Slashdot Mirror
E-Book Copy Protection, For What It's Worth
AudioBooksForFree.Com writes "WHSmith have challenged AudioBooksForFree.Com to breaks Microsoft Reader e-book protection. It just took 30 minutes." No, they didn't break the encryption; instead, this is just an application of the idea that it's very hard to make something which can be displayed but not copied.
I just popped of the "PrtScn" keycaps from all my keyboards and burnt them. I don't want Microsoft's lawyers after me for DMCA violations.
The article hits the nail on the head: if you can see it, you can copy it. Please note that the recording industry thinks they can change this sort of thing, by requiring all analog to digital converts (ADCs) to respect some sort of digital protection. Those dumb shits... :)
1) Create a font that bit-encodes every character in a machine recognizable fashion.
2) Write a program/script that launches an e-book reader and scrolls down taking screenshots and running them from primitive OCR(not really character, since your font is just monospaced pixel encoding with no anti-aliasing, it should be very easy).
3) Decide if certain areas are noise, whitespace or pictures. Apply.
4) Generate LaTeX file, or PostScript.
Oh dear, did I just violate DMCA?
Print Screen, a treacherous tool of terrorists for twenty-rwo years.
Obviously, only terrorists use Print Screen.
Opinions on the Twiddler2 hand-held keyboard?
Correct me if I'm wrong, but isn't this exactly the kind of thing that Palladium aims to prevent ? If you are not allowed to capture your screen or to record sound via the soundcard, then you can't copy protected material.
>|<*:=
Unfortunately this method of "decryption" requires MS reader to be installed on your system. Which isn't possible when you're running Linux.
.lit file on Linux.
It's nice as "proof of concept" (although it's by no means new - I have seen a program that gets the contents of MS Reader files more intelligently, by automatically copying-and-pasting every page), but it won't help you to read a
I am a genius; therefore, you suck.
..more ammo for the folks who want to legislate Palladium and hardware implemented digital restrictions management.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
I used to work for a typesetting company on my industrial placement (internship in US terms), and we also produced SGML documents for another company who created audio versions of the files we supplied.
The previous placement student came in handy when the audio book company lost the master password to a whole archive of audio books, he cracked the files and unlocked the affected files. The other company was run by friends of the management of our company, so there weren't any 'confidentiality agreements' or anything... but I dread to think how the current laws (which weren't implemented then) would have affected us there.
Are you local? There's nothing for you here!
My initial reaction to this article was, "Big whoopitydoo... this guy can take screenshots."
But then another point from his mini-essay leapt out at me. How many millions of dollars have companies spent on creating "copy-protected" file formats, and how pointless is this pursuit? Heck, that's the business to go into... the snake oil of the 21st century.
)I know many people have made this point before, but it just hit me in an interesting way today, and I thought I'd throw it out there for all to see.)
I mentioned this in the book review of God's Debris about a year ago, but it bears repeating here.
Over a year ago I paid for and downloaded the DigitalOwl TitleVision ebook version of Scott Adams' interesting God's Debris. I paid $5 for it.
I also downloaded the reader, installed it, and read the ebook. I liked the book, but hated the proprietary, Windows-only "reader" application. So, using a screen capture utility, I took screen shots of all 90 pages of the book, saving them as .PGMs. Then I booted into Linux and used gOCR and a shell script to do initial OCR conversion of all the images. Finally I spent a while with grep and a spell checker cleaning everything up. Overall, this took me about five hours.
Now I've got a 143KB ASCII text file with the same content as my 195KB encrypted .OWL file. I don't ever plan to give anyone a copy of my plain text version; I like Scott Adams and want him to get paid for his work.
I'm sure what I did would be considered illegal by Digital Owl (though probably not by Scott Adams). I'm just glad I won't have to try to hunt down a copy of the TitleVision viewer fifteen years from now if I want to read the book again.
The moral of the story is: there's always a way.
Graham "Teach" Mitchell, computer science teacher, Leander HS
if they didn't break the encryption, and all they did was take pictures and OCR it, is it still news? thats the digital equivalent of a photocopy. I must be missing the punchline to this story...
PR is media hacking.
Says the RIAA: When you EQ, you're stealing bass!
My PrtScn key has been defective ever since I tried to copy a DVD at 60 frames per second.
IANAL, but imagine a beowulf cluster of in Soviet Russia all your belong are base to us welcoming the new SCO overlords.
Way back someone wrote a utility for the Amiga that can read text off practical any part of the screen. It is pretty fast in spite of the fact that it is doing text recognization off the bitmap screen.
...and then we go back to video cameras and tape decks.
If I can hear it, I can record it. If I can see it, I can copy it.
Until decryption gets wired directly into our brains, we'll find a way of copying it, and the harder the companies try to block it, the more creative (and successful, and accurate) the copies will be.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
"Ok everyone. Here is the newest unbreakable scheme. On the license, we give everybody their unique key to unlock their content. When they playback/read the file we've given them, we deliver the bitstream through the speakers, then the use their heads to calculate the unencrypted result. Don't follow? Here's a demo!"
