Slashdot Mirror
Boycott of Music Industry's Hacker Challenge Urged
phu170n writes "Don Marti, technical editor for the Linux Journal, has called for a boycott of the hacker challenge recently announced by the music industry's SDMI collective. Looks like principle can be worth something (more than $10,000, at least) these days."
No matter how you slice it, in order to add additional information to any file, you have some bits somewhere.
...the sixth from file one, ...etc, and run lame on the result to get 'unmarkedBritney.mp3'
If all SDMI wanted to do was mark a piece as authentic, every piece would have the same mark and there wouldn't be much incentive to break it. "Heh, this POS is by Britney Spears. I know because it's watermarked." "Couldn't you tell that by tinny, teenage voice singing about her life ending because her teenage boyfriend dissed her." "Ummmm..."
But authenticity marking isn't what they're after. SDMI is looking for encryption and user identification. This means each unit would get a different watermark. Breaking it is then a simple matter of buying 5 copies and doing a binary diff of the output of "mpg123 -s britney.mp3 > tempfile". Build a bogus watermarked file by pulling the first byte from file one, the second from file two,
Am I in trouble now?
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The SB Live! card (and probably others) has a digital mixer that allows you to "peak" at the digital output before it is converted to analog. That way, you get the real digital output. At least you get a wav this way and can always convert it to MP3, for which decoders can play watermarked songs.
Opus: the Swiss army knife of audio codec
My rationale is this: Right now, few consumers care about "secure" music - they just want the selection. If the industry provides this, no matter how encumbered, then they will be happy -- UNLESS the protection is too much of a hassle.
The objective should be to break all the easy schemes, making it a nightmare to go through the hoops necessary to use the software and devices in such a way that a hapless user could not possibly be getting digital content... This will be sufficient for the mass of customers to vote with their money, and end this senselessness.
As to why now, and not later?
Because I (or you, if you are so inclined) can do it in your name, publicly, and watch the news stories "secure digital music technology foiled by slashdot troll". There won't be much in the way of SDMI music for a while anyway, because the powers-that-be surely understand the "wait and crack it later" attitude.
Further, it can be a nice challenge, and if you aren't doing it for the money you could always help out the EFF...
As to some of the suggestions so far...
1. Converting to analog -> audio will not remove the watermark. (Nor will various compression-decompression, unless you had a nearly perfect psycho- aucoustic model..) I'm sure there are watermarking games possible with two versions of the watermark in the same digital content but they are probably not going to allow that.
The window here is to tweak the bits JUST enough to foil the player without damaging the content any more than it already has been...
Or to provide tweaks to SDMI devices to ignore the watermarking...
2. Using digital out, and finding non-SDMI compliant devices to store to. Note that WindowsME is already taking steps to avoid "rogue" drivers which store digital audio to disk, or output to SPDIF or a digital loopback. (www.microsoft.com/hwdev/audio).
I didn't catch that-- good point.
Frankly, if our software engineering skills are worth only $10k to them, they obviously don't need this too much.
I can just picture a bunch of arrogant marketting types sitting together:
And just think, people like these gave $5 million to the vice president last night...
I've lost track of the project quite a while ago, but I dimly recall a group that was going to engineer a clone of the Gravis Ultrasound when Gravis announced the decision to stop making consumer sound cards.
I couldn't connect to google for some reason and alta vista's advanced search didn't find what I was looking for. Does anyone else know what happened to this intrepid group of open hardware hackers?
As usual it is a matter of control and short-sightedness. The record corps figure that the old stuff that just a few people want can't generate enough revenue to make having it available worthwhile. And they are right when you look at current distribution models, but on the net they can offer a subscription service where that old Skip James tune just takes up a few megabytes on a server and doesn't require pressing, shipping, etc. That way they make money from the millions of vapid Britteny Spears fans as well as the fans of older/obscure artists. Hey RIAA, that is more money, not less.
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
So use a non-SDMI aware sound card which should be just about anything available right now. It also isn't enough to check for watermarked audio at the audio in because it is certainly legal for me to connect my CD player to the audio in of my computer and listen to the music through my computer speakers. Besides how would the sound card know that it's input is being recorded. Isn't that the software's problem? In which case, just use non-SDMI aware software which again is most anything available. I think the music industry doesn't understand the very basic truth that if the audio can reach my ear through some means, then it can be recorded again. Yes, the quality may not be as good depending on the method used for that recording but consider this: something like 90% of the audio data is thrown away when creating an mp3 because the average ear can't hear those frequencies anyway. Has this hurt the popularity of mp3s? Not at all. If we're all happy enough to trade music at 1/10th the quality of the original there is no way the music industry can stop us.
Actually, this is not the role that watermarking is intended to play in SDMI, at least not initially. It really is intended to play a part in access control, not tracking. The idea is that songs on all new CDs will have a generic, identical watermark saying basically "this music is copyrighted" and then SDMI-compliant mp3 players and stuff are supposed to find this watermark and refuse to play the file unless it comes packaged in one of their goofy little secure formats that implements access control and copy prevention, e.g. are keyed to the particular player or whatever. SDMI-compliant mp3 players are supposed to refuse to play watermarked music packaged in a regular unprotected mp3 file without access control.
So, actually, watermarking in SDMI is part of an access control scheme and not a scheme for tracking individual copies. Obviously this is totally hopeless access control scheme since you just need an mp3 player that doesn't implement their broken blocking mechanisms, but it's an access control scheme nonetheless.
9 is the best I could get too.
If the DVD-CCA made such an offer, there encryption scheme would probably be a lot better and we'd be even more SOL.
It's 10 PM. Do you know if you're un-American?
That is the question. Whether tis nobler to help the powers that be begin relasing digital media, or to let them think they have a secure system and then hack it to hell once they've adopted it.
Isn't this the same industry that is pushing real hard to make it illegal to hack and publish ways to break commercial encryption schemes. Sure they are offering $10,000 now to anyone who can hack and break it, but what happens after it ships? My guess is that their tone will change and anyone who hacks it will be hunted down and persecuted.
:)
So hack this puppy all you want, just don't publish what you find until after it has been released and is widely used
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Ever since 1923, there has been no public domain. And fair use rights can be signed away in a contract (think shrinkwrap license on a CD).
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
The argument which I expect to be used in court is that any device which can be used to circumvent a digital copy protection scheme is the equivalent of a lock pick - and thus mere possession of them is a crime.
