Slashdot Mirror
Open Source DRM
Clyde writes "The different worlds of DRM and Open Source have come together under OGG-S, a project that just recently went to beta with their Open Source DRM toolkit. The project license in GPL and uses OpenSSL for its encryption engine. It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis."
How could you prevent people from modifying the library to let them use other people's keys? What would stop people from pirating the keys at easily as the music?
by limiting other people's freedom and trying to create an artificial scarcity in one of the very few areas of our lives where we live in a world of plenty.
And on top of that they try to create good emotions for their products by basing it on other people's work and calling it "open source". The only catch is that you have to pay them to distribute binaries?! WTF? Neither openssl nor ogg nor vorbis require this, why do they?
This smells very bad to me.
The only way to prevent this is for users to boycott Digital Restrictions Management technologies. As such, anything which makes it easier for DRM technologies to integrate with any software is a bad thing.
This project may comply to the letter of Open Source, but it entirely contradicts the spirit of open technology.
part of the appeal of Ogg was because it didn't have DRM?
Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?
Open and free does not exclude DRM. An open implementation allows everyone to see how the thing works and examine the source code. A free implementation is unencumbered by patents and IP problems.
Just because something is free as in speech does not make it free as in beer.
From the FAQ:
"If OGG-S is open source, how can the encryption be secure?
If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."
OK....
Under GNU, do you have to release any private encryption keys you may have used with the code?
Encryption keys would seem to fall under content/data and not code. It is my understanding of the GNU license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.
I don't see how they can force people, under the GNU, to release any private keys.
Someone please explain.
I don't see how they can
DRM isn't bad. Big Media/MS is bad. If DRM becomes mandated, it will be better to have an open-source implementation than not. This will reduce the plausibility of the likely MS argument that since there is no DRM on linux or mac, these systems should be excluded outright from certification.
It's like an arms race. If everyone's got it, nobody is at a disadvantage. "Keep your friends close, but keep your enemies closer." The same is true of TIA, btw.
Isn't that like OpenSource Windows?
.000124611 XPD (Palladium Ounces) worth.
So let me get this straight:
This is a project that is part of a free intellectual property movement which is designed to protect intellectual property from being used by people who have not liscensed it?
What the hell?
Okay, so it's going to be released under a liscense which allows anyone to modify, copy, and distribute the source, as long as they DO distribute the source. And the point of it is to make it impossible for someone to modify, copy, or distrubute the source, whether you paid for it or not...
I'm not getting anywhere here, but I think it sucks.
Just my
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
It's not really the customer's choice when content is only available under DRM restrictions, is it? As such, it makes no difference whether the DRM software is integrated or "added on", since the choice to protect or not protect the content is ultimately left to content providers.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
From the site:
Purchase of this product enables you to modify OGG-S decryption or encryption code and release your binary modifications to your users.
The only difference between these two scenarios is the physical location of the CD. This type of piracy cannot be prevented with software, without also blocking the fair use aspect (i.e. preventing the MP3 creation in the first place).
bad of course. it goes against everything Libre Software stands for
Hunh? What, Libre Software stands for making sure any and all content should be available without compensating the creator of the content in any way, shape or form? We use a license that restricts how your code is used, yet you want no restrictions on how the creations of others is used? *Rhetorical Question* Are you after a free ride, or Freedom?
I understand that you want fair use rights, as do we all. IMHO, if someone wishes to release thier creations with DRM, they are free to do so. I am free to ignore thier creation due to the DRM if I wish. Libre Software providing the freedom to release your creation as you want, and being compansated if you wish, is a good thing as it provides more freedom.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality, unfortunately. Using OSS tools to provide such restrictions, though distasteful, seems to be almost acceptable. At the very least, it shows that some proponents of Software Libre are sensitive to the needs of content creators, and so offers an olive branch to them. That should show we're not after a Free Ride, but Freedom.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
I worked for a startup that was researching DRM heavily (I was doing streaming-media stuff, others were doing DRM, and the company rightly failed promptly), and have done a lot of thinking about the issues.
Basically, OSS and DRM are mathematically incompatible. The purpose of DRM is to keep the user from being able to make a copy of the media in question. In order to do that, it must use encryption keys to hide the 'plaintext', and carefully control those keys. This is the core of what DRM is.