"Here's Dustin Hoffman, he's going to show us how this is done. I just hit play here, and..."
*a blindfolded Dustin Hoffman walks onto the stage*
*a modem-like squeal is emitted from the speakers*
*presenter holds up a placard reading "Oops, I did it again"*
dustin: "Yeah, definitely Britney Spears."
*audience claps*
*more squealing*
dustin: "Yeah, definitely Crime and Punishment. Yeah."
Presenter: "Thank you, thank you. Be sure to come back next time, when we will discuss the solution to the "humming/speaking" circumvention method"
*everything* is Orwellian to cats.
For another answer to DRM garbage, Baen, publishers of sci-fi and fantasy books have the 100% correct idea about eBook copy restriction and encryption:
Don't do it!
They just released the latest book in their Honor Harington series on Tuesday, and it included a CD with various formats of eBooks of every book in that series and other books that they publish. And best of all, no stupid restrictions. Here's their release about the CD.
I applaud their move, and recommend purchasing this book and others from them (Note: I'm a big fan of the author, David Weber, but not involved with Baen in any way, etc...).
Baen Books, who are known on Slashdot for their Free Library, and who also offer their WebScriptions, all of which in several formats including e-books, do not to use encryption in the e-books they publish. Roughly, their argument is that it's costly, useless and unfair.
From the 6th Prime Palaver: The Library's track record shows clearly that the traditional "encryption/enforcement" policy which has been followed thus far by most of the publishing industry is just plain stupid, as well as unconscionable from the viewpoint of infringing on personal liberties. (...) the fundamental obstacle to the success of electronic publishing [is] the industry's obsession with encryption. I suggest you read the whole document, it's quite interesting.
In 2000, I was working for a startup e-publishing venture. As such, we had the usual lemmings coming to us and saying that if we'd just license their whizbang technology we could never lose a single text to those "internet-based piracy groups". Since I was the only employee with experience in crypto and security, I was invited to sit in on the sales pitches these guys made to our executives. (Our executives were mostly Marketing guys, but the CEO was technically an engineer. In a striking show of how weird start-ups could be, the Marketing guys actually listened to Engineering and the `engineer' CEO not only couldn't write a line of code, but got convicted of felony fraud...)
... So I printed it out on the company's high-quality color laser and scanned it back in as a .JPG. Burned the new image to a CD-ROM and walked back to the sales pitch. Gave them both CD-ROMs and told them, "thank you for coming down, but I believe we'll go with another vendor." Total time: less than five minutes.
One Canadian firm showed up with a dog-and-pony show involving a CD-ROM with a "protected" picture of a sailboat. They claimed that the image was watermarked and whenever anyone tried to copy the image, the OS would recognize the copymark and refuse to copy it. Not only that, but the image was in a special proprietary format, so nobody could even view the image until they installed the DRM software. They were obviously very pleased with their offering.
At that point I took the CD-ROM they were showing us and excused myself for a few minutes. I went into one of the back offices and threw it into a Win32 machine. Installed the DRM software, loaded up the image. Beautiful picture of a sailboat. Tried to copy it. Couldn't. Screenshot? Disabled. But they'd let me print it out...
Now for the real punchline:
That DRM solution racked up $12.6 million in sales for their firm in the 1999-2000 fiscal year. Almost all of that was profit, given how minimal their development costs were. That's $12.6 million dollars for a DRM system that wouldn't even stop a twelve-year-old.
This is what I think a lot of us here are overlooking. There's a tremendous amount of money to be made in the field. Palladium, if it goes through, absolutely regardless of whether it works or not, will be a cash cow for Microsoft the likes of which they can't imagine.
Microsoft knows that Palladium doesn't have to work. They just have to make people believe that it'll work--which explains all the Palladium PR blitz as of late.
Almost every PC-like computer today lets you get at instructions to the video display adapter somehow. As computers move to tighter integration, with low-to-medium-end graphics adapters built into the system chipsets, this may require more cooperation from the operating system because there's nowhere to stick a digital logic probe, but it's still doable.
Almost every video display adapter available today lets you get at the digital version of the image before it's fed to the D/A converters. (Audio probably doesn't.) In the past it was simply a result of the obvious architecture for building the things - using some kind of frame buffer than your equipment can write in. Depending on the system, this may take some complex programming, but it can be done. It's also convenient for some applications, such as print-screen and other screen dumps, so it's good to have. (And OCR is good enough you don't need special OCR fonts any more, just simple conventional ones.) The systems that don't let you do that are largely special-purpose things that don't have general-purpose programming available to the users (e.g. video games.) And
But that may not always remain true - the Digital Rights Management crowd are agitating to get control of system design, because all your bits are belong to them and they want to keep it that way. Imagine if your video board and sound board or their integrated chipset equivalents used encrypted data formats instead of unencrypted - it wouldn't matter that you put a logic probe in the line, because you couldn't read the bits. It wouldn't even require much extra CPU - the RC4 encryption algorithm is strong enough, fast enough, and uses very little memory. Key exchange is requires some CPU, but it would be pretty simple to build a public-private keypair into the adapter, where the public key is retrievable by the CPU but the private key is only accessible to the adapter, and require a setup message (either at boot time, or perhaps on a per-application basis) that creates a session key, pk-encrypts it, and hands it to the adapter.
