Slashdot Mirror
Hack-SDMI Boycott Explored
Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.
no youre right. SDMI is audiophiles only. for people with a 5000$ stereo, that do not listen to mpeg radio, not to tv, not in the car, not to minidiscs, not to mp3 anyway. and of course not to vinyl. considering they would buy a compromised (even only in a not hearable way) file with encryption.... well. strange superflous discussion.
did you read the sdmi spec? I did. and I found some rather frightening provision : any unmarked music entering the sdmi system has to be marked as valid for only 4 working copies at a time. And so, even if some music work as no copiright att all, once it enter the system, you can no longer make as many copies as you wish.
C'net testing showed that most people can't tell the difference between 192kbit/sec MP3s and the original, and basically nobody can tell 256 kbit/sec.
...
If 256 KBits/Sec is your standard, then your standard is 5:1 compression. My standard is lossless, or 2:1 compression. You can argue one way or the other about whether the difference is noticable, but I'll point out that the difference between a 5:1 download and a 2:1 download is mostly that of convenience. Both are equally feasible, and as network speed rises and disk space prices fall every year, the difference between the two will become negligable.
Your point about sound quality is correct. For most people, there's simply no reason to download 2 1/2 times as much data, because they can't tell the difference. However
SDMI creates a brand new reason to do so that never existed before and has nothing to do with sound quality. The new reason to download 2 1/2 times as much data is because that's what will be required in order to encode the music so you can play it on your portable SDMI player, and that's a powerful incentive.
The record companies stand, poised to replace "Perfect Music Forever" with "Music, purposely degraded -- made imperfect, and technologically restricted so it isn't necessarily Forever", at the exact moment that network distribution of their former, better product, "Perfect Music Forever" -- unwatermarked files with lossless compression -- is becoming possible. This is a disasterous strategy for the music industry.
5:1 verses 2:1 illustrates why the SDMI watermarking strategy will fail. It's too little too late. It's based on the assumption that downloading a lossless digital audio file is not feasible, which is not true. It's just unnecessary -- yet. The RIAA thinks that SDMI will destroy downloadable music technology, when all it will really do is force the abandonment of lossy compression.
The legacy of this failed attempt at market control will be deliberately introduced audio distortion on future CDs. This raises a new question. What will happen when someone figures out how to remove the watermarks completely, leaving the work undistorted? How will the recording industry compete against something that sounds, or is perceived to sound better than their store-bought product, and can be downloaded for free? They are not considering the results of their strategy. They do not understand the technology. Even worse for them, they no longer understand that the quality of their product is their product. In this sense, they have completely lost their way.
- John
If you encode at 192 kbps, you'll have CD quality. Yes, the exact same quality from a CD, and that's proven. If you still think you have special ears, you can encode at 256 kbps (Studio quality). MP3s are not lossless, if you want. CD's are pretty much dead now.
n t;sleep
--
Q: How does a Unix guru have sex?
A: unzip;strip;touch;finger;mount;fsck;more;yes;umou
that's why they had the contest. When the other part of the DMCA kicks in (the 28th?) they can simply arrest everyone who submitted an entry. viola! mp3's disappear!
--
+&x
Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.
This article has it backwards. The hacker community should not participate in this contest, as it will prove to be a loss for the community as a whole. After all, if the details cannot be disclosed, they must be planning to still implement it. (If they were planning to make a new system if they defeated it, why would they want the details of breaking it hidden from public view?!)
What should happen? As mentioned before in the last time slashdot discussed it, it should be attacked, but not for the contest, and not for the money. $10,000 is a worthless sum when it would have cost them tens of millions to try to break it on their own.
But I do feel badly for the engineers who are being forced to create a lemon
perhaps the cue:?!@#%cat (whatever the hell its called) engineers were on to something. it's obviously gonna be reverse engineered, so why waste months and thousands of dollars making some fiendishly clever death device, only to be twarted by some nob with a pocket knife, a piece of string and some naval lint? fsck it - just xor/base64 it and let the lawyers take care of the rest.
I stand on the side of hacking AFTER the standard is finalized. However, in any case I don't like the evil tracking the hacksdmi.org web site does, so I now provide you with a way around it:
diddl.firehead.org/censor/hacksdm i.o rg
Yes, now YOU TOO can go get the files to be hacked, without giving them your IP address or agreeing to their stupid (and worthless) agreement!
Have a nice day.
mods: read the subject
-----
The problem is the music industry needs a different business model, give up guys, go with advertising or corporate sponsorship or something that allows the music to be distributed freely without depriving the artist of what they deserve.
The free distribution of digital media is here to stay, nothing is gonna change that.
Well, you don't understand understand watermarking correctly. The watermarking schemes used by SDMI are all spread-spectrum techniques in which the watermark is detected by correlation of the signal with the (known) watermark vector. The watermark, then, goes into every frequency, including audible ones. The idea is to make the changes in the amplitudes of the frequencies small enough you can't hear them but large enough so that, even if the signal were altered as you suggest, a correlation detector would still see the watermark.
But that's not to say that breaking watermarking schemes isn't pretty straightforward. If you can discover the key that was used to embed the watermark, then you can either (a) remove it, or (b) fake your own.
Even if you don't know the key, I claim that if the watermark is robust against frequency-domain quantization (which it needs to be for MP3) then you can still determine it by a so-called "hill-climbing" technique. As far as I can tell, there is no mathematical way around that conundrum.
I don't understand the SDMI scheme very well. Either it won't let you play songs with watermarks, or it won't let you play songs without watermarks. Either way, it's not too tough to break.
I tried to suggest my own scheme to SDMI, in which the music would be reversibly degraded and distributed for free, like shareware. It took care of many of those thorny issues about fair use, etc., but apparently it didn't leave enough control in the hands of the record companies, because they didn't go for it.
Didn't matter all that much, anyway, because my scheme could still be broken by capturing the decoded input, just like the existing one can.
Not too long ago, Scientific American ran a couple of items like this one citing Xerox, and specifically Mark Stefik on digital rights enforcement. So where's Xerox and their tech in all this?
At the Xerox site I found some references to XRML or DPRL (Digital Property Rights Language) and ContentGuard
More XRML at Oasis-Open like this item by Robin Cover.
But I don't see anything off-hand on doing the MP3 kind of thing. That would involve an extension to autonomous devices. Could be done if the devices had decent hard-to-tamper clocks.
There are other people in the same business such as NetActive
It's still not free, of course. But I'm not yet convinced that copyright is dead. I'm willing to pay for rights, but I need the real rights that I used to get, not some constrained version like SDMI.
--
Henry Troup
Yes, but the DMCA forbids reverse-engineering, or copy-protection disabling. Hmmm, I wonder whose idea that was, and how much it cost to get it into law. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The idea is to do all the copying in the digital domain. Converting to analog and then back to digital will lose sound quality. The trick is to do it in such a way that the watermarking is bypassed.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
When / if SDMI is ever deployed people are going to have access to all aspects of the technology. Being able to examine the watermaking and checking binaries, and being able to examine the same stream pre- and post- watermarking, will make the task considerably easier.
Even if it were deployed and not cracked, it's hard to see how it will gain any market share. Traditional formats take a long time to die. Most new music exists on both tape and CD, some is still on vinyl, and there will be a large market for these formats for a long time to come. Music companies use whatever formats offer a viable market. How many of these companies (and artists) will want to go all digital and lose revenue stream from traditional formats? Until then compression schemes that home users can apply are going to be where it's at...
Fear of not having access to content ?
Afraid not being able to deliver cutting edge stuff ? Fear of not having access to specifications ?Those might all be valid reasons. However, if this idea is so fsck'ed as it's presented in the article then why the hell don't they stick together and tell the contents providers where to shove it ?
Save for Sony I don't know of a content monopolist currently being bundled with a tech company.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
I'm sure the Audio Home Recording Act says something about hardware having to be honest about the copyright information.
This could be construed as a a breach of that if the hardware insists that a public domain track isn't public domain.
