Slashdot Mirror
SDMI *NOT* Cracked!?
StoryMan writes "Inside.com is reporting that Salon jumped the gun when it reported that SDMI had been cracked. I think this is fascinating. There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"
the square root of -1 is well defined, its not "imaginary" as many "I dont understand mathematics but I'll pretend to because its hip to know this shit" people seem to imply. (-1)^(1/2) is just as well defined as 1 or 1^2 and so on... its a rather unfortunate choice of names...
its actually quite a bit of a joke you see... if you have used up all the 'real' numbers, what numbers are left? well, imaginary ones of course! Of course the name does not actually mean that the number is imaginary... its just our 1dimentional definition of a number line is inadequte in many different areas.
to wait until they adopt it as standard (and have spent lots of money on implementing it) and then tell them it was cracked?
I read the article. The head of the SDMI is slandering Salon.com because he says *only* the SDMI can determine whether their encryption has been cracked. He forsakes the notion that whomever has cracked their encryption can also claim that the encryption has been cracked all without the SDMI blessing.
The first paragraph of the Salon.com report even says: "A spokesperson for SDMI has denied the reports".
Quote from the Salon.com article: "A spokesperson for SDMI has denied the reports."
somebody at Salon probably read it
I think you just put the ass in assume here. Gotta love irresponsible reporting.
The article was quite explicit about the fact that all the reports were unconfirmed. Shame on the `readers' who never read it!
I think the question here is not whether or not SDMI has been cracked, but how the SDMI will choose to define "cracked".
As anyone who has studied advertising knows, a company will always make the strongest possible statement about a product they can, without breaking the law. For example, a company will say "no one else's window cleaner cleans better than ours", while in fact five other products clean just as well (but not better!) but may cost less, be more environmentally friendly, etc. So the statement is true, but misleading.
If SDMI hadn't been broken, they would have explicitly said "No, it hasn't been broken." The fact that they didn't means it probably has, but they're going to try to spin it, and redefine what they meant by "cracking" it, and just do a lot of hand waving.
So what if all 450 uploads haven't been verified; all it takes is one with the watermark removed, and the rest don't matter. It's quite possible that one of the first few uploads they checked was successful, and hence made checking the rest not necessary. That would explain the leak was so soon after the closing of the contest.
Well, I think excellence is gonna be in the eye of the beholder, so that's why I didn't really focus on that part. Ethically, I think they're rotten at the core, but that's pretty unavoidable when you have someone like David Talbot as Editor in Chief (I'm assuming that he still is) — and I'm just talking their journalistic ethics here, not their history of sketchy business ethics. As far as excellence, it's a total judgement call, but I think they have a lot of things worth reading there, especially Camille Paglia, some good in-depth articles (when they're not mired in shallow/sloppy academic left thinking) and their Survivor and Big Brother recaps were a riot.
Cheers,
Unfortunately, Inside.com was wrong (or you're at least misinterpreting). Not only is the prize money split between successful hacks, but the conditions for a successful hack were never really laid out by SDMI. If you read over SDMI's rhetoric you'll realize that it will be a cold day in hell before they pay anyone anything.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
I found that interview very enlightening. What, Salon shouldn't publish the interviews they do with stupid people? Exposing the thoughts of the people behind SDMI is useful--- Salon certainly can't be held responsible for those stupid opinions.
Would you raise the same objections to an interview with Jack Valenti because he also said things you know to be untrue and misleading?
I know this is a nitpick, but this should read:
It is illegal to sell a CONSUMER GRADE VCR which can record Macrovosion infested signals without degradation.
Similar to the whole hubub around DAT, there is professional gear that can get around the "protection". (heck, there's even some non-pro gear that has hidden "menus"... heh heh)
Karnal
Check out the site
http://www.cyberdeck.org/countzero/techa.html
It has some spectral analysis.
There is a thread entitled "hacksdmi" going on security focus' vuln-dev list, somebody at Salon probably read it and saw some of it and just assumed.
In any case, they put the ass in assume here. Gotta love irresponsible reporting.
...until it becomes illegal to manufacture and sell non-SDMI-compliant devices. (hint: VCRs and MacroVision)
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
touche...
I seam to slaughter homonyms when I type to fast.
You know what happens when you assume?
I think the idea behind SDMI is to use the watermark + SDMI compliant hardware/software to keep the music from being duplicated (though I don't know how a watermark is going to stop 'cp'). Removing the watermark would allow you to copy the music.
I really don't know why this crack SDMI thing is going to matter anyways. I was looking at some sony hardware this morning and it all claimed to be SDMI compliant, so it seems to me that SDMI in it's current state is going to be the official SDMI (or else anyone buying sony hardware is going to have fun upgrading it). I think the SDMI people planned on what we know now as SDMI being the final version, whether it gets cracked or not, and they were not planning on informing anyone if it did get cracked.
