Slashdot Mirror
Mission: Infiltrate the P2P Network
prostoalex writes "Wired News unveils the secrecy behind Overpeer, the company whose mission is to infiltrate peer-to-peer networks with low-quality audio and video files, or corrupted chunks of data which carry the same name and have the same size as originals. Apparently OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
don't users of these networks already do this when they share their crappy files
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
Seems like they are trying to piss in the pool to drive everyone away.
How many people and companies that are willing to make money by being scum...worse still that the patent office is willing to grant them a patent on being a scum. P2P is good for the world, why the hell can't people just get over it and let it be.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
heh I dont think they know the power of proper good filtering software. I used to use a package on my amiga which could reconstruct less noise from a bad sample, ie one on a bad microphone or at bad level input, and get a very good sounding sample from it. I'm sure someone could write a decent one nowadays so all i can say is bring it on, they'll be sharing just what they don't want to be? SUCKED IN to them!
or corrupted chunks of data which carry the same name and have the same size as originals.
Isn't there some magical algorithm that produces an unique checksum number for a file, and if it were missing chunks wouldn't that reflect in that magical number? Don't most P2P networks use this magical MD5 checksum algorithm to ensure files aren't screwed up?
Gee, you would think the patent office would realize they just awarded a patent to the same guy that sells server pixie dust.
Thanks. I found while contemplating /dev/zero
I know some P2P networks just match file size and name, but I'm pretty sure most of the good P2P networks check a file's MD5 to see if it is the same as another. If the MD5 matches, it's probably the same file, despite having a wildly different name.
Unless Overseer or whatever found a reverse algorithm for MD5, I doubt very much that they could degrade the qualify of a music file in such a way that the MD5 doesn't change.
Weren't major labels paying studios $bigbux to reproduce that gritty, done-on-a-four-track-cassette-deck garage-band sound anyway? No wonder the music industry is imploding. Everything it does is redundant. And not in a good way.
From now on, all your Rammstein and System of a Down files will sound like Britney Spear and Céline Dion.
Oh, and we also took the liberty to replace your pr0n files by 8-bit color Barney clips. Enjoy!
Stéphane "Alias" Gallay
Now, where did I put this witty quote?..
So everyone will have to make more of an effort to delete their defective files.
It could happen.
My wife and I sat in our office last night and pondered what percentage of downloaded music falls into fair use. In other words, what percentage of the songs downloaded are actually owned by the person seeking the download?
My wife and I have over 200 CDs. It would take use an enormous amount of time to rip all of those CDs. Is there anything wrong with us wanting to download the music that someone else has already taken the effort to convert?
I may be wrong, but I imagine that people are more interested in downloading because of the "laziness" factor.
All the more reason to use Server-to-Client networks instead.
I hate Grammar Nazi's
We can't build a better mouse trap...
So we'll break yours!
(ok...not "break" but render rather inefficient....grumble.)
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
On the one hand, this sounds perfectly fair. After all, they are taking steps to prevent folks from stealing intellectual property.
On the other hand, it seems like it's easily bypassed -- some authority should keep a central server with a list of known good files and some sort of hash associated with each file. If the file is distributed in pieces, there could be a hash for each piece.
Finally, isn't the entertainment industry's time is better spent developing a functioning revenue model? People want music online, and they won't pay a lot. Sorry, the genie is out of the bottle -- get a real revenue model -- or someone else will, and they'll kick your butts. All the incredibly crappy and formulaic new "music" isn't helping much, either.
Before we start going off on the PTO, remember this is a published patent application, not an issued patent.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Simply put, how do they know what is or isn't legal?
There are plenty of bands that release some or all of their tracks for free....how are these guys determining WHAT gets fubar'ed and what doesn't......could a new file naming convention by P2P traders make this REAL hard for these guys..? How aer THEY choosing what content gets whacked?
Sehr geehrter Toilettenbenutzer!
MD5 , but there are tools available to do the job on most p2p networks. Correct me if I;m wrong, but i think that sig2dat is useful for getting verified files on Kazaa.
I wonder if in some strange way this will have an adverse effect and cause more users to upload better quality files simply out of frustration with Overpeer. Perhaps they'll treat it as a competition to show Overpeer P2P networks can't be stopped.
From the article:
2) Collect illegally produced digital music file.
3) Edit illegally produced digital music file (damage sound quality).
4) Distribute digital music file on network.
All of these are illegal under the DMCA.
Oh, I get it, it's ok to break the exact same laws you're trying to get the general public to stop breaking. I know, lets run around and rob the thieves and rape the rapists, that'll get them to stop too. Why didn't we think of it before?
<sigh>
Damien
This is a perfectly valid attempt by the record companies to fight for their survival. In fact, I applaud it because, for once, they are not resorting to the courts or the coercive power of the state to crush the "criminals" who share music. Instead, they are playing a technological game in our arena, on our own turf. This is simply a variation of the way a.s.t used to invade newsgroups by flooding the channel with bogus trolls.
And since they are playing our game, we can strike back the same way. We can institute the equivalent of killfiles (if we know the IP of these bogus sharers), or, even better, we can add audio fingerprinting to P2P networks to filter out the bogus files. That sounds like a good open source project.
So long as they try to play this game with us, they can't win.
If they are distributing poor quality duplicates of copyrighted material, the consumer can watch/hear the file and decide whether he likes it before buying - a win for both sides. On the other hand, if people stopusing P2P so much for bootlegging, it will gain the credibility it deserves as a distribution medium.
If I seem short sighted, it is because I stand on the shoulders of midgets
Aren't they illegally distributing these copyrighted content without permission, which is still criminal regardless if it is of low quality?
Or do they have the copyright owner's permission (i.e. licensed), in which case it is legal to download those recordings?
. . . that FSF didn't apply for this patent. And then sue the *IAA for infringement. Irony.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
- They assume all users are guilty of piracy, and will proceed with that in mind
- Since all users pirate works(see above point), they release copy-protected works that do not work according to standards...other than the infamous "neener-neener, you can't copy this" standard
- Through their extensive lobbying efforts, they're seeking to remove what little legal rights we had to items purchased. (e.g. When I buy a gallon of milk. I have to make sure there's no EULA. Of course, I can't see me taking the time to reverse engineer it)
- Now they're actively trying to poison P2P networks
I would like to know when this is all going to come to a head, or is it going to be continue to continue spiralling until someone/something/group of someones intervenes. Perhaps it will stop when the majority of their user base becomes so alienated that purchasing a copy (licence) of a work is viewed as a faux pas.If they'd work on developing a better digital delivery system (I don't see the current methods being very viable), perhaps that would do something to curb piracy
It won't work well with all P2P networks. A prime example is the eDonkey network which uses a hash of each file as an identifier, not a filename/size identifier. You can rename the file to anything and the hash won't change. eMule Project is another great eDonkey network client and is open source.
This is too little, too late, unless you're stuck on Kazaa.
Trolling is a art,
at least someone on kazaa will be sharing. DAMN YOU KAZAA
YOU SUCK BALLS!
What we really need is a filesharing network linked to a public database of md5 checksums with a web-of-trust community-rating model that could be used to allow users to assign a quality rating to each file/checksum record in the database. The checksumming integration could then allow prospective music thieves to find music by searching for highly-ranked checksums.
The system could also be used to report and moderate-down users advertising md5 checksums that don't match the files they are sharing.
I'd imagine a single high-quality encoding of any given song would quickly proliferate. No more broken files. No more misattributed ID3 tags.
-- "The reward of suffering is experience." - Aeschylus
Tit. Tat.
I might not like it, but this response seems pretty logical to me. The Industry has declared war on P2P as the source of their dwindling profits. (I'm not going to argue the validity, that's irrelevant.) Of course they're going to try to sabotage these networks any way they can.
This puts the ball back in the court of the P2Pers. So what's the next step? Seems to me it won't take long for someone to come up with either a moderation system or IP blocking scheme that will force the Industry into a different line of attack.
When are these people going to learn that if they spend 6 months developing a technology to "protect" their copyrighted info, it will take 6 days (if that) for someone to defeat it?
Dime to donuts someone has a way to beat these bogus files within the week...
-mh
I'm no lawyer, but I was wondering if any real one know if there is a legal remedy to be pursued against Overpeer by the P2P companies. It seems like there at least ought to be one, given that Overpeer could be argued to be degrading the quality of service by posting garbage.
Of course, the P2P companies may not want to appear in court for any reason.
It's clearly the right of those that feel their material is being stolen to try to protect that material as best they can. This method is preferable, IMHO to individual persecution or the arbitrry charging of ISPs.
On the otherhand, those that feel it is within their moral rights to "share" music, movies, and software can clearly be expected to try to circumvent and overcome any obstacles groups like Overpeer put in their way with tools lik Sig2Dat.
Foregoing the obvious arguments about legality and ethics that are sure to follow, there is a certain amount of progress in advanced and secure filesharing that is engendered by this game of cat and mouse.
-------
In Soviet Russia we share you.
I'm a friend of a friend of the working class.
You think they might let me get a patent on a personal transportation vehicle powered by a hydrocarbon deconstructor and exergy waster turning circular discs?
Any other ideas as to how to get a patent on blatently prior art?
Surely it won't take very long for people to discover the IP addresses that the rogue files come from and block them? A (long) list of rogue IP addresses was posted on Slashdot a couple of weeks ago.
Summation 2
I wish I was moderator right now...you need modding up big time...amen brother...seeing "right to the heart of the matter"...oops sorry thats a line from a rush song...I guess I just broke the law....
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
They better get LOTS AND LOTS of IP addies, because word will get around about which users distribute corrupt file and folks are going to publish web pages listing the user IDs and IP address blocks disseminating corrupt files. Also, it's not that difficult to listen to the first 30s of a partial download--if it's junk, download cancelled, user banned, nice try.
Basically, this guy and his company are admitting to playing the "Dennis the Menace" game, where they go in, mess things up and walk away like nothing happened.
Is this the entertainments industries way of saying, "If you can't beat 'em, screw 'em"? If you think about it, desperate people do desperate things and this definately sounds like the actions of people who are at or near the end of their rope.
It is really their own fault, but unfortunately, they will never see it that way.
jlk
I often seed public databases with junk data, effectively rendering them useless. Sometimes I mis-reshelve books at the library (you should see the card catalog). I create bogus auctions on ebay under fake names. I distribute pdf's of gutenburg "ebooks" that actually contain hardcore pornography. It makes me smile whenever someone downloads Grimm's Fairy Tales. Oh, they're 'Fairy' tales all right. I always worked anonymously, because I thought this was illegal and I'd get in trouble if I were caught. Now I know that I'm a hero, and this account can finally be told.
Honestly, this will never work. I'm not sure about the rest of you, but I'm on a dialup connection, so I generally check my files mid-transfer for quality/content. I'm really not willing or unwise enough to download 200 megs of mating rhinoceri under the false pretense of it being those Invader Zim episodes I wanted. Even if I had a high speed connection and downloaded it regardless, I'd certainly remove it from my system afterwards anyhow, wouldn't I? Right? Right guys? So in short, even if they trick a user far enough into downloading a file, which is entirely possible, what makes them think that people won't notice far enough ahead of time to stop?
Even Lycos' MP3 search used this system before the RIAA followed all the links and shut them down. It's not rocket science.
When I am king, you will be first against the wall.
