MS DRM Version 2 - Cracked

As the title says: Microsoft Digital Rights Management Version 2 has been cracked. The Register has the story, including a link to a downloadable zip file which contains source code, explanation and a small DOS utility. Grab it while you can. You can also read the explanation directly here, and you can also find it with Google.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Well, of course

[TechnoVooDooDaddy]

in the immortal words of someone who's name escapes me:

"Information wants to be free."

There's a lot of bored but bright minds out there, and putting mountains up in their way just BEGS them to be climbed. As the old adage goes, Why do people climb mountains? well, there's actually 2 reasons, 1) because they're there.. 2) they're in the way of where you're trying to go..

*yawn* nice try MS, better luck next time eh?

What I don't get is why not use some proven technologies to get this done right? secure key-based encryption, rotating key servers, etc?

Re:Well, of course

[HL]

Well, I would think that people that climb mountains probably appreciate MS putting it there; I think the mountain itself is the goal.

Re:Well, of course

[TechnoVooDooDaddy]

the spirit's still correct, eh mate?

Re: Well, of course

[Desco]

M$ DRM already cracked... What's really funny is there's not much media available that takes full advantage of this medium for it to make a lick of a difference.

Thus continueth the cycle:
1. A few people pirate software/music.
2. Corperations get pissed at piracy.
3. Corperation spends millions on development of an anti-piracy scheme.
4. Corperation has to raise prices to compensate.
5. Scheme gets cracked within DAYS of release.
6. More people pirate because prices are higher.
7. Goto 1.

Re:Well, of course

In this case, there *are* no "proven technologies", nor is it possible for there to be any.

It's one thing if you want to send a message from a source to a destination in such a way that only the destination has the key, and the message is protected from third parties. There's lots of good, solid math explaining various types of ways to do that. But that's not what DRM is. DRM (or ANY name you wish to give the plague known as 'copy protection') is you want to send a message from a source to a destination in such a way that you give a key to anyone who asks, and you don't care about whether the message is protected at all *but* you want to make absolutely damn sure no one can manufacture keys but you.. well, that's just silly, since the point is to keep the way that the key works secret *from someone who has a copy of **and uses** the key*. That just doesn't work; the key can always, in some way, be disassembled. Yes, the DRM such far (CSS and such) were cracked because the people who designed them made mistakes and left their systems vulnerable to various attacks. But how would 'proven technology' possibly help with that? Even if there weren't the kind of bugs that led to DeCSS being possible, in the end your untrusted party still has a copy of both the key and the message and can watch the two working together in as close detail as they wish..

Anyway, how on earth are you supposed to get a 'proven technology' based on security through obscurity? In my book the definition of a 'proven' encryption technology is that many people know how it works and have examined its algorithm, and none have found a crack. But in the case of something like CSS or microsoft DRM, if you tell someone what your encryption scheme is, you've already lost.. so how can you possibly have any kind of publicly scrutinized 'proven technology' used?

Re: Well, of course

[elmegil]

pls mod this up. That algorithm is right on the money.

Re:Well, of course

[whereiswaldo]

>What I don't get is why not use some proven
>technologies to get this done right? secure
>key-based encryption, rotating key servers, etc?

Probably because:

1) I bet they're open standards
2) Microsoft didn't create those algorithms, so it couldn't create any legal mumbo-jumbo to stranglehold the market on its file format if it did.

Re: Well, of course

[GC]

no actually it should be "goto 2".

But otherwise the algorithm is correct.

Re: Well, of course

[well_jung]

Where in the cycle do we learn to spell Corporation? :P

Re:Well, of course

[shoez]

It would seem that capitalism is a constant struggle between consumer and provider, in that the provider is bound to charge as much money as they can get away with, maximize their profit(simply put: price*volume-expenses), and repay their stockholders and then some. The consumer is trying to pay as little as possible, so that they can buy as many things as possible.

Both causes are justified, so it's not a matter of one side being wrong, it's just an imbalance. The way our society works, the balance will move back and forth, through normal price increases and decreases(accounting for inflation of course). However, from time to time, the balance gets so messed up that the consumer or the provider(or both) think they are in a position where they are forced to take extreme measures, such as copy protection on CDs, or download music from others in order to counteract the buildup of financial tension.

However, with the way these things work, the customer only has less faith in the provider, and buys their information even less, and vice versa(provider limits features and services). The correct approach it would seem then is an amelioration of sorts, be it a public apology, price break, or increase in faith in the customer/provider.

Of course the way these things work, it's impossible for the customer to carry this out, as they are unorganized, and extremely static in opinion, so it is neccesary for the company to take this step. Unfortunately, it's always hard for people to admit that they're wrong, to back down, etc. Hopefully execs will realize this, but it doesn't happen often.

Such is the nature of capitalism and the human mind. A constant struggle that only occasionally reaches equilibrium, and even then doesn't stay there long. However, it is truly the best (general)system we can think of.

When will they learn?!?

[SealBeater]

Its not like ANY protection scheme that I can think off hasn't been broken. So far, it looks like nothing will ever not be broken.

Corps: 0, Hackers:...shit, I lost count.

SealBeater

Re:When will they learn?!?

[cholokoy]

Just like the Titanic. There will always be some small item that the designers forgot which turns out to be very important.

Re:When will they learn?!?

[Slak]

As Thomas Jefferson said, "The price of Copy Protection Schemes is eternal vigilence and endless lawsuits."

Regards,
Slak

Re:When will they learn?!?

[ConceptJunkie]

This is a reply to the Titanic comment which is a sibling to this comment's parent, but /. is having a formkeys problem today, and I thought my post was worth putting in.

Wasn't it later determined that the Titanic sank because they forgot to adequately shield a heat exhaust vent, which led to a chain reaction that sunk the boat?

The way I see it, as long as you have some Jeff Goldblum-type with an Apple laptop, no computer system is safe.

The problem with this is that the RIAA types want to use encryption to enforce a scheme that users generally think of as unfair, especially since it gives them fewer rights than they have enjoyed in the past. The sooner they stop shoring up the crumbling edifice of trying to extend monopoly on physical distribution to a monopoly on digital distribution, the sooner they can find a way to do business which won't piss off the majority of their customers. I don't have any problems buying and paying for music in order to listen to it, but I expect certain rights with what I purchase, and I also expect that increases in technology should result in lower prices. Music CD's are not significantly cheaper than when I first saw them for sale in the mid-80's. This is total gravy for the music industry and I'm getting really tired of paying it, especially since I buy a lot of music.

You can get blank CD's 2-3 for a dollar, tell me again why a music CD costs $17? If $14 of that went to the artists, I wouldn't even mind that, but from what I understand only about a buck or two goes to the geniuses that actually create the product, the rest is skimmed off by middlemen whose jobs mostly involves perpetuating their jobs.

Re:When will they learn?!?

[MentalPunisher2001]

You have made my day.
Thank you.

Re:When will they learn?!?

[maX_]

The Titanic sunk because the 'water tight' compartments did not have steel caps. once the water in that compartment reached the top, it was free to fill the next water tight compartment.

Re:When will they learn?!?

[bungalow]

You can get blank CD's 2-3 for a dollar, tell me again why a music CD costs $17? If $14 of that went to the artists,

Uh, no. My brother works for one of the smaller recording studios (you likely wouldn't know their name if I mentioned it) and they get CD for around 9 cents each.

Re:When will they learn?!?

[ryanr]

Wasn't it later determined that the Titanic sank because they forgot to adequately shield a heat exhaust vent, which led to a chain reaction that sunk the boat?

No, that was the Death Star.

to no end

[Rinikusu]

You know, the antics of the music industry (and the kind of thing that MS is kowtowing to with their DRM scheme) really pisses me off, but also convinces me that there will eventually come something to replace them both.

But, know what? It's their property. If they want to fuck up their distribution channels, fuck em. I can do without "so-called" modern music anyway. I go see live bands locally, get lit, and have a great time and I didn't need to buy a fucking copy-protected by the DMCA CD or cassette or anything. These guys are out there trying to make a living, maybe you should check em out. And if you catch them after the show, you might can convince them that they should distribute their songs on CD's for cheap and ask them (ask them) about how they feel about MP3's and music-sharing in general. Of course, they might not agree with you (or myself), but they have that *right* to do so.

So, I encourage, nay I *challenge* each and every one of you who would boycott MS or the RIAA to pick up a local newspaper and see what's going on in y our town this weekend. Chances are, there's a band or two actually worth checking out, and hey, it's not like you're going to meet chicks sitting behind your monitor.

Oh, and on-topic: Rock on Beale! I'm encouraged to see that grassroots hactivism coming alive! :) (hacker used in "coder" definition) Keep up the good work and keep fighting the good fight.

Re:to no end

But, know what? It's their property.

No it's not. That's the whole point - US copyright does not create property rights. The actions of the copyright holders in shifting the terminology of the debate to the language of property rights means they've already almost won. After all, who agrees with stealing? But if they don't own it (and they don't - you paid for it), it ain't stealing...

Re:to no end

[sydb]

So, I encourage, nay I *challenge* each and every one of you who would boycott MS or the RIAA to pick up a local newspaper and see what's going on in y our town this weekend. Chances are, there's a band or two actually worth checking out, and hey, it's not like you're going to meet chicks sitting behind your monitor.

Chicks, take this as a warning: stay home this weekend.

Re:to no end

[Spazmania]

> But, know what? It's their property.

Well, no, its not. "Intellectual property" is not property in any traditional sense of the notion. That's why you have fair use and expiration and all that: because the author doesn't exactly own it. Its more accurate to say that the author has a right to profit from it.

Imagine someone being able to make "fair use" of your car or your cash. No, intellectual property is not normal property at all.

Re:to no end

[ichimunki]

hey, it's not like you're going to meet chicks sitting behind your monitor.

Hmmm. That's funny. I've met a few women over the net, while nothing's stuck so far, they weren't utter instant failures either, and they've all been better than the women I've met at live music venues. In fact, come to think of it, I don't know that (in spite of seeing literally hundreds of live shows) that I've ever actually met and developed a relationship with a woman from a bar.

On the other hand, I fully support the idea that it is time to seriously boycott all RIAA-affiliated music companies, the MPAA, and television (on general principle). The world is bigger than that and plenty of classical music, world music, and alternative music is available that does not need to be bypassed during a boycott. Not so easy with film, but there is always used VHS. And the library-- mine has movies in addition to books (which make great movie substitutes).

Re:to no end

[unitron]

How surprising that you were unable to develop a meaningful relationship with a young lady WHILE SCREAMING BACK AND FORTH IN ORDER TO BE HEARD OVER THE MUSIC.

Re:to no end

[KelsoLundeen]

And remember, too, copyright has always been framed as a "temporary" notion. True, the temporality of a single copyright has been extended, but as it was framed by the founders, copyright was never meant to be a sweeping, draconian notion of something *absolute*.

Copyright was meant to *promote* not meant to *inhibit*. It was not meant as an essentially permanent hedge for questionable constitutional and monopolistic manipulations.

Believe me, I don't expect the record company execs to understand this, let alone act within the spirit of the notion as it was originally proposed and written. But I do expect our own legislators to rap the collective heads of these executive fuckers and wake them up to the essential *spirit* of the law. A spirit, I would add, that transcends any temporary monetary gains for fat cat record exectives like Hilary Rosen or the ultra-ultra fat-cat film geriatric named Jack "America was great under Jack Kennedy" Valenti.

Copyright is not about money. It's about the promotion of art. Remember this. This should be the mantra. Someone should paint this slogan on Hilary's office door.

Copyright was never about money.

Copyright was never about money.

It's all about *promotion*. And the founders took this "promotion" to be integral to a diverse society.

In fact, I'm quite sure Jefferson would be disgusted by the actions of the music and film industries. Disgusted, too, by their abohorrent actions in light of the recent terrorist attacks -- attempting (if you recall) to attach their legislative riders to the bottoms of the recently passed terrorist legislation. It's disgusting and demeaning and proves that these fucking record executives will stop at nothing -- literally -- to keep their golf club memberships, Lexus', and summer homes in the Hamptons.

Re:to no end

[PW2]

... it's not like you're going to meet chicks sitting behind your monitor.

nope, just cables behind my monitor;

Re:to no end

[grammar+fascist]

US copyright does not create property rights.

I used to agree with this, but now I'll have to differ on this point. Here come the flames...

How do you define property? Quite simply, it's the right, given to you by law and society, not nature, to control something. It's my house because I can decide who can enter in and who cannot. It's my car because I can decide that, if you drive it, you're commiting a crime. I control those things.

The control is completely artificial. It's been decided in our culture that people should have a right to control these things they call "possessions." There have been plenty of cultures in which the right to control was out of the hands of the people.

Now, I will admit that it is much easier to understand possession as it relates to physical things than as it relates to ideas or art. However, our current system has defined the control of the latter as property, and we accept it.

Removing control of my house from me is stealing. Likewise, removing control of my artistic works is also stealing.

Re:to no end

[Danse]

While I tend to agree with you, I don't happen to know of an easy, understandable way to argue against RIAA (or anyone else) rhetoric about property rights. If copyright does not create a property right, it does seem to create something that is roughly analogous to property, which is control over something tangible.

What is needed is a concise way to re-direct the argument back into realistic terms in a way that can't be disputed by the copyright industry.

Re:to no end

[Rinikusu]

Well, the basic premise is basically, to "get out of the house." I go to quite a few live shows these days as compared to many months ago when I would just come home and surf the net or pass out from boredom/exhaustion.

Now, I go to shows, drink a bit, talk to people between bands, etc, and get invited to lots of parties (some good, others, not so good), but invariably end up meeting some different people and even go out on a few dates. We're not talking about barflys.. :) I've met quite a few really cool people in RL these days and it's quite comforting to actually talk to someone face to face rather than stuffed behind a keyboard. Your mileage may vary.

On the other hand, you probably already paid for your internet connection and going out requires some cash...

On the Indie movie front, some friends and I were discussing this the other day. Canon GL1: $1600, firewire card: $100. Various software, depends on the source. But, basically, the idea is for less than $5k, you can buy a computer, camera, and video editing software and make your own movies. And with the DVDR drivers dropping in price (I saw one at best buy for like $550, I think), it's getting to where anyone can do just about *anything* these days. I can make my own music (from various synth packages, etc), record my own music and mix it down, I can make my own animated movies, I can make my own radio show (shoutcast and the like), and now I can truly start making my own movies. The world is just getting great and I see tons of potential for grassroots indy-DV movie making (until making movies becomes a crime.. Actually, it is in many cities due to their "film ordinances" *cough*extortion*cough*).

Yes, here's a hearty "FUCK YOU!" to the RIAA and the MPAA.

Re:to no end

[RandomPeon]

You're right, but the point is that there are limits on rights with regard to property. You own the land your housse is on, but that doesn't permit you to dump tons of toxic chemicals on your lawn because they seep down and screw everybody. The extent to which you own the sky above your house is limited by your national laws and ceases completely at ~60 miles above sea level. Even what you can use your house for is limited by zoning restrictions.

It sounds like I'm making a case for the ever-expanding IP rights, but I'm not. The extent of intellectual property used to be limited by law (both statue and precedent). The publisher of a book did not have the right to limit resale or many reproductions - "fair use". When I sell my house, I can't add a clause stating the purchaser is entitled to dump toxic chemicals, because laws limiting my control over the product supersede the contract. For the record, I can't insert a clause forbidding resale of the house. Similar restrictions apply to IP.

Re:to no end

[grammar+fascist]

You're perfectly right. I actually mentioned something about that in another post, but Slashdot had that weird error while I was trying to post it.

I have many restrictions on what I can do with my house and my car, and all of them have to do with my actions' effects on other people's money, happiness, and well-being. I have to let the meter reader guy onto my lawn. As you said, I can't dump toxic waste in my back yard. I probably couldn't take the parents of the kids in my neighborhood to court because they let their kids ride around in my driveway on their bikes - if I didn't have a fence around it. (I don't.)

I think copyright lasts way too long. I think there ought to be fair use rights built into every IP law. These kinds of things would help keep the balance of power properly.

What I think doesn't help at all are ignorant people screaming about how it's all unfair - even though it is unfair - and misunderstanding how law, property, and IP work. There are plenty of decent arguments to be made instead.

No more secrets

[smnolde]

The more Microsoft makes it's own crypto, the higher the chances the crypto will be cracked.

Re:No more secrets

[Jetifi]

The more Microsoft makes it's own crypto, the higher the chances the crypto will be cracked.

Microsoft didn't use their own crypto. Read Technical - they used DES, RC4, SHA-1, and ECC, all tried and tested algorithms, although we don't know about their implimentations.

The only 'innovations' they had were a bad MAC algorithm and a broken BASE64 implimentation.

That said, it doesn't matter what crypto they use. It's being implimented on so-called "trusted" software, on an untrusted OS using untrusted hardware in an untrusted environment, with key material in the same location as the ciphertext. A recipe for disaster.

OTOH, s/crypto/cryptosystems, and you're makin' sense. The closed culture (i.e. "you customer, me sales") isn't suited to cryptosystem or cipher design.