In order to plug the equivalent of the 'analog hole', all existing DRM implementations are binary-only, and carefully control and conceal the data path between the encrypted data and the finaly output hardware, so that it's 'impossible' for the user to get the plaintext.
As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.
More important than that even is the fact that open-source licenses guarantee that you can redistribute your modifications. It will be a grand total of about 2.37 hours between initial release of the software and someone releasing a version that will export the plaintext. Guess how popular the original release will be?
No, I think the results of this little experiment will be mixed good and bad:
Good: it will prove that DRM is mathematically impossible
Bad: it will 'prove' that the industry *must* use binary-only distributions of such software in order to make it work
It remains to be seen which of these will take effect first.
GStreamer - The only way to stream!
As bad as DRM sounds, maybee it's a blessing in disguise. No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products. When it's a choice between $200 for Office XP or $0 for OpenOffice rather than $0 for pirated Office 2K or $0 OpenOffice...if nothing else, the pricetag drives home the point that you need to at least TRY the alternatives.
Maybee the same will be true for music...that once every commercial song comes with a pricetag, listeners will finally begin to see Creative Commons/Open Audio License/Public Domain music as a better value. Once the audience is there, musicians will surely follow.
I have no problem with paying, I have a problem with destroying fair use, I have a problem with having to explain to every device i own that I am not a dirty theif.
-troy
Its good.
Why? Because it would be implemented in, obviously, an open manner with publically defined protocols and specifications. Therefore, anybody who wanted to build an infrastructure to support DRM could do so without locking people into a single vendor or implementation.
Somebody asked why couldn't you just change the libraries to let you bypass it? Well sure, if you can change the code on the machine, you *may* be able to bypass protections, depending on what they are. For example, if the file (text, sound, media, etc.) is encrypted and requires a decrypt key, mucking around in the code isn't going to help it decrypt itself.
Now.. what about extracting the protected media after the decrypt step? Well, thats a bit harder. In fact, that was how people broke Microsoft's first WMP protection.. they wrote a null sound driver that just dumped the output to a file. Works pretty well. Don't think that they didn't notice, when all of their drivers need to be signed these days..
Anyway.. there are different parts to Digital Rights Management. Step 1 is access.. can you access a file or not. Crypto protects that, and no open or closed source will change that. Step 2 is decrypted control. Who can manipulate the decrypted bytes of the media? That is up to people to implement and protect as they see fit.
Remember that an OSS DRM solution could provide an open source platform for building closed source clients and devices.. You have the advantge of an open standard combined with actual devices using it.
theres a difference between wanted encryption and unwanted encryption. I do not care to explain to every device in my computer that i didn't steal a media file. I want it to just obey my orders and play the damn thing.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
yes, but what if i tear down that server or replace the hard drive? seems to me that either i can tote the pair wherever i like, copying it freely, or i cannot when i reinstall move it from one system to the next. Also, if i want to burn this to CD and play it on my MP3 player in my car, how is this taken into account?
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products.
Ok, so it's mostly Microsoft who spreads this one, but even some Slashdot users fall for it.
You think product activation stopped XP piracy one iota? Think again. Cracked copies were floating around before it even hit retail shelves. Service pack 1, you say? Once again, within days of that debacle, a workaround even my parents can handle was available.
People get their warezed XP the same way they got their warezed 2000, ME, 98, etc. Kazaa and its ilk are making it even easier.
Know who product activation hurts? Not pirates, that's for sure. It hurts those of us who do anything more than install XP once, on one system, ever. Want to mirror your desktop's contents onto your laptop? Sorry. Have to re-install Windows? Sorry. Bought a new computer? Sorry. If you're lucky, you're only forced to upload some data to Microsoft. No internet? Hope you don't mind sitting on hold for a while. Past what Microsoft considers an acceptable amount of re-installs? Oh well, hope you have another $300.
The University I attend gets free copies of Windows and Visual Studio for its CS students. I can get as many license keys as I want without paying. But, I still have to deal with Microsoft's insane activation scheme if I want to use XP. Instead, I just use 2000. One CD, and *I* get to choose how I use it.
Know what most students are doing, to get around the hassle of activating XP so many times? That's right, downloading the cracked version. Guess what they're going to do once they're out of school and want the latest version of Windows?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
what you say contains truth, however if I recieve a PGP encoded email, I can decrypt it and leave it that way. A DRM system has the undesired effect of not allowing me to do this. That is my problem with DRM.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!