I just won't buy ANY Cd's anymore. I used to buy the music I liked. Reminds me of last night I was watching Much Music and Kid Rock finally said something good. "The last record sold 10 million, my most recent one only sold 2 boohoo." Being VERY sarcastic of course.
Ever notice that once a file like these spread on a p2p some people labled them to say they have loops. Then once a real mp3 shows up people start naming them "Real" or "No Loops."
If you want to make sure something is good, get your mp3s higher then 128kbps. The record companys always release "loppers" at 128 or less so people using origanal Kazaa can download it.
Get Kazaa Lite or get on IRC and enjoy.
Suits me. Cripple the crap P2P networks, and bring out the good ones. Last time I checked it was a 2^160 chance of guessing the right SHA-1 digest. Bring out that pixie dust again. :-)
Karma: It's all a bunch of tree-huggin' hippy crap!
Is the invention useful? I suppose it is...
In other news, a user accussed of illegally distributing 600 files, turned out to have 1 file looped 600 times. *-)
Seriously I was wondering if a person (not the infiltrator) were to share these looped files, would they be violating copyright? Presumably the record companies have given consent to the infiltrator that the looped files being distributed, which might be considered implied consent that users distribute the looped files?
but, uh, if i run into a low quality download, i'll just delete it and not share it anymore...
--fetch daddy's blue fright wig, i must be handsome when i release my rage
Just like all the industries attempts to thwart file-sharing this will only succeed in making software developers even more determined to create robust, fast and highly available distribution systems.
There's so much low-quality sh*t out there at the moment anyway, this will only encourage efforts to package mp3s, divx etc in formats that guarantees against corruption (eg rar/zip)
Currently not many people ensure all their mp3 albums contain high quality files from the same source, encoded with the same encoder. If the record companies ever succeed in poisioning the P2P networks with their crap then it'll force people to locate only high-quality music, which surely is exactly what they're trying to prevent.
Not in every country is illegal to download music from p2p networks. It is allowed in a lot of european countries.
People will just delete the junk and keep the good copies (think about spam).
The good copies get moved to the "good stuff" directory (available for download) and the bad stuff goes to
...and it's called Google!
Just think about how google works, I look for "slashdot" and what comes up in the first page of results? Now think why, it's because loads of other people have been there before me and they thought that www.slashdot.org was exactly what they were looking for.
now apply this to p2p, someone posts crap, I download it, it's crap, I delete it, problem solved, the file doesn't distribute because I don't share it, if nobody wants a file then it gets disregarded. okay so it won't be so effective against less popular music, but that's not the kind they're likely to try and propagate.
This kind of this has some crossover with the network theory post from today (yesterday?). If you're interested in P2P I'd recommend reading about it.
Here's a thought: don't steal the shit! Hm... Nah.
Technical measures such as DRM and P2P spoofing by the record labels are ok in my opinion as long as they don't cross the following lines:
1. They are only allowed to try and protect their own works. Any harms to the distribution of other works should not be tolerated.
2. The copy protections aren't legally mandated, allowing people to support whichever format they choose.
3. Bypassing the copy protection to do legal things with it (listen in another format, use a sample for journalistic purposes) should be allowed. (This is already illegal, due to the DMCA).
OddManIn: A Game of guns and game theory.
It's not too hard to avoid low quality/bogus files. All you need is some form of rating and feedback system. ShareReactor fulfills this need for the eDonkey network, providing links to verified versions of files. I imagine it's very possible to decentralise this system significantly, or even to integrate it into the file sharing protocol itself, in order to reduce the possibility of the rating site being shut down.
-- Help Digitise the Public Domain at DP.
If the main distribution model went back to the server-client model, the hegemonix crux (RIAA/MPAA) would only have to attack one target instead of millions. Not to mention the bandwidth costs by the server.
The strength of the P2P model is that there are too many nodes to attack directly. That is why they have to resort to these poisoning tactics. As a side note, Haxial does look really interesting.
Confucious say, dog with one leg, fall easily. Dog with 3.3 million just look funny
have a list of verified files... with md5 checksums or a simple .sfv file
then have p2p.exe also post the checksum with the filename.
Runnin' On Empty
"(a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network." "
so when I download this stuff now, not only can I get into trouble for copyright infrindgement but also I could get done for patent infridgement.
I'm thinkin this won't work at all... I mean, isn't a natural property of P2P networks that the most popular files "survive", that is, they're mirrored over and over again... Sure, some few individuals would download these files, but upon listening to them, they'd probably delete them. I mean, that's what I do when I encounter a low quality MP3. This is exactly why duds and such never bothered me. Even though they're there, you can rely on the overriding philosophy of the network that they won't get around much. It's already evident on Kazaa. Top 40s hits are the easiest things to download, usually reporting an unusually high number of mirrors, as opposed to those single hits of supposedly the same song.
They're not just doing them all.. More than likely RIAA gives them a list of tunes they want garbled and they go to work.
http://noneinc.com/RIAAEM/RIAAEM.html
I've started a blog to keep track and document this type of musical output. For instance so far we've got one of the RIAA's Exclusive Mixes of a Santana song. It's conceptually perfect and in a bizarre way addictive. It's the future of music. deal with it.
PeterALopez
-Part Time Music Fan
"On some level they understand that P2P users are also potential customers -- record buyers, video renters or gamers -- and don't want to alienate them"
Well if you want my business, then maybe you should give me a sample of what you have to offer, and not just waste my time in the first place. But then again, If I can buy a complete movie on DVD for even as low as $5 on sale, or $20 not on sale, why would I want to pay $18 for a CD with maybe 15 tracks if I'm lucky.
Either way, these businesses need to figure out how to attract my attention, rather than ram their practices which are tried and proven to be not working, down my throat. Can't open my wallet that way!
Mine means my own, but how can this be if I owe for it?
Many people on P2P networks like Kazaa help by keeping the bogus material on their systems and simply renaming the description from "Star Wars Episode II" to "!!NOT!! Star Wars Episode II". Whenever I see multiple sources for a title, I always check out the other source descriptions just to see if someone's done this nice community service.
It takes a little bit more hard drive space, but the nice thing is it only takes ONE person to do this for everyone to be notified. Except, I suppose the RIAA could always upload a legitamate version of a song, then mislabel it to "NOT (whatever)".
Well, at least you can preview partially downloaded files to check.
OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
So...they take an ogg file and convert it to mp3?
GF.
Lots of petrified grits
I agree with the article that was posted yesterday... The recording industry has to change.
The days of a person rising to startdom & being paraded around as a recording company's trophy need to end. Sure it's nice to people with real talent make it big, but is that talent really worth MILLIONS of dollars? Give me a break! I work my butt off 45 to 50 hours a week to bring home just enough to pay the bills and get me & my wife by (& keep my little home network growing).
Technology is changing every other industry. The music industry is just finally starting to realize that they are going to have to change the way they do business.
Screwing with people by putting crappy music out there is just going to piss people off! I really do hope the recording giants fall on their faces.
~tmasman
"Force always attracts men of low morality."
-Albert Einstein
Oh! And this one time, at band camp...
Uhh, not to play devils advocate or anything here.... but if you're the copyright owner.... the DMCA doesn't mean jack in reference to what you do with your own content; and if you give explicit permission to someone to mutilate the content that you own the copyright on, how is that breaking the DMCA? Even if it is semantically, who is going to bring suit against
the mutilator? A third party could, out of being Facetious or something, but wouldn't the court just laugh at these people or kick them out or something? Doesn't make much sense to me.
And another thing... this whole music mutilation
shit is only going to stop the amateur traders.... the ones that trade shitty low quality files anyways. If anything this will only force a technologically improved system
of distributing music; MP3 "groups" will
pop up and start distributing music in an "origin=semi-centric" fashion. much the way the warez scene does warez. As it is now 95%
of all the "free" music originates from 10% of the people in the network anyways, it's a trival matter to make that 5% of that "professionals" instead of rank amateurs.MD5 checksums, etc, will accompany "releases" and these could be tracked through some sort of P2P system.... the whole "crappy files" issue might waste bandwidth at worst, for dedicated traders.
Would it not be possible to create Trashfiles which have the same MD5(or what ever) Checksums as the original files?
`dd if=/dev/sig ibs=120 count=1`
They're getting PERMISSION from the copyright holders to do this. They're not collecting anything. Record companies will say "Hey, you have full right to distribute fake Metallica files" and you know what? It'll be LEGAL. Turn! Brain! On!
"For the promotion of USEFUL arts and sciences..."
How does protecting sales even come close to meeting that hurdle?
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Unless everyone used the EXACT same software, and always filled in the ID3 tag with the EXACT same info. All it takes is one letter, one capitalization, to be off, and the checksums would be different. How would you deal with this? Force everyone to use one program? Good luck.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
It seems to me that this would be very easy to beat if the p2p clients out there would generate an md5 hash of the users' files. Maybe you could have it so that 'trusted' users (ones who have traded quality audio/video for a certain length of time (2-3 months?) upload their hashes to a server, and when you go to download a file, the client will check the hash against the server's copy.
Or something along those lines.
Don't become a regular here, you will become retarded. -- Yoda the Retard
It's the age old Pissing in the well trick.. if you poison the source then people wont use it.
Unfortunately there are at least 90-100 more talented programmers and solution finders to every employee they have out there that will find a way to detect or reject their junk. This company has nothing of value to sell to any interested party, just like macrovision is 100% worthless (both 1 and 2 are easily removed without effort and only $5.00 worth of electronic parts, or a simple $10.00 box that can be purchased most anywhere called a "video stabilizer")
Let them do their worst, let the companies waste their money on this snake-oil salesmen. i dont care, it will never affect me, and by the time the first 2-3 of their supposed files get in the wild there will be patches to kazaa-lite , open nap servers, and gnutella clients that simply will not list these files.
Do not look at laser with remaining good eye.
Attack Overpeer and the record industry in every way possible.
Legally:
- Don't buy anything from RIAA or MPAA (CD's, DVD's)
- Use any legal methods to attack them. I think the EFF will handle this pretty well.
Illegally:
- I think that the people who will do this, know what I'm talking about.
If they want to use underhanded schemes to attack the Internet community, let's defend ourselves.
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
I doubt this applies to anything other than the kazaa network. I would think that all they are really trying to do is to keep more casual people from downloading music & movies.
/. readers, Joe Schmuck would probably think a checksum is a way to make sure you balanced your checkbook. The majority aren't geeks.
Last week, my mailman(!) started telling me how I could get free music & movies from this 'Kazaa' thing. If he had gotten onto the network and everything he downloaded was crap, he would've given it up as useless very quickly.
Besides that, Oh
Ok. Everybody (here) seems to think that this method is silly because "the P2P networks use MD5, don't they?"
Maybe so. But it doesn't really matter if they do. The reason you are downloading a file is because you don't have it. You supply some search terms (artist/album/song name) and the P2P networks search returns a list of matching files. Now, if one of these files is ridiculously small or large, you can guess that it's bad. Presumably, with good P2P software, the software could probably even check to make sure the file is a recognized music file by looking at the file format... None of those apply to Overpeer's method.
Further, checksums are pretty much worthless once Overpeer's files get sufficiently distributed. Let's say that *you* want to think you are smart and only download a file that you see 5 or 10 other people have. Sure, the P2P software can make sure they all have the same file by matching an checksum. However, it only takes 5 or 10 stupid users having downloaded the dupe file and not deleted (who would really bother?) before you get duped, too.
