Slashdot Mirror
SDMI Officially Reports on SDMI Hack
A reader sent us the press release that the Secure Digital Music Initiative folks have put regarding the hack SDMI challenge. They are stating that three out of the five were not cracked, contrary to earlier reports, and that of the two that were cracked, one was not a replicable event. Meanwhile, Salon has continued their coverage of the whole shebang.
If it was broken, AND there system could not detect ie the watermark, do they consider not cracked if THEY determine that the sound quality is not good enough? good enough for who? for them? for the people who will be glad to pirate it?
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
In an SDMI world, your soundcard would refuse to play the new .wav because it still has the magic mark of Cain.
Do you realize how *unlikely* this is to happen? Your average game probably has between several hundered and several thousand sound effects, and maybe a few dozen cinematics. Suddenly, every single one of them has to be encoded with the watermark from a completely different industry, just because they happen to both use the same hardware. Amateur musicans would be another group who might not quietly accept getting screwed if SDMI hardware becomes the law.
Causation can cause correlation
And this was happening BEFORE DeCSS. DeCSS makes it easier to transfer the DVD data to other formats but the pirates were already using other methods of ripping the data out (mostly of the type listed above where they would play the DVD through an analog line and recapture it to digital in a non-secure format).
The only consideration is that this group hasn't submitted their technical information (which automatically excludes their attempt from being considered). Now I don't know about most skeptics, but when a group of this stature claims to have done something, I would guess that they were being sincere - how many universities would allow research groups to do work on something like this and then make false claims?
UBU
What's to prevent me from taking an SDMI-protected song, dumping it to a .wav file [1], and then re-encoding it with, say, ogg? As a worst case scenario, I could set up a loopback with the D/A A/D converters on my soundcard to get the .wav. Will the watermark still exist in the .ogg file? Does that matter?
Causation can cause correlation
I remember a few weeks ago there was that streaming radio interview with Chiariglione, some linux webpage, some guy from 2600.org, and the FSF. in that interview, Chiariglione addressed several issues involving "fair use", and he said (rightly) that and SDMI will provide someone with the ability still to copy, but not serially (like the presnet SCMS).
The FSF rep wasn't able to respond to this, but from my point of view, SDMI's ability to make a limited number of digital fulfills the "free speech" needs of the FSF, which was their main concern.
what do people think about that? do i have this wrong?
Its really about the sound data in the file. Hence the name 'watermark'.
If I put a watermark on a piece of paper, and you use a (high-quality) copier on it, the watermark will still exist. The same sort of thing applies if you re-record the music, even if you switch it to analog and back to digital, or so I'm told.
The point here, as I understand it, is not to prevent piracy, but to be able to detect it.
Each song, then, would have a unique 'ID', which would be associated with your name when you buy it. If it shows up on napster, they come after you for the royalties.
If I'm right, hope this helps. If I'm incorrect, please correct me.
Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
"Each submission -- whether successful or not -- taught us important lessons about what can and cannot work in the marketplace."
Ok, lesson here is... if you can encrypt it, someone can break it. Plain and simple.
If it can be streamed, it can be recorded.
Is there such a thing?
Ok, let say you make it where a watermark is 'somewhat secure' (there is nothing "secure" only "somewhat secure"). Say it uses a bunch of random bits that is encoded in the music. What would stop someone from just remvoing the code from the music? The DMCA?
Everyone here has seen a sound wave. Wouldn't the "code" produced abnormal spikes somewhere in the wave? With a powerful sound processor, it could be possiable to proccess the wave in a way to detect the code and remove it. Oh course this is analog.
With digtal music, random bits can be place in locations where typicaly would not produce sound or abnormal sound. Drawing from a "clean" sample patterns can be found for the encoding. Do some math, and the water become clear as day. Once the pattern is found on the single sample, you have to find out how this sample compare with another samples.
This is where it gets complex. If the music effects the pattern of the watermark, one would have to figure out what influece the pattern. It can be rather complex. But here's the problem. One can't just add a bunch of random bits on digtal music and expect it to sound the same. Figuring out where to put the bits, helps the cracker, becuase it makes it easier to find a pattern.