As a crypto geek, I've got mixed feelings about this - I'd like to be able to write an encrypted voice telephony or video conferencing system that not only couldn't be eavesdropped on, but also couldn't be wiretapped by a virus stealing the data path. But the TCPA / Palladium / Fritz Hollings view of DRM basically requires the system to give root access to any program that wants to use the security, and that's blazingly unsafe. It's not clear to me that you can get away with much less than that and still get real application security, but the stuff's obviously Not Ready For Prime Time even on a requirements basis, much less a design or implementation basis.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
And it took only 30 secs for slashdot to bring them down. If the RIAA/MPAA were crafty enough you think they could use slashdot to destroy their enemies. "Hey dudz go to www.dvdinstoripandincodethingy.com, with this you can rip and encode any DVD in 3 minutes on a 386!" *Screams are heard 3 seconds later from the poor server, running openBSD on a gameboy, as it melts* Why waste money on laweryes when one slashdot story will do all you need. And if the site comes back up just re-submit, and its on the front page again. Gotta love slashdot ;).
But you can still read your video card's framebuffer (admittedly more slowly than you can write to it) even if the video is never in the OS's window buffers.
there was a post to abeb 6/24/2002 entitled "Convert LIT to RTF: ACHIEVED"
- - - - -
Yes, I know, it's supposed to be impossible. Well, it takes some work, but
it's LESS work than scanning from paper, and you can get comparable if not better
results.
I am proud to report that I have successfully converted a Microsoft Reader LIT
format e-book into an HTML book. The book was "Uhuru's Song", by Janet Kagan,
and I will post it when I finish editing.
No, I didn't crack the LIT format, or the encryption.
This method was designed to work with *encrypted* e-books; if it's non-encrypted,
a scripting method to copy and paste pages via the clipboard could work.
(Of course, if it's non-encrypted, it's probably easier to just locate the source
material that the LIT was generated from.)
A description of the process follows.
Short description:
Screencap each page of the LIT file into image files. Enhance and enlarge
the image files to improve results. Use OCR software to recognize the text
in the image file. Proof and edit.
Software used:
Windows 2000
Microsoft Reader 2.0 for PC
IrfanView version 3.70
Windows Script Components version 5.6
CuneiForm99
Capturing.wsf script (attached)
Detailed description:
Acquire your LIT book and all the software listed. (You can substitute a
different OCR package if you want, or a different screencap package if you hack
the script.)
Set your display settings to the highest resolution you can, BUT ONLY 256
COLORS. Keeping the color count low minimizes the nasty effects of Cleartype.
Open the book in Microsoft Reader, displaying page 1.
Start IrfanView. Do Options/Capture, selecting these options: Capture area:
Foreground window - Client area Capture method: Hot key F11 (to set the hotkey,
click inside the box and then press function key 11) Capture option: do not
Include mouse cursor (leave unchecked) Saving method: Save captured image as
file Destination directory: (type your desired directory) Save as: (Any
LOSSLESS type you want. I suggest PNG because it's generally smallest. DO NOT
USE JPG.) Click Start.
Start the script. Answer its questions (folder, starting & ending page
number). It will begin capturing pages from MS Reader. It will take up to 1.6
seconds per page, which would be 100 pages per minute.
When capturing is done, the script will notify you with a popup.
Go back to Irfanview. Do the following to the files in your capture directory:
* batch rename, using a sensible template name (I used page###)
* batch process with the following Advanced options:
+ crop
This is needed to get the ebook title off the top, and the riffle slider
off the bottom. experiment with a single file to get the crop
dimensions. On my project, the original size was 808x1078; my crop
settings were Xstart 70 width 700 Ystart 70 height 910. Note:
Irfanview has a bug in the batch processing dialog which ignores what
you type for starting Y-coord and uses the same as the starting X-coord.
So set them the same and work from there.
+ Set DPI: 200.
Your OCR software may be different, but mine required that the DPI be
between 200-800. Your screencaps will not have a true DPI number so we
fake it here.
+ Resize: Set new size as percent of original: Width 200% Height 200% You can
experiment with larger resizes. Blowing up the images is absolutely
necessary for OCR software to work; the OCR software needs more pixels to
work with than a regular screencap can give it.
+ Convert to Grayscale
+ Brightness: -40
This gets rid of the pale yellow dotscreen pattern.
+ Contrast: +127
This maximum contrast enhancement converts almost all the grays to
black. You might want to experiment here too to get the best
recognition; I got a lot of recognition errors where "cl" was recognized
as "d". Less contrast might have improved that.
* a SECOND batch process with just this Advanced option:
+ Change color depth: 2 colors (Black/white) (1BPP)
(Do not try combining the batch processes!)
For each batch process, you'll need to either change the extension, change
the folder, or enable "Overwrite Existing Files" in Advanced options (which
I don't recommend).