SDMI is supposedly watermarking the signal via inaudible frequencies, right? Check out this marketing:
SDMI: the new technology that can encode digital music data beyond the range of human hearing! Today's CD players can't match that and MP3's are a vague shadow. For quality you can't beat, use SDMI!
--
Non-meta-modded "Overrated" mods are killing Slashdot
(Hey Ryan! Here's your proof!)
Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units. AFAIKT, they haven't gotten any more clueful since then.
/.
/. If the government wants us to respect the law, it should set a better example.
i think they think they can produce players with play music securely...dont think they`ve seen the Creative recorder, in `what-i-hear` mode where it just wav`s (to coin a verb) whatever is going out the back...
"home audio equipment (probably including sound cards) will be required to respect. "
I`d like to see them `require` Linux (and other open source) drivers to respect arbitrary, foreign, protection systems.
And then SDMI players will be found on the shelves where miracouously you can turn this 'feature' off, "oops engineering left in some test menues, well, we trust our customers to simply not do this, and no, we don't know why our player sells better than any of the others out there despite it's slightly higher price". We've seen it all with DVD's and region encoding.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Wow, what a great straw man you've constructed.
When people scream bloddy murder about poor security, it's usually because they've payed money for the product that failed, and the failure results in the loss of much more money. Open security is good security, and that benefits the companies producing the products and the people buying the them.
SDMI is nothing like this, because it benefits none of us, not even the artists, only the record execs. Helping SDMI is like buying into a ponzi scheme.
And besides, you do realize that this scheme is dependant upon closed, secret, and unhackable hardware? It's broken from the start, so why waste effort trying to make it work?
--
The RIAA has no idea how good they have it, right now.
The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.
What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!
Here's why SDMI is a two-pronged suicide weapon for the RIAA:
1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.
2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.
If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?
Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.
What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.
In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.
Let's stop
working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
I've said this before and gotten flamed into oblivion for it, but I think it needs to be said again:
Something like SDMI might not be all that bad.
We in the Open Source Community have been busy with things ranging from effective (encouraging subscription models, bulding a new codec, refining street-performer-like schemes, etc) to things, um, less-effective (yelling "information wants to be free!" and defending the tactics of Napster).
What I wonder about is why we haven't sat down and thought about how we could create something that would actually allow those who so desire to have some control over the destiny of their content.
I'm not talking about Iron Clad control, which I'm sure most of the current heirarchy in the recording industry wants. Nothing "uncrackable". We don't have a foolproof copy-protection system now, and we're doing fine. What I'm thinking is copy protection that is:
1) just strong enough to encourage Joe Average off the street to buy rather than make copies
2) allows fair use afterwards
#1, of course, has to be done in conjunction with a pricing structure and preview system that will support it. #1 is just an extra push to encourage the consumer to support an artist.
So, why not? And please don't say "but the artists won't see any of their money. The evil record companies will take it all." For those who go through record companies, that's probably true. But there will be some who won't....
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
They're spending their hard(ly) earned money developing SDMI watermarks they know will be broken when commerically released. If this turns out to be true, they will lose much much more in the cost of producing compliant products and paying for the "license" to implement it. So if the solution chosen is extremely easy to circumvent, they lose money much quicker than if a relatively difficult to break solution is chosen.
Bottom line, they don't care whether it's dropped or not - they just don't want to spend/lose too much because of it. Whether it's dropped or extremely robust, they come out as winners. If the latter, the RIAA wins too. But in only the former would consumers benefit. Make no mistake, they're looking for you to save them money, that's all.
I AM, therefore I THINK!
Not to be paranoid, but they _would_ say that, wouldn't they? Maybe they're just trying to drum up support. But boycotting it until it's properly released and _then_ hacking it is much more amusing than joining in the RIAA's silly $10,000 buck contest. Talk about tightfisted too, would a decent programmer get out of bed for that amount of cash?
If i understand the watermarking correctly, it is based on the fact that some parts (frequencies?) of the audio signal are inaudible to human listeners, so a watermark signal there wouldn't degrade the sound. Isn't it quite trivial to generate some noise/random signals at the *modulated* frequencies *of* the watermark signal, or just read the watermark signal, invert it and put it back? What am i missing?
--
That should be from the we-want-to-post-something-bashing-SDMI-but-nothin
--
I agree, we should still boycott the hack SDMI contest. I want to see the SDMI implemented and then hacked 2 hours after the first watermarked CDs ship. Then the record compaines will be stuck with a watermarking scheme that doesn't work, and may give up with the whole idea of watermarking/secure music files. If they decide to continue with SDMI, then it'll be easy to hack and not much will change, at least for the next few years.
Their music sounds like watermarks anyway.
Maybe removing the data, leaving silence would be an improvement.
In fact, why not incorporate watermarks into all music from now on?
Okay, admittedly, all of us would really like to see the record company fall on its own sword and ruin itself by releasing the "perfect" distribution system for music online, having some hardware manufacturers go full-steam and produce products, the record industry puts out their songs, THEN it is cracked.
That, by the way, is why the hardware groups oppose it. They know it is going to die because it won't work. They want it proven before they spend incredible amounts of time and money engineering and producing a dead product.
Now, if I were to crack it before they are committed, they have a chance to put another solution in place. I really doubt that if someone produced the magic bullet that kills watermarking that the RIAA will say, "Okay. We're not going to protect our music." They'll just come up with something else.
By hacking later, it also buys time. And it also destroys the RIAA's reputation so when they're working on a "second solution", their sphere of influence will be diminished. And in the mean time, you'll get access to all the watermarked songs they've released.
Hack now? No thank you. But I do feel badly for the engineers who are being forced to create a lemon.
Watch that decimal point move to the right.
Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units.
Yeah, but Divx offered $2.00 movie rentals, and you (technically) didn't have to return the movie when you were done. However, Divx didn't really offer any of the benefits of DVD (multiple aspect ratios, etc). Dibx was a brand-new high tech product marketed towards the "couch potatoe" masses. SDMI seems to be heading down the same path. Even if you have a halfway decent CD player you have NO reason to invest in a new player, especially if the new player only gives you the abilty to play SDMI music.
-This sig intentionally left blank
All the serious hi-fi nutters I know reckon that CD quality isn't good enough, and that transitor amplifiers are insufficiently linear. It's got to be vinyl and valves!
you can copy a CD to a minidisc through a digital connection.
You can't copy that Mini Disc to another minidisc digitally (you can anaolog thouhgh duh.)
However there is a box they sell in japan which claims to remove the copy management. Your supposed to run the output through a fiber into the box and it removes the protection system. They say it also removes track marks, labels etc.
You can't prevent copying. period. You can only hope that people act a little responsibly.
they're just trying to make it harder to prevent piracy from becoming too rampant.
Will it have to work through analog conversions? I`m sure cutting out a very thin band of frequencies would be one way of id`ing a protected track. Thats what an earlier proposal for copy-protecting suggested. Cant remember the frequencies offhand, but you could hear the difference. The idea was that so could the DAT recorders of the time, and they`d refuse to record the incoming signal.
I have this mental image of a bunch of RIAA executives being flown to a nice resort hotel, gathering in the conference room, listening to a full-blown multimedia presentation on their new Copy Resistant Audio Protection[tm] system, watching the techs wheel in the prototype and start it up... and hearing something that makes Thomas Edison's wax-cylinder phonograph sound like top-of-the-line Bang & Olufsen.
/.
/. If the government wants us to respect the law, it should set a better example.
And..you only need to go digital->analog->digital once. Once you get it back into digital form (mp3 or vorbis, etc), you can then make as many perfect digital copies of the very slightly degraded (not detectable by 95% of the population.. if done properly) sound image as you like...and can send it to as many people as you like (technically, if not legally).
They could probably 'coerce' Creative to fix that, but it will be much harder with software. How easy would it be to write a program the takes the windows waveout and writes it to a file, it can be done in beos too, and even though I am not too much of a linux hacker, I know its possible there too. What's the easiest way?
Shit adds up at the bottom...
what about running the digitalout on my soundcard to the digitalin?
