Slashdot Mirror
SDMI Cracked Too Soon
Andrew Leonard writes "Two off-the-record members of the SDMI coalition have confirmed to Salon's Janelle Brown that all of the SDMI watermarks have been solidly broken." It's too bad this didn't happen in a year - because now it's been cracked before it was even released, and they'll delay even longer.
WinAmp Plugin
DNA just wants to be free...
Perhaps you haven't been paying close enough attention: They are out to screw you.
They want to re-write the rules of retail sales, replacing title transfer with "end-user licenses" (just about any software package).
They want to re-define lawful behavior, taking away your right to exercise your curiosity about the world around you (anti-reverse-engineering clauses).
They want to take away your standalone computer and replace it with a "licensed networked digital media reception terminal," complete with credit card reader.
They want to take away your right to do with your property as you please (:Cue:Cat).
And they want to do this without soliciting your input or consent, and then make you pay through the nose for the privilege of being screwed.
Now, perhaps those things aren't important to you. Perhaps you're not a terribly curious person, or perhaps you're of the opinion that, "I would never need or want to do those things." Perhaps you feel that The Law is The Law, regardless of whether there's a valid ethical foundation for it, or how or why or for whom the law was enacted. Or perhaps you're thinking, "That will never happen in this country." Well, fine, you don't think it's important.
But in my book, this is tyranny, pal; it's damned important; and I will not sit still for it for one nanosecond. This is war, a war of ideas, a war for the digital society of the future. And the enemy has all the lawyers, guns, and money. (And no, this is not hyperbole. What is at stake here is nothing less than who will get to define the social and ethical framework by which we will conduct our lives in the digital universe.)
We are not dealing with people here; we are dealing with corporations. They have no ethics, no morals, no conscience. They are amoeba. They respond to but a single stimulus: Money.
Look at what they are doing. Think about the possible consequences (not just to yourself, but to your neighbors and family). I hope you will discover that the situation isn't as easily dismissed as you may currently believe.
Schwab
Editor, A1-AAA AmeriCaptions
"Suspicious" as in "suspicious of SDMI's true motives." Nothing defamatory about it.
:-)
Less caffeine, more deep breaths.
There. Feel better?
Every day we're standing in a wind tunnel/Facing down the future coming fast - Rush
This sig intentionally left blank.
Now, we'll have an EVEN HARDER time trying to get whatever they plan to stick SDMI into working on homebrew hardware or in Linux.
I disagree. This pretty much kills the whole watermarking idea. If you can't watermark, you can't stop D->A->D conversion foiling *any* protection scheme. Music is and will always be crackable.
The DVD folks still hang on to the point that there is a detectable quality loss in having to redigitize the analog output.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
They didn;t waste any time releasing this:
i a_riaa_dc_1.html
http://dailynews.yahoo.com/h/nm/20001012/wr/med
Pokrefke
How about putting (at least some of) it into good use?
Is the RIAA's strategy to simply litigate every non-SDMIing player into oblivion?
They don't have to. They planned on using the same strategy as the MPAA. All legitimate downloaded music files from major labels would be in SDMI-encrypted format.
You could still manufacture an ordinary MP3 player, but it wouldn't work with SDMI files. It would be like manufacturing a DVD player without licensing CSS. Sure you can do it, and you could have digital outputs and no macrovision, but it won't play store-bought DVDs, so no one does it.
Yeah - a chill ran down my back as I was reading the Salon article. I imagined this conversation transpiring:
Judge: "Why didn't you encrypt your music more strongly?"
RIAA: "We tried, but every encryption and watermarking scheme we tried proved vulnerable. It turns out to be physically impossible to secure digital media. So we just went with ROT13 as our copy protection to limit costs."
Judge: "Is this true? Is it impossible?"
Geek: "Well, ummm... in a word, Yes... mmmm - mayven"
Judge: "I see. Well, if it's impossible to protect the data, then any means of protection can be considered reasonable protection when applied to defend a copyright. [whack!] Rule in favor of the plaintiff."
I can see the fnords!
I wonder if they'll realise that their protection was broken despite some of the serious talent boycotting their competition. They've spent a long time devising these encryption algorithms and they appear to have been broken in just a few weeks. So they seem to have the choice of either admitting defeat or spending many more years trying to devise another 'uncrackable' encryption knowing that it may again be broken immediately.
What d'y'all reckon they'll do?
HH
Free music from Jack Merlot.
Here's how to crack your SDMI-campatible player:
1) Download SDMI file
2) Download compatible player
3) Set your sound card input to 'What you hear' or whatever equivilent
4) Start your choice
5) Press 'Record'
6) Play SDMI file
7) Wait until end of play
8) Press stop
9) Encode your
10) Put on gnutella
Or if you have a hardware player:
1) Prepare player to play music normally
2) Dismantle the player, until you get down to a loudspeaker. Cut off the two wires and solder them into a standard microphone audio jack from your local hardware store
3) Start your choice
4) Plug the new microphone jack into your sound card
5) Play SDMI file
6) Wait until end of play and click 'stop'
7) Encode
8) Put on gnutella
Clever eh? I'll take my $10,000 in cash, sterling used notes please.
Michael
...another comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
Just a thought, for all you SDMI h4x0rs out there.
As for me, I wasn't going to buy it anyway, so fuck 'em.
sulli
RTFJ.
Uh...I think that was meant to be parsed as "members of the programming community suspicious of the SDMI"
The cake is a pie
I'm currently working on a project that uses analog to digital to analog conversions. From my experience, the degradation of this process is equal to at most 1 LSB (least significant bit) of the ADC. Now depending on how many bits your ADC uses, that may amount to only a trivial degradation. For a 24bit ADC, that's 1/16777216 of the signal's range. Now I don't claim to be an expert in audio systems, but since the application in question involves converting the result of this ADC into an MP3 with a lossy compression of 12:1, I seriously doubt it would be a detectable degradation.
s/mp3/vorbis/g
There is only one long-term plan that ever could have worked, and even so, it was highly improbable: they would have to make it so that the only hardware (legally) available, would play SDMI-protected, and only SDMI-protected, music.
MP3 piracy would have stopped, in theory, because you would not have any way to play the MP3s. Speakers that hooked up to a 20th century antique computer's sound card would not be available. The only speakers you would be able to buy (legally) would have a crypto chip inside of them, drowned in dried epoxy, and it would not accept analog input or unsigned digital input.
Stop laughing; if you were that desperate, you might come up with something just as stupid. ;-)
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
After all, it might have been a good idea to break it that soon. I work in speech coding (not that far from audio coding) and, though this is still subject to debate, I believe that watermark cannot work. An indication of this would be that (if I understood correctly) all the watermarking systems have been completly broken. If it had been only one, then they could have picked the strongest one (which would have been bad). If it had been only a detail, they could have fixed it...
But maybe the answer is that it's not posible to have watermarking that really works. If this is true, the ones pushing SDMI have two choices:
1) Come up with a new watermarking system every 6 months, have it all broken with 1-2 weeks, and be effectivly stalled for years. Even if they finally find something that works after 4 years, it would be way too late anyway.
2) They could release something they know to be broken and play the same game the MPAA is playing with CSS. Only in that case, they'll get even less sympathy, because everybody will know that they knew from the start that their watermark was broken.
Opus: the Swiss army knife of audio codec
Next time you hear unrecognizable noise instead of a Metallica song, know that it IS the song. It is just encoded so that you do not SHARE it with your brain.
--
--
On scale from -14 to 56 this post is '-15, Nonexistent'
The FSF or such should have organized a 15,000$ reward to those who crack the watermark, proove it to FSF and agree to not tell SDMI. And of course pay out anyway if SDMI receives the crack from another source.
SDMI would HAVE to provide you with the key, so that you could decrypt and listen to the music! I was incomplete before; what I should have said was, "They give you the encrypted data, the decryption algorithm, AND THE KEY".
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Thanks Andrew.
I completely misinterpreted that sentence, especially after seeing the words "hacker boycott" - it set off alarms.
My bad on spouting off; just being overcautious.
-------------
Someday, you're going to die. Get over it.
I thought we all agreed not to crack them, so they'd release the standard and we'd get lots of poorly protected audio floating around for us to grab. So which one of you did it?
-- Anne Marie
Is it inconcivable to build a player that cannot be disassembled?
If it can be built, it can be taken apart. There is no such thing as a bullet-proof jacket and there is no such thing as an armor piercing bullet. Any program can be taken apart using disassemblers and reverse compilers. Sometimes companies leave debugging symbols in their code and inadvertantly make this process easier.
Just like the security watermark on your paycheck. If you try to change the amount of the check you ruin the whole thing.
Wrong! I know a guy who can do just that with about $3.00 worth of chemicals. You just have to know which ones to use. When I watched him do it, it freaked me out. The watermark only prevents people from making photocopies of the check and does nothing to prevent someone from stealing one of your checks to your credit card company, altering the payee and the amount, and cashing it.
Sure you could make a bitwise copy of a DVD and it would play in any DVD player, but to do so is prohibitivly expensive.
For now. Soon recordable multilayer DVD disks will be $0.50 a piece and a typical computer will be able to record your friends' DVDs much as CDs are now copied.
And the music industry has never been very concerend with analog piracy of digital music.
MP3 is a lossy algorithm, much like analog recording yet RIAA is still going after it full force. By your logic, I could play a CD while recording it through the line in jack on my computer, encode it to MP3, and distribute it and you say RIAA is not concerned with this? I doubt that.
Remember, You are unique...just like everyone else.
Divx (the circuit city product) was, as far as I know, never cracked. Of course, they went out of business so fast that no one even had a chance to try. :-)
The problem is that the RIAA probably has the necessary muscle to force SDMI products down consumers throats. As soon as the RIAA finds a way to make SDMI work, they will guarantee that it is impossible to by a new music player of any sort that doesn't honor their wishes.
For now it is a trivial thing to make copies of your CDs, and rip MP3s to carry on your MP3 player, but in the future this will not be possible if the RIAA has there way.
So it won't only be the idiots that lose their fair use rights, you will lose your rights as well. They will essentially be able to control where, when and how you may listen to music that you have paid for. Your music collection will also probably "expire" and require re-licensing.
I am all for having SDMI fail in the marketplace, but I wouldn't feel sorry for a moment if someone "gave it a push." If the RIAA and their cronies had sunk billions of dollars into implementing SDMI and then had it broken, then we would definitely see it crash and burn.
Can someone explain how SDMI will counter mp3 'piracy' in the slightest?
Unless physical media goes away it doesn't seem possible.....
But the REAL question I have is whether or not those who broke the watermarks *TOLD* RIAA HOW THEY DID IT.
Sorry dude...we, like know what the answer is..but we forgot to tell ya how we did it. Sorry.
"broken in under 1 month despite being bycotted by most of the capable programmers"
The boycott was not irrelevant as they claim.
Many of the best minds did not work on this problem so the RIAA still does not know the extent of the codebreaking skills that they are facing.
This is not a safe assumption. And just because a compliant player can identify the watermark bits doesn't mean that you can
Thus, any software player that can identify it can be disassembled to point out which bits of the stream are watermarks.
Please support this assertion. You have never seen such a player have you? How do you know it can be dissasembled for any purpose? Is it inconcivable to build a player that cannot be disassembled?
Remove those bits, and it's gone. The meanings of the bits are irrelevant.
The point is to make the meaning of those bits relevant. If those bits are also meaningful to the data stream you can't remove them without altering the data.
The goal of SDMI is to put the watermark in significant areas so that you can't remove them. Just like the security watermark on your paycheck. If you try to change the amount of the check you ruin the whole thing.
And this has nothing to do with getting rid of MP3's or tracking pirates. The point of SDMI is to be able to distribute digital music without worrying about piracy. SDMI prevents pirtacy the same way CSS prevents pirating of DVDs; not because the encryption is secure, but because you must play a DVD to copy it. Sure you could make a bitwise copy of a DVD and it would play in any DVD player, but to do so is prohibitivly expensive.
As long as you must play music to copy it you (the vast majority of people) will not be able to make digital copies of it. And the music industry has never been very concerend with analog piracy of digital music.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
The best possible result for SDMI would have been for at least one of the watermarks not to have been broken during the public examination period, then they could have released hardware and software knowing that it was better than any of the discarded watermarking solutions.
This sort of test is silly- just because it can't be broken today, by people for whom $10K is a lot of money, doesn't mean it won't be broken the day after it is released.
Their $10,000 would have been better spent on a few hours by a professional cryptographer in reviewing the algorythm.
I do not deploy Linux. Ever.
Many feel as you do, Janelle Brown wrote a good piece from that point of view on Salon recently.
The issue is whether this delays SDMI, strengthening it in the long term, or whether it will prove to be a killing blow. If it does kill it, so much the better, as you say. However it is almost *certain* that waiting until after the ramp up in hardware and media would prove fatal, and some people would prefer to make certain.
It may seem cold, and it is, but remember that most of us have done *nothing* to deserve being strongarmed into buying new players and entire new collections of media, either.
The only way to protect it I've heard that will work is to switch to a DVD format that actually uses the higher density for audibly better quality. Only if the music itself is too clumsy and large to rip will it be protected, and then only until technology catches up. There are issues here too, like mandatory ads/copyright warnings at the beginning of audio disks, but at least the new media would be better in some way.
the seller needs to appease the buyer to survive. as shown countless times in the last few decades (divX anyone?) people want nothing to do with technology that doesnt improve on its comptetition except to take away more of their fair use rights. SDMI has already failed, its a forgone conclusion, unless they can come up with some extrememly compelling reasons for me to take the time, energy and money to trade my mp3s for their product. which is highly unlikely, and even if they do many people wont go for it becuase mp3 is entenched and easily good enough.
got drum'n'bass?
http://mp3.com/vitriolix
I almost agree with you there, but it won't work in the real world. Example: I own Batman on VHS... I want it on DVD, but I can't go banging on Warner Brothers' doors asking for the copy I'm entitled to.