At this point you have a folder full of b/w screencaps, with everything but the
actual text cropped out.
Go into CuneiForm99's Batch Recoginition Utility and set it up to recognize all
the images in the folder. (Remember to only put the b/w ones in the batch.)
At the end of the job wizard, go into Recognition options. On the Recognition
tab, clear ALL the checkboxes under Recognition parameters; on the Format tab,
you probably want to uncheck "Font Size" and leave "Italic", "Bold", and
"Paragraph" checked. Now click OK.
Start recognizing.
When you're done, you'll have an RTF that is at least as good as a raw scan of
a paper book. Go proofread and edit it.
Regarding phoning that number, I'm not sure what more they could have to offer. They gave us the five W's along with the bonus "How". There's, like, more to the story? Was child pornography discovered durnig his PrintScreen adventure? Did they notice unscrupulous ICQ contacts peeking out from behind his e-book reader?
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Surely 60 fields/sec, you mean.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Pretty hilarious :) Wonder if that book collection is protected...
What makes you think you will be alowed to print in the Paladium Millenium? With a little work, even a digital camera can be told not to take pictures of the screen. Remember the little Timex PDA watch that got it's information from flashing pixels? A digital camera can be programed to look for a signal and not take a picture when it's detected. Measure and counter measures can keep most people from making coppies. Those people will either not have the service or pay some greedy asshole for it.
Friends don't help friends install M$ junk.
See here. Just one or two more bad laws and we will all be slaves.
Friends don't help friends install M$ junk.
I stand corrected. It did seem to be kinda obvious :)
Got brain?
Since Print Screen can be used to thwart copy protection, isn't Microsoft in voilation of the DMCA? You can't make devices that crack copyright protection!
The problem with the e-book reader is one of the greatest hurdles to overcome in order to transition to a truely electronic society. How can you protect the rights of the author when anybody with a bit of patience or some programming skills can just print screen his / her blood, sweat and tears and give it away to free for anybody on a p2p network? Anybody who argues that all information should be free obviously isn't relying on a royalty check to provide food for their children.
I have a unique idea for the e-publishing world, but there's no point in executing it if the ability to easily circumvent any security precautions exists. So basically I'm asking any programmers out there if they've come across a way to disable the print screen function in a windows app? Or to return a black window when a screen request is being made for a print screen?
Polluting the Internet since 2003...
http://percep
Last time I checked, you can't find LP drives, and people are having no problem ripping analog albums. There's no need for a computer to be in the process. Just something that outputs stuff, and something that records that more or less captures what is output. Since a human being will (presumably) always be a target for the output, all you have to do is replace the person with a recording device. A microphone, a line in, a camcorder, a video recorder. Anything.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Someone else mentioned that Windows Media Player prevented screen copy. The reason for this is video overlay. Most graphic cards support overlays as faster ways of writing streams of changing video frames to the display without worring about the actual window. If you turn graphic acceleration all the way down in WMP I believe it will play directly to the player window rather than overlay, thereby allowing a capture but most cards won't be able to keep up the same performance that way. I was on some site looking at satellite images a few months ago (I think TerraServer) and they gave me the option of smaller images, or nice big images with copy protection (which required a plugin download to see them, though still right in the browser). I tried to capture the images then using PrtScrn and got logos of the copy protection with no sat image. It seemed likely that the window showed the logo, then they used video overlay for the actual images. I wonder why makers of eBook readers don't use overlays in the same manner for this reason. I used the MS Reader awhile ago and it seemed to allow specific titles to allow/disallow printing, clipboard copy, and Save As functionality. If they also used overlays they would be much harder to defeat (though of course still not impossible). As it is, it would take less than an hour to automate PrtScrn, OCR/save, push keystrokes to change to next page. Images are nice, but MS Office XP includes nice OCR now so the tools are mostly at hand!
If the lack of DRM was going to harm books, it would have happened years ago. Anyone can take a book, rip off the binding, put the pages in a self-fed scanner, use text recognition software to turn the images into text, then upload the text file into a P2P network. It only takes a few hours and almost no effort. The fact that print publishing still thrives tells me that people still value browsing through a store full of already-printed books. E-books are already inconvenient compared to printed books and free web pages (each in its own way), so DRM will kill them outright.
On the plus side, some of the old versions of realplayer allow print screen if you are at full screen.
In realplayer 7 and 8 for Windows, I can go to View > Preferences > Performance and turn off "Use optimized video display", and realplayer won't use an overlay.
Will I retire or break 10K?
Allow me to reproduce a 'cracked' copy of a digitally available text, right here, right now:
.the Bible?
.to burn all the books.
Now is the winter of our discontent made glorious summer by this sun of York, and all the clouds that lowered upon our house in the deep busom of the ocean buried. Now our brows are bound with vitorious wreaths, our brusied arms hung up for monuments, our stern alarums changed to merry meetings, our dreadful marches to delightful measures. Grim visaged war hath smoothed his wrinkled front, and now, instead of mounting barbed steads to fright the souls of fearful adversaries, he capers nimbly in a ladies chamber to the lacivious pleasing of a lute.
etc., etc., etc..