Sorry about the double post.
The best way to accelerate a windows box is at 9.8 meters per second square.
Hey, somebody had to say it....
/.
/. If the government wants us to respect the law, it should set a better example.
If you are out there and you cracked all of it, how about just posting the plaintext of these puppies somewhere and that will eliminate any possibility of a 'cover-up'.
:-), got any bodies from Area 51 too?
While we're at it,
"It's simply not true, because we, ourselves, don't have that information."
Hello, this is your wakeup call. Its morning and the sun is shining.
"It's simply not true, because we, ourselves, don't have that information."
What a lamer.
satire, n: 1) witty language used to convey insults or scorn; 2) a form of humor lost on most slashdot moderators.
So, given this and Mr. Chiariglione's comment, "... the fact that somebody has found a hole is good information, because then you could put a patch to it and you can make your algorithm much more robust", it seems that the SDMI ideal is simply a compilation of patches, plugs, and fixes.
Is this a fair assumption? Does this mean that SDMI-capable devices will need to be constantly upgraded as new patches are implemented? Can we say "losing battle"?
- Jonathan
From the inside.com article, "a $10,000 prize was offered for each successful hack".
Phillip.
Property for sale in Nice, France
Only buy devices that are not SDMI compliant and spread the word about the availability of such devices.
People who bite the hand that feeds them usually lick the boot that kicks them
No one will buy a SDMI file.
No one will buy a SDMI Player.
No one will run SDMI software.
No one needs to crack SDMI ... The same content will be avaliable as cds.
Artists who release music only on SDMI will be hurt financially.
Hardware manufacturers who use "mp3 timebombs" will be liable in class action lawsuits.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
I don't think thier goal was to look good from the get go... They are trying to protect thier profits. What would they gain by hiding the fact that it was cracked?
$10,000 isn't really all that much to a huge corperation, they probably make that much every few hours. And im pretty sure they knew how unpopular they were goign to look to begin with by trying something like this, so they can't really come out looking any worse.
Well, what do you expect the higher-ups at the SDMI to say? "Yep, it's all over folks, we're going home!"
That seems hardly likely. Instead, this will be dragged out as long as possible by denying, hiding "evidence", and downright lying whenever possible. They know an anonymous source will always raise doubts, so as long as it is unconfirmed (and no one is willing to come forward -- which would be professional suicide), they're home free... Besdies, if they really want to continue, they can always they they "have no record" of the successful crack methods that Salon claims. It's just that easy...
They would have plenty of possible reasons to deny everything, not the least of which is that once they fail they may or may not be paid to keep going on the same track...
Of course, that is just IMHO. Take with a grain of salt.
Peace!
------
Mr. Low Resolution
Or maybe it is just an attempt at damage control... Salon said it was cracked with ease, SDMI say no such thing happened. The truth is probably somewhere in between...
It may be true that they have not yet tested all of the entries, but they don't have to do that to say whether or not every watermark has been cracked. Didn't they have around 6 watermarking schemes? That would mean that a minimum of 6 potential cracks have to be verified. If a watermark was cracked, it was cracked. There is no need to wait and see if 50 other people also found the hole before you know it's there. The hole is just as real if one person found it as it is if 500 found it. This sounds like stalling to me.
"I seam to slaughter homonyms when I type to fast."
Did you do that on purpose? If so, it's not funny. If not, it's pretty funny.
--
The implementation costs for any system the RIAA ultimately imposes will be passed on to consumers and hardware manufacturers in the form of higher CD prices and burdensome licensing fees (which will also be passed on to the consumer), and consumers will be forced to adopt a technology which, though not technically secure, will nonetheless manage to inconvenience hundreds of millions of music lovers globally. Waiting until after the fact to crack that system would simply be a case of adding stink to the shitpile. Then it becomes not just a case of onerously burdening the consumer, but -- worse -- onerously burdening him with a system which is useless even for the purpose for which it was created. Which means a new system will be developed and implemented, with yet more implementation costs futilely ripped from consumer wallets.
No. Better to break the watermarks now and let the SDMI implode from the political backlash. It's not about helping the RIAA. It's about protecting ourselves from stupid, bull-headed money-changers who are concerned about anything but our welfare.
Lee Kai Wen -- Taiwan, ROC
"Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection."
:-( Just another reason to hate the DMCA
Thats pretty heavy shit..
Jeremy
No, quite the contrary. Salon should definately publish the interviews which they do with stupid people. But perhaps they should also do one of the following:
Challenge it during the interview. The person doing the interview should have some clue about the topics.
