CPRM Lecture

QuantumG writes: "I've written a summary of the lecture at Stanford by Jeffery B. Lotspiech / IBM. John Gilmore (EFF) was there and other than hounding Lotspiech with ethical questions, gave me a free T-shirt." We can't argue with that. Stanford has the video online, in a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer. There's some sort of lesson there, I think. But the video is good, well worth watching.

Tree isn't current model

[KMSelf]

The keyspace currently is a matrix. The tree model was proposed as a means for addressing several concerns, incluing enlarging the keyspace, discouraging certain attacks, and minimizing storage requirements for holding the keyspace. The tree is designed such that a minscule subset (several hundred?) keys would actually describe (and allow to be derived) all keys in the tree.

What part of "Gestalt" don't you understand?

Re:MS is actually the freedom choice

[dse]

- ASF is patented, however.

- Microsoft did force the author of VirtualDub to abandon ASF support in its product.

There may be a copy of the file VirtualDub_source-v1.3c.zip out there somewhere, though.

--

Re:So you can't save it.. [or can you]

[dattaway]

If you captured every bit of the conversation? Well, let's say the server issuing the video issues a unique cryptographic challenge and expects your computer to issue a unique response. This can allow fingerprinting each movie downloaded with your identification. The only problem for us is that the proprietary player had part of that key negotiation and verified it was an "approved" download. So you can now see it once.

Looks like the future of computer technology is getting permission to use the stuff we just bought. Great progress in exchange for our pocketbook.

Re:The backup protection system

[cpt+kangarooski]

You say that now. Imagine if this system had been put into place in 1980. Would you stick with your Apple II+ or C64? They're attacking us way the hell upstream, which gives them a substantial edge. And businesses are stupid and shortsighted, and motivated by money, so they have a reasonable chance of success.

The best attack is to not let it get implemented at all, ever. Ignoring by assuming that it can be cracked, or that it won't sell (even when there are no alternatives) is not going to help our side of things. We should also crack it, and also refuse to buy the hardware whenever possible, but that's not all that we should do.

Yes you can save it.

[spotter]

yes it can only play in windows, but download the asx file, open it in notepad, and what do you see

http://cobb.stanford.edu/ee380/010404-ee380-100. as f

easy enough to save.

Re:Yes you can save it.

[spotter]

my bad. It seems they are evil. and they ignore requests from non any media player apps. But as it is using http to stream, this should be easy enough to figure out.

Re:Yes you can save it.

[nyet]

That doesn't work, but streambox VCR 1.0 beta 3 (if you can find it) can save it fine.

I would post the (50+M) asf on my website but I can't handle being slashdotted.

If you have a decent mirror, respond here.

Re:Why didn't more slashdotters attend...?

[adraken]

Well, frankly I hadn't known about it. In fact, I had a class upstairs not 15 minutes before this started. Gr.

Re:Highly confusing.

[general_re]

That's true, right up until the point that you DeCSS the original DVD data, producing unencrypted data. Remaster, burn to DVD-R, and off you go - unless the DVD consortium is planning on making it impossible for corporate/home users to produce their own video on DVD, I don't see how you can stop it from happening.

Re:Highly confusing.

[general_re]

I should have been a bit clearer in my post, sorry. But I don't understand how this makes DVD's (as they currently exist, anyway) any harder to decrypt. The whole point to CPRM, as I understand it) is to restrict users abilities WRT data that they don't "own" ("own" in the copyright sense, anyway).

But, if I have a fast enough system to DeCSS a disk on-the-fly, such that no encrypted data ever touches my CPRM-enabled hard drive (although I'm not sure if I'd have to go to those lengths anyway), then as far as CPRM is concerned, that raw, unencrypted video file is mine - I own it, I created it, and I have the right/ability (in the TECHNICAL sense, not the LEGAL sense) to do whatever I like with it.

In this limited case, the weak link is the DVD spec, not CPRM. Since DVD is broken, unless they change the DVD spec, I can produce unencrypted data which, AFAIK, CPRM has no way of knowing actually belongs to someone else.

