Slashdot Mirror
Set Digital Music Free
The latest issue of EFF's newsletter covers the HackSDMI challenge. Probably not surprisingly, they're urging the same thing as Don Marti, who Salon interviewed.Update: 09/19 3:33 PM by michael : The RIAA, EFF, and 2600.com debated SDMI on Pacifica radio today.
As I submitted earlier, Don Marti has stepped down from the boycott. Hopefully it will get posted on Slashdot soon.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Hmm.. Now how many of you think that they would pay the 10,000? I imagine any talented programmer would have the intelligence to recognize that the phrase "you may earn up to $10,000." includes the amount $0.
How difficult would it be for them to say that your crack broke one of their 'rules'?
air and light and time and space
Because maybe they could have created an effective one if people had helped, rather than just rant about how it wouldn't be effective? Why not help them, and really prove that it can't be done, rather than batten down the hatches and say "i don't want to see it be done, so i'm not gonna do anything except break it once it arrives".
Everyone gets down on companies for not doing peer review around here, so when some finally do come forward and ask for assistance, they're refused... It's almost childish.
If you really want to set out and show that it wont' be effective, or can't be effective, sit down with them now and demonstrate it to that effect. Who know's maybe they'll listen and realize that they're embarking on a fruitless quest, if that's what the case turns out to be.
I am rather partial to this editoral myself.
~~ What's stopping you?
They're so close. They're starting to realize that hackers are valuable, but they've forgotten that hackers aren't stupid. Stand together on this, maybe we can embarrass them just like the poor FBI's been embarrassed by no Uni rubber-stamping Carnivore.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
The goal is to have no eyeballs look at this until it is ratified. This increases our chance that once they force this down everyone's throats someone can find a hole.
Remember, if the system is really secure there isn't much we as hackers can do. 128 bit encryption is 128 bit encryption, and baring major advances is unbreakable to hackers. Let the music industry get a strangle hold on the people with a new standard and there isn't much we can do to lossen it technologicaly.
Of course there is the other way to look at this: help make this standard as secure as possibal. Then keep reminging people that you used to be able to copy music for your own purposes, and legally you still can. When people get mad congress does listen, and they can force the industry to release the ability for everyone to take advantage of fair use. Grass roots politics is where things get done in the US, so join a political party that mostly thinks like you, and get things done. (It doesn't have to be the republicrats, but a major party gives you a better shot of getting your canidate elected in exchange for some lesser issues going against you)
OK, you may be boycotting them, but according to hacksdmi's website, some of the test files are 50 MB. So even if you are boycotting, go ahead and download the files, there's nothing like a good ol' slashdotting'. Besides, it'll make them think that people are interested.
Here is an alternative view on this whole affair.
Read this article on Register
Though it seems like flamebait, some of the points seem valid
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Extract the watermark, don't extract it. It really doesn't matter.
Yesterday's Forrester report on the new Nomad reiterates the commonly held view that SDMI is irrelevant:
"SDMI is too late to make a difference. Net users see access to free music as a key benefit of digitally downloading music. While the Jukebox is hardware-ready to support SDMI -- the security rules developed by the music industry's Secure Digital Music Initiative -- owners will ignore secure, paid-for music downloads and opt for the free version."
I don't have any problem paying for music, but I am going to continue to rip my CD's to use the unrestricted MP3 file format, rather than use watermarked SDMI files. Flexibility and convenience is very important to me as a music consumer. And there will always be music players for unrestricted formats.
Corby
They are of course going to publish the encryption method so we can add SMDI into our current favorite music players (XMMS, etc.)...right? :-)
-Pete
Soccer Goal Plans
Why do we need "secure digital music"?
CDs and MP3 files seem to do just a fine job of handling my music needs, there seems to be nothing missing.
Would this initiative secure funding for the artists, or offer new capabilities for the listeners that don't currently exist?
Would this allow me to secure my music by getting access to it if the media it came on was damaged?
How does this guarantee my right to fair use under existing copyright laws?
--Mike--
No matter what the results of this challenge, the industry would never admit that it can't be done. If technical means can not accomplish it, then they will employ strongarm legal tactics. Either way, personal freedoms will bow to corporate interests.
Or a well known hacker group!
Their avarice shows their stupidity. This is twice as nonsense compared to brute-force hacking for testing crypto security.
And if you want to crack RIIA's crypto for fame, wait till it is widely used, then crack it and get fame ;)
What would that prove? That the evil hacker(sic) types are bad and nasty and want to make life difficult for the RIAA?
Guess what? They know that already.
DDoS isn't going to do anything except make our reputation *worse*. What we need to do is boycott the challenge, and be very, very vocal about *WHY* we are boycotting the challenge -- not that we can't do it, but that we won't do their dirty work for them until and unless they decide that it's time to play nice.
"RFC 882: We put the . in
As I always tell people, never trust the Zeed. What they report is usually unconfirmed, hearsay, or even untrue rumors.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
From the click-thru: "Who Can Participate? The SDMI Public Challenge is open to everyone except that a proponent of a particular technology (and the proponent's present and former employees) or any person who has obtained confidential information under a confidentiality agreement applicable to a particular technology may not participate in the SDMI Public Challenge for such technology."
In other words, security through obscurity. End of story.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Lately I've been thinking that we're drawing the lines for battle in the wrong places. Perhaps there SHOULD be a secure format that can be used for things like limited listening. I know we all cringe about self-destroying CDs and the like, but really it could be a great method of exposure -- 2 listens, and the disc is done, and then you can buy a PERMANENT CD. That might be an agreeable setup, material waste aside. A limited download might be used to accomplish the same thing. You can play it n times, but then you have to buy. Sort of like the trial period/limited number of times kind of shareware (which has a place, even if it's non-free).
Now, I think most of us fear that if secure initiatives come out:
1) they WON'T be used wisely. We might be forced to pay per every viewing/listening/reading.
2) that it will somehow be made illegal and/or very difficult to freely view/distribute stuff you actually have the rights to.
It seems to me that #1 is possible, but that if we start fighting the battle from the other end (#2),
we might be able to make a lot more headway with conservative policy makers AND preserve the freedoms that are truly important. Remember, the GPL doesn't stop Intellectual Property from existing under the law, and make everything free. It (and other free licences) just makes Free Software possible.
We are fighting the battle for #2 in a number of places (DeCSS I think falls in this category), but we're also wasting a lot of time on #1. Given a chance, I think secure initiatives might find a fair place next to free alternatives.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
So if CueCat did this, they wouldn't have to give out any money because everyone and they dog figured out how to break it, right? Has anyone tried XOR SDMI?
I'm a bit disappointed by the reaction of all the big guys in the hacker community. Did they actually read the challenge? You can get to try to break their stuff with almost total privacy (all but your IP address), and you don't have to give up any of your rights if you don't want the money.
Also, you don't give them expertise, as nothing forces you to explain how you hacked their stuff if you did.
Whether you like the idea that SDMI are trying to implement or not, a public challenge is always a good thing. And they are actually giving up a rather convenient and powerful way to test their algorithms...
Finally, the best way to prevent SDMI from existing is certainly to undertake their challenge and to break the schemes. Otherwise, they'll implement it, and maybe it will be broken afterward, but bypassing it then may involve more complicated legal issues...
You could break it and ask for 100.000 or more instead of 10.000 of their change.
It is needed desperately, they would have to pay you! Crack, get a lawyer, get em' pay a fair price. ;)
This is NOT a nonprofit organization helping citizens, but a front of huge multi-billion dollar corporations.
If you don't want to read the click-through license agreement, just use this URL:
http://hacksdmi.org/hackDownload.asp
I'm not sure if the agreement prevents me from telling others how to circumvent it, but I don't really care that much.
Have a nice day.
-----
This was a brilliant troll.
I salute you.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
They never said one thing that was backed up by any evidence, or even a real world example. They just basically called us nerds and tried to piss a bunch of people off!
I don't even think the author of that article actually has read any of the comments made in the Linux Journal. If he did, he would understand why some people might be offended by SDMI. The least he could do is act like anyone else besides him has a point.