It will be an expensive lesson for SDMI to learn, but it is a basic fact of information theory, that you cannot securely deliver information to an individual, who does not want that information to be secure.
This is why SDMI will fail, and their "hacker challenge" is merely a cynical attempt at hyping the technology; selling it to people who don't understand these basic facts. There apparently are engineers out there - the guys who invented SDMI, and they have to SELL this technology to the RIAA, and in order to do that, they have to prove that it's secure. The real dopes here are the RIAA.
So if some hacker goes and wins the prize, you know that SDMI will not ever make it to the marketplace. Nipped in the bud. Either some new technology will come along and take it's place, and similarly fail, because the whole concept is an impossibility, OR, the RIAA will finally learn this lesson. However, greed will probably continue to be a powerful motivator, and maybe they'll figure out that "good enough" copy protection will still work to increase their profits. While they cannot 100% lock down the signal, and prevent unauthorized copying, they can make it hard enough to do, (and risky enough, by lobbying for stupidities like the DMCA), that a maximal profit curve can be obtained.
Now, if nobody comes forward, and hacks SMDI, then the RIAA suckers buy-into it, and the manufacturers buy-into it, and enormous sums of money will be invested in pushing this technology onto consumers. And we know, this will ultimately fail. Not because we hackers are proud of ourselves, not because we are commie-idealists and believe that we should be able to copy the music and that the RIAA companies shouldn't be able to control stuff and get so stinkin rich exploiting the creative spirits of our species. But because it is a fundamental fact of information theory that it just can't work. I think that most of us will derive pleasure in watching the RIAA buy into SDMI, invest in pushing the products, and watch it flop in the marketplace - and likely try again, expensively, with something else, until they give up.
Unfortunately, they wont give up. Because eventually, they're going to find a technology that, while it can be broken, it will either be prohibitively expensive (equipment, time) or risky (jail) to do so. So much so that such a small minority of people will copy, that it will not impact their profits adversely. The music distribution system will eventually reach this equilibrium point. It's an arms-race, as many have pointed out. But someday, the music just wont be worth the risk or effort. I know this, because I have copied a buttload of MP3's, but I haven't taken the time or effort to burn CDs, or buy a separate MP3 player for my car. And this is under a system where there currently is NO copy protection enforcement at all. I'm still buying CDs. A large proportion of people out there aren't anymore, I guess, but as soon as you get SDMI (or something else) out there, and start busting people for trading in unprotected copies, and copyright violations, the majority of these people will stop copying and start buying, and an equilibrium point will be reached. Two things affect this ratio of copiers-to-non-copiers, advancement of copy-protection technologies and legal enforcements, and advancements in hacking technologies. Both are going to happen. But I think what's going to work in the RIAA's favor, ultimately, is the laws they have bought. Circumvention technologies will have to compensate for that, but ultimately, it's going to probably come down to preserving the right to be anonymous on the internet (lest the FBI track you down and bust your Metallica-copying asses). If we lose that right, it's back to burning CD's and sneakernetting them with your friends. The mass-distribution element Napster brought into the game will go back out, and this is why anonymity is such an important thing for RIAA (and other "authorities") to eliminate. It will dramatically reduce the network-effects of the black-market.
So, while we concentrate on the hacking and circumvention technologies, the RIAA is using the law as a club to eliminate freedoms. My conclusion is that maybe we ought to spend some time paying a visit to the EFF website.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
From what you say, we're doing the right thing by letting them go ahead and implement SDMI. It's almost certainly not uncrackable. It will provide some protection for those who want it. It will probably be just enough of an annoyance that Joe Average will just go for a subscription music service or somesuch rather than try to make an alternative work.
NPR did a show this morning on the RIAA/Napster debate. I think that one of the best lines that came out of it was that there needs to be a public discussion about how far we really want copyright laws to go, and whether or not they've already gone too far. I think they have, and I've been saying that for a long time. I believe that if they would fix the copyright laws so that the public once again sees some return for their support of "limited" monopolies on information, then many of these problems that the entertainment and other industries are seeing would be greatly reduced. But, of course, they'll fight tooth-and-nail to prevent the public from getting copyright law changed to their perceived detriment. But, if they want a war, it looks like they'll get it.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
> Of course they want hackers to get deep inside and penetrate their carefully constructed code.
Which is really funny, 'cause when someone does crack it two days after it hits the marketplace, this is really going to make it hard for the industry to cry "IP violation" like they did with DeCSS and CluelessCat.
--
Sheesh, evil *and* a jerk. -- Jade
> I'm sure there will be programs out for copying watermarked records within half a year of the implementation
Probably even before it hits the marketplace. There have been many examples of this with "copyproof" software in the past: bootlegs available before you can even buy a legit copy.
--
Sheesh, evil *and* a jerk. -- Jade
I'm glad to see that the Salon staff is submitting articles directly. Hopefully they will then appear in a timely manner, as well as having accurate descriptions of the content, unlike other submissions seen from time to time.
BTW, I've enjoyed a variety of your articles since I started reading Salon sometime last year.
-----
D. Fischer
ShoutingMan.com
I'm a male and I acknowledge women are better than men. Not only do they not have the much impairing 'competitive real-man' nature of most alpha males (It is alpha male that exudes uber-testosterone, no?), but they are also more rational, and dynamic.
Regards
they take the example of the U.S. Government, and ask a respectable university to do a proper audit on the scheme? This way they could be absolutely certain that the code is unbreakable, and has no ill side effects...
In Murphy We Turst
Many in the open source community and the hacking community in general b*tch and moan whenever a company releases something with weak/poor encryption. When a company takes the advice of those that scream loudest, they are suddenly boycotted because there product doesn't meet the "ethos" of the hacking community.
It's nice to see that standing up for your beliefs and convictions is now a flaw.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.
"The words of the prophets are written on the Slashdot walls."
it can be done in beos too,
/dev/audio /dev/audio pir8.raw
Remarkable easily since BeOS allows drivers to use standard open() write() and close() operations
I am not too much of a linux hacker, I know its possible there too. What's the easiest way?
rm -f
ln -s
(Its not a good way and probably not a very reliable way but it will probably work to an extent)
I've got a good friend who's in the audio business. He works for one of the big organisations that will have to run with whatever is finalised on. He's also what you'd call a real enthusiast.
What he's most concerned about is that on a good audio system setup (like one that would be able to take advantage of the extra frequency response of SACD and DVD-A) is that you can notice the watermarks! Yes, the frequency response is outside the range of the human ear, but remember those debates about CD vs LP...
... well, he says he can pick the difference between watermarked and non-watermarked music because it plays with those outer frequencies.
Now, I personally don't mind THAT much if the companies develop a way of stopping Napster/MP3 etc. I buy most of my music anyway, to encode at higher bit rates. But these companies will really screw consumers if they release watermarked material... because the paying consumers will be getting inferior music in the record companies eternal fight against pirates.
Now the main theme of the technology industries is, that the hackers should help them to prove the evil record industry that watermarking doesn't work, so they (the good ones) may avoid sinking millios of dollars in a scheme that won't work anyway. The only part i can agree to is the part about the boneheaded record industry. My advice to the technology industry: if you don't want to sink millions then simply don't. Period. Create your own forum, not headed by the record industry, come up with some sensible alternative, implement it, market it, and let the record industry try to sell records without players to play them on.
And yes, the watermarks will be broken, all of them. And you know this anyway. So why bet money it won't? And i still prefer it to be broken after it was thrown on the market, so everyone participating in this silly scheme loses as much money as possible. It can't hurt enough. I mean, basically what the record industry is trying is to screw over consumers every which way they can, and to screw the artists too while they're at it. If they're boneheaded enough to go on with it, ignoring the advice they specifically asked and payed for, they should pay.
I'm sure there will be programs out for copying watermarked records within half a year of the implementation, and players for playing music stripped of watermarks or for copying music with watermarks intact will be found on the shelves probably earlier (maybe you'll have to open the player and connect two pins or somesuch, thereby voiding the guarantee, but hey, that's even better ).