And I don't believe for a minute that a watermark yet exists that can't be scrubbed away (who know about tomorrow, though?). There's only so much you can do to digital media without affecting quality, and I've seen no evidence that watermarks exist which can survive the sorts of conversions/compressions/modifications that even normal users do, let alone someone actively attacking the watermark. If you want to wipe a Digimarc watermark, for example, it's not exactly hard - no statistical analyses of LSB's or any crap like that.

Or am I missing something? I don't claim to be an expert on CPRM, and I make no claims about more secure media which doesn't exit yet,so if I'm totally off-base, please let me know - I hate to wander around all ignorant like ;)

Whoops...

[general_re]

My bad - for some reason I thought this was ATA-only, but after rereading the proposal more closely I see that The Man is actually targetting ATAPI devices from the outset. CPRM on ATA hard disks seems like a bonus side-benefit for them.

I stand corrected. And that's more of an admission than you'll get from most people here.

On the other hand, "everything you know is wrong" is a pretty strong statement that I will take issue with ;)

Getting Keys from Black Boxes

[sig]

In the summary, QuantumG makes the arguement that if keys are hard to get from legit devices, they will necessarily be hard to get from blak boxes too. This isn't necessairily true. If you are a cracker, you will need to peel back the insulation on the chip and understand the lithography of the chip (hard), or use a brute force, exhaustive search of the entire keyspace in software (not technically hard, but takes billions of years). However if you are CPRM, you have a list of all the valid keys sitting on your desk, so rather than an exhaustive search of the entire keyspace to find out what key a black box is using, you only need to test the keys on your list. This is trivial, and as such makes it very easy to deactivate a comprimised key, even though getting keys out of legit devices is still hard.

cya

Re:Getting Keys from Black Boxes

[QuantumG]

it's not really trivial.. you have to encrypt a plaintext message with every one of your (how many billion) keys and then feed them in one by one. But yes, this is how they would do it.

Re:No problems saving it

[Kris+Warkentin]

Yeah? Try looking at the file you just saved with at text editor. It will say something like 'ASX 0023581-153-25.asx' The web server doesn't even send it unless it's the asx client making the request....

*sing* I'm a karma whore and I'm okay....
I work all night and I post all day

redirection and circular reference

[Kris+Warkentin]

the asx file points to an asf file which points back to itself....very strange

*sing* I'm a karma whore and I'm okay....
I work all night and I post all day

Re:The backup protection system

[WNight]

Yeah, there is that. Myself, I'm never going to give up my un-CPRM hardware, so I'll always be able to do what I want with media.

But, I doubt it'll take long for the watermarking to be cracked. Detecting watermarking isn't something you're going to do in an custom chip, it's going to require a fair bit of horsepower and a general purpose CPU. This essentially means that the watermark reader is 'just' software, and thus much easier to crack. Once it's cracked, we'll know what it looks for and how to block it. Watermarking is *only* security by obscurity. Once you know what they're doing, you know what to undo.

This assumes that the watermark checking is done in the speakers and monitors. If it's done in Media Player, for example, it'll be even easier to crack. (That is, assuming the next hacker at MS doesn't just grab the source for WMP.)

Re:The backup protection system

[WNight]

I agree, we should fight it in all ways. I have purchasing approval at my company and I'll never approve CPRM hardware, as long as anything else is on the market. And I'll speak up to the HD manufacturers about it.

And as to the sticking with the computer... My Apple2 couldn't play music and videos as well as a stereo and TV. If they go with the watermarking and it can't be cracked, I'll simply wait for the DeCSS of the future and play the watermarked video on my current PC.

I don't mean I'll never upgrade, just that I'll keep my current hardware as well, if they build backdoors into the new stuff.

Finding the purloined key

[WNight]

Finding the key a device is using will be easy. The content creators will have a list of all of the keys they used (true even if there were thousands or millions of possible keys, in a search space of 2^128) and can simply feed the device a media stream encoded with various keys until it decodes it.

Whereas hackers can't do this because we'd have to try all possible keys, not just a short list of potentially valid ones.

Hackers also aren't likely to build a device in such a way as to make reverse engineering the hardware difficult. (My company makes custom hardware and it's quite expensive to make something that a skilled engineer can't figure out.)