There's really no way to programmitically know which are the real files and which are Overpeer's dupes - provided Overpeer's doing it right and there are a sufficient number of careless people downloading through P2P.
Sorry, but they seem to have something here.
-Andrew
Regardless of the debatable benefits to the recording companies, doesn't this approach do the most damage to the artist by reducing the public's perception of that artist's overall quality?
Most corporations would never allow low-quality reproduction of their branding, even for legitimate business use. To do so would undermine the value of the brand because of the association with lower quality.
An artist's professional reputation is based on the public's perception of their quality. Seeding the market with poor quality content only causes the public to associate that artist with poor quality.
Ultimately, this will drive consumers toward artists that fight to protect the quality of their on-line body of work.
Personally, I feel that the recording industry can keep people buying their product if they enhance the music with liner notes, album art, and other forms of content that are harder to distribute in its original format.
Don't through out the artist with the bathwater.
trichard
I don't know about other P2P programs, but LimeWire has told me on many occasions that it has detected file corruption and asks if I'd like to continue to download. I don't know the process it uses, but it is probably some MD5-type checking. For audio files, it indicates the bitrate so I only download files that specifically indicate they have at least a 128 bitrate.
"Sic Semper Tyrannosaurus Rex."
Why don't Slashdot readers just bookmark NYT Technology, Wired, and a couple of hardware review sites. This would eliminate the need for 90% of the stories posted here.
This is from over a week ago.
Oh that's easy then; this company just rates everyone else negative from its IP range. It might not work over the long term, but it could mess things up in the short term. Does this message constitute prior art when they apply for a patent on "A method of corrupting peer to peer networks by disseminating false ratings"?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
record of a cooperating record corporation; and (b) distributing
(Emphasis mine)
This kind of implies a lack of prosecution for these guys under the DMCA :-)
Couldn't something be added to file sharing programs to check against user run databases of checksums, such a song, at such a bitrate should sha1 or md5 to this, and red flag files that don't fit the bill, yellow flag files that are unknown to the database. It would up to users to make sure new stuff got added, and admins ot watch out for bad checksums. Users in the gnutella software, or whatever, could define which checksum servers they trust, and which they don't.
If your not careful, it would just add another level they would have to "infiltrate." But I think a little thought could make something along these lines work.
Anyone got anything to add to this? Its not perfect by any means, but checksumming files is one way to spot even minor changes.
--Nuintari
slashdot : where an opinion can be wrong.
Seems like another contender in the competition to capitalize on the crappy merchandise market.
This is left as an exercise for the reader.
I'm going to patent creating potholes with the cooperation of tyre manufacturers; and distribute them thru the road system.
...don't the penis growers already hold the patent on spam?
deserve's got nothing to do with it...
Move to a network the corporations haven't completely taken over yet. Hmm. Internet 2 anyone? Or start building your own using dry copper between trusted users. Maybe start setting up non-internet connected interconnected wifi points. Hell, even my oft-submitted VPN on the internet idea -- all you need to tunnel a VPN link is ssh and ppp, which most ISPs haven't heard of and should have difficulty banning (Unlike the more pervasive VPN solutions.) Or a combination of the lot.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
wow. it sounds like Overpeer just patented MP3s and peer-to-peer networks!
MP3s are a lossy digital compression of music. It is not even a copy, so much as a deteriorated and damaged imitation of the original. (double-deteriorated and double-damaged usually, because of the initial conversion from analog audio into digital waveform audio, and from there again to MP3 format)
Compressing an analog sound into ANY digital format (not just MP3s) will result in a deterioration or damaging of the sound quality.
Digital equipment (like computers) doesn't understand curvy waveforms; digital equipment understands digits and how they represent a stair-stepping imitation of curvy waveforms. The higher the bitrate, the more stair-steps can be used to represent a curved wave and the more similarly the digital imitation will sound like the original. The lower the bitrate, the fewer steps and the less like the original it will sound. Making a digital recording of ANYTHING will diminish the sound quality, and compressing it as an MP3 will diminish the quality furhter as well as also screwing up the harmonics of the recording. (There was a bit
That patent needs to be struck down. That patent, the patent office, and the whole patent process. We need a new one, pronto.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
They have created a device/algorithm/system whose sole purpose is to circumnavigate security devices, therefore violating the DMCA. There device has no other application than to put phony files on a P2P network, they overcame the P2P's security by modifying the files but still retaining the same file size (and checksum?). They get a patent on something that is illegal, while others go to trial for it.. Gotta love america
The holders of the MP3 patent already have that taken care of...they already degrade the original source for distrobution...
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
don't trust the client. that's what the SETI project does for instance. get the data from multiple sources, and compare them. and then kill the black sheep.
This dude's question is answered in the friggin slashdot blurb:
"...deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation"
Didn't they do the same thing a few years back by posting versions of their songs on Napster with some sort of nag-message in the middle ?
As far as I'm concerned, if it works, it's a good thing. Half the argument here is how P2P shouldn't be held back because it affects independent bands who are trying to operate without the RIAA. This kind of activity wouldn't affect such bands at all.
If it was became more and more difficult to share RIAA-covered material via P2P, then the independent bands we keep hearing about will have more currency on the P2P networks, while RIAA-covered material should be somewhat disadvantaged.
And then we'd all have an opportunity to see whether or not these independent artists are generally less commercially successful than their RIAA brethren because they lack something the RIAA provides, like marketing muscle, or whether they're less commercially successful because they're not good enough to get snapped up by major labels.
Arn't they still distributing illegal content even if its in a degraded form?? I'm not 100% positive on this but I really dont think this company legally owns all of these albums.
Now, lets say that the RIAA gives them the right to do so, isn't that also illegal as the DMCA is not out to "protect" the RIAA but the copyrite holders who sometimes may just be the artist in whos music is appearing on P2P networks and this company is corrupting?
At what point now can we or others take a step and use the DMCA against them? Remember, once the DMCA backfires in their faces, they are going to use all their power and money to have it repealed or changed yet again. Some of the parts of it are so ambiguous (sp?) that it can be interperted to suit OUR needs, specially in a case such as this.
Illegal or not, md5 checksums or not, all of this is a moot point really. People who do serious file trading have a list of people/friends who they normaly trade off of anyway. Increaing the trash ration of files in the wild of these networks will only stop a few while the heavy traders will continue along as if nothing happened.
This is yet another example of "Oh, you wont play with our toy? Well then, we will break yours!"
UNLESS OF COURSE,THEY HAVE A WAY THEY CAN TELL WHAT FILES THEY'VE TOUCHED ALREADY....hmmmm
Sehr geehrter Toilettenbenutzer!
"Last time I checked it was a 2^160 chance of guessing the right SHA-1 digest."
That's a fairly high chance (way above 100%). But why would you want to guess, when you can just get it from the original song, or provide the same hash as the illegitimate users do? Who says the hash you provide has to match the file?
Finally the P2P networks will have an incentive to work on content quality, not just availability. Some shared/trusted DB of MD5 matched with valided filenames will do it. Now searches will be done by MD5 (like DNS with IPs). Faster on searches, faster overall because people will stop downloading junk. So, thanks for the effort, it's a good idea.
have you been defaced today?
I get 800kbps down 350 up I dont give a damn if I have to download some Mp3 twice thrice or even more times since it will take me about 5 minutes to do so. No if they start messing with my porn then I will get pissed!
Next generation P2P networks / clients will need some sort of distributed "moderation" in order to overcome this. It doesn't sound too technically challeging to me, to be honest.
This was the problem with Napster, you take down the central server and the whole network stops working. If there was a central P2P server handing out MD5's the same thing could happen. Shut it down and no more P2P. Plus you will get different MD5 codes for the same file. If 10 people rip the same song all over the world and share it, they will all have different Md5 codes so which one is good ?
The link in the main article is to a "Published Patent Application" not a issued patent. Under the current PTO rules a patent application is published 18 months after it is filed. This is a heads up to the rest of the world so that you can send mass quantities of prior art information to the PTO and maybe get this application rejected.
With Palladium we can guarantee that the client is trusted ;-)
It feels like a bitter twist of the knife that we now need Mickeysofts hated control tool in order to defeat the corrupt RI/MPAA...
Here is a company whose goal is, simply, to sabotage an existing system/service. All talks of legality aside, there's something amazingly pathetic about this. Forget trying to make something people want, just hire someone to wreck the competition.
.
Of course someone will find a way around this. And it won't stop fileswapping on P2P networks or other methods.
Hmmmm. Maybe this guy has the ultimate scam. As file traders find new ways around what he does, he can sell new methods to his clients . .
"The Sage treasures Unity and measures all things by it" - Lao Tzu
I am not sure MD5 is such a stumbling block here. If 100 people share a file pop_song.mp3 and 99 of them are overpeer files your chance of getting a crappy copy of pop_song.mp3 are 99%. The MD5 checksums aren't going to enter into it, all that does is assure you that you got the same file you requested. Thus, crappy file requested = you download a crappy file and comparing the MD5 checksum will simply say hey you got what you requested. You have to have central file management of some sort to quality control according to MD5 and central management structures.. AKA TARGETS FOR RIAA.. are something P2P clients avoid at all cost.
What we need is an artificial stupid ( AI ) routine smart enough to determine if a sound file is clean so it can be embedded in the P2P client and thus have a decentralized quality control.
I wonder if a Peer to Peer slashdot style mod system for marking good files ( and their checksum values ) would work as well. the trick would be to figure out a way to avoid awarding MOD points to an 'overpeer' type client. Creating a method of assigning and tracking MOD points acording to MD5 checksums without creating targets would be rather tricky though.
There is an inherent issue here in P2P that is a double edged sword... freely shared files among thousands of peers is impossible to stop but it also is impossible to stop people from sharing bad files. That issue is enough of a pain in the ass when it is just people sharing a crappy recording but something on a massive scale like this can create problems. On the flip side most mass spam systems generate a detectable and thus avoidable pattern so its simply and arms race that will have no end as long as P2P's are around.
I don't ask you to be me. I only ask you not expect me to be you.
all this discussion of checksums and the like is totally irrelevant. quite ignoring the fact that its the host that supplies the checksum (if its too be of any use in selecting potential downloads), its very unlikely that any two renditions of the same audio file would be identical. CD-based digital audio is not a bit-for-bit perfect transfer medium (hence error correcting h/w and s/w in the drives). Rip a CD on two different drives and the chances that some bits will be different in the resulting files are really pretty good.
Checksumming only works if the assumption can be made that there is a single unique version of the file. That isn't true in the most common cases.
Bandwidth's expensive. If we could at least come up with a system for users to have to actively opt to share each file after they have played them and can verify its quality -- instead of downloading bad files, not deleting, and thus sharing them -- that would slow the spreading of these files. Opting-in would, of course, slow down the general proliferation of good and bad files and would make it more difficult to find any files as fewer would share users, but I think it's a good trade-off.
That would leave the record industry cops with a lot more uploading to do. 700+MB is a lot of bits to move, and they have to do it every single time a user initiates a transfer. Are the odds that that user (assuming he only shares it if it's good and does not spread bad files) would go out and buy the movie/CD instead of either continuing to try to find a valid file, or simply giving up altogether? I highly doubt it.
