Slashdot Mirror
Open Source DRM
Clyde writes "The different worlds of DRM and Open Source have come together under OGG-S, a project that just recently went to beta with their Open Source DRM toolkit. The project license in GPL and uses OpenSSL for its encryption engine. It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis."
How could you prevent people from modifying the library to let them use other people's keys? What would stop people from pirating the keys at easily as the music?
Open Source DRM is an obvious ploy by the Illuminati to spread "acceptible" DRM to the resistant open source community. Once they have us eating out of their palms their world domination plan will advance another great step forward.
Where's my tin foil hat?
Trolling is a art,
I can already see thousands of rabid open source fanatics imitating Gollum over this...
"It isss OGG, so it isss good! Yes!"
"Nooo! DRM! Hateful it is!"
etc.
by limiting other people's freedom and trying to create an artificial scarcity in one of the very few areas of our lives where we live in a world of plenty.
And on top of that they try to create good emotions for their products by basing it on other people's work and calling it "open source". The only catch is that you have to pay them to distribute binaries?! WTF? Neither openssl nor ogg nor vorbis require this, why do they?
This smells very bad to me.
What is to keep me from going into the source and changing:
if(hasRights) {
decryptMusic;
}
to:
if(true) {
decryptMusic;
}
Well, I'd be happy to tell you what to think, but since you ate that stupid apple, you have to form your own opinions for a change.
Serves you right, you smart-ass kids.
---
g0d
Best Windows Freeware
The only way to prevent this is for users to boycott Digital Restrictions Management technologies. As such, anything which makes it easier for DRM technologies to integrate with any software is a bad thing.
This project may comply to the letter of Open Source, but it entirely contradicts the spirit of open technology.
part of the appeal of Ogg was because it didn't have DRM?
Do it yourself rape!
Breaking your leg for dummies!
<really fast>Only $29.95</reallyfast>
So close and yet so far from the world's perfect ID number
As mentioned on the OGG-S homepage, we are completely independant of Ogg Vorbis and Xiph.org.
This was done because we (and I am sure others) believe that DRM should be an add-on option that content providers or users can choose; not something that is forced upon consumers.
So....
How about PGP? Strikes me as rather wrong, making it hard to read any message I put on my computer. Definitly against the tenents of Free Software.
From the FAQ:
"If OGG-S is open source, how can the encryption be secure?
If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."
OK....
Under GNU, do you have to release any private encryption keys you may have used with the code?
Encryption keys would seem to fall under content/data and not code. It is my understanding of the GNU license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.
I don't see how they can force people, under the GNU, to release any private keys.
Someone please explain.
I don't see how they can
It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.
Upon analysis, this will either be shown to not really work, or it will turn out to just be "mostly" open, but with at least one opaque component.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
DRM isn't bad. Big Media/MS is bad. If DRM becomes mandated, it will be better to have an open-source implementation than not. This will reduce the plausibility of the likely MS argument that since there is no DRM on linux or mac, these systems should be excluded outright from certification.
It's like an arms race. If everyone's got it, nobody is at a disadvantage. "Keep your friends close, but keep your enemies closer." The same is true of TIA, btw.
You are all so quick to want to outlaw a technology because it has an application you dont like. But if someone else feels the same about a tech you do like, you all get up in arms over it.
How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?
Now, how many think DRM should never be implemented, because it can be used to restrict what you can do with a CD you bought?
To me its the same issue. Technologies arent inherently evil, it's the uses they're put to.
DRM technology with SSL strength security has some good uses.
A content producer can have all his stuff locked tight with DRM while it's still in production, or use it on the screener films he sends to reviewers. If it isnt for sale yet, you have no right to any of it. It's merely protecting a trade secret.
It can also be used to verify the authenticity of footages, lets say the doctored photo in Time magazine yesterday.
It could be used to prove that the footage you see on TV is what was filmed by the digicam.
It can be used in court to prove that the security footage from the 7-11 hasnt been altered in any way.
It can be used to keep your nephew from stumbling across your pr0n collections.
It already exists anyways. Noone stops anyone from streaming a netradio over an SSL tunnel, or archiving their files with a password.
In short, preventing consumers from excersizing legitimate rights to use something they own is bad. DRM is not 'bad', DRM is a technology.
I don't need no instructions to know how to rock!!!!
It's not really the customer's choice when content is only available under DRM restrictions, is it? As such, it makes no difference whether the DRM software is integrated or "added on", since the choice to protect or not protect the content is ultimately left to content providers.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
From the site:
Purchase of this product enables you to modify OGG-S decryption or encryption code and release your binary modifications to your users.