FPGAs are out, because you send the 'program' to them on startup. You can do clever bootstrapping where there are multiple layers of encryption, but that just takes more time - proportionally more of yours than of the attackers. ASICs are more expensive (being custom) and are usually a fairly standard chip, like an FPGA, except that it's preconfigured (and static). This means that if you do open it up and examine it, it's not that hard to decipher. So you're looking at a special-made chip, designed not for efficiency, but to be hard to understand.

That's massively expensive, you need HUGE volume to make the cost bearable.

A hacker would just use an FPGA and some flash-ram, to allow reconfiguring with new keys when they were needed. Who cares about killing WMP by invalidating all its keys...

As for why it's hard to get all the keys from a device...

It would decrypt one key at a time and use it. Only if that key didn't work would it use another, probably encrypted much differently. You'd have to wait till media without the first key was released to be able to 'easily' snoop on the device with logic probes and capture the key.

Finally, software... The idea is to not give WMP a decryption key. WMP would have an access key, to perform the basic 'release the encrypted data stream.' It'd then pass this off to the USB speakers which would perform the actual decryption, in a chip right on the back of the actual speaker, to reduce the length of the wire with the unencrypted signal in it.

The industry won't do another DVD CSS, where it plays on 'open' hardware. They know the weak link is software. They'll put CPRM in all the devices, without using it, and when the market is saturated with it, they'll release media that requires a CPRM HD, a CPRM monitor, and CPRM speakers.

Of course, now that the DeCSS has woken us up, and more people know/care about the issue, it'll be worth a few talented engineers ripping the actual hardware apart and decoding this. And when it does come tumbling down, it'll *kill* the industry behind it. They'll have basically given the encryption chips away for free to manufacturers (to encourage their use) intending to make it up on licensing fees from the media people. When the scheme gets broken and companies get POed that their DVD player is being excluded from new media, they'll drop the scheme. And when the media people realize that their user base is drying up they won't try anything basic on hardware again.

It does raise the bar on hackers, but it REALLY raises the bar on designers and implementers. And it only takes one skilled hacker to bring it tumbling down.

Re:Finding the purloined key

[QuantumG]

Once again, very nice to see people thinking about the technology. Lotspiech was quite agreeable with the claim that WMP would have keys inside and that you would be able to break it. I dont see your claim about the key's being decoded one by one. Even if this is how it works (and I'm not saying it is) then one can always note that key, flip a bit, watch the decryption fail and get the next key. Scratching the DVD could be the simplest way to get a player to give up all its keys. Also I dont think this is going to be a custom bit of silicon. These days the line between software and hardware is so blured in consumer devices that most just use a "secure processor" which contains some firmware. This is hard to break, but if you're going to succeed, you are going to get all the keys, not just one. It occurs to me that 4C being able to essential paperwieght a lot of hardware that has already been sold to stop people copying content is a little too draconian.

Re:So you can't save it.. [or can you]

[hardaker]

Well, I wonder if their protection scheme would deal with you simply starting tcpdump on a linux box next to the windows box, caputuring the entire conversation with the server and then later playing it back to the windows application again. (granted, you have to later set up the windows box to use the linux box as a router, spoof the address of the site if it was hard-coded, ...)

Re:So you can't save it.. [or can you]

[hardaker]

Thats why I was saying "I wonder if". If I were implementing the protocol that the video is streamed over, I'd certainly implement it in a way that authenticated based on a cryptographic checksum, was encrypted, ...

However, we already have proof that many other systems (see DVDs for an example) don't necessarily do a good job of the protection they do implement.

Watching the lecture now...

[Racher]

I was watching the lecture, and after about 5 minutes of the Prof. talking about how you had to be to 8 of the 10 lectures, otherwise you wouldn't get credit, I realized that I was late for my Astronomy class....

Oh well...

...and I'm not sure we should trust this Kyle Sagan either.