In addition, I can't take an old Foghat 8-track to (insert correct label here) and get my brand new SuperCD and Audio DVD versions, much less download a legal copy ripped from a high quality CD off of the net. As much as I would wish it to be true (maybe payment for the medium), it probably isn't going to be that way.
Because you can't, you won't, and you don't stop...
Thank you for summarizing my point better than I did.
Well, the boycott idea was stupid anyway.
bocott coke, and maybe 20% of the people who agree with your cause will boycott it.
That translates into a 20% drop in revenues (um, if Coke didn't own every other company in existence, and only produced just coke).
but with this contest, if just one hacker doesn't boycott it, (and who wouldn't want an extra $10,000 for a few hours work?), then the boycott utterly fails. Y'all should've just gone for it.
It would have been nice to see the wasted effort to mass-market this stuff and watch it be cracked. That would have been sweet. But it's also pretty satisfying to watch a hacker-boycott still crack the thing in a matter of weeks. If all the hackers had gone full-tilt into this, can you imagine how quickly it would have fallen? Might have saved them a little hubris.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Well .. in the codebook you only had the encrypted data.
.. ;)
... you can NEVER build a 100% secure copy protection.
.. ALL of them are cracked after a very short time ;)
.. IF i decrypt it, and save it in a standart format and play it with some open source player .... ;)
Here you have the data and the program that checks the watermark (softice is your friend
Thats a general problem
(All new games out there are copy-protected
But I still have some problems with SDMI
Samba Information HQ
It strikes me that some huge downloads, no actual black box to test the things, and a very small number of samples is not the best way to guarentee security.
If they were really confident about it, they would have produced a large number of samples, possibly including analogue recorded basic samples and white noise. They would have provided software that can veryify whether the code has been removed. If it was really secure they would have provided a tool to watermark your own data.
This was simply a means to say to their investors "See. We gave them a suitably large amount of time to break it. We offered a suitably large prize. Its secure".
My cat and I have conversations on a pretty regular basis.. he always greets me when I come home from work, and throughout the day.
OK, I usually don't have much of a clue as to what he's saying (unless I'm fixing breakfast, in which case "MEOW!" means "I want some milk, too!") and I don't think he knows what I'm saying either, but we enjoy the conversations anyway...
The thing that confuses him is when I'm talking on the phone to someone, and I don't wait for him to finish, or I don't respond promptly (I think his logic goes something like "He's saying something, and I'm the only one here, so he must be talking to me.")
Besides being vocal, he does a number of non-cat things, such as playing fetch, and occasionally tag..
yes. SDMI would have been a hard sell, until they "bundled" it with "better audio quality". It wouldn't have to sound better, they'd only have to bribe a few audiophile magazines, and run a small astroturf campaign, and it would BE better.
But yeah, indie labels (using unprotected MP3 technology) *is* what we really, ultimately want.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Why use the proprietary Frau encoder when Lame has been proven to be not only faster, but of better
quality?
And regardless of where mp3 ends up legally, Ogg Vorbis will replace it if licensing becomes a huge issue.
Linux - Because Mommy taught me to Share.
"They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."
This did not happen. This is all just a hoax. Our music encoding system is top of the line, and will never be broken. Anyone that spreads knowledge to the contrary, let alone fake (they can't be real, because we don't have a problem) programs to utilize this "hack" will be arrested and jailed. NO EXCEPTIONS!
--the RIAA
Imagine how Microsoft employees must feel.
money can buy the impossible, or the government... whichever is cheaper (usually the government).
The difference between Theory and Practice is greater in Practice than in Theory.
There's a crack for Liquid Audio that I've seen around, maybe even used a few times. The only problem I had with it was that it was winders only and binary. But it did work on stuff downloaded right off of various Liquid Audio sites, converting them to WAV which could then be burned to CD or encoded as MP3s. It took quite a bit of searching on Deja and warez sites to find it, but such things are out there.
Yes, but the whole specific watermark thing would cut deeply into their profits.
It's quite simple. At the moment, they fire up their CD pressing plant and run off $BIGNUM CDs. If they're going to give each a different watermark, they'll need to run off $BIGNUM different CDs. This will cost a lot more; CD pressing for runs of 1 CD is not economical.
So what are they supposed to do? Burn the CD in the store when you go to buy it? Just think, you could get (almost) the same thing, minus the cover art, by downloading all the tracks from Napster and burning the CD yourself. Hmmm.
Of course, they could just put in the HARDWARE (Rio, etc) players something that says "Oh! It's watermarked! Must've been ripped from CD! Bad monkey! No music for you!" except this is likely to seriously inconvenience consumers, and cause them to buy non-SDMI hardware (I'm guessing they'll just keep buying CDs rather than RIAA-sanctioned downloads) in the same way that in non-region one countries, they buy de-regionable DVD players.
--
Pretend that something especially witty is here. Thanks.
Hee.
Or maybe they wanted to do the "right thing" and inform the operators of a security hole? Or perhaps they have a different set of ethics that aren't related to others'?
The possibilities are endless!
So, while distributing VHS copies mastered from DVD could be profitable surely seling tapes of CDs would not.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Yes, the hackers *WERE* suspicious. They said "I don't trust this, it looks like a bad deal".
"Suspicious" does not necessarily mean "worthy of suspicion".
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
The guys who came up with SDMI thought they could fool the RIAA companies into buying into this technology, and face it, they would have become incredibly wealthy, whether it failed or not. It was worth a try, eh?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I track the CVS a bit, and there's been a good deal of optimizations, at least in the XMMS arena, since beta1. CVS info is available at vorbis.com.
./
./
However, if you're lazy like me,
deb http://www.stud.uni-hannover.de/~ingo/vorbis
deb-src http://www.stud.uni-hannover.de/~ingo/vorbis
is a set of sources.list lines for your Debian box that have compiled CVS versions updated daily.
Windows 2000: Designed for the Internet. The Internet: Designed for UNIX.
But DAT wasn't that well established yet.
Computers are big. I think a lot of the manufacturers out there would have something to say about a tax like that.
My lobbyist can beat up your lobbyist.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Hate to tell you this, but artists go on tour to support their albums, not the other way 'round.
First, set a limit on the number of companies licensed to produce players for the new format. Say...about 20. Each month, issue each of these vendors a Triple DES key to put in their software. Then, encrypt copies of each soundfile with *ALL* of the 3DES keys, and place the 20 files in a zip or other container file of some sort. Make the files time-expire by requiring the player programs to contact a master server each time they start up or play a recording. The master server will authenticate the time/date. Any out of date files will be deleted by the player program. If write-protected sound files are detected, have the player lock out the keyboard, and use the (required) modem to dial 911 and report pirate activity.
Unfortunately, there are a few downsides:
With your customers paying monthly, your revenue from music sales would rise! (Though some miscreants might refuse to buy into this system, you'd just be losing the pirates anyway, right?)
While some comparisons to DIVX are inevitable, this is a software solution.
The artists would love it! Piracy would drop from 1000% to maybe 5% (cracked keys, but the file will expire anyway). Of course, sales will probably drop to about 5% too, but you'd be saving billions of dollars a year in piracy losses!
There ya' go - a solution. And I won't even charge royalties on the idea. Go get 'em.
Authors note: I seem to have forgotten the {SARCASM} tags...sorry 'bout that
for 160 and above, lame is 'ok'; but for 128k, its never been demonstrated that even vbr j-stereo lame or blade or gogo can compare with frau.
THAT's why I forked out my $200 linux license fee. I didn't want to - believe me - but it paid for itself in disk space (even though it was god-aweful inefficient in terms of compute time for encoding).
--
--
"It is now safe to switch off your computer."
If it exists in the sound itself, then either they actually change the way it is heard (which everyone will object to, so it won't fly) -or- it's inaudible. If it's inaudible, then simply encoding it as an MP3 will kill it, since the process involves removing what humans cannot hear.
---
[ approaching AI ]
Nobody would buy an SDMI player when an ordinary MP3 player delivers more functionality for less money. So this strategy would fail even if the technology worked. Sorry, RIAA!
sulli
RTFJ.
It's not impossible to introduce an inaudible sound that will survive being DACed, don't forget OOB data (>20kHz & 20Hz) which could be quite loud, but you'd never hear it.
Of course, you could strip this away with a filter.
---
[ approaching AI ]
You're failing to ackowledge the current inefficency issues with the players/plugins. On my 2K box @ work, a Vorbis playback skips when scrolling around in IE. Yeah, I have Lotus Notes, PVCS, NTEmacs, numerous ssh sessions, and numerous IE windows open, but I don't recall the last time an mp3 skipped under those conditions.
Yeah, I encode everything in Vorbis now too, so...
But trading 'remastered' MP3s would still happen. I think that's the context we're worried about.
---
[ approaching AI ]
The problem with this reasoning is that once a big company has sufficient investment in a product, it can go to Congress and ask for laws to be passed to protect that investment. This would be in the taxpayer's best interest, since we all know what terrible woes will befall the consumer should shareholder value weaken.
Laws could be passed outlawing the sale of non-SDMI compliant equipment, or a least placing high taxes upon it. End-to-end encryption could be required on audio equipment, etc. Yes, all this could be worked around by a dedicated hacker, but it would be illegal and difficult. Meanwhile the average consumer gets used to the loss freedom and villifies the evil hackers.
This war not just about beating SDMI and sticking it to the recording industry. There must be a viable alternative. The longer SDMI and its clones stay out of the marketplace, the greater the opportunity for more open initiatives to create a successful business model.
Oh so clearly in the recent DeCSS case, the judge was just stupid, right? Did you read his paper? He most definitely understood the DMCA, and abided by it to the letter. A judge's job is to interperet laws, not to overturn them.
Once you go through lossy compression (i.e., MP3 compression), you start losing quality, and they sure as heck seem to care about that!
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
I understand the argument you are making. Here's the additional information you need to fully see what happens.
In your example, you convert analog 0-4 to digital 0 and digital 0 to analog 2. This would seem the smart thing to do because 2 is at the center of the range of possible values. Unfortunately, the DAC will turn digital 0 into analog 0. (Continuing your example, analog 5-9 becomes digital 1 and digital 1 become analog 5). Now in a perfect world, things would still work as you propose. The problem is that in a real world application the difference between analog 4 (digital 0) and analog 5 (digital 1) is on the order of a few microvolts. Needless to say any noise in the system (and there always is a little) is most likely also on the order of a few microvolts meaning that analog 5 might turn into a 4 and then it will be a digital 0.
One way to reduce the error is to use DACs and ADCs with different bit accuracies but always greater than the resolution you really want. Then throw away the lower bits. Of course, in the case of the SDMI watermarks, we don't want to compensate like this since we want to destroy the watermarks.
On the other hand, the Salon article seems to indicate that the consortium that created SDMI is politically fragile. Which suggests a different set of outcomes:
Which leaves nobody there to agree on a "SDMI Mark II".
Given financial stability, they might attain the funding to mount a legislative response to a later cipher attack.
In effect, the hackers might attack now, while SDMI is weak, and destabilize it from a political perspective.
It is possible that the scenarios I suggest are not representative, but if they are, which seems possible, this certainly paints a rather different picture.
If you're not part of the solution, you're part of the precipitate.
And lots of "No Comment". That was one of the conditions to accepting the money, right?
Refrag
I have a website. It's about Macs.
But just to make you happy, I've updated my signature to avoid such confusion in the future.
I do not deploy Linux. Ever.
Vorbis as a format is definitely there, but the software isn't there yet. The beta reference encoder is quite slow and the beta winamp decoder plugin is too CPU intensive (over 60% CPU usage on a PPro200, 96megs, Win98SE to decode a default quality (VBR up to 160kbps) file... while a similar quality VBR MP3 hovers around 12% CPU usage). I definitely suggest checking it out, but wait for the release version which will undoubtedly be much more optimizied.
BTW - The beta encoder (for Windows, Linux x86 and BeOS) as well as plugins to winamp, xmms and sonique are available at www.vorbis.com.
--
Portable versions of Firefox, GIMP, LibreOffice, etc
The MP3 Codec is propriatary. The patent holder, after years of not caring, is now demanding royalties from each and every use of MP3 technology, including a penny per download, and appear willing to demand that individual users accede to their licencing demands.
Actually the Code (ie Algorythm) that produced the MP3 formated file was what was patented. The format itself is an 'Open Standard' from the MPEG Group.
Yes but there is also L.A.M.E. which until recently was just a patch to the MP3 Reference Code (which was itself freely distributable) but all the Reference Code (i.e. the patentable piece) has all been removed and replaced with a free (speech/beer) MP3 Codec that the L.A.M.E. group has built.
I compared a few songs to the CDs I ripped them from (using the recommended settings of Joint Sterio where both frames are the same, and Variable Bit Rate encoding). The files were slightly larger then similar files I generated using a set '128k' bit size (5-6 meg instead of 4-5) but the sound difference was incredible. I was hard pressed to hear the difference between the CD and MP3 versions of the songs I used.