It took almost two years to crack CSS, and that was only because Xing didn't encrypt their keys (BTW, did Xing ever get in trouble for this?)
If the "crack SDMI" goes on for 3, 6, 9 months, even a year, without being cracked, it doesn't prove anything. There is no such thing as an uncrackable algorithm. The Germans thought Enigma was uncrackable, they were wrong. The MPAA thought CSS was uncrackable, and they were wrong. Now the RIAA is trying to build anther "uncrackable" code. And they're going to find out in a year, two years, 5 years, whatever, that they're dead wrong as well. The best that the RIAA can hope for is making the encryption such that it can't be cracked brute-force by today's computers. How long have CDs been around? 20 years or so? How far has computing technology gone in that time? Will computers sometime during the life of SDMI be enough to do a brute-force attack against SDMI? I'd wager yes.
They aughta go read "Applied Cryptography" and just give up. SDMI is irrelevant, CD-Audio will take years to catch on. MP3 is here, working, popular, and sufficient for most users.
PS, I just proved that SDMI can (and will) be cracked. Send me my $10k.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
Since presumably they consider all participants as "music thieves" or potential thieves, I wonder if they will make a detailed anaylsis of their server logs and use that information for their purposes? Obviously, many participants will be using spoofing and similar techniques.
You shank my Jengaship!
They were trying to get people to push the McRib sandwich, so there was a contest! Every grill person was paired with a counter or window person, and whichever pair sold the most would get a 50 dollar bonus.
Of course, most of the pairings were over different shifts, so the people would never even MEET, which made it hard to give a rat's ass...and removed any incentive for the person on the grill to hurry things along.
Then there's the big issue (where it's similar to this one)...is all the extra effort really worth it for something like $2.50? (50 dollars divided by the number of groups...since as a grill person you'd have no way of knowing how the person you were paired with was doing) Especially when you KNOW the sponsor of this little competition is getting MUCH, MUCH more out of it than they're putting in?
In this case it's billions (maybe?) rather than hundreds of dollars.
And they aren't dealing with a bunch of high-school dropouts and retards (presumably).
By that time, OggVorbis should be ready for primetime and maybe animated PNGs (MNGs is it?) streamable and GPL'd in Mozilla... Sweet digital freedom =) maybe.
Otherwise, they may get products to market real soon and upgrade shipping nomads and rios etc. with shrinkwrapped crippleware. It might be simply better to crack it and open the method (DeSDMI?) after it's adopted but it could do some damage to further prolong their ability to compete while reevaluating new security schemes and not selling new devices. That's what I thinq anyway. TTFN.
-*BBC*PipTigger
whoa -- it's my understanding (perhaps, MISunderstanding, uh, sorta inattentive.) from the Pacifica interview, that they intend to include this format in a CD-type form, and to release SDMI readers -- meaning if the copy protection is impenetrable, eventually, you won't have any CDs to rip from.
of course, given processor power evolution, etc, etc, and the time it will take to introduce YET ANOTHER music format, it will probably be pretty damn moot by then.
fisfhcuekr.
perhaps this is straying from the topic a little, but i think it address the underlying problem here. Seems to me everyone is caught up in the idea of having the government and corportations take away their rights online, but whats really going on here? Does everyone really think that the rampant trading of mp3s is legal? Its one thing to compare it to making a copy of a CD or tape. But the truth is everyone is really just getting albums and their favorite songs for free, and wants to keep them, no pay. Whats really going on isn't right, the current system may suck, but that does mean two wrongs make a right.
In never made any sense to me why aol would even bother with winamp, until I read this from an older article on Salon .
Our platform talks to players that are written by partner companies like RealNetworks through Universal Music Group and now Winamp through America Online, which serves up music to consumers.
All of this SDMI is useless is no software mp3 players support it. So AOL (now AOL/Time Warner) owns the most popular method chosen to listen to mp3's so they can put in whatever they want. If the music industry (Universal Music Group, and TW) didn't have control of the software this SDMI would be useless.
But don't they see that anyone can write an MP3 Player???
"I do not go believe comes out therefrom that I will concentrate on always more special zones."
--Linus To
Release your material in MP3 and other open formats.
I think our friends @ Fraunhofer might have something to say about just how FREE (gratis & libre) our MP3s are. Lets remember our friends at Ogg Vorbis and what is really free.
**"and other" implies that MP3 *is* open. So spare yourself the poor argument that I misunderstood them.
This post is wrong for so many reasons...
Basically, the objection is that once someone shows them how to break it, they`ll fix it and run another challenge until no-one can crack it, then they`ll go with that, and there`ll be no way to use the music outside of their strict guidelines.
Better to ignore them, let them release it, then write a quick converter to mp3 or whatever.
Go to the EFF page mentioned in the article and check it out.
Anyone thought about hacking the HackSDMI website? Maybe change the index file to something talking about the boycott and laying down the real reason that they want SDMI to become popular...
Of course, I'm just putting this out there as an idea... I don't condone it one bit! No siree!
-- Dr. Eldarion --
!noitincoger emos gnitteg yllanif m'I, woW
--
--
This space left intentionally blank.
Assuming you could get the numbers, how about a "CD double-burning rally": as a public act of disobedience, set up a number of CD burners. Make copies (in open format) for anyone who shows up with a blank CD and a copy of any CD they might own. They can then throw the original in a nice bonfire (or not). People who have already made their own burns can just show up to flash their heinously illegal copies (snigger) in the face of Big Business and/or have an original platter roast.
You've got to admit, it's the sort of protest that gets eyeballs in local media.
-TBHiX-
until after it's a standard (and it's too late to change) before we break it ...... (evil grin :-)
Warning, I've found that you can't daisy chain more than 4 of these CD dongles without losing control of your printer... playlists out the windows!
Because you can't, you won't, and you don't stop...
Okay, let's see here: SDMI want me to test the strength of their proposed security measures, measures on which the entire future of the music industry's electronic offerings will be based. An industry that earned over $16 billion in profits last year.
...And they're only offering me $10,000. And they want me to do it "on spec".
How very typical of the music industry. What cheap bastards.
Tell you what, SDMI: Crank the prize offering by at least three orders of magnitude, and we'll talk...
Schwab
Editor, A1-AAA AmeriCaptions
Tools of the industry, wake up and realize that the RIAA is simply trying to solicit free labor to help bulletproof their encryption scheme.
More importantly, consider this. You know that cool new Nomad Jukebox from Creative Labs? The one that has a 6GB drive in it? It supports the SDMI-format. Great, right?
No.
Last summer I found a media composite from Sony Records. For those of you who don't know, a composite basically gathers articles from several sources into a single volume, the results of which are delivered to executives. There was an interesting article from Billboard, I think it was.
It seems that the SDMI group met last year and decided on certain resolutions regarding the implementation of the SDMI scheme. Of interest is a plan on how to enfore SDMI acceptance on to those of us who decide to stick with our existing players (e.g. WinAmp, MS-MP, XMSS, etc).
The plan is this: SDMI-enabled players are distributed out to surpass their existing versions. The MP3 decoders are time-stamped to expire (aka shutdown) on a set date, after which only SDMI will be supported. Nice, eh? They actually agreed to this.
I am salivating all over myself for the Nomad Jukebox, but I am not about to drop $400-500 without knowing if, in fact, the player does not support this type of initiative *and* that Creative will not subsequently release a bios patch that would render mp3 unplayable.
I will dig up the article (if I can find it - my office is like a 10'x10' version of Beirut in Springtime) and post it here.
- Ryosen
(haven't gotten a p/w yet, so this post is put in as anon)
So. They're asking us to try and break the encryption used to protect a work. And they're offering to pay for it. Isn't that requesting an act illegal act under the DMCA? And isn't soliciting a crime, especially for payment, itself a crime? And of course emailing them an exploit would be trafficking in a circumvention device. Call the cops immediately.