Re:The backup protection system

[Bazzargh]

SDMI devices watermark content for you when you add your own (non-watermarked) content. This isnt a line of defence, its a means of tracking who created the content. That being said:

It would be virtually impossible to sell users a system which does not play their existing non-watermarked content. I own >300 CDs, which would cost me £3-4000 to replace (and that's just CDs!). The cost of a PC is sub £1000, and a CD player is peanuts. Hence I (and others) would far rather buy an alternative device to play on than replace my media. So, you're not going to get rid of non-CPRM data for a long time yet.

Attempts to introduce uncopyable CDs as a stopgap, like Gmbh did, have foundered on peoples unwillingness to buy media which might not play on their own machine (10% of players in Gmbhs case).

The bottom line is, theres nothing here for consumers. Unless theres something in it for me, why would I buy CPRM hardware? To turn your argument around, 'few consumers will bother with having a special nonstandard system (CPRM?) to NOT PLAY their content'

-Baz

Re:Interesting Lecture.

[Bazzargh]

Pirates working in volume have access to industrial equipment. Hence the argument that this prevents 'perfect' copying is crap. Its aimed against copying by the consumer.

Re:Why didn't more slashdotters attend...?

[QuantumG]

what do you mean "more"? No-one attended. Not a single person. Not one.

Re:Interesting Lecture.

[QuantumG]

I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.


Thanks for thinking about this. I specifically asked Lotspiech this question and outlined the senario. His response was "umm, so you dont believe in tamperproof software" I told him I didn't and he said "no, neither than I" he then repeated his statement about this being a "little speedbump". As for the question of this going into harddrives and harddrives doing the decoding, it's not going to happen for the sole reason that there will not be standard and 4C cant control the manufacturers.

Re:i love these lectures.

[QuantumG]

first to post

No, that would be the only person who went. There was a guy from The Register there, so you might see a story come out of it, but basically we had access to the creator of a technology that everyone makes a big stink about, who you could have asked questions, interrogated (and John did man) or otherwise annoyed, but no-one went.

Re:Unique Media Key?

[QuantumG]

The unique id is hashed with the media key and the key you retrieve from the media key block to get the cypher key. You could build a device that just tries to bruteforce the unique id (which is on the burst cut area of the dvd that you cant write to) but you cant use a standard player, and that's the point.

Re:Summary?

[QuantumG]

damn straight. It is my summary of CPRM, which I can sum up in one sentence: it aint gunna happen.

Re:why not use mpeg?

[QuantumG]

Microsoft provides the data storage for Stanford (as if Stanford can't afford a few gig harddrives) and as part of the agreement they have to use WMP format. The lecturer was quite upset about this.

Re:Highly confusing.

[QuantumG]

No, there's a uniq id on the hub of the DVD (in the "burst cut" area that can't be written to by anyone who doesn't have funky lasers) which is hashed with the media key and the key taken from the media key block (which you need the device key to decode) to determine the cypher key. So you essentially copy all the bits off the DVD and put them onto a new DVD but you cant change the uniq id in the burst cut area so the player cant decode the data.

Re:Missing the Point

[QuantumG]

no not at all. If I'm going to have a boot in my face I want it to be a real boot. Not some fake boot that I have to pretend is real because there's a law that says it is illegal to break it. The mere fact that you can build circumvention devices shows that it is impossible to do this. So yes, come up with a better system and I will break that one too and another and another and in 10 years time when no-one has been able to agree on a secure music standard, I will know I've won.

Re:Missing the Point

[QuantumG]

Worth it? I dont understand, the question is, do you want something that really is hard to get around or do you want something that you are required by law not to get around. I think it would be amuzing to see the battle between DVD rippers and 4C, but I'd much rather see it on a more level playing field. So far what I've seen has not impressed me.

Re:Summary?

[QuantumG]

Well John Gilmore pretty much stole the floor which you can see if you've seen the flick. I think the organiser actually gave his microphone to John. Basically everyone in the room was like "I can break this, I dont even have to go home and think about it, I'll break it right now" which is a sure sign that your system is lame. But yes, there were some serious questions after the presentation about why Jeff was doing this. He appeared like a very ivory tower type who had fallen into a project that would have actual real effects on society and he had no real idea about what was happening around him. The most worrying thing he kept saying was "well, this is just entertainment" to which I quite annoyingly pointed out was another word for "culture", something that he is actively aiding a cartel to control. His opinion was that this technology is useful to avoid overbearing laws. Laws that make the DMCA look tame.