Make a mention of how it was incorrect in the article.
But yes, Salon should definately publish interviews with stupid people. Stupid people aren't quite like cockroaches, in that when the light comes on they fight rather than run, but they're certaintly as disgusting and as numerous.
Would this have any bearing on the "illegal" use of the crack in the future? If the RIAA owns the rights to the crack, and the DMCA is bound to be shot to heck, couldn't they use other means (i.e. copyright protection) to keep the crack from being distributed?
Didn't PeeWee Herman offer $10,000 for the safe return of his bike? With the plan of not giving the reward because the returner obviously was the guilty party? I think the sample song for technology D was "Tequila".
I know a Doctor from Cornell and he is an idiot. How that for slander?
One, we don't want to go that way. Two, that's the only way we don't want to go...
Here's why?
1. I don't think this technology could ever work. It takes to much effort on the end consumer to have SDMI complient software and hardware.
2. The fact that there was a boycott AND that if the schemes were all cracked that should make an even stronger statement.
3. If SDMI decided to implement a scheme even after all of this hoopla then I believe they will be wasting a lot of time and money. This is also good in that it keeps them occupied chasing rabbits rather than doing something bad that is actually possible.
Heh, I agree...I'm sure there's alot of Label big-shots breathing down their necks.. :)
BUT the director or some guy in charge (can't remember name,morning coffee didn't kick in)over at SDMI said that they had seriously considered the possibility of them being cracked and have a plan in place in case that were to happen.
Whats that plan? To take all your vacation time now while you can?
I'm interested in seeing what exactly the status is...even though it will be cracked if it hasn't in fact been already.
Sehr geehrter Toilettenbenutzer!
You may not have noticed but many people and especially corporate-style groups are not good at admitting they're wrong. They've received 450 submissions. I'd say the chances are that the 6 SDMI technologies have been cracked. The first question they'll ask themselves is "can we cover it up?". Otherwise they'll probably have to throw out a lot of work, and suffer the bad PR that will result.
the money is peanuts compared to the pr.
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
If they want a real conservative, they should hire Cal Thomas. This guy actually called the public schools PAGAN!
Numbers 31:17,18 Now kill all the boys. And kill every woman who has slept with a man,but save for yourselves every virg
As a quote from the article "When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside"
Information wants to be free like speech wants to be free, not like we want beer to be free.
I never knew that mis-reporting the possible end of a competition was slander.So,it looks like the SDMI will live after all.
Even if there is a way to crack SDMI did anyone ever think that the SDMI group would admit that it's a lost cause, didn't think so. The claim that if they didn't hear about it first that it didn't happen is silly. If this logic wsa valid then then if you dont know something then it dosen't exist (remeber those cartoons where the person runs off the cliff but dosent fall because they didn't know what gravity was?).
Information wants to be free like speech wants to be free, not like we want beer to be free.
They have an awful lot more to be afraid of than we do.
No matter what, inevitably, they're going to be fighting people who are a lot smarter than they are. I have no doubt that no matter the technology they come up with a way to crack it.
It's always a stupid idea to fight people that are smarter than you are.
Paul Anderson
"I drank WHAT?!" -- Socrates
Care to send a pointer to the "law" that states that? I don't think you can, because I don't believe there is such a law (at least none that I could find).
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
How do you get private information into the public record? By lawsuits!
If some number of hackers believe they've been wronged, then they should take the SDMI group to court. SDMI will need to pay up the $10K or demonstrate in a public forum (the courts) that the hackers did not in fact break the watermarking. To do so, I think, would likely expose enough about how their watermarking works to make the information useful.
An expensive way to get there though...
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
I don't think it's too strange.
They could cover it up so that they won't have to pay a thing.
Then they'd say "There were no holes, but just to be on the safe side we changed some things anyway"
But let's wait with the conspiracy theory until after their review of the 450 entries. Reasonable doubt and stuff (you can find more than enough doubt around here, it's reason that's sometimes hard to get ;-)
Nobody believes the official spokesman, but everybody trusts an unidentified source. -- Ron Nesen
You're not kidding. Talk about the government overstepping the boundaries...
...this is getting out of hand
Wasn't the whole point of the contest to see HOW SDMI would be cracked? Hence the apparently-ineffective boycott and everything else... the SDMI corporations wanted to tap the collective brainpower of the geek scene...
End of lesson. You may press the button.
Macrovision has always been a total joke anyway - just run the signal through a timebase corrector and it's gone, and you get better-quality dubs to boot!
Thank you for taking the time to share your side of the story. My extremly cynical view of the media still exists, but it appears you and Salon are welcome exceptions to the rule.