-D
ok so are they trying to own all methods of cracking before its released?
how clear cut of a case would MPAA have if they already owned DeCSS? DeSDMI would have to be COMPLETELY different from all the submittions during this test period.
and they are giving us ( not me but the rest of /.) 3 weeks ?!?! how long was DeCSS in the making?`
one last statment, as soon as there are software players out there cracking SDMI will be 10000x easier.
rev
doesn't understand what it going on here. The point of the contest is to make SDMI more secure before it's released. Why would we want to help them? We want them to release it, so we can crack it later. Duh! It is not "macho talk".
How stupid...
Sticking feathers up your butt does not make you a chicken - Tyler Durden
My friend with moderate windows programming experence was able to write a windows sound card driver that was a disk writer. all it did was recive sound from windows applications like it was a sound card and write 44.1 kHz pcm sound (similar effect as winamps diskwriter output). This could be easily be converted to a mp3. Unlike with DVDs where such a driver cant be written, sound card drivers are so simple that anyone can write one. so the bottem line is that any digital music that makes its ways to users in 44.1 kHz can easily be converted to wavs. and the whole idea of encreption and earmarking is pointless.
In the early days of the U.S., only works written in the U.S. were covered by copyright laws. Thus, publishers could freely publish works written in other countries--even if they were covered by copyright in their original countries. Foreign authors/publishers frequently complained that this was piracy, to no avail.
Never take moderation advice from sigs, including this one.
The EFF is afraid that the RIAA is going to introduce a cryptosystem that prevents anything and everything. That's not what this is. I downloaded the samples, it's just watermarking. The WAV files play fine in Windows Media Player and QuickTime... The EFF seems to be filled with just as many conspiracy theorists as slashdot.
And onto another tangent, which started this thread. If it's just not feasible, then there's no point in not helping just to prove that point. If it is feasible and you just don't want to help, say so... the original poster said somehting to the effect of "it can't work, so let's just sit back and break it once it arrives". If it CAN'T work, prove it. If you're afraid it can work, then say so...
And again, look at what they're supplying. WAV files whose watermarks should hold all the way down to encoding with a 64 kbps encoder. Maybe you might want to look at this, or else you'll spend the rest of your life listening to 56 kbps mp3's, if you think that SDMI will actually work in the end.
Germany: The speed limit laws and strict driver training directly affected the type of automobile produced in that country. To this day the Germans have raised personal high-speed transportation to an art form.
USA: Federal law (until recently) allowed any person to monitor ANY radio transmission (except in the commission of a crime). This meant that if you wanted to you could/can monitor aircraft, cell phones (until recently), TV's, HAM radios and various other radio transmissions. There was no ban (until recently) on what type of radio receivers were sold in the US, unlike other countries. This has lead to the US being the leader in spread spectrum and other technologies designed to foil eavesdropping.
What technologies will these new laws spawn?
If the code IS broken quickly then the company will have 3 choices, develop stronger crypto (making crypto a technology and area of study that has more funds pumped into it) Drop the idea because it doesn't make business sense, or ask congress to pass laws to restrict use (which spawns lots of jobs for lawyers). Perhaps the public at large needs to not be asleep on the job and let their elected GOVT official know how they feel on an important issue instead of just ranting in news groups?
Crack the code, Crack it fast- Cracking the code puts the ball firmly back in the big bad companies hands. Make sure your govt rep knows how you feel about CURRENT laws , and pressure on congress is an affective way to get a law repealed. Anyone want to set up a PAC? Lets go buy a few Senators
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
This may be "way out there" but I am fairly certain I have found a nice easy way to remove the watermark from Technology A...
.wav files...
.wav file
I downloaded the 58meg ZIP file (target at windoze users maybe?)
It contained a README.txt and 3
samp1a.wav:
"clean" un-watermarked 2 minute sample of music (Clean is relative here, as this sample was obviously encoded from a record.. lots of scratchy noise)
samp2a.wav:
watermarked version of samp1a.wav
Analysis of these samples in Sound Forge shows minor differences in the wave forms. The "watermarked" sample is slighty distorted. This distortion is inaudible, but at a fairly high "zoom" setting it is visible.
samp3a.wav:
Watermarked "test sample" Not so noisy 2 minute recording of some rock-n-roll
The goal is to remove the watermark from samp3a.wav and have the resulting sample be of no worse quality than a 64bit MP3.
Method used:
I simply used bladenc to convert samp3a.wav to an MP3 (128bit)
I then used XMMS's "Disk Writer Plugin" to convert the MP3 back to a
Comparison of samp3a.wav and my "hacked" samp3a.wav in Sound Forge shows that my "hacked" sample has a VERY smooth waveform. The "watermarked" sample, in comparison, is VERY noisy. There is a MUCH larger difference between the two then there was between samp1a and samp2a
Is the "watermark" still there? I doubt it. The waveforms are DRAMATICALLY different.
Of course, it "MIGHT" still be there, and since SDMI is not making a "checker" publically available, I can't find out without uploading the "hacked" sample to their site for them to analyze. Of course, that "feature" won't be available till tomorrow, and even when it DOES become available, I won't bother. Anyone with the software to do a "diff" between the two files wanna contact me? It is VERY obvious that the "processed" (->mp3->wav) sample is MUCH different (wave-form wise) than the "watermarked" version, but I guess the watermark might still be hiding in there somewhere.
It would actually surprise me if a simple procedure like this can defeate Technology A... but then again, why not? Tech A may be a "worst of class" method designed to lure us into thinking SDMI will be easily defeated.
Anyway, I will be downloading the rest of the Technologies and submitting them to various tests...
The most interesting thing so far is that the "watermarked" music is still playable in XMMS... so as long as they don't make XMMS illegal, this watermarking will be useless anyway...
As I see it, helping with this effort would be agreeing to the music industry's "right" to keep people from engaging in fair use of recordings they have bought.
If the DVD-CCA said "dear hacker community, please help us make it possible for people not do anything with DVD's but watch them on a DVD-CCA licensed player", how many people would go for it?
This is not much different. But most people have their price. Maybe $10k is enough to overcome conscience on this one.
-------------
-------------
The truth is out th- oh, wait, here it is...
One of my favourite artists and IMO, one of the most innovative musicians around, Kevin Moore (of Dream Theater) has recently released the entire first Chroma Key album, Dead Air For Radios as MP3s on MP3.com.
Chroma Key is absolutely fantastic music to code (or anything else) by, and Mr Moore's independant label is called (grin) Fight Evil.
I'm sure there's someone who will find this news useful.
ÐÆ
|>
Here be Dragons
If you can legally register to vote in the United States, do so now!
Vote against the parties who promoted and passed by acclaimation or voice vote the Digital Millenium Copyright Act. Vote against their candidates for the Presidency, Vice Presidency, Senate, and House of Representatives.
Email each candidate, telling them why they lost your vote. Repeat until either the DMCA is repealed or the candidate repudiates the DMCA. Repeat in the next election, and the next, until the candidates nominated repudiate the DMCA.
If your state has passed UCITA, react the same way at the local level.
If no candidates are available opposing UCITA and the DMCA, valid write-ins or appropriately blank ballots serve nicely as protests. Vote only for anti-UCITA and/or anti-DMCA candidates. Vote Libertarian, Socialist, Green, or Moster Raving Looney, but vote anti-DMCA/anti-UCITA.
It's not impossible that there are more of us than we think, let alone what they think.
.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
Quite the contrary. By poking holes in the SDMI in its early stages, we help make it more ironclad for when it is actually rolled out. By hacking it now, you're not getting egg on their face. You're not making them look dumb. Even if it's really easy and the hacker who breaks it says "Ha ha, silly people, can't make a strong algorithm to save their lives" and all his/her hacker buddies laugh at the SDMI, they have fundamentally made the algorithm stronger, because the consortium will immediately plug the hole that was used to crack it. And one gloating hacker gets some money, and the rest of us get stuck with a stronger algorithm in the hands of oppressive corporations.
Corporations don't need our help. Statistically, the odds of any one hacker being the first to break it are very low. So basically, everyone but that one person who is lucky enough to win is donating his or her time to a bunch of bloated media giants to help them make CDs more expensive and harder to listen to in the future. Some deal.