The main problem with MP3 isn't that the whole thing is propriatary, its that a Patented method was allowed to be used in the MPEG Group's Reference Code that was distributed to everyone so they could see how to impliment the standard. This allowed one unscrupulous company to demand royalties from people who thought they were using free code.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
It's impossible because DACs turn a specific digital value into an exact, corresponding analog value (+/- the error rating of the DAC) and an ADC turns a RANGE of analog values into a corresponding digital value. This means the result of ANY signal that undergoes an A->D->A or D->A->D conversion is not the original signal. It's close but the lowest bits of precision of each sample are slighty modified. The watermarking that SDMI proposes must be contained in those low bits or users would hear distorted audio. So if one uses this simple process on an SDMI compliant audio file, the watermark will become unrecognizable to an SDMI compliant player. The player will then be forced to assume the audio file is pre-SDMI and will play it fine because SDMI players are supposed to play ALL non-SDMI audio.
Yep - this is exactly right.
The problem, as the post-Napster environment will show, is that the only people left to sue are your preferred customers.
*This* is the bind - you don't need to protect the music from those who don't really care about the music, and you can't protect it from the people you want to please. And last time I checked, suing people doesn't usually make them happy.
They want the impossible technical solution because they see it being practically impossible to protect it legally.
What they've really got is that there will be no effective and usable protection either legally or technically.
I would like to see Slashdot invite the SDMI crackers for an interview, so that we can get an insight into their ethical framework, and why they chose to save the recording industry's lunch.
Probably the answer is entirely simple: it was a challenge. But hey, we'll try. ATTENTION SDMI HACKERS: If you were one of the people responsible for breaking the SDMI watermarks and you want to be interviewed, please get in touch with Slashdot. Thanks.
--
Michael Sims-michael at slashdot.org
You mention "SDMI engineers", while I seem to read into the article that there are two camps, there are the media industry people, completely non technical who want the impossible, and the technical industry people, who are getting dragged into this just to try and influence things and keep from losing money (to lawsuits or worthless technology). I've got the impression that there are engineers involved who hope it all falls apart, so that it would provide an opportunity to shake some sense into the media industry morons who are asking for the impossible.
The engineers are trying to avoid a DivX like scenario, where they spend all this money to push products that consumers reject outright. In such circumstances, DRM (digital rights management, encryption and server authentication) or any other "more secure" system seems just as bad as watermarking, and would be something that consumers would reject just as much.
You stated that you thought the Billions wasted implementing the restricted technology would be a good thing. I think that the media companies would not suffer too much if SDMI was pushed out and then broken. Media is cheap to make. It is the hardware companies (the ones who are more on our side) who will get screwed if they have to invest in *any* SDMI like system and then get it rejected by consumers or broken.
If SDMI had been pushed out and then pushed back, the only thing you would have less of are hardware, MP3 players, and other such things.
The only real win-win scenario is if no restricted system is pushed out. The consumers don't get screwed, and the hardware companies don't get screwed. How do we accomplish this?
So what the hell is this? An RIAA-approved ID3 tag?
Corby
On both points.
Te design objective was obviously to let the watermark survive common lossy compression methods, if they hadnt achieved that they wouldnt even have held the challenge.
But even if a watermark survives a challenge like this it means diddly squat. Once you have players which recognise watermarks to decide if they will play content its far more easily defeated, you dont even have to reverse engineer... trial error methods will be feasible too, thats a lot different from having to mail in results and have them get back to you.
Heck, if they knew what they were doing in the first place, they would have realized it's impossible and not bothered.
There are plans in place to deal with that: This is not a group of dilettantes. These are serious businessmen who called for this malicious attack testing. When you call for that, one of the things you build into your schedule is the concept that it may all get broken. There are backup plans in place to discover new paradigms."
I was going to shorten this quote up some, but all of it was just too funny. I can just imagine him running around, "Quick Surresh, get me that new web paradigm you developed last week! What? You don't have it?, This is terrible, get out of my office, YOU ARE FIRED!"
You are a very bad man Talal, and belong in a maximum security federal bang you in the ass prison.
And in fact one aspect of MP3 encoding is to remove frequencies beyond normal human hearing so it will strip away the data you mention making it a really poor place to hide the SDMI watermark since then ANY idiot could remove it :-)
Software giants like Micros~1 serialize their data CDs all the time. I wouldn't think it would be hard to serialize a music CD.
it'll never happen. superior audio means nothing; its all inertia. the masses 'know' mp3 and that's all that exists. WMA, vorbis, shorten - all better than mp3 in one respect or another. but the Rio's and Empeg's out there speak mp3 and that's the standard. once its in hardware, its a done deal.
ogg is for geeks and software players. but that's probably 1% of the mp3 target population.
remember how long it took for cd's to become the popular defacto standard? has anything (dat, etc) dislodged it yet? (nope).
--
--
"It is now safe to switch off your computer."
But Fraunhofer wouldn't, and Fraunhofer is the only real problem that MP3 faces.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
What jobs these geniuses have! Imagine having a well paying job pretending to do an impossible job and knowing all the time that your paymasters are stupid enough to believe not only in the job itself but in what you claim to be doing.
Yeh, it sucks. All the way to the bank.
--
Infuriate left and right
*sigh* ... name one (except playback) involving nothing but Free Software.
The MP3 issues I was referring to have nothing to do with content; they have everything to do with licensing the Fraunhoffer patents.
From mp3licensing.com:
Oh yes, and LAME is not exempt... from the LAME page:
...and no, I don't have US$ 15,000 to throw around. Do you?
DNA just wants to be free...
The CD would never be playable in a player you could digitally connect to a computer. They're talking about replacing everyone's CD player. Most likely with some digital memory type player.
Sounds like a hard sell, until that new Backdoor Boyz CD is ONLY available in SDMI. Possibly given away in some kind of promotion. Then all the kiddies run out and buy SDMI players. (or they give them away at McDonalds or something) Then, armed with those sales figures, the industry approaches the hardware manufacturers and sez "hey, this is profitable" cash flies under the table, a blowjob here, a blowjob there, (my embellishment), then there are more SDMI players out there, and they don't threaten their revenue by making MORE music SDMI-only. Soon, only non-RIAA companies sell non-SDMI music, and while this is a competitive advantage in an ideal market, RIAA propaganda, promotion, marketing, legal-dirty-tricks, drive the indies out of business.
Then, the RIAA bribes, er partners with Microsoft to provide free SDMI players in the ONLY web browser still available, that just happens to be on 90% of desktops - and breaks other plugins that play MP3s, only geeks will be able to download MP3s and get them to play.
Then, you could likely download SDMI files and listen to them on your computer, but no player (in theory) will allow you to decode the content, other than directly to the speakers.
Of course, where this fails is when someone comes up with their own decoder, or even a sound-card driver that dumps the sound data to a place that can be decoded, instead of to the speakers. Or if someone figures out a hack for the player to do raw digital-out, or something like that. Worst-case scenario, if SDMI is better than CD sound quality (it would almost have to be to sell, unless they sell for a reduced price, unless they could fool all of the poeple all of the time - which isn't really necessary, you only have to fool most of the people with most of the money), then output from the player is audio, you simply take some decent equipment, and re-encode it. Some loss, but free distribution of previously copy-protected works makes it worth it, as long as the quality is acceptable.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Wouldn't that be a shame...
--
Infuriate left and right
10,000 bucks is a paltry amount of money. These codebreakers have saved the RIAA much, much, much more than a pitiful 10 grand.
Someone should have offered twice that for the codebreakers to keep their mouths shut.
Chris
}#q NO CARRIER
Not so excellent. If you read between the lines, the technology companies are hoping that they throw out watermarks and go with Digital Rights Management. DRM is a codeword for "end to end controlled encryption." It's like Kerberos for music, and it means that you have to use their software, special hardware, etc etc.
Nope, sorry, reread the LAME page again:
"Personal and commercial use of compiled versions of LAME (or any other mp3 encoder) requires a patent license in some countries."
Still nailed by patents.
DNA just wants to be free...
Do you know of any MP3 hardware out there that is no longer "SDMI Compliant"? I don't. Sony's MP3 players use MagicGate Memory Sticks to ensure SDMI compliance. When the new Rio came out, I thought about getting one until I saw the SDMI badge on it in Best Buy!
They're winning... we can't sit by and do nothing... or worse help them for a paltry $10,000.
Refrag
I have a website. It's about Macs.
What is all this talk about "the enemy"? These people may be idiots and trying to use questionable ethical means to get as much of your money as possible, but who cares? Let them. You're obviously not going to buy any SDMI products, and I'll bet most people on slashdot won't either. But there are consumers out there who would be perfectly willing to enter a contractual agreement with the RIAA or whoever's selling them music that would limit the rights they have to it. They'd be idiots, but people have a right to be idiots. Don't make the choice for them. Let SDMI fail in the free market, not because some unethical crackers kept their findings secret.
If I was able to do it, that money would undoubtedly look might attractive. It would be easy to say I would hold the moral high ground and hold off but I'm not in that position and so can't make that claim. I think it's something that people should think about before they start whinging about those who did crack it.
Rich
Regular CDs that play on today's players are going to be sold for at least another 5 years. The consumer market just won't accept their new 200 CD jukeboxes being obsolete overnight.
So... since they can't get rid of MP3 for another 5 years, why all the effort to come up with a perfect encryption and loose the opportunities here today?
I think all they need is a variation on current encryption schemes (different enough so they can seek protection from the DMCA for "circumvention") that locks your music files to a pass-pharse. That same pass-phrase will be linked to your credit card. Anyone you give your password too will be able to buy music on your account.
Grant it this does nothing to keep people from getting MP3s but it allows them to satisfy a market for online commercial quality music files in a way that doesn't put their product any more at risk for piracy then it already is.
Let's face it, most kids and bootleggers don't care enough about quality that good analog recording equipment won't satisfy them.
RANT ON
The amount of loss due to (quality) analog equipment pales in comparrison to what's lost in your typical 128 bit MP3. In the "old" days when cassettes were "Hi-Fi" - the main problem was tape transport noise of older/cheap units and hiss caused by poor quality tapes/heads. My $200 Kenwood Cassette player doesn't suffer from those problems today. My guess is that after MP3 encoding, 98% of the population couldn't tell the difference between an encoding whos ariginal source was a CD and one whos source was a cassette. (even a recoding I made from CD - I find that recordings I make are often better than those cassettes from the label)
/RANT
Sorry, I thknk this all turned into one long rant. I had a point but it got lost, I just find the lack of sense in the whole matter frustrating...
--Aaron Greenberg
And would be in violation of fundemental copyright laws.
Example: I write my Great American Novel and send one million copies to myself via the Internet. Assuming a micropayment of one dollar per copy, I have to pay one million dollars to the ASCAP-esque authority (AEA).
Well, the Constitution says that copyrights shall be secured to the author of the copyrighted work... and this means that unless I grant someone else permission, all revenues from first sales of this work (which it sounds as though micropayments from and to myself would be like) are mine alone. Unless I get every last cent back from the AEA (and how do they know if they don't look at content?) they're guilty of pretty damn significant copyright infringement.
IIRC ASCAP is only able to collect money if you play music copyrighted to people that they represent. And I doubt that they'd work for free, which means that they too would be significant parasites.
Personally, even if a micropayment system existed, I'd still be unhappy. In fact, I'd probably be more unhappy than I currently am, since micropayments assume that it's impossible or difficult to purchase copyrighted material outright... which the RIAA, MPAA et al would love to have come to pass.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I forgot one other angle;
.NET figures in, because if all software is "rented", computers won't need CD players anymore, and since MS controls the manufacturers, CD players will become rare commodities. non standard items. Like ZIP disks.
In the part where the RIAA bribes/partners with Microsoft,
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
the failure of dat was 3 things: expensive to build and buy mechanisms (mini vcr's inside), hard to find pre-recorded tapes (yeah, I know, why bother. sigh.); and unreliability unless meticulously maintained (which consumers would not do; many pros didn't either. I'm talking head cleanings every year).
but I agree that mp3 was a hit mostly due to its compression size and it was the right fit for where we are in the Inet today (in terms of spare b/w on personal Inet lines). in a few yrs from now when t1 is considered slow, maybe shorten or some other non-lossy compression scheme will be king.
--
--
"It is now safe to switch off your computer."
However this article points out a lot of things that seem to be coming true and mentioned in the article that is the focus of this slashdot item, that basically the music company executives didn't expect it to be broken, don't have anything to fall back on, and the SDMI may in fact fall apart now that two years of their work have been effortlessly cut into shreds! Which is EXCELLENT news!
I disagreed with that article, because even if it was cracked AFTER they released it, they still wouldn't have anything to fall back on. Assuming they don't. If they do have something, they can use the results of the contest to eliminate possible cracks. So overall, I think cracking it before its release is a bad thing.
Because the music industry has appeared to be clueless up to this point, here's another possibility:
It really has been broken, and they really don't have anything to fall back on. So they DENY it's been broken, and release it anyway. Then it gets broken again after its release, and they pretend they weren't expecting it, along with playing stupid legal games.
I'm not sure if they are really this clueless. But it's possible.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
It doesn't make sense. Sure the 10k was chump change to them, sure it makes one wonder at their true motives when combined with "official" statements that they had some kind of contingencies planned for this.
But why ask the crackers to explain how it was done in order to claim the prize unless they believed that information had some meaning for them?
I truly think we're seeing a clear example of a much much larger "digital divide", the kind of divide that separates the businessmen from the brains.
Go Lakers!
it's a shame we don't hear much about any other than the two big candidates here in the U.S.
--
+&x
If the web had the bandwidth to widely stream CD quality sound, and some web services would let you stream any song to you, there would be a real incentive of breaking the streaming clients. They'd get reversed engineers to shreds and cracked in a matter of days i'm sure.