So if the technology industry wants those watermarks to be hacked they should do it themselves. they've got the experts for it, they know all the weaknesses, so they surely have a headstart. They could do this pretty fast. They could even ask real money for it.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
You bet it will work and be a widely industry standard... Just like digital audio tapes and Sony Mini Disks. How many of these high priced copy protection burdoned formats do you have at your house? I have none. I do wish the industry would press some inexpensive 12 inch laser disks. That is the problem with new (encrypted DVD) formats, there is less of the good stuff.
The truth shall set you free!
If the watermarks are different for each copy (not likely in the case of a CD, but maybe for online distribution, which could be marked at time of download with the purchaser's information), all you would need is two copies of the music.
Think of the music as a carrier signal, and the watermark as the actual signal you want to isolate. With two seperate copies, you can do a differencing process on the files, leaving behind the watermark, which can then be further analysed.
I support the EFF - do you?
Reason is the Path to God - Anon
if we accept that SDMI, like any other encryption system, can be broken, then why boycott the hack-SDMI at all? even IF someone breaks SDMI for the contest and encryption is tightened, people will just break it again. and again. and again. We know this. we accept this as a fact. THEY are under the delusion that the ultimate watermarking system is still attainable.
ha ha.
there is NO WAY encryption will remain inpenetrable and the watermark remain unremovable, regardless of whether it is broken now or later. the point is, there will eventually be a crack for anything they throw at us, and the crack will be done way cheaper and quicker than all the time, money and effort the SDMI coalition will throw at it.
i think that whether it is cracked now or later is immaterial, just let them release stuff or not, i dont' care. Let them do their little encryption thing so i can get my DVD audio player sooner rather than later, and wait about 1/2 an hour after it is released for some hax0r to break whatever watermark they have dreamed up that week.
Is it true that SDMI is pronounced "sued me"?
--
Sheesh, evil *and* a jerk. -- Jade
I have a crack for SDMI, but it's just slightly too large to fit into the margin here.
--
Sheesh, evil *and* a jerk. -- Jade
But does anyone have a choice?
If the RIAA et. al. can get the DCMA passed, why not a law requring all disk players to include SDMI circuitry?
have a day,
-l
have a day,
-l
Lossy compression schemes such as Ogg Vorbis and MP3 work by removing sound that humans cannot perceive from the sound sample to improve the compression ratio.
Watermarking, on the other hand, adds sound information that human listeners supposedly will not be able to notice, but which machines will be able to detect. (And be able to perform this detection on any recording without being able to compare the watermarked stream against the original.)
These goals are in conflict. The only way that watermarks can be sure that compression technologies (including future ones) won't remove an inaudible watermark (on the basis that it won't be missed by the listener) is to design a process that uses an audible watermark. Thus, some people (hi-fi buffs, sound engineers, etc.) will be able to hear the difference between a watermarked and unwatermarked recording.
And, of course, most people will think they can hear the difference, and be unwilling to buy SDMI music.
adding a certain hash to parts of the music that we can't hear
Which are exactly the parts thrown away by compression. Just watermarking won't work; it needs to be a access-control scheme a la CSS - otherwise, why would anyone buy a SDMI player, or sell one?
you don't have to know how it works to 'hack' it. all you have to do is get acess to a couple copies of the same song and cut verry small pieces off of it a small random intervals and put the pieces together. the music wil still play good but the watermark will be all messes up. also the more copys that you mix your digital music out of the better.
I think their plan is, you will no longer (legally) be able to buy a soundcard that doesn't have this built into the hardware. And tampering with a soundcard to disable the protection will be illegal to.
Of course the existing base of soundblasters and such is not going to go away anytime soon, so I don't we have to worry about this just yet.
where there's fish, there's cats
ln -s
I wonder how many people are going to have to learn about MAKEDEV now...
where there's fish, there's cats
A guy hands you a pair of handcuffs, and says "See if you can get out of these." You twist them and break free with a smug grin.
The next day he returns with new pair, and you play the game again.
One day, you find you can't get out of them. And he walks away, leaving you bound and defeated.
Since we're all unfortunately going to have play this game, I propose a new strategy. Fein defeat at every turn. After he has expanded fortunes producing similar handcuffs for everyone else, divulge the weakness. If he persists in this game, bankrupt him.
Additionally, if the RIAA and MPAA cannot find technological measures to protect their interests, I believe that they will increasingly rely on congress. It would be a grave mistake to assume that we have better access to our congressmen than they do.
However, while the industry's resources may be vast, they are not infinite. Senators *can* be expensive, and prices do fluctuate. Hypothetically, they have to buy off a majority. After rounds three and four, after vendors are expending their own R&D budgets to comply with laws and customers/constituents are wailing, these congressmen will be considerably more expensive. Let's make certain that the cuffs are still quite loose at this point, or it will be close game.
-Hope
Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers.
....And the entertainment companies are in favor of SDMI not because they think it will work, but because they think it will screw consumers.
What was left unsaid, but that I read into it was:
I'll see your senator, and I'll raise you two judges.
The idea that a company, using a law only valid in America, will try and force any hardware manufacturers outside of America to implement something against their will is just laughable.
Those companies want to produce their own soundcards with said mechanisms are welcome to do so, and i`m sure they`ll be able to sell them cheaply and get hassle from the monopolies commision etc if they do. I dont see any other way. They can un-invent other formats, its just not going to happen.
Where I'm confused here, is how _EXACTLY_ SDMI works with regards to small labels & bands... Is there a licensing fee? Will labels need to purchase a "Watermark ID" or some such nonsense for a price that big labels can easily afford? Will hardware/software companies need to license the technology, bringing music to the bussiness-savvy proprietary DVD distro model that can hide behind the DMCA? If the SDMI can strongarm enough tech companies into requiring a watermark, they'll manage to shut up pesky small labels that have found ways to work outside their distribution channels.
I wonder how many people are going to have to learn about MAKEDEV now.
Ah. Perhaps I should have put a warning there. I guess this makes my post indirectly educational:)
Seriously, why is it necessary to make sure that SDMI is hacker proof. With the DMCA all RIAA needs is a trivial (alla rot-13) encryption scheme and any software that circumvents it would be illegal in the US.
The DMCA makes my job easier. I no longer need to worry about strong security because any attempts at bypassing my lax security is illegal. Also, any illegal information that I encrypt with a 2 character password zip file would be inadmissible in court. Isn't the DMCA wonderful!?!
This point angers me more than I can articulate.
If you think the watermarking system is fallible, break it and claim the $10,000 yourselves. To expect "the hacking community" to ride in and save your asses -- or your assets, for that matter -- is arrogance at best and cowardice at its worst.
Jay (=
Steganography can be very hard to defeat. The signal can be hidden with the same strength as a cryptographic function. It can often be harder to suss out steganography than break a cipher, including Blowfish or Rijndael.
Watermarks, on the other hand, can be defeated even if they can't be unlocked. You just act like the mongol hordes and piss all over them. Eventually you'll wipe them out. Getting rid of some watermarks is as easy as writing over the least significant bit.
In fact, it's easy to remove the watermark inserted by Adobe Photoshop. All you do is rotate 45 degrees, blur twice, sharpen twice, and then rotate back. Voila! It's gone or at least unrecognizable.
Is it just me or did everyone else here notice that the Salon article is written as if it's audience is all the poor and unfortunate technology members of the SDMI. Virtually everyone who read this article was a consumer or hacker whose interests, evidenced by all of the quotes in the article, are in DIRECT opposition to those of the tech members of SDMI.
But there's also concern that if hackers stay away in droves, perhaps one or two of the watermarks won't be broken -- in which case SDMI will steam ahead with its "proven" solution and cost the technology companies millions of dollars in implementation costs.
Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible.
I think that the author really missed the point if she feels that pointing out all of the harm that SDMI will cause the tech companies will insight us comsumers or hackers to change our view.
Or maybe dissension obliterates the consensus. Whatever the case, hackers who are sure they are doing the right thing for online distribution of music by boycotting the hack-SDMI challenge might want to consider rethinking their stance.