Re:Highly confusing.

[QuantumG]

The point is, this is a new encryption system which is more effective than CSS. If you can decrypt the DVD then you can reburn with no encryption, no problem, but the system is supposed to make it hard for you to decrypt the DVD.

Re:Highly confusing.

[QuantumG]

What part of my sentence are you not understanding: CPRM replaces all existing DVD technology. Everything you know is wrong. CPRM will encrypt the content that is on DVD disks now with a better encryption method than CSS (well, apparently). Hope that's clear.

Re:Missing the Point

[QuantumG]

I've already debated the question of whether copyright is good or the media companies have rights to do this crap until the cows come home. Let's stop arguing and do what we can to fuck over these evil plans. If we go the way of law the only people we have to protect us is lawyers and politicians.. at least if we go the industry way we can fight the fight outselves. Let them copy protect everything, there will be ways to get around it and hopefully it will piss people off enough that they will starting thinking about whether these media cartels are a good thing for them or not. But inact laws and we will be spending all our time talking to lawyers and worrying about being thrown in jail.

Re:Missing the Point

[QuantumG]

I love the way you talk about fair use. The cryptographic system in CPRM is precisely a response to fair use. You have the right to space shift and time shift your stuff, so go ahead, CPRM wont stop you. What you dont have the right to do is make verbatium copies.. that is what the challenge is going to be. That is what's gunna be interesting to watch. For once we might see the a real war over copyright. Not some war where pirates do their little thing and the lawyers do their little thing. Instead we'll have crypto on both sides, fighting with the same tools. If you're a normal user you wont have any problems. If you do have problems, well hey, it's your money, dont buy their shit.

Re:Missing the Point

[QuantumG]

You know why you are allowed to make copies of dat tape? Because you pay a tax to the RIAA every time you buy a DAT tape. You will have no problem time shifting programs with CPRM devices. The question is, do you want some bullshit legal requirement that everyone who writes a program to copy files has to make sure they are not media files or do you want something that is a little more workable? You cant say "I dont want anything, I want no protection" because the guys with the money have people in congress who do want it.

Re:Interesting Lecture.

[technos]

This sounds very suspiciously like a bastardization of a mechanism IBM has used for years on midrange to control access; Well, save the CPRM functions were done in hardware alone there..

PLEASE READ, MICHAEL

[jbridge21]

you can use ASF Recorder to download the file, and avifile/aviplay to view it, ALL ON LINUX.

a link to asf recorder is in my .sig.
-----

The real problem....

[bencc99]

..with CPRM is that they've been pushing for it to be integrated into the ATA specification, which contrary to what they claim *IS* very relevant to hard drives. They claim it's specifically for removable devices, but almost all removable hardware uses the ATAPI commandset -of which CPRM won't be a part, so it will be largely ineffective from that point of view.
AFAIK, the only mainstream removable device that uses ATA is onstream's series of ADR tape drives.

Why didn't more slashdotters attend...?

[brassman]

I didn't, for one, because I'm in New York. (Duh.) As Steven Wright once said, "It's a small world, but I'd hate to have to paint it."

That's one of the nice things about the 'net -- we *don't* all have to be there. (And John doesn't have to lug as many t-shirts.)

Thanks for the article.

The backup protection system

[Animats]

There's a second line of defense. There's a watermark in this system, too. The idea is that unmodified devices won't play a watermarked file unless they also see the decryption/authorization process taking place. Thus, even if someone cracks the protection, they can't create a file that will play on unmodified CPRM devices.

That's what really makes it work. The concept is that a consumer's unmodified system won't play cracked content, and few consumers will bother with having a special nonstandard system (Linux?) to play such content.

There's been some success in removing watermarks from audio, because it's hard to put a good watermark in audio without damaging the sound. But there's so much information in video in which to hide watermarks that watermarked video will probably resist attack.

Re:So you can't save it.. [OT]

[Frank+T.+Lofaro+Jr.]