Once a law is on the books it is very difficult to get it repealed. There are millions of laws in this country - you pretty much know about all of the ones that have ever been repealed. The reason you have heard about laws being held as unconstitutional is that it is so rare an event that when it happens it is NEWS.
Prohibition was repealed because most people drank - drug prohibition has not been repealed because most people don't do drugs. Into which of those categories of bad law would the DMCA be more likely to fall? Just because most people WE know are involved with computers and understand the issues does not mean that most people in society as a whole are like that.
They're also doing it in a way that is contrary to a few laws:
--
Why not just create a device driver for the Windows sound API that plays its 'output' to a file in .mp3, .wav or whatever? Then making a duplicate is as easy as choosing the driver as the playback device in Windows and playing your SDMI tunes with your 'authorized' software.
What does happen if somebody cracks their protection? Do they go back to the drawing board, or do they buy the rights to the crack for $10,000, patent it, and then refuse to publish it?
My advide to anyone who thinks about taking up the challenge is to read the agreement very carefully. My hunch is that they will try to buy the rights to the crack.
Does fair use entitle you to a perfect digital copy? People have stated various ways to get one or two decent copies out even with the copy protection, but say that "it would degrade for each generation". Well, so what? Fair use doesn't allow for multiple generations of copies anyway.
Is there a way to get one decent sounding copy and have that first generation copy be acceptable? If so, fair use is just fine. I don't see any consitutional right to a perfect copy, and the main need for that perfection seems to be unfair use (multiple generation copies spread to those who didn't buy the music.)
Note, I am responding only to the stated assumptions by some on this discussion that a) you can get a slightly degraded first generation copy under this system, and b) it still would infringe fair use. If one of these assumptions is incorrect, I'd apriciate knowing it, but they aren't my assumptions so don't flame me.
-Kahuna Burger
...will work for Chick tracts...
Why not?
Does it harm the copyright owner in some way? Does it reduce their profits or otherwise reduce their incentive to create?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
GPL it?
Depends where is it published. In some countries reverse engineering for interoperability is legal.
So if someone with an overgrown ego publishes not his findings in an inappropriate country just in order to be famous and k3wl we have the DeCSS case again. If someone with brain passes it along to the other side of the globe than... Oh well we all know where Micro$ networking was reverse engineered.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Watermarks have nothing to do with CD's... Think about it... They're not going to do one-off pressings of their CD's unless they plan on selling them for $500-$1000 a piece...
Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.
they're embedding watermarks in files that they'll make available on a "pay per download" basis. Which is what everyone's been asking for, isn't it?
Asking for? I don't recall people crying out "Please, please, watermark the music files!!". Why would everybody ask for that?
You'll be able to listen to it wherever you go, since with the watermark, copying isn't so much an issue. You can put it in your car sdmi player, your portable one, your computer, and anywhere else you go. You just won't be able to share your stuff with anyone else
You are confused. Very confused.
First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.
Second, for the situation you describe to come to pass, the music you buy must be playable only on SDMI-compliant players and nothing else. I don't like this. I don't like buying music which can be played only on "approved devices". My computer probably won't be one.
Third, why would you care if your friends distribute your music online? Because the RIAA will know that it's YOUR copy of music that is floating on the net? And how would they know it? Will it be so that you could download music if only you would identify yourself (e.g. credit card) to the seller? I don't like this. Why shouldn't I be able to buy music anonymously? Besised, what could they do? "Your Honor, I believe my computer was hacked into and somebody stole my music files."
ive it a couple years to sink in and Napster, Freenet, and Gnutella will be history...
Dream on, baby, dream on...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
If you read the spec it appears that SMDI hasn't done anything but create a bunch of acronyms. One technical detail I could gleen from the spec is that it appears they are going to try to use some type of public key cryptography to protect the stream to the portable device. Since the device identification stream has 'certificate' and 'issuing authority' fields.
Nonetheless, the protocols described in the spec are TOO weak and it looks like its subject to replay attacks all over the place. Using a CD Image would get you as many SMDI copies as you like. It is also likely that the SMDI to device stream is replayable if you record it.
These coroporate design by committee things always make me wonder about the mean intellegence of greedy corporate bastards. They can come up with acronyms all day, but try and get them to give you a decent protocol, just try it.
John
Dunno.
Watermarking of music is pretty damn hard. (ie, I can't figure out how to do it well, and I must have given it several minute's thought). You have to modify a sensitive signal in a robust and non-intrusive manner.
However, it is do able to fingerprint it; perhaps not as advanced as what was proposed here a while ago, but something with a +50% success rate (I am being precise here; statistically 50.001% would be ok). So now they'll have your player store fingerprints of every song it has played. Whenever it is connected to a network or network-nearer device, the fingerprints are forwarded (along with your uid, of course).
If this were implemented, the industry would get exactly what they wanted, and more. They could prosecute you for illegally playing a song (note the false positive allowance above -- they would have to amass a preponderance of evidence before they could persue you). They get super-valuable demographics info. They could sell you monthly or yearly subscriptions (buy all sony music for a year!). Popular consumers get rebates ('We've identified you as someone who "spreads the word" to youtr friends about great music! Come check out Columbia's newest pop sensation The Chiterlings!'), or even credit for word of mouth marketing.
They won't even have to verify every song, the system works like taxes -- they might audit you, so you are honest.
Ok, some details are hazy, but all that is needed is accuarateish tracking of individual's listening habits.
I've said it before, I'll say it again. The above is an evil scheme, but I'm fascinated enough by the implications to almost go along and implement it. I gotta admit, I may dislike big companies, but I am buyable. I'm just not cheap.
A lot of posts have pointed out that the watermarks work by using sound structures which we would not normally hear (eg subtle time shifts, masked tones, high/low frequencies etc), in order that it is preserved in D/A A/D conversions.
/exactly/ how lossy compression works. If we can't hear the watermark, there must be some lossy compression scheme which removes or changes it.
However, removing such structures is
Clearly the watermarking has been tested with the popular schemes (ATRAC, MP3 and so on). But they're not the only possible schemes. It is perfectly possible to come up with a lossy compression scheme which corrupts watermarks, without otherwise affecting the signal.
Why do I believe this? Well, because a compression scheme which does that is exactly what you would use to apply the watermark in the first place....
Its interesting that if we had an 'ideal' lossy compression algorithm, (which had an identical encoding for all sounds we would say sounded identical, and where any change to the encoded form was audible) then it would not be possible to watermark the sound.