Also, one is limited to the number of bits to the lost of enjoyment. How many can you really put using complex anaglothes in a 4 minutes song? How many of the 50 megs of a wave file or 4 meg in a mp3 isn't really used?
There is one good thing, with effective encoding, it can increase security for simple text messages.
=)
MarNuke
This is not a joke, and is of course the real reason that all computer professionals fear the DMCA.
I have less and less faith that people like those behind SDMI, the DMCA, Library/School filtering, etc. can loose. Yes, thus far people with reasonable, intelligent, knowledgeable positions have been able to hold all that money in check, but I just don't see how that situation can continue. What isn't technically possible _will_ be legislated into effect by people with the resources and desire to see it so.
What those who rose to the SDMI challenge did, if I'm to understand the implications of the end to the DMCA commentary period correctly, is now a felony. It is my understanding that even the Princeton team, a legitimate academic research effort, put themselves at risk of ending their careers by participating in this overtly sanctioned exercise in reverse engineering.
If the mind-blowing amount of money behing initiatives like SDMI can't create a technical solution, you can guarantee that it will realign to bring about a legislative solution, and once that's done, that money will move toward financing enforcement. The truly sad part is that we're already moving into the enforcement phase, and neither of the two possible next presidents have displayed any willingness to curb the trend. As the subject says, SDMI will win, not because of its technical superiority, but because there's too much money working to guarantee that it does.
I've been a cynic for a long time, but I've never seen so much to be cynical about as I have in the past year on the internet.
Ideology breeds Hypocrisy. Just how much is up to you.
They're going to watermark CD's? Does that mean they'll want everyone to fill out a form and agree to the ToS at the record store?
The security of SDMI depends on would-be pirates having exceptionally high standards for sound quality. Given the quantity of 128 Mbit mp3s on napster, I think it's safe to say this is not the case.
WARNING: there is a trojan on your
If it wasn't for the fact that all freely accessible music formats are apt to be declared illegal I'd _love_ the idea of these clowns going ahead with SDMI. I can tell you that it is going to be _noticable_ if you have an ear- perhaps less so if you are 'watermarking' Britney Spears junk, but anyone who is getting a good sound will find that sound _defaced_ by the watermarking. That's not all- radio stations have elaborate equipment to compress and enhance detail on the music they play. Played through that even the Britney Spears stuff will be obviously flawed by the watermarking- it will bring out the distortion and make it audible, that is what this type of equipment is _for_: bringing out hidden detail in sound.
There is a Chinese ideogram (?) which represents both danger and opportunity. This SDMI garbage is just that- both danger and opportunity. There was a time when major label/corporate musical content actually was better than garage stuff- studios were paid for, artists got to concentrate on their work, and a lot of music got created that was really rather good. That's why you're still hearing it 20, 30, 40 years later instead of last year's corporate music product.
That time is gone- now, with SDMI, the corporate music product is boldly choosing to degrade the quality of its product to _substantially_ below what a clued electronic musician (with some sound engineering experience) can produce. That's because the corporate people think they have such a lock on media in general that they can _afford_ to do this to tighten their control- and that is the opportunity.
It's never been a better time to become a musician- not because there is industry support- there's not- not because there's money in it, there has never been money in it compared to, say, going public with a dotcom. The reason it's such a good time to be an indie musician is because the main competition, commercial media, is becoming so arrogant that it no longer cares about any sort of quality. This tends to alienate people, and there are going to be a lot of alienated people milling around trying to find music, entertainment, stuff to listen to or watch or even stuff with a message and a purpose. It's simple mathematics- as the corporate product gets complacent (check), lower in quality (check BIGTIME) and cynical (check), a market opens up for competition to come in. Straight capitalism- capitalism cuts both ways *g*
why does it need an *encoder* to make one, and a *decoder* to play one?
All compressed data is encrypted. It HAS to be to compress it. Think about it for a minute.
The key issue is that for mp3 the key is *public* rather than private.