Oh well in the future we can just release utilities like that anonymously, until the software enforcement bureau comes and raids our homes because we were suspected of sending a controversial file over the internet.

Sounds like a perfect use for Freenet.

saving it...

[EschewObfuscation]

not knowing anything about the m$ format, i tried the standard 'telnet to port 80 and do a GET', which doesn't work, but does feed you a different url prepended by 'ASF'. opening up that one with the same method gives you a 500 response (server error).

so i opened a connection from a windows media player to a url on my linux box, and captured the GET query with ngrep (Accept:*/*, User-Agent:NSPlayer/4.1.0.3856, + host and pragma info relating to framerates, and an xClientGUID).

pasting that line into a quick and dirty perl script does get you binary output, but it's too short to be the actual stream (~1k) so i'm assuming that it's another redirect-like command.

not really interested enough to actually try to get this part of it down at this point, at least not while there's downloadable utilities that'll do it for me. just thought this was interesting and not really off-topic because this story *is* about copy protection, after all, and this 'streaming-only' enforced through client software obviously isn't anything more than mildly annoying.

if this is the wave of the future, it's not going to do a whole lot in terms of stopping anyone curious, let alone malicious...

(email addr is at acm, not mca)
We are Number One. All others are Number Two, or lower.

Re:Interesting Lecture.

[subsolar2]

I just finnished watching it ... most interesting thing mentioned is that the scheme only used 56 bit encryption! Since this is a "simple" cypher it should be possible to brute force working keys. The only thing making it hard is the fact that the encryption algorythm is going to be a trade secret.

I suspect that there will be a generic crack of this whole CPRM system in fairly short order since it does not appear to be a real improvement over what was done with DVD.

Ok what are the variables:

• A player specific key.
• Media specific key that is incrementable for R/W media like HD & Flash, fixed ID for DVD, DVDA, DVD-R and CDR.
• A matrix or tree (added in the past couple months) "media key block" containing a list of valid keys.

Here's how it sounds like it works for playback:

1. The player retreives the media key uses it's key and some magic hash to determine were to start looking in the matrix/tree for it's key.
2. The player then uses that key to try to decrypt the track key, if it fails try next key in matrix/tree till you succeed.
3. The track key & media ID key is used to decrypt the content for playback via the magic "C2" encryption.

Result: You copy the data to different CPRM media, the media ID is different and so won't play back. You copy the data to non-CPRM media, still no good cause it's encrypted.

For recording it works a bit different:

1. The player retreives the media key uses it's key and some magic hash to determine were to start looking in the matrix/tree for it's key.
2. The player then uses that key to try to and generates a track key.
3. The media ID and track key is used to encrypt the content.

Result: same as the prior example.

Copying is doing the above two togeter, it just requires that the software honor the copy permission data, and to get licenced to use CPRM you must play by the rules or dire consequences will ensue.

The bright side I see is the tree scheme seems to depend on approx 500 root keys, and if you can figure out the algorthm for calculating the rest in the tree you have every key in that tree.

Result:

1. They have to pull keys for whole groups of manufacturers, pissing off consumers and manufactuers.
2. Game over, they give up, and go into a corner and suck their thumb.
3. They ingore it publicly, sue you and everyone you know into the stone age, and say it was not a significant hack.
4. Buy a law to make reverse engineering, debuggers, logic analyizers, and thinking illegal unless you are specifically licenced to do so and work for one of five companies.

Hmmm probably the last two I think!

Do I have it right or am I missing something?

- subsolar

Re:So you can't save it.. [OT]

[digitaltraveller]

Recently I discovered asf recorder. Very useful for getting around short-comings of certain streaming video applications. Search for it Actually on the wake of Slashdot's interview with Doug Miller we should interview the author of Virtual Dub and ask him what he thinks about Microsoft's quest for interoperability. Virtual Dub was a free program for among other things conversting asf files into other formats. M$ legal department utilized standard Corporate America bully tactics to get him to remove that functionality from his program which he achieved by good old fashioned reverse engineering.
Oh well in the future we can just release utilities like that anonymously, until the software enforcement bureau comes and raids our homes because we were suspected of sending a controversial file over the internet.