Well, whoever cracked it really did us a service. Now, we'll have an EVEN HARDER time trying to get whatever they plan to stick SDMI into working on homebrew hardware or in Linux. Someone should seriously flop the cracker. -Rob
oookay... so then i just use a high-pass filter and they're gone... (or a low-pass filter if you mean the 1-19Hz range).
--
"Don't trolls get tired?"
Thank you!! An intelligent, incisive question, one worthy of conspicuous, public debate.
Speaking entirely on behalf of myself, you are correct that a cohesive vision of How Things Should Be has been absent from my rants. This is because I believe designing a successful, durable, workable, just system would require the efforts of a group of incredibly talented, wise people, the likes of which have not been gathered since the framing of the Constitution. I don't believe I possess such gifts.
I do have a few vague, disconnected ideas. To fully appreciate them, however, you need to understand the framework in which I developed them:
Axiom: When the ability to copy is ubiquitous, and when the incremental cost of copying is effectively zero, the effective value of any given copy -- including the "original" copy -- is zero. (I state this as axiomatic, but I'm willing to discuss its merits. And please note that this assertion says nothing about the effort/resources required to create the original in the first place.)
As a supporting argument, consider the universe presented in the TV show Star Trek. (This may seem silly, but Star Trek is a useful framework for comparison, as everyone's familiar with it.) In a world where everything, including physical objects, can be replicated at zero cost, what is the economic impact? I argue that the market-based economy collapses completely, since its fundamental supports (scarcity and inconvenience) have been eliminated.
I also believe that the social impact will be that casual copying will be seen as perfectly okay, and that the desire to not share copies will be seen as childish. After all, if anyone anywhere -- including artisans -- can copy anything at any time for nothing, then what, fundamentally, will be wrong with copying anything?
So, in a universe where copying everything is seen as perfectly okay, is there anything an artisan should still have control over? I contend that the most crucial aspect of creativity still needing strict controls is the artisan's reputation.
Consider: On a visit to the Enterprise, you see an object you quite like. Naturally, you ask, "Wow! Who made that?" Both you and the object's creator would like to be certain you receive an accurate answer. Note that the question of whether the object you saw was an original or a copy is irrelevant. You no longer care if an object is "genuine;" you want to know who did it. In other words, you want to know about their reputation. (After all, maybe they did other cool stuff, too.)
...Okay, so we don't live on the Enterprise (yet), and we all still have to pay the rent. However, I strongly believe the concept of reputation will be central to a re-design of economics and the concept of intellectual "property" in the digital universe. Reputation will become a chief scarce resource in the digital universe, because it is an artist's reputation that will guide you to their other scarce resource: their time. And it is their time that you will be paying for (no more doing stuff "on spec").
In terms of more immediate, concrete proposals, I've heard the following ideas floated:
For example, let's say John Carmack creates his latest game, qDuOaOkMe, and decides that, for all his efforts and that of his company, he wants to see $50 million. So he posts it to the site: "qDuOaOkMe: $50,000,000". People the world over pledge $25, $50, $100, whatever they feel it's worth toward the final price. When the price is reached, Carmack gets the money, and the game is released free to all. The entry is also kept open on the site so people who didn't bid can continue to throw tips. If the price is not met after a pre-set time, all pledges are returned to the bidders, and the game isn't released.
Other ideas are likely out there, and worthy of attention.
Also for immediate consideration, there should be some study into the use of digital watermarks for identifying the artist of a given work. Right now, all the discussion surrounding watermarks has been with an eye toward controlling proliferation of copies, which is unworkable. However, I believe even the most virulent opponent of copy protection would support using digital watermarks to identify the artist, thereby preserving -- wait for it -- their reputation.
Like I said, I don't think I have what it takes to completely design the new system. I've also completely avoided rather sticky issues, such Moral Rights (e.g. should an artist be able to enforce the declaration, "No, you can't use my painting in the background of a porno video"). But I do know that the current system will ultimately prove to be fundamentally unworkable, if for no other reason than the sheer numbers involved (how many copyrighted works will you need to test against to make sure you're not infringing?).
So, yes, you're right. We need to think about this, and it needs to be done rationally and publicly. Too bad the entertainment industry's using all that bandwidth to paint us all as criminals.
Schwab
Editor, A1-AAA AmeriCaptions
?
The last time I saw a M$ 'serialised' CD, it had a sticker on it with a 'CD Key'. I suspect this contained the serial data. Not physically written in a standard-CD-drive-readable-fashion to the CD.
--
Pretend that something especially witty is here. Thanks.
A judge's job is to interperet laws, not to overturn them.
Unless they're inconsistent with other laws or the constitution.
Respectfully, I believe you've been blinded by your $200 licensing fee. The Lame versions sound much better than Frau at 128 and beyond. It is possible that your version of Frau isn't equivalent to the one displayed but I find it hard to believe that Frau has improved to a point where their 256k version can compete with the 128k version of lame.
The tools used to create these are readily available, and I'd love for you to run these tests and post the information on the web. Hell, I'd like an e-mail
miracle@nospammage.procyon.com
Linux - Because Mommy taught me to Share.
Hmm, I think you might be a little bit confused.
There is nothing about SDMI that will strongarm you into buying new players or new collections, as I understand it. Your CD player will still work, your current CD's will still work, and music will still continue to be sold in the CD format for many years to come.
I believe one of the theories behind SDMI is that the player requires no decoding software, it just plays the music as it is written.
SDMI detection is part of the recording process. Presumably to limit the number of copies of a song that can be made. i.e. you can make a copy from the original, but not from a copy of a copy.
The DVD-Audio format is being held up for this technology, along with an improved CSS like implementation to encode the digital bits.
Actually music has been available on DVD discs for a couple of years now. It's not been terribly popular, however, because few recording studios support it and it hasn't gained widespread acceptance for fear a new format that is just around the corner.
Even when DVD-Audio comes into being, again you will not be forced to go out and buy new collections. The DVD-Audio players will play older CD media, just as current DVD players do. In fact I suspect you'll just see the DVD-Audio spec wrapped into DVD players such that you'll have a device capable of playing several different audio and video formats.
There seems to be a lot of confusion and frankly, FUD, being spread by the anti-music-industry groups.
I don't care about copy protection, as long as it doesn't get in my way. Unfortunately the macrovision on video, and this new SDMI both corrupt the purity of the source and affect the potentional enjoyment.
As I'm not going to pay for my music many times. One payment, the music. Whatever the media.
Somedays I just sit thinking about how fucked up this world is. I'm sure a lot of people see that too, but they ignore it because they can profit from it.
But hey, I couldn't resist beating a dead horse some more.
They should be using CueCat XOR encryption (tm) for their watermarks.
Mike
"I would kill everyone in this room for a drop of sweet beer."
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
I thought part of the deal once you crack the watermark was that you had to turn in all the details and sign an NDA. I wanted to put a link but cant find the rules on their site.
I realize I could just check google to find a link, but do you think you should post some information about where to find the codecs for vorbis? A link to the webpage for it or something.
Or am I just being too lazy?
While your quote is indeed from the home page of Macrovision and certainly was written by some PR flunky, if you actually browse their site you will find no mention of a single product that serves the purpose of preventing audio duplication or piracy.
You will find this product, which prevents the illicit reception of CCTV including two channels of audio.
I fail to see how this has any bearing on my assertion that the music industry really doesn't give a damn about analog piracy.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Where does the name of ogg vorbis come from?
I never saw it in any FAQs...
"The hacker boycott of SDM organized by suspicious members of the programming community has turned out to be irrelevant."
lol. I didn't read the article, but if they really said that, then they REALLY have problems. The boycott is anything BUT irrelevant. If the watermarking scheme was cracked without the help of the hackers, then imagine how fast it would be broken if it weren't being boycotted.
-----
"People who bite the hand that feeds them usually lick the boot that kicks them"
Higher Logics: where programming meets science.
I don't think they've got any hope of DA->AD->DA resistant watermarking that a moron couldn't defeat. As far as I'm concerned, they'll be holding these contests until they give up. They won't -ever- come up with anything difficult to defeat. I promise.
BTW: the 'who cares?' is in the spirit of Starstruck.
---
[ approaching AI ]
I, for one, would like to play arround with them. Too bad they got yanked from the website.
Actually, if they keep the materials online, won't it increase interest if they set up a hack_sdmi_II? Or at least it will get them some free research into watermarks.
Karl
I'm a slacker? You're the one who waited until now to just sit arround.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
Bottom line - the signal must be converted back to an analog format to be heard by human ears. Once it's analog, it's easy to rerecord, manipulate, etc. However, practical cracks of any encryption or watermarking scheme are likely to intercept the digital signal on the output side of the codec, which can in turn be recompressed, unwatermarked, etc. with excellent results.
Help save the critically endangered Blue Iguana
Won't they have to pay out the prize? At that point there's no way no how they can play it "close to the vest".
It's alarming to me that the boycott ended up being irrelevant. Way to hang together, guys and gals. Doesn't bode well for any organized protests or boycotts in the future. The influence of the EFF and geekdom in general doesn't appear to be very powerful.
OGG Vorbis
Actually, it really would have been common courtesy of me to include more links. Sorry.
DNA just wants to be free...
"If your business model is selling water in the desert and it starts to rain, you'd better find a different business model."
-josh
While I see what the previous poster is saying and agree with the points made perhaps I can risk pointing out that as life in the western world (and slowly elsewhere) becomes increasingly digital there isn't going to be much that isn't stored in digital form.
The HerdThink at /. appears to be :
"If information is stored in electronic form, it should be free. If it isn't it wants to be. If it wants to be, we should make it happen."
I'm sure I'm not the first to point out that in a digital economy that doesn't exclude very much.
The corporate world is understandably having a tough time facing a future where all digital assets are distributed freely to whoever wants them.
I see plenty of direct-action "break the codes and set them free" type talk on /., talk about fighting for the digital future and our rights. Wholly absent from the debate seems to be a coherent vision of what the future should be, how corporations can survive in the digital age and still make money from their efforts. Maybe we don't think they SHOULD be allowed to make money, or only a certain amount but we should at least come out and say that.
As far as I can tell from reading /. the moral framework we seem to be trying to work toward is "whatever suits me".
That is no framework for a moral society, digital or otherwise.
- SparkyUK.
Count to ten..then flame away if you must.
Why would they have something to fallback on?
Its not like you'd release your second best effort, and expect it to fail miserably. That would look bad on them.
They released their best........hoping it would be fine. It wasnt, and so their best was second rate.
-- Cheer, Cheer, The Red and the White.
So am I - that's why I'm voting Nader on November 7th.
-------
We want some answers and all that we get
Some kind of shit about a terrorist threat
- Ministry
Let the RIAA, et al. fund an independent group called the Music Police that goes around and hassles/busts people with illegal music.
When travelling, it's ok if the airlines lose your emotional baggage.
That didn't seem to bother the MPAA / macrovision folks, now did it? Macrovision is clearly visible on MANY TVs. It manifests itself as a slight flickering at the top of the screen, or it makes the screen get gradually brighter towards the top.
There's absolutely no way the RIAA would give up copy protection to protect sound quality. How it sounds is a second order requirement to them.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
I was about to post a comment along the lines of "so what! If they delay longer, and release something harder to crack (even for the sake of argument, impossible to crack), the market can just refuse to use it, and keep using MP3s and other such unencumbered technoligies...
But then I thought about it. I believe that the music industry has enough power over the users that they'll take what they can get. I don't think the market _could_ realisticly fight the will of these companies. They have little competition, because all the "competing" companies have all globbed together in the form of RIAA.
I don't see a peaceful end to this, because there is a lot of money at stake, and whenever there is money, there is also a rabid foaming-at-the-mouth mob of greedy bastards willing to trample anybody in their way to get at it.
So maybe we should not worry so much about this standard being cracked, because if it was, it'd work just like the DeCSS fiasco, but maybe they'd learn from the mistakes of the MPAA's lawyers. What we need to start worrying about is a way to break loose from this feudalism where the consumer no longer has the power to change things in their favor (partly because most of the consumers are not informed enough to fight back, and there is a lot of money going to PR to keep it that way). Consumers are now Serfs, and large media companies are now lords. I imagine eventually there will be something like a revolution, moving us along the line towards democracy in the information world, but it'll take a while =:-(
---
Play Six Pack Man. I
You're all missing the point...they don't care whether it's cracked or not...they still intend to release it, and let the DMCA protect it against crackers.
RealAudio - StreamBox Ripper, Now illegal due to law suits, but still lurking in warez sitz
Windows Media - ASFRecorder (google it)
Shoutcast/Icecast MP3 - Streamripper
-Jon
this is my sig.
Regardless of what format they use (SDMI or whatever) it will be cracked somehow. DECSS comes to mind. That was supposed to be very secure and it was cracked because Xing messed up. Any two way hash can be decrypted, and it will be in this case with music pirates dying to get their hands on music. What the RIAA should focus on is selling it cheap enough that people would actually buy it. I would personally be willing to spend 25 or 50 cents a song for mp3 music, and I think that actually most people would be willing to do that. The whole problem with the RIAA is that they say that prices need to be higher because of piracy, but piracy happens mostly because of high prices. They should run an experiment and have mp3s for download for $0.25 each or something like that, and see what the response is.
//FIXME: Bad
Ogg Vorbis is actually two layers: layer "Ogg" controls the timing during playback, and "Vorbis" is the actual compressed audio. When Vorbis is done and they move on to video, it'll be Ogg X, using the Ogg timing layer with the X video compression. (X=placeholder. They'll come up with something far more creative for a name.)