KFG
People won't want low grade audio and Napster will never take off.
What the SDMI people forget when testing for perfict audio is that they are making a protecting against MP3 piracy.. This will have zero impact.
Accually ANY piracy would degrade the audio somewhat.
So golden ears can tell the diffrence while partly tone deff me can't tell the diffrence..
Someone pointed that SDMI will be flawed but the music industry will just get laws past so it dosn't matter.. Someone else pointed out (to me in RL) that with the United States ellections so close (In all offices) that we are likely to get a pritty much even mix of partys we'll end up with 4 years of bickering and political infighting.. no new laws.. and nothing gets done. So if the SDMI stratagy is to get a new DMCA type thing passed.. Good luck..
Basicly it's not so easy to buy people.. buy republicans and the democrats will oppose you on princaple.. and visa versa.. you can't buy em both...
I don't actually exist.
Nothing is wrong with paying for music. Granted, there is a lot of
:)--powerful people and organizations are
:)
overreacting that goes on: some people really come across as though
they believe that if A) someone creates something, and B) it's really
easy to copy, then C) it must be made freely available to one and all.
But that's not the issue here. The issue is that a lot of
very--temporarily?
attempting to apply laws to a new technological and sociological
foundation, and that same foundation obsoletes many of those same laws
and concepts. They have their heads so far up their assets that they
don't see that this desperate attempt to make old models work in a new
world is doomed.
Perhaps the worst part, however, is that they're foisting the whole
load on the world as being in the interest of the artists. This
hypocrisy is what really condemns them for me. Since bloody *when*
have artists meant a sparrowfart in a hurricane to these execs? They
matter when they have a lucrative track record. That's it.
If you must pity someone, pity the artists. They weren't getting
treated what they were worth before, and they aren't now.
And please please please don't bother mentioning any of the vast
minority of artists who make it to the top rung. Sure, they get big
bucks and all the extras. You only know about them because they're
making money for someone else. Who do you think writes the press
releases, pays the studio/engineer time, yada yada? The execs. Why?
'Cause they'll make a bundle.
There are labels which buck this trend, but they're for the most part
quite new and have grown out of the underground/independent
scene. Which, by the way, is taking full advantage of the same
technology which the Big Boys are trying to suppress. Independent
music is flourishing, since creating and distribution of one's own
works is more available than ever before. Yes, this results in a lot
of drek. But at least with independent music, *you* get to decide what
you want to hear. You don't get your music selected for you by suits
pandering to market pressures. Think they want that pressure? Sure,
it's not a huge chunk out of their pockets, but the competition *is*
there, and lots of studios, bands, and labels are popping out of the
woodwork with independent/semi-independent works which are just so
much better than anything you ever hear on, say, RCA. Godspeed You
Black Emperor, Tortoise, Neko Case, you name it. The execs don't like
this either: competition sucks when your suit costs more than your
PC.
Eventually, with any luck the music industry will simply adapt to the
way things are now, instead of the way they wish they were. But for
now it's gonna suck for a bit.
A 2-1 vote? this is something so subjective i don't see why it matters except for the sdmi to use to make itselft feel better. I mean just what is considered "minimal loss" or "no apparent loss" of quality?
didn't the parc team that cracked it say that the online testing "oracle" wasn't quite working either?
personally i could care less if the audio quality degrades a little for the convinience.
do they really think they are going to deter the masses from sharing music with this technology? even if no new mp3s can be ripped what about all the existing millions of mp3s already out there?
I believe sex is highly over rated... unless it involves me
What's odd about this is that we have a means to break SDMI and produce a file which probably has excellent (given that the people to submit said cracks would be sufficiently happy with their results), but not quite excellent (failing the golden ear test), but free of copy protection. When it comes to "distributing" free music, what will the average user of such services look for? I'd argue that only true sound affectionados would be the ones to get the CD given the option between it and digital music files, and they'd be the only ones that could hear that difference that the golden ears tests revealed.
Basically meaning that since it can be hacked to remove the watermark, SDMI is pretty much defeated.
