Slashdot Mirror
Help wanted: CTO at Warner Music.
Gill_Bates writes "It looks like Warner music group are looking for a CTO. I'm intrigued by the sentence that reads "Builds prototypes and evaluates alternatives for on-line music delivery, P2P warfare, copy protection, etc." " How many job descriptions include the phrase "Warfare"?
How about some guerilla action here?
Wouldn't it be fun to apply for this job, and once you're in the interview process, begin espousing pro-P2P views. What if, one after the other, these guys had to confront a parade of rabid, file-sharing geeks with CTO-level qualifications?
Even better, *don't* mention your views until after you've accepted the job. Then work to sabotage Warner's "P2P warfare" efforts. Yeah, that's the ticket.
There's probably enough of you unemployed CTO's out there - who've undoubtedly spent your idle days using Kazaa - to pull of this Ken Kesey-style prank.
C'mon, baby, kiss The King.
At this point, Warner can do one of two things to survive: (1) change their business model, or (2) "go to war" against the many innovations that are making their business model obsolete. So it doesn't surprise me that they use the term "warfare".
It would appear that Warner is not capable of significant change. And that's easy to understand - Warner is a very old company, stuck in it's way, and hasn't had any ground-shaking innovation in the past 50 years. When you feel like crap, it's more satisfying to "go to war" than to intellegently address a serious issue.
It's kind of like Apple in the early 80's. Apple could have stuck with the comfortable Apple II line, or change. Apple changed and propelled the entire marketplace forward.
It's like IBM in the 90's... it could continue to be a big-iron shop, or change. It changed. IBM is much more of a service oriented company, embrassing the likes of Unix, Linux, and Java. They leveraged their former glory with new innovations.
But remember, like them or not, Apple and IBM have ALWAYS been innovators. Warner is more like US Steel in the 80's. US Steel could have continued to be an old-school steel producer, or change to react to new steel producing innovations happening overseas. US Steel decided to stay the course, and the steel industry in the USA is still plumetting and out-of-control.
Warner has chosen the path of US Steel.
I am a technical person, I support copyright protection, believe in patents, have a brother working in the music industry and make my own music in a not-amateur-anymore band.
And yet I still think that the US patent system is horribly broken and that the music and movie industry are on the wrong path and that they must be stopped walking it.
Your point being?
------------------
You may like my a cappella music
We should flood the internet with fake p2p networks. Hype up a bunch of phony file sharing services, add some fake users and lots of what appears to be illegal 'content', and viola the RIAA has an instant playground that they can happily launch DOS attacks against to their hearts desire.
Sigh. This is the music BUSINESS...be clear on that. It's not charity, it's not a font of free stuff just because people have found a way into the vaults that the labels cannot block.
They cannot just "leave you alone" because, for the 400th time, the business model of the music business is that of subsidy.
IOW, 85% of CDs released fail to recoup: to earn back what it cost to make them. Fewer than 5% are profitable. This unmet cost must be shifted onto the backs of other bands, and when one hits, the price to buy it must be raised to cover the loss on the previous 85.
So, to change drastically, as many here simplistically suggest, here's the first step:
In the case of Warner Music..throw 600+ bands out on the street. Violate and void their contracts, pay the staggering legal costs, deal with the hundreds of contract-violation lawsuits, start again with a new business model.
Oh but then, how do they pay their help? They couldn't at first, so, go then they must fire the 25,000 or so people who work for Warner Music.
Ok, now, come up with a way of marketing music that the filesharers like: IOW, give it to them free, or make the cost transparent, such as a MSO (cable company) subscription surcharge. Once Warner makes enough money that way (give it 20 years or so) they can begin to hire back the 25,000 people they had to fire, and start to sign cutting edge bands that might not recoup again.
I suggest that if the labels did what many people think is "a good idea", the outcry over a few hundred thousand pink slips and thousands of newly-unsigned bands might cause a bit more of a ruckus than Warner looking for a CTO to explore distribution alternatives while keeping their bands signed and workers employed.
And please, no "they can distribute on the web!" How many tracks from MP3.com did you buy out of the 67,000 artists there? How many did you even listen to?
Unfortuntely, the whole scenario just isn't as simple as people make out, because they don't know the whole picture. It's easy to suggest massive change for a $40 billion business when you don't know the complete story, is't it?
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
If so, do them a favor and get them the h*ll away from the US television set. Disney is fighting it's campaign now through it's cartoons, indoctrinating the youth - perhaps this has been going on for years. Basically they are showing the kids how good pyramid schemes, oligopolies, the legislative policing of distribution channels, and other socialist instruments ensure jobs, and that marketplace competition and innovation put people out of jobs. Poor dinosaurs.
I encourage people not to steal music from the labels. I also encourage people not to buy artists music through the labels. Go straight to the source and buy *from* the artist, NOT the cartel.