No URL, but it was on the old site (before they moved to xiph.org)
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
There go the hopes and dreams of 1000 Internet Humorists out there. Just imagine the wealth of one-liners and skits we could have written if this had only been delayed long enough for the RIAA to spam the news media with tons of chest-thumping propiganda.
All of those clever tainted "watermark" jokes are a moot point now!
------
Let me give you the lowdown
Not quite. They could just change audio formats to DVD and let all the CD players in the world rot away. DVD players would have to have RIAA, DMCPA sanctioned controlers that would refuse to play music without a watermark. Your new Sound Blaster would also have to conform
By the way, in 5 years or so your PC will look hopelessly archaic next to everyone else's pocket jukebox. Who needs physical media when we can all consume great music for just pennies a second?
And why would anyone non RIAA want to record or publish? Don't you know anyone with any talent signs up? As last month's Scientific American put it, you should watch out for "a small number of computer scientists to create software that subverts the efforts of government" because speech without accountability is dangerous and can even get people killed. Better be a good boy and buy the toys that Scientific American has to sell this month November 2000 issue. Publish? Don't even think about it!
Haa-ha
This is one of the problems with the mp3 encoding system. Sometimes the sounds you don't hear are as important as the ones you do; they can deeply affect your emotions or perceptions of the music to which you are listening. By stripping inaudible sounds, people think they can remove a watermark without affecting the music, but really they have affected it greatly.
Care about freedom?
I'd rather be lucky than good.
I guess if the music industry wants it's garganuan profits now, it will need to do the following:
1. lobby congress to legalize murder.
2. hire disenfranchised serbian death squads.
3. locate any person with an IQ above 90.
4. kill all persons with an IQ above 90.
This will have two impacts. It will mean that they'll finally be able to sell Backdoor Boyz to EVERYONE, and that nobody smart enough to crack SDMI will be left alive.
That would be MUCH easier and cheaper than developing a crack-proof protection scheme.
Oh wait, I forgot, there's always DONGLES!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Encryption's cute but its only encryption. Todays algorithms are tomorrow's object lessons in how not to do it.
The problem is one of economic distribution. How to get money from the consumers into the pockets of the producers in some fair and equitable way.
One model which almost works is ASCAP. They're in charge of charging radio stations and other broadcasting media, based on their market penetration numbers, some money for every piece of material the boadcasters, uh, broadcast, (ASCAP IS Big Brother,:-) and then they shovel that money into the pockets of the "authorities of record" who can claim to be the producers of the material that was broadcast. (That's how artists still get screwed today. NEVER, ever, give away your copyright.)
One model which would work in the "Age Of Napster" is to use micro-payment to charge a published sum from the recipient of a file, if the transmission is not declined, regardless of the content or the size of the file, for every transmission of the file over the internet.
Purely local transmission of the file can be presumed to be fair use, back-ups, change of media etc. Re-transmission over the internet would kick-in the micro-payment scheme which would insure that the Metallica's of the world can please just shut up!
This could even be applied to establishing connections for streaming media.
By the way that leaves the RIAA, the MPAA and other neo-Luddites out in the cold. Let those parasites get real jobs.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Why is it that industry guys can't latch onto the idea that no matter what they do someone will break it. Music is about the freeest form of expression there is and their is no way to stop it...stop trying give up, and tell your performers if they want to make money get on a Bus and tour, recordings are ads...the show is what your promoting and people will pay for, if your a musician your job is to come to my town and entertain me, your recordings are just the way of letting me know your out there and get me excited to see your show.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
After suffering at the hands of SCMS on my minidisc I won't be buying into any SDMI devices anyway. They can crack it whenever and however they like, I'm staying open format thank you.
$0.02,
mike
Sure there's something wrong with it. It's giving the record industry free assistance in their attempts to increase their control over digital music, just as the movie industry is trying to do for digital video. Helping them acheive their goals is, IMO, wrong because those goals are wrong. Of course, obviously not everyone shares my opinion, or at least they are using some different logic to justify assisting the record industry by cracking SDMI.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
It being the watermark. If you have an ideal watermark (it cannot be heard) and an ideal lossy encoder (it dumps everything you can't hear), well, your watermark should go bye bye.
Of course, given that watermarks are far less than perfect (you can hear them) in order to be a bit more robust, you could D-to-A-to-D several distinct copies of the secure music, 'average' them, and then encode. With a sufficiently high number of sufficiently different copies of the music, the watermark will eventually be destroyed. This has the added benefit that the noise from the D-A-D conversion will tend to neither add nor cancel, but the signal will tend to add during the recombination phase, improving quality.
In any case, so long as I can buy my digital music anonymously with cash (at a brick+mortar store), what do I care if the watermark is still there? So the music has a serial number? That doesn't necessarily correlate with anything in the real world.
Then there's nothing wrong with the "community" proving it to them with each successive contest that they hold. Unless it's just that everyone's afraid that maybe they'll get it right... And then they'll have to start paying for their music again. Shudder to think that might be the case.
ASF Recorder
:-)
-----
If you made an MP3 of a watermarked track, your new fangled SDMI-compliant player would, at some point in the future, refuse to play it. The whole point of the watermarking system is to be able to uniquely identify a track regardless of its format (CDDA, wav, mp3).
I was initially 'with' everyone here and in the community on the issue of boycotting the challenge, because I thought it would 'punish' the proponents of SDMI if they went to the trouble of commercializing it only to have it quickly broken. I presumed that breaking it now would help the SDMI.
However this article points out a lot of things that seem to be coming true and mentioned in the article that is the focus of this slashdot item, that basically the music company executives didn't expect it to be broken, don't have anything to fall back on, and the SDMI may in fact fall apart now that two years of their work have been effortlessly cut into shreds! Which is EXCELLENT news!
I really wish that the article quoted above had been written earlier and had come to our attention earlier, for it is quite a valid and compelling counter to the "rah rah let's boycott the challenge" idea.
Basically, maybe we were all wrong, and cracking it quickly and effortlessly will not help the SDMI, but actually destroy it! Go crackers!
Even though any watermark thingie can remain, and that there exists a program (or whatever) can identify it as having been an encrypted bit of music once, it doesn't matter as long as no program will bother to look for it. The wave recorder won't care. The mp3-encoder won't care. Gnutella won't care. Your average Joe won't care. Unless you're thinking of a world where a "BigBrother" process is scanning everything you're doing, and telling you that you can't work with this because it's got a watermark?
Kjella
Live today, because you never know what tomorrow brings
"The hacker boycott of SDM organized by suspicious members of the programming community has turned out to be irrelevant."
What the heck do they mean by this? I'm quite amused that some SDMI members are finally facing the reality that it might not be possible to protect music.
Anonymous sources say that its been cracked - no evidence for that, why should anyone involved in this whole scheme be trusted, and why should any information leaked out be trusted?
Cracking SDMI gives the RIAA enough excuse to go running to the governement for even more backing than they got in the DMCA.
They already are asking for all TVs to have anti-copy protection in them, how soon will they be asking for trusted hardware for audio as well?
The assertion that SDMI has been cracked may well come from SDMI members who know that trusted hardware is the next step, and not from disgruntled hacker-anarchists in their midst.
Trust nothing that comes out of this process - there are billions at stake, not to mention hot and cold running blowjobs in the back of limousines.
> Is it inconcivable to build a player that cannot
> be disassembled?
We're talking about software players here, so yes, it's inconceivable. I'll bet my PhD on it.
Some of the best CS theory profs around have given some thought to what it would mean for a program to be effectively "undisassemblable". They've had a hard time coming up with a definition that doesn't just reduce to the empty set. AFAIK, their current best definition hasn't yet been shown to reduce to the empty set, but no-one's been able to construct an undisassemblable program either.
The irony of this mess is this: Napster's user list -- containing e-mail addresses -- is probably worth more than the RIAA or MPAA or Jackie Valenti is willing to admit.
The gold isn't in the music itself. The gold is there for the taking, but no one is moving to take it: it's Napster's gazillion user e-mail addresses.
Why isn't Napster dangling their databases more "publically" in front of the RIAA and MPAA. Why aren't they saying: Screw the content. We've got something better. We've got gazillions of users with e-mail addresses who crave your product??
that's similar to the idea behind css (the dvd encryption scheme), if i'm not mistaken. and i'm sure you've heard all about how that failed...
But, the reason I am replying to this post is to address the concern that the RIAA has no interest in selling their music cheaply in any form. I've thought about somehow starting my own recording company - one that is exactly what a recording company should be: a sound studio for hire to the artists. This company of mine would, for some hourly rate, allow groups to record music in its studios. It would, for some other fixed price, produce CDs for the artist. It would even market them, if the artist was willing to pay extra for that service.
All that may not seem to different from what recording companies do today, except that I wouldn't make bands sign over their souls, the rights to their music, or anything else. I wouldn't even make them buy all of my services - but I might offer a package deal.
I don't have the capital or the knowhow to do any of this, sadly. I'm just a kid in college. If bands wouldn't sign exclusive contracts, we wouldn't need my benevolent company anyway. They could shop around for a recording company all they wanted.
Let's just declare the RIAA a monopoly, and make its members compete. Or declare it a public utility and regulate them.
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
I understand that it enables a duplicate copy version to be traced to an original with a known purchaser. I don't see how that would help-- CDs are stolen all the time. Music can easily be stolen from car or computer.
So you need a hardware player that understands the watermarks. How does that help: the duplicate is the same bits. Either they get played or they don't.
At first glance, it looks like communication would solve these problems--- if the hardware sees its a copyrighted work it might send notification so the owner of the hardware can be billed. But this requires being always on line... thats unworkable for a $50 player.
So, what exactly would watermarks do to prevent piracy (if watermarks were practical)?
Did you think they would just wait for the comunity to do it.. They really didnt want to give out the 10k. I bet they had people working on this since day 1. I am getting tired of all this corporate/goverment bullshit about "protecting" people form what? themselves?
Just imagine entering a contest knowing that your competitors won't enter because of their beliefs. What an edge!
BTW: No I didn't enter. I belong to the moralistic camp.
bm :)-~
US Democracy:The best person for the job (among These pre-selected choices...)
I must admit, the idea of watching the RMIA spend billions implementing a system which then immediately crashes and burns is attractive. The problem is that it would end up hurting all the wrong people.
The implementation costs for any system the RMIA ultimately imposes will be passed on to consumers and hardware manufacturers in the form of higher CD prices and burdensome licensing fees (which will also be passed on to the consumer), and consumers will be forced to adopt a technology which, though not technically secure, will nonetheless manage to inconvenience hundreds of millions of music lovers globally. Waiting until after the fact to crack that system would simply be a case of adding stink to the shitpile. Then it becomes not just a case of onerously burdening the consumer, but -- worse -- onerously burdening him with a system which is useless even for the purpose for which it was created. Which means a new system will be developed and implemented, with yet more implementation costs futilely ripped from consumer wallets.
No. Better to break the watermarks now and let the SDMI implode from the political backlash. It's not about helping the RMIA. It's a case of protecting ourselves from stupid, bull-headed money-changers who are concerned about anything but our welfare.
Lee Kai Wen -- Taiwan, ROC
I mean, the guys who cracked this where probably some folks who thought $10K was a lot of money and didn't mind about giving their work away for that really cheap price, hey, the record industry doesn't even acknowledge their work and downplays it all.
...
Now after the RIAA chose to ignore all advice by the developpers they paid (in total) some million US$ and who must have told them that it wouldn't work, will they finally listen to some hackers who did it for cheap (hell if they hired some decent experts the RIAA 'd have spent $10.000 just to draw up a contract) and dump SDMI?
Obviously not, they will come up with some new watermarks (probably worse than the first batch because it's really urgent now before MP3 is so widely accepted even they can't stop it) and when it's cracked we'll see the DeCSS case all over again. Meanwhile players will hog the shelves because customers don't want to be screwed (we saw it all with DAT tapes) until it leaks out that with one player copy protection can be turned off, at which point "without copyprotection" will become a salesargument for players.
If the RIAA just wants to ignore the fact that digital information can be copied, they should buy earprotectors and blindfolds for their members, but maybe that costs more than $10K
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
I think the point is whoever did the crack wanted to be /known/ as the person who /first/ cracked it. It's really good for the ego if you can go around telling everyone you're the guy that cracked it first.
What we need is a place where people can register their cracks. The cracks would be kept secret until the product is released and after that the first person who submitted a working crack can be given credit.
---
It's time for the record companies to get with the program. The _smart_ thing to do would be to just start releasing albums and songs on their own sites. Let people download whatever they want, and pay for it if they keep it. I'd be all over it. Naturally, I'd expect it to cost less than a CD, but not a ton less.
I hope artists also move to fore -- popular artists (those whose recording contracts permit) should release a song or three (or an album) in all mp3, and just take payment if you keep it. Say, 24 hours trial period, if you keep it longer, you have to pay. Obviously, its all voluntary, but who would balk at paying $3 to $6 for an ablum from an artist they like? I think the honest users of such a service would vastly outway any thieves.
SDMI never had a chance. Though there are many things wrong with the concept, the biggest seems to me that it is no big deal to hack SDMI once an SDMI-compliant players come out. If the player can read the watermark, YOU can read the watermark and figure out how to remove it. Technically, there is nothing stopping you from going crazy Napster style. Thus, the only thing to protect SDMI is the fact that hacking it is illegal. Drugs, gambling, and listening to MP3s you didn't pay for are also illegal. RIP SDMI.
