take a stand it has to be something like this. RIAA isn't loosing money now cuz of mp3s, but if they keep up all the stuff they're doing then maybe we can make them.
Bruce Schneier made a pretty good argument argument against cracking contests, in general, in one of his Cryto-Grams. In particular, he notes that "Contest prizes are rarely good incentives.... Taken at a conservative $125 an hour for a competent cryptanalyst, a $10K prize pays for two weeks of work." The contest runs three weeks, and you only get paid if you win. Of course, the contest isn't targeted at "competent cryptanalysts," but isn't that a point worth making?
If you're looking for more ammo for a Slashdot post ridiculing a cracking contest (did I say that out loud?), Bruce links to commentary by Gene Spafford in Electronic CIPHER.
Is it just me, but what happens when someone breaks in to your car/house/whatever and steals your phisical copy of a song/album you legally purchased? They upload it to Napster. You get the legal bills when the RIAA takes you to court.
--
Other competing watermarking technologies, such as Blue Spike's Giovanni cannot be read or so much as detected without a secret key of some sort. These schemes are useful for confirming the origin of a work by someone who holds the secret key, and are not useful for adding annoying copy-control features to MP3 players. A respectable, secure and fully disclosed system could be built with this technology.
Musicode, however, is something more along the lines of CSS. The keys are embedded in all sorts of client devices. It's only a matter of time before somebody comes up with a watermark remover.
In the meantime, ARIS is in the final stages of emplanting their Musicode as the industry-standard annoying copy-control system. The HackSDMI.com thing is really nothing more than a rubber stamp of approval, something to build false confidence in their technology. The deadline was set intentionally short. If their technology was the real thing like RSA RC5, they wouldn't have a deadline.
Indeed. I was a charter subscriber to Linux Journal, and still have issue #1 from 1994. With articles like this, they appear to be transforming themselves into a political magazine, and not a technical magazine. I recommend you let your comments known in their talkbalk.
It's all about copyrights... Linux Journal wants people to respect the GPL presumably, but since they don't agree to the terms that labels distribute their music under, they are opposed to helping create a format that causes more compliance to the label's and artists copyrights. It's all about respect, and it's a give and take sort of thing. Maybe if Linux Journal would aid them, you'd see Linux players for SMDI on the horizon... Because like it or not,thats' the direction that the industry is going in, and a bunch of linux users isn't going to stop them.
although our gut instinct may tell us to ignore them, then break the encryption after the standard has been set, i think a little social engineering is in order. if we ignore the challenge, then break the encryption as soon as the standard is set, we will be allowing them to easily paint us as immature punks who just want things for free. i say crack this challenge. crack as many challenges as they can throw at us. and keep documentation! they will eventually come up with a standard anyway. BUT when we crack that one, we will be seen in a better light because even with our "help", they couldn't secure their works. thus, we are not seen as pirates, but instead as fair use advocates. no encryption is uncrackable, as bruce schneir has pointed out in his latest book. the longer we can put off a new standard, the more hardware playing the current standard will appear, and the harder it will be for the new standard to catch on.
Founder, Americans Allied Against Alliteration
In the off-chance that SDMI does create a file format that is not hackable, there are things they still won't be able to get around:
.dll/.vxd that implements the Win32 WaveOut() API and writes raw audio to disk. (similar things can be done on all OS's)
1) A bogus
2) Connecting line-out to the line-in.
In fact, I'm surprised #1 doesn't exist already. Granted, these aren't true solutions because at least 1 person, somewhere, will have to buy the SDMI encrypted file and play it into the device driver.. but after that, ta-da.
Furthermore, who's to say that some hacker won't just hack the SDMI player they provide and force it to play unauthorized copies? In that scenario, they wouldn't even have to bother decoding or detecting watermarks..
Everyone reading this knows that few things in the digital domain can be considered "property". Everything is inherently copyable. Big corporations still have it in their head that there's some magical way to apply the old buy/sell model but eventually they're going to realize that it just doesn't work that way with digital content.
This is a scary fact because once that becomes common knowledge, there will be a huge corporate push to eliminate what we now call the Internet (where free exchange of data is possible via ftp, http, et all) in favor of a closely-controlled network where all transactions are monitored, and all data accounted for. Don't act surprised either - politics are owned by the company now. It might sound ridiculous (to us) to enact a law making ftp illegal. However, it makes perfect sense to a corporation.
This is why all of you should be voting for Ralph Nader in November. www.nader2000.org
I say it doesn't matter what security they try to place on music now-a-days. We all know that within a month it will not be worth anything. There is always going to be a slew of hungry hackers out there who will offer up a solution to being unable to play an mp3 becuase it's "secure". So it really doesn't matter. I'm kinda interested in how they plan to imp. it myself.
Saint Xellinus Demitris Ruin, Patron saint of the Mobius.
How can this be done? I'm no expert on watermarking, so I'll leave that one to someone else. But, for conventional means of copy protection, I have some ideas. If you can hear it, it can be recorded. Better yet, if its digital and your sound card plays it, then its driver is being sent the raw, unencoded, unencrypted data.
How about a fake sound driver? If someone wrote a sound driver (preferably for Windows so the collective would see the impact more plainly) that acted like a regular asound driver but instead recorded the raw audio data to a file, the "protected" songs would be available in an "unprotected" form.
So, how about it? Or do you think the SDMI would just have a law passed to make all Audio Card manufacturers adhere to SDMI specs and encrypt the data down to the DAC?
Jesus H. Christ. Faking the DLL or making an analog copy WILL NOT REMOVE THE WATERMARK. Obviously you didn't read the article, or you would know that the goal of the challenge is not to make a copy of the song but to remove the watermark. By these methods, the watermark will remain in glorious stereo sound. Try again.
Sent to info@sdmi.org:
Dear Mr. Chiariglione,
While I am not quite as eloquent as Don Marti, I do wish to inform you that I won't be participating in the "hack the sdmi" initiative (it's *crack*, anyway, not *hack*). As a seasoned computer professional with considerable experience in cryptography (specifically, a port of PGP to Apple's now-defunct Newton), I would normally enjoy such a challenge. I'm afraid, however, that SDMI is a misguided initiative, hostile to me as a consumer and unacceptable as a means of "protecting" the media I currently enjoy.
Actually, I probably *will* work on or paricipate in an effort to crack the SDMI, but you'll need to check Slashdot or 2600 for the results of my work. Thank you.