I'd prefer to see the SDMI consortium triumphantly deploy their new "unbreakable" system, and then have it hacked and go belly up and get recalled a week later. That, and not public outcry, will convince corporate policymakers and possibly some lawmakers that the whole thing is a bunch of bunk. Angry shouting people on slashdot go away... big losses in non-recoverable engineering costs don't.
Please, let's not think that all people suggesting boycots are whiners saying that "it would be too easy" or "$10,000 isn't enough". Anyone who tries to hack the SDMI before it is rolled out is implicitly endorsing it and making a real contribution to its cause. Don't!
If you look at this cNet article, you'll find that Forrester Research has announced that the DCMA is doomed in their attempts at blocking Free Music.
Will in Seattle
1) Download software.
2) Attempt to hack it.
3) Regardless of whether you succeed or not, pick a number between 0 and 9 at random. If you picked 0, make an announcement that you have succeeded, but that you will not release the extracted key or how it was obtained, in protest of the fact that they want to use SDMI to undermine fair use rights.
4) If you really did succeed, publish the correct key through some anonymous channel, such as freenet. Do not associate your name with this in any way; try to find a truly anonymous way to let other hackers know about it.
5) Once someone has found the key, do not stop trying to break it (they may close the hole that was used, even if nobody tells them about it), but you can add an extra piece to step 3: pick another number between 0 and 10, and if you pick 0 include the key in your announcement, or better yet, mail the key directly to the contest organizers and announce that you have done so. They have no way to tell whether you legitimately cracked it or not, and if enough people do this, they don't even know who to go after to find the person who really did crack it.
How's that?
Stuart.
The DigitalContent Political Action Committee is dedicated to asserting the rights of individuals to copy and exchange copyrighted content for personal, non-profit usage. Please visit our website to find out how to help.
DigitalContent PAC
OliverWillis.Com
An Operative with an Agenda
Haven't looked at all the testfiles yet, but it would appear that these guys don't have any idea what they're doing. On the first two pairs at least, what they're doing appears to be _highly_ non-magic; just some steganography on the low bit of some of the words in the RIFF data to encode the '4C 12-bit watermark' (sdmi.org has a couple helpful PDFs on this topic). (Oh, and they've modified the header so as to violate the RIFF WAVE spec, but let's ignore that for the moment.) First sample is a very simple repeating pattern (fun trick: load up both files in the hex editor of your choice and hold down the 'diff' key; watch the same pattern flash over and over...) with some extra crap at the end of the file (after the RIFF data -- haven't figured out what that's for yet); second one, same deal, though the pattern is less obvious (perhaps driven by the data itself?). Either way, trunc off that extra crap after the RIFF data (this may require editing the 'length' field in the header), retoggle the bits they toggled, and go about your business. Can't figure out the pattern? -- spin a little dithering on (fewer than half the words are modified in either case I've examined, so shouldn't take more than .25 bits of dither to toggle half the bits they toggled and get a statistical Shannon-Weaver victory), game over with marginal data loss. Or trunc off the extra crap, _don't_ dither and encode to .mp3; Frauenhofer@128kbps is about .25 bits damaging to the low bit IIRC.
I think the boycott is already working; clearly there isn't much going in the way of technical skill over there... *g*
Anyone have any luck with the 'additional technologies' yet?
Even better: crack SDMI, and DON'T tell them! Don't even tell the people you were able to do it. Let them think it's perfect and unbreakable. Wait for it to catch on, due to its backing by every big evil corporate giant.
Wait a month or so...
*poof* Hey look eveybody, here's a crack for SDMI, music is free again! By this time, SDMI has become so pervasively embedded in everything that the music industry is kinda stuck with it, and by golly, it's cracked too!
If you call for a boycott so that a group of N people refrain from perfoming act X and any one person from the group of N could anonymously carry out X on his or her own then a boycott can't work. It's pretty obvious really. All that will happen is that the $10,000 will go to someone who doesn't care about the boycott.
--
-- SIGFPE
I sent SDMI a mail explaining my concerns immediately after the prev. /.-article. Please, all of you, consider doing the same!
--The knowledge that you are an idiot, is what distinguishes you from one.
Here's a quote from their click-through license agreement.
(1) you will not be permitted to disclose any information about the details of the attack to any other party,
They're just going to buy the silence of everyone who does, then they'll be able to say that the hole they discovered is closed (because everyone who could exploit it has and has been payed off). Worse than that though, it'll enable them to sue these people for breach of contract for ever talking about anything related to digital music, encryption, watermarking, or anything else they they take offense to. Kiss your right to participate in Slashdot discussions goodbye, unless of course you're prepared to toe the SDMI-party line.
The RIAA and MPAA are all cheats, thieves and liars. Bah, why do they bother, their usual method of bribing all the politicians and judges has carried them this far.
Just a few notes.
CSS is encryption. You can speak of 'cracking' it in order to access the encrypted data.
SDMI is not encryption. It is a watermark. (SDMI does claim that some of the "Phase 2" technologies are not watermarks, but whatever they are calling it, the functionality would seem to be necessarily similar in concept.)
The SDMI challenge is not to decrypt music, the SDMI challenge is to remove the watermark.
However, having said that, 'crack' is such a good word, I will use it hereafter to mean 'removing the screening technology from the music file.'
SDMI has previously announced that the watermark is inaudible, and can survive transfer from PCM to frequency-band-based compression like MP3 and even to analog.
However, the samples for download are not watermarked with the current Verance "Phase 1" technology, but with contenders for the "Phase 2" technology.
There are samples both with and without the watermark, so comparing the two samples and statistically analyzing the differences would seem like the clear place to start.
It seems to me like there are several things that the hacker community could do to really poke SDMI in the eye with a sharp stick:
1) Crack their Phase 2 screener, tell them $10K isn't nearly enough, and have them fly you in to discuss your terms.
2) Crack their Phase 2 screener, and don't tell them about it until the Phase 2 "trigger" comes out in CDs. Then tell the world how to crack it.
3) Those are both hard. Note that SDMI doesn't provide any tools so that we can determine for ourselves whether we have cracked the screener. Instead, they ask us to upload the files with the screener removed to their site. You have gigs and gigs of audio samples. What are you waiting for? Start uploading!
Chris Owens
San Carlos, CA
With the only feedback from their watermark extraction being essentially non real-time and not allowing for experimentation all this is is a PR stunt.
In the real world I assume we will have access to their actual hardware, sure it will still be a black box (security through obscurity, they should hope they manage to keep it obscure a little better than the DVD consortium though) but it will allow realtime feedback to trial methods of removing the watermark. If they allow you to upload a sample and give you near realtime feedback on wether the watermark could still be detected it would be a powerfull way to test their algorithms (of course they would be sensitive to DOS attacks that way). What they have is a pathetically weak one, which prooves next to nothing about how well they will do in the wild.
I believe that the film and music industry do have a right to protect their intellectual property and those of their artists. At the same time I do feel that the record and film industry is over stepping their boundary when they ask all work to be protected, no matter its use or its time frame. I believe it is about time that the people of the USA stand up and protect their rights by requesting an anti-trust law suit against these guys. These guys are not above the law!
If any of you guys are paranoid about the government, then just wait until the MPAA and friends get what they want - the government will the last thing you will be worrying about.
Jumpstart the tartan drive.
The samples they have available for downloading contain both a watermarked and clean copy of the content.
"Two of the samples in a triplet contain the same music, where one is encoded with a digital watermark and the other is a clean, unmarked version of the same music."
Chris Owens
San Carlos, CA
Does anyone know if any of the old B&W films have moved into the public domain. Calculating when they were made they should certainly be available without copyright! I think this is something that should be mentioned in most arguments when showing the real motives of the film industry.
OFF-TOPIC!!! I know.
Jumpstart the tartan drive.
The solution to SDMI is to eventually design your own SDMI player which just re-encodes the digital stream into mp3.