Even Microsoft doesn't trust Microsoft for protocol design - which is why they used Kerberos.

Good news

[aurorascope]

This is good news. Why? XP is just about to be shipped into retail stores. MSFT can't really do much about it now unless they release some Windows update - which is unlikely to catch 56k'ers attention much.

Re:Good news

[BorgDrone]

MSFT can't really do much about it now unless they release some Windows update - which is unlikely to catch 56k'ers attention much.

I don't thinks many 56k'ers download digital music ...

Re:Good news

[Dashslot]

Not really. From the readme:

WARNING!!!!! I have just learned that the new Microsoft Media
Player EULA includes a clause that says they can *automatically*
modify the software on your system, without any confirmation from
you required! In other words, they can disable your software, or
force an upgrade so that FreeMe won't work, just because they feel
like it. Be careful out there!

It will work for a while but for how long?

Re:Good news

[Kanon]

You don't? What planet have you been living on?

Re:Good news

[aurorascope]

I wonder what good the windows XP firewall would do in this scenario.

Re:Good news

[glindsey]

It probably won't catch many 56k'ers attention at all, since WinXP will by default download and install patches in the background, without your explicit approval. Pair this with their EULA and you could wake up one day to find that your MP3s have all suddenly been deleted.

That was hyperbole; I honestly don't think that will happen. But it is possible. If you run WinXP, tell it to inform you of updates, rather than auto-applying them, so you know what your computer is doing when you're not looking!

Re:Good news

[BorgDrone]

Where I live, people pay per minute for using the telephone line. downloading mp3's over an 56k connection is expensive

Got my free copy!

[imrdkl]

Now I just need to take my stupid pill and upgrade to the M$ version which uses this format.

This is News ?

[Coolmoe]

I figured that this whould happen much sooner than it did. I am glad to see another stupid digital rights management scheme defeated. I wish these media companys whould understand the idea behind fair use and quit blanketing all users as criminals right off the bat. This happening to a MS format just makes the point 2 fold.

Re:Nice

[Chainsaw]

There are other countries other than the States, if you haven't noticed yet. Several of them, like Sweden, doesn't even make software algorithms patentable. So, if this was made outside the US, it might be perfectly legal.

Re:Is it any surprise?

[BiggestPOS]

You don't think the Open-Source community, if they really put their minds to it, could come up with something unhackable? A lot of utilities and programs that are useful and oft pirated in the Warez community are getting harder and harder to crack all the time.... And I'm not talking about Nero or Winrar, but rather the home-grown stuff that some guy is trying to pay his mortgage with, some of them never get cracked correctly...

Here's the article just in case you can't reach it

MS digital rights management scheme cracked
By Thomas C Greene in Washington
Posted: 19/10/2001 at 09:19 GMT

An anonymous coder named 'Beale Screamer' claims to have broken the Version-2 Microsoft digital rights management (DRM) scheme, and has produced the source code and a DOS utility to un-protect .WMA audio files.

The author's zipped file contains a lengthy description of the MS DRM weaknesses, a philosophical tract explaining why he thinks it necessary to crack, the source code, and the command-line utility.

The alias Beale Screamer, incidentally, derives from the lines of 'Howard Beale' in the movie 'Network', we're told. "Just yell to the publishers 'I'm mad as hell, and I'm not going to take this anymore!'"

The motive here is said to be an assertion of fair use and a check against the abuse of copyright for purposes of consumer extortion.

A DRM scheme "used to give the consumer more possibilities than existed before," Screamer tells us. "I think the idea of limited time, full-length previews, or time-limited Internet-based rentals is excellent. If DRM was only used for this, in order to give us more options than we previously had, I would not have taken the effort to break the scheme. What is bad is the use of DRM to restrict the traditional form of music sale. When I buy a piece of music (not rent it, and not preview it), I expect (and demand!) my traditional fair use rights to the material. I should be able to take that content, copy it onto all my computers at home, my laptop, my portable MP3 player....basically anything I use to listen to the music that I have purchased."

Well said; a tremendous amount of thought and effort has obviously gone into all this, and we have to wonder who this crusader is. A university connection seems all but certain. We've got a few feelers out, and hope very much that he'll submit to an interview soon.

Slashdotted already

[Saint+Aardvark]

Can't get through to The Register. Can someone post a summary, or sacrifice their own server by setting up a mirror? :-)

Re:Slashdotted already

[Dr_Cheeks]

What the hell, here's the zip, though since I've only paid for the cheapest hosting option don't be too surprised if it gets /.ed fairly quickly too. I can't be bothered mirroring the story, but pretty much all it says is that it's been released and the Reg like it.

Get the zip at http://www.club-foot.co.uk/booty/657.zip (90-ish Kb download).

Be careful out there!

[CProgrammer98]

This from the "readme" that comes with the zip:

Not only can MS revoke the certs used, it looks like they can also screw your system if you use tricks like this....

WARNING!!!!! I have just learned that the new Microsoft Media Player EULA includes a clause that says they can *automatically* modify the software on your system, without any confirmation from you required! In other words, they can disable your software, or force an upgrade so that FreeMe won't work, just because they feel like it. Be careful out there!

Re:Be careful out there!

[fermi's+ghost]

Zone Alarm just told me that Windows Media Player is tring to ping my default gateway.

Now WHY would it want to do that? Is it part of a security scheme?

If it tell ZoneAlarm to not allow Internet access to WMP, am I in violation of DMCA? Is ZoneAlarm a circumvention tool?

Re:Be careful out there!

[RottenDeadite]

I'm sure Microsoft could come up with a way to define it as such.

The thing is, are they willing to dump money into litigation and law suits to the point that Zone Alarm changes policy or goes out of business due to legal fees?

Is there a Scientology Microsoft connection? Their tactics seem awful similar sometimes.

Re:Be careful out there!

[rokicki]

Do we know that Microsoft isn't just using IE and HTTP to update your system? Most people tell ZoneAlarm and other firewalls to let port 80 requests from IE5 through . . .

This is yet another way MS can use their monopoly to control your system.

-tom

Re:Be careful out there!

[Twanfox]

On some systems (Zone alarm installed locally), the firewall can be informed that programs matching this MD5 signature are permitted to access the internet (no matter what port they want), whereas everything else cannot.

This meaning.. if WMP is not defined by the user as being permitted to access the internet, no matter how much it tries, no matter what port it's on, it will not be able to access it. Using the IE ActiveX control does not change the WMP signature to IE. WMP would still be attempting the call.

That is, of course, only on firewall systems that can prevent program-based internet traffic, not just port based.

Re:Be careful out there!

[CProgrammer98]

Knowing how much of a control freak Uncle Bill is, I wouldn't be at all surprised if there wasn't some code in IE5/6/ that can nuke WMP etc. If that's the case, then it would be quite difficult for a FW to stop it. It could be even be some sort of trigger phrase buried inside a tag, so you would never see it (unless you did an automatic validity check on every html page you receive)
</paranoia>

Dear Microsoft Customer, please spread those legs and bend over...

Re:Be careful out there!

[JCCyC]

Is there a Scientology Microsoft connection? Their tactics seem awful similar sometimes.

Believe it or not, yes there is! Take a look at this e-mail I got. Fell free to check the sources:

<old Inbox digging>
>> Well, personally I did stay away from Windows 2000 not because of product
>> activation keys, but because I do not and will not support dangerous
>> organizations like Scientology, and cannot entrust a system which
>> includes their Diskeeper disk maintenance software with any sensitive data.
>>
> WHAAAAAT???? Scientology makes software included in Windows?????

Yes, they do, unfortunately.

> Where did you get that information from?

Well, this has been in the technical press in Europe for months in 1999 and 2000 and it was part of a boycott campaign against Windows 2000 for this very reason. These are not rumours, but proven facts.

Major parts of the disk maintenance software in Microsofts Windows 2000 are written by Executive Software, a software company led by and heavily influenced by very "high" Scientologists. They even talk (or talked - I havent visited them recently) about this on their web-site.

Offical German government and church authorities asked Microsoft to remove this code or open it up so that it could be checked for possibly included malware, but Microsoft refused to do this and just said they could not understand the problem and that this would be a form of religious discrimination...

Meanwhile Microsoft has published patch instructions (at least here in Germany) how to remove this component from Windows 2000, but I am afraid I can no longer trust them.

PS. If you speak German, I suggest to check ct magazine at www.heise.de. They have backlogs of all their articles available, and you should be able to find the issue discussed in all details and with names, dates, and cites in there. Otherwise, a search engine like www.google.com might help to point you to similar info in English.
</old Inbox digging>

Re:Be careful out there!

[rokicki]

Can't WMP invoke IE5, so IE5 has got its own process etc., and communicate with IE5 over any arbitrary medium (such as raw Windows sockets) instructing IE5 to go out and fetch whatever bits WMP needs? Since ZoneAlarm only ties into the IP stack, and WMP is controlling IE5 through a different medium, all ZoneAlarm sees is IE5 starting up and accessing the net. Essentially, WMP is just using IE5 as a big wget.

-tom

Re:Be careful out there!

[inquisitor]

Oh, *please*. Executive Software make the disk defragmenter. That's it - not a major part of Win2K at all. Just because ES is full of Scientologists doesn't mean that the software works for them as well.

Diskeeper was licensed because it is *the* most popular disk defragmenter for NT - Microsoft licensed it in much the same way as they licensed VSGrid for VB5 to replace grid.ocx. If it did anything nasty, it would have beeh everywhere by now. Besides, their version is much modified and stripped-down.

And besides, I use TPF as a firewall - a very high grade package, BTW, even detects its own automatic updater - and I haven't seen Diskeeper trying to call out. Anyway, NTFS means you don't have to defrag for a long time. All scaremongering, it seems.


Note: I hate Hubbard's "religious" multi-billion dollar scam, but am ambivalent on all conspiracy theories.

Re:Be careful out there!

[Twanfox]

Any program can spawn another, but to assume that one program does just because it has 'web features' ignores the "keen" invention of Microsoft of ActiveX controls.

You see, for a program to spawn another, the former program is capable of passing arguments to it (in general) and that's it. No data can be returned unless the two programs establish communications on their own. It's easier, and far more logical, to simply call an ActiveX control (For all you Unix programmers, read this as a library). When using an ActiveX control, the main program has more control over the actions taken of the library, and can send and recieve more information using that control then it could otherwise.

While I don't know ZoneAlarm's capabilities specifically (as in, capable of program-based firewalling), I thought it was capable of it from what I'd heard a long while ago. Either way, I can bet, in the event that WMP uses IE to retrieve it's files, it still uses it as an ActiveX control, not as the full program.

Shocking!

[Smuffe]

A Microsoft security hole?
Anonymous M$ exec1: We're hacked? Again?
M$ techie: No, we're not hacked. The MDRM v2 is hacked. We... (is interrupted)
Anonymous M$ exec2: We're hacked! Didn't the hacker read our last bulletin on that? It's wrong to post exploits we don't know about. It's almost against the law! Or rather, it should be!
Anonymous M$ exec1:Good idea. I'll give our lawyers a call! I'm sure its in the DCMA somewhere. Thats why we invented it, remember?

/Smuffe

Re:Shocking!

[WildBeast]

This is MS, when is the last time you saw them sue someone? they very rarely sue.

So don't go putting ideas in their head.

Re:Shocking!

[cybercuzco]

I'm sure its in the DCMA somewhere. Thats why we invented it, remember?

microsoft didnt invent the DMCA, that would have actually required INNOVATION. The music and movie industries invented it, MS is just embracing and extending.

Re:Shocking!

Slashdot retard #1: I need to some karma!
Retard #2: I know! Post a stupid, contrived dialog to illustrate a simple point of view that could be otherwise expressed in two to three words!
Slashdot retard #1: Great idea! But won't people see right through that?
Retard #2: Are you kidding? Those stupid monkeys they have moderating would give a +1 Funny to Satan himself if he made light of Microsoft in dialog form.
Slashdot retard #1: Thank man, you're a genious!
Retard #2: I really wouldn't go that far.

Re:Shocking!

[Zeinfeld]

This is MS, when is the last time you saw them sue someone? they very rarely sue

MS are known for aggressively going after software pirates. However they do not habitually go in for some of the stoopid lawsuits beloved by other CEOs, possibly because they are often the subject of stoopid suits themselves.

In particular I don't think that MS is likely to start behaving like the SDMI consortium. Hack our code! - oh wait we will sue you if you publish the results! - oh wait it is not a good idea to threaten lawsuits against crypto profs! - please can we withdraw? what we can't get the suit dismissed?

Everyone in the DRM industry knows that every scheme is breakable. Long before the recording industry started to get hurt, software piracy cost the software industry megabucks.

If enough people will pay $1000 for a copy of MS Exchange rather than go to the inconvenience of ripping it off for MS to make the profits it does there will be enough people who purchase CDs for $12 rather than rip it off for the record labels to be profitable.

Re:Shocking!

[Smuffe]

Never underestimate the power of stupid people in large groups.

/Smuffe

Wow this guy is great....

[Johnno74]

... He's got a real pair of clangers for doing this and releasing it! I really hope he stays anonymous.

He's done a very thourough job of reverse-engineering too. Read his README file, very interesting... some quotes:

"One very important effect of this scheme is that Microsoft fully controls who gets to write modules that interact with the basic Microsoft media modules. Without a certified public key (and the corresponding private key) it is impossible to write a compatible DLL that interfaces with their code. Since Microsoft controls the issuing of certified public keys, they also have complete control over who is allowed to make compatible and competing products. Microsoft's reputation for being generous to competitors is well-known, so this effectively gives Microsoft a technically guaranteed monopoly power."

And his 'Messages' at the bottom:

"Microsoft: You guys have put together a pretty good piece of software. Really. The only real technical flaw is that licenses can't be examined for their restrictions once they are obtained. My real beef is with the media publishers' use of this software, not the technology itself. However, it's easy to see where software bloat and inefficiency comes from when this code is examined: every main DLL has a separate copy of the elliptic curve and other basic crypto routines, and parameters passed back and forth between modules are encrypted giving unnecessary overhead, not to mention all the checks of the code integrity, checks for a debugger running, code encryption and decryption. Perhaps you felt this was necessary for the "security through obscurity" aspect, but I've got to tell you that this really doesn't make a bit of difference. Make lean and mean code, because the obscurity doesn't work as well as you think it does.

Justice Department: Maybe this should really be addressed to the state officials, since it looks like the current U.S. administration doesn't care too much about monopoly powers being abused. But for whoever is interested, there is a very serious anti-competitive measure in this software. In particular, for various modules of the software to be used, you must supply a certified public key for communication. Guess who controls the certification of public keys? Microsoft. So if someone wants to make a competing product, which integrates well with the Windows OS, you will need to get Microsoft's permission and obtain a certificate from them. I don't know what their policy is on this, so don't know if this power will be abused or not. However, it has the potential for being a weapon Microsoft can use to knock out any competition to their products."

Well said.

Re:Wow this guy is great....

[Azghoul]

Thanks for posting these quotes. I love this guy. But if it's not for places like here (and Ars, for instance. Go Ars!), only the rare person would take the time to read his comments and notice that they actually /mean/ something.

Of course they guy will get portrayed as a nut case anarchist or some greasy kid... I think it's up to peeps like us to keep pushing the buttons.

Man, I love this kind of thing.

The obligatory correction

[invalid_user]

It's Stewart Brand, and it's one of the most abused quote of our time.

http://www.anu.edu.au/people/Roger.Clarke/II/IWt bF .html

Just like deCSS

[teraflop+user]

This is just like the deCSS hack - a good piece of work exposing a flawed implementation of a rights management scheme.

However, at the moment two little differences are apparent:

1. This doesn't allow you to decode .wma files on Linux - the decoder still requires the MS dll to get the keys out for you.

2. The author has remained anonymous! No DMCA prosecutions here, assuming she has covered her tracks properly.

Re:Just like deCSS

[Windjammer]

What if there were a method to obtain a copy of the dll (I know this could be considered piracy...but that might be one method?

Re:Just like deCSS

[Sneakums]

The author has remained anonymous! No DMCA prosecutions here, assuming she has covered her tracks properly.

Why do you assume the author is female? As a member of the oppressed, much-maligned male minority, I find this most offensive.

Re:Just like deCSS

[Hard_Code]

Oh, it just like a *male* to whine and cry....

Re:Just like deCSS

[meta_gorn]

The author has remained anonymous! No DMCA prosecutions here, assuming she has covered her tracks properly.

The author is wisely remaining anonymous, because one lone act of civil disobedience may be influential, but easy to control. This begs the bigger question: what if there was organized disobedience on this issue? What if many of us applied this DRM2 crack by legally purchasing music online in .wma format, making a personal copy on our hard drives to assert fair usage rights, and sent this information along with our real identities to the RIAA or elected officials? The cause ain't exactly for world peace, but if we're really pissed off about this, then I for one would be willing to take a risk.

Fair Use

[47PHA60]

I was very impressed with the BealeScreamer's comments on the original intent of copyright. What the hell are they teaching kids in school these days?