How did I accomplish this grand task? I *memorized it.* Yes, the whole frickin' play, from start to finish and I'm not exactly the only one. I personally know dozens of others who have done the same thing. It's actually not that difficult once you've decided to do it.
But wait, don't buy now, there's MORE!
Oh sure, a 4 hour Shakespeare play, anyone can memorize that, but what about. .
Sure, across the world there are literally thousands of people who have actually managed to commit the entire Bible to memory. And these people have nothing on the Indian Pandits who memorize the Vedic texts. These people memorize them, then memorize every other word, then every third, etc.. Then they repeat the process *backwards.*
So, is every digital device capable of storing at least 256 bits of data going to have to have an installed database of every text in the known universe to compare against what I manually enter into it? Nevermind this digital to analog conversion device I can interface directly with my brain called. . . a pen.
The fact that I can, and may have to, rely on the circumvention device of Farenheit 451 gives you some idea of the whole moral temperature of digitally locking books. It ain't bookburning but it's treading powerfully close on its heels. In fact, the only way for e-books to ever triumph will be. .
KFG
So as someone is reading their Palladium protected E-Book, they type what their eyeballs see on a laptop, into an ASCII TEXT file. Why? Because they are a hobbyist. They love freedom. And then the .txt file finds its way onto FreeNet and PeekABooty and P2P.
Back in 2002, some troll paid by RIAA et. al. to scan the web reads this post, and shits their pants. Because if someone can see it, they can type it, and everyone around the world can enjoy it.
Think of the act of typing something into plain text as a "freedom fix". Nice name, eh? Not "crack" or "patch" but "freedom fix". Start using that term.
But you can still read your video card's framebuffer
If you read from memory that your app doesn't have read access to, you get a SIGSEGV. Palladium applications will be able to allocate memory spaces that even apps running as root won't have read access to.
Trying a fake video driver? That may not work if Microsoft does with video what it had done with audio. The Secure Audio Path built into Windows ME and XP won't play audio to unsigned drivers, and Microsoft won't sign a driver unless it turns off all digital outputs whenever the Secure Audio Path is open.
Will I retire or break 10K?
Parent brings up an interesting point. However, the issue is not, "we can crack anything" but rather, "look at all this snake oil." It's amazing how many companies are selling worthless DRM products, and it is them you pay (partially) when buying those DRM-enabled products. Do you want to pay for their worthless crap?
Furthermore, many people want to be able to copy copyrighted material they own, for personal use. This is completely legal (unless the do it by cracking the protection), and completely moral. For example, it would be nice to view that eBook on, say, your PDA, or your laptop. Or you want a backup in case it gets deleted, or a backup of your CD, in case it gets scratched. There are legitimate reasons to break this stuff...
I hereby place the above post in the public domain.
Why not run the program on a virtual machine
Because Windows will recognize the virtual machine and load without Palladium support.
or use device drivers that copy all received data to a mass storage device?
Because Windows will recognize the unsigned drivers and load without Palladium support.
When you boot without Palladium support, you can't access the vaults that locked documents are stored in.
Will I retire or break 10K?
The author hit the nail on the head - copy protection is impossible. However, the example he used (capturing data with the printscreen key) is a weak illustration of this fact, especially considering the recent speculation about palladium. For example, think about clips played using video overlay in windows media player. Pressing print screen while playing one would yield an off-black rectangle where you would expect a video frame to be. The real reason copy protection is not possible is a little more complicated than "print screen".
I think it's pretty well understood that now, in the pre-palladium/TCPA universe, copy prevention is impossible. If you can read a CD, you can copy it. Perhaps your specific cd burner's firmware isn't robust enough to write specific "strange" bit patterns, but bit-for-bit cd-duplicating machines cannot be fooled. If you can watch a movie contained in a file, you can send it to a friend. Even if that file is encrypted, the player program must decrypt it in order to play it and that decrypted data can be grabbed and written to disk.
At first glance, it seems like palladium will put a stop to this with its careful use of encryption and digital signatures. This is not true. Information physics didn't just fly out the window. All that Palladium accomplishes in connection with modified PC hardware is a separation of user and computer into two entities. Currently, users have complete control over their systems. Any OS can be run and no information is hidden from it by the hardware. The system, all by itself, is incapable of protecting its own private keys from the user. It is incapable of preventing the user from assuming its identity. A palladium OS running on TCPA-compliant PC hardware changes this. A TPM, or Trusted Platform Module, charged with the responsibility of certifying that a DRM-aware OS is running on the hardware is included on the motherboard and has its own sets of private and public keys. The critical difference between a TCPA-compliant computer and a PC of today is that the TCPA PC has its own "identity" separate from its user as defined by its ability to keep its keys confidental and process information using them.