The best way to go about this (that I can think of) is to take one of Creative's upcoming SDMI-enabled digital speaker systems, and hack into it. Somewhere in there is going to be a D-to-A converter. Tap the digital lines, record the stream, do a nice D-to-D conversion to get it into a digital format you like (IE, WAV) and then mp3 encode it.
I'm sure there will be other (similar) devices which will be similarly easy to exploit in this way. It will require some hardware, but the new device should be pretty easy to use. You should make it interface to a bidirectional parallel port, which has plenty of speed for this application.
If you do this, and make it a point to get all the SDMI-"protected" music you can, and then re-encode it in an open format (mp3, ogg, DivX, I don't care) and redistribute, you can cost them all loads of money, which is the first, last, and only thing they're going to listen to. They're corporations, folks. They exist to make money. Work on that assumption and you can do some damage.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What I don't understand is, no matter what the format is, something EVENTUALLY has to convert it to a readable format to send to your audio card, so why couldn't anyone just read that data and re-encode it anyway they want?
The best thing you can do against SDMI is to support an open alternative like OggVorbis. The music will be realsed in what ever has the largest market share. If SDMI gets > 50% of the market sales then it will win. The best thing you can do is put you money where your mouth is and make sure an user friendly (friendly as in doen't limit the user) format gains most of the market.
Leknor
http://Leknor.com
Leknor
http://Leknor.com
"So many idiots, so few comets"
The encryption algorithm will be a trade secret; otherwise, anyone could write an open-source program that leaks the cleartext. Not acceptable.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
Go to the download page of the HackSDMI website directly without going throught the click through link agreement page. This way you don't have to agree to anything to download the files (there isn't any warning or EULA on the download page).
Please note, I myself did NOT use the clickthrough to get to this page, or to find its address.
-Adam
Sometimes its good to stop and think, unless you're thinking, "Why am I crossing a freeway?"
I wonder that we aren't seeing more discussion/speculation as to the outright legality of the SDMI.
Whether or not it is technically feasible is beside the point. Is it legal? A couple of points to consider:
1. Copyrights, by law, last for 17 years at which time "ownership" is "transferred" to the "Public Domain". Therefore, is it legal to wrap the copyrighted work in a format which, by virtue of encryption, renders impossible that transfer of ownership interest?
2. The concept of manufacturers and a few copyright holders working together to develop a format + playback + record mechanism, in which the copyright holders serve as "gatekeepers", granting or denying access to the technology in their own self-interest, could only be considered a pernicious form of anti-competitive restraint of trade. New artists, equipment manufacturers, etc. will be forced to pay financial tribute to the keepers of the encryption keys, and can easily be excluded from the market, simply by denying access to the recording or playback equipment. I can readily envision such collusion as standing in violation of any number of anti-trust statutes, from Sherman on down.
Lastly, I wouldn't overlook the marketability of such a system. Will consumers really "pay-per-play"? Will they spend their bucks buying systems that a five year old could see was meant from the outset to soak the maximum amount of money from their pockets? What's in it for them? Why would Joe Bob go out and plunk down $200 on a new player in the first place (especially one which renders his existing music collection worthless from the outset)?
I expect the public to respond to the "new" format and equipment with a hearty "no thanks".
Are the SDMI watermarking algorithms actually copyrighted yet?
If not, somebody crack them, copyright them before the SDMI organization, and sue SDMI for trying to embed the technology in consumer electronics and software without licensing it from you.
In the USSR while Stalin ruled lititure of any sort was illegal unless it was in praise of communism, Stalin, or other approved subjects. Yet after stalin died several authors were discoverd to have written quality works for "For the desk drawer". That is they wrote books that they never expected to see the light of day because the urge to create was so strong.
SDMI and those big music companies are about to deploy billions of dollars in software, hardware, and content, and $10k is all they can cough up? If they add another three zeros to that, together with binding arbitration, we could start talking.
I think this shows us what we probably knew all along: Chiariglione is cheap. Chiariglione doesn't respect other people's work or intellectual property, he only cares about his own.
And to anybody thinking about participating in this challenge: don't sell yourself cheap.
If those Stalinistic writers had been published, they would have been killed, which is a lot like the commercial death that writers faced if they published during the French Revolution.
It's the act of publishing that requires copyright, not teh actual writing.
The HackSDMI challenge is meaningless because it doesn't provide people even with the minimal set of tools they would have once the system is deployed: thousands of recordings and software to actually test for the presence of the watermark. If SDMI were to be really secure, they would also have to disclose the watermarking method as part of the challenge.
At best, the current "challenge" can be considered a sanity test: does some MP3 encoder or MP3 setting, or Ogg Vorbis, or some other simple method break their scheme?
In any case, if they want anybody who knows about this stuff to work for them, they should pay the going rate for consultants. A serious attack on SDMI by consultants would probably cost them in the millions, and they would have to pay whether the attack succeeds or not.
I hate the fact that the new windows media player, by default, has a little box checked that says, "Allow WinMedia to send information to sites you download movies from.." .20 or .10 for that matter.. either way you slice it MP3's are free once they are made.. no CD art, no reproduction cost, no CD case, no shipping or handling..
I would be about as excited to know that everytime I play a CD in my computer, or an MP3 file, that information is being sent to the RIAA (or anyone for that matter.) What exactly would be the point in surrounding an audio format in with a barrier to prevent copying? Besides what was mentioned before.. nothing is perfect. PGP isn't perfect (although it has not been cracked in some time, it WILL eventually get cracked..) And the same goes for this new audio format.. CSS got cracked, so will SDMI.
If I own a company and I invest millions of dollars in an encryption scheme, which I know will not last more than a year, maybe two, but will require a change from hardware manfacturer's to make a new encryption - I'm going to go out of business. Something tells me that 12 months is a pretty generous estimate considering the amount of hype this story has recieved.
Realistically, the RIAA should look at some different models to make money off of music. Naptser is insanely popular, even among novice users (my Dad is on Napster and he has trouble starting IE and searching Yahoo.) I would pay $5/month to use Naptser and Napter's 4 million + users would make that equivalent to approximately 500,000+ CD's.. ($15 apeice for the CD's). Napster pays the artists or the record labels a royalty and everyone is happy.
Or base it on downloads.. every song costs
However, if their intentions are to keep ALL of the pirated music off the net, well that will never happen. There will always be the squadrons for rouges for whatever reason will blatantly infringe on copyrights, just because they can. As there will always be people that download that material because it's free.
To think that someone gets paid to set there and say, "Hey let's make a new encryption scheme" is ludicris to me. I could be making a ton of money thinking up actual good ideas.. I wonder how that guy got that job... hmmm
"The same thing we do everynight Pinky, try and take over the world." - Brain
Music always has to go to analoug at some point. Any watermark/copy protection they implement can simply be bypassed by a $2.00 patch cable from Radio Shack, a simple loop back into your soundcards line in, and possibly a noise gate in the loop to filter out some of that dreaded hiss...
.MP3 or whatever...
The fact of the matter is music copyprotection methods are mute, the music has to be converted to an analoug signal at some point in the chain, at which point it can be captured and repackaged into
I think the RIAA/SDMI should be trying to promote the very artists they are claiming to "protect" instead of trying to find ways to ensure the cash keeps flowing in.
With promotion they will get revenue return through CD sales, tour sales, merchendise, whatever... but alienating the people from the music, or what they choose to do with the music is going to cause the cash flow to dry up quicker than anything.
People are fed up with the amount of control corporations have now, and I'm sure it won't stand much longer without a revolt or revolution...
"This amp is special, see all the knobs go up to 11, that means it is one louder than other amps"
Could you please point me to some music/movies/literature/TVshows that YOU have created? None? That's what I thought. Try creating some time. Learn the difference between what is "good and bad" and what you "like and dislike".
I was wondering. Although I have not downloaded the files to be tested, I notice that some of them are around 50 megs. Question... Since I am not at all familiar with the SDMI file format, can someone tell me why they are so huge? If these are just samples (not including whatever extras they add into the zip file), then what is the average file size of an entire song? Tracks ripped from a cd to .wav files usually end up around 40-60 megs each. MP3's will compress down to 10-15%. If the size of the file is much, much larger, then are they trying to use the enormous file size as a deterrent for sharing songs? If I am missing something very obvious then please let me know.