Keep up the good work!
-----------
end communication
Salon had this very interesting article saying that insiders do want to see SDMI cracled. The logic behind what they are saying is quite believable.
Really, it looks like more people hate SDMI than even DiVX (the circuit city one). I know I'm not going to touch it with a ten foot pole even if it means I pull out all my old vinyl (or tape off the radio).
The only ones that like it is the RIAA, who thinks that they can win a kind of "tech nuke race". Evrybody else knows that there is no such thing as "perfect encryption", legally enforced or not.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
really.. didn't anyone else see this coming? I saw this all as an ego trip to begin with. "oo our stuff cant be cracked" and watch.. even once it is they will deny it because they are cheap bastards. anyone participating in this at all should see that.
- yezzz, my name is a joke.
I totally agree... didn't anyone else see this coming!
- yezzz, my name is a joke.
OK, maybe SDMI was cracked, maybe it wasn't. We'll find out soon enough. It's ridiculous how everytime people read something on slashdot they assume its the truth. First everybody was all bouncing around that it was cracked, and it was gonna die, and all that from an unconfirmed news story at salon.com, and now everybody is calling salon.com liars and assuming that it wasn't cracked. Before you all jump to conclusions you should wait until a few more facts come in. Let's not get all up in arms and start calling salon.com liars and slanderists and whatnot. Just be patient.
//FIXME: Bad
I really don't see where the libel (thanks, all you legal types) is! The title of the article says "SDMI cracked!", but that's actually the only place where the word "crack" is used. So, even leaving aside the the various and sundry possible definitions of "cracked", not to mention the fact that headlines hardly EVER reflect the actual content of an article, Salon clearly mentions in the first paragraph that (a) a spokesperson for SDMI has denied the reports (b) that three OFF-THE-RECORD sources provided the info (note that it's THREE - Hemos didn't even get the number right - does THAT qualify as libel?), and (c) "not one single watermark resisted attack." As many astute observers have already pointed out, "not resisting attack" is not quite the same thing as being "cracked", and still others have noticed that Mr. C. has NOT DENIED that either ("cracked" or "failed to resist attack") is true. How could this POSSIBLY be libel/slander/whatever? He's obviously just blowing smoke out of his (rather well-defined) anus.
Or slashdot jumped the gun when reporting that Salon reported that SDMI was cracked? It's a moot point, though, since it's bound to fall eventually.
-- Anne Marie
To quote the article:
[Y]ou know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.
So, then, whom are you going to believe? A historically ethical and prudent news magazine or the RIAA who "doesn't know what the fuck is going on; I repeat, we don't know our asses from our elbows, and we've only started trying to determine the difference since this past Wednesday"?
-- Anne Marie
It's libel, specifically group libel, an outmoded and obsolete legal classification in all but the most ignorant and backwater of jurisdictions, like Texas (re: Oprah's battle with the cattle industry a few years ago).
-- Anne Marie
One of the great moral questions of our time (and equally true for all time) is whether truth will out. Thank heavens for slashdot, A New Hope. Thank heavens for the diligence of slashdot's readership and the glorious pursuit of truth. We should all get together in one big group hug and pat ourselves on our collective back. Good job. Keep up the good work.
-- Anne Marie
niceFire.com - Humor and Lego's or Lego's and Humor or Some Combination of
sorry if this has been asked before, but does someone actually have the original 6 files that were posted on http://hacksdmi.org that were supposed to be the challenge?? i'd like to view the spectrogram of those files to see if there is a visible watermark in the frequency distribution. i've heard that these watermarks are supposed to be able to survive the conversion from digital to analog and back again, so i don't see how that can be true unless they're visible (through a spectral view of the waveform) or clearly audible through anyone's ears. thanks. d;d
I know by fact that the Alg of the program has been decomplied. This has been done by a group of people that I use to work for. They just have not put it into public record for all of us to gain the new information. The group is........OTB. Just lower the letters by one in the English Alpha and you will get the name. Talk to you soon!
If Salon is right and all watermarks are cracked, then the SDMI can hang its head in shame and admit it is a flop and a failure.
If Salon is wrong and ther watermarkes haven't been cracked by the oh-so-short deadline, then SDMI can get the royal screw over once it reaches the marketplace and the full 100% of the hacker community is dedicated to cracking it instead of holding back due to some notion of protesting.
Either way SDMI is screwed because they first screwed their customers.
If I was a webzine whose stock price was $1 I would publish an article stating SDMI was cracked. No doubt about it. Then I would start inverviewing presidential candidates like a bat out of hell. Funnily enough salon.com seems to fit the picture perfectly.