Completely missed the point of the boycott. Ah well.
-Cray
"I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device)."
If you take a slide photograph, and you watermark the slide, how exactly do you prevent an existing slide projector from showing the watermarked media?
Yes, we're the hardware and software manufactures, big and small (aka ipo craze) we (snif) we're being bullied for the big bad RIAA. We're wimps and can't stand up to them. We'd try, but we're also whores to the almighty dollar, so at least some of us would break the ranks. That's why we all had to join the SDMI against our (pathetic) wills. We know they're wrong, but we're so gawd damn helpless that we're sinking to new lows to feed the press a bunch of lame-ass whining that you hackers are "idiots" for not trying to break SMDI now. We obviously hold no respect for you hackers, but you're our last chance at being saved from having to spend our money to implement it. We're pissed that you're boycotting, because we know you'll break the watermarks eventually and probably after we've been forced (remember we're wimps to the RIAA) to spend our money. We really couldn't care less if consumers lose their rights or if SDMI gives up or tries something better.... we just wanna get SDMI hacked before we have to spend our money on it. That's all we care about, saving our money from implementing their won't-work watermark scheme. You hackers are idiots for not jumping in now to save our money!
PJRC: Electronic Projects, 8051 Microcontroller Tools
maybe there's some perfectly obviousl answer to this question that i'm missing, but it seems to me that if all these so-called geeks in the technology industry really want to see SDMI sink, they could just crack it themselves. I'm sure they wouldn't be eligible for the $prize, but the quotes from the interviews make it sound as if they really want to see it cracked and have a bit of a personal stake in the matter. if they could show how easy it would be to crack, as they seem to be sure it is, wouldn't that be just as good as some random hacker? of course they would have to show that an ordinary hacker and not one who already has intimate knowledge of the development of SDMI could do it. they certainly seem sure that it can be easily broken in all those qoutes, so why not prove it themselves?
i also find it interesting that everyone is so concerned about the artists. as it is, most musicians on major record labels are getting totally screwed. being that SDMI is the recording industry's baby, i really doubt that that would change.
When books burn, people are next.
> [
> somehow I get the feeling that making your customers think of you as the enemy
> is probably not the best business strategy.
Elementary game theory - "tit for tat". Treat us like the enemy for 20 years, sooner or later we're gonna wise up.
When it comes to copy-protection, it goes all the way back to the days of cassette tape (royalties on blank tape), the VCR (the Sony case), and DAT (killed the format by forcing hardware manufacturers to implement SCMS).
We've always been their enemy.
It's only been in the past six months that we've collectively woken up from 20-odd years of abuse and realized that they are our enemy.
Segue to the Katz article on virtual communities. The realization that RIAA/MPAA are not just invisible trade organizations, but are actively attacking us - indeed, that there is an "us" for them to attack - is all the evidence I need to know that there are communities. We are bound together by common ideas and goals, not accidents of geography, but it doesn't make us any less a community than our enemies, namely RIAA and the MPAA.
Filk: 2600 miles and runnin'
(Parody: NWA/Dr. Dre's "100 Miles and Runnin'")
[ ... ]
And we got ten thousand hackaz strong,
Got everybody singin' the De-CSS song,
And while you treatin' Goldstein like dirt,
Yo' whole fuckin' family wears De-CSS shirts.
Remember the good ole days of expensive software. Remember how much of it came with a dongle? Dongle on the player, dongle on the computer what's the diff? I have no dongles on my computer and I refuse to buy any player with one built in, even if it allows me to play some special content. Just like software requiring a dongle on my PC, I can vote with my pocketbook and say "no thanks". I'll use a user friendly alternitive to your dongleware and leave your stuff on the shelf.
The truth shall set you free!
=begin CONSPIRACY_THEORY
I'm wondering how this could effect "home recording" in the sense of a band using SDMI-compliant equipment to record their own music.
Maybe their ultimate plan is to take back the technology that is enabling artists to go the DYI route instead of depending on the record companies...
=end CONSPIRACY_THEORY
where there's fish, there's cats
As for this quote:
"Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible."
Yes, that's precisely the idea. We want a solution released that is fallible, and that way it will be immediately broken.
There is another reason why SDMI should be given free reign to do whatever they want without hacker interference: Let's see which companies decide to produce SDMI-compliant devices. Since they know such devices are basically breakable, and hostile to consumers, this will tell us which companies are willing to stand up for their principles and which ones aren't. After all, membership in SDMI is voluntary. Let's see which companies volunteer to stand up for the consumer, even in the face of economic pressure from the entertainment companies.
Then we'll know which equipment to buy, and which to avoid.
And then we hack SDMI...
________________
________________
Private Essayist
Oh please. Over the weekend, Slashdot linked to a Red herring reprint of a major story we did on Gnutella, and I was a little peeved that we didn't get a direct link. So i asked Rob Malda how we could avoid this, and he said there was nothing wrong with submitting stories directly. So I did.
Next time I'll be sure to mention all my connections with the piece, but anyone who knows my writing well enough to call me "a perfectly fine journalist" ought to know that I wouldn't "whore" anything to slashdot that I didn't think was fully appropriate to Slashdot readers.
Editor, Salon Business & Technology
Salon.com
B U L L S H I T !
A standard audio CD is only recorded at 41KHz, that means that the highest frequency that can be recorded onto the CD is 20.5KHz. And frankly, quite a lot of young people can hear up to 22KHz.
Have you ever heard one of those "anti-rodent audio signal generators" ?, I have and it feels like a torture.
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Philips Electronics, for one, won't be too happy to implement this. They are very successful at the moment with their home-cd recorders.
Also, they sold their record company (Phonogram) a year ago. I think they've been anticipating the division that is bound to occur between the electronic/PC-equipment manufacturers and the movie/music industry.
Sony OTOH, still is a combination of equipemnt and software company, thus they are one of the fiercest fighters for implementing restrictions in video (DVD, CSS, require all manufacturers to respect region locking etc) and audio equipment.
Boycott Sony to begin with. They are one of the most evil ones.
When the manufacturers see that they really loose marketshare if/when they give in the the recording industies demands and implement the copy restrictions, they might think twice.
Also it is good there are still countries like China that puke on western copyright & IP laws. In some years time they might be the only suppliers of free equipment. I can see a future where all western companies were forced/bribed to stop producing standard CD players for instance, and the chinese are the only ones to make them.
I must admit, you make some excellent points. :)
:)
Standing up for your beliefs is not a flaw. The problem is the dictomy of the situation. Here we have a company doing what many people in this community say should be done. That is TEST your security in an open environment. The thing that they are testing is a way for RIAA to distribute music that is NOT readily copied, which many people hate. You have to give them a nod for part A, even though you vehemently disagree with part B You can't say you stand for one thing, and then go back on it when somone you don't happen to agree with uses whatever you stand for. Many people are for freedom of speech, as long as the person speaking doesn't disagree with them. It seems some of the boycotters are in that boat.
I see your point, and in some respects agree, but the problem I see is that a company that has done nothing to earn the respect or trust of the open source community thinks they can bribe us into doing their dirty work.
I must admit that I like your analogy about free speech and am reminded of a case where a jewish attorney defended a neo-nazi group under that same right. However, that attorney should not be lambasted and criticized if he chooses not to represent that client. We have to make a choice as to what we feel is the greater harm/good, and be prepared to stand by that choice or recognize it for the mistake it may or may not prove to be.
Do you think that for ONE second, boycott or no boycott that SDMI is going to stop trying to develop this. Come on get real! SDMI is only going to change their tune when their product looses in the market place.
Using your logic and a quote from, (as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented,) it doesn't really matter if the code is cracked or not now does it. So what's the point, boycott or no boycott? As I said, I hate the idea of the "watermark", but I'm not calling for a boycott on testing the security. I AM calling for a boycott of the final product because that is the ONLY way "we" will win.
I think the real question is, "What will RIAA's response be if the watermark scheme is broken before or after it is released on the public?"