I assure you that SideSpace is in no way, shape or form affiliated with the Xiph.Org Foundation, who make Ogg Vorbis and other royalty-free multimedia codecs.
Emmett Plant
CEO, Xiph.Org Foundation
bad of course. it goes against everything Libre Software stands for
Hunh? What, Libre Software stands for making sure any and all content should be available without compensating the creator of the content in any way, shape or form? We use a license that restricts how your code is used, yet you want no restrictions on how the creations of others is used? *Rhetorical Question* Are you after a free ride, or Freedom?
I understand that you want fair use rights, as do we all. IMHO, if someone wishes to release thier creations with DRM, they are free to do so. I am free to ignore thier creation due to the DRM if I wish. Libre Software providing the freedom to release your creation as you want, and being compansated if you wish, is a good thing as it provides more freedom.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality, unfortunately. Using OSS tools to provide such restrictions, though distasteful, seems to be almost acceptable. At the very least, it shows that some proponents of Software Libre are sensitive to the needs of content creators, and so offers an olive branch to them. That should show we're not after a Free Ride, but Freedom.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
- "Ogg's Goodies Gavel-Slammed"
- "Ogg Gets Gonads-Suckage"
- "Oggs Get Gut-Sliced"
But of course you can do better.I worked for a startup that was researching DRM heavily (I was doing streaming-media stuff, others were doing DRM, and the company rightly failed promptly), and have done a lot of thinking about the issues.
Basically, OSS and DRM are mathematically incompatible. The purpose of DRM is to keep the user from being able to make a copy of the media in question. In order to do that, it must use encryption keys to hide the 'plaintext', and carefully control those keys. This is the core of what DRM is.
In order to plug the equivalent of the 'analog hole', all existing DRM implementations are binary-only, and carefully control and conceal the data path between the encrypted data and the finaly output hardware, so that it's 'impossible' for the user to get the plaintext.
As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.
More important than that even is the fact that open-source licenses guarantee that you can redistribute your modifications. It will be a grand total of about 2.37 hours between initial release of the software and someone releasing a version that will export the plaintext. Guess how popular the original release will be?
No, I think the results of this little experiment will be mixed good and bad:
Good: it will prove that DRM is mathematically impossible
Bad: it will 'prove' that the industry *must* use binary-only distributions of such software in order to make it work
It remains to be seen which of these will take effect first.
GStreamer - The only way to stream!
As bad as DRM sounds, maybee it's a blessing in disguise. No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products. When it's a choice between $200 for Office XP or $0 for OpenOffice rather than $0 for pirated Office 2K or $0 OpenOffice...if nothing else, the pricetag drives home the point that you need to at least TRY the alternatives.
Maybee the same will be true for music...that once every commercial song comes with a pricetag, listeners will finally begin to see Creative Commons/Open Audio License/Public Domain music as a better value. Once the audience is there, musicians will surely follow.
...that the open source DRM solution will quickly prove to be the best, most effective implementation of DRM?
A look at the source doesn't mean that you can simply defeat the encryption. Just like you can't r00t someone's ssh server by looking at the source of their version of OpenSSH.
Of course you could trojanize the source and try to get a limp version of the binaries to proliferate, but the chances of that working are very close to zero. If I were a publisher I'd test whether the encoding and DRM encryption worked before I were to sell my media to the world.
Learn from the mistakes of others. There isn't enough time to make them all yourself.
Its good.
Why? Because it would be implemented in, obviously, an open manner with publically defined protocols and specifications. Therefore, anybody who wanted to build an infrastructure to support DRM could do so without locking people into a single vendor or implementation.
Somebody asked why couldn't you just change the libraries to let you bypass it? Well sure, if you can change the code on the machine, you *may* be able to bypass protections, depending on what they are. For example, if the file (text, sound, media, etc.) is encrypted and requires a decrypt key, mucking around in the code isn't going to help it decrypt itself.
Now.. what about extracting the protected media after the decrypt step? Well, thats a bit harder. In fact, that was how people broke Microsoft's first WMP protection.. they wrote a null sound driver that just dumped the output to a file. Works pretty well. Don't think that they didn't notice, when all of their drivers need to be signed these days..
Anyway.. there are different parts to Digital Rights Management. Step 1 is access.. can you access a file or not. Crypto protects that, and no open or closed source will change that. Step 2 is decrypted control. Who can manipulate the decrypted bytes of the media? That is up to people to implement and protect as they see fit.