The measure may be as simple as letting one listen to the song as it is downloaded, and having the users "moderate" it, à la Slashdot.
What we have is a huge cluon deficit on the part of the record companies.
Isn't this the same thing as them selling those CDs that don't play on some players because of the copy protection that contains noise and shit?
If you buy a regular CD that contains hisses and pops if your cd player doesn't like that Data Cactus crap or whatever it is, then you're getting the same thing.
On the other hand, some would say most pop-music already sounds likes erroneous garbage to begin with. Destiny's Child, anyone?
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
infiltrate peer-to-peer networks with low-quality audio and video files
See for yourself. Search for "Spice Girls", "N'Sync", "Britney Spears", etc. using your favorite P2P client. You don't get much lower quality than that.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
This method doesn't really work because most file sharing programs now use, or use variations of, MD5 sums to find multiple hosts of the files. So by changing the quality, even slightly to an audio file, changes the entire sum and thus will be the lone file in the search results.
Didn't the company think of this at the time?
--If only there was a license required to use a computer.
this is the last straw. They win. I'm going to start buying from members of the RIAA/MPAA now. It was a good fight, but the better side won.
Download it here. Note that it has no search feature. You'll need to link it from 'freesites'. Visit the site for more details.
No seriously, there would appear to be a surfeit of conflict at the current time, so I don't view any of the above as even remotely good suggestions, but it's easy to get carried away.
If I were a music industry executive, I would have thought that even now, it's still not too late to look for a solution. Disband your cartel and stop using an obsolete business model. You still have (some of) the recording artists on your side. Use this remaining goodwill to start a new business:
Here's a simple compromise: If you charge a reasonable price for music, your customers will be reasonable about copying it.
If they put up a shitty copy of a Britney song and I try to illegally download the song and find out that it's shitty and start whining about it, I AM THE SCUM.
if they put up a shitty copy of a Britney song and I legally download it and find out it's shitty, I will put in my own legal CD and rip and/or listen to the good version.
if they put up a shitty copy of a Britney song and I don't listen to nor download any Britney, they have no effect on my at all.
The truth doesn't care what I think.
A technique for committing fraud should not be granted a patent.
Since members of the RIAA are obviously investing in this service, all the data they claim re: P2P is instantly invalidated. They have stuck their toes in and completely tainted the data pool. Any armchair lawyer could successfully argue this in a trial.
Shhh... if you listen carefully you can hear the death knell of many fat men with gold chains and big cigars... You can hear the rustling of the millions of dollars they've extorted from artists as they writhe in agony. They've lost control of the studios... now they're losing the marketing... how will they employ their nephews and nieces? Where will the faked-up jobs come from? Who will they scam points off of? What if... they lose distribution! Nooooo......!
*A big FO to Tommy Mottola. I hope you go down first. Grab Clive Davis on your way down, would ya?*
- I am made of meat.
Oops
They're running their site on IIS5/w2k. I can almost hear the p2p warez s'kiddies sharpening their root kits from here...
Have fun boys!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
I wouldn't be surprised if there were a program already where you input an MD5 and the program generates several junk files, each of which has the very same MD5. You can bet that the RIAA would have enough sense to use such a program, and writing it would be pretty trivial.
In greatest danger from this are programs like eDonkey and Kaaza where you download the segments of a file from many different users. If the RIAA were serving junk segments with the same MD5 as good segments, the program wouldn't notice. But at the end of your download, that one RIAA chunk would screw up your whole file. What's worse, chances are that you probably would have uploaded that bad chunk to someone else, thinking it was innocent because it passed MD5... so the bad chunks would propagate. As you know, you only need one bad chunk in an AVI file to make it unplayable.
About "helping to establish new relationships with customers" - Plaintiff vs. Defendant?
-- You are in a maze of little, twisty passages, all different... --
No doubt there will be p2p clients that you can configure not to display a file if there are too many hosts for it, if it's only shared by a few users it's less likely to be part of this spoofing attack. Expect several even more creative ways to filter out suspect files/hosts to appea.
Modify the protocol to send the signature first. Each GPG signature signs TWO things:
1) an initial 'signature' plus several bytes scattered more or less randomly throughout the first N MB of the song, and an md5sum of the rest of the song
2) the entire file.
You verify the signature at the beginning, if it is trusted, you download the rest of the song, verifying those 'signed' bytes along the way. If one of them doesn't match, abort the download as suspect immediately. Once the entire song is downloaded, the signature is verified against the result to insure the entire thing is OK.
Even if the thugs cut and paste the signature onto one of their bogus tracks, they won't know which bytes throughout the rest of the track are being checked, and the final result will certainly fail the final signature test.
This would also help protect against worms, viruses, etc.
Most importantly, GPG signatures could be related to anonymous online 'handles' rather than actual persons, thereby maintaining anonymouty while still permitting an effective web of trust to form.
The Future of Human Evolution: Autonomy
That's really what it boils down to, passing off crap as quality stuff. I would think that, between Microsoft and every politician under the sun, enough prior art should have been obvious to keep this one off the shelves.
All I want is a kind word, a warm bed and unlimited power.
As if people using and operating p2p's are going to give up because of this. If anything they'll just force the networks to improve their protocols.
_nfotxn
Why didn't someone else think of this? Use this whole patent mess to our advantage. We should've patented this idea as a way of preventing this company from flooding the p2p networks with crap. Can I get a patent for a piece of software which scans p2p networks and logs which users are sharing large amounts of copyrighted materials for purposes of electronically attacking them or filing lawsuit against them?
The easiest solution to all of this is, as soon as you download a file, listen to it. If it's crap, or that stupid "coo-coo" file that you get every once and awhile, DELETE it. The best way to keep these files out is not to propegate them. With millions of hosts on the network, even hundreds of RIAA-produced "dupe" files are nothing in the sea of billions...IF you don't propegate them. They are counting on the mindless millions to download a song, listen and find out it's actually a bad file, and then forget about it. Meanwhile, this file sits in the "My Shared Folder" and get shared to the rest of the world. Listen, Decide...DELETE.
Filling the network with corrupt files might have some short-term effect but eventually those files get filtered out when users find them useless and delete them.
That which does not kill P2P will only make it stronger. Expect to see an effective MD5 check mechanism in a P2P network near you.
I thought in ourder to get a patent somethign ahs to be *useful* and *new*. I donno which dumbass was asleep at the wheel at the USTPO, but the intentional damage of something seems neither useful nor new to me.
I can recall a guy posting here on slashdot about his thesis that he wrote. it was about some sort of animal population and how the trends change due to different factors and then he expanded that on to the p2p network and proved how there was a way to bring those down that was the same as weakening the gene pool of a species...
whatever the exact thing was - the jist of it was that in order to break p2p and relatively quickly, one needed to missname files and put out bad quality stuff - it would then get reproduced and add too much noise to the system for it to be useful.
I don't recall his name, but I know it got a front page listing when the story was up... in the past year.
There are some odd things afoot now, in the Villa Straylight.
Imagine two things: people switch to ogg and Ogg bitrate peeling gets available. So what you do? You quickly download a peeled song, listen to it to identify if it is real or fake and then continue download or grab another file.
Of course this is kind of difficult to automate, you have to do it by yourself, but still it is much better than dealing with hash numbers.
Raf
just as email has SPAM tools to report SPAM, P2P
systems will have to have a 'report incorrect file'
system that works via some kin dof authroised usage
system. the file would be reported by file name,
size and md5sum.
there'd have to be safeguards to stop such people
as overseer stepping into this to stop file xmissions...but i'm sure it can be done.
and if users deleted their WRONG copies instead
of just keeping them then things wouldimprove.
I can't get over how funny this is. They really think this is going to work effectively. They fail to realize that most people who use Kazaa etc. use high speed connections (cable, DSL, uni lan), so if they download one messed up MP3 file from someone, they know not to download the whole album from them and can simply just move on to someone else.
Besides, the odds of them coming across a messed up MP3 is pretty low anyway since regular users of Kazaa and other filesharing programs will BY FAR outnumber the shitheads from this company.
Hopefully! Next generation P2Ps will be on tunneling technologies.
#3 pencils and quadrille pads.
Crappified content or not, aren't they still distributing copyrighted material (and for a profit), and therefore breaking the law?
Just my canadian $0.02 (which is about $0.000002 USD)
If you stick with clients like eMule and cool file spoltlighters like ShareReactor there would be no worries.
I was curious if this was the case - fire up your favorite gnutella client and get a copy of the song 'Bring Me to Life' by 'Evanescense', a song off the unreleased soundtrack to Daredevil. The copies I've found all have neat little frequency sweeps placed randomly at different locations throughout. Although I've downloaded many different copies of this with different filesizes and bitrates, every one has the 'nags'. I originally thought this the product of some copy protection scheme, but this makes more sense. Conversely, I'm not sure if the riaa needs much help infiltrating the p2p networks with low quality and corrupt files. It's astonishingly difficult to find any audio on p2p that wasn't ripped of an FM tuner card or through some lemming's (analog) cd audio output. Thanks to garbage like Musicmatch and WMP it's far too easy for neophytes to rip (and subsequently distribute) inferior mp3 audio.
I for one would rather have this type of compition then the legal tactics that have been used over the last few years.
This is a way that cd producers have of:
1. advertising, by giving bits of good and then givng an ad.
2. Getting an unknown group some exposure without the huge costs that are usually involved in promotion.
3. Changing their business model to more accurately reflect todays Internet world.
Now the rest of the world will repond with some methodolgy that will rate the material.
It's competion, and it's the way the market should work.
Somehow, when I think of this company, I get visions of Max Smart...
Yes Francis, the world has gone crazy.
While downloading System of a down - Steal this Albulm i found many many fakes usualy w/ a stupid extention to the file name such as (REAL VERSION) or (THIS ISN'T FAKE!!!4AX0R). once i found the real name extention (a 3 letter comb like "dtr") i just did a search for those 3 letters and downloaded the entire albulm w/o a problem.
Can't P2P clients just insert language in their EULA to prevent something like this?
but the solution against their aproach should be simple. Do a "whois" or something similar to find out if when more sources available the ip addresses belong to same Firm. If more sources belong to same firm, then exclude all except if they are dial-up IPs. The probability that a person is sharing P2P from a firm network from 2 machines and be legitimate is close to nil. RIAA & Co are no isp provider and it would cost them huge wads of money to start thousands of ghost firms each with individul ip address. Such a check should be able to eliminate most garbage from a P2P network. The check doesn't take long and for most dial-up / broad band providers the ip address (including the static ones assigned to the private users) ranges are public.
What they are doing and proposing to do is an act of war when done by one state to another.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Seems like it would be possible to checksum the files using
a different method than traversing the bytes as a numeric
data set. Instead, checksum in the audio domain.
Using beats-per-second, pitch, or fft over time, you might
not only be able to detect an intentionally munged file,
you could verify an audio file regardless of the encoding
scheme, identify and re-tag mis-labled audio files, and
even use the method to TiVo songs off of the radio and
id them without needing metadata.
Instead of wasting time developing and getting a patent
on fscking thing up, this would actually be useful.
I doubt that RIAA is really serious about this. I mean, which user would be so impacient to give up just cause of some crappy file. Most users which use P2P are on broadband and most of 'em on a flatrate. So I am no sure anyone would give a shit if he has to download more before getting to see a movie or hear a song. It's not like he really has to do it in the next 3 hours or he will become epileptic. He will have his PC turned on over several days/nights and finally get it. Beside the search phase, there is no effort from the users to download. So their idea makes me say: "Nice try, but no banana!"