Any lawyers out there who can explain a Constitutional justification of both copyright and fair use? I ask because it seems that the DMCA would be found unconstitutional if it is found to restrict protected speech. Since there seem to be contradictory rulings on the status of computer code as protected speech, it would seem logical to let a federal appeals court decide, then see if the Supreme Court is interested in hearing about it (and maybe redeem themselves for fixing, er, I mean, providing finality for, the last election).

Digital Rights Management?

[zarathustra93]

When are MS, Sony and others going to learn that any sort of system like this will be broken? They should take a tip from the gaming industry.

I was excited to get a sony mp3 player as a gift last year. Until I realized that it used a proprietary format, atrac3. It will only allow me to load a particular piece of music 4 times. I've even loaded the music I make on it, but I am still subjected to this limitation. HELLO, it's my music, I made it,I own the copyright.

Digital Rights Management is there only to help support the massive amount of proffit that the recording industry is used to making. Well, I have a message for these people: The days of the $20 CD are long gone. Charge a fair amount of money for your product, and people will buy it. If you continue sticking it to the customer, they will break your systems and get it for free. Evolve or die. It's that simple.

http://www.assasins.net

Re:Digital Rights Management?

[Bluesee]

Yah, I've been saying that since Napster. P2P was supposed to destroy the traditional pyramidal economy. Well, it's appaerntly just gonna take a little longer. But its hell watching them try to keep their little toe-holds, in't it?

So many laws and lawyers and schemes and provisions to hold back the dam!

Boys oughta just step aside and let the information river flow freely; some people might lose their 'free lunch', but the rest of the world will finally realize the promise that was the internet.

Re:Digital Rights Management?

[JoeShmoe]

When are MS, Sony and others going to learn that any sort of system like this will be broken? They should take a tip from the gaming industry

Which tip would that be? The tip where I am forced to insert a perticular CD-ROM every time I want to play a game? And swap for another CD when I want to play a different game? And waste one of my precious IDE devices on a drive that can only hold about 700MB of information (eg, one game) instead of 100000MB (eg, every game)?

Or do you mean the tip where they deliberately use bad sectors and audio subchannels to copy protect a physical CD so that I can't make a backup copy and so if it gets scratched I have to send away for a new one?

Before you hand the gaming industry their halos, put away that easy to install, bloat-free, no CD check game rip you downloaded off IRC and go buy the same game in your local computer store. I guarantee you'll be as fed up as I am.

I know you are referring to the fact that games no longer play this "what word is on page 3" BS but despite the fact that the gaming industry claimed they dropped those kind of games "because we love our customers and don't want to hassle them" the real reason is that a) they weren't effective since you could just photocopy the page/keywheel/chart and b) they could be cracked/patched around anyway and c) the gaming industry was moving to CDs, which was copy protection enough since CDs were SO HUGE and SO IMPOSSIBLE to copy/distribute.

Now that CDs are about as easy/cheap to copy as the old floppy disks, we are starting to see the exact same crap. In case you are too young to remember this floppy games (Arkanoid comes to mind) used bad sectors on the game floppy to prevent someone from making a copy the same way the new CDZilla/etc protected CDs do.

As CloneCD images become more rampant, I fully expect to see game publishers making Internet registration mandatory so they can play the same kind of copy protection games they used to play with funny symbols in the manual. Of course, they will be completely ineffective at stopping piracy, but they will be yet another annoyance that customers are forced to endure from the wonderful, trusting folks in the gaming industry.

- JoeShmoe

Re:Digital Rights Management?

[zarathustra93]

"Which tip would that be? The tip where I am forced to insert a perticular CD-ROM every time I want to play a game?And swap for another CD when I want to play a different game?"

I bet you have a 100 cd changer for you music eh? :-) Perhaps that was a bad example on my part.

I humbly offer another:

http://www.motu.com (Mark of the Unicorn) is a maker of medium to high end audio software and hardware. Their sequencing program, Digital Performer, which I use and paid for, has absolutely *no* copy protection. No hidden files, no dongles, no 'insert this CD'. This came about because they *listened* to their customers complaints about how they managed their copy protection. What's resulted from this? They have an extremely loyal customer base, and their products have gained marketshare over the past several years. All of it due to good customer service, and putting the convienience of their customers first.

When I used the gaming industry as an example, I meant it as a "see: this tpye of copy protection does not work" example. :-)

Re:Digital Rights Management?

[csbruce]

I was excited to get a sony mp3 player as a gift last year. Until I realized that it used a proprietary format, atrac3. It will only allow me to load a particular piece of music 4 times. I've even loaded the music I make on it, but I am still subjected to this limitation. HELLO, it's my music, I made it,I own the copyright.

Sony is a member of the RIAA. You were expecting them to allow fair use? Better buy a different brand next time.

Re:Digital Rights Management?

[ecampbel]

This is precisely why the DMCA was enacted. DRM is clearly an intractable Comp Sci problem, but it can be solved legislatively. Just make it illegal to write and distribute the exploits! Problem solved.

Let's pretend that the DMCA didn't exist, and it was perfectly legal to reverse engineer digital rights management systems; how long do think it would be before an enterprising software developer would release an application that could play these files without respect to the rights of the copyright holder? To take this even further, this capability could be added to hardware players and be touted as a feature. Who would buy devices that were encumbered with respect to DMR, when devices that ignored the restriction could easily be obtained? Once these devices proliferated, DMR would be next to useless. The DMCA prevents this from occurring, and thus makes DMR a viable solution for publishers.

What surprises me is the length Microsoft went to prevent their DMR solution from being cracked. There's really no point in all the layers of obfuscation that they employed. Microsoft had to know that given a determined enough "hacker", they'd all be circumvented eventually. There only recourse is that the exploit will be ruled illegal (at least in the U.S.), which means a vast majority of the public will not have access to it, and this is really all that matters to Microsoft and the publishers that employ this technology.

DRM impossible

[andy_from_nc]

DRM usually relies on Encryption. Encryption itself has always depended on evolution. The idea that algorythms that need a system at least several orders more powerful than the one required to encrypt the data to break the data (without the key). DRM is a logistical nightmere, as it requires being able to run on last years hardware and next years regardless of the system invented next year.

Secondly, effective DRM requires a central authority and encryption method which the media available locally will nearly always exceed the bandwidth. (HDTV today, UHDTV tomarrow...all on 1 ghz? probably not)

Re:DRM impossible

[NearlyHeadless]

DRM usually relies on Encryption. Encryption itself has always depended on evolution. The idea that algorythms that need a system at least several orders more powerful than the one required to encrypt the data to break the data (without the key). DRM is a logistical nightmere, as it requires being able to run on last years hardware and next years regardless of the system invented next year.

No, that is not the problem. Encryption, when used to keep third party eavesdroppers without the key from understanding your communications, works just fine.

The problem is that DRM tries to keep the intended recipient, who must have the key (in a hidden form), from sharing the information. That is another problem and it is one that encryption is not good for.

Re:Nice

[shani]

Unless the author's plane makes an emergency landing in the US. Then it's all over, as FBI agents storm the plane and bring the evil-doer to justice.

God bless America, hopefully Bush can keep those jealous of our freedoms in jail.

A mirror for the zip

[Mik!tAAt]

Here's a mirror to the .zip file. Hope it helps.

Re:A mirror for the zip

[Black+Parrot]

Remind me again why I wanted a copy of the .zip?

Oh, yeah... Some people out there actually use MS products. I keep forgetting.

Re:A mirror for the zip

[ethereal]

The same reason that I wanted DeCSS.zip, even though I don't own a DVD drive. To fight the power, if only in a little way, and make sure that this genie never gets put back into the bottle.

Re:A mirror for the zip

[cymen]

FreeDOS isn't an MS product and neither is Dr DOS.

Fair use: a birth right?

[Rob+Kaper]

During a (anti-)DMCA presentation at school, the smartest question I got was
the following: is fair use a birth right or simply a result of the sale
contract?

If it's the latter, there's nothing we can do but informing people and
refusing to buy products with fscked up sale contracts (limiting fair use).

Maybe fair use is nothing more than a tradition and something we've grown
used to. And not "right", by all means. Is the limitation in copyright
(which it is) written in the books of law?

Re:Fair use: a birth right?

[firewort]

Much of fair use comes from 17 USC 107:

Sec. 107. Limitations on exclusive rights: Fair use

Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -

(1) the purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in
relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or
value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.

The rest of fair use comes from tradition. What is codified here, we need to fight to protect. What rights we assert from tradition, we need to fight harder to codify.

Re:Fair use: a birth right?

[Black+Parrot]

> During a (anti-)DMCA presentation at school, the smartest question I got was the following: is fair use a birth right or simply a result of the sale contract?

Perhaps more to the point, is copyright a birthright, or simply the result of a legislative process that (supposedly) has the public's best interests as a guide?

Re:Fair use: a birth right?

[ashpool7]

I've always thought that "fair use" was doing whatever the hell you felt like with copyrighted material you bought short of stealing sales to another person from whoever sold it to you. 'Course, gets tricky with households, DJs, radio, etc ... :) Fair use is like the "be nice" clause.

But in reality, copyright is an artifically created right, so therefore fair use is just conjured up too. It's tradition to attempt to balance the rights of the copyright owner to the rights of the audience.

Re:Fair use: a birth right?

[tdye]

Fair use is part of the copyright law itself. Its intention is to prevent people from having to pay to excerpt from works for educational or other purposes, and it's been interpreted to also include what's known as 'time-shifting'. Basically, you can record a broadcast or make oa copy of a work so that you can read, watch, or listen to it later. You can even share it with your friends, i.e. you can give/loan your ST:TNG tapes to a friend without having to pay Paramount. You can't sell them, however, or profit in any way from the exchange (or broadcast or whatever).

The problems began when someone figured out how to share a copyrighted work with 16 million people at once... the fair use section of the copyright law makes no mention of scale, because it never occurred to anyone that you might be able to saturate the market with unlimited perfect copies while also charging $0.00 per copy.

Of course it's not only possible, but easy and convenient. The root problem is, copyright enforcement and fair use of digital material are now mutually exclusive concepts. It's no longer possible to have both.

So to answer your question, it's part of the law itself, and could conceivably be amended, repealed or restricted with new legislation. The holder of a copyright binds himself to the fair use doctrine when he applies for the copyright, not the purchaser when he agrees to an EULA or buys a work. 'Fair use' is not a right enumerated in the Constitution, though some may argue (convincingly IMHO) that perhaps it ought to be.

Re:Fair use: a birth right?

[Bob9113]

is fair use a birth right or simply a result of the sale contract?

Before answering this question, you must first answer the question, "Is copyright a birth right, or simply the result of government fiat?".

The free market governs the price of physical property by natural law; when I have this block of cheese, you cannot simultaneously have it. Therefore, if you want it, you must give me something which I value more, and you value less, than the block of cheese. Great system, and it is a natural byproduct of the laws of physics.

Intellectual property does not follow these natural laws. Therefore, copyright is itself a fiat of government. Given that, everything regarding IP rights is a fiat of government and subject to the desires of the governed. There is no natural law regarding any part of IP law, including "fair use".

Re:Fair use: a birth right?

[roystgnr]

If fair use is a birthright, then they can't take it away from us.

If fair use is a result of the sale contract, then they can take it away from us... but they won't. What kind of twisted record store is going to make me sign a contract (necessary to override the implicit contract of copyright law rights) before I walk out with a CD?

Repeat after me:

If you open the box, and see a piece of paper claiming that you have forfeited some rights, throw that piece of paper away. It is not a contract.

If you start up a piece of software that you have completely paid for (e.g. there is no continuing online service), and you are supposed to click through some dreaded EULA before it will install, then unless you're in one of the damned UCITA states, ignore that EULA. It is not a contract.

If someone wants to take away your rights, they need to do it with an actual contract, which can be read and agreed to by you before you give them your money!

The current practice of deceiving people out of their rights with unenforceable legalese-sounding claims should be considered fraud. Can anyone out there afford to buy a congressman and get this looked into?

Disclaimer: IANAL, and I suspect that the violations of corporate perogative above may be dangerous even if not violations of law. Don't blame me if you listen to some random Slashdot user and end up as the next Dimitri.

Re:Fair use: a birth right?

[jms]

Actually, fair use comes from the First Amendment. The concept of fair use was judicially created, and recognized long before it was codified when the copyright laws were rewritten in 1976.

Let me explain.

Copyright places a restriction on speech -- specifically, the right to repeat and build upon other people's speech. However, the First Amendment, passed after the original Constitution, outlaws the suppression of speech. It is a general principle of law that if a new law is passed that contradicts an older law, then that new law is considered to have superceeded or struck down the old law.

So, the courts were faced with a dilemma. Either the First Amendment had outlawed the granting of copyrights, or some interpretation needed to be found that would allow the two to coexist. This led to the concept of "fair use" -- which essentially restricts copyright holders to controlling commercial use of their works. This is consistant with the doctrine that commercial speech may be less protected then expressive or non-commercial speech.

So fair use serves a very important Constitutional role -- it is the doctrine that allows copyright to coexist with the First Amendment. It is NOT merely a statutory grant.

Re:Fair use: a birth right?

[syates21]

"However, the First Amendment, passed after the original Constitution, outlaws the suppression of speech."

Actually, the First Amendment outlaws the the suppression of speech by the government (at least a specific part of it).

Re:Fair use: a birth right?

[Danse]

Nitpicky in the context of his post. He's talking about copyright, which is a creation of the government.

Re:Fair use: a birth right?

[jswitte]

The root problem is, copyright enforcement and fair use of digital material are now mutually exclusive concepts.

I would say that there're not completely exlusive, but they're very close. In The Demonization of Piracy, Jessica Litman says that all sorts of things we are used to doing with media that like sharing music with friends, singing "Happy Birthday", etc., always used to be simply "legal but unauthorized uses" (a paraphrase, her original words make more since) I take this to mean that the two concepts are not mutually exclusive as long as the copyright cops only go after the big infringers. It used to be that the line here was well-defined (the "big infringers" were publishing houses making money off someone else's work, the small people were college kids), but now the line is extremely gray, if not nonexistant. This echos what RMS said in his rant on copyright that got Slashdotted a while back.

In my view, the problem is not mainly whether the two are exclusive, but in codifying in law how that exclusivity will play out. There is a paper by Jonathan Rouch called The Rise of Antisocial Law which talks about this problem of trying to codify everything, which is pervading the legal and governmental system today (I think that's a lot of what causes all the stupid-patent stuff that shows up here). It used to be that fair use was not codified, but that people generally respected the traditional intent of copyright (to provide a time-limited incentive for authors, scientists, etc to create. Under that model (and in the pre-Napster world), fair use (small scale infringement) was tolerated and generally left alone. But now, in the post-Napster world, the dominant copyright model has moved to an economic basis, of squeezing every last bit of revenue out of the consumer as possible .(although it doesn't work for most of us - I don't particularly want to pay $18 for a CD that's 5 years old, but if the price were $6, I'd probably sure as hell buy more than 3 times the amount of music)

In addition to this shift, there has been a shift toward more and more finely codified, explicit laws (see above), and the "copyrighted industries" have become much more agressive, no doubt becase they see their IP protections primarily as monetary assets, and not in the way the Founding Fathers did, as incentives, but not neccessarily as permanent "lock-boxes" (to use an over-used phrase from the 2000 campaign)

Not that useful

[CProgrammer98]

This ONLY applies to version 2. The vast majority of protected fiels are protected with version 1. This code DOES NOT crack version 1 files, so it's not a good deal of use yet. I suspect that by the time v2 is in wide use, MS will have done something to stop this (see my other post about how MS can modify your software if you break the EULA)

Of course, Linux users don't even have to worry about this.

Re:Not that useful

[innocent_white_lamb]

This code DOES NOT crack version 1 files, so it's not a good deal of use yet ------> It's very useful indeed.

You seem to have missed the point. This code is not intended to be used to "crack" anything in particular. It is (for want of a better word) a social comment on the current state of copyright law and so on. The fact that it contains a useful component as a practical demonstration of the facts and opinions included in the archive is good, but it's not the be-all and end-all. It jacks up the "cool" factor and thereby increases the exposure. So it does what it was intended to do, in all ways.

How this could be useful

[eulevik]

Lots of people encode with WMA, reformat their machines or whatever and have lost their keys.

Would it be possible for someone to use this work to create a fix for these people?

Re:How this could be useful

[turbine216]

A while back, some really smart dudes discovered that this type of situation can be avoided by means that are far less complex than cracking, hacking, and other DMCA-unfriendly actions...

IF YOU DON'T WANT TO LOSE IT, THEN BACK IT UP. ESPECIALLY IF IT'S ON A WINDOWS BOX.

Pure genius, if you ask me...

Re:How this could be useful

[jms]

No -- this program reads the keys out of the system files and uses them to decrypt the files.

This program cannot decrypt a wma file without the proper decryption key for that file, which is stored on your machine and accessed by the program. Without that key, this program cannot help you.