--guru
New instructions:
Go to the ClickThrough Agreement, then use the link above. Looks like they might be using cookies, or some other method which forces you to view the license page before viewing the download page.
You still don't have to click on the 'I Agree' button.
-Adam
This space for rent.
If you actually go and download the files for the contest, you won't find much. Rather than any sort of description of the watermark technology, or any software that checks for the watermark, you get three .wav files. File 1 has no watermark. File 2 is the same audio as file 1 with a watermark applied. File 3 is a different song with a watermark applied. Your "challenge" is to remove the watermark from file 3. To check the file, you have to upload it to their server, and they will send you email with the results of the check.
So, from a cryptographic point of view, this is pretty worthless. It's along the lines of the newbies who post to sci.crypt saying "I've developed a new algorythm. Here is some ciphertext, crack it!". Of course, to do any valid analysis you need to know how the algorithm works.
My guess is that either the people setting up the "contest" are pretty clueless, or they have no faith in their algorithm, or both. Or this is just a publicity stunt to reassure the record labels. My money is on the latter.
Any hacker who attacks SDMI after it's released will certainly have access to a software implementation, or the algorithm, or both. So, to leave both of those out of the "contest" just makes it a sham.
It would certainly make them wake up and realize the money they are wasting trying to take control of our music/movies/minds.
"See, we plan ahead! That way, we never have to do anything now."
So, crack it, and release the crack one day or soe after the contest is officially over. And release it to some sience magazine or so. A math/CS one would perheaps be interrested in such a thing. Then you call NY Times or something and tell them about the article and that SDMI sux. If they put DMCA against you, say that you only used the contest time (during which you where urged by the creators of the thingie to crack it), and just waited with the release... Should be fairly water-tight. And if they sue you, even the most stupid non-hacker will laught at them...
--The knowledge that you are an idiot, is what distinguishes you from one.
Doesn't this work under the (I believe incorrect) assumption that the only reason to make music in the first place is to make money? IMO, this is why most commercial music sucks, because instead of doing something interesting, they decide to tow the line, sell out and play the same crap I heard on the radio yesterday (and the day before, and the day before...)
Not all bands make music to make money or get a following. There is a thriving college music scene out there, which actually came out of the commercial alternative radio era stronger than before those stations existed (mainly ebcause awful bands like Bush were relegated to commercial alternative and were not touched by college radio at all.) I think the best example of this is the band Pavement (you may remember the one or two times MTV played "Cut Your Hair.") In the early 90s, no one knew who pavement was. They were releasing 7"s on Drag City records and recording in their drummer's recording studio. (They had a deal where the drummer, Gary Young, could be in the band if he would let Pavement's other two members--Stephen Malkmus and Spiral Stairs--record for free.) After a while Pavement got really popular and created a real buzz with people who weren't a part of the scene, and pretty soon the majors came a callin'. Gary Young, who was the quintessential music sell out begged Malkmus and Spiral Stairs to sign with a major, but they refused. In their minds, THEY were Pavement and they weren't going to let a major label compromise their artistic integrity (something that Drag City would never do.)Instead, the signed with Matador records, who was able to distribute their records better than Drag City could at the time. Later on, Matador signed a huge distro deal with Capitol records. When Pavement was offered Capitol's resources for distribution, again they refused. (And in fact, the deal sucked so bad for Matador that they eventually opted out of it as well.)
The point is, there are many bands and labels out there who don't put out music as a means of putting dinner on the table. These people have real 40 hour a week jobs and make music because they enjoy doing it. They don't want fame, adulation or monetary success...they just want to play.
So if any band complains that Napster, Gnutella, etc. is screwing them out of compensation for their "art" (*cough*Metallica*cough*) they they are SELL OUTS. Plain and simple.
Brandt
Note (at the risk of sounding like a broken, um, MP3): SDMI is toast. MP3 has already won. Unless they stop shipping CDs, and completely destroy the revenue they're trying to protect, the SDMI people are wasting their time.
sulli
sulli
RTFJ.
Disagree - taxes are not the answer (more taxes are NEVER the answer.) What we need is a way to pay the artists that we like to listen to. If I downloaded something, didn't like it and immediately deleted it, I shouldn't be required to pay for it. On the other hand, it is in the listener's interest to support an artist they like, so the artist will create more. Payment should be voluntary, and equitable to what is gained, and only the listener can make that decision. Have you ever purchased an album to find that the only song you like on the entire thing is the one you bought it for? Why should you pay for the entire album? With downloads you could pick and choose, paying only for those you decide to keep. Maybe have a central site where you can make the payment, the entire amount going to the artist and the listener deciding the value.
Don't just complain - DO something about it!
And there's always the trick of having a soundcard driver that saves the audio stream to the harddrive.
No. SDMI requires that there be no way to get a digital cleartext out of an encrypted file. For example, all Microsoft Digital Rights Management sound card drivers disable all digital outputs (card outputs, write to file, or a fake waveIn) when an SDMI clip is being played. If a sound card driver driver is not digitally signed by Microsoft and rated MS-DRM compliant, it has no access to the Secure Audio Path and will play silence instead of music.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
The parent is an important post that deserves to be moderated up.
2) Start a
3) Play music.
4) Trim
I win. Give me my money.
___
A requirement of creativity is that it contributes
to change. Creativity keeps the creator alive.
___
I'm an exhibit on the mounted animal nature trail.
SDMI-enabled players are distributed out to surpass their existing versions. The MP3 decoders are time-stamped to expire (aka shutdown) on a set date, after which only SDMI will be supported. Nice, eh?
If that's true (probably not), you'll just see Winamp replaced with "WinMMS" (a port of XMMS) with hardly a hiccup.
Oh, BTW, if you can dig up a link to the article, mail it to me. You know how to fix up my address; bots don't.<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
It's patents that only used to last for 17 years, which was recently raised to 20. But the problems with patents pale in comparison to that of copyrights.
Copyrights, on the other hand last for 95 years with the recent adoption by the Copyright Term Extension Act, otherwise known as the Sonny Bono act (what a miserable way to remember somebody if you ask me).
What this means is that if something is copyrighted today, you or any children you might have now will not see it released into the public domain in your or their lifetimes.
And there is nothing in the law that says that they "have to" release encryption information to the public either, thus giving companies and distant heirs to the original authors a "perpetual copyright". The constitution only provides copyright to the authors for a "limited times" (exact words). It wasn't intended to provide copyright as welfare to grandchildren of authors or companies that exist forever (as copyright was intended for the author of the work only). Really, copyright law could be argued unconstitutional on that point alone. (And I can't fathom that lower court judge not throwing out the CTEA, or Kaplan, whose appointing these judges anyway? Whose payroll are they on?)
So copyright is a "temporary right". Just that congress' idea of temporary is infinity-1. Really, it is a disgraceful representation of the public interest as there can be. This stinks on so many different levels that I've never had a worse hate for congress in my life. And this is not a republican versus democrat issue either, it's a "serve and protect the publics interest" issue. Quite honestly, I don't swap MP3s and all the music I listen to is legal. But I'm starting to look for an eyepatch.
If there is one congressperosn to blame, that would have to be my own Senator Orrin Hatch. He was the one that is head of the Judiciary Commitee, and played the key role for authoring the DMCA. If you read the congressional record on the DMCA, you get an idea of what kind of kissy fest it was for special interests. He also was the sponser of the Sonny Bono act, and he also tried to sneak a bill (by amending unrelated legislation) to extend the life of patents for drug companies. As if seniors can't afford their medication already. What a disgrace of representation for the public. His record is a complete and thorough shame in this area. I would ask all fellow Utahns to recognize this and vote him out of office on this iszsue alone. If he can't represent your interests here, do you think he is going to represent your interests in other places??? Oh yes, his recent support of Napster is a complete crock. Don't think for a second that he is representing the publics' interest on this point. I really think that he is saying to himself "Napster is going down anyway, I might as well look good as the lone ranger and support it, so I can pull the wool over a few teenagers eyes, and get their vote".