SDMI holds a $10,000 contest to crack it's encryption.
SDMI gets cracked.
SDMI responds by.....covering it up?
Um, First Posters sure do come up with some strange conspiracies, don't they?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Why do you have to analyze all the results? If the first file you check has had the watermark removed, and sounds fine, you can bet you are screwed. The files are all independent. The extent to which the first file has been cracked does not depend on the next 449 files.
If I recall correctly, the hacksdmi.org website said that they would be performing some sort of quantitative test to determine how much the uploaded song differs from the original. Given that this test and the test for the watermark can both be easily automated, they have a pretty good idea of how "cracked" their algorithms are.
Sure, they will still want to do more analysis of the samples. Any they probably want to try and wrangle the details out of the people who submitted the samples. But they know. And that's why they're pissed. They know which uploads have the watermark, and they know how similar to the original they all are. If this crap worked at all, they would have said something positive.
Curiously, at almost the same time, the RIAA announced a new program to prevent piracy. See the C|Net story here. The idea is to create a "digital bar code" for songs to allow tracking of copyright information, etc. On the face of it, this sounds like a whole new tack for the RIAA. Any maybe it is. However, the article says:
Nevertheless, if it proves to be difficult to tamper with, the system could be a potential way of identifying authorized and unauthorized songs being traded through services such as Napster.
It sounds to me like the exec's at the RIAA know that their SDMI scheme is going down in flames, and are looking for a backup. However, it sounds like they are going to head right back down the watermark path. Only this time, instead of trying to encode a single bit (play / don't play), they will be trying to encode hundreds or thousands of bits. Whoever brought up Don Quixote in an earlier SDMI thread was right on the money. These folks aren't ever going to learn.
Who ever decided to call this technology watermarking anyway? It's really a horribly inaccurate name. The whole point to a real watermark is that it's difficult to create, and easy for everyone to see. But with "digital watermarks" the idea is to make it invisible. An invisible watermark it what they should call it. Maybe then people would understand what a stupid idea it is.
And there's possibly 450 valid entries?
Each perhaps winning $22 for their work?
Hope they enjoyed it. They obviously didn't do it for the money :-)
Nick Waterman, Sr Tech Director, #include <stddisclaimer>
Even if it wasn't cracked yet, these people seem to be in too much denial to admit it's even possible, let alone inevitable, and if they "manage" hard enough, they can make their echnology do anything they want, including dividing by zero and taking the square root of negative numbers. The results, of course, would be nonexistant and imaginary.
before I make any judgments on who is telling us the truth...
.. I mean, think about it. You're working on a CD encryption scheme for 2 years, and proclaim it completely secure. To prove it, you announce a contest to crack it, all the while comfortable with the fact that nobody will be able to do so. Then somebody does. Uhho, now what? If you admit it, you look foolish, having wasted time and money.
That's what I would do..
------------
CitizenC
Yell, Speak, Protest, Get on the News... Whatever to let the Common Consumer( CC ) know what is going on. Most of them don't give a flying rat's ---- what the --- is going on. They see new technology - go Gee, This looks neat and buy.
We, who ( mostly ) know better, ( at least about this sorta stuff ), need to educate them. Protest, Scream, Bug sales-people about how bad SDMI is. They may convey that to the end-user. Word of mouth sells - so does word of math discourage sells. ( Eggh, Word of mouth - I like that word of math phrase.. anyway.. ).
There's a gorilla from Manilla whose a fella that stinks of vanilla and has salmonella.
As other posters have pointed out, all you did was report the news. If Chiariglione has a problem with that, too bad. He should take it up with the people who leaked the story, not the people who printed it.
Free Hans!
In general, I'm impressed by the quality of Salon reporting. I don't know much about this particular case, but when I've seen their reports on events that I've attended (for example, Ralph Nader rallies), they've been accurate and got their quotes exactly right. This is in contrast to every other news item that I've been involved in or knew something about. I've seen my own numbers embellished (this turned out in my favor actually), quotes from people who never talked to the reporter (obvious quotes that you'd expect someone to say), and various careless blunders as well as other blatant lies. As long as they qualify their stories with "an anonymous source said..." then I don't have a major problem it. You have to be skeptical anyway.
Napster also makes a direct connection to transfer the files. In reality, even if it was routed through a third party it wouldn't make any difference, unless the third party somehow scanned the files being transfered, undoing whatever packaging someone had done, etc..
What the hell does either Gnutella or Napster have to do with child molesters?
If someone runs files from an untrusted source in an account which can do anything other than play in a very contained environment, they deserve what they get. (Yes, with Windows everything is root. They deserve what they get too if they do this.)