BTW I'm interested to see how they manage to watermark John Cage's 4:13.
-Baz
The Navajo code talkers had to start making up new code words for words like airplane, aircraft carrier, etc. toward the end of the world because the Japanese could understand very much of the 'code.'
Regardless, your point still stands, it would take a phenominal code to survive a machine like Deep Crack that was built specifically to crack a given code.
Actually, I'm pretty darn sure that they do want to improve the product, it's that the product that they want to improve happens to do a bad thing. It's kind of like wanting to improve the ebola virus.
I noticed there's a time limit. It's pretty clear that the goal of this hacksdmi project is to expose weaknesses now, before the system is widely deployed and invested into. They're about to spend a lot of money on it, and now is the time for last-minute fixes, since fixing it after deployment will be much more expensive/difficult.
The Right Thing to do is to hack it as early as possible, but not inform them. Then, after the system is widely deployed, spread the hack far and wide. To encourage people to not do the Right Thing, they offer the $10k prize with the time limit. That makes the situation interesting and enables dramatic plots.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Unlikely. Once the fundamental algorithm to crack the watermark is known, generating code to implement it is trivial, and their scheme is good as dead.
No, I think they are honestly trying to create a secure watermark, or at least "prove" to the industry that they didn't bungle the encryption scheme like they did last time.
That being said, I still think it takes balls the size of minor planets to go out to the "hacker" community and ask them to help create the "perfect" leg irons that will be used in the future to enslave them... :-(
--
Your Servant, B. Baggins
The question is "Does the music industry want to collect information on anyone who might be interested in attempting to crack their copy protection scheme?" The answer to that question is an unqualified "YES". Do they have the means to compile a database on everyone who tries? Yes, they do.
I did not say that all identity checks are designed to allow someone to get you. I listed a single example - gun registration - which DOES have a hidden agenda. It is exactly for that reason that the People of the US have ALWAYS resisted gun registration.
Nice try at attempting to discredit my writing by implied character assassination - but it won't play.
Nice Matrix reference...
But seriously, speaking of gathering information, by now they have a web log chock-full of IP addresses of potential enemies.
The soundcard out/in trick does not work. However, I have already hacked SDMI's method. It's a pretty simple hack. I will be informing the engineers of my hack. I am not interested in boycotting. Why? At DefCon in Las Vegas this year, I had a great conversation with Theo de Raadt. We were discussing the existance of zero-day exploits, and his relentless efforts to beat hackers to the punch with OpenBSD. My contention at the time was that if I have written a zero-day exploit, it is my own work, for which I am the original author, and I have the right to keep it a "trade secret" of sorts by not informing the public of the vulnerability. Theo didn't even have to think about my point (I assume he had heard it many times before). He just looked at me and said "Sure, the exploit is yours, and you can do what you want with it. But why be secret? Don't you want it to get fixed? Don't you want the technology to get better?" I guess that really struck me. There are many different types of hackers out there, and you can divide them up and classify them until you are blue in the face (check out a book called "Hackers: Crime in the Digital Sublime" by Paul A. Taylor), but I like to think of hackers as primarily falling into two categories. People that like to test the limits of the technology and push the envelope of the common body of knowledge, and people who just like to get what isn't theirs in a rebellious way. Theo pointed out that if you are any good at all, you will find more vulnerabilities. You will be able to exploit those new vulnerabilities. You will advance technology further, and you will start testing again each time it progresses. On the other hand, if you aren't any good, you may want to hold on to your exploit. You may fear that you won't be able to come up with anything that clever again. You may be disappointed when the vulnerability is fixed, because you can no longer exploit it for your own purposes. I think the problem here is that some of the Linux supporters don't really want the SDMI technology to get any better. They want the technology to be weak, and they want to be able to exploit it. They want the technology to fail. I understand this mentality, but for me, that is not what hacking is about. Keep in mind, that I do not want the cash prize either (it's always good to have money, but I am not going to wait for the contest to let them know what I have found). As for the very vague and uneducated "reasons" why the author of the article is opposed to this contest (read: opposed to the technology), he's pretty far off base. The SDMI technology does not prevent you from copying files. It does not prevent you from excercising your right to reasonable private use of the art. All it does is place a digital watermark on the file that identifies it as belonging to whoever paid for it. It's like a digital name tag. This isn't an intrusive concept at all. I label all of my CDs. Granted, I do not label all of the MP3s I download from Napster, but I am not opposed to technology that would allow me to either. As for concerns that this technology is a violation of privacy (an infringement of rights that, in my mind, is absolutely not permissible under any circumstances), I just don't see it. Having an identifier on my files is not a violation of my privacy. The biggest threat to privacy I can see here is that whenever I download music, someone might be able to catalogue the music that I am interested in by tracking the music that I encode on the servers. This is not a problem with the SDMI technology. This problem exists all over. What about Amazon? Do you think that MP3.com or Napster couldn't be used for similar evils? The fact is, any time you set up an account on someone's server, and start shopping, you are running the risk of being monitored. That is where the potential for violation of privacy lies. So what is the real problem with SDMI? What is the REAL reason for wanting it to fail? We like our MP3s. We like Napster. We like violating copyright laws. I admit to downloading tons of copyrighted music from Napster (Napster tripled my day-to-day bandwidth requirements). We use Stream Ripper all the time to rip MP3s from streaming audio for our private collections. We like taking what is not ours and getting away with it. And some people fear that SDMI will make it difficult for us to do so, which is probably true. If that is the case, then you will want to hack the technology anyway. You will want to publish your hack so that you can liberate the audio warez traders as a whole. SDMI will become aware of your hack. They will fix it. What they are doing by offering this contest is avoiding the security practice that we have objected to in Microsoft products, amongst others. They are allowing the standard to be tested before it gets pushed out to tons of end users. I don't think this is WHY they are doing the contest. They are probably doing it for publicity, as many have already noted. However, a side effect is that they are actually giving people a crack at it. And I thank them for that opportunity. I want the technology to get better.
Paper Pusher
Do you count the trouble of going to the store and buying a CD into it's cost? It's the same thing as finding it on Napster, except it's harder and uses gas and more time.
How is it harder to buy a CD? You drive a few minutes to the store, such as Best Buy, and instantly find the CD you want. On Napster, it might take you anywhere from 30 minutes to a few hours to compile and download all the songs for a given CD. Even then, you're often left with missing songs or poor quality.