On the basis of his record, that is very likely his thought process. He has got to be one of the slimiest politicians around. Talk about rolling over with his legs in the air for big money interests. He was good at one time, now he is corruption personified.
This is the first time in history that we are not seeing copyrights enter into the public domain. No, this is not in the public's interest. It's in the interests of the Corporations and distant heirs to copyright owners. The arguements made by Janet Reno in support of the CTEA are quite easily refuted (go to open law for more info). What a loser. You'd think she would know the constitution. Jimmy Stewarts "its a Wonderful Life" never became popular until it became public domain. And there's another story of a copyright re-hijacked. And I don't think that any music recordings have entered the public domain either, as allot of the stuff from the 1920's is still protected by copyright. (Yes, that's how ludicrous it is).
It really is putrid beyond belief. Why even have a copyright in the first place???? No, I think it is time for a constitutional amendment abolishing all copyrights. If the public are not going to get their due, why should they protect that which benifits others??
So much as encryption goes, that is a misuse of copyright to control how and when somebody uses somehing that they purchased. I would like to see copyright owners lose their copyright for doing this. There really needs to be some lawsuits in this area if for no other reason than to call attention to how the public and the constitution are being raped.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
all it did was recive sound from windows applications like it was a sound card and write 44.1 kHz pcm sound
It won't work for long. Microsoft Digital Rights Management will silence all SDMI audio going to unsigned drivers. MS will only sign a driver if it shuts off all digital waveOut capability (this includes without limitation disk writers, digital out ports on the card, and waveOut to waveIn aka SB Live What-U-Hear) when playing secure audio; only signed drivers get access to the Secure Audio Path.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
I don't think the point of this is even so much whether SDMI encryption is crackable. Certainly they want to make it as strong as possible. However, I think that the real point is that when and if it goes into use, they can make it illegal to crack it and distribute unauthorized players, just like DeCSS. And of course all authorized players will have to pay liscensing fees and and will be strictly limited in their features, i.e. binary only, no capabilities for converting to onther non-encrypted formats such as mp3, etc. Certainly anyone who values their freedom should boycot the hack contest, there's no reason to help them. In the end, though, I don't think it will matter, as long as they have the DMCA behind them. Anyone who created or distributed a hack would have to do so at the risk of prosecution.
When books burn, people are next.
fine... hack the OS.
fine... go to JAIL.
If the "hack" you are thinking of is the same one I'm thinking of, it's circumvention of SDMI, and there's still 17 USC 1201 (commonly known as DMCA) to worry about...<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
Predictably, everyone seems to have misunderstood my comment. That's probably partly due to weakness in the way it was presented, but probably partially due to Slashdot blind spots.
_I_ understand that SDMI (and any other such format) is likely to be abused by the corps. I understand that individual rights are being erased by profit hungry/control freak execs. I can see there's danger here.
But only part of the point of my post was that the technology could be used legitimately. The other part of the point was this: the battle we need to fight ISN'T that of making sure that SDMI never happens. The battle we need to fight is making sure that alternatives are available, legally and technologically. We spend WAY too much time defending Napster and other such things that are legally and ethically questionable, on the grounds that our opponents are ethically (and often legally) questionable. I think in the case of SDMI, all we have to do is make sure that alternative ways of getting music (which respect the artists) exists, and it'll win out.
In short: I'm not afraid of a future in which SDMI exists. I AM afraid of a future in which it's the only choice. We might lose that battle, however, because we're perceived as freeloaders that don't respect those who create music. We need to work more actively on implementing systems that can compete with what SDMI claims it can accomplish, but without the greed and draconian restrictions.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
What's wrong with selling out? If I can do something I enjoy and get paid for it, then hey, sign me up! (incidentally, I do software engineering, but dear God, I do hate computers) Just because someone does something for free, or with no expectation of compensation, doesn't mean they're better. "Art" and profit are not orthogonal.
Eric ze Kidder
But SDMI is NOT a form of buying music, as it eliminates (intends to) fair use and copyright expiry, and violates the First Sale doctrine. So 1984 is late and overbudget, they'd still like to get there.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
I just listened to the Pacifica radio broadcast.
The EFF representative was impressively ineffective in putting forth a cogent and forceful point. It was embarrasing. And it made me furious, because as an independent musician, I hate what SDMI represents.
The EFF kept making the "fair use laws" argument to members of the SDMI initiative: namely, the EFF claims that SDMI is limiting consumer's fair use rights to copy music, and that the RIAA is strong-arming music device manufacturers into using their protocol.
First, SDMI does NOT seek to limit lawful copies of a piece of music. If you have the original CD, you can make as many copies of that original CD as you want. (You can only make three copies of a first-generation copy.) That's a little like it was in the old days of casettes -- after two generations, they didn't sound good enough to bother with anyway.
Second, to say that the RIAA is "strong arming" manufacturers into making devices that only play SDMI music is to ignore the history of recording media. Since its inception, music copyright owners and music playback device manufacturers have worked together. Why? Profitability. It doesn't do much good to make an eight track player anymore; no one releases eight tracks (well, almost no one.) In the same way, if all music released by the RIAA is SDMI-compliant, then (since the RIAA owns the bulk of the music) the only profitable players will be SDMI compliant.
What is bothersome to me about SDMI, then?
First: the RIAA wants to sanction players for this new format. Just like DeCSS, if the RIAA didn't make a player for linux, then users won't be able to listen to music they want. That isn't violation of fair use laws -- that's thwarting market competition and controlling access.
Second: As an independent musician, I hate the thought of having to SDMI-tag my music just to make it work on most players. Now, the RIAA claims that SDMI players will play non-SDMI-tagged music... but do you believe that? (Hint: look to DVDs for the answer.)
If I buy a DVD, can I watch only the third chapter, every time I play the DVD? ... No. You're going to see the freakin intro whether you like it or not.
If I like track 2, but I don't like that annoying bit where she does that thing with her voice, can I edit it out on a 2nd gen copy? ... Yes.
on SDMI or DVD? ... you can't be serious.
Here's a simple one that DVD got right, but SDMI probably won't: "I fully intend to overplay this song like a bad top 40 station. My CD will play at home, in my car, and at work. Will the SDMI standard include inter-operability?" ... Nope. You're at the mercy of the manufacturer. (1)
Etc. Etc. Etc.
This SDMI really is sounding as dumb as divx.
And if they want us to believe that they are doing all of this just to protect the rights of the artitsts, they obviously haven't figured out that they are no longer talking to a bunch of webtv addicts.
(1) http://slashdot.org/askslash dot/00/02/02/1124200.shtml
It seems to me that any SDMI-type technology really is doomed.
Even with "Secure Digital Path" techniques, ensuring that sound cards disable any form of digital out when playing secure music (and leaving aside the problems of such a system) I would be perfectly happy with the quality of music I would obtain from running a gold-plated top quality shielded cable from the analogue output into an analogue input. Of a suitable decent quality soundcard of course. (Possibly of a different soundcard, in case they decide to disable all recording when playing secure music. I have two computers, though, so no big deal.)
If I can hear it on my headphones, I can record it. And in sufficient quality to keep me happy.
I can only see two possible problems:
1. If the sound is watermarked somehow in a way which survives DAC and ADC, then I might have difficulties. I doubt that this is feasible.
2. If the record industry find a way to deliver the music directly to my brain they can avoid any analogue stage altogether. Presumably they would also then delete the memory of listening to the music from my head, otherwise that would be unauthorised duplication...
All that said, SDMI should be fought for the principles of fair use that it violates.
-type2
Post the information on a server in a country which doesn't have an analogue to the DCMA, and let the wackiness ensue.
-jon
Remember Amalek.