This is an answer that none of us can even begin to guess. However, I think the big unknown factor in obtaining this answer lies in the fate of the DeCSS trial. I'd hate to help create an unbreakable scheme now that it was legal to do so.
Imagine this headline "Hacker cracks SDMI watermark" followed closely by "Open Source Community provides super secure watermark" The open source water mark is used to encrypt voice communications. The licsence doesn't allow the encryption of music.
Now we have a VALID (IMHO) use for the technology! Now no one gets that voice message that starts "your mission should you choose to accept it" except for you.
I like your thinking here, and admit that the thought had never crossed my mind.
I'm thinking way past what SDMI is trying to do. The idea of a water mark isn't going to go away, no matter how much you whine. So lets find ways to put it to GOOD use, and also lets develop that in the open. If you break SDMI's code you set them back for a short while, but a short while may be all people need to develop an alternative thats acceptable to all.
Again, I like your thinking here, I'm just not certain if it is realistic or not. I suppose if the scheme was cracked and an open alternative was developed before RIAA could commision a better scheme, it could happen as you suggest. However, RIAA is not known for its logical and level headed thinking. If an open alternative was developed, would it be adopted by them? I doubt that they would adopt an open solution. For one, their paranoia about the code being readily available to pirates would prevent them from using it. What's worse is they would probably use that code to develop their own closed source alternative, but do so in a way to avoid patent and/or license restrictions.
These are just some ideas, they are not my vision of the future. People in general have to be able to look past their own ranting and see whats down the road. If you really want to change something you have to be realistic. Boycotting SDMI on your own is your business. I'd boycott the final product, I'd also stop buying books from amazon.com if they tried to sell music in that format.
I think I'd rather boycott SDMI, break it after its release, and boycott products that use it.
You mean you're not already boycotting Amazon
The whole idea of a watermark preventing copying is LAUGHABLE. How easy is it to simply use a program that grabs the audio from your sound card raw, you then write it to any format you see fit, (MP3, WAV, etc) Because something is silly and flawed doesn't mean that companies won't do it. (nee look at the ever popular beenie with a proppelor, still a hot seller!)
I agree completely, but you didn't have to insult my hat.
You bring up some good point, but in the end watermarks won't go away. The current rants are akin to standing in front of a train holding your hand out telling it to stop as it speeds down the track at 62 MPH (100kph). I prefer to dig up the tracks, and de-rail the sucker. The way to do that is to make sure that SDMI watermarked music fails in the marketplace. The only way to do that is for concerned consumers to band together and NOT buy in droves.
We're not standing on the tracks, we're just saying be careful where you derail this thing. You may end up causing more harm than good.
Unfortunately, most consumers are more concerned with keeping up with the Jones's and getting the latest, shiniest new toy than they are about their rights as a consumer until after they're locked in.
"The words of the prophets are written on the Slashdot walls."
Amen!
The only problem for some of them is, that some of their competitors (Sony) are also represented in RIAA. It's hard, when you're Onkyo to thumb your nose at RIAA when you have to compete with a competitor who is also a member of RIAA.
"The words of the prophets are written on the Slashdot walls."
Am I the only one who has noticed there has been no mention of digital distribution of SDMI music? All I have seen talk of was about making SDMI compliant CDs:
SDMI's solution was to propose a watermarking system that would be built into future CDs and read by software and hardware devices. Anyone who downloaded a pirated MP3, for example, would find that his SDMI-compliant software wouldn't read that watermark and would refuse to play the song.
The only reference to downloaded music is that which was "pirated." How the hell does this watermark bridge the gap between physical distribution and online distribution? From what I can see, all this format does is attempted to prevent you from distributing it digitally.
Someone, please tell me I'm wrong.
--
Scott Brady
Incidentially, it doesn't say that content HAS to be converted to SDMI protected format.
As I read this, if you encode your music using an SDMI application (I see no mention of hardware), the app must encode the SDMI data into the stream. Since these are likely to be proprietary formats anyway, I wouldn't worry too much. It's not likely the average MP3 player/encoder will care.I used up all my sick days, so I'm calling in dead.
It's amazing to me how the record companies, RIAA, and so on have managed to change their image in the minds of at least the "hacker" crowd. Looking at this forum in the past, I'd see an attitude of "How stupid these guys are," when something like this occured. Instead, now I see an attitude of "These guys are the enemy," which is fine in itself, but it goes to show how the record companies actions are having the effect of turning its own customers against itself.
:)
Now, I've never taken a business class or anything, but somehow I get the feeling that making your customers think of you as the enemy is probably not the best business strategy.
Rather amusing, anyway...
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I can only wonder who they will try to hold repsonsible for letting them (SDMI) release a falliable watermarkings system. Considering the millions that many stand to loose, could the hacker community be faced with some form of backlash for *NOT* breaking the watermarks, or for boycotting the challenge in general?
I realise there is no legal basis for this, and no one is actually obligated to participate, but, considering the nature of this challenge, and the average understanding of the public of this whole thing, I really worry about there being some call to arms against the community for not breaking it, and letting SDMI fall flat on it's face. I know this is far fetched, but it is an interesting "what if" none the less.
Yes, someone really opposed to this would deliberately wait until the technology is released, and a lot of money is sunk into it, before cracking it and thereby making it fail.
If I were better at code-breaking stuff, I'd be working my ass off to crack it. But I sure as hell wouldn't notify anyone involved as to my results. Not until after they've ship a whole lot of impossible-to-recall hardware.
Then I'd post the code to crack it to freshmeat.
Not only would that stop the particular instance, but it would serve as a warning to corporations that future attempts are going to be as much a waste of money as DVD encryption was.
The cake is a pie
Instead of trying to push some technology that is destined to fail, and that can be proven to be impossible to control, they should try to push e-cash. If there would be a wider acceptance of e-cash systems then they could sell the music on the net. Sure it can still be copied, but if the price/trouble for making one copy is more than it costs then they wont be copied too much. 5 years ago it costed as much to burn a CD as to buy a new audioCD so no-one almost bothered to make their own pirate copies of audio CD's.
They are insane to belive they can sell a product for less than it can be reproduces for at home. It should be obvious that making it illegal to copy music brings up the cost of making copies, where by there should at least theoretically be a proffit margin for selling music on the net.
I know this isn't popular here at /. and I'll probably receive more negative Karma for this (as I have for the whole thread, thank you moderators)
BUT You've made some excellent points as well. It's very nice to actually get some insite(sp) and thought out discussion. Also realize that my original comments were posted before 8:00 am......the thought process that produced them may have been a bit shaky! I'd have e-mail you this comment directly, but it's not in your profile.
Now to the meat of the matter
I think the real question is, "What will RIAA's response be if the watermark scheme is broken before or after it is released on the public?"
I think the response will be the same in either case, and that response will be to try again. If somone breaks the watermark 3 days after it's the official standard, so what? I'll bet those nifty SDMI boxes are upgradeable. It takes time for a new format to be accepted in the marketplace, and the recording industry has shown no problems with making your past formats obselete. I don't expect any thing new from them now.
Again, I like your thinking here, I'm just not certain if it is realistic or not
We have to try! There are 2 types of people in the world, people that bitch and moan and do nothing, and people that want to work toward a viable solution. So maybe my idea is a pipe dream. We will never know until we try, and it certainly makes the world think better of us when we ARE trying. Besides I like the idea of an Open Source watermark that is accepted by the masses whose liscence forbids encryption of music, or video or entertainment. :) Next MI film shows Tom Cruise with a his magic watch, with the pengiun logo "Your mission should you choose to accept it!" Open Source watermarked voice messages for secret agents.
I agree completely, but you didn't have to insult my hat.
So we share the same headgear, my problem is that I can't fly with it on.....yet. I still keep that dream alive.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
So if the tech companies don't like watermarking, they want people to hack it. So what's next? Does the tech industry try to get every new standard it doesn't like hacked, or will they come up with a better plan?
Are there any other similar initiatives that the tech industry actually supports that could be practical to use?