Remember that an OSS DRM solution could provide an open source platform for building closed source clients and devices.. You have the advantge of an open standard combined with actual devices using it.
theres a difference between wanted encryption and unwanted encryption. I do not care to explain to every device in my computer that i didn't steal a media file. I want it to just obey my orders and play the damn thing.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
But of course, that's not how it really works.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality
What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense.
You seem to think DRM is a 'harmless technology', just as copyright is a 'harmless law'. But while the existence of a copyright law is justified to an extent, it is being abused and extended by big media firms so much as to make it draconian. And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.
Libre Software providing the freedom to release your creation as you want...
No, freedom isn't about releasing content 'how you want'. The restrictions we want to have on content are ones that prevent anyone from ever taking away our access to fair use of that content. DRM threatens to do exactly this.
First, while software released under a free license, like the GPL, has to be redistributed under specified terms, the data such software processes does not (in general -- there are a few exceptions where output of a GPL program contains GPL code, thus restricting redistribution of compilation of that code without the rest of the source -- which usually comprises the input to the initial GPL program in the first place -- think parser generator). This is the entire basis for openssl and similar code: you can keep the keys secret.
Thus, if the keys involved are kept secret on a secure processor, and that processor only runs code signed with other secure keys, said code can be completely open!
Of course, you lose control over what this processor does (since it can't execute arbitrary code), but you can examine the code that it does execute. Furthermore, such a processor could also execute unsigned code, but not provide access to the keys it protects. If the processor is limited to decoding encrypted entertainment data, the fact that one does not have control over it is no worse than not having control over a remote server to which one connects over the internet -- it's not like your whole general purpose computer is locked up (and the biggest problem with TCPA -- it locks the whole machine, not just some remote part, and encourages laws making the possession of unlockable machines illegal).
This does raise the whole issue of key management and distribution, of course, but fair use creation of archival copies of encrypted content, and storage in different forms now becomes possible: you just need a decryptor at the end. No one ever complained about needing speakers to listen to music or a TV to watch, er, TV.
The problem of "fair" DRM then reduces to one of establishing a trust hierarchy that producers of decryptors, copyright content producers, and consumers can all accept. I argue that problem is solvable, at least in the mathematical sense. The question is: "Is it economically viable?"
I think the answer is yes, particularly with a U.S. government push to "secure the internet".
You could've hired me.
yes, but what if i tear down that server or replace the hard drive? seems to me that either i can tote the pair wherever i like, copying it freely, or i cannot when i reinstall move it from one system to the next. Also, if i want to burn this to CD and play it on my MP3 player in my car, how is this taken into account?
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
So, this is exactly the same problem with OpenSSH, and how anyone can decrypt a SSH session because the source is open... erm oh wait, it's not that easy. Just to throw in a phrase well all hate, but is applicalbe here... Please think OUTSIDE the box.
Actually, in both cases the encryption is wanted, by the people who have the right to encrypt it.
You have the right to encrypt anything on your machine, in the name of privacy.
You also have the right to encrypt anything you make before giving it to other people, then choosing when and how they can unencrypt it. This is called "DRM."
If an artist doesn't want his music sampled, well, sucks to be him. He's going to make fewer sales, and won't earn as much money. DRM protects a savvy user's authority. It doesn't protect idiots from themselves.
What's this Submit thingy do?
No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products.
Ok, so it's mostly Microsoft who spreads this one, but even some Slashdot users fall for it.
You think product activation stopped XP piracy one iota? Think again. Cracked copies were floating around before it even hit retail shelves. Service pack 1, you say? Once again, within days of that debacle, a workaround even my parents can handle was available.
People get their warezed XP the same way they got their warezed 2000, ME, 98, etc. Kazaa and its ilk are making it even easier.
Know who product activation hurts? Not pirates, that's for sure. It hurts those of us who do anything more than install XP once, on one system, ever. Want to mirror your desktop's contents onto your laptop? Sorry. Have to re-install Windows? Sorry. Bought a new computer? Sorry. If you're lucky, you're only forced to upload some data to Microsoft. No internet? Hope you don't mind sitting on hold for a while. Past what Microsoft considers an acceptable amount of re-installs? Oh well, hope you have another $300.
The University I attend gets free copies of Windows and Visual Studio for its CS students. I can get as many license keys as I want without paying. But, I still have to deal with Microsoft's insane activation scheme if I want to use XP. Instead, I just use 2000. One CD, and *I* get to choose how I use it.
Know what most students are doing, to get around the hassle of activating XP so many times? That's right, downloading the cracked version. Guess what they're going to do once they're out of school and want the latest version of Windows?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I actually think this is a good thing. It will help Open Source Software gain acceptance many places it is accepted yet. This will also help to develop a more bulletproof DRM technology which could help safegard the movement from the attacks of Hollywood....