Re:MS is actually the freedom choice

[-Harlequin-]

So tell me, who has the "proprietary and restricted" format?

?!?
Your basic assumption (that most people here are OK with Real but not with WMP) is, AFAIK completely wrong. Real are every bit the bastards M$ are, possibly moreso (for reasons you point out).

Saying WMP is bad is not saying that Real is Ok, it's saying that WMP is bad. If the format was Real, I'm pretty confident the no-save remark would have been made just the same - when you try to save and are denied, that pisses you off a lot more than any MS-but-only-MS-hating agenda would.

No-one has said that the shit Real pulls is acceptable. It isn't. But just because Real pulls it doesn't mean that MS should be exempt from criticism when they do the same.

If the excuse "don't blame us - we're not the only ones doing it" had any validity, the world would noticably be even worse off than already is.

digital-analog-digital

[bcrowell]

For people who really want to trade copyrighted MP3's and videos, I don't see what the problem is. Why not just play it, take the analog output, and redigitize it? You then have a digital version that can be copied ad infinitum. For audio, it seems like such a trivial hardware hack, you could probably do it without even breaking out the soldering gun. Only a little less trivial for video.

Then again, I think it's a pretty sad commentary on the free information movement if all everyone wants to focus on is taking information instead of making some. The reason you've heard of Linus Torvalds isn't because he cracked the copy protection on a proprietary Unix. Sure, it's loathsome to have this kind of copy protection shoved down your throat the next time you buy a computer, but I'd rather see a vibrant, independent culture based on free information than a parasitic one that just whines a lot and sponges off of the big-business media.

The Assayer - free-information book reviews

Closed minds

[yoink!]

Copy protection. Its a word that's around everywhere now, from digital music to DVD movies, and comming soon to a licensed software package near you.

Firstly, as players like Microsoft move towards, the leased software .NET model of distribution, there will be a decreasing need for copy protection as there will be less software to copy.

Additionally I am sick and tired of intellectual property. Sure we all need to get ours but... if half the ancient texts were "copyrighted" and guarded as intellectual property (and I'm talking mostly philosophers here), then we would be missing critical portions of our fundamental knowledge base, like the Pythagoran theorums, and many of our claims about the universe, which began with Plato and his fellow thinkers.

This illustrates yet another reason why the open source software community is such an amazing addition to the all the sub-groups of software developers out there. It's not that they are against intellectual property, far from it, but they are willing to share. A amazing example ot a simple childhood concept comming back to change the world. "Now Johnny, share your Quake 3 game with little Debbie, she wants to kill and main too!"

And for an additional quick stab at Microsoft, because that's the order of the day here at Slashdot anyway, I haven't upgraded MS-Word to the 2K edition because there's just no need. It already does word processing, web pages, document summaries, cooks breakfast and dusts around the house, do I really need the next version to make my bed and wipes my ass?


yoink

Re:Interesting Lecture.

[JWhitlock]

If you want to go after large-scale pirates, you use law enforcement, warrants, or, in some cases, diplomacy and trade threats. This is something law enforcement can do - work with a focus on a single target, and allocate resources comparable to the task at hand.

Mass consumer piracy is harder. If everyone is doing it, then you have a problem enforcing the law. There are few squealers, and it fails a cost / benefit test. The best way to prevent it is to make it technologically difficult to pirate media, and ocassionaly beat the bush to get the pirates, spending all the enforcement time, money and energy at once. It is possible to pirate cable TV, but you need the equipment, and every three years or so they run around looking for cable lines that shouldn't be there.

So, yeah, this is aimed at Average Jones, not the mass-market pirates. The alternative may be no digital content. Back to the VHS (macrovision) and audio cassettes!

BTW, the guy was arguing that perfect copying was possible, and that this was a benefit. The difference is the decryption, which is difficult and propriatary, and the licsense, which means the reader and the media itself have to shake hands and decide the user is permitted to play the data. What happens when companies close, or media goes out of style? For a preview of what's to come, ask someone who bought a DIVX player what they did with all their movies.