ManicHawk - Just because you're manic doesn't mean the walls aren't bouncy
Watermarking in the sense of adding a digital signal that identifies the source is also broken in the same way - garble the signal. However, true watermarking isn't that easy to remove! If you garble the signal too much, you will get music that most people actually can hear has been tampered with. I myself don't listen to mp3 or minidisc at home since I don't like the degradation (yes, both my ears and my speakers notice it ;).
For those interested in the subject, look up Steganography (cryptographic branch dealing with hiding information as "noise" in pictures, music etc).
Watermarking is steganography, and steganography works ...
it's in my head
Call me cynicall, but could it be that the people calling for the standard to be hacked have their own product which could provide the security, which will 'suddenly' appear once the competition has been cleared. Sounds like a fair investment of $10000 to me. R.
"Get a Life? Where do I FTP one from?"
Won't work.
I mean, how could such a thinly deployed layer of integrated sound be constant through analog conversions and back again? Very unlikely.Even if by some miracle they manage to create a watermarking system that is fully transparent and encrypted somehow, and manages to retain itself when converted to analogue and tampered with, there will always be programmers who can get around it. Steve Woston springs to mind, and I'm sure there are many others.
Everything is but a number spoken by itself.
"I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology -- to make sure that it doesn't work, and to make sure that it doesn't get implemented." After all, if watermarks fail, there is nothing else for SDMI to fall back on: "Not breaking it is the worst thing they can do. If they break SDMI, there will be nothing to implement."
What a way to get support, insults.
Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
"The words of the prophets are written on the Slashdot walls."
No, the solution is to start a non-profit open version of the hack SDMI contest. I read the whole agreement about what you have to do before downloading the samples, and there is no mention of keeping quiet about your hack unless you want them to __PAY__ you. So let's eliminate that motive.
I say we register something like www.openhacksdmi.org and take the same thing the RIAA would like to see kept closed and secret and publish it on the web. The author of the hack would get a PO box or it's electronic equivalent and take donations. I personally would throw in 100 bucks or so to help see the RIAA's paltry 10k extortion scheme go down in flames.. There have to be more people out there like me who would like to do _something_ to fight back against the RIAA's campaign of pillaging and raping on my civil rights.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
If I were a music pirate, I would hope that SDMI gets approved and launched, and the RIAA relies on it as its sole copy management system.
Consumers won't accept it. Demand for alternative harware will overwhelm it.
i'm sure they can do their own dirty work.
i'm still yet to see a starving major artist on the street.
the way riaa makes things out, its like metallica have to line up for soup everyday at the local ymca.
Be you Admins? nay, we are but lusers!
Im glad at least a few people seem to understand stenography here. Im hearing a lot of me-too! type technical explanations which dont seem to be based on any real knowledge. I propose that watermarking is a cool tool, but unless you completely control the user, you cannot control the audio/video content. Its really that simple.
Two possible mechanisms come immediately to mind for the watermarking of digital music/video.
First, watermarking using a private watermark. The watermark is scrabled and hidden bit by bit into the pixels or sound samples of the recording. I have seen schemes where the bits of the watermark are hidden as small random variations in the intensity of regions of the image (not per pixel, per region). While it is very hard to get rid of this type of watermark, since only the owner knows the original work and how it was altered, it is entirely useless for copy protection, since all it tells you is who the original publisher was.
Another way would be to individually watermark pieces sold to individuals to tie the works to the individual buyer. However, this exposes the watermark to another attack because you need a different watermark for each user. Thus, it becomes possible to derive the original, which would not contain a watermark.
RIAA can prevent copying if it can either a)trace piracy back to individuals that are sharing a lot of their stuff or b)prevent stuff from working after it has been copied x amount of times.
As we see above, (a) is not possible. With help from microsoft, it might be possible to somehow keep track of mp3s and prevent their copying at the file system and network layer. I say microsoft because implementing such a scheme in linux would be impossible, since i know whats in my kernel and i would never put anything like that in it. However, I can think of way way way too many ways that a windows based control scheme would not work. I leave that as an exercise to the reader.
Cheers
Perhaps there will be a variant of SDMI for totalitarian regimes that prohibits the sharing of content not signed by the authorities. The sound card maker will set the "US mode" or "China mode" by blowing the right fuse in a chip before shipping.
In the next few months, there is (perhaps...) going to be three or four major roll-outs of DRMed content in the US and Japan, and if I don't read about DeDRM on slashdot within a few days of release, I fear that Napster et al have won!
The more people get exposed to their code, the more (they hope) they'll want to use it in the future. This is great free publicity.
-- Anne Marie
I predict there will never be a need to crack SDMI. It would be almost like cracking DivX. Nobody will buy it. (Well, hardly anyone.) The industry would still need to make CDs for a long time before any new equipment is out in enough force to publish only a SDMI version of an album.
By that time I think that all the MP3 players will be way to mainstream to forget about. They almost are now.
Exactly.
I like the proposal that sure, crack SDMI. Make it public with before and after files. But don't say how it was done. This is enough to send the message that SDMI is defective and crackable but doesn't tell Big Music where to patch anything. They get to do their own dirty work. Or get a clue. Their choice.
I don't subscribe to RMS's GNUtopian vision.
I have a suggestion.
If $10,000 means little to any hackers who could break the watermark, then how about they do the following:
Try to break the system. If they are successful, they tell SDMI that they have done so, but don't tell them how it was done.
SDMI then have a choice. If they launch the system, the crack can be released. If they choose not to launch the system, then that's fine anyway.
They do have a clause on their website which says you're only allowed to attempt to crack the files on the site, and only for the period of the challenge, but I can't see anything saying that you're not allowed to distribute the crack (again, this may be covered by the DMCA).
Also, even the posibillity of a crack for SDMI may be enough to scare off recording companies.
Just a thought.
PS, IANAL.
--
--
Beauty is in the eye of the beholder... Oh, no. It's just an eyelash.
The controversy is far from resolved. It's perhaps cold comfort to audiophiles, but the always-trenchant David Chesky reminded all in attendance that record labels like his, which specialize in jazz and classical recordings, are as unlikely to use watermarking as pirates are to mass-produce copies of such labels' recordings. As he put it, the stuff that's going to be hammered hard with watermarks is so nasty that "you could mark it with a lawnmower and never hear the difference."
Another important thing to consider when comparing Divx's failure to SDMI's probable failure: ownership rights. A major complaint, even from the couch potato sect, was that the DVDs they purchased still weren't theirs to own. They couldn't be played without authorization schemes and extra payments, and it didn't feel like you had done the deed of a typical VHS/DVD: "I bought it at the store, it is now mine to do with as I please." (Even if technically we still have ownership problems with DVD content, it SEEMS to be 0wn3d to the couchers since it's a physical object that plays back like a good 'ol VHS tape. One object, one movie, one item owned.)
With SDMI, again, you don't really own it. You're renting access to it. There's no payment per playback scheme (although one could be implemented) but with all the restrictions and difficulties in trying to listen to the actual music, you're SOL. Want to play that CD in your walkman? On your computer? In your SDMI stereo? On your Dreamcast? One of the above likely is not going to work unless you've upgraded every bit of your hardware to comply. That means that in effect you do not own what you just bought and cannot use it as you please.
Say they did find a "perfect" SDMI, it would never takeoff anyhow. It is impossible to force a market to a particular outcome, no matter how you change the rules - the market always finds away around. If I was a struggling electronics company needing to improve market share, why not bang out a few whizz bang mp3 players that consumers will buy. Im sure electronic companies exist that dont even care about the record industry, as long as their players sell. Consumers are familiar with mp3, and have already made their minds up. No catch-up play will change that. The horse has bolted - and it aint coming back.
-- Cheer, Cheer, The Red and the White.
Wait a sec, correct me if I'm wrong, here, but wouldn't they be rather easy to get rid of?