Good day!
"Warner Music is cool. Wait... are they part of the RIAA? Argh"
Exactly.
Ever heard of a decoy? Someone to take the anger of consumers, someone who isn't recognisably the same as the Warner Music you might be considering buying a CD from?
Do the truth a favour: next time you want to critisize the RIAA, pick one of their member companies as your target instead.
"And Warner Brothers, who represent the Red Hot Chilli Peppers, are campaigning to make it legal to sabotage your computer in the name of 'compliance'"
The confusing thing is that I'm hard pressed to think about any
;)
attacks on P2P networks that:
1) Is not already legal today (For example, filling the network with
bogus Britney mp3s), or
2) Impacts only illegal sharing of copyrighted material instead of
killing the whole - or parts of the P2P network itself.
The purpose of the bill is to create a safe harbour for 'content
owners' that use technology to impair the sharing of copyrighted
content on P2P networks.
Given this, I think it is arguable that an effective way to stop the
sharing of copyrighted content on p2p networks without imparing
sharing of uncopyrighted works (or copyrighted by those who do not
restrict the distribution of their works) is to delete the files
containing copyrighted works from computers participating in the p2p
network. Since the Berman bill gives them a (somewhat) blank check to
break "hacking" laws in pursuit of this goal as long as they notify
the gov't first, I think they will end up doing exactly that.
However, I really should have been more specific in my first post. I
should have said:
Media companies have legal permission to crack into your computer and
delete files that contain copyrighted content as long as they
tell the gov't about it first.
-------------
What if the RIAAntiKazaa chaffing servent simply lies about the
hash. You can't check that the hash is correct before you have
downloaded the file anyway. Besides, with segmented downloading you
only need to download one segment of a file from the chaff servent to
destroy the file.
If you do SHA (or similar secure hashes) on segments of the file, it
would be possible to discard only the bad segments instead of the
whole file.
My knowledge of what's going on in p2p is limited to the gnutella
network, but here's what's happening right now:
Files are can be searched for by their SHA1 hashes and almost all
major servents support this. Currently, the only thing that the ??AA
could do to inhibit downloading (beyond what I noted in my first post
re: bad files & user laziness) would be to find out the hash of a
good file, and report that they have the file whenever they receive a
search request for it. It a user downloads the entire file from them,
the client program, upon completion of the download, will report an
error since the hash that the file should have does not match the
hash of the downloaded data. Not too serious - just some wasted
downstream bandwidth on the part of the user. This kind of attack
also costs the ??AA mega$ as they are the only source for the file:
non-SHA1-aware clients won't be able to propagate the false hash
reporting and SHA1-aware clients will dump the file as soon as it's
done downloading. In other words, the only thing the ??AA has going
for them right now is user laziness.
Here's what's going to happen in the near future:
The ??AA isn't faking hashes because they (probably) followed the
same line of reasoning. However, faking hashes can cause other
problems. Since SHA1 hashes hash all the data in the file to produce
the output hash, even a small chunk of changed data in the file will
affect whether or not the downloading servent thinks the download is
"good". If the RIAA were to report that they had the "good" file
corresponding to the "good" hash, but send "bad" data when the "good"
file is requested, they could wreak havoc on servents that support
multisource downloading. If a servent downloads even one byte from
one of the ??AA's destructive interloper nodes, trying to download
the file a bit faster by downloading from another source, the SHA1
hash calculated after the download finishes would be incorrect,
killing an otherwise successful download as you mentioned above.
As luck would have it, P2P developers have been trying to enable
partial file sharing (sharing available [downloaded] parts of
unfinished downloads) for quite some time. It turns out that
implementing this technology will render the above attack useless.
Soon, servents will support "bitprint" hashes. A bitprint hash is a
concatenation of the SHA1 hash of a file, and a hash obtained by
using the tiger-tree method. The tiger tree method:
1. Break the file up into equal size chunks. (say, 1MB)
2. Hash each chunk.
3. Concatenate adjacent chunks to make new chunks.
4. Go to step 2.
All of these hashes, done using the Tiger algorithm, form a tree
where each node has two leaves - hence Tiger-Tree. The original idea
was that servents could use this tree of hashes to ensure data
integrity when downloading pieces of a file from multiple hosts.
Since ??AA-trashed data will not hash to what it should, just like
corrupted data, those blocks will be thrown out and re-downloaded
until a good block is obtained from a non-??AA host.
In other words, the ??AA won't be able to corrupt your downloads
unless they out-bandwidth the rest of the p2p community.