Oh, and this "key technologist" has a doctoral degree from Cornell.
I can only conclude, given Shamoon's qualifications and educational background, and the fact that Salon posted this and still expects to be taken as a credible news source, that Shamoon knows something that I don't. I can only surmise, therefore, that Shamoon knows of some group of child molesting virus writers out there who are involved in creating subliminal messages to embed in the music which will mind control any children listening to it to have sex.
Oh, wait, SDMI is embedded in the content...Nah.
Maybe, Salon was cracked..to post the SDMI cracked story, which slashdot posted, and now refutes that SDMI was cracked, which points to Slashdot's credibility to posting the story that SDMI was indeed cracked.
"As for the suspicions raised by members of the digital community as to the rationale behind the contest, Chariglione -- a widely experienced technologist and veteran of standard-making bodies including the Moving Pictures Expert Group (MPEG) and the Open Platform Initiative for Multimedia Access (OPIMA) -- is unconcerned."
He's very concerned.
"This is common practice. We are talking about extremely sophisticated technology," (DVD CCA) "and the best brains in the world" (MPAA) "cannot think of all possible holes" (MP3). So let the public at large" (Jack Valenti) "describe the hole, if there is a hole."
"And what if it does turn out to be an across-the-board win for the hackers? "I really hate to give an opinion on something that at the moment is very hypothetical," (We're up the creek) "he says, "but you know, if the technology has been defeated, it doesn't mean anything. (We're like a one-legged man in an ass-kicking contest) Actually, the fact that somebody has found a hole is good information," (Like WWII) because then you could put a patch to it" (Yeah, that's the ticket) "and you can make your algorithm much more robust." We have no idea what to do next.
Now that would really be something...
sulli
RTFJ.
maybe it has been cracked, but SDMI doesn't want to admit it, because they'd have to
1) give up $10,000
2) look like a complete ass
btw, did you notice that the form on the SDMI page had said that the cracker -MAY- win $10,000?
hmmm, so what's that supposed to mean?
--------------
Maybe Salon created/embellished a story that wasn't really there? Kinda an out-there therory, I know. One wouldn't expect that type of thing from journalists.
Now if you'll excuse me I have to go watch a very special "It Could Kill Your Children" on Dateline NBC and read up on the start of the Spanish-American War.
-----------
end communication
Slander is by definition oral. Once it's written down (as publications do by publishing it), it becomes libel. It's an incredibly important distinction, and it further undermines the consortium's credibility for failing to make it.
-- Anne Marie
I know this post is a little redundant, but a while back I emailed them asking when results could be expected and they replied with this:
"Date: Sun, 15 Oct 2000 14:28:48 -070
From: contact <contact@hacksdmi.org>
Subject: RE: When can we expect official results?
Submissions from the public challenge are still being analyzed. Thanks for
your interest."
Nobody can give a "cracked"/"not cracked" answer until all the results have been analyzed. (Although, I suppose they could give a "cracked" answer if their system REALLY sucks...)
Aaron Plattner
http://www.cyberdeck.org/countzero/techa.html is very good for analysis and i appreciate the reply so fast. but a "spectrogram" is not a way of zooming in and looking at a tiny sample of the wave like that website does, it's a view of the entire wave with elapsed time on the X axis and frequency response on the Y axis and is far more revealing about things like watermarks and inaudible data added to sound. with a spectrogram we could make many more educated assumptions about these watermarks, the formula behind them if any, etc. without doing wav>mp3>wav or digital>analog>digital conversions and merely hoping for the best, so if someone has a spectrogram of the original HackSDMI wav files, or if someone has the actual wav files where i can download them, please let me know either way. thanks.
Thank you from saving me from having to make that point.
Imagine Salon said movie studio insiders had declared that FooBar: The Movie was going to be a bomb, and that the studio replied that
"When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer. It's simply not true, because we, ourselves, don't have that information. Our test marketing committee started working on the test screenings Wednesday morning, and it's simply impossible to say whether this is true or this is false."
Now, sure, the insiders might be wrong; after all, the cracks/movie haven't been fully evaluated. But it's the way to guess.
Steven E. Ehrbar
And bluster like this deserves nothing. Janelle Brown and Salon put their individual and corporate necks on the line; and all Chariglione does is spew hot air. If they've published something inaccurate, then you know that they'd be sued in a hot minute -- we know just how fast the music industry sues anything that crosses their lawyers hair-trigger gunsights.
I am certain that it is possible to crack the SDMI watermarking, but I am surprised that it was done so easily.
More power to Brown and Salon for having the guts to publish this article. We need more of that kind of courage.
thad
I love Mondays. On a Monday, anything is possible.