It is well known that the only way to be sure a secret is kept is to make sure that all entities who know that secret agree to keep it a secret. If even one entity "in the know" decides to divulge it to an outside party, that information can no longer be controlled. Palladium/TCPA tries to implement copy protection by ensuring that the only entities that get access to that information agree to keep it a secret - namely the TPMs. In other words, if you were to enter your credit card information into a web site in order do download a palladium-protected movie, you didn't purchase the video for yourself. As it would be transmitted as data encrypted using the TPM's public key, you actually be purchasing the video for another entity, your TPM. The idea is that TPMs will obtain various metrics of the system on boot (is the OS signed or unsigned? the drivers? etc...) and only perform cryptographic operations at the request of the system if everything checks out. In addition, a special "trusted" cpu mode that has the same kind of power over kernel mode that kernel mode has over user mode (an inexact description but good analogy) is used to provide for allocating memeory that is only readable by a trusted application through calls to the program running in trusted mode. That's Palladium/TCPA in a nutshell. The reason that everyone seems to be so upset about it is that, in a bug-free environment, there are no software attacks on the system. The are many hardware attacks, such as special memory that can be used by the system and read by another device, soldering capture devices into output cards, or physically opening the TPM and extracting its cryptographics keys. The list goes on. Also, as information only has to be liberated from the "circle of friends", including all TPMs in all computers and the ??AA, once a single hardware mod would create an unpluggable leak through which an infinite amount of infomation could flow.
Critical and unrepairable holes in Palladium have been found before it has been deployed.
This brings me to the reason I'm writing this post: slashdot is permeated with ignorant fear. People believe that their ability to get copies of music, movies, and software without paying a cent is going to be in jeopardy. While this creates a great deal of support for anti-palladium initiatives (which is good), ignorant advocates can seriously hurt the fight for sensible treatment of information and universal recognition of the truth of information physics by providing passionate but incorrect and empty arguments against palladium and the TCPA (which is bad). So, if you'll still be able to get free entertainment in a palladium world (albeit with much more difficulty and a soldering gun), why is palladium bad? A number of very serious reasons:
Palladium will work reasonably well as attacks, though possible, are difficult. Over time, the majority of computer users would be convinced to believe the dangerous fallacy that copy protection is possible with the support of sufficient laws and technology. This belief (whether fostered by ignorance or campaign contributions) in our elected representatives what spawned the DMCA. In other words, your freedoms are in jeopardy as well as your friday night movie-and-popcorn party.
Palladium claims that it is capable of protecting your personal information - your name, address, credit card number, etc... - and puts you in a position of total control over how that information is used. Users that are bamboozled by the tantalizing promise of "trusted computing" will place their important personal information into the care of an unreliable system under the control of an entity that has profit rather than the users' best interests at heart. That is, they will forego the only true way to make sure personal information is kept confidential - not giving it to the computer. This may become incredibly difficult when the latest version of windows kindly demands it during the install process to activate the user's initial one-year license term.
In order to work, palladium-enabled service providers must be able to verify whether or not the cryptographically signed message coming from the client computer saying "This computer is running DRM-aware software," was signed by a TPM which is reporting accurate system metrics. In order to make sure those messages are unspoofable (by emulating the TPM in software) a central registry of all TPMs and their individual public keys must be maintained and made accessible. In other words, all palladium computers will have unique indelible ID tags and will report them over the internet to whoever asks. I don't have to explain to slashdot the privacy implications of this kind of system.
Hopefully I've managed to replace some ignorant fear with some informed fear. If you're not a member of the EFF, ask yourself why. Right now.
Unlimited growth == Cancer.
The solution here is for the publishing companies to relax and stop worrying about protecting everything and instead worry about trying to get things to the public in the most convient and appealing way possible. Rather than sell individual e-books create an on-line library with a monthly subscription cost. Let users print out the books if they wish or order the actually printed copies at a membership discount. Rather than sell individual songs, create a vast music library where I can get unfettered access to all I want for a reasonable monthly fee.
This sig has been temporarily disconnected or is no longer in service
If you have "Full window dragging" (or whatever it's called on your system) enabled, you can also grab a screenshot by hitting PRNTSCRN while you are dragging the RealPlayer window around. The image in the window switches from overlay to the standard video system while being dragged.
--DennyK
As you see now, anything can be copied as long as it becomes photons/sound waves somewhere along the way to our brains. So, the ONLY way to make your precious material totally locked down is to deliver it directly to our brain. You see what I'm getting at?
Neuroscience, man, neuroscience!
Invest a billion or two of the dollars you have lying around into developing a good, non-dangerous brain-computer interface. Then you can deliver digital content directly to our minds, with no worries about it getting stolen along the way! But that's not all!
Millions of geeks will hail you for bringing this invention to light! The ones that were once against you will say your names with awe and respect! Isn't it tempting?
So do it! Go for neuroscience, to make the world better for all of us!
(Yes, I want my Matrix-like spine plug that bad.
And it has nothing to do with the fact that I could then be the star of my very own pr0n reality. Really.)
Back in the late 80's, SimCity (original PC version) shipped with this dark red paper that was impossible to photocopy and just as bloody difficult to read except if you held it at the wierdest angles. All you would get is a full page of black from the copier.