There is also another benefit to open source DRM. If the current content providers continue to aggressively lock their material down, it may provide an option for those of us who want to see Free (as in Speech) content develop and become a viable model. If we are clever, this could create an opertunity for open content of music as well as documentation and software.
LedgerSMB: Open source Accounting/ERP
No, YOU'VE entirely missed the point of DRM. The trouble with your analogy is that you've decided that there are certain kinds of theft that are acceptable. Theft is theft. It doesn't matter whether I've left my door unlocked, or locked, or forgotten my walkman at the fast food joint -- or set my stereo up on the sidewalk. Somebody helps themselves to my property, it's theft, pure and simple. I shudder to think that there might be judges who will rule on the basis of your twisted perception of relative morality instead of on the basis of the law.
If DRM was what you say it is, then why are the media giants going after the file-swappers? If you're right, they don't have a leg to stand on! Their music is "out in the open". Nonsense -- they're going after the file swappers because the file swappers are in breach of copyright. There is already a basis in law that allows for prosecution of ppl who illegally copy. DRM is NOT about legal protection. DRM is about CONTENT CONTROL.
pure AI will always Sublime
DRM isn't bad? Do you have any idea what DRM /means/? DRM requires content to be authorised by central "trusted" authorisation servers. That means that access to /your/ content is controlled by whoever controls the authentication servers. That means that you have to ask permission to view your own data!
How can that possibly be good? How can you give a mandate to something like that?
Pretending that it is an "arms race", and making sure everyone's got it would mean that DRM would become ubiquitous -- and that any data anyone produces will be placed under the dominion of the despotic maniacs behind "Trusted Computing".
Open Source should NEVER get into bed with DRM. It's laughable to think that anyone could DREAM that DRM would permit Open Source [software or content's] continued existence. Can you imagine giving someone sponsored by Bill the control over your access to the linux kernel? Allowing DRM to become ubiquitous, even tacitly supporting DRM would make that situation a reality.
pure AI will always Sublime
And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.
If I have a product that I only want to distribute over a pair of drm headphones, and there's a market to buy it, it'll sell. You ARE free to ignore DRM. Content is a product, not a necessity.
NSYNC could release their next album on a copy proof (hypotetically of course) CD. It would still sell. The value to the consumer isn't that they can copy it or back it up, it's that they can listen to the music that they want to hear.
Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality
"What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense. "
What about books? Ever try to play a book in a DVD player? They are incredibly hard to copy, and certainly on the scale that a CD can be reproduced. Books are basically DRM encumbered in this sense.
Freedom is most certainly about releasing content how you want.
Also, what's to say that you can't create a DRM'd backup of something? Just make it impossible to unlock without first locking out the original copy. There are smart people out there working really hard on stuff like this all day. They'll figure it out.
More choices is always better.
Also, technology can't be harmful. Technology just is. Nuclear Fission isn't bad. Broken policy and poor judgement can make bad things happen with any technology.
As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.
The whole point of encrypting with known algorithms is that it is very hard to decrypt without the keys. I think you must have used a very weak algorithm. You don't release the keys anywhere, they must be hidden away as best you can. Of course, doing safe decryption on an untrusted platform is impossible (see below).
I don't see any mathematics in your post. So I have to ask for proof before believing you. Next time, avoid buzzwords just to be modded up..
Secondly, I believe you have some experience, but the future of DRM will not be in software.. With closed hardware, it's probably (who REALLY knows?) possible to combine Open Source and DRM. Point being that Microsoft announced they will release their sourcecode for Palladium, so that everybody can see that there is no 'evil' code in there. That it does what Microsoft says it will. The core code that runs in a hardware-protected sandbox should be perfectly safe (in theory) from tampering by other than Microsoft.
Thirdly, OSS supporting DRM is a bad move because that will validate closing up the hardware from the people. Maybe many thinks this is a good idea, but in the long run we WILL be better off defeating DRM before it becomes valid.
The people should make the decision NOT to buy DRM-enabled devices and programs. Just stop supporting DRM and all its likes RIGHT NOW. There is nothing to be gained for the people in the technology. It defeats the whole purpose of a multi-purpose device: That somebody else controls what you can and can't do on your own terminal.
For once in your life, take a stand. Have some spine! If it means you can't buy the latest N-Sync album over the net, just don't do it! Walk out into nature and meditate, you'll be much happier and better off..
http://www.debunkingskeptics.com/