Let think about the high quallity music that has hit the industry in the past years... Oh yea there was that one guy with that one hit... oh and don't forget about those little girls that dance around half dressed on stage that can't sing... and RIAA is blaming it's decrease in sales on P2P networks how??? I think it is more to do with the PURE LACK OF TALENT and the economic decline prolly has a lot to do with it.
1- Publish their IP addresses so they can be put in a banlist. .ogg format, not .mp3. They will start polluting .mp3 files first, not oggs.
2- Encode every song in
3- Use standard encription (key pairs?) to authenticate uncrippled files.
(patent for)...producing a digital music file by deteriorating or damaging the sound quality of an original music file
I'm sorry but MusicMatch Jukebox has been doing this to music files for years with its ripper.
Mordor...a magical, mythical land where women are more rare than dragons--but where every man would rather find a dragon
"I never buy britany CDs - they're all static."
"No, the ones you buy don't have the static."
"She's still singing isn't she?"
Sure you (or the recording industry) can put as many locks on as you like, but if i *really* want into your house badly enough, I'll find a way in.. even if i have to drive a car through the front door. This is why the industry is fighting a losing battle. It was over before they even started fighting. They don't have the talent/resources to stay ahead of the masses. Sure, they can make a particular P2P service more inconvenient, but there will always be plenty of public and/or trusted private sources from which to dowload. And if/when the signal to noise ratio gets bad enough, people will simply invent or find another way to do it... then what? How many times will they go through this before reality begins to sink in?
I have been known to download music occasionally, and when I do I download a lot. I DL a lot because at best only keep 10% of the music I download and delete the rest. What I have noticed on Kazaa is that a lot of the popular music is FUBAR but in way so you think it is fine. A lot of music works fine for the first 15-20 seconds and then there wont be any music until a few mintues in. After another 30 seconds or so it will cut out again until towards the end of the song. It seemed obvious someone was putting music out there to fool people, who only listen to the very begining and/or middle, that the file is good and to keep it and share it atleast for a short while. Seems like this could be the work of Overpeer or maybe another lesser known culprit.
AC
It's as simple as that. If I find a wrapper on the ground that says "Big Mac", and I take a big bite out of what's in it, and it's dog poop, who do I have to blame? It's all a big game to the P2P people, trying to get free music, but as soon as somebody else tries to play and change the rules a bit they cry like big babies.
OverPeer sounds more like some sort of support group, or maybe an incontinence product of some sort.
If their idea is patentable, can I get a patent on producing counterfeit currency?
After the secret service nails someone for counterfeiting, I take advantage of
them tracking them down and then sweep in and nail 'em for violating my patent.
Hmmm..
Inciteful :-)
Ain't fraud, dude. Fraud is when you get ripped off---for instance, if you bought a Britney Spears Cd and discovered that it was eighteen tracks of static---not when you score something for free. Since there was no initial cost, you can't have been defrauded.
And no, they're not liable to pay for your wasted bandwidth.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
technology. I bet some "personally anonymous, but publicly known" groups of file-rippers will come into being, much like the current video-game cracking crews. These folks will publicly distribute PKI Signing Key fingerprints, and sign and envelope the music upon ripping.
That'd break any files that are not as they were when they were ripped, and you'ld get the same sort of "brand recognition" in the ripper space that you get among the cracker space.
-i.
i - This sig provided by
There are many ways of justifying actions other than through the morality of those actions. I don't read books to make me a better person, I read them "because I can and it's fun." Perhaps reading makes me a better person (sometimes yes, sometimes no), but that's not why I do it. Does that mean I can't justify reading? And yes, sometimes drugs can make people better, too. Recreational drugs can make people less tense, they can give people new perspective, they can introduce people to whole new worlds of experience. Do they do this for most who use them? Probably not. But there is more "honor among thieves" among recreational drug users than exists between record labels and their consumers.
It's this puritanical stance that has really started to get me over the last few years. "Just because it's legal, doesn't make it right", true, but just because someone doesn't think it's right, doesn't make it so. Everything doesn't have to make the world a better place to have justification.
That aside, I do agree with your thesis. "P2P makes the world a better place" is one of the most specious and nebulous statements I've heard in a great while.
If I'll even be able to tell the difference - I like the radio just fine.
allow duplicate names and checksums but include a
quality value that is the result of a vote from people who have downloaded the files.
The crap will get low quality and then you sort lists by name + vote. People will tend to download only those files with high quality and the crap can be tossed.
OTOH, you could always support your bands by buying a CD occasionally.
The irony to this statement is that there has always been a quality issue with P2P networks. Numerous others have already made jokes referring to this elsewhere in this conversation. Just because a file exists doesn't mean that whoever created it knew how encode or edit the file for the best quality. This, without intervention from those who would push intentionally sabotaged files.
Convenience is another issue of existing P2P systems. Sometimes finding content takes time and effort - especially if your tastes are less popular. And of course, the quality issue plays a part of this as one will have to review the content and occasionally toss it out and start the search anew.
The "legitimate" offerings from content providers should have been a home run. They could offer both quality and convenience. But they failed. Existing "legitimate" offerings tend to have a limited library of available content provided in disabled file formats - managing to miss both the quality and convenience that should have made their offerings raging successes. Nevermind the comparitively hefty pricing.
In short, putting resources towards this sort of strategy is foolish. At best, they're simply adding to existing issues... and with debatable effectiveness (thos who value no-cost solutions tend to also have the time to invest). Instead, they should be reviewing their current business models and making those more attractive.
But then, as the origional poster pointed out, a reluctancy to improve the business model has been the problem for years now.
What if anytime someone downloads crap they post a transaction to a distributed list of bad IP addresses Kazaa et. al. maintains and automatically updates. Kazaa writes a record on your own system of the poison source's IP address or Kazaa equivalent. This file is shared, and Kazaa sees the lists of everyone else, and sends notifies of new addresses out to the new network. If enough users post an IP address as a source of bad music (quantitatively bad, not qualitatively bad), the source address is automatically filtered out. Ya gotta figure that if 5,000 people post an IP is a poison provider, it probably is.
/dev/null to make the poison providers think they are very successful in getting their "product" out.
If the threshhold is high enough, the poison providers won't be able to block all of us.
Kazaa automatically shares and updates the poison IP list in the background, while nothing else is going on.
We could even have high bandwith users volunteer to continuously download poison to
P2P Network IS good for the world. It is good because it fosters free exchange of ideas. The grassroots nature of the networks in combination of the ease of use and extreme amount of bandwidth and storage, P2P may some day become the de facto source for any information (on par with Library of Congress and Smithsonian Archives).
I believe and I am sure most citizens of this planet would agree that easy access to information is a good thing.
Gameboy
P.S. The fact that the p2p networks are helping to destroy the outdated copyright laws (not what our founders had in mind), so much the better.
Heh - at least be glad they patented it. That way we only have to look out for crap from *one* company instead of a hundred.
Let's get to the Pith of the matter-- OverPeer is your Number One resource to stop the flood of streaming audio on the internet. Don't let every Computer Whiz flush your profits down the toilet!
OverPeer-- Go with us, and high profits are In the Can.
Good ideas can catch on like wild fire. P2P networking is one of them. Give a large network of computers, utilizing those computers to implement the network is a way of making that network scalable, robust, disaster tolerant as opposed to the Single Server (or farm of servers) sourcing a service model. We know the limits of that and ways to scale that, but when one network connection goes down or one server or one router, that service can be disabled. The P2P model matches the way the internet was designed, to be able to take alternative routes if needed, to be up even if a whole city is taken out in a nuclear disaster. (it was the ARPA net after all).
After all it was Universities and research facilities that started using and evolving the technologies, and hobbyist using dail up FIDO nets that have all converged to the Web. Which has now passed into the Corporate world. The P2P networks are that experimental frontier for the next big design.
So I think that the current use of P2P technology is the alpha and beta testing of this next evolution which will I believe be the first step of the next big paridigm shift in network and systems design. So lets get in on the Grind Floor shall we.
It won't work.
Someone, some geek, will make a 16k program that incorporates into Kazaa or whatever to see if it's the real thing or not within like 2kilobytes of the download. (don't argue about the specs... 2k, 17k, whatever - point is, if this becomes a reality, people will get around it).
Rather than trying to filter bad files,
it would seem to be easier to filter bad
IP addresses, since a working IP address
is needed for a P2P program to function at
all.
Assume you have a "this is
crap" button in your P2P program. When
you push it, the IP address that you got
the file from gets added to a list of known
'bad sources'. If sufficient bad sources
occur in an address block, then the entire
block could be 'tainted' in the list
Search results from bad or tainted
sources could then be listed lower down on a results page, or not displayed.
To prevent spoofing of the list, you could
limit the number of reports per day from
any one IP address, or devalue reports coming
from sources that are tainted.
Conversely, you can also have a "good shit"
button to give the reverse effect to IP
addresses that supply good files.
Daniel
If anything this will only force a technologically improved system of distributing music; MP3 "groups" will pop up and start distributing music in an "origin=semi-centric" fashion.
... ...you guys who put up with this crap -- are you the ones who buy weed in Washington Square Park? Similar vibe about getting ripped off by someone you've never seen before and will never see again.
"Start"?
Man, I'm just now beginning to realize what a schweet P2P hook-up I've had all this time. I never even noticed when Napster closed down. Just now, five minutes ago, it dawned on me that I'm a "have" in a sea of "have-nots"
All of these are illegal under the DMCA.
IANAL, but I'm certain they are all legal with the copyright owners permission...they are, after all, working at the behest of the copyright owner.
First of all, it pays our bandwidth and the infrastructure. I'm all for that, obviously.
Second of all, it destroys the validity of their statistics about how many files are downloaded. Their statistics on how much cash they lose through this already are bogus, but now they can't even give good numbers on how many files are transferred, because 3/4 of the downloads may be wasted through broken fake files.
Third of all, this will lead to more cool research in cryptography. There will be papers about how to make this kind of attack more difficult and how to build trust metrics between anonymous peers (and that are very interesting problems, you should consider doing research in the area!).
In the short run, this pays for bandwidth with the profits of the record companies. More bandwidth will be used to do more file sharing. One day, RIAA will understand that they are financing the infrastructure of the enemy and shut overpeer down.
In the long run, RIAA will raise the price for CDs even more, to pay for overpeer and the infrastructure of the P2P people. That will cause even more people to not buy their music but download it instead, hastening RIAA's run towards obsolescence.
As long as your musical taste is beyond bubble gum top 40 crap, it will take many a moon before you see this affecting your downloaded music. Take this opportunity to download songs and bands you've never heard of vs the trite being puked up by today's "hottest acts".
For years and years and years, the recording industry has been against audience-recorded concert bootlegs, claiming that (among other things) the poor recording quality of a microphone stuffed down some guy's shorts would make people think the band was bad and discourage sales. Now they deliberately distribute poor quality recordings in order to encourage sales.
Will somebody wake me up when the world makes sense?
Add a ~16 byte string to the packet header. Copyright that string. Then you can sue {over-pee-er|OverPeer} for it.
Eeeeassy
How does the US patent office sleep at night? This patent is for the fantastic new invention of "adding random noise to a sound file".