;-), but I learnt way back then, that if you can view it, so can a machine, and hence make a copy.
A friend of mine got the bright idea of running it thru the fax machine. He ran each succesive copy thru the fax a few times, and voila! It was clear enough to read!!
Of course I just kracked the game later (gotta luv the one byte "patch"
--
Maybe there is a reason why the cliché "Turn off the TV, turn on your life" is true:
Television: Opiate of the masses
Open the reader on one machine. VNC, PCAnywhere, or Timbuktu to it from a different Win, Mac, or Lin box, then take a screenshot from there. Or, just take a pic of the screen--my dad's new 3MPixel camera does quite nicely.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
but you're wrong. all we need is one person on the planet, somewhere, to come up with a good "unprotected" copy in digital form.
someone, somewhere will figure out a decent way of getting this copy. then they put it on kazaa, or an ftp site or a web site. within hours it's all over the planet.
digital files are like viruses... as long as one survives there is always a chance for a "breakout"
I believe you're referring to my post that contains video overlay. I'm aware that video overlays can be captured quite easily with the right software or when video acceleration is turned off - I was using WMP as an example to show that 'printscreen' by itself isn't a magic answer to everything. Most slashdotters (in my opinion) are aware that if something can be seen it can be copied. However, too many (again in my opinion) believe that if it can be seen, it can be copied easily (i.e. with printscreen). I see this fallacy as dangerous as it encourages people to feel secure in the false belief that DRM cannot be implemented in a way that interferes with their lives and is not worth worrying about.
:)
Thank you for your comment, though. I did neglect to mention in my original post that directshow overlay can easily be defeated...I hope nobody got the wrong impression.
I've been emailing the guy who did this - he hadn't even *heard* of Palladium or the ridiculous laws proposed to close the analog hole. So all of his bold assertions about this stuff ALWAYS and FOREVER being ways to circumvent copy-protection are just so much ill-informed nonsense.
www.sjbaker.org
Imagine if your video board and sound board or their integrated chipset equivalents used encrypted data formats instead of unencrypted - it wouldn't matter that you put a logic probe in the line, because you couldn't read the bits. It wouldn't even require much extra CPU - the RC4 encryption algorithm is strong enough, fast enough, and uses very little memory. Key exchange is requires some CPU, but it would be pretty simple to build a public-private keypair into the adapter, where the public key is retrievable by the CPU but the private key is only accessible to the adapter, and require a setup message (either at boot time, or perhaps on a per-application basis) that creates a session key, pk-encrypts it, and hands it to the adapter.
I think this is the eventual plan, but as far as I know it's not implemented yet, nor is it in the works. However, I remember reading in an article about HDTV that the DVI interface currently supports almost exactly this scheme. Scary, no?
But the TCPA / Palladium / Fritz Hollings view of DRM basically requires the system to give root access to any program that wants to use the security, and that's blazingly unsafe. It's not clear to me that you can get away with much less than that and still get real application security, but the stuff's obviously Not Ready For Prime Time even on a requirements basis, much less a design or implementation basis.
I actually took the time to start reading through the "general" and "PC-specific" TCPA specs and, while it's certainly a bad idea, it doesn't require as much of a security sacrifice as you suggest. Individual applications that need to make use of "security functions" have two resources at their disposal.
The first is a crypto coprocessor soldered onto the motherboard. If that crypto chip is satisfied with the state of the system (signed OS, signed drivers, encrypted display connection) then it releases certain private and public keys to signed applications on request. In order to be signed, executable code (in the OS, drivers, or software package) must not at any time disclose those keys to other applications, store them unencrypted on disk, or do anything else that could lead to exposure of those keys to an untrusted entity.
The second resource all programs have access to is the a small program running in what I guess could be called "ring -1" (in palladium it's called "the nub"). By making requests to this program, an application can allocate "secure" memory for itself that neither the OS nor any other program can access. This could be used to store unencrypted uncompressed video frames, for example, before they are sent to the video card.
In other words, individual programs that make use of TCPA "security" functions don't gain root access to the system - they access a limited TCPA API to perform a few functions that execute at a privilege level above that of the OS. The TCPA effectively eliminates the rights of the end user, but it does so in a tidy way.
If they deinterlace the video it would be 30 frames a second.
This Wiki Feeds You TV and Anime - vidwiki.org
The only problem is this-- the actual print-screen key is only the label. Prying them off and burning them is a bit like installing DeCSS and renaming it to "anonymous" so you still aren't safe.
For better results, please burn your whole keyboard (but this is, IMO, what the RIAA/MPAA really want-- to remove the human interface to their products aside from the video and audio).
LedgerSMB: Open source Accounting/ERP
bingo MOD PARENT UP
One simple rule for its versus it's
"When an unemployed iron worker can lay in his Barcalounger and f*ck Claudia Schiffer for $19.95, it's going to make crack look like f*cking Sanka".
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
Doesn't matter at all, one person makes a good copy and then it's just a normal .jpg file, you can copy it and share it forever.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Unfortunately, there is some truth in this. The copyright-holders will find a way to make digital-camera, scanner and ocr-software makers detect watermarks in the input and turn itself off. Even if you use an ardinary camera to take a "screenshot", every computer software will refuse to display/work with it.