The 15 year old CD is obsolete (not selling well enough and no one is making anything selling $40 players/0.20 media) and it's time to change to a new superior recording media, DVD. Yes, DVD promises to be smaller cheaper and more secure. Just imagine being able to fit two conventional CD's worth of music in your shirt pocket. With the new MSNet players, you can play that music for just pennies a second or download new and exciting music from your local radio station for equally trivial rates. No one will force you to move to this new media, but no one will be selling CD players anymore either, so we know that you will be repurchasing your entire collection. The music scene will experience a boom unseen since everyone repurchased all of their favorite top 40 hits on CD's as their record players failed.
They have good responses to the questions posed, and concerns raised. Still, I can't get over the feeling that they are lying through their teeth. "Trust me" sounds much better when it comes from someone that I trust.
If you are modding me down because you disagree with me, use the "Flamebait" category, not the "Troll" one.
It's frustrating and enraging to watch a multi-billion dollar industry organize the creative energies of talented people for such a worthless cause. (Or at least worthless for anyone other than the major shareholders of the recording industry). Computer geeks should be doing things like "cracking" the protein folding problem or drawing up specs for some actually useful software (not SDMI specs). Perhaps one day...
Wouldn't it be fun if they developed it, marketed it, then it was declared illegal in the United States?
If you are modding me down because you disagree with me, use the "Flamebait" category, not the "Troll" one.
No watermark validation code!
What's going to break SupiDMI is someone is going to reverse engineer or get specs to the validation routine. Once you have the validation routine, it should be just a matter of time to figure out how to recode the music to make the reader think whatever you want it to think. As many others have pointed out, there is no secret here, hence it's vulnerable.
If SDMI becomes half as widespread as they say, it will just be a matter of time until just enough decode information leaks just like what happened to DeCSS.
Why not just standarize on a simple watermark and use to as an *human* enforcement tool to go after the *real crinimals* (such as Asian redistributors), instead of dreaming up scheme's like this that just won't work. Stop using technology to solve a social problem!
I find it curious that Microsoft is trying to use an active mechanism to solve the copyright enforcement problems for books, music, etc. while it has not done so for software. Instead it has used serial numbers, holograms on licenses, etc. to aid *human* enforcement....
Henry Fnord
Tools of the industry, wake up and realize that the RIAA is simply trying to solicit free labor to help bulletproof their encryption scheme.
More importantly, consider this. You know that cool new Nomad Jukebox from Creative Labs? The one that has a 6GB drive in it? It supports the SDMI-format. Great, right?
No.
Last summer I found a media composite from Sony Records. For those of you who don't know, a composite basically gathers articles from several sources into a single volume, the results of which are delivered to executives. There was an interesting article from Billboard, I think it was.
It seems that the SDMI group met last year and decided on certain resolutions regarding the implementation of the SDMI scheme. Of interest is a plan on how to enfore SDMI acceptance on to those of us who decide to stick with our existing players (e.g. WinAmp, MS-MP, XMSS, etc). The plan is this: SDMI-enabled players are distributed out to surpass their existing versions. The MP3 decoders are time-stamped to expire (aka shutdown) on a set date, after which only SDMI will be supported. Nice, eh? They actually agreed to this.
I am salivating all over myself for the Nomad Jukebox, but I am not about to drop $400-500 without knowing if, in fact, the player does not support this type of initiative *and* that Creative will not subsequently release a bios patch that would render mp3 unplayable.
I will dig up the article (if I can find it - my office is like a 10'x10' version of Beirut in Springtime) and post it here.
- Ryosen
This was originally posted by me as anonymous. I didn't have my password yet.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".
...when I explained the whole fiasco to my family...
"How many times are they going to try to get us to pay for the same thing? I won't get one of those."
Something tells me that most people share this belief.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
Whats that matter to you, mr. linux user?
If the only applications that won't play it are the ones that are expicitly designed not to play it, and with slashdotos hopes of opensource (TM) ruling the world, everyone and their grandmother will eventually be able to remove that module when they compile their next media player applet, correcto?
Matt Oppenheimer, Senior Vice President of Business and Legal Affairs for the Recording Industry Association of America.
Is he a relative of the one whose "favorite toy" destroyed millions of people?
--------------------
`Lex - Find Me Here: Text Appeal
Actually the memory sticks are white and use the "MagicGATE" technology (SDMI). I purchaced the memory stick walkman and promptly returned it within about two days due to seriously crappy music management software and just general crappiness of the system. For some reason thier VAIO MusicClip with inbuilt 64mb ram can play MP3's and Sony's ATRAC3 format (once wrapped in SDMI compliance that is). However, the MS Walkman only accepts ATRAC3 so you have to convert your MP3s to this format and thus loose a bit of quality. Overall I was very dissapointed with the software used to implement SDMI, the MS Walkman itself ROCKED, if only it would of played raw MP3's :o(
RSA is easily 'crackable', if you have the private key. The reason RSA works as encryption is that it uses two seperate keys, one to encode and one to decode, and you can't get the decoding key from the encoding key. It's worth as an encryption method is that it covers a plainly visible plaintext with a completely secret key.
This has nothing to do with SDMI, which _will_ require that a decryption key is on the media and/or on the media player. If it's a necessary part of a software player, I just have to trace that player's execution to get both the method and a key that works with that method.
Does my bum look big in this?
http://www.arancidamoeba.com /mrr/problemwithmusic.html.
Not to disagree, but even most local bands admit they have hopes of signing with a major label. The whole system needs to change.
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
The House Between - Original Sci-Fi Series
I regularly go through the rollercoaster of "this is a tragedy" to "Ah don't they see its all pointless" to "Ah the Americans and their freedoms" over the issue of the content "owners" (note the _careful_ use of owner). What we really need is a country willing to become an international pariah by saying fsck IP, fsck the industry come to my land (even remotely) and all ye want shall be free (AIS). The big corps will go apeshit but as long as the punters of that country have meat and drink what sanction can be inflicted on them, surely the income from the services that want such a place would be adequate compensation for whatever the international community sanctions. But I guess that would require the land to be free and brave. Hmmmm....
oh well one can dream :-)
"The first thing to do when you find yourself in a hole is stop digging."
Besides, I'd like to see them *enforce* it.
Two words: Jon Johansen.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
You could just give the original to someone else as a gift. You'd probably be legally obligated to destroy your backup then. You wouldn't care much because you probably were given it as a gift in the first place.
It'd piss them off for sure. Maybe they'd get a Digital Millenium Gift Act passed then to limit your ability to give people any gifts that have the word 'digital' associated with it.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Because, as everyone seems to forget, watermarking is here to track down the FIRST user who leaked the original. Works like a serial number. Who can stop me from going to the record store, buying that new Britney Spears in cash, then spread it on Napster? They got the serial. Ah. Big deal. Or maybe am I missing something?
"Of course I'm french, why d'you think I got this outttrrrageous accent?"
Well, technically DVD players are backwards compatible with CD players (I think it's a selling point), and I think the record companies are still making plenty off a CD it costs them, what, 50 cents to make when they sell it for $15...
Don't Panic...
> you get three .wav files. File 1 has no watermark. File 2 is the same audio as file 1
> with a watermark applied. File 3 is a different song with a watermark applied. Your "challenge"
> is to remove the watermark from file 3
Assuming the wavs are fairly good quality PCM, just flip half of the least significant bits on file 3. That'll probably destroy the watermark, but it won't sound any different.
Ask me if I've been required to disclose any crypto keys.
SDMI essentially claims that it can make sure that people can only listen if they've paid. So, subtract greed and you get:
A system in which artists are compensated by fans appreciative of their work at reasonable prices.
Subtract draconian restrictions and:
You have a system in which there is fair use, perhaps a little fair abuse, but that copyright respect is encouraged.
You don't want these things?
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
Is this why every Discman I buy dies after only 1.5 years on average?
sulli
RTFJ.
It is copy protection when they want it played on players that they approve only (ala DVDs). DVDs force player manufactures to disable RGB output directly to a digital capture device, but there are players that "ignore" this if special codes are used...
I think this is the major thing the SDMI is attempting to accomplish with the watermark.
"This amp is special, see all the knobs go up to 11, that means it is one louder than other amps"