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
The weakness of the pollution system is in the IP addresses that are used to spew the corrupted files.
Obviously there is a budget of IPs that these guys can use. It may be large, but it is overwhelmed by the number of downloaders.
Here's what you do:
When a downloader gets a corrupt file, he reports the IP it came from through some new mechanism. When some threshold is reached, say 50 reports for a particular IP, that IP is blacklisted.
False positives are avoided by the threshold. Obviously the polluters can't corrupt the system by submitting lots of false positives because that would be illegal.
Regards,
Anonymous Coward
Consider this:
Sombody creates a content distribution system.
That somebody creates a means of rating content providers to prevent poor content from flooding the system.
Yes, that will work....
NOT.
www.eFax.com are spammers
The users are now being pried away from P2P when the "legal equivallent" is not fully developed.
-- I was raised on the command line, bitch
"well we've isolated the non buyers ..... now how can we screw ourselves out of responsible purchaser's money... hmmm"
If I hear a crappy assed song I download then I would never buy the album if it showed the mp3 was encoded at >= 128. I'm a pretty responsible purchaser so now you're just going to lose my business as well.
eh well maybe the Cheeky Twins CD will make up for it all .......
Fear Breeds Knowledge
Firstly, MD5 is just a one way hash. That hash can be and is often signed to prove that the hash was generated by some trusted party. However, if the hash itself is broken, then validating with it any signature, regardless of how secure it is, is by definition meaningless. See MD4 and others.
Secondly, we only presume MD5 to be a good one way hash--there is no absolute proof that it is. There might be some novel approach that we just don't know about yet.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash. In other words, we KNOW there exist other inputs that will generate the exact same hash result because the hash cannot possibly describe a unique input given that it is much much shorter. We only believe that it would be very hard to generate some other (reasonable) input to match a specific target hash. For instance, for some known hash I probably cannot generate an input that will match it and I especially cannot hope to generate one that is apt to resemble what I intend to pass my package off as. However, given enough computer time, I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors). In 50 years even there is every reason to think that this would be a trivial task.
Shall we hash now or shall we hash later?
:)
Groovy baby YEAH!
OverPeer even managed to procure a USPTO patent on (a) producing an advertising digital music file by deteriorating or damaging a sound quality of an original music file of a record of a cooperating record corporation; and (b) distributing the advertising digital music file through the communication network."
... this is a good thing! now they can prevent other people from doing this, and the aggregate amount of this activity will be lower, which is just fine by me.
hey
-- p
If P2P became a mass of low-quality, tape-like rips... then would people bother to download copyrighted music? Making home-microphone-quality songs isn't a good idea, but maybe tape-quality or radio-quality would be sufficient.
Many argue that P2P exposes people to new bands, types of music, etc. This would be a good way to go about it. Give somebody a lower-quality copy of the song. If they like it, they can hear the whole song without paying. If they want something that doesn't sound like a 5-yr-old tape when burned onto CD, then they will have to pay for it.
For some artists, such as emerging self-starters, they could publish a few good songs... hoping to be noticed.
Really, as long as the songs can be listened to at a half-decent quality, then P2P would be serving a good purpose without undercutting copyrighted music (or at least quite so badly).
So don't use P2P...get your music directly from me.
Louise: Serving the music piracy community since 2002; serving the cinema piracy community since 2003.
Not that I guarantee quality of all my files...but I do go through and weed out duplicates and broken files every once in a while, to keep some semblance of quality in the collection...this is, after all, my own personal MP3 collection as well.
I found the meaning of life the other day, but I had write-only access.
Yes, a birthday attack on MD5 is fairly 'easy', but only when compared to the problem you're not solving: finding a string of bits that MD5s to a specific checksum. In a birthday attack, you don't care what the checksum is. When finding a file to match an MD5 checksum, you do.
Another reason why MD5 is useful here is that it is extremely likely that even if you generated a collision for a specific hash, it would likely look nothing like an MP3. Therefore, P2P software could trivially check that there was a valid MP3 header as the file was being transfered, and abort if it didn't.
There have been some interesting attacks on MD5 that don't look good for the long-term viability of MD5, but at this point they are soley theoretical.
Cryptography is cool.
**
The MD5 of this post, above the "**", is 0b82e0e6df9eec5502de3c094b994e39. If you can post something that matches that, you've got an awfully cool paper to write.
I forget what 8 was for.
The only solution for idiotic patents, greedy corporations, and lame ass IP laws are to ignore them totally.
What I think is needed is something along the lines of a 'non-extradition' country an Amsterdam, a Vegas, or what have you, where servers can be located (asylum granted).Where no questions are asked, everything anonymous and idiotic laws will not be enforced. Like a swiss bank account.
France wants to censor your site?
Fuck you, and you don't know my name.
The puppet US corporate gov't wants to arrest you for breaking shitty encryption?
Fuck you, and you don't know my name.
Want to use hyperlinks, one-click shopping, or use a programming technique people have been using for years, but recently awarded a patent?
Fuck you, you don't know my name.
Want to share source code that enables you to watch something you purchased legally, but you can't in the US or Europe?
Fuck you, and you don't know my name.
Want to host a blog site (term sucks, i know) without being worried that someone will post a comment that offends a corporation, and your getting sued?
Fuck you, and you don't know my name.
Point is we need just one *country* (sorry HavenCo doesn't apply IMHO) where they respect citizens rights. The ISPs have sole rights to decide what types of sites they want to host. Lawyers, suits and foreign govt scum are refused entry and information.
MP3's are being distributed with "wasteful" bit rates. And by this I mean that a file distrubuted [infiltrated] at 192 kbps has the same entropy as a real file encoded at 128 kbps. They are encoding the files with 128 kbps and putting in junk to raise the file size to 192. This makes the users think they're getting 192kbps files and wasted their download time for the junk data.
For an example of this, download Thug Mansion with URN:SHA1 = a5f395c8b4148075728dcd79021dd46a083ec425. And compare it to a real one encoded at 128 and a real one at 192 (by real I mean rip your store-bought CD). You will notice that the one with my URN sounds exactly like the 128kbps one.
A proposition against my theory might be that the encoder was simply low quality. To that, I say: an encoder set at 192kbps would sound better than this.
A solution to this specific problem is to have users rate files (already implemented), or come up with a technique to determine the entropy of a media file. Apparently they're going to be doing this for movies as well, so a way to check for entropy in videos would be needed soon. This will also handle the songs they put out which are just the chorus played over and over.
An idea to implement this would be similar to this bash script:
This is almost the biscuit. You would have to run this entropy script on the decoded mp3's to determine their true entropy. This is beause the mp3's themselves are compressed (entropic).-- I was raised on the command line, bitch
I participate in the live music sharing community on Direct Connect. We use several programs to share SHN, a lossless format, as well as mp3 (to a less extent). All of our shares are legal, and our ops (of which i am one) enforce legality w/ an iron fist (at least for a bunch of hippie kids). I wonder how this tech distinguishes our legal share from an illegal one? Would we have any sort of legal recourse if they were to curropt our legal files?
"Give someone a program, frustrate them for a day... Teach someone to program, frustrate them for a lifetime."
I don't know why more /.ers are not offended by this idea. I am an IT manager and I have had to fight an uphill battle to get P2P curtailed on our network. What Overpeer is doing is creating more useless traffic across the wire.
I know in this era of cheep bandwidth we are not supposed to worry about things like that. But for the love of god this one deserves some attention! If everyone that download's an Overpeer package deletes it and tries again the overhead from duplicated request could increase exponentially.
At my University we were having bandwidth problems so the decision was made to buy more bandwidth than we could possibly need 2 DS3s in our case. The week after we had installed them we were maxing out our throughput.
We then installed a packet shaper on the network and limited the total P2P traffic to 10Mbps. Needless to say the we have not reached our peek since the product was installed.
In this one instance I must say I am in favor of regulation rather than the rampant abuse of Internet traffic. I can't be the first one to think about this consequence.
If you look at it there are millions of people on peer to peer networks and not nearly that many recording industries. As with the "piss in the pool" comment, it is like trying to drive everyone out by putting one drop of urin in a pool with an eyedropper. It is so deluted that it does not actually effect anyone. They can only afford so many servers. The one drop of urin is probably more expensive than the sales that they will reclame. Another thing is that there are so many corrupt files and mislabled files out there. So in essence the pool already has urin in it but people don't care. They will just continue to do what they always do when they get a corrupt file, they will delete it and try again. The RIAA, as usual, is shooting themselves in the foot.
They have permission from the record companies. What I wonder, is if the record companies have to pay royalties to the artists.
Many people have been talking about MD5 checksums and integrity ratings. Unfortunately the client provides these, so they could easily just supply mp3s with checksums that match popular versions of files. Here's where it gets really effective: Kazaa downloads files from multiples sources. So e.g. Kazaa might download the first third of the file from source A, the second third from source B, the final third from source C. It might even try 5 or 7 users. If Any one of those sources ends up being a bad file, guess what... you just got bad mp3. In this way Overpeer could render a large portion of the files on these networks useless.
This would work especially well for larger files, like movies. It is almost impossible to download an entire movie from a small number of sources. Thus there is a good chance that you will come across a fake source sooner or later.
Someone some time ago talked about "Crapster." We should look for prior art on this. It's a simple, non-novel patent. It's obvious, and offensively simple.
What do I mean by multi-part checksum data? Multiple md5's for one file. Say one md5 for each 10% of the file. This would solve two problems: One is you'd be able to validate the file as you download it, and two, download parts of the same file from multiple people.
It's perfectly legal and fair for them to distribute their files no matter how falesly named. This isn't anything new, really. I've downloaded a number of files that ended up being something I wasn't expecting. "Oh... the Pixar short Mike's New Car is just gay porn... I thought Pixar appealed to kid's as well as adults. Wow... those are some very realistic characters."
Anyway, I'm not a big fan of the bands and artists who's managers would okay this.
-Derick
the number of artists I've heard commenting in the media and at shows about how cool it is. Foo Fighters said they loved it that straight after releasing an album, and touring it, they could go halfway across the world, and thanks to P2P, everyone knew thew songs already.
I totally agree, there may be downsides to it, some people may just download songs and never buy them, but I do if I like it. It's just an advancement of people copying cd's for each other. It's better quality than tapes, and what's the betting it's not made that much difference to sales in reality than that type of piracy, it's just more noticable and out in the open.
I am reading alot of posts that are talking about how its difficult to implement a rating system and how its impossible when you can't trust the client and the client is the server, so you cant trust anyone. well, heres an idea of how to do it that would eliminate that.
to start out, the only person you trust is yourself, and you consider every other host as neutral. well, you start downloading files from people and as you get them you rank them (good, bad, etc) and you build up your own personal list of good hosts. now while you are ranking files individually, you are really rating the host on their quality. now, how do you apply this local trusted list to a whole net? simple... you route your searches through people you list as trusted, and hope that the people they trust are good. if not, you rate that host down, and the net gets stronger.
one thing that would have to be implemented (if its not already) is that each host has a private/public key that they use to uniquely identify themselves, otherwise someone could possibly hijack their name and rank... then use their high trust rating to seed bad files!! oh no!
Educate > Enlighten > Evolve http://www.neuroatomik.com
They appear to be running Win2K/IIS, just like RIAA. Not that I'm saying this is bad, or anything like that
Be on the lookout for any of the following people:
Then you can get all the benefits and protection of the law!!!