Also worth noting is that this program cannot decrypt wma files that are keyed to another machine.

Re:Nice

[ibnmaja]

it would be nice to read the explanation, what we are doing is just downlaoding a piece of educational software :)

So ?

[da5idnetlimit.com]

I also read from my "manage your system" book that :

To do that, MS got to have access to your machine.

I also know how to setup a firewall to stop WMP to connect, download the patches and updates I want from an anon proxy, and also never read a movie from the net, prefering a local copy to a secure server and then I access....

I know MS can try to F)k my machine anytime they want, but then I don't give them free access to my machine. You know, F I R E W A L L...

Which is, I think, the point...

BTW (Offtopic, but I have ask somewhere) anyone knos if M3309 DVD card is recognized under Linux ?
If yes, then MS can go to hell, I won't need them anymore...

Nice timing

[CaseyB]

including a link to a downloadable zip file which contains source code, explanation and a small DOS utility.

What a wonderfully timed response to Microsoft's recent complaint about releasing sample code!

Re:Nice

[Verteiron]

As long as the author doesn't visit the US. Then they'll arrest him, just like Sklyarov. And under the new laws, he'll probably be marked as an international terrorist, so they can detain him without any cause at all with the blessing of the courts.

RTFPPINZ !

[kc0dby]

PPINZ you ask? Philosophy Paper In The Zip. Pretty good read, if you ask me. An Excerpt- Making a copy of an item doesn't in any way remove that item from the original possessor, so "theft" is clearly an inaccurate terminology. However, the publishers' insistence on using that word, and the public's acceptance of it, means that a much more negative light is cast on an action that, while wrong, is nowhere near the severity of a true "theft." After reading this I feel I owe the world an apology. Dear World. I am profoundly sorry for 'stealing' all that music. I am not a selfish person, but apparently I am an ignorant one. Here, all this time I thought I was copying all that music, not moving it. And to think, all those songs I have on my hard drive are no longer held by the publishers and radio stations. I was beginning to wonder if the worlds tastes were suddenly changing, as all I heard were boy bands and implanted teenage girls on the radio. Now, I come to find, that I am the reason for this trend. All the good songs are on my hard drive, and this is all the publishers had left. They even went to the extent of "manufacturing" artists to compensate for all those I have stolen from them. For this as well, I apologize. I know this music sucks, and nobody should have to listen to it, but in my ignorance I thought the old standbys would remain, even if I downloaded them. And to think of the moral implications of downloading the music of deceased artists. Never again will these songs be heard! I will be burning all of these songs to CDR and mailing them to the RIAA, so that we may have the beautiful music of our culture again. Sorry O-town, I have a feeling you'll be the first to go.

Re:RTFPPINZ !

[cavemanf16]

You are pretty selfish. Why don't you upload them back to the servers and people's computers that you got them from you bastitch? I'm sure some of that Indie music that you downloaded actually belongs to the Indie artists, not the RIAA - so you had better turn that computer on, and leave it on, so that all those artists you 'stole' from can go find their music, and download it back to their own computers.

Ha-ha! :)

Re:RTFPPINZ !

[erasmus_]

Please mod this up, I think this is the funniest comment I have read yet on this thread.

Of course the reason public perception of copyright theft will persist as it currently stands is the amount of propaganda money RIAA, MPAA, and other industry organizations have. Let's face it, as much as we'd like to think that our views on copyright are the majority, this is only a small fishtank of public opinion. Joe and Jill Public do not understand the difference between shoplifting and copying music anymore that they understand how a hacker is different from a cracker. Nor will that change anytime soon.

This issue has existed in our community ever since pirated software, when SPA was our evil entity to detest. Things haven't changed, and despite the profileration of CDRWs out there on mainstream PCs, I'm just not sure they will. I think the prices will stay high, the music industry will continue wanting to rip us off, and we'll keep fighting back. Not that that's a bad thing, we have done well so far. Thanks to the author of this program, the latest in great coding being used for the good of the community.

Re:RTFPPINZ !

[Dr.+Awktagon]

So the rule of thumb is:

mv -f /mnt/friendsdisk/*.mp3 ~/mp3/: DANGEROUS, ILLEGAL

cp -f /mnt/friendsdisk/*.mp3 ~/mp3/: SAFE!

Whew! Looks like I've been doing the right thing all these years! Back off RIAA!

a brave soul

[shivan]

it takes a brave soul to release such a tool in a time like this, while the us government is hunting down anything that has to do with encryption and computer crime related bullshit (pardon my french).

lets not hope this puts more oil on the fire allready burning within some of you government officials and their wacko bills.

My congrats to the brave soul who is defying the corporations and fighting for all our rights.

Re:Nice

[firewort]

Except, as Dmitry Sklyarov learnt, if you write something outside the US, but it's available to those inside the US, and you travel to the US-- you'll be nabbed in a heartbeat.

plan your vacations carefully, until we get that law struck from the books.

DRM is dangerously counterproductive.

[Nindalf]

To me, fair use rights aren't a big concern. If you can see it or hear it, you can get an adequate sample for fair use with a cheap camera or audio recorder. You don't need perfect digital video samples to make your point for a review.

The larger issue here is this desperate attempt to cling to a ridiculously outdated and inefficient method of securing profit in return for desirable intellectual production.

Put in simple terms, DRM hurts our economy. Very, very badly.

Economic growth comes from improvements of efficiency, clearing out the dead wood and finding a use for it elsewhere. Following the analogy, DRM is better systems of stakes and cables holding the dead wood from being carted off.

There is a whole ridiculous, unproductive structure built around milking every penny out of copyrighted works. This is justified essentially by accusing every citizen of the stupidest kind of miserliness, unwilling to give a dime to make they're favorite movie studio make another next year, but willing to pay a dollar as long as you don't let them into the theater otherwise.

Yes, there are people out there like that, but I don't believe they're the majority for a second!

The tools are out there, and could be supported and working everywhere in weeks if people want them to be. Don't like the details of that system? Propose another. It's not rocket science: donation doesn't need real-time verification, so it's an easy problem, as long as we agree on some system.

Once people get in the habit of freely parting with their pocket change for things that they'd gladly pay much more for, copyright will be a ridiculous anachronism, and we can finally get on with reaping the benefits of the information age.

Re:DRM is dangerously counterproductive.

[firewort]

You claim that copying in an analogue format is sufficient for fair use rights exercises.

That's fine and well, but analog formats are slowly being phased out and replaced with digital ones. When all the analogue equipment is gone, what will you use to exercise your right, then?

Re:DRM is dangerously counterproductive.

[Nindalf]

That's fine and well, but analog formats are slowly being phased out and replaced with digital ones. When all the analogue equipment is gone, what will you use to exercise your right, then?

Actually, I didn't mention analog equipment at all, and I doubt we'll ever see digital cameras and audio recorders that recognize and block copyrighted materials. That would be ridiculously hard, and the recognition would cost at least a hundred times as much as the recording itself.

Re:DRM is dangerously counterproductive.

[t_allardyce]

I doubt we'll ever see digital cameras and audio recorders that recognize and block copyrighted materials.

Don't be too sure...

Re:DRM is dangerously counterproductive.

[tmark]

You know, I wrote a long reply to this post which keeps getting rejected by the Slashdot engine because of an "Invalid form key". So I'm condensing a reply one last time.

The evidence that your proposed donation system won't work is in the very records of donations to the site you advertise (www.buskware.org). A measly $5.60 has been collected for this tool which you purport can take the place of conventional payment schemes. If people are so willing to pay for things they find useful but do not have to pay for, why isn't buskware.org raking in the money ?

Re:DRM is dangerously counterproductive.

[tmark]

Yes, there are people out there like that, but I don't believe they're the majority for a second!

And I do believe that the majority of people are MORE THAN WILLING to download MP3s of songs they have never purchased. I believe that lots of people are buying CD burners ONLY to burn verbatim copies of their friends' CDs, or to burn discs full of songs they downloaded off Napster (songs which they never bought), and that almost all CD-R media sold goes towards this purpose. I believe that the "people are willing to pay for it if you give them a chance" hyperbole here is nothing more than hyperbole, spouted off by people who more often than not also possess MP3s/CDs to which they have no claim of fair use.

I say this because the vast majority of people I know with computers do this as well, or are always asking their friends to do it for them. And before you charge me with having particularly dishonest acquaintances, I challenge you to take a good, honest look around at the people you know - are you really trying to say that the majority of them own all the CDs containing the songs in their MP3 collection ? I doubt it.

I also believe that most - perhaps the majority - of people would be more than willing to steal *real*, physical goods, if there was no fear of repercussion and if there was no way they could be caught or identified (as is the case with MP3s and the like now). Look at all the apparently normal people who engage in looting in times when the police obviously would not be able to do anything about it. I'm specifically thinking of situations like the LA riots, where lots of normal people (and lots of thugs, also, to be sure), looted everything in sight wherever they could do so freely. This is why we have locks on our doors. This is why we have security systems and surveillance. Would you have this "dead wood" cleared as well ? Do you have equal confidence that the store in the mall would be in business a month from now if they just put all their merchandise out in an empty store, fielded queries through videoconferencing to a remote site, and just put out a donation box for payments, with no security at all ?

Come on, the record studios aren't stupid, despite what many would like to believe. There are some extremely smart, well-educated, and business-and-tech-savvy people in their ranks, and they are all charged with the responsibility of making good business decisions for their (rightfully) self-interested companies. If there really was evidence that most people were willing to pay for music then there is no way they would waste time trying to implement rights management. If there really was evidence that they could make as much money by pure electronic distribution, sans rights management, they would do it in a second. The very need to implement these schemes points to the fallacies in your assumption that the majority of people are willing to engage in a donation system, or even that the majority of people are willing to pay for things they could easily steal for free.

As for your claims that "DRM hurts our economy...very badly", well I have to basically leave that since you provide no evidence - just faith - that the absence of DRM would HELP the economy. I can't see how preventing people from illegally distributing and copying music and software they don't own can possibly HELP the economy.

Re:DRM is dangerously counterproductive.

[firewort]

Quote from Nindalf, the parent comment to my original reply:

To me, fair use rights aren't a big concern. If you can see it or hear it, you can get an adequate sample for fair use with a cheap camera or audio recorder. You don't need perfect digital video samples to make your point for a review.

You mention cheap cameras and audio recorders, which I took to mean analogue. I know of no cheap digital equipment.

You state that it would be horribly expensive and impractical for digital cameras and audio recorders to have digital rights management in them that recognizes recordings and prevents copying. I point you to iObjects whose DadioOS is used in HipZip, and plays .ogg, .wma, .mp3, and .aac files, and incorporates DRM into the OS of the player equipped with DadioOS. It may be horribly expensive and impractical (although at $149 USD, it's not that expensive) but it's being rammed into available devices, just as it's been rammed into law.

Re:DRM is dangerously counterproductive.

[Nindalf]

And I do believe that the majority of people are MORE THAN WILLING to download MP3s of songs they have never purchased.

And what, precisely is wrong with that?

It doesn't demonstrate in any way that they wouldn't happily donate $0.05 or $1.00 or $0.001 or whatever for every one they download if it was convenient.

I don't support the right of content producers to extract arbitrary prices from users. I don't see anything at all wrong, in an ethical or moral sense, with unauthorized copying.

Re:DRM is dangerously counterproductive.

[Nindalf]

why isn't buskware.org raking in the money?

For one thing, because almost nobody has seen it yet, and I haven't seen any indication that anybody has found it useful. It's new, and I've been putting off promoting it while I work on better tools.

If you look around www.boswa.com, my main software page that's been up for a while, you won't see much. Just a few goofy toys and an early draft of an essay. That's what collected about $5 for, all through e-gold, a relatively obscure micropayment system, and I didn't even have a PayPal link for most of the time.

Look around more. Penny Arcade for instance, which has been surviving on donations for months, and using services that shave off an absurd portion of each one.

At any rate, my own failure would hardly indicate that the whole model is invalid.

Re:DRM is dangerously counterproductive.

[vtechpilot]

I couldn't agree with you more. If there was any indication that people would pay a fair price for downloading music, there would be a way to do it. If people really wanted to compensate the artists, they could always drop an anonymous letter in the mail to the artist with a dollar bill and a note about payment for downloading.

Dear Moby,
I send you this dollar because I downloaded 'Instinct Dance' off napster last week.
-Your Fan, Anonymous.

Re:DRM is dangerously counterproductive.

[Tackhead]

> As for your claims that "DRM hurts our economy...very badly", well I have to basically leave that since you provide no evidence - just faith - that the absence of DRM would HELP the economy. I can't see how preventing people from illegally distributing and copying music and software they don't own can possibly HELP the economy.

Really? Consider this:

Suppose I produce $50,000 worth of code in a year. My employer hands me a fat check. After taxes and living expenses, I have about $10,000.

Scenario 1: I purchase 588 compact discs (at $17 each, for $10,000) of RIAA-approved content.

• Some artists get $600 to spend on tax, living expenses, guitars, and syntheziers.
• The music seller gets about $2500 or so. He buys food with it.
• A CD pressing factory gets about $1000. They buy fancy chemicals and mastering equipment with it.
• Hilary Rosen and her friends get about $4100 to spend on hookers and booze Congresscritters, to pass more laws to restrict my freedom.

Scenario 2: I download the music "for free".

• A premium USENET provider gets $500 to buy servers and fat pipes with.
• My ISP gets $500 to buy servers and fat pipes with.
• 588 CDs is about 700 hours of music, and at 192kbps. A CD-R pressing factory gets about $50 for a spindle of 200 quality CD-Rs. (one for originals, one for backups)
• A hard drive manufacturer gets $250 for a 100G drive.
• I drop about $1000 on hardware - mostly wiring and cabling and speakers - and wire my entire house for sound. When my friends can hear any song they want, in any room of the house they want, any time they want, they ph33r me, and want to do the same themselves.
• Oh, shit, I still have $7700 left!
• ...$7100 when I'm paying $600 through Fairtunes.
• In the pretense of evening this out, I decide I'm willing to operate under the same economic handicap that Hilary Rosen has, so I drop the $4100 to EFF and let them buy Congresscritters instead.
• Even after this, I still have $3000 of capital left over to invest in an IPO - the direct funding of new ideas and businesses.

Now... explain to me again why paying $17 per CD is good for overall economic growth?

Re:DRM is dangerously counterproductive.

[DahGhostfacedFiddlah]

TV's/Monitors that enforce DRM, and have another invisible "color" over the images dictating the copyright. New cameras wouldn't record anything that they weren't allowed to.

I'm not saying it would happen, I'm just saying that it's not really technically difficult.

Re:DRM is dangerously counterproductive.

[Clifton+Wood]

Define: "fair price".

Our idea of a fair price, or theirs.

Honestly, the person to be asking this question to would be the artist, but since they don't own the work they aren't the ones setting the price.

And that is part of the problem.

Re:Nice

>I hate to say it, but it's illegal according to the DCMA, to reverse engineer and distribute the code. But,
>since I don't give a fuck about the DCMA, I'll be downloading too.

In the US, yes... the Reg resides in the UK and the EU "Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs" states the following:

Article 6 Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs...

By putting it on its own server Reg is pretty much trolling Microsofts legal department. Way to go!

JK

Of course, this is also copyright infringement....

[PinglePongle]

The Register will no doubt notice their immortal prose is being stolen, and will employ Microsoft to create a DRM solution for text. Oh, wait, no, Adobe already did that. Now, what was that Skylarov guy doing again ?

Re:Is it any surprise?

[BiggestPOS]

Sufficiently strong crypto might as well be unhackable, as long as they don't leave in some sort of stupid backdoor/loophole that makes it easy to bypass all the key guessing :)

Microsoft's advanced crytpography techniques..

[FeatherBoa]

are exposed in Beale Screamer's Technical Details document enclosed in the Zip:

Microsoft has decided to use the non-alphanumeric character '*'
instead of '/', and '!' instead of '+' in some places, and in other
places they replace '/' with '@' and '!' with '%'. This means that
any software dealing with these strings cannot use a standard Base64
decoder, but must use a custom-build decoder.

Re:Microsoft's advanced crytpography techniques..

The reason is because it's a lot easier to pass "*" and "!" on a URL Query String than it is to pass "+" and "/" which have to be encoded.

Microsoft provide the replacement Base64 functions for doing this.

Another Addition to the Collection

[derrickh]

I'll put this in the same folder as DeCSS. I wonder how much money it cost to develop MSdrm? All that cash...wasted.Buahahahaha

D

Re:Nice

[32xts]

Until Sweden finds itself wanting more McDonalds and Brittany Spears CDs.

They have Meatballs & Abba, why would they want the alternatives?

She ?

[bockman]

Assuming is true, jou just made it 50% easier to find out who _she_ is. Maybe more, 'cause woman teechies this good are not common (uhm, maybe we have to rethink about it).

Re:She ?

[BJH]

Don't worry. Some people, for whatever reason, use the male form all the time. One of my (male) CS professors did the same: In every exercise where he described a scenario, both the user and the programmer were always a "she". I thought that was pretty braindead, but you get used to shit like that.