Welcome to Microsoft's "Palladium" future.
Just laugh now, but your kid's won't after 20 years ..
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
But that may not always remain true - the Digital Rights Management crowd are agitating to get control of system design, because all your bits are belong to them and they want to keep it that way. Imagine if your video board and sound board or their integrated chipset equivalents used encrypted data formats instead of unencrypted - it wouldn't matter that you put a logic probe in the line, because you couldn't read the bits. It wouldn't even require much extra CPU - the RC4 encryption algorithm is strong enough, fast enough, and uses very little memory. Key exchange is requires some CPU, but it would be pretty simple to build a public-private keypair into the adapter, where the public key is retrievable by the CPU but the private key is only accessible to the adapter, and require a setup message (either at boot time, or perhaps on a per-application basis) that creates a session key, pk-encrypts it, and hands it to the adapter.
For that to actually happen, it requires essentially the entire destruction of general-purpose computers. Everything would have to be encrypted, and nothing would work with anything else that wasn't encrypted. Being able to take arbitrary bytes -you- made and run them on a turing-complete device has to be essentially impossible. That's the only way to stop someone from finding something that can be tricked by simulation and simulating it. That said, it can certainly be made very difficult to do much easier.
As a crypto geek, I've got mixed feelings about this - I'd like to be able to write an encrypted voice telephony or video conferencing system that not only couldn't be eavesdropped on, but also couldn't be wiretapped by a virus stealing the data path.
I understand. But what you want is possible -- you want the transaction to be secure in the middle. I.e.: from the input to the recording device to the output on a display device. Someone who was watching the display device could, if they so wished, make a non-encrypted copy of the transmission to send to whomever they liked. You, being a humane person, assume that both sides of the conversation -trust- each other, and thus only need to prevent others from getting to the data.
What these lunatics want is for a situation where you, the intended recipient, are untrusted and unable to copy the communication. The reason I call them lunatics is that you have to invent entirely new technology virtually from scratch simply because we've never even considered how to prevent that in any device that's was made before twenty years ago or so. The assumption that underlined that fact, was that when you send someone a secret message, they can do whatever they want with it once they receive it. Sure, there have always been people who wanted to -stop- people from being able to do that. Early composers complained of their sheet music being copied illegally. But those people were sane, because they merely wanted the copying to be illegal. These people are insane, because they want the copying to be impossible.
The enemies of Democracy are
Excellent post dude - 'moron'. Great.
BTW, I 'dug up' prices (90 seconds of my life, if that) because I like to keep on top of the facts. Believe it or not, I get into conversations with real people about these topics, and sometimes just saying 'X is true', without knowing a source, or having verified it, just isn't persuasive. Honest. Even when bashing the price of a mac, sometimes people want sources for the numbers that seem to be pulled out of thin air. I know have those sources.
Whoops - another 75 seconds gone...
creation science book
If they deinterlace the video it would be 30 frames a second.
You're thinking of 30fps weave de-interlacing (see below). In real video sources other than film, objects actually move slightly from one field to the next. You're thinking of the form of weave de-interlacing that combines field 0 and field 1 and displays it twice. This is where the motion vectors come into play: they can help predict where the object will be between frames.
Bob de-interlacing: draw each field as a separate frame, interpolating the lines that aren't in a given field. Gives shimmering artifacts for relatively still images.
30fps weave de-interlacing: combine each pair of fields into one frame. Really bad double-image artifacts when something is moving.
60fps weave de-interlacing: combine each field with the previous field. Slightly less artifacty than 30fps weave.
Motion vector de-interlacing: use MPEG motion vectors to determine what parts of the image to bob and what parts to weave. Gives the best results but is compute-intensive and requires the MPEG-2 decoder to output motion vectors.
Will I retire or break 10K?
M$ claims that Palladium won't interfere with documents you own rights to, but they also claimed that Activation would never inconvenience anyone. Ha, the newsgroups are full of complaints. There was an IT guy in Germany whose whole business was shut down for 3 days because activation decided not to play nice. Yeah, I really trust M$ to get Palladium right, so it never locks up MY documents!! And imagine all the work for data recovery folk, since the default will probably be to lock ALL documents. How many people remember to change defaults, especially those that may have to be done on a per-document basis?? (Never let it be said that M$ made any such function obvious if hiding it under layers of menus could be done instead :)
:)
I did finally figure out how the real handle came to be, so with a little thouight I can remember it -- but "Yerricide" is much funnier
~REZ~ #43301. Who'd fake being me anyway?
Movies too -- there are some wonderful movies out there. Now all I need to do is figure out where to get a region 2 player and a PAL->NTSC coverter, so I can watch French movies that are never going to come out in region 1. Silly artifical trade barriers; Cyrano calls!
Lea
Palladium is to prevent you from paying attention to the punishment phase of the antitrust case and to prevent you from paying attention to Microsoft's accounting, uh, descrepancies.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.