Interesting Lecture.

[JWhitlock]

I'm watching the lecture now, and I'm impressed by the quality of the video. Some text is illegible, but I'm sure the PowerPoint presentation would be availible elsewhere. There are multiple cameras, cuts to the audience, etc. Stanford has a pretty professional system.

The speaker is fairly vague about the whole thing, or perhaps I'm not familiar with the tech. The idea seems to be that each device gets 16 (out of 2^64?) keys, that will allow the device to decode a file in their propriatary and patented C2 algorithm. Devices may, by chance, share one or more keys, but not all 16. In addition, keys appear to be serially numbered, so that decryption uses Key 7892's data, as well as the fact that it is key #7892.

If key X is compromised, and the powers-that-be discover it on Day 0, then on Day 1 all new media would return garbage when key X was used. The distributer of the key wouldn't be affected - he has 15 keys left. Other users shouldn't be affected - most still have 16, some have 15 left. Users of the illegal key would be unable to see new media, but Day -1 media and earlier would still be accessible.

In any case, new media has a serial number, and some standard fields (some in write-only space) that encode the permissions on the media - if copies are permitted, if instead copies are "check out", deleting the original. Complying devices, the only ones with keys, obey these fields because they agreed to when they liscensed the technology. The speaker claims that there is no restriction on copying data, but you either have to know the decryption algortihm (very hard) or have a keyed device to decode the file.

Under the scheme, you could have a peice of media with serial #4, with encrypted data and instructions that the data can only be played if it resides on media with serial #4. Since you need industrial equipment to write a serial number, you can make a perfect copy of the Matrix DVD (onto media with a different factory-endoded serial number), and a compliant player would refuse to play it. If my Matrix DVD was re-writable, I could image the DVD to my hard disk, for back-up purposes, tape South Park on the DVD, then when I wanted to watch the Matrix again, copy it back to the original DVD, and only then it would play. If the original was physically destroyed, I'm out of luck. Backups, in the traditional sense, would not be allowed. He aluded that all complying media would have some writable areas, to allow the accounting needed to make backups, etc.

So it's a combo of technology, licsensing, and patents. Great.

The submitter's webpage argues that software players would break the system. It might be hard to retreive a key from hardware, but not as hard from software. He argues that Window's Media Player would have 16 keys for all copies, all these could be found, and soon WMP would no longer work. Microsoft would have to issue a new WMP, and the cycle would continue.

I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.

However, I doubt that this tech will be used on hard drives. They would have to standardize the encryption, which they don't want to do. More likely is that CD-ROM and DVD-ROM drives will be unable to play CPRM CDs at all. We'll complain, the content providers will say tough shit, buy a new CD player. Since all previous technology would become obselete, I doubt this will catch on like wildfire.

Re:So you can't save it.. [OT]

[evanbd]

Speaking of which, I think I have access to an older copy (which does do ASF). I don't have it, but I'm pretty sure a friend does. Email me if you can't find it online, but it'll be a few days before I reply, so go look for it online first. Also, it's GPL, so the old source should be out there if someone wants to integrate into new source and release anonymously on freenet. That'd be cool. I don't program well enough though. BTW, it's a very good tool for what it does (Linear video editing; Premiere and the like are non-linear; VDub is NOT useful for NLE tasks).

Re:You are showing your age.

[Technician]

Most users here have never seen anything that uses serial data at mechanical speeds. I have forgotten, is that one of the original machines using 5 bits and 1 1/2 stop bits, or is it one of the newer 7/8 bit machines? Last time I saw a functioning Teletype was about 15 years ago. I do remember they did not impliment any copy protection. ;-) Just oad the punched tape and you could get a printout, with a carbon copy and punch a new tape on the punch that was a bit for bit duplicate of the original. Maybe we will have to go back to these and demand our sereaming data at 65 bps.

Re:So you can't save it..

[praedor]

Of course you can save it. It is buffered to your harddrive, in a temp directory under some bizarro name. All you have to do is NOT close your player after viewing it and do a search of your temp files looking for a big file in the many megabytes range. Chances are that is the video. Copy it to another name somewhere and you have it.