As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it.
That's not important. What is important is how many of those people would pay a reasonable price to download the official, high-quality MP3 album from the rightful owner. I guarantee you the anwer is: the majority.
People don't steal unless one of the following is true: (1) They have to, i.e. no means to buy, or (2) it's easier to steal something than it is to get it legally, or (3) they're a criminal.
I think it's safe to say most people are not criminals, and most people with means to access the internet are able to afford purchasing music. That means the only reason left is (2): it's easier to steal it on napster than it is to buy the CD and rip to MP3. If the music industry would make it easier to buy an album in MP3 format than it is to steal it, they will have nothing to worry about.
You must be one of those, "people are inherantly evil," guys I keep hearing about.
The glass is half full.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
Not everyone on the NEt can use Napster. There are many people who can't install a simple program without help. Do you think these people are going to download and install Napster by themselves? And if only 2 million people use Napster, I would bet money that 1,999,999 at least have downloaded pirated music. HEll, you can't find anything else on Napster. As for the actually number of users...as of the press release on July 28, there were 20 million users of Napster. And I would bet that 99.99% of them have downloaded a copyrighted MP3. You don't need to download a whole CD, you only need to download a song. It could be the single that you didn't want to buy, or the song of that soundtrack that you liked, not a complete CD. And what happens as the NEt grows? When 75% of people are on the net, how many people will be using Napster?
If your numbers were accurate, CD sales would most definitely have gone down or at the very least, stagnated. Instead, they have increased.
Otherwise you are implying that without Napster, CD sales would have soared, but with Napster they've just made a small gain due to the loss attributed to Napster?
I have an extremely hard time believing that.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
Finding the particular bugs in their system for the chance of $10k is not worth it. Anybody with the skill to do that can get standard consulting rates, which start at $200/h at the low end, which translates into at most 50h of consulting. Their offer is an insult. These companies are about to make a capital investment of billions of dollars; once the thing is on the market and the media are pressed, it cannot easily be taken back.
I think we should let them deploy the system as is rather than help them make it even more of a nuisance. Making it tougher to copy is not in the consumer's interest, and it doesn't even help the music companies (even if they think it does).
How are they going to stop me from buying songs as Chuck U. Farley, then bootlegging them to my heart's content? They will require me to pay by credit card. My credit card will become my proof of identity - the proof that I exist in the real world, at a known address, with a real door that can be kicked down. And if I lose my credit card, and my neighbour uses it to buy songs online, songs which he subsequently puts on Freenet? Oops, I'm liable. The credit card company might pay your bill when your card is stolen, but they won't go to jail for you.
We need an anonymous micro-payment system right now.
I do think that we are in for some legal beatings - we make a lot of money and people hate us. The DCMA is just the first of many punches we are going to get thrown at us. I just want everyone to understand what is going to happen to us in the near future and why; that way it won't come as quite so much of a shock.
Okay, let me get this right. You get a "bad" copy off Napster, and want to pay for a good MP3 copy. Which you then share on Napster. So the next person who downloads that song (from you) gets a perfect copy. This person then has no reason to go and pay for a "good" copy, they already have one. If the song is popular, your copy spreads like wildfire, and no one needs to buy the "good" copy, they already have it. So, how exactly does this make money for the labels?
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do.
No, they are trying to prevent people from using digital music however they see fit.
They simply cannot release the music in an unsecure format.
Why not? Encryption and SDMI will not stop piraters of music, it will only prevent regular people from easily listening to the music for which they've already paid... just like DVD.
The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?
What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.
Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.
Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.
So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
You are dead wrong.
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
This bothers me, while realisticly they are just trying to build an effectivly watermarked audio sceme, I am torn between the ability of someone to prevent "theft" of there material, and my right to have an audio format that is playable on anything I own.
Guttermouth is a really good band.
A lot of people seem to forget that the idea behind this SDMI scheme is not to stop Joe Sixpack from writing the audio to a file, or use a loopback recording scheme with his soundcard, but to be able to point the finger at him later.
Go ahead! Buy a Britney song online and download it in SDMI format. Sure, toss it in your Napster share directory! Hack away at it too, and re-record it all you want...
But when the RIAA then scans Napster files, it will be very easy to find out whose copy it is that is floating around there (providing the watermark is still discernible). You did pay for your original download with your credit card, didn't you? Who's 31337 now, when they charge a gazillion bucks in damages to you?
In a way, this is just like DeCCS: the watermark will not prevent copying, but is supposedly meant to stop piracy, while in reality pirates will circumvent it. All it will do will be limiting users choice (eg. no Linux player).
superblog.org: all your favourite blogs on o
Microsoft put Win2k on the net and we all gleefully pounded on it (for the short periods it was up). Then they released. Is it any good? No.
Same with SDMI--they don't want to improve the product, they want to prove it uncrackable. If no breaks it, that will be evidence (to a person versed in using fallacies in place of logic) that SDMI will Make Money Fast For Artists. This gives them credibility and power.
Here's my recommendation: Hack it, but good. Hack it so good it can't be fixed. For instance, connect your soundcard "out" to your "in" and record--there's no getting around that. Alternatively you could hack it so good they have to go back to the drawing board for a year or two--giving MP3 (and Ogg Vorbis!) time to spread even further. If you haven't broken the rules (why are there rules in a hacking contest?) collect the $10k. If you have broken the rules, just post the results to lower their credibility.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
The real question is "Is there such a thing as a hidden agenda?" The answer to that question depends upon your degree of awareness of evil. People who are virtually blind to evil except when it reaches the level of violent crime or officially sanctioned genocide, are likely to answer 'No." to that question. People who are more sensitive to evil are more likely to answer "Yes".
Sensitivity has its problems - it is easy to mistake noise for signal when you are sensitive. To someone who is blind to the actions of evil people - the warnings of those who are aware of the actions of evil - sound insane and paranoid. The belief is: "If I can't see it - it must not be there." It never seems to occur to such people that they just might not be able to see very well.
From your reactions to my original post I would make the guess that you are able to see only the actions of those who are not very sophisticated in their evil - and are thus obvious to almost anyone. Did it ever occur to you that there might be a class of evil people who are sophisticated enough to conceal their actions so that they become invisible to anyone who looks no deeper than the surface of events?
Most people are virtualy blind to the actions of sophisticated evil. I refuse to be labled as 'crazy' because I can see sophisticated evil. I am not crazy sir, I am just not as blind and insensitive as you are.
Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier.
A little paranoid, are we?
Yeah, I'm so sure the government would be successful in that matter. Why exactly would they want to collect the firearms of "law abiding citizens"? All that'd do is give all the power to the criminals, since they don't register their guns.
And how exactly are they going to collect these guns from these law abiding citizens? Don't you think it would be a slightly risky proposition to try and go through a town and demand all the weapons? (I.e. what are your chances of having those weapons turned against you immediately.)
Nice logic...
-thomas
"Extraordinary claims require extraordinary evidence."
"And like that
Actually, this is a bad example. A good friend of mine owns a Thompson machine gun, and it is 100% legal. He had to get a license for it, which is not possible to do for fully automatic weapons manufactured after a certain date. But, when the "ban" on fully automatic weapons went into effect, existing guns were grandfathered. Not that this invalidates your point about ex post facto, I just wanted to point out that machine guns are a bad example.
"No, it's not worthless at all. It can still be detected, but only by the people who put it there in the first place.Thus, you can't tell if a given piece of audio is watermarked, but the record companies can scan all the files on your public server and read the watermarks."
OK, but what good is that going to do them? They could already just *listen* to the song and know that it's "Oops, I did it again" (or whatever). It would only help them if it were in players, and then we could reverse-engineer it.
-Dave Turner.
Become a FSF associate member before the low #s are used
Those who do not learn from history are doomed to repeat it. By the way, the Chinese dissidents were astonished that the "People's Army" fired on them, after all, they were the people. Ask the survivors of Kent State if the National Guard's rifles were loaded.
I don't think there are very many people who believe the "We are the government" argument any longer; it might have flown in 1800, but 200 years later most people see through it.
What's worse, they're shooting themselves in the foot. The "contest" (hereafter referred to as "The Sham") runs from Sept. 15 until Oct. 7th. Why that window? Do you REALLY think that if someone is dedicated to cracking whateverthehell it is they're proposing, they'll give up after 3 weeks? Hell no - they'll pick away at it month by month until it's split wide open. Three weeks isn't going to do them a damn bit of good, IMNSHO.
Mr. Ska
To participate, just go to the website at www.hacksdmi.org after September 15, 2000 and read the public challenge agreement. If you agree to the terms, you will have until at least October 7, 2000 to do your best.
Sounds pretty useless to me. If someone wanted to really hack it, the first step would be to use multiple layers of anonymity to get access to the code, and then get 2600 or the EFF to publish it. Forget any industry-sponsored contest.
Aw, who cares, SDMI is toast anyway. Do they really think they can get everyone to abandon MP3? If so, can I have some of what they're smoking?
sulli
sulli
RTFJ.
Find a demonstratable flaw in their system, but refuse to reveal how it works until the RIAA donates $10 million to the Electronic Frontier Foundation. The publicity it would generate for the issues at stake would be worth far more than the actual money.
The original Slashdot article disappeared from the main Slashdot page while I was posting this. Hmm.
What, you mean they can't release music the way they've been doing for the last century? Hogwash. They've been packing away the millions for all that time, too. And despite widespread "piracy". It's not like digital music is new, either. We've had CD's since before a lot of /. users were born.
Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
This is also hogwash. Compressed music is a second-rate substitute for the real thing. If I were to download a track from a Napster user, I would be getting considerably less than what the owner of the original CD paid for. It would be good enough for my car or the crappy speakers on my office PC, but painfully inadequate for when I want to sit down at home at my stereo and listen. Maybe when we have the bandwidth to transfer uncompressed CDs the way MP3s are transferred now, they might have a point, but still not a very good one.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales. Downloaders of pirated MP3s would probably buy about as many CDs as they do now, or maybe less, since their exposure to new music would be reduced.
--
Proud member of the Weirdo-American community.
Hacker challenge is it? Well, ever since the fiasco with DeCSS, will us hackers listen to the SDMI, which is nothing but the RIAA's DVD-CCA? Of course not. There was no need to call for such a boycott. I don't think even the hungriest hacker, whether true open sourcer or black hat script kiddie, would even think of touching that offer with a ten-meter cattle prod. We've all seen what happened with DeCSS. Now these corporate SOB's have got the gall to ask us for our help? I say screw em.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
I have an idea!
Let's raise money to a fund, and pay more to those how are willing to keep their findings to themselves (or even better, publish them after the challenge is over, and the shit is in use?)
Ost99
---- Sig. gone.
In theory they would have to alter the sound to leave a permanent mark. If that is the case it is merely a task of identifying the mark and playing with SoundForge.
Anyway. I personally am against a boycott. The honor system for payment is not sufficient (despite Stephen King's wishes), and moving to a new media is a good thing. Help them out. Besides, I am personally rather curious at whether or not they can pull it off.
IANAL (I am not a Legislator), but it seems to me that this 'hack sdmi' challenge may be somehow applicable to RICO (RACKETEER INFLUENCED AND CORRUPT ORGANIZATIONS) statutes.
I found the definitions of RICO on the US House of Representatives' site.
The Hack SDMI effort is potentially an attempt to form a conspiracy to commit a federal offense, i.e., to crack an access control device, according to DMCA.
Further, a "pattern" of racketeering can be shown if two things are proven within ten years.
[
Just how is SDMI supposed to work? I understand (somewhat) digital watermarking, but how does that apply? It's not like I have to break the encryption or anything (like forging someone's signature)--I just have to remove it (like erasing the signature). Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't affect the sound but will destroy any watermark.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
But once you see fancy graphics in frames, as well as the phrase "shape the future", the corporate bullshit detector should go into screaming overload.
Hopefully I didn't put any [] around my words.
I got 12 in mozilla, but I had to turn all the chrome off and scroll the eleventh frame with the keyboard. 2000x1500 pixel 125 dpi display.
Couldn't you just get as many as you want by cranking up your virtual desktop resolution?
Having both the input and output of the encryption algorithim makes it a LOT easier to figure out the algorithim, for I hope obvious reasons.
Seth
$5 / month hosted VPS on linux = awesome!
Any free service like Napster is going to be flooded with junk and people trying to be clever by mislabeling files.
An organized source, controlled by somebody who cares about the contents, is worth money.
You know, there are a number of arguments that have already been stated against this hacking contest, and I am sure more arguments that will be stated against it in the future.
