Slashdot Mirror
Open Source DRM
Clyde writes "The different worlds of DRM and Open Source have come together under OGG-S, a project that just recently went to beta with their Open Source DRM toolkit. The project license in GPL and uses OpenSSL for its encryption engine. It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis."
What is to keep me from going into the source and changing:
if(hasRights) {
decryptMusic;
}
to:
if(true) {
decryptMusic;
}
As mentioned on the OGG-S homepage, we are completely independant of Ogg Vorbis and Xiph.org.
This was done because we (and I am sure others) believe that DRM should be an add-on option that content providers or users can choose; not something that is forced upon consumers.
So....
How about PGP? Strikes me as rather wrong, making it hard to read any message I put on my computer. Definitly against the tenents of Free Software.
It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.
Upon analysis, this will either be shown to not really work, or it will turn out to just be "mostly" open, but with at least one opaque component.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You are all so quick to want to outlaw a technology because it has an application you dont like. But if someone else feels the same about a tech you do like, you all get up in arms over it.
How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?
Now, how many think DRM should never be implemented, because it can be used to restrict what you can do with a CD you bought?
To me its the same issue. Technologies arent inherently evil, it's the uses they're put to.
DRM technology with SSL strength security has some good uses.
A content producer can have all his stuff locked tight with DRM while it's still in production, or use it on the screener films he sends to reviewers. If it isnt for sale yet, you have no right to any of it. It's merely protecting a trade secret.
It can also be used to verify the authenticity of footages, lets say the doctored photo in Time magazine yesterday.
It could be used to prove that the footage you see on TV is what was filmed by the digicam.
It can be used in court to prove that the security footage from the 7-11 hasnt been altered in any way.
It can be used to keep your nephew from stumbling across your pr0n collections.
It already exists anyways. Noone stops anyone from streaming a netradio over an SSL tunnel, or archiving their files with a password.
In short, preventing consumers from excersizing legitimate rights to use something they own is bad. DRM is not 'bad', DRM is a technology.
I don't need no instructions to know how to rock!!!!
...that the open source DRM solution will quickly prove to be the best, most effective implementation of DRM?
How does the client prevent piping of the decrypted output? Without that, you might as well skip the encryption. With that you get right back to the nasty non free world of files you can't write and someone else owns your computer.
DRM is an attempt to prop up and extend the whole dead tree publishing model that has no place in the digital world. Trying to force the restrictions of old technology on new is evil. Creating restrictions that older did not exist in older technology is even worse. DRM seeks this and is an abomination. A new revenue model must be made and people should be encouraged to share their information as well as create it. Obscuring information so that permision is required for each and every read, and that's what this can do, is even more restrictive than printed work which is durable and human readable.
GPLing this code is like making a dagger out of gold.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
But of course, that's not how it really works.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality
What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense.
You seem to think DRM is a 'harmless technology', just as copyright is a 'harmless law'. But while the existence of a copyright law is justified to an extent, it is being abused and extended by big media firms so much as to make it draconian. And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.
Libre Software providing the freedom to release your creation as you want...
No, freedom isn't about releasing content 'how you want'. The restrictions we want to have on content are ones that prevent anyone from ever taking away our access to fair use of that content. DRM threatens to do exactly this.
You are confusing secure with "secure".
The first is the actual meaning of the word, as in protecting computers and communicating parties from attack by malicious parties. By all accounts, open source software is at least as good as proprietary software at that (or maybe at worst as bad...).
The second, is the media industry "lets highjack a term that has a positive conotation" doublespake meaning of "secure". That is about making sure that users are not in control of their own computers, so that somebody else can make sure that media on their machines is only used in a manner deemed acceptable by a greater athority (the corporations). Open source software, by it's nature (1), cannot be used for this "secure", since it allows the user to modify it, and he will simply remove the part of the code that tells him what he can and can't do.
(1) This assumes it is running on open hardware. TCPA is an attempt to make sure that the their is closed hardware at the bottom layer that can validate the software, so even if the user can modify it, the modified version cannot read the media.
Sounds great, thanks!
Also, if you believe the name of OGG-S could cause any consumer confusion please feel free to email me at rsage@sidespace.com and I will work on changing our site accordingly. Since OGG-S has been mentioned on the Vorbis mailing lists in the past, I had assumed this name would not cause any confusion.
The fact that someone would package Ogg Vorbis with DRM was inevitable (and welcome, as is any derivative work based on our stuff); The only issue I have with this implementation (as I'm unaware of the technical aspects of it as yet) is that it uses the name 'Ogg.'
That being said, I would very much appreciate it if the name of this product were changed. I'd rather avoid confusion sooner rather than later. After all, 'Ogg Vorbis' was only a project codename, and was never expected to take off. :)
Emmett Plant
CEO, Xiph.Org Foundation
First, while software released under a free license, like the GPL, has to be redistributed under specified terms, the data such software processes does not (in general -- there are a few exceptions where output of a GPL program contains GPL code, thus restricting redistribution of compilation of that code without the rest of the source -- which usually comprises the input to the initial GPL program in the first place -- think parser generator). This is the entire basis for openssl and similar code: you can keep the keys secret.
