Apple's iTunes DRM Cracked?

joekra writes "The author of DeCSS is back in the spotlight with a new application called QTFairUse. The new application attempts to convert DRM'd AACs to non-DRM'd AACs on Windows machines. MacRumors has done some limited testing on it and has found it doesn't yet work as advertised... but they do offer a look into how it works."

Negative Impact..

[spence2680]

Hopefully this doesn't have any negative impact for the end users. It's always sad when the generic end user gets screwed because someone decided to hack/crack a product to give them additional functionality.

Re:Negative Impact..

[bwalling]

How does hacking like this negatively impact end users?

Let's try this example: iTMS AAC is cracked. Apple fixes. Cracked again. Apple fixes. Cracked again. Apple fixes, but RIAA says game over. Now, people like me who like iTMS and use it legitimately can't use it anymore. I'd call that a negative impact.

Re:Negative Impact..

[Nucleon500]

What about DVDs? They were cracked, and DVD sales are just the same as before. When CDs were created, nobody expected equipment to rip and burn them would be accessable to consumers, and yet CDs are still around. Audiocasette recorders caused legislation reinforcing a consumer's right to make personal copies. There was legal controversy about the Xerox machine, and about player piano tapes.

Ever since there's been 'content,' there's been demand to copy it, and human ingenuity has 'cracked' whatever protection there was. But this doesn't harm the medium, in fact, it makes it more valuable to honest people. There will still be a demand for iTunes and friends, so the MPAA won't stop. There isn't a consumer demand for draconian hardware DRM, so I don't think it'll happen. This is driven by greed, but in the end, consumers want cheap, legal downloads with minimal (hopefully nonexistant) DRM, so that's what'll happen.

This 'crack' won't affect Apple's relation with the RIAA, nor the service, nor even the software, in any way. Why? iTunes lets you burn CDs, and CDs can be ripped. This crack only gives people slightly better quality and saves them a CD-RW. It also makes it a bit easier to get the files off a Bochs or VMWare system. Even if it did allow something that wasn't trivial before, it wouldn't impact iTunes sales or piracy significantly.

He must enjoy court

[Blackbox42]

Why release it with your name attached to it? Didn't he learn something after the whole De-CSS trial?

Re:He must enjoy court

[SuperBanana]

Why release it with your name attached to it? Didn't he learn something after the whole De-CSS trial?

Yep. That his lawyer need only reach for his notes for applicable case history should Apple- or anyone else for that matter- choose to try him again.

Next up

[quizwedge]

DRM in iTunes is changed. Please repurchase all of your old songs. Seriously, the DRM with Apple's music wasn't that bad. Why make it so that they have to change things around? Remember iTunes Music Sharing? You use to be able to stream from any computer to any computer. Since people didn't use it for personal use, they forced it to only work on the same subnet (thereby not allowing users at work to access music from their home machine). I wouldn't say Apple is perfect, but they're more on our side than Microsoft is.

Re:Next up

[Krach42]

Apple has consistantly had a stance against DRM, and this is the first time I've ever heard of the copy-protection in iTMS as DRM.

I suppose at SOME level, every copy protection qualifies as DRM, but come on. I view DRM with the connotation of "draconian" restrictions on what a user can do with it.

Apple doesn't prevent you from making a backup copy of the file, or distributing the file to other computers, it just restricts certain computers from playing it, if they haven't purchased it.

I personally don't see anything wrong with such an approach, it's called LEGAL.

Now, writing a system that breaks the second you touch the file with anything but a DRM approved player, or for that matter, working it into the OS so you CAN'T do anything with it at all. That's stepping over the line.

People have to make money at this at some point, and for the almost painless restrictions that iTMS puts on their music, it's one our side, and their side. A good comprimise in convienence and protection, where if you REALLY want to get it free, then you can get online and grab it anywhere else easier than you can break their protections. And they make money because you pay for the convience of being able to just *click* and download.

Why do this?

[Offwhite98]

By breaking the means the industry hopes to use to make their business viable you are only going to force them to cancel future projects which make music and other media easy for consumers to buy. Not everything can be free. Do you expect to get paid for a days work? And if Apple is forced to end their service because everyone just steals the music, then what will be left with? I will tell you. Microsoft will push a DRM-based protection scheme which is based on hardware and locks out non-Windows users.

Stop screwing these companies!

Re:Why do this?

[Frac]

People just want to use their personal private property which they bought and paid for in whatever way they see fit, such as playing their songs on a non-Apple, non-Microsoft platform. What's the problem with that?

Bullshit. You can already do that within iTunes. Just burn to a CD.

Apple's DRM attempts to lock out non-Apple, non-Microsoft users.

Bullshit. Apple's DRM doesn't attempt to lock out anything. Burn it to a CD, and you can do whatever you want with it.

Re:Why do this?

[darnok]

Consider the issue of DRM-enabled music from the perspective of someone who doesn't download illegal music, but who has a mix of devices (home stereo, desktop PC with CD player, MP3 player, laptop PC, car CD stacker, ...) that they use to listen to music. At a guess, there are quite a few people who fall into this category.

There was a time just a few years ago when, if I bought a music CD, I could play it anywhere. I could play it at home, on my computer, in my car, in the PC at work... - whereever I wanted to play it, it worked. I could copy it to tape and listen to it in my Walkman, and it was all totally legal.