:)
Personally, I don't think that any of this actually matters. I don't really care whether the RIAA gains industry credibility for the SDMI - if recording companies want to use it then more power to them. I also don't care if the current SDMI implementations are 'proven' to be un-crackable during the artificially restricted cracking period of three weeks - the only thing that this will cause is more trumpet-blowing by the RIAA.
The beautiful thing about the 'net and the hacker community is that I can guarantee at least a 1000:1 ratio of 'smart, motivated hackers' to 'mediocre corporate software engineers' on this one. Whatever the RIAA end up thrusting upon the industry and the unsuspecting public, it'll end up being cracked within the month. End of story.
Let them waste cash developing this white-elephant of a protection mechanism. Whatever they spend here won't be available for them to pay lawyers with
--
The gift of death metal does not smile on the good looking.
Maybe to audiophiles, but the average person can't tell a difference between a 128bit MP3 and the CD version. I know I can't. Everyone I talk to says that MP3 is "CD quality". That certainly says to me they can't tell the difference, and if they can, it's not enough to bother them. Only audiophiles with $5000 stero setups notice or care about the difference.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales.
No, it doesn't translate into $1000 of sales, but I would bet it translates into at least 1 CD sale lost. If you download $1000 worth of music, chances are there is something in that $1000 you would have paid for if you couldn't get it for free. I wouldn't suggest it's a 1 to 1 ratio, but I would guess that there is some correlation.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
So it looks like they trick people into checking their security for them, and then don't have to give them the cash anyway. Personally, I'd like to see someone remove the watermark and not tell them how it was done. Sure, they'd be forfeiting the possible prize money, but they'd also be delaying the introduction of SDMI. Like Don Marti, I don't copy music from others. And yes, protecting my fair use copying is worth more than $10K to me anyway.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
If no one breaks SDMI during the three week period, then they will just have ammunition to say that SDMI works. End of story. Move along.
For those who think that the industry will not get their way, I have a simple answer for you: System on a Chip (SoC). Custom integrated circuits that do all the decrypting, audio decoding, D/A, etc., will be made. Once its all on a single IC chip (and this can likely be done with a bit of work right now), your rights are gone.
I doubt anyone on Slashdot has access to clean room that they could an take apart an Integrated Circuit, figure out how to disable the protections, checksumming of code, etc., and then a fabrication plant than can make enough modified ICs that they could distribute them around. Consumers have lost their rights one by one; they just have not realized it yet, nor cared.
Sorry, but the gig is up.
Make a concerted effort is made to attack the strongest watermarking algorithms, and leave the weakest alone. Maybe, just maybe, the weaker ones will get rubber-stamped as the standard and everyone will be able to enjoy fair use of media without too high of a technical hurdle.
---
How much do you get paid per diem for consulting, or for a comprehensive cryptanalyis?
$10K isn't a prize. It is a joke.
Had I broken one of their candidate schemes, I would expect a lot more for my efforts -- or I would keep it for my own later uses, just in case the DMCA is later abrogated or amended.
The issue with this software, as I understand it, is similar to the issue with DVD - ie, you can have the files, but you have to play them with the "approved" software.
Now from where I'm sitting, that means that breaking the encryption really isn't of much relevance; the issue is of making player-software available cross platform. This could be done by cracking the encryption, but lets face it: it's a whole lot easier just to reverse-engineer the player-software that is released, which is exactly what was done for DVDs.
Okay, so the powers that be don't especially like that tactic either, but in truth it's better for them too.
(Spudley Strikes Again!)
Comment removed based on user account deletion
Ok, I think it's fairly obvious how the bulk of the community feels about this idiocy. The important question though, is what are we going to do about?
I wonder if maybe we couldn't find some way to get this onto national television and let the world know what these idiots are doing. The reason why RIAA, MPAA, and other big industry conglomerates have been able to get away with things like CSS and potentially SDMI, is because the public at large doesn't know what it means, and if they do know what it is, they may not neccesarily know why they should care.
Somehow we need to get this into national press and make people aware of the potential damage these various technologies could do.
See Applied Cryptography for more discussion.
Burris
Don't make the assumption that just because most copy protection schemes have been cracked that all can be cracked.
Take encryption when the algorithm is strong enough it can't be cracked in a useful amount of time.
Most of the success we've had with cracking copy protection thus far has been due to corporate screw ups. If CSS had been a stronger algorithm it would not have been cracked in the usefull life of DVD's. Sure we're smart and good at what we do but we are also arogant.
It is my belief that we've had some sympathetic programmers that have intentionally made weak copy protection thus far. It may actually have been incompetetance but in either case it won't last forever. We have to change the way things work in government and in the way society views these things. We can't with confidence claim that we will always be able to crack *any* copy protection scheme industry tries to use. Up until now we've been dealing with incompetance and short sitedness this will not last forever.
Environmentalists are their own worst enemy. ~tricklenews.com
"If you have an mp3 player, you know what mp3's are.../snip/...you sure as heck ain't gonna buy SDMI hardware"
And what percentage of the people out there fall into that? Not enough. Sorry, but the people who are apposed to SDMI are a small percentage to the world that doesn't even know any of this crap is happening.
Not only that, but your 1cm cube idea is exactly what I'm talking about. If Sony comes out in a couple of years with two ear plugs (and that small) that hold 200GB+ of music, even I would be impressed enough to check it out. So that means through hardware obsolescence, we even lose some of the mp3 die hards.
"And if you don't buy it, Diamond sure ain't gonna want to make it anymore"
You need to check out some statistics, first. Portable mp3 player sales are miserable. It's a niche market. They're abysmally lower than projected, and are not building enough steam to withstand competition from the fully sanctioned, fully marketed SDMI solutions that will come out. And if MP3 portable sales are bad now, they're only going to get worse when SDMI comes out.
Diamond *IS* on board to make SDMI players. I am sure they'll dump the break-even MP3 players, and start making SDMI players. And the sheep out there.... they're going to buy this stuff up, without even knowing that they took the wrong stance.
"As long as we have music CD's, which we will continue to have"
New music CD's outsell ALL the old music CD's combined each week. People don't want to just play and listen to their old CD's. They'll want to buy the latest Britney Spears crap, and it'll only be in this new format. What's a teenager to do!? Buy it without blinking! Besides, it'll come with a sticker saying "Even better format" or something, and they'll be happy.