Thus, if the keys involved are kept secret on a secure processor, and that processor only runs code signed with other secure keys, said code can be completely open!
Of course, you lose control over what this processor does (since it can't execute arbitrary code), but you can examine the code that it does execute. Furthermore, such a processor could also execute unsigned code, but not provide access to the keys it protects. If the processor is limited to decoding encrypted entertainment data, the fact that one does not have control over it is no worse than not having control over a remote server to which one connects over the internet -- it's not like your whole general purpose computer is locked up (and the biggest problem with TCPA -- it locks the whole machine, not just some remote part, and encourages laws making the possession of unlockable machines illegal).
This does raise the whole issue of key management and distribution, of course, but fair use creation of archival copies of encrypted content, and storage in different forms now becomes possible: you just need a decryptor at the end. No one ever complained about needing speakers to listen to music or a TV to watch, er, TV.
The problem of "fair" DRM then reduces to one of establishing a trust hierarchy that producers of decryptors, copyright content producers, and consumers can all accept. I argue that problem is solvable, at least in the mathematical sense. The question is: "Is it economically viable?"
I think the answer is yes, particularly with a U.S. government push to "secure the internet".
You could've hired me.
So, this is exactly the same problem with OpenSSH, and how anyone can decrypt a SSH session because the source is open... erm oh wait, it's not that easy. Just to throw in a phrase well all hate, but is applicalbe here... Please think OUTSIDE the box.
Actually, in both cases the encryption is wanted, by the people who have the right to encrypt it.
You have the right to encrypt anything on your machine, in the name of privacy.
You also have the right to encrypt anything you make before giving it to other people, then choosing when and how they can unencrypt it. This is called "DRM."
If an artist doesn't want his music sampled, well, sucks to be him. He's going to make fewer sales, and won't earn as much money. DRM protects a savvy user's authority. It doesn't protect idiots from themselves.
What's this Submit thingy do?
I actually think this is a good thing. It will help Open Source Software gain acceptance many places it is accepted yet. This will also help to develop a more bulletproof DRM technology which could help safegard the movement from the attacks of Hollywood....
There is also another benefit to open source DRM. If the current content providers continue to aggressively lock their material down, it may provide an option for those of us who want to see Free (as in Speech) content develop and become a viable model. If we are clever, this could create an opertunity for open content of music as well as documentation and software.
LedgerSMB: Open source Accounting/ERP
And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.
If I have a product that I only want to distribute over a pair of drm headphones, and there's a market to buy it, it'll sell. You ARE free to ignore DRM. Content is a product, not a necessity.
NSYNC could release their next album on a copy proof (hypotetically of course) CD. It would still sell. The value to the consumer isn't that they can copy it or back it up, it's that they can listen to the music that they want to hear.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality
"What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense. "
What about books? Ever try to play a book in a DVD player? They are incredibly hard to copy, and certainly on the scale that a CD can be reproduced. Books are basically DRM encumbered in this sense.
Freedom is most certainly about releasing content how you want.
Also, what's to say that you can't create a DRM'd backup of something? Just make it impossible to unlock without first locking out the original copy. There are smart people out there working really hard on stuff like this all day. They'll figure it out.
More choices is always better.
Also, technology can't be harmful. Technology just is. Nuclear Fission isn't bad. Broken policy and poor judgement can make bad things happen with any technology.
As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.
The whole point of encrypting with known algorithms is that it is very hard to decrypt without the keys. I think you must have used a very weak algorithm. You don't release the keys anywhere, they must be hidden away as best you can. Of course, doing safe decryption on an untrusted platform is impossible (see below).
I don't see any mathematics in your post. So I have to ask for proof before believing you. Next time, avoid buzzwords just to be modded up..
Secondly, I believe you have some experience, but the future of DRM will not be in software.. With closed hardware, it's probably (who REALLY knows?) possible to combine Open Source and DRM. Point being that Microsoft announced they will release their sourcecode for Palladium, so that everybody can see that there is no 'evil' code in there. That it does what Microsoft says it will. The core code that runs in a hardware-protected sandbox should be perfectly safe (in theory) from tampering by other than Microsoft.
Thirdly, OSS supporting DRM is a bad move because that will validate closing up the hardware from the people. Maybe many thinks this is a good idea, but in the long run we WILL be better off defeating DRM before it becomes valid.
The people should make the decision NOT to buy DRM-enabled devices and programs. Just stop supporting DRM and all its likes RIGHT NOW. There is nothing to be gained for the people in the technology. It defeats the whole purpose of a multi-purpose device: That somebody else controls what you can and can't do on your own terminal.
For once in your life, take a stand. Have some spine! If it means you can't buy the latest N-Sync album over the net, just don't do it! Walk out into nature and meditate, you'll be much happier and better off..
http://www.debunkingskeptics.com/