Now, to take a leaf out of Douglas Hofstadter's book:

Don't worry. Some people, for whatever reason, use the black adjective all the time. One of my (black) CS professors did the same: In every exercise where he described a scenario, both the user and the programmer were always "black". I thought that was pretty braindead, but you get used to shit like that.

Got the point yet?

Re:irresponsible

[Dimensio]

You have a good point about the suggestion to grab the DRM cracking utilities, though I disagree with your sentiments that violating MicroSoft's copyright is somehow justifiable. Microsoft's engineers worked hard to create an effective system for helping large corporations control their copyrights and here some anonymous hacker has broken all of their hard work and rendered the fruits of their money and efforts worthless, all in a single package that you can download here. Slashdotters, you should be ashamed that you are being encouraged to download this file and HeUnique should be ashamed for suggesting that people grab this file.

Cries of "fair use" do not render valid laws and copyrights obsolete. Just because DRM is easily circumvented is no excuse to ignore Microsoft's intellectual property.

Copyright Regulation

[javilon]

I really like the quote he/she makes on the Philosophy paper:

"One final quote from Vaidhyanathan, this time talking directly about
the DMCA:

This law has one major provision that upends more than 200 years
of democratic copyright law. It forbids the "cracking" of
electronic gates that protect works - even those portions of works
that might be in the public domain or subject to fair use. It puts
the power to regulate copying in the hands of engineers and the
companies that employ them.
"

As it happens, this is an "autoemployed" engineer using the power that the U.S.A. laws have given engineers to regulate the use of this copirighted material, in this case allowing access to it :-)

Ironic...

*reading the "Philosophy" text file*

[bricriu]

Would that more coders/hacktavists/1337 h@X0rs were so informed, and so capable of forming a cogent argument that Joe Q. Public might actually understand. Congrats for a piece of good software, and BRAVO for an excellent posistion paper.

I can only hope that someone in the mainstream media picks up on this aspect... in a perfect world, the NY Times would publish it as an Op-Ed column.

Re:Next up - guy thrown in jail

[Hektor_Troy]

I don't think there are mine fields in arizona ... but maybe nuclear test areas?

Hackers! You are condemned!

When you decide to surrender, approach
Microsoft forces with your hands in
the air. Sling your keyboard across your
back muzzle towards the ground. Remove
your ethernet cable and expel any disks.
Doing this is your only chance of survival.

What's all the fuss about?

[WildBeast]

I cracked the thing the first time I used it. I don't know about other versions but with Windows Media Player 8, the first time you start copying a CD to WMA it'll ask you if you want to use the Digital Rights Management and explains what the whole thing is. I simply answered NO.

Sometimes you people are too complicated.

Re:What's all the fuss about?

[posmon]

yup. the link seems to be down, but as there's no mention of .mp3, i assume that this hasn't been cracked.

and mp3's are the ones where digital "rights" are enforced.

Re:What's all the fuss about?

[WildBeast]

Are you using WMP8? Hope you're not encoding your MP3 files at 96k. They've got a few MP3 creation packs that won't require DRM. Apparently some people want lame as a GPL'd MP3 encoder because it's free so I won't be surprised if it was added to the list.

Re:irresponsible

[firewort]

Fair use is a valid law. 17 USC 107.

The DMCA that bars you from exercising it by hiding the work you own behind anything encrypted, is law, but it is not valid- it is bought, overbroad, and unconstitutional. I'm only waiting for the day when it will be recognized as such by the judiciary.

Cries of fair use do not render copyright obsolete, fair use coexists with copyright. Fair use does not coexist with sledgehammer-like copyright enforcement tactics, as fair use is the first thing to get trampled on.

The source and header files at groups.google.com

[shankark]

Here's the link:

Another zip mirror

[shut_up_man]

Since the reg seems pretty clogged, here's a copy of the zip.

shut up man

Happy Day!

[swordboy]

I think that it would be appropriate to queue up:

FRANKIE YANKOVIC - BEER BARREL POLKA.WMA

Roll out the barrel... We'll have a barrel of fun...

Oh no! Slashdot is in trouble!

[DaHat]

Just think ... if 2600 got in trouble for linking to DeCSS code ... just imagine what will happen to Slashdot for linking to this awful illegal code. Look away people or you too will be arrested and brought in to court!

Re:Oh no! Slashdot is in trouble!

[Lurking+Grue]

What are you talking about? I don't see Slashdot advertising links directly to any code. I do see thoughtful comments, though.

Much of what is going on here is intellectual discussion on the advantages/disadvantages of current U.S. copyright law. Discussions of encryption mechanisms are beneficial to society at large. Therefore, this forum should be viewed as a grand virtual meeting place where intellectual discourse can occur, free from the clutter of messy grits.

Re:Oh no! Slashdot is in trouble!

[DaHat]

I agree with you in part, how ever just posting a link to the source code breaks the law unfortunately. I agree that things such as this should be discussed and looked into in an open society, but things like the DMCA close it.

Zip file mirror

[Bonker]

Register is handling its slasdotting with grace... but not perfectly. Here's a mirror of the zipfile. It contains an EXE and several C src files.

http://www.furinkan.net/mirror/657.zip

I hope he/she is smart

[TheMMaster]

"We've got a few feelers out, and hope very much that he'll submit to an interview soon."
I sincerely hope they don't find him, because if they do, how easy would it be for microsofts $$$?

I am very impressed with this efford, keep up the good work and for the love of god please don't make us wear "free Beale Screamer" t-shits....

Re:Is it any surprise?

[acceleriter]

A lot of utilities and programs that are useful and oft pirated in the Warez community are getting harder and harder to crack all the time

It never ceases to amaze me that people who produce programs the primary use of which is piracy (e.g. RAR, CDRWin, ACE, NewsBin, et al) insist on trying to not only collect shareware fees but include intrusive copy protections as well. And they're shocked, shocked I say, that the programs get cracked. Rather amusing, really.

Open Source DRM? Shareware Music?

[tonywestonuk]

Before you mod me down for been flaimbait, please read... Let say I am part of an up and comming pop band, and manage to put together enough money to release a limited set of CD's to the masses. We would have to pay Rec. Studio costs, cd replication, shiping, marketing, etc etc. Now, I would find it would piss me off should within the first days of release, the my track ended up on Gnutella, available for download by anyone for nothing.... But, what pisses me off even more, is that DRM wasn't invented to protect the rights of bands, but rather the profits of the record companies. What there should be is a format of music, that 'pseudorandom' noise can be added to at the time of recording, by whoever decides to record it. The music would still be listenable, but be of poor quality. - The pseudo-noise, can be removed by entering a key, that is purchased from the band (for a few $ at most). At this point, however, not only will the sound file become clear, but a id that is tied to keycode will be added to the sound file (This would be 'noise', but hopefully inaudiable to none but the most sensitive ears. It would be mathematically difficult to decide what is keycode, and what is ID. Should 'in the clear' music be found on gnutella, then the author can trace who purchased the code, via the ID, and take relevent legal action against them. This is how shareware works at the moment, Eg, I Download some 'cripple' ware, and should I like it, I pay the author for it, after all, they deserve it. I am usually unwilling to share the unlocked program with others as if my unlocked program ended up on a warzes site, and author finds out, (from the registration info) then I could well be in deep trouble! I am sure that this must be possible, and it will give a huge finantial gain to the people who make good music, rather than the record lables who skim the profits off other peoples work.

Re:Open Source DRM? Shareware Music?

[TheMMaster]

This really is a wonderful idea, and I love it... but how long will it take before this is hacked?
If they can make a furby talk english they can also hack this... ;-)
I also think that most people that love music or the band will buy their music, and the people that pirate it would never have bought it in the first place, so why spend millions of dollars on some kind of encryption that will be hacked in a few weeks (at most) anyway?

Re:Open Source DRM? Shareware Music?

[night_flyer]

1) since you're an up and coming pop band, where are you going to get your promotion/exposure from?

2) if people are downloading your stuff that means you might actually be good

3) if you are good and people are downloading your stuff, some people will want to buy your stuff and go to your concerts

4) if people dont know about you they wont purchase anything from you

so how do you want it?

(thanks to napster/gnutella/iuma.com/mp3.com I have found MANY new up and coming artists, and have bought their stuff... stuff I wouldnt have bought if I hadnt heard of them...

Re:Open Source DRM? Shareware Music?

[tonywestonuk]

Will PGP be hacked?, Err no! - An individual key can be cracked with enough processing power, but the principal behind pgp remains sound (until somone works out how to factorise large nums that is!). I am no mathemetition (or Speller for that matter!) , but I'm sure there must be a way of accomplising this with music/sound files, while remaining open (as in source code/methods) - So it can be subject to peir review, and any holes plugged.

Re:Open Source DRM? Shareware Music?

[alen]

THis is the wrong place to argue this point. Slashdotters only want free stuff. If it costs anything they will try to find a way to get is for free. They don't care about you as an artist. To them, you should be thankful that they listen to your music. If they pity you enough they'll send in a few dollars through that website that takes contributions for starving artists and musicians.

As an artist you don't need money. You're doing this for the love of music. All the kids who dream of being rich rock stars aren't real musicians. Real musicians starve. Besides the music isn't yours. Once you burn a CD and sell it, it's theirs. They can buy one CD from you and share is with 10,000 of their closest friends over the internet. If you're lucky you'll sell it to enough people to pay back the cost of the PC and the CD burner. Then you'll have to worry about the rent, food and musical instruments.

Re:Open Source DRM? Shareware Music?

[night_flyer]

According to Courtney Love, she sees very little of the money generated per CD sale... shouldnt the artist get more?

Re:Open Source DRM? Shareware Music?

[TheMMaster]

No, but there would have to be A LOT of keys to each song, OR they would have to dynamically encrypt a song for everyone that's downloading it (that would be the only way then)
short of that, there must be a system, and if there is a system to it that has multiple keys, someone will hack it...
plus it isn't really encryption, he's talking about a way to add noise to the music, it will prob. be possible to create an application that just filters out the noise in some way...

Re:Open Source DRM? Shareware Music?

[cjpez]

Of course, when I hear something that sounds like sh*t, I don't buy it. I suppose if you're using just a traditional "singer/guitars/bass/drums" lineup it's probably not that big of a deal, but how can I make a decision whether or not I like Autechre or Aphex Twin if the music SOUNDS bad? Go listen to the sound samples available at Amazon or CDNow for more experimental bands, and then buy the albums. Did the samples give you anywhere NEAR a good feel as to what the music sounds like? Absolutely not.

On a more philosophical note, you're complaining about the possibility of having your stuff found on Gnutella, and then you're out however much money the downloader's theoretically not spending on you anymore. I can't speak for anyone but myself, but personally, getting me to like your music is the absolute best thing you could possibly do. If I download your music and like it, you can be sure that eventually I'm going to buy it. I don't listen to radio or watch MTV, so how do I find new music? Online. Through file-sharing systems. But I like owning CDs. I like the tangible feel of them. Maybe I won't purchase the album I downloaded, but you can bet I'll purchase the next one. If I like you enough, I tend to become rather completist, too. I'll end up with every last EP you've ever put out, just because I'm that obsessive about it.

Now without your songs ending up on my hard drive, how am I going to know you even exist? Your argument is based on an assumption that if I download your music, I'll never give you any money. That's just not true.

Re:Open Source DRM? Shareware Music?

[t_allardyce]

If your in an up and coming pop band then you want as much exposure as possible... Why not release your first few songs for free and encourage people to host them on gnutella. If your good, you will get a reputation as such, people will want to hire you for live gigs, (for money and free beer :). - The general moral here is: If you are good, and people like you, they will want to give you something back, but they don't have an obligation to do so, just remember, you are doing it for the love of music, not because you want to make some money fast for putting out some more crap the world already has.

Remember, if you can hear it, you can copy it. Even if you did take legal action against someone, it still wouldn't change the fact that your song was all over the net.

It only takes one CD to be freed from DRM, and everyone in the world can have a copy, so if your business relies on selling digital data (eg music) then your pretty dumb, and deserve anything you get.

Re:Open Source DRM? Shareware Music?

[FFFish]

Here's how you, and other artists, and RIAA can all make bucketloads of money:

1) Release free lowish-quality editions of your work (better than AM, perhaps worse than FM). Make it easy for me to find it. That is the tricky bit.

2) Make it really easy and really cheap for me to purchase high-quality (CD-quality, not MP3) single tracks. Something under a buck a pop.

To resolve #1 (easy to find) someone's going to have to get smarter. Set up a recommendations site, have a sensible tagging system and a kick-ass database search system that lets me seek music similar to that which I like. Figure out how to do cross-genre recommendation (perhaps if you like A, B, and C, and I like A and B, it should recommend I listen to C?)

Anyway, point is it needs to facilitate music exploration.

For #2, I want the best possible quality. No shitty 128kbps MP3s that are barely better than FM quality: I didn't spend thousands of dollars on my home system to listen to wrecked music. And it needs to be at least as easy for me to pay you 50 cents for a track, as it is for me to steal your track.

And if #2 can be arranged to cut RIAA out of the equation, so much the better.

Re:Open Source DRM? Shareware Music?

[Carter+Butts]

As an artist you don't need money. You're doing this for the love of music. All the kids who dream of being rich rock stars aren't real musicians. Real musicians starve.

Actually, my understanding is that real musicians play for a living. Despite the hyped dream of being able to "record once, get paid forever," the musicians that I have known (including my former teachers and their colleagues) made their livings by playing live on a regular basis. A glamorous lifestyle? No, but they weren't starving, either. Of course, to do this you have to be A) competent, B) versatile, and C) the sort of person who really loves to perform....but the career is there, for those who have the right stuff.

Frankly, my sympathy here is somewhat limited: the rest of us get paid for the work we continue to perform on a daily basis, as do most professional musicians. I can fully see the allure of getting paid many times over for a single recording -- and I understand that even this does not lead to riches for most -- but my empathy for the desire does not translate into an endorsement of the system which brings it about. Just because someone wants to have a monopoly on information dissemination does not mean that the rest of us should give it to them (no matter how strong the emotional appeal).

-Carter

Re:Open Source DRM? Shareware Music?

[t]

Slashdotters only want free stuff.

Actually in my case, I only want free stuff right now because we are on the threshold of losing all fair use rights. I feel that the free stuff has to be pushd and pushd some more to ensure that it is solidly in place before we can do pay for access stuff. How long do you think the web would have lasted if M$ had started earlier? They would have ensured that you had to be running the latested windows with ie and nothing else. Netscape would have been still born, and we would all be on alt.news.for.nerds.

t.

No, it isn't the point

[King+Of+Chat]

*You* can do it (good - the world seems to be short of people who can configure a firewall properly), but how many pr0n crazed ADSL users (with "always on" connections) are going to have firewalls? Apart, that is, from the shit one in XP provided by MS - which probably can't be configured to prevent Redmond doing as they please.

Yes, us techies will always find a way round (legal or illegal) but it's the vast majority of users who just want to play games, listen to CDs (which they bought) on whatever device and jerk off who will suffer. Even if they don't know it yet.

MSDRM sounds like the work of...

[Kamel+Jockey]

This kid we had interning with us for a few months. Said using MS Visual C++'s built in RSA encyrption schemes was "too hard" so he thought he could go and write "something better" in 3 hours. :)

I'm just gonna stick with Windows 98 First Edition for now hehehehe

Another mirror

[rbb]

I've got a mirror up and running containing both the The Register article and the zip file.

rc6.org mirror

Um...

[SilentChris]

...y'all know you can save Media Player files without any protection at all, right? Media Player 8 (in Windows XP) even asks you up front if you want to bother with protection.

Seems redundant. If I want to share files with others, I would assume they'd be smart enough to save them unprotected.

Re:Um...

[Chris+Johnson]

And you've read the source code, satisfying yourself that your 'unprotected' files will not expire at some future time and revert to 'protected'? Obligating you to re-release them under the now-current form of WMA?

Information doesn't *want* to be anything

[mblase]

The notion that "information wants to be free" is a rather interesting case study of anthropomorphism gone horribly wrong. Information doesn't want anything. Truth, the facts, raw data, none of them want anything. They're just sentences, numbers, claims, opinions, ideas. Unless you're willing to extend the definition of a meme to the extreme, they're hardly capable of even Darwinian ambition.

But people often want information -- want it to be free, or secure, or copyrighted, or burned, or locked away for the greater good. People want the latest news, the biased studies, the most accurate statistics. They want each other's secrets, their inventions, their inspirations, their dirty laundry . They want to be the first in the know, the winner in the argument, the smartest in the class. They want to be told what to think, to make others think like themselves, and to be the first with a new idea.

People in the Western world are conditioned to believe that with a little applied brain power, they can be anything they want. So they insist that information should be free, despite omnipresent evidence to the contrary. They ignore the fact that library books cost ten cents per day late, that a reliable Internet connection costs fifteen dollars a month, and that university tuition costs four thousand dollars a year.