Say you were ripping all your SDMI-'enhanced' (cough) CDs to MP3 format... Now, IIRC, MP3 compression works by getting rid of all the sounds that the human ear can't hear. So wouldn't this edit out the watermark? If so, all you'd have to do is rip them at the highest quality you could, then burn them back to CD... boom, no more watermarks.
-- Dr. Eldarion --
It really doesn't matter whether SDMI is hacked before or after music starts being released with either the Phase 1 or Phase 2 watermark. However, all the watermark can do is identify a track, and give some sort of guidelines of the rights the 'licensee' has. ** The whole plan hinges on software that pays attention to the watermark. ** SDMI's plan is simple: Divide and conquer. The 'big' software companies pay attention to the watermark because they are rich targets for lawsuits, plus they want to use popular (i.e. big five label) content. After the big software companies have signed up, SDMI can start going after the small players. Having a link to Gnutella on your site might make you a target! Let's get anonymous, reliable transfer and hosting for open source audio software going! Chris Owens San Carlos, CA
From what I understand, the main reason no one seems to want to hack this thing is that it really isn't a challenge. When the thing is released, there will be a need for a workmanlike tool to deal with it, and then some able programmer will do the hack, but for now, it isn't even interesting.
A society that will trade a little liberty for a little order will lose both and deserve neither. - Thomas Jefferson
just think how many of these useless "bands" would disappear from napster et al, cause it would be a little bit more difficult to put them online (rerecord via analog audio). and how many more interesting music not watermarked could pop up instead. SDMI would make the world of online music much better. once hacked nobody should use it, that would be a nice coalition of hackers.
Give a better competition. Something with an adequate prize, and the only obligation to win it being disclosure of the hack, rather than full surrender of all rights.
Not even the RIAA has the power to force everyone to switch from mp3 to SDMI encoding. People will continue to make and play mp3, and maybe vorbis now... :) Even if they get some people to switch, its simple to just write a program the captures output from the sound api, and records it into a wave file for later recompression. I refuse to buy a player that uses SDMI, so it wont be an issue for me...
Shit adds up at the bottom...
Yep, SDMI crack is already developed, with a nice GUI and everything. It won't be released before the _right_ moment, guys ;-))))
Hmm, the views in there seem a little strange to me. OK, if SDMI is broken then years of effort are proven to be a waste but, with the knowledge of how SDMI was broken, it can possibly be fixed! And that's the point of the boykott. I personally don't believe that they'll just dismiss SDMI because it was flawed. The purpose of this contest to me was to find leaks in there and fix them before going live and having it cracked one day later.
The above is of course only IMHO
Greetings
Clearly the industry and Hack SDMI trying to whore the hacking community through this project. Of course they want hackers to get deep inside and penetrate their carefully constructed code. The hope is that this repeated and constant probing will somehow allow the code to increase its endurance and better survive the pounding it will take when released on a consumer market.
Not that hacking shouldnt occur: of course we want our best hackers to be up and ready to vigorously slam whatever is cranked out by the industry. But for Christ's sakes, this kinda stuff shouldn't be done in the public where everyone can watch and learn the techniques. No doubt the industry is gonna wanna observe any public acts related to its code, and it will learn from them and come with new a fury as an tested watermark or new standard is extracted. Why be premature and rush into it now? The trick is to wait until the RIAA comes out to the public with a virgin watermarking scheme, foisting off its purity. Only then should hackers be ready to rush in and tear it apart, thus protecting consumers from whatever digital terrorism the RIAA chooses to practice.
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
- Marquis De Sade
The goal of corporations is to make money for their shareholders!
SURPRISE!
From what I can tell, most of the population *should* not be able to hear the watermarking. I wonder how they tested that? Does this mean that people with more sensitve hearing(eg. young kids) or with better stereos will be left hearing crap, with no other choice? The human ear is pretty sensitive, and the watermarks doesn't seem to be too "inaudible".
You know.. it's a *really* simple concept.
You don't like a business, or their practices? You vote with your MONEY, or *anything else* you can.
I don't like the recording industryk, I don't like the *idea* of sdmi, so why on earth would I assist them in doing anything?
The only thing a business understands is lack of business.
Besides, you know, all this commercial bickering is making so many of us lose sight of what technology means to us. Us geeks have *always* built our own society, culture, whatever based on our access and knowledge of technology. It's only with the internet that the media has become involved. Why make a choice at all? Just because they say I should? Feh.
I'll just ignore them, thank you very much.
Thanks. That's all I was asking for really.
John Montoya
goatse.cx
-- the most controversial site on the Web
Anything that can be played can be recorded. Anyone with the right hardware (good soundcard right cables) can make a recording so close to the original that no one would ever know. Why do we need to remove the watermarks, just copy the record the song to a format that will ignor them..... MP3
Even if they get some people to switch, its simple to just write a program the captures output from the sound api, and records it into a wave file for later recompression.
Under new versions of Windows that implement the Windows Media Digital Rights Management Secure Audio Path, SDMI-compliant applications will play music on SDMI-compliant (no cleartext digital output to untrusted destinations such as a file or waveIn) drivers and silence on drivers that have not been signed by Microsoft to play SDMI audio.
Although, in Metallica's case, silence sounds better than most of their music.
<O
( \
XPlay Tetris On Drugs!
Will I retire or break 10K?
Seth
$5 / month hosted VPS on linux = awesome!
Breaking SDMI after products are on the shelves would definitely be much more interesting than breaking it now. Still, SDMI seems doomed whether it's hacked or not because it offers nothing for the consumer.
Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.
Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.
I dunno, the article's "tech experts" sounds a little too prefabricated to me. It seems to me that people that say things like:
I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology(...)
Aren't trying to rally support for the hacking attempt - they're throwing fuel on a pile of wood to start a bonfire! I can't help remembering that these people are working for the SDMI, if they didn't agree with it they should have left a long time ago, heck, if they're good enough to code a watermarking algorithm they're good enough to code for any other high paying company.
I usually trust Salon so I'm not complaining about the article but this smells too much like a stunt to attract attention.
I say let the script kiddies hack it! I also say, let them wake up with a horse's head next to them the very next day.
All browsers' default homepage should read: Don't Panic...
First of all, watermarking means deliberately mutilating the musical signal to make it less prone to copying. This means the whole fuss from Sony about SACD and the DVD consortium about DVDA is just that... bullsh*t. Why does one want high-resolution audio if the result will be mutilated? Why invest in 24 bit, 96 KHz recording techniques if the final result is flawed anyways?
Last year, BMG pressed several CD's with a copy protection on them. Those CD's where inplayable in several CD players. Does anyone guarantee this will not happen again?
Of course we all know that ANY copyright protection mechanism can and will be broken... the software industry is a prime example for that. No matter how intelligent the protection is...it will be broken.
Make 'protection schemes' crumble, it's not only entertaining but you gains status, too! While I read the summary of this post I began to giggle to myself thinking about how, inevitably, Entertainment Corporations will release some new magical scheme to 'protect' digital goods, and inevitably, it will be cracked, less than 24 hours after its debut no less. Then I got thinking about something that I think is an interesting fact; not only are there folks who enjoy cracking this stuff for obvious reasons, but given the mainstream evolution of everything digital, it's somewhat of a race to be the first to crack it and gain status. This is like the "geek" version of the Emmys or something. I loved thinking about which country I thought the country would come out of first or the age of the guy/girl. (Hell, another good idea, I want to see a geek chick crack a 'protection scheme' or release the next DDoS Killer App.) I love this era. Big Business tries to extend its strangle-hold on the digital world like it has the bio world and teens give them a big "fuck you." They're in our world now and nothing digital, by nature, is safe. Don't you guys find this really exciting and entertaining seeing these old timers that consider us just 1 collective consuming entity cry and bitch "foul play" while trying to keep up with us insignificant consumers?
Regards
Correct me if I'm wrong, but if "hacking" SDMI is defined as "being able to copy the music", then wouldn't it be most easily "hacked" by patching a tape recorder or "set-top" CD-R appliance to your sound card's headphone jack?
I don't get it...
"Sweet creeping zombie Jesus!"
-The Professor, Futurama