Save for that stupid little thing we call the DMCA.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Yeah. That's the whole point. The SDMI has to lie now or else they can't lie later. SDMI is cracked (and mathematically we already know from information theory that you can't do what they want to do). A secure system is impossible. They know it's not feasible so they have craft out these early lies to support their later lies when they go before Congress and ask for more restrictive laws and when they go before a judge and ask him to confiscate joe college student's computer and audio equipment plus levy a steep fine because joe knows how to make copies.
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
It seems to me based on the Salon reporting, the MULTIPLE universities and other groups that claim to have cracked all their watermarks, and protection schemes that they are fibbing.
Maybe they have some cute little exception (cant be reproduced on a p100, doesnt sound the same to golden-ears after the fact), but it seems like a fib or a stretch at LEAST to me.
So, what if they are fibbing?
More power to them. Let them release a flawed product, get everyone's support, have it added to a million products and songs, and weeks after release have a winamp plug-in come out that real-time decodes them.
Suits me just fine.
The honest, appropriate, and correct solution to the problem of digital security is to not be militant about it.
Sure, anyone can copy cassette tapes, and lots do. That didnt stop PLENTY of cassette sales.
You say its different because its digital, but it really isnt. The general populace doesnt have the knowledge, time, nor toys that support mp3's in a wide-spread way yet.
Not to mention I dont think it will become super-widespread for another 3-4 years.
(Yes, I know napster has a large user base. Thats not the same as the user base of people with cd-players (home, car, personal, AND computer) now is it?)
In short, the media giants need to just tuck tail. Its a losing battle. Mp3's sound more than decent, and are not secured. They will always be around now. If the music companies had gotten on board sooner, and done digital distribution sooner, they may have prevented it.
All they can do now is try to save their ass.
GPL'd web-based tradewars themed space game
I seem to remember reading that the "Golden Ears" test for the SDMI challenge simply required the "hacked" songs to sound better than a 64-bit MP3. That seems like a pretty reasonable standard to me. I'm not too picky, but anything under 128-bit sounds like crap.
:-)
All you people screaming at the RIAA for their supposedly bogus Golden Ears test should calm down and take a few breaths
Granted, I don't see the point of watermarking, period. If watermarking is used to control playback, you can always convert to a non-controlled format like Ogg or MP3 (through analog, if necessary). If watermarking is used to trace whoever first "steals" music, someone will just buy the music with fake ID, post in on Napster/Gnutella/Freenet, and then the RIAA will have no recourse.
Can somebody explain to me how watermarking is actually supposed to stop piracy (even if it isn't broken)?
Suppose you have two copies of the same song, both carrying a watermark, but different ones. Suppose you substract one song from the other. The bits that belong to the song should delete each other, and the bits that belong to the watermark and that are different in each watermark should remain. That should give you a pretty good idea how and where the watermark is in the song.
By flipping these bits randomly you should be able to perturb the watermark beond recognizeability without doing damage to the song beyond what the inital compression has done.
Currently, the crack attempts had only one copy of the song, and one watermark, to work with. How much easier will it be PACTOR style with two or n identical copies of the song, each with different watermarks?
© Copyright 2000 Kristian Köhntopp
All hacks to SDMI attempted so far have been made without access to the watermarking algorithm. If SDMI is ever released to the public, however, someone will reverse engineer the algorithm--and post it on the web for all to see. As soon as that happens, SDMI will almost certainly be cracked more or less completely. The current contest wasn't at all close to a real-world test.
Has anyone ever had the chance to listen to some of those ear training tapes that sound people listen to to get that good? I listened to one once as it went through a series of sound bursts of 3 seconds through 1 millisecond. Past half a second, they all sounded identical to me. Then there was the test where they raised a certain frequency a few dB above a noise floor, at 50 Hz, 100 Hz, etc. all the way up to 22KHz. That sounded like a 2400 baud modem played backwards.