Knowledge is power. The right kind of information is all that's needed to upend governments, bankrupt companies, exile citizens, and execute prisoners. It can turn a housewife into a millionaire, a CEO into an inmate, and a celebrity into a punch line. A poor man will kill for money, but a rich man will kill for secrecy. The patent office is filled with millions upon millions of facts which are worth anywhere from pennies to princedoms to the right people.

Information doesn't want to be anything. Information just is, which makes it an asset, which makes it vulnerable to the economic laws of supply and demand. So if your information is about Linux, it's probably worth nothing at all, save your reputation as a programmer. But if your information is about, say, Microsoft Office... in that case, it's worth whatever Bill Gates can get you to pay.

Re:Information doesn't *want* to be anything

[scruffy]

You complain that "Information wants to be free." is anthropomorphic, and then you assert "Knowledge is power." without any embarrassment.

From where I grew up, this is referred to as "the pot calling the kettle black". Or maybe another moral might be more appropriate: "Physician, heal thyself."

Re:Information doesn't *want* to be anything

[Shotgun]

And water doesn't *want* to flow downhill, but I wouldn't stand in front of the next flashflood if I were you.

The anthropomorphism is accurate. Once information starts to pass from one person to another, it is very difficult to stop the spread. How many movies are based upon the plot mechanism of a murderer having to kill more and more people to keep his secret? Keeping secrets is a very difficult business, because INFORMATION WANTS TO BE FREE!!

Re:Information doesn't *want* to be anything

[ChaosDiscordSimple]

The notion that "information wants to be free" is a rather interesting case study of anthropomorphism gone horribly wrong. Information doesn't want anything.

You're nitpicking. Would you so angrily jump down the throat of someone who suggested that water wants to run downhill? Would you attempt to correct me what I suggest that the software I'm working on wants a 256 megabytes of RAM? Most people are perfectly capable of recognizing that anthropomorphism is not literal.

No, information doesn't want to be free. But information damn well tends toward being free. People fundamentally like sharing information. We tend to tell others things we find interesting. We spend a great deal of effort inventing tools to help share information with each other. Writing, printing, movable type, telegraphs, telephones, email, usenet, web pages.

Once you've given me a piece of information, you would be hard pressed to stop me from sharing it as I see fit. We've had to build complex legal systems of copyrights and trade secrets for the sole purpose of stopping information from spreading. In the absence of this legal system, information would tend spread. People spend huge amounts of effort developing encryption, copy restriction mechanisms, and similar mechanisms to stop information from being shared. It's always easier to make a technology that always shares information that a technology that can restrict the sharing of information.

Human beings like sharing information. Stopping this free spread of information is very difficult. No, information doesn't literally want to be free, but the behavior of normal people tends to spread information. "Information wants to be free" seems to me to be a reasonable way of summarizing the situation.

Re:Information doesn't *want* to be anything

[malevolence]

3 may keep a secret, if 2 are dead.
-Ben Franklin

Re:Information doesn't *want* to be anything

[Nightpaw]

How many movies are based upon the plot mechanism of a murderer having to kill more and more people to keep his secret?

One, maybe two.

Re:Information doesn't *want* to be anything

[Borealis]

*also jumping on the nitpicking bandwagon*

Actually, "knowledge is power" is not anthropomorphic, because it does not imply that the "knowledge" wants or needs to be powerful. Conversly, "information wants to be free" attributes the desire of freedom to the information, not those seeking it.

anthropomorphism (nthr-p-môrfzm)
n.
Attribution of human motivation, characteristics, or behavior to inanimate objects, animals, or natural phenomena

Granted, the assertion is not proved. However, while it is provable that knowledge does not equate to power, it is generally understood that it is difficult (but not impossible) to be powerful without knowledge, unless we're dealing with strictly physical issues (and sometimes even then).

If we were to be complete semantic tightwads we'd do better to say that "Pursuit of power is aided by greater knowledge".

Re:Information doesn't *want* to be anything

[jazman_777]

People in the Western world are conditioned to believe that with a little applied brain power, they can be anything they want.

I was told in school, "If you can dream it, you can do it." So right now, I'm getting ready to go down to Los Angeles Lakers training camp, and put a schoolin' on Shaq and Kobe. PJ will bring me on with a multi-million dollar contract, and the Laker girls will look at me dreamily.

Re:Information doesn't *want* to be anything

[Stultsinator]

Thank you for voicing that correction. I think what people refer to when they cite that quote is the ever-decreasing value of a certain piece of knowledge. However, I think the reason for that is that if that certain piece of knowledge is useful, it will be used to gain advantage. The more it is used, the more the nature of that knowledge reveals itself (the dilema we faced in using the German's decripted messages in WWII, for example.)

So while the cost of a particualar piece information tends downwards, as long as there is independent thought, there will always be a market for new information that can be used to an advantage.

In this case, there was a cost associated with (for instance) viewing The Matrix movie. That cost decreased as more people viewed the movie (either legally or illegally.) Microsoft increased the value of that knowledge with knowledge of encryption, and in response some hacker once again decreased that knowledge proportionally with his knowledge of hacking the encryption.

So again, as long as people are capable of independent thought and are willing to invest that thought (be it in study time for encryption or jail time for hacking) this battle will continue. Nothing to see here, move along :)

Re:Information doesn't *want* to be anything

[Westacular]

Unless you're willing to extend the definition of a meme to the extreme, they're hardly capable of even Darwinian ambition.

The fundmental definition of a meme attributes information Darwinian ambition: The idea of a "meme" is that information spreads in viral fashion, with humans as hosts. The rate of spread of a meme is the rate at which humans share a that information which others who will, in turn, spread it further... this corresponds to the rate of spread and infection with a virus.

If a meme does not spread, it "dies" as people forget it; it's a Darwinian failure. In contrast, memes that spread quickly or are remembered longer (think of urban legends, or religions) can be viewed, respectively, as spawning more successful children or living longer: Darwinian successes.

Information doesn't want to be anything. Information just is, which makes it an asset, which makes it vulnerable to the economic laws of supply and demand.

Information isn't an asset; the nature of information is fundamentally different from that of an asset. If I give you my information, I don't have any less of it -- the cost to replicate the information is (effectively, given the low cost of media) zero. The only limit to my supply is whatever artificial limitation I place on my willingness to communicate it. As soon as I give you a piece of information, you have an infinite supply of it which you, in turn, could choose to distribute to others. Thus, the spread of information is an exponential growth. As soon as the information reaches someone willing to communicate it freely, the information becomes free to anyone in contact with that person. That is, the "cost" to gain specific information is the cheapest price offered by anyone who has it, NOT the price specified by the originator of that information. And most people, other than that originator, don't feel they are losing any value when they spread it for free.

It is this nature -- which differs so sharply from conventional ideas of assets and property -- that contributed to the anthropomorphism (which is a successful meme, isn't it? :-) )

In contrast, the services for deriving/creating new information DO have an actual, economic costs and value, and are subject to economic pressures. Hopefully, in the future, economic models with address this directly rather than depending on laws to confuse the issue by artificially binding the value of creating information to the information itself. [Insert plug for things like the Street Performer's Protocol].

They ignore the fact that library books cost ten cents per day late, that a reliable Internet connection costs fifteen dollars a month, and that university tuition costs four thousand dollars a year.

Ironically, in each of these cases the information is available for free (library books if you drop them off on time; your ISP doesn't supply the data to begin with; anything facts taught in universities could be found freely by loitering in their libraries). The fees you pay correspond to the cost of providing the service used to convey the information.

Go read EFF's Intectual Property archive for better-written analyses on the subject; they have a lot of good papers there.

Re:Information doesn't *want* to be anything

[Gaijin42]

I would so mod you up if I had any points left.

This is an excellent post. Well written, easy to understand. and it makes a good point. Keep on!

Re:Here's the article just in case you can't reach

[jtra]

... and has produced the source code and a DOS utility to un-protect .WMA audio files.

now MS will speedup process of loosing DOS comaptibility.

Re:Is it any surprise?

[BiggestPOS]

Maybe they are trying to promote "Honor Among Thieves" or something. Its amazing the lengths some of them go to, programs that secretly contact the "home office" and report what key they are using, what version they are, and if they think you are pirated, open up an instance of IE on their order page. Fucking devious indeed.

Deja-Vu ?

[tweakt]

Will "Beale Screamer" become the next Sklyarov? You'll notice he was smart, and released it anonymously, and not live in front of a crowd known to contain feds ;-)

Re:Deja-Vu ?

[t]

You have no fsking clue who Sklyarov is do you?

Re:Of course, this is also copyright infringement.

[schon]

will employ Microsoft to create a DRM solution for text

You're a little behind the times.

MS has had a "DRM"-ed ebook reader (their own proprietary format, of course) for quite some time.

And yes, it's already been cracked - not by exploiting any weakness (if anybody bothered to look) in the method itself, but by accessing Windows' debugging API (which gives full access to the data segments after the text has been decrypted.)

YAM (Yet Another Mirror)

[Akardam]

http://lookingglass.akardam.net/mirrored/msdrmv2-r emtool/

For link-wary: http://lookingglass.akardam.net/mirrored/msdrmv2-r emtool/

What's the point to cracking WMA ?

[tweakt]

Does anyone think this is useful? Yes, M$ has the right to sell whatever fucked up version of protected audio there is, and publishers have the right to *ATTEMPT* to market this crap. We have the right to refuse to buy it, and show them it won't sell. But what purpose does this crack have? Yes, I guess it shows that besides not being popular, it's also no secure... but won't people just use this to go rip protected .WMA files now?

Hmm, I guess actually this ties in pretty closely with some points announced in microsoft's argument against "full-disclosure". Some would argue unless this stuff is widely deployed (the crack that is), then the music publishers won't ever beleieve it's been "broken", since theoretically breaking something doesnt pose much of a financial risk.

But you still have the equivelent of the "script-kiddy" mentality at work here. How many people do you think are downloading this right now, so they can go get the latest Christina Aguilera album online, then crack it and "release" it to their l33t w4rez group? *sigh*

Re:What's the point to cracking WMA ?

[praedor]

Your points are valid in theory but not realistic in fact. People want their music and shit and will not forgoe such just to make a point. They, by and large, will relent and buy the fucked-up versions with a grumble, perhaps, but buy they will.

The really "funny" thing is that if your scheme worked, and people, by and large DID refuse to buy the stuff, it wouldn't be blamed on the crappy-ass protection scheme not being acceptable to buyers, it would be blamed on file-sharing apps and networks. There would be further calls to kill/go after/shut down file-sharing networks and tools.

In this case, voting with your wallet has two edges.

What would be cool...

[SealBeater]

I was just thinking about how this file is spreading and being mirrored across the Internet as we speak, and had a cool thought. Anybody see those maps of the Internet that thinkgeek is selling? How neat would it be if this file was somehow taggable, so that you would be able to watch the spread of this file across the global Internet? I realize that this is a bad idea in practice and I am not saying this for the purposes of tracking down anyone, just that it would be pretty neat to see how fast this thing spreads. I think it would be pretty funny and cool to watch. Just a random thought.

/me opens up HP OpenView and watches all the nodes in the US turning red.

SealBeater

Re:What would be cool...

[Control-Z]

Why is this flagged Flamebait? It's a not-very-practical but cool idea...

Not, it won't

[Sycraft-fu]

The thing is that before a peice of software can be used, music be listened to, etc it MUST be decrypted. You can have all the stong crypto you like, it has to be in an unencrypted format before it's usable. Ok well this means that all the components necessary to decrypt it and make it usable must be included. You can mess around and obfuscate all you like, in the end your software still has to be able to decrypt the program so it can be run, and that means the hackers can trace through your code and find out what you are doing and how to do it themselves.

This is how all the SafeDisc unwrappers and the like work. They get all their info from the very files SafeDisc uses, extracts the necessary info, and then unwraps the .exe and gives it to you. The only difference between it and the real SafeDisc is that SafeDisc unwraps the program to memory and runs ut each time, these crackers unwrap it and write it to disc, so you can use it whenever you like without copyprotection.

The reason why encryption is normally secure is it assumes two trusted parites. If I send something encrypted to you, it is assumed that you have the necessary means to decrypt it and that is what I want you to do. For example suppose you and I regularly encrypt our stuff with a semetric encryption algroithm like Blowfish. We both have a key that we use to talk to eachother. We both know this key, but nobody else does. In that way we can lock the data so that only we are able to unlock it. Well this only works because I WANT you to be able to decrypt the data. Well with copy protection the idea is they DON'T want you to be able to see the data, so they encrypt it. Problem is, your processor needs it decrypted. That means they HAVE to give you the key to decrypt it. They can hide it and obfuscate it, but it has to be there, otherwise it doesn't do any good. Well, that means you can find it, and use it to unlock the data they sent you.

Re:Not, it won't

[krazyninja]

That doesnot mean that you can do everything. What if M$ protects everything in the data path, and says, "My media player will give the decrypted data only to a signed and verified and trusted sound card driver"? Infact M$ already has its "Secure Audio Path ", a scheme which is protected from the kernel to the output drivers. Yes. No leak inbetween. What do you do then?

Re:Not, it won't

[Gendou]

"What do you do then?"

You plug the Line Out of your soundcard into the Line In, and you record.

Problem solved.

Microsoft can control the digital, but they can't control the analog. Our ears are analog; at some point the audio HAS to be converted to analog, and then it can be freely re-recorded. Even if we eventually see soundcards with only digital outputs (an unlikely possibility), the data still gets converted into an analog audio signal somewhere down the line. Even if we see bizarre systems where the signal is digital all the way to the speaker, the sound waves that reach our ears are still analog and always will be -- and can be picked up by a microphone as easily as they can be picked up by our ears.

Re:Not, it won't

[krazyninja]

Maybe you havenot compared the sound when you hear the original vs the analog-rerecorded sound. You will hear quite a lot of difference. To get anywhere close to the original, you would need almost a studio setup..

Re:Not, it won't

[Grishnakh]

Not necessarily. Microphones (at least decent quality ones) could become "circumvention devices" which require a special license to use. Only professional musicians and the like would be allowed to have them.

Sounds crazy, but no crazier than this SSSCA (pronounced "ssssucka!") legislation being proposed.

Re:Not, it won't

[Gendou]

It's not an issue of quality. I understand that re-recording analog (especially through a microphone rather than just plugging the line out of your sound card back into the line ine) will cause a hit in quality. But it will always WORK, it's something they can NEVER take away from us by ANY means short of banning the human ear and forcing us to install digital audio receiver chips in our brain if we want to hear anything. That's at least a century away, in addition to being rather silly, so for the time being I think it's safe to say that they CAN'T take our music away from us. Yes, we may have to resort to living with a drop in quality, but it doens't matter -- we'll still have the music. All it takes is for one person, with good equipment, to re-record the analog audio into a restriction-free digital format (yet, this will be illegal, but I don't see why that should be a problem), and then the rest of us all over the world can share, copy, and distribute it without any further loss of quality.

To what the other poster said about making microphones illegal -- it won't happen. A microphone is a very simple device at its core (it's basically the same as a loudspeaker but works in the opposite direction), so we'd be able to make our own, even if somehow microphones ever became banned (they'd also have to ban intercoms and other devices we use every day too).

However, I don't think it'll come to that. I think it'll be at least 20 years before we see sound cards that don't have either analog outputs or unrestricted digital outputs. Until then, we can always just loop the signal straight back into the sound card or another recording device, and re-record with a barely perceptible loss of quality.

Re:Not, it won't

[krazyninja]

I agree that we could do all the things you said. But think of this: Somebody who wants to make a copy of a protected song will have two choices: 1, Use a cracking program 2, Record it from line-out. If I were a common user, I would prefer the easy method of 1, rather than option 2. Ofcourse the die-hard pirate will most probably choose option 2 for security schemes which have not been broken yet, while the common user will not.
The content companies realise this fact. That is precisely why their security schemes are not 100% fool proof, because they dont want to make it extremely difficult for people to copy. It is "just enough" difficult to copy.

Re:Not, it won't

[Sycraft-fu]

Just enough isn't good enough. For example, supposing they produce something that can't be cracked (that'll be the day) The line out thing will work well. Well, there are a number of people like me that have VERY high quality sound cards. Take the Pepsi challenge with it if you like, I bet you can't tell me which of two clips is orignal if I post the orignal and a re-record with my gear. Well, once someone re-records the song in question, the just compress it using some non-restricted format, then throw it up on a file sharing service. Now anyone that wants it can grab and distribute it.

Re:Not, it won't

[krazyninja]

Well, I can take the challenge if you want it :)
After all it is supposed to depend only on the listener!
But the point I wanted to raise was that only a few people will have access to such equipment, and hence it may not be as widely spread as the use of a free software.

Soooo,

[A_Non_Moose]

DRM stands for Doesn't Really Matter?

(ya, ya, Digital Rights Management... wait a sec, People have Rights, how the #$%^&* do digits/bits/code get Rights?)

Ok, wait just a fscking minute here, a brief recap for those who missed it:
1) Court says "Code is not free speech", correct?
2) Code, on paper (analog), or compiled or not is in 'digital' form, is still not free speech. (yes/no?)
3) if code is not free speech, and free speech is a *human* right, someone explain to me how the phrase/buzzword "Digital Rights" came to be accepted.