The way the "contest" worked, you got 3 sound files for each set, 2 of them were the same segment (one with watermark, one without) for you to analyze, the 3rd is a segment with the watermark that you were supposed to remove, then re-upload. The upload server automatically checks the files for the precense of the watermark, and rejects them if its not found.
The fact that they've got 450 files to analyze means that at least that many files were succesfully uploaded. Now, it's possible that a bunch of people uploaded random noise or badly distorted versions of the sample (I'm not sure whether the upload server checked that), in which case it's not really a "break" - but I suspect at least a few of the uploads were real breaks.
...and as for the idea that it wouldn't be broken because a bunch of internet hackers decided to boycott it.. well, most software or system crackers out there probably wouldn't know where to begin to crack something like a audio watermark (unless they had the watermarking source to disassemble) - if there were successful breaks made, it was probably by audio stenography experts that already had a good understanding of how the process works and what its shortcomings are.
If you read carefully, they're saying "Since it hasn't yet been proven beyond a shadow of a doubt that it wasn't hacked, as of this moment, it wasn't hacked." Corporate denial at its finest.
Their accusations against Salon are pretty extreme, considering that they themselves don't know that Salon was wrong. They're just pissed that Salon got someone on the inside to talk, and messed up their chance for a damage control press release. Salon was perfectly ethical. The article mentions that it's an anonymous source and not the official word. The article simply makes it clear that there are forces within SDMI that want it to die, and who assert that it will. That there is no uncrackable watermark is common sense, so I don't think Salon went too far.
WARNING: there is a trojan on your
niceFire.com - Humor and Lego's or Lego's and Humor or Some Combination of
Let me try to explain why watermarks will fail: JPEG and MP3 are both streaming formats. Consider an ID3 tag on an MP3 file. An ID3 tag is 128 plaintext bytes of data added to the end of an MP3 file so you can fill in the song's title, artist, album, etc. The ID3 tag is totally separate from the audio itself, since it comes at the end, and it does not change the audio one bit. This is very similar to the way GIF89a images can have text inside them; text which is totally separate from the image data because it comes separately at the beginning or end of the image data. In stark contrast, a SDMI watermark is NOT separate from the audio itself. It is actual changes to the audio file itself interleaved throughout the audio data from beginning, to middle, to end. It is a series of actual frequency changes IN the audio, not outside of it at the beginning or end. It's a series of very slight changes, designed to be so small that they're inaudible but can be picked up by a watermark detector. The bottom line is that SDMI watermark DOES alter audio since it's PART OF the audio data and is not separate from it. Also above you provided a link to a site about JPEG watermarking and the claim is that the watermark does not affect the JPEG image. JPEG and MP3 are very close relatives. JPEG watermarks DO affect the image data, ever so slightly, if it's interleaved. You can't see it because it might be a difference of 1 or 2 shades per pixel on a palette of 16777216 colors (JPEGs are 24-bit by default). a JPG with a non-altering plaintext watermark inside it would be invalid and unviewable, since you'd have image data and non-image data together. Like, the image would cut off where the watermark is, and start off further down out of alignment. It's the same concept behind skips in MP3s. If you miss 10kb or so due to a bad download, you'll be able to hear the rest of the song but there are frames missing and there is a loud glitch. So SDMI is a data-altering watermark which alters the audio and is not the audio the artist intended his audience to hear. It's amazingly close, but it's not the same. Anyway, i don't know yet about 100% eradication of music watermarks, but when it comes to killing image watermarks, this works great for me: Just open the watermarked image in your favorite photo editor, highlight the entire image from very top left to very bottom right, and copy&paste that as a new image. Don't just copy&paste the whole image .. actually highlight from top left to bottom right and paste as a new image, new selection. There goes the watermark! Poof.. gone.
Wrong. It is illegal to sell a VCR which can record Macrovision infested signals without degradation. This is part of the DMCA. If the VCR's electronics are not confused by a Macrovision signal (e.g. due to automatic gain control), the manufacturer has to intentionally add electronics that recognize Macrovision and deny or screw up the recording.
All the content industry has to do is buy some more Congresspeople and get that restriction to apply to every technology. I.E. if a protection technology gets more than x% of the market, it would be illegal for a device to record or retransmit in spite of it.
No longer will active circumvention be required to prove an offense, but merely not recognizing/being affected by protection will be illegal, As will giving any info that could aid in the construction of such a device.
Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection.
Just because it CAN be done, doesn't mean it should!