No DCMA issues, and you can charge script kiddies for using your methods!!!
And the best use of a patent, M$ would have to buy fixes from us!!!!
Why not blend the gnutella model with the ol Napster one. p2pHero encodes her own ogg files (verifies) them with her public key. They go out and they are verified by the key instead of size. If 10 people ecoded the same song off of a CD at the same 'bitrate' but were all using different rippers/encoders, the files might not be identical (defaults for many of these programs have different settings other than bitrate). So size will never be a reliable integrity validator. If I will vouch for my own files, and I am added to your trusted list, everyones happy and we can drop the vandals/overlords or whatever they call themseleves (I think your scumbags and you can't possibly sleep well doing what you do for a living) from pissing in the pool. It's not perfect I know and there needs to be more worked out but this is the direction it needs to head because the current model won't last much longer with these dirtbags trying to pollute the network.
I don't know who to blame again....the Recording Industry Ass. of America or the US Patent Office and their....well..."easily-dooped"-ability. (Maybe US stands for Ultra Stupid)
I wonder if I can patent a sperm delivery method using a revolutionary "new" tool to eliminate the need for using test tubes and petri dishes and even the collection of eggs prior to delivery.
Or "a method of sperm collection using multiple mobile locations with one on one care." Jerry Springer, here I come.
Isn't purposefully distributing corrupted data to the web just as bad and destructful as purposefully distributing a virus? And what happens once Overpeer realises this doesn't work and starts ditributing software to corrupt our existing MP3's?
5) ????
6) Profit!
What if someone comes up with a hash that describes how the file SOUNDS like? Sort of like MP3 capturing only the portion of the sound you (ok, a slightly quality-challanged person) can hear, the hash will describe some statistics on the file, such as histogram of different frequences. It will be possible to checksum a questionable file and determine how close it is to the original. If several different kinds of statistics are used, it will be hard for someone to alter a file and preserve all of them. If OGG stores these checksums by default, with a separate hash for each 100K of the file, it will have a real shot at being a network standard for audio. There are some interesting extensions like CDDB carrying track hashes or actually using the information for correcting small errors, like removing a "pop" if the segment of the file is not supposed to have big changes in volume.
You've all missed that the RIAA is shooting themselves in the foot in another way. They're producing an ADVERTISING version of the file that is low quality.
Ok, so lets say I've heard about band X. I download a song... they sound like they're recording in a garage and/or cannot play their instruments. I'll never buy a CD from band X.
Seems like they're about to lose lots of sales to people who try before they buy, and not necessarily because they band isn't good.
I thought the DMCA specifically disallows the distribution of programs that are designed to hinder or sabotage the functioning of another program?
Since there is no way to tell that by downloading bonjovi-livingonaprayer.mp3 I'm not actually getting a crappy recording of my grandpa in the shower in the first place, specifically writing software to categorically sabotage specific filenames is essentially illegal isn't it? Or is this another case of "my lawyer is bigger than your lawyer" where the larger companies can afford to recklessly abuse the laws that they bought without the book being thrown at them?
All in all, I think that if this is the case it would be a delicious irony.
This is wonderful! I mean all this opposition and deterioration of the quality of service only gives other programmers more incentive to program a better P2P network. I mean it would not be that difficult for each and every client on a P2P network to just have a MD5 hash or also a CRC check on the file to authenticate it's identity. Lets's take a page outta the RIAA's content protection page and use it aginst them. By them attacking the weaker P2P networks, only the stronger, and thus BETTER networks will survive. Way to go RIAA, your own "innovations" will lead to your own demise.
Have you heard of intermittent reinforcement? In behavioral terms, when you have a mouse pressing a button to get a treat, the way to keep him pressing the bar time after time even when he is not hungry is to only give him a reward once in a while. Never give a reward, he stops pushing. Always give a reward, and they stop when they are full. Give them a reward once in a while, they will keep pressing even after they are full.
This is the addiction principle slot machines and gambling operates on. By making it harder to download a good copy of a song, many people are just going to sit there and download song after song, just because they become habituated to it, because they know they might not be able to get the song later.
Viola - P2P addiction, and much higher participation rates among people on the P2P networks. Look it up if you don't believe me. Evercrack anyone?
Isn't there plenty of prior art already out there. It is called making a mistake.
This is kind of like an author hiring people to go to every library and vandalize their books.
Why does the recording industry hate its consumers so bad?
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
So, I'll download some MP3 from Linkin Park expecting to hear if the song sounds like something I want to buy. I'll spend 3 minutes downloading something that sounds like Eminem with laryngitis, and be appalled. Yes, that makes me want to drop the $20 to get their CD... uh huh.
;-)
So, why the music company is charing $15-$20 for 19 year old technology is beyond me. When CDs came out in 1984 they were $15-$20 each. Is there a reason that they still cost so much for such outdated tech?? There has been almost NO innovation in CD technology since it was first released. I realize that technology with a lifespan of this long is a boon to industry, but dammit, add something new to it!
Once the recording industry realizes that they need to work with the consumer, not against them, and stop blaming piracy for their own lack of intelligence -- people might actually pay for music online. Heck, I'd spend $2.50 to $3.00 a song to download some (high-quality) files that I can burn as a personal album. As long as they give me choice and don't force-feed me the same garbage they have for years.
I mean, c'mon -- how many of the songs on Britney Spears' album are really worth listening to? Okay... don't answer that one!
- SphericalCow
The _music_ _company_ is giving away music. They are releasing hit music themselves. So, does that mean that it is legal to redistribute any song that they themselves are redistributing?
Overpeer's web site seems to be completely dead? Can't connect with a browser, ping, or traceroute at all.
Why doesn't the RIAA realise that if they sell their cd's for a reasonable price, that people will buy them.
There is a reason that when new cd's debut on sale for $10, they are sold out at stores like Best Buy.
How can it be the same file size as the original? Different bitrates will be different sizes. Or do they assume everyone uses 128kbps?
As long as the crap up files that are illegal to trade. Come on people! This doesn't stop the legitimate use of P2P so what's the problem?
The race isn't always to the swift... but that's the way to bet!
I just don't care if mp3 of Britney Spears has bad part. It'll sound the same nometter what part is bad. Even if it will be 48kbs and 22khz. I'll not able to tell the difference.:)
Kazaa has an integrity rating (good|average|poor) Maybe we could add a |fake option.
again, this would have to reflect the user sharing the files and have his files be rated without his control (like a warning percentage on im networks). Just a thought.
Seriously, i use it all the time, and never noticed any major problem. Are ther better rippers out there? Im not trying to attack you or anything, im just looking for a better ripper.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
This isn't about the music industry and copyright enforcement at all. Overseer will license their "patented technology" to Perrier, and Evian and other bottled water suppliers. These water suppliers will then, using this "patented technology", and the DMCA on their side, go around poisoning out resevoirs, and lakes, and rivers! Filtering and chemically treating "pirated" water will be considered a circumvention attempt, and will result in immediate charges of environmental terrorism being brought against the perpetrators.
In fact, this has already happened! Illegal dumping??? Hah! That's not "dumping". It's a nefarious attempt at cornering the world's water supply.
(Hey, I figure that since tin foil is back in fashion, why not wear it with gusto!)
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
I'd like to take this opportunity to thank them for granting me a license to every song that they decide to legally distribute on the P2P Network. Now someone just needs to look into whether this license that they grant us by distributing their music freely includes "tweaking" it by running it through a "magical processing filter" (a file that would be to the mp3 as the .par is to the .rar) in order to remove any minor mistakes the transferring of the file could have caused.
So, Thank you.
I can count to 1023 on my hands. Ask me about #132.
That is why a majority of P2P apps have a preview button, so that you can see what you are downloading. I believe that the majority of people who do indeed go onto P2P networks have some sort of broadband, which means that once you search for a song, all one would have to do is download multiple files at once and preview them periodically (deleting the SCUM files), and hence there would be little or no time loss (unless the person you are downloading from takes his/her sweet time or ques you). Also i saw on sourceforge a gnutella project that will allow you to "blacklist" certain users, dont know how exactly that would work (wather it blacklists IP or user or file).
Live for the present, learn from the past, and dream of the future!
In general, I fully agree with what you're saying.
But one nit is that (and I'm not verifying your math, this is Slashdot, but it does feel right) it isn't 1000 songs/month that could be targeted, but 1000 files/month. If you assume you're only targeting, say, the 5 most popular rippers at the 3 most popular bitrates, that's 1000/15= 67 songs/month.
This sort of thing would work better for things that don't survive lossy compression, like software.
-j
I forget what 8 was for.
I propose a new type of peer 2 peer network based on distributed computing such as seti@home merged with a quality of service metric similar to slashdot's. Basically everyone who connects to this network will reserve a chunch of hard disk (say 100mb) for the use of the network, a slice of memory (say 16mb), and a portion of their bandwith (say 10%). These reserved objects can be used to keep a protected hash database running live 24 hours a day, 7 days a week.
Redundancy should be build into the network so that as people log on and off, a large percent of the hashes are still available such as 90%. These hashes could use md5 or some other secure network and the moderation would handle filtering the good from the bad. Initially it would have a lot of duplicates. This is not a bad thing. It would cause greater numbers of people to listen to duplicate songs until the best quality ones are modded up and the lower quality ones are modded down.
If the reserved space is encrypted we should be able to isolate source ip's and make it look as if the traffic is coming from everyone. So instead of a song coming from 3 sources, it looks like it comes from 1000 sources because the protected share is part of every client. Similar to the Borg.
We could still give preference to faster pipes such as T3/T1/OC whatever. In addition with a node/supernode algorithm, we could figure out more efficient routes for transmitting the songs based on the users already connected to the network. For example, choosing to get a song from a user at your "isp" vs "the nearest supernode".
The protected share should handle the md5 checksum and thus the client's distributed client program would devote cpu cycles to checking the validity of the content in the protected share. I like the idea of hashed based searching but I wonder, even if we store the hashes in a protected share, does this open the door to any form of legal liability?
I realize that the record cartel could come in and do an initial flood of crap and then maintain a network of computers to saturate it with bad data. A solution would be to have the client upload a valid file and then have the network (protected share) validate the file. The network could then keep running times of valid source ip's. The source IP does not have to be sharing data (it can if it wants, and most clients probably would) it just is needed to prevent the record cartel and their minions from setting up hordes of dhcp machines spitting out bad data because they would have to revalidate everytime an ip is changed. This may effect others who are on dhcp but their moderated accounts would be able to act as a form of credit at time of validation. People with good history who switch ip's but don't disconnect would not have to be revalidated because a trust would be established. Whild someone who disconnects and changes IP is no longer trusted. By having a protected share, high quality data could go into replication quicker.
If we know it is trusted and we see a concentration of requests coming from a particular area/isp, we can broadcast data to other clients near area/isp for the purpose of retransmission during peak times. Maybe we could build in requirements such as if a song is downloaded, it must be kept on the machine for 24 hours, so people don't just download and delete. This way retransmission could be quicker during peak times. People who download and delete or log off would be modded down as potential sources while others would continue to keep good credit. Thus, in addition to having metrics for quality of service, we could also have metrics for the quality of the source.
Insert doing-too-many-things-at-once-witticism here.