Apologies for the lateral thinking and leaps of logic. Sorta like "here, look at the shiny object in my left hand...smack with the right".

When it comes to the "Battle of the Bits" 'we' are winning, but in the arena (no, not q3 arena) of Law and Language, 'we' are losing (or loosing as the incorrect/common use goes).

Two outta 3 ain't bad, but we only got the one win, arugh.

IMOFWIW.

Moose

But I *like* the pathetic fallacy!

[Nindalf]

I don't consider the pathetic fallacy (describing a phenomenon as if the objects involved were humans acting it out) to be a fallacy at all, but a useful metaphorical device.

"Water seeks its level." - no, sufficient quantities of water tend to be arranged by the force of gravity over time such that its open surface is roughly equidistant from the center of gravity

"Opposite electrical charges are attracted to each other." - no, there is a force on any two objects of opposite electrical charge each toward the other

"Information wants to be free." - no, it is difficult for one party to limit the distribution of information to only those parties it approves of

The common quotes are shorter and more digestable, literal truth is not relevant compared to effective communication.

On the other hand, the literal expressions are more likely to be left alone by those who don't understand them.

Re:But I *like* the pathetic fallacy!

[alienmole]

The common quotes are shorter and more digestable, literal truth is not relevant compared to effective communication.

I agree, but it seems not everyone does. Some people seem to be too literal-minded for this sort of phrase to be useful, since they can't help but focus on the literal meaning of the phrase.

In addition, in the particular case of "information wants to be free", there is a bias inherent in that statement which doesn't exist in a statement like "water seeks its own level". Perhaps if we were discussing water rights, it would be different, but there's another issue: water's level is driven by gravity, not by what people want. There's something more than just the pathetic fallacy at work here (someone let me know if it has a name): the objects aren't just being anthropomorphized, people's desires are being projected onto them.

Just as talking about "piracy" colors people's perception of copyright issues, saying that "information wants to be free" is somewhat biased towards, well, information wanting to be free, as though it has nothing to do with what people want. I personally like the phrase, but those with more conservative intellectual property agendas usually don't, for obvious reasons - one of which being that information does want to be free! ;P

Wasted?

[eclectric]

Hardly. Microsoft has and always will market to the lowest common denominator. This means that deep down they don't care one bit about a small group of people who may be cracking their copy protections, because they know the vast majority of people don't have the knowhow or exposure to ever run across something like this. It will, for the most part, do very little to the investment they put in it.

Think of DeCSS... the vast majority of people don't have any idea this thing exists, despite the fact that it was (in computer circles) a HUGE story.
The real story will come if the RIAA companies decide to feed into the "cracked" panic and not implement WMA. Then it will be wasted money on MS's part. Then again, IIS has been a piece of shit for years and it gets installed on new severs every single day.

I said it once, and I'll say it again: Never underestimate the power of ignorance in your enemies... or your friends.

My law

[t_allardyce]

Thats just in time for my new copyright law which i hope will be passed some day...:

Basically, before you download a piece of music off gnutella or whatever, you sign an agreement saying that you

"Have no, and will never have the intention to buy this piece of music on CD or on any other media."

That way, you are technically not depriving the record company of a potential sale because you never intended to buy it anyway. This applies also to any other form of data that can be copied (i.e Film, software etc..).

I will call it, the Digital Millenium F*ck You RIAA Act, or the "DM, FU-RIAA Act"

Also tacked onto it will be a law banning terrorists from using rot-13 technology - Hopefully this will ensure its voted in _very_ quickly.

Re:Shocking! Re:Shocking!

[bubbha]

Slashdot Retard? Now that's hitting below the belt!

Microsoft

[James+Foster]

Mean
Insolent
Crude
Rotten
Ordinary
Stupid
Offensive
Fascist
Tragedy

Re:Microsoft

[func]

Heh, I just refer to them as Small and Floppy.

You idiots! Why did you do this /NOW/?

[Telek]

Let me ask one question...

You have a DRM technology that is OBVIOUSLY crackable (as all are), and a stupid industry that has just decided that they should use this technology, but hasn't yet implemented it in many places yet.

Do you:

A) crack it NOW and therefore allow the industry to quickly switch to a "better" scheme because it's not implemented yet
-or-
B) wait until it's in use everywhere and THEN crack it once it's too late for them to switch back?

What do you think would have happened if CSS was cracked after the first 2 DVDs were released? They would have changed the scheme really quickly.

HAVE PATIENCE. WAIT until THEY CANNOT SWITCH BACK, and then hack to your hearts desire.

Argh. This just puts more ammo in the pockets of the industries to give us MORE RESTRICTIONS instead of a stupid scheme that doesn't really hamper things a lot and can be cracked AFTER they commit.

Argh. Sorry needed to vent.

Re:Next up - guy thrown in jail

[jc42]

He/she may end up in jail, but probably not for
cracking the "security". Lots of lawyers have
already commented that the DMCA doesn't actually
outlaw writing or using such code. What it makes
illegal is publicising the fact that you've broken
the encryption. What's illegal is telling the
world that a corporate product is shoddy and
doesn't do the job that it's advertised to do.

Various commentators have pointed this out in the
stories about Dmitry Sklyarov. His crime wasn't
cracking the protection code; what he did illegal
was telling the world that the code was breakable.

It's OK to know that a company is selling shoddy
products; it's just illegal to tell other marks,
uh, I mean customers, about the shoddiness.

This distinction may be a bit too subtle for your
typical media person, I suppose.

Oh, please!

[Nindalf]

I know of no cheap digital equipment.

...and of course there won't be any cheap digital equipment when no analog equipment is available. I mean, even if you ignore the webcams and sound cards available today.

I point you to iObjects whose DadioOS is used in HipZip, and plays .ogg, .wma, .mp3, and .aac files, and incorporates DRM into the OS of the player

...and so surely you will point me to the evidence that this is installed in machines which are used for recording with a microphone, and that it can recognize copyrighted material coming in through the microphone jack and refuse to record it.

Re:Oh, please!

[firewort]

Monty Python, the Argument Sketch. We're going round and round without accomplishing much.

Devices that are equipped with microphones only record mp3 in monoaural at low bitrate. Nokia phones, as covered here earlier, only allow files to transfer off the device in DRM protected format, even if you imported them in mp3, and you are the owner of the file.

Minidisc suffers the same problem, where you can digitally import the file, but only export it via analogue even if you're the owner and creator of the file.

It's not so much that they refuse to allow you to record it, but that once you've recorded it, it's recorded with lousy quality even though the device is capable of better, or that the device refuses export of the file.

Here we are arguing about devices and the useless measures that artificially limit their capabilities, when the focus is the bad legislation and heavy handed lawyer threats that have inspired these limits on the devices. We're talking about the tool used in a hypothetical crime rather than talking about the badly written law that defines the crime.

I agree that there are no existing video cameras that recognize copyrighted material when I point the camera at a television, but don't rule out that such a thing could exist in the future. If we strike out against the bad legislation that inspires this, technologists won't have to spend time divising such recording equipment.

Have you read the draft of the SSSCA, that legislates all digital devices must have digital rights management incorporated?

Re:Oh, please!

[Nindalf]

Monty Python, the Argument Sketch. We're going round and round without accomplishing much.

Heh, good point.

I was taking a rather limited view of fair use, but IMHO the most imporant fair-use right is the right to report the evidence of your own senses, and DRM can never touch that. The rest of it seems like fairly minor conveniences. YMMV

Australian Mirror of De-DRM tool "FreeMe"

[Now15]

Enjoy!

http://whirlpool.net.au/mirror/freeme.zip

Simon

The music industry is overvalued

[maddogsparky]

The whole industry was created to satisfy a market: the desire to pay for quality music. When that market was established, very few had the ability to promote, record, manufacture and distribute music. Large companies grew up to fill that niche, where economies of scale made music available to the masses.

The problem is that the major premises have gone away. The internet allows easy promotion and distribution. The cost of decent caliber recording equipment has come down and many independent sound studios exist that cater to home-town artists. MP3s and Ogg Vorbis reduces the manufacturing requirements to a computer and compression software. If a CD is requested, the cost to burn a CD is less than a couple of dollars, including the shipping.

The music industry as we have known it is based on premises that no longer are based in real world technical or logistical limitations. They realize that the only way to continue their existance is to artificially constrain access to their product. If they do not, they will continue to lose potential business to the artists who choose to publish themselves and to the businesses who cater to them.

The US constitution grants patents and copyrights to promote science and the useful arts. If they are using copyright law to limit the spread of good music by closing down distribution and manufacturing channels that are more efficient than their own methods, then they are doing so illegaly. I don't see how it is possible to promote a useful art by constraining its difusion.

Well I tried it..

[blowdart]

Well as I'm working on stuff based around the MS DRM platform right now (look just shut up ok?), I was interested to see if it would work. From the comments here it looks like no-one tried it yet.

Guess what. It doesn't work. At all. I generated a whole bunch of protected files, with varying license rules, and it couldn't work with any of them.

Still, the technical documentation was a nice read.

It's bound to be cracked at some stage, this just isn't it. Even microsoft themselves say that there are ways to get around it, unfuck for example.

Re:Well I tried it..

[Jetifi]

Bingo. I tried it on the MS DRM demonstrations (specifically, the two-play limited one) and it didn't do anything - either the MS demos are version one, or it's broken. The error message is:

C:\WINDOWS\Desktop\FreeMe>FreeMe -v OhNo_DRM.wma
Found DRMv2 header object.
Found KID (EBqWe20fOki1LarX5Whk/Q==)
Found DRMv1 header object.
Starting to look for license.
License file full path: C:\WINDOWS\All Users\DRM\drmv2.lic
BlackBox library to use: BlackBox.dll
Keystore to use: C:\WINDOWS\All Users\DRM\v2ks.bla
Created BlackBox instance - extracting key pairs

Public key 1 x: 617957d5a0753d597ddea298a29f6ed9c62fdb2d
Public key 1 y: 152334862ad65d4a3a44d1abbfe0b10330bd9e74
Private key 1: 056e8dbe98aa3ecac820f624917cd7892724104a

Checking license with PUBKEY 2ab1612cdc32afd8136ca30e03e432b5aa61d49d
Checking license with PUBKEY 2ab1612cdc32afd8136ca30e03e432b5aa61d49d
Checking license with PUBKEY 2ab1612cdc32afd8136ca30e03e432b5aa61d49d
Couldn't find a valid license for this content.

It looks like he might have hard-coded $WINDIR\All users\DRM instead of $WINDIR\Profiles\$USER\$DRM_PATH\, which would be a pretty annoying mistake if everything else is correct.

IIRC (assumming the technical documentation he released is correct), MPlayer spawns indivualised versions of blackbox.dll, and in this case, he would be looking at the untouched version, not the one with the license. (and s/he said he tested it on win98 - probably not network configured).

If this is a hoax, in which case /., TheReg, Cryptome etc. would look pretty fuckin' stupid, then x^n geeks ran an untrusted executable posted anonymously on USENET - including me...

There are other alternatives - maybe he's not as cluefull as he sounds, and he'd got his hands on some demo app or something.

Re:Well I tried it..

[trayl]

You need a valid license for the content you wish to decrypt.

Not only does it work FINE on Win2K for ordinary players, but it also works fine with individualized players using the indivbox.key(dll).

Respect to Beale Screamer.

I agree, very impressive!

[BLKMGK]

Read it all - Microsoft used SHA-1, Eliptical Curve Encryption, a bastardized version of Base64 encoding, and I think even the kitchen sink to try and keep this from being reversed. They encrypted the comms between DLLs (!) to prevent anyone from being able to get anything from the calls going back and forth must have added a ton of overhead with all of this encryption. They even move the location of the key pairs on each machine that this junk is installed upon in order to prevent the keys from being easily extracted. Kripes, Microsoft went so far as to build in the capability to REVOKE the keys if they were ever published - this hack must be killing them :-)

All of that would've worked except that the code that actually USES the keys has to know where they're located and THAT code's location is static (lol). The author simply used THAT code to pull the keys for the decryption - I love it. I'll bet some poor schmuck MSFT techie is smacking his head going "Dammit!" right about now.

I'm not sure how Microsoft could've stopped this - obviously their bulletproof EULA didn't work (lol). At some point in the code something has to know how to pull the needed keys and I cannot imagine how they would've been able to shift the code that does the calling in every copy of Windows - something has to be static somewhere or at least the code to find the location does :-)

Since Microsoft used code to detect debuggers I have to wonder how he did this - hacked the debugger too? Hack the code to stop the detection of the debugger? Or decompile the code in some fashion and step through it? (shiver)

If this was the creation of a single individual or even a team it's damned impressive! I hope that The Reg gets it's wish for some sort of an interview granted and that this person or team of persons releases more insightful cracks. This was pretty sweet IMO, my hat's off to this effort!

It could be . . .

[hawk]

> Don't worry. Some people, for whatever reason, use the male form all
> the time.

Several years ago, I took a class from Halmos (Yes, *that* Halmos, though I did
n't realize who he was at the time. It set in years later when a graduate class
stopped cold at a mention of taking his class).

Anyway, in the middle of his first lecture, he suddenly went on a detour about l
anguage, adjectives, and the like. He noted that some languages have the male a
nd female gender, some have male, female, and neutral, and that some have a pron
oun for uknown gender. And I quote rather directly, "English is one of those la
nguages. The pronoun is 'he'. So you will excuse me if I do not say 'he or she
'."

He then proceed mid-sentence on set theory.

In the enlish language, "he" does not imply gender unless the context shows othe
rwise. It is used for both the male and unknown pronoun. "She," on the other h
and, does indicate gender.

So for those of you wondering why some of us always use "he" in the unknown or g
eneral case, it could very well be because we're speaking English, rather than e
ngaging in an Orwellian campaign to change the way people think by modifying the
language.

hawk

Re:It could be . . .

[teraflop+user]

> So for those of you wondering why some of us
> always use "he" in the unknown or general
> case, it could very well be because we're
> speaking English, rather than engaging in an
> Orwellian campaign to change the way people
> think by modifying the language.

Absolutely right!

I however switch to a deliberate misuse of the English pronouns whenever I think:

a) it will be funny

or

b) it might challenge preconceptions.

Banzai! I win twice today!

(It is particularly entertaining when reading Babelfish translations from German out loud - people are usually 'it').

Re:It could be . . .

[shani]

It is particularly entertaining when reading Babelfish translations from German out loud - people are usually 'it'.

This is because in German, all nouns are male, female, or neuter, at random. The pronouns follow the noun, so you'd say stupid things like: "I picked up my knife, but she was too dull to cut the steak. Then I grabbed my spoon and used him for the soup. Finally, I used my fork and had a bit of potatoes with it." It would be very difficult to know which pronoun was associated with which noun!

Re:It could be . . .

[TheFrood]

So for those of you wondering why some of us always use "he" in the unknown or general case, it could very well be because we're speaking English, rather than engaging in an Orwellian campaign to change the way people think by modifying the language.

Language does affect the way people think and for that reason it should be a flexible thing, as long as the flexibility doesn't impede clear communication. If you want to say "he" for the general case, that's fine. If you want to say "she" (as teraflop user did), that's also fine. (And naturally, some idiot has modded him down as "offtopic".)

Regarding the female CS prof mentioned earlier in the thread, she would have been better served by making the programmer "female" and the user "male" or vice versa. That way, each pronoun refers unambiguously to one or the other.

TheFrood

Re:It could be . . .

[alkali]

Further to this, see Douglas Hofstadter's fine piece on the subject, an unauthorized copy of which can be found here.

Re:It could be . . .

[Doomdark]

Language does affect the way people think and for that reason ...

Hmmmh. Perhaps it affects to small degree, but some people tend to believe it even defines the way people think. I think this is akin to superstition; the idea that words have magical powers. And thus the 'extreme' political correctionists (?) really look foolish; condemning 'evil words' believing it's just bad bad words (nigger etc), not the attitudes of the people who use the words. And the result is that new 'correct' words eventually get 'polluted'. If you really want to present a derogatory racist comment, you can easily get phrase african-american (for example, replace with your favourite ethnic euphenism here) sound like an insult, by varying tone and facial expressions. :-/

At any rate, a slightly on-topic remark; there are also languages that have no gender distinctions whatsoever. I'd even venture a guess that genders (for nouns) are more common in western (european) languages than in other ones (correct me if I'm wrong... could well be, I just know japanese doesn't have genders for nouns). I still don't believe it changes the way people think all that much. I don't feel like I'm more egaliatrian (or emansipated?) towards women than my american friends, just because my mother tongue doesn't have he/she distinction. If I do it's about culture, upraisinh and socio-economic things, not the vocabulary, syntax or semantics of language(s) I speak.

Re:It could be . . .

[HalfFlat]

Perhaps it affects to small degree, but some people tend to believe it even defines the way people think. I think this is akin to superstition; the idea that words have magical powers.