Sorry, I agree with your wishful thinking, but it is at the moment wishful. And the SDMI & Big-5 consortium is getting ready for a big BANG, and they're going to throw as much momentum as they can with this format release. They'll finally have downloadable music, kiosks as each store, SDMI hardware that comes out with new features, gizmos, posters, popup cardboard cutouts, and some Backstreet Boys Hardee's commerical or something.
And if this ball rolls long enough, then all the major hardware companies will do what is profitable --which is make hardware that is selling. And if that means SDMI only compliant hardware, then that's what they'll do to stay in business (no hardware company is going to go out of business just because it's the "right cause". Heck, they might not even believe in our cause. Money talks)
Rader
By "rights" I meant the right to use the player you want, and *not* just those chosen by some group. I also mean the right to make a backup copy (do NOT read pirating, thank you). I have an MS Office 95 disk that is no longer readable in spots, and I forgot to back it up. As a result, I do not have a copy of Office to use. I likely will *never* be able to backup Office 2025 should it ever come out. I will not be able to make mix CDs out of CDs I own by that time either.
From what I've seen, the average person does not care enough to act. If the media makes it sound great (and all news media boils down to about five companies in the US), people will jump on it. Slashdot is a prime example; people complain, but how many letters to legislatures have been written by the users here? If even ten percent of Slashdot's readership actually took action, changes to society likely would happen. But only one-thousandth of Slashdot's population likely does anything on any issue posted here one way or another. The rest just write here, and take no action in the real world. Remember there is a *real* world out there, and not just the virtual one of the Internet.
It used to be anyone could build a piece of hardware, including stereos and televisions. Heathkit used to be in this business. However, hardware quickly got too complicated for the average user to build. Now, we are moving to the point that the average engineer can't build a compatible product without paying $$$ in license fees and agreeing to non-disclosure agreements with restrictions on what the resulting product can and can not do. This is where the line has to drawn.
Why don't you go take another look at what 'fair use' means? Then consider what SMDI is going to do to it. Then you can come back and rejoin the conversation.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
this contest sounds similar to a thing the LA Police dept did a while back. They invited a bunch of gangsters to come showcase their grafitti art and then arrested them when they matched the one on canvas with the ones on the street. its kind of like the microsoft hack our 2k contest too. these things are fishy.
--
|-_-| . o O ( bEef!)
hackhacksdmi.org. (Still available at this writing!) :-)
It doesn't matter how hard you work to encrypt something, a way to decode it will very likely be found.
Sure, there are exceptions. For example, during WWII, the US forces code was never cracked by the germans or the japanese. Why? Because even if they DID crack the code, all of the people who were responsible for sending and recieving the encrypted messages were using Navajo in the messages.
But since computers don't speak Navajo, but in ones and zeroes, such a thing is not possible.
And more importantly, I'm missing the point of this encryption. As i've got a very strong feeling that CD's aren't going to just disappear in at least the next 20 years, you can't encrypt the CD tracks without making all of the older CD players obsolete.
Of course, I could be horribly wrong. I'm pretty damn good at that sometimes.
Vorro
---------------------------
A wise man speaks because he has something to say.
A foolish man speaks because he has to say something.
____________________________
What did the Buddhist say to the hot dog vendor?
"Make me one with everything."
I've heard that referred to as "audiojacking". Frankly, I don't see this as a credible solution to the problem: transmitting the signal over an 1/8 inch stereo cable represents conversion to an analog signal, with concomitant signal degredation.
Granted, you only have to do this once to get it into a different audio format. Granted, the signal degredation on that one pass is liable to be pretty minor, espeically given good connections and a short, high-quality cable. But I'm an anal bastard and it bugs me. So there. :)
As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do. They are trying to make music available online, and to make it secure. They simply cannot release the music in an unsecure format. The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing). So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
Therefore, this is a cracking contest, not a hacking contest.
Whether or not it could be cracked in a contest wouldn't prove whether it could be cracked in real life (indeed, I believe that there is no such thing as an uncrackable cipher) but I'm glad people are boycotting this. The reason I'm glad is because it is a public show of contempt for the content industry, and I'm glad it's getting a lot of press.
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Salon's article on this clearly implies this is a big ol' PR stunt.
What the cracking community needs to do is to be very vocal on it's non-participation in this 'event' instead of silently ignoring it. Anyone up for DoNotHackSDMI.org?
This is not the way to build a lasting empire.
There is always a demonstrable flaw.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I hereby promise I will not submit any code or algorithms to the contest. And I swear, it's not because I don't know what the hell I'm doing. I'm boycotting, dammit!
--
This is not my sandwich.
Well, there's legally a public domain.
There's a public domain, but its content is pretty much fixed: no works will ever expire into it.
For instance, if you sign an NDA, the information you get isn't required to go into public domain. I'd love to see them try to pull that.
One word: EULA. The "you may not copy" clause does not terminate when the copyright expires (which is effectively never). And it's trivial to put a binding EULA on a CD or DVD: a seal placed over the center of the disc reads "by breaking this seal you agree to the EULA printed inside the back pages of the booklet." All rights can be contracted away.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
That is the real reason for the 'hacking contest'. Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier - so is the real purpose of this contest to allow the music industry to collect information on who is interested in trying to crack their copy protection scheme. Anything you do in this 'contest' may be used against you in a court of law at a later time and date.
later, when the record companies have poured billions into the technology, somebody will discover a flaw
Now, would that be a dedicated employee, in which case we the people will never hear about it, or will it be a hax0r who'll get lots of press and then probably be taken to court by the RIAA?
Don't get me wrong, I agree with the boycott, but I wonder about what will happen when it is released and (inevitably) hacked.
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
The House Between - Original Sci-Fi Series
Any news from the site : because here it is 09:13, Sept 15 (Us&Canadian eastern time), and nothing worth the trouble is showing on http://www.hacksdmi.org/. And like someone pointed out, they have a like to their site into their own site that will create an interesting Escher-like "Recursive Frame stack fault" into you Browser.
As for the boycott : they are clearly trying to avoid a DECSS-like failure.
Maybe they have the same level of confidence for their crypto technical than for their www one ?
This shows that DECSS teached some lessons.
But like usual, thos BIG-CORPORATE-FAT--ETC guys understood the teaching the wrong way, because if their "new" system is not cracked it three weeks, it's going to be cracked in four, five... until the sun blows. And even if the crack is declared illegal their will be a part of the world whete someone will sell it, and the bootleging-vox populi will do the rest.
For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.
On the other hand, like every #$$^#@#$ marketing guys, they gave the delays, blissly disregarding the rules of the game. And like usual the requirements seems to be late.