And yet, my friends in the professional sound field can hear these minute changes in the quality of the sound and correctly identify each one. That's why they get paid as much as ninja Solaris admins. They can't listen to anything less than digital to the speaker theatre quality sound without cringing. Me? I like MP3s and AM radio. So much for the golden ear test. Now back to my Rio.
--
Rob Carlson
The majority of people who buy music are those who are already used to the degradation caused by broadcasting, people who listen to audio cassetes in noisy cars, etc. As long as the music passes "tin ears tests" it's good enough, and the RIAA knows that.
Everyone was trying to boycott the challenge earlier, thinking that if we let them release, we'll break it after it's official. Then some people broke it (for the most part. Not forgetting that it's impossible to secure anyway). Now, they're saying it wasn't broken and are moving ahead anyway! That's the impression I get.
Sounds like a good deal to me.
Jason
The really dedicated audiophiles (no, not the type who measures the quality of his speakers by their price and then puts them in opposing corners of a room) probably doesn't listen to the music that is most prevalent on napster (like 'top of the hitlist'). After they spent like $10000 on their audio equipment they'll happily pay another $50 for some japan-import-CD.
For most of todays 'top hits' it doesn't matter anyway if audioquality is slightly degraded and most people listen to that music as background to something else, like driving, working, chatting, partying etc. Under these circumstances audioquality doesn't matter too much, especially since with the audioequipment it is played on the difference is probably inaudible anyway.
But if the RIAA needs the illusion that noone will copy their music because it's slightly altered to pull through their SDMI scheme I'm just happy to let them proceed with it and fail.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Is it abuse-windows-users day today?
On Slashdot, every day is abuse Windows users day
... because maybe they'll decide that it's good enough, and people can then go through and rip it to shreds three weeks after they standardize on it and release it. Once it's out, perhaps there's a rat's chance in hell of proving that it was faulty technology in court and getting the court to rule against the music industry if they try to sue.
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
seem to be:
1. Watermarks can never provide adequate security for music (or video) because they're necessarily irrelevent to the analog signal contents, which can be recovered without them.
2. SDMI is an unworkable battleground of the RIAA versus all the HW/SW players, where gridlock will reign for years, and technical reality will eventually trump rearguard lawyers.
3. The SDMI "challenge" failure is being stonewalled and spun by fools for RIAA purposes, but they're _not_ fooling anyone who understands music and the bankruptcy of the RIAA.
4. Nonetheless, RIAA controls SDMI (dollars are clout), will declare victory, retreat to an illusion of security, aided and abetted by Micro~etc, to control the masses (for a little while).
5. SDMI is Evil Tech(c) that is inevitably doomed to fail because it flies in the face of both physics (in the form of information theory) and plain common-sense (mp3 is good enough).
6. But don't explain this to the RIAA's fatcat morons just yet - wait until _after_ they commit their future business models to this flawed, hopeless scheme - then, take full advantage.
The MPEG / Fraunhofer / Ogg standards look like a clear case of the technicians sticking it to their corporate masters by defining clean interfaces not amenable to money-grubbing big-company monopolies. Way to go, guys & gals! The best part is that they've been shot throught the heart, but they'll never see it until their business models just keel over and die.
If I can send an artist (or band) $1 to download a whole CD, that will be just as much money as they'd get if I bought it from a RIAA distributor for $16. I'll make the trade and, more importantly, so should the artist or band. The leeches losing out are unnecessary, inefficient, passe' overhead. Labels are dead, now celebrate artists! Look forward to media freedom!
Why should i use SDMI when i already have MP3!
(If you live in the US: ) Easy. MP3 will be found to be an illegal bypass of the security measures found in SDMI and will be declared illegal. So will the CDs you own. And any tapes. And the concept of Fair Use will be thrown out. Just prepare yourself
(If you don't live in the US: ) Try not to laugh too hard at our stupid coporate laws.
This is supposed to be great art. So why does it look like a bunch of decapitated naked people? -- Calvin
Of course, there's another translation available:
...successful attacks were not identified on three technologies, and were identified on two.
Of those apparently successful attacks, one of them was not reproduced on additional music samples as part of our evaluation process.