'Magical' is probably not the best word for it, but words certainly do have spooky powers. A written or spoken word without understanding in the perciever is just scribble or noise. Language isn't just the physical manifestations, it's also the associations between these manifestations and mental states or symbols. These are by their very nature subjective, but one can't dismiss the subjective easily - each of us lives in a subjective world of our own, and we share enough of this world with our neighbours that we can communicate and interact.

Think of the words, "I promise", or in a wedding, "I do." These don't just describe a physical situation, they actually make a concrete change in a social environment.

Think also of the art of rhetoric, or the use of propoganda. There is a reason why we have very large and well funded institutes of marketing and advertising.

Words can be used to limit individuals (for example with self-supporting but very restrictive doctrine, as used by some fundamentalist religions) or to enable them (through educational texts or philosophical tracts.) They can have wide ranging effects through the influence they might have on a single powerful individual, or on a more subtle shaping of millions of minds.

In short, words have the potential to be immensely powerful.

How does this relate to the use of 'he' or 'she' or 'they' in English text? Proving that the indiscriminant use of 'he' affects the goals, aspirations and abilties of English speakers of either gender is probably hard - though no doubt it is something that has been investigated. But given the undeniable power of language, and the fact that a word's associations can come unbidden to the mind and flavour the ideas they describe (poetry anyone?) ... it seems very easy to believe that gender-specific language could well have some effect, one which has the potential to be very harmful to a large proportion of the population, and in turn, to our society itself.

As we have perfectly good alternatives to gender-specific language, why not use them in order to minimise this risk? Especially when the risk seems to both eminently possible and very large in scope. Personally, I'm all in favour of "they" - it has precedence, it need not sound awkward when used intelligently, and is least disruptive to the reader. But alternating (consistent) use of he and she is another workable alternative.

The argument against such changes to our langauge use are I believe along the lines of: messing with the language inhibits clear communication; why should anyone be entrusted with the power to modify our language at all? (bringing in Orwellian connotations); and that we shouldn't fix what isn't broken. I think that it probably is broken, by the argument outlined above. Further, we're not being asked to change language by some central authority, but instead to change our language usage in an intelligent way so as to enable more members of our society to prosper. Lastly, with some care, it need not inhibit communication in the slightest.

Of course, as you say, ideas behind the words are more important than the words themselves. But how do those ideas get there? Typically through the use of language. Changing the way we speak and write won't in all likelihood change the way we ourselves think or the ideas we hold; it does seem very possible that it will affect those who are growing up in our society, and has the potential to have in the long term a great beneficial effect.

Re:It could be . . .

[Doomdark]

Think of the words, "I promise", or in a wedding, "I do." These don't just describe a physical situation, they actually make a concrete change in a social environment.

Apologies for snipping out just one small piece, but I think it might be enough to allow me to refine my point. :-)

I think that the words "I do" still don't have any intrinsic context-independent 'magical' powers. You are right in that in right context they do have more meaning than otherwise, thanks to traditions; semantics has been added as "I do" has become an idiom (?) in wedding ceremonies. And depending on how people feel about the ceremony, political gathering, rally (whatever context words are used in), the words do get more weight, more power, from their surroudings. And then there are people couldn't care less about the very same words, even if being part of the ceremony (few people would just ignore them when being wed though...)

What I mean is that words, sentences, even phrases, usually have a relatively small domain in which they have added connotations, and perhaps additional powers of convincing people. I don't think any words have "super-powers", to make them taboo (or holy or whatever) independent of context; independent of intentions / attitudes of person who utters the words, independent of social, political etc. situation/context of discussion or speech.

I guess my rant against extreme-PC'ism doesn't really completely relate to gender-dependencies, though, as it's a much larger topic. Not just whether 'he' should always be used, whether it's a "tainted" word (I don't think anyone claims it is); more like whether it should always be used as the 'neutral' or 'generic' pronoun just because that's what has traditionally been used. I have no idea; not being a native english speaker I can't really "feel" one way or the other. I do think, though, that it's good not to try to manipulate a living language in Orwellian NewSpeak way (something you mentioned too). Then again, it's not like PC was the first movement that tries to "guide the language"; the trends are as old as english linguistic studies. :-)

Finally, I do agree that using (gender-) neutral terms makes perfect sense, when gender isn't really the point. Even if "gender-coding" has just a slight influence, that influence is unlikely to be useful or positive. Just like I personally dislike colour coding baby clothes ("pink for girls, blue for boys"), just because that's what people have traditionally done. Or always buying dolls for girls and toy cars for boys (independent of what they might like to play with), "just because that's what they always play with". But I digress... :-)

Beale improved the world in 100Kb !

[Teun]

Subject says it all...

Personal gratulations to Beale.

[eddy]

Hello there Beale Screamer. I just want to take this opportunity to congratulate you on your recent work, which was great. Keep up the good work, and stay low.

eloj bows.

"Who cares? I uncheck DRM when I rip" is WRONG!

[wundermean]

The problem is that the new CD's are going to come out with fscked track data (something like Macrovision) so you won't be able to rip them but they'll play fine on a regular player.

The record companies are going to put secure wma files on the CDs for use on your computer.

Does anyone have more 411 on how the RIAA can fsck us over this way??

So I guess there's not a crack for ver 1?

[FatGath]

Stupid question.

Re:you don't *want* anything

[MemeRot]

Information doesn't want to be free.
Information doesn't want anything.

People don't want to be free.
People don't want anything.
They are just bags of fluid, with chemicals moving around in the brain. Ascribing a motivation like 'want' is unwarranted.

What is your point? This is a poetic statement, a metaphor, not a scientific equation.

mirror

[spoonyfork]

FreeMe mirror

http://www.geocities.com/placebic/2001-10-19-wmacr ack.html

Slashdot could have been first with the story:

[ssimpson]

But:

* 2001-10-18 23:08:39 Microsoft Digital Rights Management broken? (articles,news) (rejected)

Yeah, I'm the person who spotted this on sci.crypt and got it mirrored on www.cryptome.org.

If Slashdot would have published my story last night then they'd have been breaking the news rather than chasing after the register. Sigh.

Re:Slashdot could have been first with the story:

[Red+Moose]

What's new? All they do these days is get news after everybody else......ah but remember the times when Slashdot was where to get the latest info....

Re:You idiots! Why did you do this /NOW/?

[Telek]

Windows Media Player will not be the only device using this format. If this were to catch on you'll start seeing standalone devices that'll read these files too.

And files already on CDs cannot be replaced, but all future releases can.

Another mirror

[dtype]

In the spirit of "make sure it says online", I've made yet one more mirror at http://dtype.org/available/657.zip.

Thomas Jefferson on Intellectual Property

[Genus+Marmota]

OK it's an old chestnut but I still love it for it's plain common sense:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of everyone, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density at any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property.

Excellent!

[sulli]

Now I can listen to WMAs!

Oh, wait, I don't have any! Oh well.

FTP mirror

[danaris]

I'm not sure just how well it's going to work, but I've put up a copy of the zipfile on my own FTP server. My server seems to works some of the time...hope this helps people who can't get through.

Dan Aris

Note: This section is not valid anymore.

[glrotate]

17 USC 107 has been superceded by the DMCA. Fair Use is dead.

Effect on business models~

[krazyninja]

The problem is, as long as the software has the property to revoke the "rebellious" keys, any attack doesnot harm the scheme permanently. So we cannot claim that we have won the war.
On the other hand, the important thing to realise from this is, no business model can successfully thrive on encryption schemes susceptible to hacking, because the moment it is hacked, the original content is on the clear, and it becomes one among the many ripped, unprotected songs on the internet. Content owners, who pay heavily for these so called protection schemes, will not like that. It will be interesting to see the content companies reaction to this attack!

Test Case Opportunity?

[Sloppy]

The question of whether or not a EULA applies to people who haven't agreed to it has been controversial. Until now, the only way to test it was to get sued by a EULA-enforcer.

This clause, should Microsoft exercise it, though, can perhaps cause a situation to arise where EULAs can be tested with Microsoft being a defendant and the user being the plaintiff. Here's how...

Microsoft probably wouldn't have put that clause into their EULA, unless they thought they needed it to cover their asses. i.e. if they didn't legally secure that right, then automatically modifying files on your system might be a form of computer trespass or something like that.

So, what somebody could do, is not agree to the EULA, wait to see if Microsoft attacks their system, and then if MS does, sue 'em (or even try to get criminal charges files against them) for computer trespass or whatever applies. Then MS would be put into the interesting position of having to prove (defensively) that they had an agreement from the user, without them actually having any evidence (e.g. signed contracts).

What I think is interesting about this is that most EULA arguments are about the users' rights, where the defender (user) is trying to show that they did not give up a right that they would normally have. In this case, the defender (MS) would be trying to show that they have a right that they would normally not have.

Re:irresponsible

[zerocool^]

Fair use is a valid law. 17 USC 107.
...
Cries of fair use do not render copyright obsolete, fair use coexists with copyright. Fair use does not coexist with sledgehammer-like copyright enforcement tactics, as fair use is the first thing to get trampled on.


you're missing the point, dude

He's being sarcastic. Saying that its illegal to Download this file.
He's linking to the file as many times as is possible in order to get the point across that while the post he wrote says he discourages cracking MS DRM, he clearly is advocating that is ok to download the file.

see?

its a joke

~z

The REAL Reason

[virg_mattes]

Geez, I always thought that the Titanic sank because it plowed into an iceberg...8)

Seriously, tho', it's considered that capping the compartments would have been rather less effective than simply building the dividing walls between the compartments higher than deck E, as the hole extended across five compartments and as they filled, they spilled over into the next compartment (as you pointed out). It's estimated that if the walls had been built right up to deck B (the "deck" on top of the forecastle was deck C) the ship could have been ripped along half its length and still been saveable.

Just an historical note.

Virg

Translations for the uninitiated:

[then,+it+was+nigh]

In the enlish language, "he" does not imply gender unless the context shows othe rwise. It is used for both the male and unknown pronoun. "She," on the other h and, does indicate gender.

When I run this through Babelfish on the 'ReactionaryKneejerk-to-English' setting, I get the following:

In the English language, 'he' indicates the male gender and 'she' indicates the female gender. In cases where ghe gender of a person cannot be inferred from context, said person can and should be assumed to be male, hence the use of 'he' is appropriate (and ironically, tends to reinforce this very assumption). However, even though it is blindingly obvious that this implicit assumption is being made, we strenuously deny that it is, because we do not wish to admit, to ourselves or anyone else, that we are doing so; instead, we pretend that the pronoun 'he' can somehow magically have two mutually exclusive meanings.

So for those of you wondering why some of us always use "he" in the unknown or g eneral case, it could very well be because we're speaking English, rather than e ngaging in an Orwellian campaign to change the way people think by modifying the language.

And again:

Anyone who dares to call us on this assumption can therefore be dismissed out of hand as a Politically Correct Whiner(TM) whose position can be summarily ignored on the grounds that they hold opinions we dislike. It is not necessary to actually refute their position (fortunately, since we cannot); the ad hominem suffices. [Sticking your fingers in your ears and chanting, "La la la, 'he' is gender-neutral, la la la, I can't hear you..." very loudly also works, but tends to look silly.]

Re:Translations for the uninitiated:

[then,+it+was+nigh]

Words most certainly can have two mutually exclusive meanings. Please take an introductory semantics class, and then return to the discussion. Thank you.

"Numbers most certainly can be odd; therefore, anyone objecting to the claim that the number 2 is odd is obviously using faulty reasoning." Please take an introductory logic class, and then return to the discussion. Thank you.

Block Windows from connecting

[sethdelackner]

Why not just use a program like ZoneAlarm (free)
to block all outgoing network attempts by Windows'
update program?

Re:Block Windows from connecting

[sydb]

Why not just run Linux and save yourself all the trouble?

Re:irresponsible

[srvivn21]

Think of it this way...

We are helping put food on the table of the hundreds of people that Microsoft Employs to develop and improve encryption in Windows. Okay. There are probably only two people. But my point still stands. They still have work to do!

So how many was it this time?

[loconet]

Ok, I havent downloaded the zip file yet but how many bytes of perl did it take this time?

it DOES work for me ....

It works perfectly on Windows XP (Media Player 8) with the 2-play DRM demo. The decoded file plays with no restrictions at all :)

Found DRMv2 header object.
Found KID (EBqWe20fOki1LarX5Whk/Q==)
Found DRMv1 header object.
Starting to look for license.
License file full path: C:\Documents and Settings\All Users\DRM\drmv2.lic
BlackBox library to use: BlackBox.dll
Keystore to use: C:\Documents and Settings\All Users\DRM\v2ks.bla
Created BlackBox instance - extracting key pairs

Public key 1 x: 17230ad28b03681ef892a2a7a94355290e72cd31
Public key 1 y: 39c9997ef2128ae4cd75553861120f507a4487e0
Private key 1: 2fce44939b8c10ae0e6dd2991b35698ee657d8d4

Checking license with PUBKEY 17230ad28b03681ef892a2a7a94355290e72cd31
Matched public key! Proceeding...
Content key: 5f fa 87 95 38 27 99
Opened output file
Starting to process data packets
113 packets of length 5974

Re:it DOES work for me ....

[blowdart]

Must be XP only then. Certainly doesn't work under Win2k, and I've DRMed clean test files and issued clean licenses for them. It doesn't even get the key IDs right for me

MS-DRM version 2?

[Nawak]

Shit

I thought it was MS-DOS version 2 that got cracked. Does anyone have a crack for this one? :)

Re:Nice

[montale127]

so good

and one more time, a rousing chorus of WTF, please, at the fact that visual representations in digital media of sex acts are protected speech, but code is NOT

657.zip Corrupt in Windows Explorer

[aliebrah]

The 657.zip I downloaded (91KB) is corrupt according to the ZIP utility built into Windows Explorer and won't open.

Might be time to get Winzip. I know the Windows Explorer isn't that great with ZIP files, but haven't had a reason to change until now.'

By the way, I'm using Windows XP and it rocks - you should all try it out sometime.

Re:Why (motive)

[Telek]

Your objection indicates youor motive is simply to steal commercialized pop culture/music.

Where does my objection state that? You're reading too much into things.

The motive of the coder is stated in the files she wrote, summarized by me as to *prevent* this from "implementing it yet" ... which is the moral high ground here?

I said nothing about morals.

People have been saying that they want to be able to use their music everywhere... The laws and technologies that they are implementing will prevent this from happening and give us restricted (and less) functionality for a higher price while stuffing the RIAA's pockets some more.

Everybody has been expressing their disapproval of everything that the RIAA is doing. By cracking this now you are only adding fuel to their fire, not ours.

Oh, I forgot, you don't have morals. Grow up.

Ohh veiled insults coming from an anonymous coward. I said nothing to insult you, and you stoop to insults for ... what purpose?

As you put it, grow up yourself.

Re:Nice

[xmedar]

Not just M$s legal dept, but the RIAA and the government lakeys that they bought and paid for to get the DMCA through, as the Reg does t-shirts I hope they do one that says "I downloaded a crack for M$ DRM from The Reg so I can exercise my fair use rights. What have you done?"

Re:All I can think of is...

[mini+me]

Once upon a time the number of the post was usable as a chronological order indicator as well.

It was supposidly changed to make the database simpler.

But why can't the numbers be generated on the fly? Just do a postcount++ on each post as the HTML is being generated, no database problems and the user problem is also solved. The first post incentive would be back, but I doubt the trolls care whether it is post #1 or post #8439204820 as long as it is the first on the page.

Or more concisely

[NickFusion]

Greed Wants

Eptiome of irony...

[Colz+Grigor]

I ran across this ad while surfing the net, today. No, not on the Onion. It was on a serious news site.

::Colz Grigor

--

Windows VS Apple protection thought

[fractaltiger]

Aaaah. Will Microsoft try to protect DRM scheme as hard as Apple layers have tried to keep Aqua and other themes off the web?

Their eBay "auction hunters" is the only thing that shows their jealousy over windows products so far. At least that I can remember

Another theroy

[AnotherBrian]

I saw a program on TV a while ago that said they should NOT have tried to steer the ship away from the iceburg, but go all back full and plow right into it. If they did, the bow would have been distroyed, but the burg couldn't have ripped an opening down the whole side of the ship. This could have been a moot point sence the tops of the 'watertight' bulkheads whern't so.

Defining property

[hearingaid]

How do you define property? Quite simply, it's the right, given to you by law and society, not nature, to control something. It's my house because I can decide who can enter in and who cannot. It's my car because I can decide that, if you drive it, you're commiting a crime. I control those things.

That's one definition of property.

Another definition is this: My property is the set of physical items whose physical location I control. It's my apartment because I control who and what is allowed inside it. It's my computer because I control where it is.

This definition does not include so-called intellectual or industrial property, which is very much an anomaly in terms of property law. There are lots of aspects of property that just don't apply to copyright.

For example, in two hundred years, my forks will still be property, assuming that they're still around. They might be my property (or my estate's :), or they might be somebody else's. However, my copyright in this post will have expired (along with me :)...