Because the fundamental premise is obviously self contradictory. In order to have a truly effective watermark, the sound must be damaged to the tolerance of an ordinary listener when it's removed. In order to have a publically acceptable watermark, the sound must be unchanged to the most sensitive listener when it's added. The result is that you should always be able to create a procedure that mangles the sound at above the level at which the watermark exists, but below the level where an average listener will care. Doing so may damage the sound for true audiophiles, but won't mean anything to the casual listeners who constitute the lion's share of the market.
There's no point in questioning authority if you aren't going to listen to the answers.
Could you imagine how depressing it must be to spend years of your life engaged in a hopelessly Quixotic struggle against advancing technology? Of course, it couldn't happen to nicer people...
Help save the critically endangered Blue Iguana
As supporting evidence for your distribution model, I would like to point out the piles of shareware on my hard drive that I paid for... oh, wait...... I didn't. Why? Convenience.
If something is convenient in Form X, Marketing can always sell it. If two competing products are convenient, then the one with the biggest edge will win (Betamax vs. VHS). If the edge isn't big enough, both proliferate (Phillips vs. slotted screws).
-- LoonXTall
~~~LXT~~~
Life is like a computer program: anything that can't happen, will.
No, the actual story was that you may or may not disclose details of the hack, but that to be eligable for the prize money you had to disclose and sign the NDA.
From the the aspirations they pointed to in their contest, one of the things was that the watermark was supposed to stay intact all the way from a non-compressed AIF or WAV file down to a 64 kbps mp3. And listening to the samples they provided, I really couldn't hear any discernible difference between the two. Too bad they didn't supply a utility to go along with their samples which would actually let you try to detect the watermark rather than needing to send it back to them...
To summarize: Their goal for the watermark is for it withstand a lot of compression and still remain with the file.
My guess is that the professional cryptographers they had working on this were trying to sell someone something (SMDI to the RIAA), and therefore had a conflict of interest going.
'cmon, spend another few million, see what you can come up with, hit us with your best shot! How many failed formats are you going to come up with before you free the information. You know it wants it!
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I used to hear this a lot when CDs first came out. A lot of fringe types claimed that the CD sample rate was too low to produce the really high sounds so important to the complete experience.
I never did see any study that proved this one way or the other.
Do you know of any?
-Jordan Henderson
Ahem, leaving SDMI for MP3 is just leaving the DMCA Swamp for the Patent Quagmire. Out of the frying pan, into the fire.
Why don't we go for the option that doesn't involve breaking the law (and has nice fringe benefits -- MP3 is old tech now), when we can?
And, by the way, the Vorbis format is finalized and has been for some time. bps limitations of current encoders are only a result of the encoding software, not of limitations of the underlying format. Not to mention that .ogg seems to be sounding better than higher-bitrate .mp3s as the encoders improve...
This does it, I'm re-encoding[1] all the music on my site to .ogg when I get the chance. I need the space savings anyway.
---[1] that is -- encoding new .oggs from pristine audio, not "converting" the existing .mp3s.
"converting" among lossy formats is always going to sound bad.
DNA just wants to be free...
I for one am not worried about it, although it would have been cool to see the RIAA waste billions implementing something that just won't work.
For now, we'll have to be satisfied by playing the "win $10k on free tickets" lottery. *G*
---
[ approaching AI ]
The recording industry has said, in effect, "We won't sell electronic music (for less than overpriced CDs, Senator Hatch) until we have a secure way to do so."
What's their rush?
Stupid job ads, weird spam, occasional insight at
The trick with watermarks is to have a better psycho-acoustic model than what most everybody else uses, and then to replace the parts of the signal, which according to the more advanced model are inaudible but treated as "signal" by other models, with the information of the watermark.
Sure, but then your back to just recording the audio output and making a OGG or MP3 file out of it. The reason watermarkers are cool is because they actually stay in the data through format conversions. They want this so they can track who bought what music, and who gave who what music.
But like the guy above said, it's not possible. the MPAA, RIAA, etc.. are all fucked.
-Jon
this is my sig.
Fool.
Brilliant argument, you've certainly convinced me.
That was sarcasm by the way, sarcasm ROCKS D00D.
The right answer, or at least the more amusing one, would be for somebody to take names of folks willing to chip in $10 and $20 apiece for the first person to crack SDMI after deployment. That could certainly add up to more than $10,000 in no time at all.
The bitstream has to be decrypted before it hits the DAC that produces the analog signal that drives the speaker cone. Sure, stuff could be hidden in bits that get stripped out when the bitsteam is converted to analog, but you could do that just as easily with: /* for example */
y = x & 0xfffc;
(or, for the C-illiterate, preserve 14 bits and set the other two to 0s)
Of course, the manufacturer COULD make a "combination" descryptor and DAC chip, but since we're still talking about two discrete operations here, the DAC part of the process could be eliminated.
Hands in my pocket
The Windows Media Player license for developers of software that plays WM says that the software cannot apply any filters after the WM decoder.
You can't use your reverb filter on a WM file, you can't use your remix-o-matic filter, you can't use your save-to-disk filter, etc, etc.
No link sorry, although you can read the WinAmp changelog for some details.
We read earlier how the Code Book challenge took over a year to solve and that was just a puzzle set in a book being worked on by hundreds of enthusiasts the world over, Yet the best the SDMI can come up with is broken in under 1 month despite being bycotted by most of the capable programmers out there.
Well it seems the SDMI really know what they are at :)
Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece
"If man can make it, man can break it"
The fact that SDMI was cracked means nothing.
The real question is will the "winners" take ten grand and sell out to the RIAA or will they say "Ha, Ha." and stick it to the bastards.
~~ What's stopping you?
I don't think they've got any hope of DA->AD->DA resistant watermarking
I'm sorry, but building watermarking that resists DA->AD->DA conversion is very, very easy to do. You can just apply the same principle behind CDMA that is, add broadband signal with a lot of redundency, and you're all set. Now, resisting to mp3 encoding/decoding is a bit harder to do, but still feasable. Resisting to all the other kinds of attacks, like phase distortion and time scaling, is much harder.
Personnaly, I don't think you can come up with some kind of watermarking that will resist any attack, but we'll see soon enough.
Opus: the Swiss army knife of audio codec
What i wanna know is what part of "up to $10,000" is mine???
"Tension is the great integrity" -- R. Buckminster Fuller
Isn't there a Windows audio driver that records to disk? There's been one for Linux for a while now. These will give you access to the raw audio data, no matter what the original format was, since it has to go through the audio driver to get to the speakers.
[read subject] I want to know how it was done, so I can add a copy to my censored archive. I believe their web site was shut down, but I still have the files from there publically available.
click here for files
-----
Nonononono!!
ASFRecorder only rips the stream from the server - if it's DRM'd it's still encrypted and it won't work if you don't have the license. Similarly Streambox ripper only captures the file - it doesn't remove the encryption.
So I'm wondering when an ASF ripper will appear which - given a valid performance key - extracts the media into some unprotected format. And I'm not just talking audio - but video too.
I'm amazed that nobody has published code to break the DRM (or at least capture unencoded data) on other established formats like Liquid Audio, Blue Matter (basically Real Audio) and everyone's Favourite - Windows Media.
OK there's the little issue of the DMCA which would make such things illegal in the US.
I wouldn't be surprised if some of the SDMI breaks came from Microsoft to help promote their DRM server based technology.
Well, you're probably okay. If you purchased a legal copy of a licensed encoder, then the patent license is already covered there.
Most Free Software projects, however, cannot afford the $15,000/yr minimum, though, so the licensing fees fall on the individual user instead.
As for MP3 distribution, that's kind of complicated. Nonprofit distrbution should be okay... it depends on how you read it. Again, see mp3licensing.com for the exact details.
DNA just wants to be free...
Ogg is the last name of one of the creators. Cool, about time an Ogg became famous!
Fear the government that fears your guns. Fear the government that fears your computers. Remove them from my email.
onerously burdening him with a system which is useless even for the purpose for which it was created.
You'd have a point, except for the fact that the customer isn't buying the hardware for the purpose for which it was created. It was created to suit the RIAA, not the consumer. The consumer just has to use it because their won't be an alternative. Consumers won't care a bit if the system is cracked... the RIAA might though, but that's their problem. If they tried to make consumers buy yet another set of hardware, you'd REALLY see a backlash like none we've seen yet. I'm not talking about a Divx-like backlash where people just boycott the thing. I'm talking about something more along the lines of firebombing the RIAA headquarters in the middle of the night sort of backlash. Basically, they wouldn't be able to pull it off. So consumers would have a system that does what they want, but not what the RIAA wants. Sounds good to me.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Even if SDMI succeeds in launching a "working" format, no matter how crappy it may be, SDMI will ultimately fail. There won't be a lot of players. Why were records, tapes, and CDs so popular? Because, even though there was plenty of content, there were plenty of players. Anyone with enough engineering tallent could build a record, tape, or CD player because the spec, more or less, is open. You don't need licensed firmware to play a record. No one wants to build their own player because they can go into any Radio Shack and get one for around $40. MP3 is seeing lots of cheap, "no-name" players popping up now. Its going to take a lot to kill MP3, a lot more than the RIAA cartel.
SDMI will be a closed spec and a license is probablly going to cost a lot of scratch. After seeing what happened with DVD, do you think that SDMI is going to entrust the keys to the castle with just anyone? You're only going to see only the big name brand players (such as Sony, since they have both hardware and content intrests in this). You won't see any generic players for a very very long time and in that time, SDMI will get hacked again and be abandoned.
MyButt Inc. president Lart Foudly said "This failure does not preclude our finding another of species of monkey which does, in fact, have wings." Industry analyst Lar Jass countered, "It wouldn't have mattered. Even if they find a monkey with wings, which they won't, they won't be able to fit it in there."
The "MFOOMA" coalition has reportedly not been told of the results of the test, but are expected to try and minimize the publication and impact of the results when it is announced next week.
--------
Your observations about identifying the artist are right on- that's why I for one am very excited about one of the 'fingerprinting' technologies being developed. Basically it will be possible to do net searches in the future on snippets of unlabelled digital audio and return the artist's current website/information. This is incredibly important in a world where the information flows so freely- an example, if you use Napster you'll find all sorts of utterly unrelated bands uploaded mistakenly as They Might Be Giants. This is great for TMBG but unhelpful for the real artists- with the sort of fingerprinting we're talking about this would be trivially fixed, and anyone could track down the true creator's identity easily- again, _reputation_ is the key concept. It will become possible to accurately associate a positive musical experience with a specific name no matter how obscure and non-mainstream: compare this with the days of broadcast radio where you had to first fight just to get _on_ the radio and then pray/pay for the DJ to actually announce your name in association with it! This sort of gatekeeper will become a thing of the past- though it'll still have a place, with the new type of DJ being someone of known good taste and ability to audition more new stuff than most people have.
I can relate an anecdote of stuff that's still going on, that illustrates your point. I used to have music on mp3.com (before they turned their contract towards the Dark Side ;) ). It's not mainstream at all- in fact some of it is rather user-hostile, for instance a strange marimba-driven track named Bone Dragon. None of this brought me pop stardom, understandably- but I know my way around a mixing desk and build a lot of radical, high-performance equipment that goes against the habitual sonic dreck people inflict upon their recordings these days (see Britney Spears...), and I attracted some attention from some iconoclasts, and in fact I built *REPUTATION* as someone who could get a sound, an impressively professional sound. This has led me to the point where I'm seriously contemplating doing sound engineering work for a startup (not RIAA) that I've been talking to, and in fact already have a sale of commercial rights for a piece of my music waiting for when the deals are finalised (I'm also making extensive use of my sharpness and paranoia in relation to the contract that people will end up seeing- another area of reputation getting involved). And the first piece of music to find a home in this new context is... 'Bone Dragon'. Yes! The totally uncommercial, peculiar one! *g*
The point is- reputation is fscking _gold_ man. It is substantially more important than immediate cash. The fact that 'Bone Dragon' is out there as lots of mp3s, with my blessing upon their further noncommercial copying, does _not_ make it licensed for commercial use. If someone wants to run that in an advertisement they have to talk to _me_! (If they want to add cheesy singing munchkin jingles to it they'd better be offering a LOT of money, and I mean a LOT. Background use or use under narration does not tend to destroy the soul of the music so readily.) And if they want something else that's like that- again, they have to talk to me. Commercial interests can't legally copy and use the free music I have out there being copied under fair use- and _nobody_ can copy what hasn't been performed yet.
It all reminds me of some of the tenets of the Progressive Party (for which I'll do some voting this November). They are not big fans of inherited wealth, or of wealth derived from high lofty positions. If you think about that a bit you see that what they're advocating is a much tighter link between WORK and wealth- and that speaks for me, very much. Trouble is, I'm a musician (among other things) and that industry is utterly fixated on the creation of intellectual property which is expected to go on earning money _without_ me, for longer than I live. Frankly, I can't see the logic behind this. Okay, supposing I write a hit song and record it wonderfully- certainly that's worth being paid for. Once it's been recorded- then what? Where is the justification that I should be _entitled_ to never work again based on having done really great work once upon a time?
I don't see it, so I am essentially unperturbed by the idea of tossing my music and work out there for the world to scavenge and copy back and forth unpayingly. If I'm any good at it, there'll be people who like what I do- like it well enough that they _ask_ for more, or want me to spend my time engineering _their_ music or some such activity. "Shut up and play your guitar!" "Mix my album!" "Do more ambient!" And the answer is of course "What's it worth to you?". My ability to earn a living wage ought to be tied to my willingness to _keep_ _working_ and producing stuff to benefit people.