Neatly morphs into...
"Despite our best efforts, it appears that all 5 encoding methods were cracked. We could not figure how people did it on 3 of the methods because they didn't send the program.
On the two groups that were kind enough to send their program, we could only figure out how to use one of them"
I predict that SDMI will never be broken.
Now matter how many people actually break SDMI and no matter how good the audio quality of files so broken, it will never qualify as broken to the RIAA.
Why? Because they want to have a "secure" standard that nobody could successfully break. (Regardless of the facts.)
They did their part to make a truly secure standard. After SDMI is released and music starts getting pirated, then they can use the DMCA and cry, "look, we spent millions building a truly secure system that had industry support and those evil hackers broke it". This is a violation of DMCA.
In a nutshell, they have no intention of stopping piracy through purely technical means. SDMI is just part of what they need to fight piracy through the only means they understand -- litigation, money, political corruption, lies, etc.
I'll see your senator, and I'll raise you two judges.
In non-independent tests avoided by the majority of people with taste buds, 3 out of 5 cola non-skilled cola hackers report that they can't tell the difference between SDMI and MP3 music.
The industry funded RIAA reported that this conclusively proves the existence of life on Mars, and will proceed with plans to produce Colas that will sound the same to Martians and can't be cracked for their recipes. No Martians could be found who could crack the recipe, according to RIAA.
Rumors that there are no Martians, that colas don't work in low-pressure atmospheres, and that you will never make a profit when people drink the free Open Source cola rivers on Mars were all reported to be just rumors, according to the news media who depend on insider cola event tips and free cola concert tickets from RIAA.
--- Will in Seattle - What are you doing to fight the War?
It is incredibly naive of them to consider a hack on SDMI unsuccessful because professional sound engineers could hear the difference in the watermark-hacked version!!! Especially in the case mentioned in the article where it was a 2-1 vote, meaning one of these professional sound engineers out of 3 didn't hear the distortion.
I'm not sure there's real news yet: The SDMI proclamation and the Salon reporting is just a war of words at this point. What will be of real significance is when an SDMI format is selected, files becomes available, and can be played by commercially available devices. THEN it will be significant if there are cracks of the chosen SDMI format.
imho, I don't think that the people motivated to produce the best cracks (and to build gui crack tools, which are what would do the real damage to SDMI) are also motivated to share the results with the SDMI folks. The real news will be whether successful, reproducable cracks and crack tools become available immediately after the SDMI release.
I think not...(*poof*)
Congratulations, then. Time to call it a success and to implement SDMI, isn't it? I'd love to see them say that as their final opinion. SDMI is flawed and they know it. I'd rather they implement a flawed technology than we can handle than to come up with something even more wretched.
In case no one's mentioned it, the Ars Technica run down on how SDMI is cracked:
...the Princeton results? This bit on IDG.net clears things up quite a bit. Check it:
"Our focus has always been on the scientific question of whether the SDMI's technologies, if deployed, could be defeated by pirates," the statement read. "We demonstrated that they could be defeated, by making small modifications to the music files so that the watermarks were no longer detectable but the sound quality was still acceptable. "Instead of the scientific question, the SDMI has chosen to focus on who is eligible for the cash prize that they have offered. Since we chose to forgo the cash prize in order to retain our right to publish our results, we understand that the SDMI no longer considers us to be entrants in their contest. Their announcement regarding their contest does not invalidate our scientific results."
So it looks like the Princeton hacks weren't counted. Furthermore, the Princeton team will be releasing their findings to the public, so if one of the "unhacked" technologies gets picked then info on how to defeat it will soon be public knowledge. I'm sure SDMI thinks they're going to sue under the DMCA to shut Princeton up, and I hope they do. It'll make for a great test case for this unconstitutional bit of legislation.
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
ht tp: //advice.networkice.com/advice/Intrusions/2002901/ ?magic_cookie=2f312e31
Is it abuse-windows-users day today?
"Hot lesbian witches! It's fucking genius!"
Are you confusing "effective access control" with "perfect/absolute access control"