Just wanted to say that the Inside piece wasn't meant to pass judgement on Salon's story (or Salon itself) -- we just presented Leonardo Chiariglioni's position, in his words, as the head of SDMI. As has been pointed out, he didn't say the six technologies hadn't been hacked, just that no one knows for sure yet, since the review process is ongoing. (Personally, I would be surprised if the hacks weren't successful, given what people have been saying about digital security.) But just to be clear, it was Chiariglioni who characterized the Salon report as wrong, unfounded, etc., not Inside. And I don't think it would be fair to say we "bought" his spin by publishing his words -- I did my best to raise in the story the significant doubts people have about digital security in general and the enormous, perhaps impossible task the SDMI has set for itself, and if you check Inside's coverage of SDMI and the major labels' pretty lame attempts at public secure-music trials so far, I don't think we've been coddling anyone. At any rate, having Chiariglione's words out there complements Salon's piece (IMO), and we'll have to see how SDMI handles it from here. (email: johara@inside.com)
We checked out the story with three members of the coalition, all of whom confirmed it. They did so off the record, of course, which puts us in a vulnerable position. But all I see in the inside.com article is one source, the executive director, who has every reason to be unhappy with Salon, not just for this story, but for previous stories in Salon that painted him in an unflattering light.
We printed their denial, we checked it out as best we could. I won't respond to larger questions about Salon's "ethics" but I'll defend Salon's technology coverage to the DEATH.
Editor, Salon Business & Technology
Salon.com
He's denying it, but he has not said that it has not been cracked. It was a very careful, political statment.
What he didn't say is if the group that reportedly cracked it provided the "plaintext" of the watermark. If they managed to extract that, then all his bluster is about evaluating how well they removed the watermark and eliminated the damage the watermark caused.
...as opposed to the degradation caused by a watermarking system designed to be detectable even after passing through an MPEG decoder -> encoder -> decoder cycle? After being recorded to analog cassette? After being compressed for FM transmission? That kind of degradation?
The Inside.com reporter did not understand enough about the technology to ask the right questions, and let him/her self be snowed.
"How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
Watermarks are only useful for one thing: tracking the original source of a piece of information.
If the goal is to nail the original poster of a copyright work, watermarking will fail: as compression technology improves, watermarking information will automatically be stripped out as it is non-important information.
If the goal is to allow buyers to time, space, and media shift a copyright work, it will also fail: users will buy players that don't require the music to be encoded with some realbits+watermarkbits = bigprime scheme. Even the DMCA doesn't force hardware manufacturers to use protection technologies.
Watermarking only works if a) the end user devices are all SDMI compliant, b) the end user devices refuse to play anything but compliant audio, and c) no one bothers to break positive watermarking (i.e. if no watermark, you don't play.)
Point b is possible but not likely. Point c will happen rapidly if point b comes to pass.
I've been looking into watermarking a bit, and I'm less confident about such assertions than I was a few days ago.
In particular, there's this awesome paper online. (Click .pdf or .ps in the upper right corner of the page.) It's remarkable stuff, even if you just look at the pictures. For example, they show a photo before and after watermarking. As you flip back and forth, it's as if the shadows have somehow subtly changed. They do all sorts of crazy stuff like JPEG encode/decode, cutting off parts of the picture, adding noise, photocopying, multiple-watermarking. But none of that destroys the original mark.
Frankly, I'm QUITE surprised that anyone could break watermarks under the conditions of the hacksdmi contest. (Come to think of it, the proposed "technologies" were not all watermarks, right?) My feeling is that if SDMI keeps the watermark verifier in hardware, cracking their scheme could be a real bear.
At least, until some community-friendly engineer anonymously posts details of the verification process on USENET from a public-access terminal. :-)
Quoting from Salon's article:
One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."
Quoting from Inside's article:
'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.''
IF it had been an entirely internal affair, I MIGHT sympathize (nah, probably not!) But in either case, the C-man's wrath is misplaced. He should be angry at the leakers, not at Salon. What he's really saying is "You had no right to report this until *I* said it was OK, because I'm the head honcho." That thinking may apply to whatever underlings leaked the info, but not to the independent media! Salon was carrying out their journalistic duty to REPORT NEWS, and I don't see this as being sensationalist. They presented all the (available) facts, they included both sides (i.e. the fact that the "official report" from SDMI was still forthcoming), and they didn't over-exaggerate the importance or significance of what they were reporting.
One thing I'll buy - he's probably not lying when he says they don't know. I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings. They haven't had enough time to do an in-depth study yet, so it's unlikely that any results are %100 conclusive yet (it couldn't be THAT bad... could it?) On the other hand, educated guesses are often VERY close to the mark, and I suspect some people who know what they're talking about were doing the leaking. And as the C-man points out, it's not a cut-and-dried "it's cracked or it isn't" judgement. A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...