For this reason I completely and totally disrespect the RIAA and everything they stand for, and have total contempt for SDMI. It's just more attempts to impose a price on something that was once rare and has become a commodity too cheap to meter- art. Instances of art in the digital domain are too cheap to meter, they are free, there's no sense even _trying_ to mess around with micropayments and that crap (you'll be nickel-and-dimed to death!). Art is free. ARTISTS ARE EXPENSIVE. Think commissions, 'patrons'. If you can imagine a sort of art you _can_ get someone to produce it- what's it worth to you?
Let's see. We'll take some data, encrypt it, and then not only will we GIVE YOU THE ENCRYPTED DATA, we will also GIVE YOU THE SOFTWARE TO DECRYPT IT. And they don't expect anyone to be able to decrypt the data? What the hell is wrong with these people?
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Wholly absent from the debate seems to be a coherent vision of what the future should be, how corporations can survive in the digital age and still make money from their efforts.
There's actually been quite a bit of discussion about this. People know that corporations exist to make money. They know that there's no getting around that. Micropayments has been the most popular suggestion as near as I can tell. The problem is that corporations aren't just trying to adapt their business models to the digital way of doing things. They're looking at it as an opportunity to increase their control over their "intellectual property" to the point that we, as consumers, can't do anything with it that they don't want us to do and that we haven't paid through the nose for permission to do. Once they've got their laws in place and the technology to exploit those laws, they can increase their revenues significantly because there is no competition. Anyone who doesn't play their game is out in the cold.
They've screwed people enough with conventional tactics in the real world. They buy legislation to extend copyrights, even retroactively(which is my biggest gripe about them). They engage in price-fixing. They screw artists whenever possible. Now they're trying to screw us even harder in the digital world. They've gotten the DMCA passed (by a voice vote no less), UCITA is being adopted by the states (slowly though, but it won't matter since you will be dragged to the state of the corporation's choice and sued under that state's laws), and now they're breaking out the lawsuits to try out their newly acquired legislation.
These corporations have too damn much power and we should not let ourselves be beaten into submission by them. They are the enemy! Let there be no mistaking that. They are not just a company out to make an honest profit by providing consumers with a good product. They are a cartel out to monopolize a market and turn copyright law into a grotesque shadow of what it was intended to be. They are out to ensure that fair use becomes nothing but a fond memory and reverse engineering is made illegal. We should be doing everything in our power to stop them. The main barrier to this is the fact that the people lobbying for legislation such as the DMCA are the same people who control the media in all its forms. Most people are completely ignorant of what's going on because you don't hear about it on tv or read about it in the paper. As long as only a few know about and understand what is going on, the media industries can continue to plunder our rights.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
"You see?" they'll say. "Evil nasty hackers destroyed our benevolent effort to release music to the masses before we could even bring it to market. They've proved there's no way to distribute music in an open model."
The solutions they'll offer, of course, are:
- a hardware tax on everything, including computers, that can play or create audio files; and
- mandatory hardware-based encryption for CD players.
Don't laugh. No one thought they'd get the same requirements passed on DAT, which was heralded as all that and a plastic Jesus.-- He's fantastic, made of plastic....
I don't have any conclusive evidence that this is hogwash, but it does remind me a lot of other audiophile bullshit.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
What many of us touted as a PR stunt to show that their new method of encryption and protection of digital music was going to be unbreakable has instead been crushed by one simple truth.
"Anything created by a 40 year old man can be broken by a 14 year old boy"
There is never going to be such a thing as the unbeatable encryption. Or the perfect protection. the only thing that can be hoped for by the recording industry is to make a system that is difficult and discouraging to the general populace. But the information age and the example of DeCSS has proven that once a genie is released from the bottle it becomes nearly impossible to put it back. Sure you can persecute everybody who even looked cross-eyed at the horrible key that opened your magic lock... but that will not stop people from using it once out in the wild.
why are they fighting the technology instead of embracing it? Oh yeah, thats right because the technology makes it so cheap and easy now for a musician to record and release their music that the record industry would no longer be needed.
Come on Record Companies be good bloated dinosaurs and go become extinct, Ok?
While I'm pleased to see that SDMI was so trivially cracked, I'm disappointed that the individuals mounting the successful attack chose to inform the recording industry. As any military intelligence officer will tell you, you don't brag to the enemy that you've broken their codes. Just ask the British government officials from World War II what their policy was when the German Enigma was cracked.
The idea here is to cause the enemy to commit time and resources to a futile exercise. If the crackers had waited until SDMI had been fully deployed in the marketplace, it would have cost the recording industry and anyone else foolish enough to follow their example at least a few billion dollars; enough money to make them seriously reconsider the whole misguided notion of copy protection as too costly to pursue. As it is, it's only cost them one or two million in research, plus the paltry $10K for the "prize".
I would like to see Slashdot invite the SDMI crackers for an interview, so that we can get an insight into their ethical framework, and why they chose to save the recording industry's lunch.
Schwab
Editor, A1-AAA AmeriCaptions
I still don't quite get it. I go to the store and buy a CD that is SDMI watermarked. Then, I rip it and put the file on Napster and someone downloads and runs it in Winamp. Now correct me if I'm wrong, but won't SDMI not work unless every single mp3 player checks for the watermark? Is the RIAA's strategy to simply litigate every non-SDMIing player into oblivion?
Yes, I realize that they could trace the file back to the initial ripper, but if I buy the CD with cash, does it matter? Or is their strategy to simply force every music purchase to take place with an archived credit card transaction associated with that specific watermark?
Am I missing something?
Any audio compression works by removing "parts" of the audio that you don't hear. However none of them work by removing "all" of the audio that you don't hear.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
After all, these guys are my competition! I can put in a lot of hard work getting my sound to be warmer and richer and more expensive-sounding than theirs, but how unutterably sweet it is to have them not only destroying their own sounds through loudness wars on radio (massive, brutal overcompression) but to see them, on top of _that_, inserting digital watermarks to further ruin their sound quality :)
I wonder what it would take to convince them to master all of their recordings by playing them through an old transistor radio and re-recording it with radio shack microphones on a sound blaster PC card in a tin closet? :) Call it pre-emptive analog security bypassing, that's the ticket...
This word came from the Salon writer, not the music industry.
But one possible outcome from this would be that the music industry blames "hackers" for preventing them from introducing digital content for consumers. Then they go to Congress to get a bill even stronger than the DMCA to lock up music and lock up "hackers".
If the SDMI members who represent computer companies and not music companies will step forward and explain what has happened, that SDMI volunteered this test, then the "hackers" will get a fair showing. They should even join us in calling for the music industry to produce open source products at a reasonable price.
If not, then this whole episode is another trap for Free Software people and genuine cryptanalysts to get excoriated in the press and their freedoms threatened. Which is it going to be?
I agree that the concert hall is a richer experience, for a number of reasons, than my living room or car, but this is changing the subject. An even richer experience can be yours by performing the music, but that's not always practical either.
Does anyone know of any research that shows that sound outside of the range of human hearing adds (or subtracts) from the listening experience?
-Jordan Henderson
So by following your theory, no one experienced a "real" music experience until CDs were invented? Hardly! If anything, the properites of other recording mediums give music its character. Some music just has to have that 8-track-click to sound right.
You can legally make copies of musical recordings whether you actually own the music or not. This makes services like Napster legal here. No one in Canada really cares whether a watermark gets traced back to you or not. Perhaps the US should follow in our footsteps.
i know this is off-topic and it is my first post on slashdot, but, i feel, an important one nonetheless. make a change. put power back in our hands. http://www.votenader.com tell your friends, your relatives. give 'em five bucks. don't let our great country be run by corporate puppets any longer.
What is the RIAA thinking? All moderately popular music is available in MP3 format; and those MP3s aren't going to suddenly all disappear. My understanding is that SDMI was supposed to allow record companies to sell music via download. Why not simply sell music in MP3 format, and forego copy-protection?
People who want to trade music will continue to do so even if the RIAA somehow manages (magically) comes up with unbreakable copy-protection. People will always be able to rip CDs. SDMI and similar efforts are pointless, and a waste of money.
If you have a problem with my views, REPLY, don't moderate!
The article implies that they may claim that they are still evaluating results and try and keep it quiet. But what about the $10K award winners? How can you give out the money and not admit they lost?
-- Don't Tase me, bro!
The watermarking method you propose wouldn't fly, for reasons you point out.
I haven't got around to looking at audio watermarks or the SDMI stuff, but I think you'll find that the watermarks are normally manipulations of the frequency domain and not the amplitude. I use the word manipulations because the watermarks won't just add their data in frequencies so much as tweek what's already there. Obviously this depends on the watermarking scheme.
You also store watermarks with a lot of redundancy, for example the watermark stored in the low frequencies will survive being dubbed from CD to tape, while the watermark stored in the higher frequencies will survive complete in any small sound-bites extracted from the music (but only if extracted at a high enough sample rate). A lot of the redundancy in watermarking is basically just hedging bets.
Watermarks can be very effective if you don't know they're there. They're not as brittle as you portray them, of course, once it's known that they're there all it takes is some pleb and a little signal theory to break them
It would be nice if when SDMI disolves, they place all the watermarking research they did and results they found into the public domain (that's assuming that some of the watermarking schemes were actually innovative). I'm not holding my breath.
AES is fundamentally unsuitable for SDMI. Read up on what they are trying to do. If it was just a matter of encrypting the data, that would be easy. But they want watermarks.
Oceania has always been at war with Eastasia.
Maybe you're the one who's been muching the catnip. ;-)
-- Anne Marie
Suspicious of RIAA.
Steven E. Ehrbar
Like it has already been said a hundred times, what's the point? You can always brute-force rip it once it passes unencoded to the sound card anyway. If playback is expected to be a problem, never fear, there will be plenty of non-SDMI compliant players out there, protected by the Sony Betamax decision. What's more, there will be tons of simple easy ways to modify SDMI compliant players to play non-SDMI music. Interesting game of cat and mouse, I suppose, but that's about it.
No, really! I'm one of the *good* lawyers!
They had professional cryptographers working on this, and I expect the cryptographers told them as much, which is why this gives me the willies.
My gut feeling says that they may well have been angling for this crack, in order to take advantage of some legal or PR leverage it would give them.
One way or another, the successful crack is a worth a lot more than $10k to them...
We'll have to wait and see...
DNA just wants to be free...
[Slightly OT, but relevant to digital media none-the-less]
Ok, lets say that SDMI finally comes out with its standard in a year or more but no one publically cracks it. Soon after it's released, a young hacker suddenly "discovers" the way to circumvent the watermark. Why couldn't we start a fund to set up a high capacity server in Sri-Lanka (or wherever the US gov. or the RIAA can't influence the local gov. too much) to be the sole distribution point for the crack (or set up multiple ones in different countries for redundancy if the $'s available) ... Wouldn't this get around the DCMA because it only has jurisdiction in the US?
Comments? Criticisms?
====
"white bread, redneck, chicken-shit, motherfucker" -- Dr. Dre on "Straight Outta Compton"
Isn't there a Windows audio driver that records to disk?
Windows Media Digital Rights Management has a Secure Audio Path ( Google search )that only drivers signed by Microsoft can use. To get signed, a driver has to be bug-free in Windows Hardware Compatibility Labs stress testing, and it also must disable all cleartext digital outputs (including without limitation writing to a file, digital output on the card, and waveOut to waveIn like SB-Live). Unsigned drivers (like your waveOut writer) will not get signed.
Circumventing this with VMWare under Linux and a /dev/audio grabber is most likely a violation of DMCA.
<O
( \
XPlay Tetris On Drugs!
Will I retire or break 10K?
"There are backup plans in place to discover new paradigms"
Oh yeah... it's on right on the plans...
Week 28, invite people to test scheme
Week 33, analyze results of hacks
Week 34, discover new audio watermarking paridigm.
-Erik
or even a sound-card driver that dumps the sound data to a place that can be decoded
There is a secure audio path in newer versions of Windows (ME and Whistler) that only signed drivers have access to. Anything sent down the secure audio path will not get sent to anything but an analog receiver/speaker/etc. because Microsoft signs a driver if and only if:
- the driver passes stress tests in Windows Hardware Compatibility Labs, and
- the driver shuts off all digital outputs (including without limitation waveOut->file, waveOut->socket, SBLive-style waveOut->waveIn, and waveOut->digital out on card).
Using VMWare virtualization under Linux to get between the sound card driver and the sound card is a violation of 17 USC 1201 (commonly known as DMCA).<O
( \
XPlay Tetris On Drugs!
Will I retire or break 10K?
The contest stipulated that you had to divulge HOW you cracked their security to get your share of the $10000. If someone cracked them all, submitted them for analysis, but didn't tell anyone what they did or how they did it, I'd say that action is still inline with the boycott. After all, the RIAA knows nothing more than they're up shit creek now.
In fact, this might have been the most humane way to do this. Crack it before the contest deadline, that way:
- SDMI doesn't get implemented (yet)
- "secure" music seems all the more unlikely
- hardware manufacturers aren't screwed by having to produce SDMI-compatible hardware (at significant cost) just to have the whole thing blow up in their faces
In any case, not much we can do about it now.Mr. Ska
I don't understand why you would want to have waited until after music was being released in this format for it to be broken.
The watermark concept is technically undesirable as it has an effect on the quality of the sound.
I'd rather see the whole concept killed before it get's implemented into the marketplace rather than afterwards.