Bu I will advise for the boycott, because their goal is not clear. Apparently they are going to put a bunch of differents technologies under public scrunity. They seemed to learn at that principle of free software : the most testers you have, the better the product. But testing FOR them will be against our interests. Let them test, and if they cannot get people competent enough to point the flaws in their systems, it means they did not deserve that.
[Pruneau
DISCLAIMER: Its long!
Basically they believe that the gaol of these hackers (if they find any) will be for the money or fame. After the three weeks they will give up and go home and never think about it again. However they are just going to end up giving these contestants a taste of flesh and they aren't going to stop. I'm just not that good with words so here are someone else's:
They are fools that think that wealth or women or strong drink or even drugs can buy the most in effort out of the soul of a man. These things offer pale pleasures compared to that which is greatest of them all, that task which demands from him more than his utmost strength, that absorbs him, bone and sinew and brain and hope and fear and dreams -- and still calls for more.
They are fools that think otherwise. No great effort was ever bought. No painting, no music, no poem, no cathedral in stone, no church, no state was ever raised into being for payment of any kind. No parthenon, no Thermopylae was ever built or fought for pay or glory; no Bukhara sacked, or China ground beneath Mongol heel, for loot or power alone. The payment for doing these things was itself the doing of them.
To wield onself -- to use oneself as a tool in one's own hand -- and so to make or break that which no one else can build or ruin -- THAT is the greatest pleasure known to man! To one who has felt the chisel in his hand and set free the angel prisoned in the marble block, or to one who has felt sword in hand and set homeless the soul that a moment before lived in the body of his mortal enemy -- to those both come alike the taste of that rare food spread only for demons or for gods."
-- Gordon R. Dickson, "Soldier Ask Not"
Go to the HackSDMI Website. Click on the link to www.hacksdmi.org, and continue recursively. The person who can get the most cascaded frames before their browser crashes wins.
Before one learns to fly, one must first learn to walk. Before one learns to develop a secure framework for digital music, one must first learn to use the target attribute.
:wq
Our friendly neighbors over at Salon have This similar article up in which they even go as far as taking a light hearted jab at slashdot not having anything about the topic matter up by they time of their posting. They also mention something about being opinionated, but thats just their opinion I'm sure.
Trying to be different, just like everyone else.
I had a poke at their website, and downloaded their "architectural specification", but it seems that they've made no decisions on what actual algorithms to use. Given that this is so, can anyone work out what the hell they're challenging us to do anyway? The lack of links from the "hacksdmi" website to detailed specs and source code is worse than suspicious: if they expect me to do their securitly analysis for so little they had best at least make it easy for me.
--
Xenu loves you!
What's the point of boycotting the contest. S, somewhere, will hack SDMI (mayeb some 15-year old kid in the Netherlands), as part of the contest or just for fun/challenge. Even if SDMI revises the standard, someone will hack that too, and its DeCSS all over again. I say we should *all* try to hack SDMI, and every other fascist copy protection scheme out there. Not just so information can be free, but to show the idiots that come up with these things (and the even bigger idiots that trust them) how futile the effort is. The simple fact is, if I have data on my machine, I can do whatever I want with that data. Period. It may not be legal, it may not be easy, but there is always a way to crack copy protection, and only by continually defeat these schemes can we fight against them.
---- I made the Kessel Run in under 11 parsecs.
It is far better to take SDMI, not find the holes, let them institute it, and then flood the market with the methodology to crack it, forcing them to scrap the entire project and walk away with egg on thier faces.
This is not the way to build a lasting empire.
Bruce Schneier made a pretty good argument argument against cracking contests, in general, in one of his Cryto-Grams. In particular, he notes that "Contest prizes are rarely good incentives.... Taken at a conservative $125 an hour for a competent cryptanalyst, a $10K prize pays for two weeks of work." The contest runs three weeks, and you only get paid if you win. Of course, the contest isn't targeted at "competent cryptanalysts," but isn't that a point worth making?
If you're looking for more ammo for a Slashdot post ridiculing a cracking contest (did I say that out loud?), Bruce links to commentary by Gene Spafford in Electronic CIPHER.
In the off-chance that SDMI does create a file format that is not hackable, there are things they still won't be able to get around:
.dll/.vxd that implements the Win32 WaveOut() API and writes raw audio to disk. (similar things can be done on all OS's)
1) A bogus
2) Connecting line-out to the line-in.
In fact, I'm surprised #1 doesn't exist already. Granted, these aren't true solutions because at least 1 person, somewhere, will have to buy the SDMI encrypted file and play it into the device driver.. but after that, ta-da.
Furthermore, who's to say that some hacker won't just hack the SDMI player they provide and force it to play unauthorized copies? In that scenario, they wouldn't even have to bother decoding or detecting watermarks..
Everyone reading this knows that few things in the digital domain can be considered "property". Everything is inherently copyable. Big corporations still have it in their head that there's some magical way to apply the old buy/sell model but eventually they're going to realize that it just doesn't work that way with digital content.
This is a scary fact because once that becomes common knowledge, there will be a huge corporate push to eliminate what we now call the Internet (where free exchange of data is possible via ftp, http, et all) in favor of a closely-controlled network where all transactions are monitored, and all data accounted for. Don't act surprised either - politics are owned by the company now. It might sound ridiculous (to us) to enact a law making ftp illegal. However, it makes perfect sense to a corporation.
This is why all of you should be voting for Ralph Nader in November. www.nader2000.org
How can this be done? I'm no expert on watermarking, so I'll leave that one to someone else. But, for conventional means of copy protection, I have some ideas. If you can hear it, it can be recorded. Better yet, if its digital and your sound card plays it, then its driver is being sent the raw, unencoded, unencrypted data.
How about a fake sound driver? If someone wrote a sound driver (preferably for Windows so the collective would see the impact more plainly) that acted like a regular asound driver but instead recorded the raw audio data to a file, the "protected" songs would be available in an "unprotected" form.
So, how about it? Or do you think the SDMI would just have a law passed to make all Audio Card manufacturers adhere to SDMI specs and encrypt the data down to the DAC?
Jesus H. Christ. Faking the DLL or making an analog copy WILL NOT REMOVE THE WATERMARK. Obviously you didn't read the article, or you would know that the goal of the challenge is not to make a copy of the song but to remove the watermark. By these methods, the watermark will remain in glorious stereo sound. Try again.