There are still two (technical) issues threatening p2p and oddly
enough I think they can both be solved by strong public key
cryptography. The first is fake files - that is files containing
garbage data from the ??AA and misnamed files. The problem,
essentially, is that you don't know if the metadata reported about
the file (title, resolution, length, etc...) is accurate. However,
one of the things I've noticed about online file trading is that
files that appear there, especially movies, are tagged with short
prefixes identifying the ripping/encoding team. "[smr]", for
instance, stands for "shadow movie realm". While rips of apps and
games don't generally have these filename tags, they are generally
distributed as archives containing, along with the program, an info
file of some sort crediting the crackers. The common thread is that
most content is introduced into the network by a small number of
dedicated, talented "teams" that want credit for their work. To me,
this seems like a perfect application of digital signatures. If, upon
release of new content, the block of metadata describing that content
(title, resolution, length, etc, and bitprint hash) were
signed by the release team, then downloaders with the release team's
public key could verify which rips are genuinely what they say they
are, or more to the point, which hashes point to good files. Is it
vulnerable to other people posing as the release team and signing
data with their own keys? Sure, but over time one public key would
develop more "cred" than all of the spoofs and since the release
teams would only sign their own releases, that "best key" would be
accepted as theirs. The best thing is, this whole process can be
automated. Servents can even keep track of key validity (cred) by
themselves simply by asking the user "Is this signed file what it
says it is?" upon completion of a download.
The second issue is eavesdropping and bandwidth throttling by ISPs
(especially universities). This problem can easily be solved by
recognising that an ISP can only safely throttle what it can
identify. If all communications on p2p networks started with a raw
exchange of public keys, the first (for example) 2048 bits of p2p
connections would be different from client to client. For extreme
undetectability, servents could generate new public/private key pairs
for each new connection. All following bits would be encrypted and
unavailable to the ISP. It would seem that this technique would be
vulnerable to a man in the middle attack by the ISP; however,
consider what it would take to execute that kind of attack. The ISP
would have to modify the first (again, for example) 2048 bits of a
connection that it knows nothing about because it just initialized.
While this would gain them access to the unencrypted data stream of a
p2p connection, it would horribly confuse any other software trying
to communicate over the internet. In other words, they can only check
for p2p communications by killing all non-p2p communications. Ports
used for (at least gnutella) p2p are already random, btw.
Anyway, those are my thoughts.
Honestly this is a job I would consider doing.
I will now pause for everyone to finish going rabidly insane.
OK.
Yes, there are one or two phrases in the job description that are, at least on the fact of them, objectionable to the Slashdot crowd.
My personal concerns about this are whether this is a real CTO job, where there is a person who can set technology direction on behalf of the company, or whether you would be one CTO among dozens, and have no real power to implement changes at any fundamental level.
Unless it's the real thing, it's likely not going to result in anything at all, and you can all stop your paranoid worries. And if it *is* the real thing, and they get someone competent (a big "if"), you can all stop your paranoid worries.
Now look at the big picture: why is the music industry afraid of P2P and other online digitial distribution, when it's pretty clear that the primary use for these channels is for content that they would not usually consider distributing themselves?
My answer to this question is that the eventual results of this technology, if it prospers, is going to be disintermediation of artists and consumers.
There are a number to consequences to this which are -- believe it or not -- generally undesirable, and there are a number of *other* consequences to this which break their revenue models, and damage their ability to continue to do business.
To paraphrase what I think they've realized, "you can't piss in the wind"; it's reasonable for the company to seek alternatives to protecting their revenue model -- and, as a side effect, protect the generally desirable things which come with that revenue model, such as the ability of individual bands to make enough money that they can *be* bands full time, and have a reasonable chance of paying the rent when they are 65 and no longer interesting to their former primary markets. Bands die out because they're old, or because they've lost their social relevence, or their superstar lead singer has died, or any of the dozens of fates which can befall a band. If you have to stay in school for that accounting degree "to fall back on", in the full expectation of "falling back", it *will* effect your ability to make music.
At least Warner is looking out there, and noticing that things have in fact changed out from under them, and that they need to do something, other than just "business as usual".
Actually, there are literally dozens of ways they could deal with these issues technologically; several of them even involve the record companies themselves setting up *real* P2P networks, which don't actually suck for their revenue models, like Napster or GNUtella (the first because of the central control given to a single company, the second because of lack of scalability -- neither because of real piracy concerns).
It's amusing that they've emphasized "Agile development" (corporate code from a particular corporation for "Extreme Programming"). Most likely, they already have someone in mind, and the posting is to satisfy legal requirements.
-- Terry
Even before P2P, I often wondered why they wouldn't at least publish lyrics on the web so that I could know which song to buy in the record store. Going to the store and singing a few lines of your favorite song to a zit-faced clerk is not the preferable way to buy music.
Maybe whomever they hire for this position will tell them that they are waaaaay behind the times and that's why they're losing profits.
"I assumed blithely that there were no elves out there in the darkness"