However, those who have purchased the CD legally will be supplied with a unique set of ear plugs (or one plug for mono recordings) matched to that individual CD which, when worn, will electronically decode the scrambled signal into the original music.
A spokesman for the RIAA said, "although the plugs are each about the size of a softball... a small softball mind you... and add about $100 to the price of the CD, we are sure that the consumer will see this as a very convenient method to protect our obscene profit margin."
Meanwhile, the United Conglomeration of E-Publishers has expressed interested in adapting the idea to electronic publishing, requiring that readers purchase a special set of decoding glasses for each online publication they wish to read. This scheme should go into production very shoSlashdot says bugger off pirate Slashdot says bugger off pirate Slashdot says bugger off pirate Slashdot says
----------------------------------- My Other Sig Is Hilarious -----------------------------------
If you want the full experience and unmodified sound - go to the concert. Fully analog, not modified by sampling, algorithms, or anything else.
Let the RIAA (or whatever they're called) create a 2048 bit PGP key, sign every bit of music with the private key, build the public key into playing devices which would then only play "approved" music. Obviously you can't stop bit by bit copies... What exactly are they trying to achieve with their watermarks anyway?? I never quite understood that. You can always copy music, either the whole CD bit by bit, or if you are getting desperate by converting the analogue signal back to a digital format of your choice. Can't see much use for a music playing device that has no analogue output.. we DO want to hear it after all :)
anyway, what was my point? Oh yes, sign with private key and allow CD players to only play songs if proper signature is present. So simple it can't work... and if it does my apologies to everyone :) hey at least if i publish it here they can't patent it anymore, right???
The idea of inviting the hackers for a Slashdot interview is excellent. I'd love to see it happen.
-- He's fantastic, made of plastic....
The reason is pirates don't care what the algorithm is. They just want to remove the watermark, and the watermark is just a series of pseudorandom noisy bits hidden in the datastream.
First, assume the noise has to be identifiable as a watermark (or else their players won't refuse to play it.) Thus, any software player that can identify it can be disassembled to point out which bits of the stream are watermarks. Remove those bits, and it's gone. The meanings of the bits are irrelevant.
John
John
If the community keeps cracking it before it comes out it keeps SMDI at the drawing board for even longer! Theres nothing that they can come up with that wont be cracked eventually.. if we keep sending them back to rethink it, maybe they will eventually give up! Who knows? Draw back to that is if the do actually release something it will be a pain in the A$$ to crack, but hey it gives us something to do on those lonely weekday nights!
the "Soulmate" from Memory corperation doesnt have sdmi.
the thing is its not expandable, only talks to windows, and the windows interface is pretty cruddy too. the company wont release the xfer specs wither.
side off-topic note: does anybody know how to get a sniffer to monitor parport activity under win98? i would be most happy..
ben at monkey dot sbay dot org
.
...but of stripping watermarks; hidden signals in the audio that are supposed to be able to survive re-encoding and other audio transformations.
The watermarks don't have to be perfectly robust, just robust enough that removing them requires sufficient manipulation of the media stream to appreciably destroy the quality.
Unfortunately, I can think of better methods than what were ostensibly used in the SDMI stuff that was cracked here... interferometry and holography have a lot of related technology to offer...
DNA just wants to be free...
Of course we will break the code - any new code is inevitably broken, especially one tied to hardware like SDMI. Many have talked about the prospects for breaking the code, and most agree - it will be possible in most forms, due to fundamental flaws in the architecture.
Don't worry about breaking any potential codes - it will happen regardless. Look at the massive support for Napster and you can see why SDMI won't work. On the other hand, look at the RIAA's coalition now: fractured, broken. Will they EVER be able to repair it? I hope not.
that's a post-1.0 thing, iirc.
--
Secure Digital Music Initiative Public Challenge
Thank you for contacting us. We appreciate your interest in the public challenge of proposed SDMI screening technologies. The challenge closed at noon on October 8, 2000,
and we are no longer accepting submissions.
If you have previously submitted a challenge, we should already have
contacted you. If we have not yet contacted you, or you have other
questions, please e-mail us at contact@hacksdmi.org. If you need more
information about SDMI in general, please check the website www.sdmi.org.
Thank you again for your interest.
So, looks like it happened on Oct. 8. Sheesh.
"Depression is merely anger without enthusiasm." - Anonymous
The main restriction that CSS, err.. SDMI would impose is that would mandate that hardware and software MP3 solutions would have to convert to SDMI only within a short timespan. Now, if you read the article, it says one thing that none of us would have expected: Many SDMI members think there isn't [another solution to watermarking] -- and that this could mean that SDMI will now implode for lack of any plausible ideas for how to meet the recording industry's demands for secure music. Maybe this means that there won't be an SDMI for a technological century! (Or six years ;)
I used to be someone else. Now I'm someone better.
Real life is underrated.
If it can be detected (and it must be in order for fairly simple electronics in the player/recorder to detect the signal) it's easy to defeat. The whole point of WATERMARKS is that they are obvious to the casual observer. "Watermarked" audio or video requires that the watermark be undetectable to the casual observer. A paradox?
Unfortunately some people just can't learn from history. Watermarks will be defeated not by their triviallity but because the playback hardware will be designed in such a way as to provide an optional bypass around the watermark detection system. The cheats will be come public and that's the end of that game...
Is it all that finalized? I heard something about wavelet support being in the works.
Well, at least in Win2K. Not sure about ME/Whistler.
:-)
The beta Win2K driver for my SBLive was unsigned. Win2K gave me a dialog box suggesting that I don't install it but I did anyway. Worked fine.
Besides, I doubt Linux and/or BSD will be made "SDMI-Compliant" anytime soon...
-Wintermute
Is that watermarking does exactly *squat* to prevent copying and propagation.
I don't even see the logic of watermarking a track in the first place, since there's not going to be any ambiguity as far as what the song is, is there?
If the track can be played, then it's decoded by definition. Buggering the sound with a notch in the frequency spectrum is pointless.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I think the bad PR will constitute a serious blow to the SDMI (unless they somehow manage to downplay or spin it), and I think the lost time will be even more crippling to the initiative.
This means no SDMI players by christmas... meanwhile, more and more MP3 players will emerge and gather market share. If, by the time they come out with a new, improved SDMI, millions of people have mp3 products (especially non-technophile people), it will be much, much harder to pitch it to the average consumer. Hopefully at that point SDMI will go the way of DivX (the pay-per-view DVD, not the compression).
That particular watermark is audible, wich is a very bad thing in my opinion. At least they should try to do a good job at copy protecting, and do it in a way that doesn't damage product. But why should I be suprised that the music industry doesn't care about sound quality; they gave us the marginal digital standard we have today, and are pushing even lower standards like lossy compression.
Sheldon
Yet you would pay $12.99 for 10 songs whose quality is (in most peoples frame of reference) little better than mp3 quality.
"Suspicious" can be used in a number of ways, you know. While you're assuming it was used to mean "Don Marti is a person to be held in suspicion", I'm reasonably certain the useage intended here was "Don Marti was suspicious of the hacking challenge".
--
Good catch. Short answer: Yes, everything specified so far has been finalized, will not change, and is already superior to MP3. As I understand it, the proposed wavelet stuff would be another level, rather like MPEG has layers.
My original point was twofold:
DNA just wants to be free...
Can I just say, from the bottom of my heart;
 Bwaaa-haaa-ha-ha-ha!
Oh, and look - Can you guess who of the "core group of participants (including members of the Recording Industry Association of America) who coordinated the testing process are aware of the contest results" might be? The geeks are inside the corporate machine, we the believers in freedom are always ready to help the fools fall on their faces. Mwuhahahahaha.
--- I'm sorry yerronor, I don't know what came over me.(ahem)
In this case the watermark has already altered the music in such a way anyhow.
---
[ approaching AI ]
Now they also know that ROT-13 is NOT a good encryption method.
No replies made to AC posts. Please log in.
You forgot the "that a moron couldn't defeat part." Sure, you can put in OOB data, and you can bugger up the sound, but you can't prevent a process that would remove the watermark if that watermark doesn't *at least* noticeably screw the sound over (actually, it has to fundamentally change the sound.)
Sure, "moron" was too broad, but any literate kid with a book on DSP could do it.
---
[ approaching AI ]
That translates into a 20% drop in revenues (um, if Coke didn't own every other company in existence, and only produced just coke).
umm... that's assuming that 100% of the people who drink coke agree with your cause.
Ok, now you can go back to your tuesday morning quarterbacking. And I'll go back to watching that pirated dvd i dl'd over my whopping 14.4 connection. (g)
Please explain why you believe it's impossible. Is it because they haven't done it yet?
BTW: Once you convert it to analog you start losing quality, and they don't really care what you do after that.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
The hacker boycott of SDMI organized by suspicious members of the programming community has turned out to be irrelevant.
Wow. I didn't know Don Marti, technical editor of Linux Journal was a "suspicious member" of the programming community.
Apparently, if you don't want to do everything the RIAA and other corporate cartels want you to do, you're "suspicious".
Cute implication.
On the other hand, I also don't think the SDMI crew wanted everything to get cracked either:)
Karma (aka the Golden Rule, etc.) is real, and it is biting the RIAA in the ass, my friends...
And shame on Janelle Brown, the author of the piece, and/or her editors, for putting that defamatory line in the article. Not going along with a cartel's wishes does not make one "suspicious" except in the eyes of the cartel and its allies. Are you an ally of the cartel, Miss Brown/Salon?
-------------
Someday, you're going to die. Get over it.
Are you implying that the MP3 format is illegal and somehow vorbis format isn't?
I'm sorry, but there are perfectly legal ways to use MP3. And Vorbis is in exactly the same boat.
Believe me, if Vorbis was as popular as MP3, the RIAA would be all over it. It is the distribution of the copyrighted material in MP3 format which is illegal, not the format itself. Personally, I have six and a half gigs of 'legal' MP3s because I still own the CDs that I ripped them from. These are legal under fair use laws. Now, in a couple of years, when the RIAA and the MPAA have managed to have fair use laws abolished (because we all know the constitution was really all about protecting big business, and not protecting citizens), then Vorbis and MP3 will both be illegal.
Bite my yammer.
An opposing strategy to the boycott would be for the community to crack everything they release to be tested. This will a) delay boneheaded schemes from hitting the market, and b) demonstrate that the community can and will crack anything they come up with, showing the futility of encrypted music. No, we need new and bold business models to distribute the music such that the ARTISTS get the bulk of the proceeds, not the good ole boys. So let them keep coming up with stuff, and let's keep cracking it until they figure it out. itripn
If someone buys it online from a music corporation, they watermark it uniquely so it can be traced to you.
Then the music corporation wouldn't need to sue Napter when you distribute the music without permission.
They just log the violation, notify the police, then something bad happens to you.
To avoid the ministry of information, you could:
- ignore SDMI like Circuit city DIVX. Let them dump money in another hole.
- keep buying CD's, and encode them yourself.
- never buy a MP3 player made by a music corporation.
- hack the watermarks to make them trace back to Hilary Rosen or someone similar.
- get unmarked mp3's or ogg's from the artist or a smaller then uncorrupt middle man like mp3.com.
You think too: Hey can hit it too like your real dog ?
I'm still trying to figure out what people mean by 'social skills' here.
Ah, I wasn't aware of any of that. I bought MP3Enc years ago from them, but was not notified that I owed them anything for every song that I ripped and encoded for myself. Or is that only applicable if you use it to distribute music?
I think fair use would have to apply in this case. I still say it's legal to rip and encode CDs that you own. Especially if you purchased the legal encoder (as I did) for just that purpose.
Bite my yammer.
...have the record companies considering lowering the cost of CD's?
By my calculation, CD's should cost about $8 at retail based on music prices of about 25 years ago.
Software manufacturers went down this path about piracy prevention about 15 years ago and in the end Borland showed everybody that if you reduce prices, the market grows larger, everybody is happier, and you don't need copy protection.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Where's my Vorbis Ogg plug-in for WinAmp?
Refrag
I have a website. It's about Macs.
BTW, it is much more complicated than that. MP3 compression is achieved in the quantization step, where psycho-acoustic models of human perception dictate which part of the signal gets encoded in which number of bits. These psycho-acoustic models describe what will and what won't be heard. Since these models are based on empirical research, they can probably be refined to a point where the commonly used models encode parts of the signal as audible where the more advanced model identifies this part as unaudible and can put the watermark in there. The parts of the signal which are unaudible are much more complicated to describe than just with frequency ranges. For example, you can't hear a low-volume sound right after (and even a really short time before) a much louder sound of a similar frequency.
The MP3 Codec is propriatary. The patent holder, after years of not caring, is now demanding royalties from each and every use of MP3 technology, including a penny per download, and appear willing to demand that individual users accede to their licencing demands.
Oog Vorbis is not just superior, it is free, as in speach AND beer.
because the music industry big dogs want the public to just bend over and accept it.
As the editor on the piece, I just want to note that the intent of the sentence was to indicate that the programmers were suspicious of SDMI's attempt to manipulate them, not that the programmers themselves were somehow evil. I'll go rewrite it to make it more obvious what themeaning was.
Editor, Salon Business & Technology
Salon.com
It was probably the wrong word to use, in that case, and the editors still should have caught it before it went to print.
Bad interpretation on my part, but I think the adjective "suspicious" should have been replaced by "some" - less chance for misinterpretation, especially since the term "hacker boycott" was used in the same sentence - and we all know what the word "hacker" tends to mean to media outlets other than geek sites and 2600 allies.
My bad.
-------------
Someday, you're going to die. Get over it.