Another interesting note for things like this is that estimates of cost-per-attack calculations is that they apply over an average - you might collide on the first trial or you might have to cover the entire keyspace for a given run.
That fact does not co-exist well with carefully timed media blitzes. If Brittney's new album is proving to be difficult to poison (the collisions for some of the rips are statistically landing on the wrong end of the curve), an attacker may be forced to throw additional resources at those problems, thus doing fewer other songs, in order to make sure the marketing timeline from Jay Leno to concerts to ads with Pepsi goes well.
I don't think poisoning P2P is vital enough for those considerations to be terribly important right now. Still is a simple cost analysis, but marketing would probably be pissed.
-j
I forget what 8 was for.
OK this pisses me off, they say they are "protecting" content. No you are corupting data. Corupt data is bad, we should be doing all we can to prevent data coruption.
If the RIAA is purposefully trying to saturate P2P networks with low quality files, then they are essentially saying that it is accecptable to distribute copyrighted works -- as long as they are low quality. If that is the case, then aren't they shooting themselves in the foot by setting a more difficult standard for themselves to use in legal cases? For example, they know Kazaa user X is sharing 600 copyrighted works, but unless they download every one of them from this user, how can they argue that they are not the very files which were distributed(legally) by the RIAA itself?
There's already a technology very similar to what Overpeer is doing, and it's been in active use for many years:
a) Put some dog shit in a paper bag on somebody's porch, b) light the bag on fire, c) ring the doorbell and run away.
IANAL.
The reason why the recording industry is on such shaky ground is that they really have no reason to exist. They don't produce the music, they don't even pay for the CD's themselves. The artist does this and only gets a three percent cut of the profit. The job of the recording industry is to find/exploit the talent and to shove the product down the consumers throat through promotional gimickry. Their secondary job is to eat up all the profit and lobby for laws to protect their reign since in a free market they can't exist for long. In the digital age even the record companies image of usefullness has disappeared since we don't see their name on the product anymore.. we just downloaded it on gnutella. People wonder why we want to give a record company $14, the record store $5, and the artist $.60. I say, if you want to be moral, pirate the CD and send the artist $2.. that's more than they'll get from the record company. As far as thwarting spoofing there are options. How hard would it be to get a list of MD5's of good files going on a web site? We still have free speach don't we? Also, the spoofers will be using the same hosts to do the spoofing...just finding the bad files and posting where they came from would help.
My Blog
I'm on my way out to patent a method of replacing the text in books with a lower quality version of the original to be placed in libraries in an effort to curb readers from enjoying books they didn't pay for.
Maybe if the p2p networks make a thing to use checksums to see if the transfer in progress is authentic and same as the original. Or someway to tell while it is sending if it is corrupted music or not.
Can't they get in trouble for having mp3's of songs they don't actually own (albeit, at much lower quality than most others)? Regardless of the fact they are trying to help the RIAA, if the RIAA wants to bust everybody with illegal mp3's, this company would fall into that category. The law is the law!
Defender of Microsoft and Communism!!!
> "This means that you will never ever, in the life of the universe, be able to find nor contrive / construct a file with an identical hash."
:-P But there sure isn't a "never in the life of the universe".
Sure you would. Let look at a 128-bits md5sum. It's hexadecimal, thus you would have 16^128 combinations . That is a hell lot of combinations! So the possability that your Dream Theater mp3 has the same md5sum as Joes garbagefile isn't very big
Hey! That's my sig you're smoking there!
Now this raises an interesting question. How is Overpeer pronounced - is it "peer" or "pee-er", as in one who pees. Also, athough we're getting a little off-topic here, but if someone pees on you, they are the peer. But are you then the peee? Or, if female, the peeee? There are few, if indeed any, triple-e or quadruple-e words in English. Great for Scrabble. Thankx RIAA.
Say you own a section of river. You charge people to drink from the river. The people pay for awhile, then they realize they can drink downstream of your section of river for free. So you say hmm, I can either charge less to drink so the people will come back, or I can pee in the river so the people will come back and still pay full price. Now it seems the recording industry has taken the latter approach and pissed in our supply of digital music and software. The solution? A filter. Same way water filters can clean water, a few hundred lines of software should be able to clean low quality/corrupted music out of the p2p supply.
Unf! Sorry for replying my own post, but I just couldn't stand leaving the fals message there.
128-bits md5sum wouldn't make it a 16^128, but more like a 16^(128/8)=16^16~=1.84E19 which is still a lot, but not even near 16^128, haha, but still, my primary point stands.
Hey! That's my sig you're smoking there!
Some people have already suggested it.
You download a corruped file, note the checksum and download one with a different one. Introduce an encrypted signature and fuck the MPAA/RIAA.
It would seem to me to be an easy matter to post a digital checksum as part of the description of the file. So for each file submitted, and KNOWN to be un-corrupted, there can be a Digital Checksum. Users can then distribute these checksums, so if any of the files are modified, it would be easy to tell, before a long download would be attempted.
Sites, maintainted by us music and software lovers can share these checksums, and publish the bad ones.
>|<*:=
md5s and audio fingerprints and whatever else you use to validate a file can be used AGAINST you because then they will know you do indeed have a real britney song
I'm never going into a CD store again unarmed. Bastards goin down.... Lemme see, just need some holy water, wood stakes, and a burned cd full of pirated music to lure them in, and I'll be in good shape.
Freenetproject.org
Freenet has much better data integrity and trust mechanisms.Someone could upload a bunch of crap files but you could download from SSK's of trusted sources and know they are good.
why does the RIAA wonder how come cd sales dropped 6% last year when they try so hard to alienate the very people who may well be teh only ones crazy enough to shell out that much money per cd? who were the ones who bought the msot cd's a few years ago? people in their teen's adn twenties, now the record industry tells us we dont matter, adn that we are ALL pirates trying to cheat someone out of a meal, but then we are supposed to buy thier crap. this is just another move showing how NOT to piss off the main customers...
Is there any proof that P2P file sharing is actually affecting the RIAA's income? Have they made any substantial losses, and how can they prove it was caused by the P2P networks?
It would seem that until I can see a graph of the RIAA revenue increasing for the past ten years, a considerable downward slide for the past 5 of them, and a projection for the next five years, I'm not in a position to believe they're making a loss.
The figures are so all over the place anyway! MP3s have brought chaos to the music market, I'll agree with that. For one, I bought so much music I've never heard of, and thanks to MP3s I have gone off a lot of commercial music I'd otherwise listen to and have started to listen to a lot of music that without MP3s or streaming audio, I would never have heard of.
Secondly, I have bought this music. I go into record stores now and have a look in the various sections and see artists I know and recognize from mp3s. Then I buy their music.
Thirdly, there's a shitload of music out there that I'd never buy anyway. So what, I've got it as an MP3, and I listen to it once in a while, but I'm still not going to buy it on CD. How can the fact that I wasn't going to buy it anyway impact CD sales? Sure it's not exactly legal, but I'm still not going to buy it.
They're starting to sound a lot like Microsoft. Microsoft changed their Windows XP EULA so that you couldn't run programs like VNC or share your desktop without using the Microsoft inbuilt products. That's a killer nightmare for VNC. The RIAA in the same way is destroying the Peer 2 Peer networks which is getting a lot of artists the coverage they'd otherwise never dreamed of. If the RIAA destroy it, they monopolize with their control of the industry.
If I'm a small-time artist and I distribute my songs on P2P for free (lets say I am giving it away the same way Coca Cola gives away free coke's to promote the product,) if the RIAA destroy it, are they responsible for my lost revenue?
is to post movies that are over 702 MB long, thus making them impossible to save to a cdr.
It's Christmas everyday with BitTorrent.
No need to be hostile. My point simply is that you're not going to break MD5 anytime soon with forseeable technology.
There are more like 2^128 combinations. So you would need to generate 2^127 files to even have a 50/50 chance of having a duplicate.
Someone please correct me, but isn't the number of particles in the universe something on the order of about 2^150 or somesuch? I thought I remembered reading this somewhere, or maybe I'm just imagining it?
The price of freedom is eternal litigation.
over = big
peer = brother
'nuff said
I was essentially placing bets on behaviour of marketing droids. They have to be able to predict, and to control, in order to do the jobs they do.
My comments were about the intersection of marketing and math.
Unfortunately, I'm far from my reference material right now. I'd love to verify that RSA and MD5 have nothing to do with each other, but I can't be bothered to go through the source I have on hand before I go to bed. I'll note, though, you're mounting a theoretical attack, rather than one that takes into account the timing imperetives of the problems a Brittny campaign might have.
Moor(e)'s law is great, and fine, but it does not speak to advances in math. (It doesn't speak very well to the advances in circuit design, but that's a different discusion.)
My point is just this - I want to mimick a cryptographically sound sum, in order to dupe a downloader into wasting time, and/or hearing my sales pitch.
If I have a distributed clearing house of sums, that cannot happen, if you use an approved(tm) sum, such as MD5 or SHA.
A clearing house (which can be like DNS, and shoudl be) can provide multiple answers. The user can pick and choose.
I've been working on this problem from a different angle, nothing to do with file transfer, but it isn't that hard (and no, the code isn't open source, yet. We have to make money first). But there's no reason typing at one another is different than transfering files. It is all in how you match people up.
Directed graphs are cool. So are reputations.
Think about it hard. I'm up for the game. I think I'll find out I'm right.
I forget what 8 was for.
A one way hash is simply a function that converts a given input into some fixed length output and is hard to reverse, i.e., to generate some input that will match a given hash. The mere fact that the hash is much smaller than the input does not mean that is it one way. In the first place, the term describes the properties of the function itself, not a relationship between a particular input and output, and a good function is universal. Furthermore, even in cases where the hash is much smaller than the input, the trivial reversal (since your implied definition would not preclude this on the basis that the hash is too small) of the function could be used to describe the input or trivially generate all possible inputs (without having to brute force from the other direction). This poor definition would be sufficient in many applications to defeat its purpose. For instance, I could search all the (much larger) inputs that match a given hash for the exact input that the hash was generated against, e.g., search for english words, search for known songs, modify some crappy noise to match, etc.
Wrong again. One-way says nothing about there being a One-to-One correlation; it merely describes the direction, i.e., that it's easy to go from input to output (hash), but very hard to go from output to input.
Your understanding of the term is obviously deeply flawed because you contradict yourself. You can't, one one hand, say that MD5 is one way because there can't be any other inputs to match the hash and, on the other hand, say that md5 is a one-way hash in some cases because you "obviously can't generate a three megabyte file from its 32 byte MD5 checksum". If there is a one to one relationship between a 32byte hash and a larger input, even if it is 1 gigabyte (not impossible in an arbitrary function for a few inputs, though likely poor), then you could, by definition, generate a unique input based on that hash. It may take you a zillion years (or 5 seconds with your implied weak defintion), but you could do it. [A very crappy one-way function might do this with a select few inputs too, but obviously not for all] Please do some more research. Thanks.
One of these days, the Man is going to be crushed under the heal of the Black Man! Word!
Just try and download any and all versions of the Daredevil soundtrack, specifically the Drowning Pool f/ Rob Zombie one. It has phone tones/beeps/whistles/etc at about 55 secs into the song. Ive used Kazaa, Soulseek and others to find it, all the same result. Perhaps they started on a certain wave of albums for starters? I guess we'll see......
Fett
"He's no good to me dead."