Today, the record company model appears to be based around consumers buying music for use in exactly one device. Music CDs are now "enhanced" to try to prevent people playing them on their computers; paid-for, downloaded music is now DRM-wrapped so it can't be burned to music CDs and played on home stereos or in cars. Based on this, you have to assume record companies expect people to buy multiple copies of the same piece of music if they want to listen to it on a mixture of devices.

That would be fine if I could buy several copies of a piece of music (as is now necessary to play in all my devices) for the same price or less than I used to pay for a single music CD that I could play on all of them. In fact, it would be a great thing if there was some music (e.g. music that I only listen to while working out, and not on my home stereo) that I only wanted to listen to on one type of device - I wouldn't need to buy the version that played on my home stereo, so I'd be saving some money.

What the record companies have done, however, is to charge full price for each piece of music on each medium. Whereas before I could buy a single music CD for $X and play it anywhere, now I need to buy the music CD and download the DRM-wrapped WMA or AAC file and it costs more money than it did before.

A lot of people would get upset at that point, but even that situation might be tolerable if (a) the record companies offered a bundle of both CD and WMA/AAC files at a suitably discounted cost, (b) they made the purchase process a particularly enjoyable experience, (c) they offered me some bonus over and above the music I'd paid for, such as maybe cheap/free concert tickets or a DVD of a few tracks, (d) any combination of the above. Unfortunately, none of these are happening.

In a nutshell, people are expected to pay multiple times for something they used to pay for once. Not only that, they're told they're "stealing" if they don't, and are faced with ridiculous laws and enforcement techniques.

Re:Why do this?

[Frac]

Oh sure, if I want to listen to my music on linux I have to waste my time burning it to CD and then re-ripping it - because Apple has excluded non-Apple, non-MS platforms from playing the AAC files.

There's no evidence that Apple would never release iTunes for Linux. Likewise, Windows didn't get iTunes support until recently. That's just a limitation of resources, and nothing to do with excluding certain people.

Furthermore, what you just said reveals your REAL reason against the DRM. Not some political stance about Apple locking out other platforms (which is clearly untrue), but that you're too lazy to burn the songs to remove the DRM.

That's just... pathetic.

Re:Why do this?

[shark72]

"Music CDs are now "enhanced" to try to prevent people playing them on their computers; paid-for, downloaded music is now DRM-wrapped so it can't be burned to music CDs and played on home stereos or in cars."

But in this case, music purchased from iTMS can be burned to CD and played on home stereos and in cars.

Perhaps the question is "what specific problem does this hack address?". For practical purposes, the big one is:

1. iTMS users were prevented from taking the music they'd downloaded, and then distributing it freely and widely by e-mailing it to all their friends or posting it on Kazaa.

Are there any others? Is there something I'm missing? I'm aware that the iTunes software requires you to re-order your playlist after burning it ten times, but is downloading a DRM stripper really a better solution than just reordering your playlist?

For now, I'm siding with what some others have said: Apple has gone out of their way to create a usable, affordable service with easy-to-live-with DRM. Their success has hopefully helped convince rightsholders that online distribution can work. Apple doesn't deserve to be pissed on like this.

Whats the point?

[GabrielF]

There are plenty of programs out there that will capture your computer's audio output. WireTap for example is a free Mac utility from Amrbosia that does this. You can also burn your music to audio CD and re-rip it as an MP3. I don't see why this is a big deal. Apple's DRM is fair and people who buy songs from iTunes already have the opportunity of using something like KaZaA but have chosen not to. This isn't going to make any exclusive content available on KaZaA or anything. Reading the description I think the whole point is just to try to humiliate Apple and the music industry. If thats the case its a bad thing, because Apple is FINALLY turning the music industry around on digital music.

I don't know about this

[marderj]

Apple has been pretty liberal with their protected aac files compared to some other digital music retailers. Play on up to 3 computers, burn to cd, play on iPod. I've bought about 250-300 songs from iTMS and have never been inconvenienced by their DRM. Do you think their DRM being cracked might change any of this? I can just imagine the RIAA trying to use this as an excuse to implement some sort of draconian measures. For years now people have been screaming for fair online digital distribution. We finally get something that works well and is fair on both sides and some jackass cracks it. I sort of feel like next time the RIAA dupes some ignorant senator into introducing some insane bill that completely infringes on our rights we're not going to have a leg to stand on. Apple gave people what they asked for, then got shit on. What does everyone else think?

Re:I don't know about this

[X_Bones]

You've hit the nail right on the head; you should get modded up all the way. If I can pay a buck a song and be able to play the file on my computer, burn it to a CD, and listen to it on an iPod, I'd say that's a pretty good deal. But this guy (who really, really should have known better after everything he's been through) releases a tool to strip DRM info from a song, and putting the code and ideas into the the hands and heads of anyone who wants it, and for what reason? For free distribution, I assume, or lossless conversion to MP3 (as opposed to burning and re-ripping it). Neither of these grant you too much more freedom of action (without breaking any laws, at least) beyond what is allowed already.

So yeah, you're right, we cried and cried for a cheap and legal way to buy music over the internet, and now this idiot goes and cracks the DRM of the most liberal licensing scheme he could find. The RIAA is gonna scream bloody murder and foist more legislation on us, and I'm probably going to agree with them.

Re:I don't know about this

[Dixie_Flatline]

You don't have to use iTunes, you know. You don't have to buy Apple's music at all. What Apple is selling you is music that has to be listened to using their software and hardware. That's the ACTUAL product that you're getting. If you don't like the product, don't buy it, and don't ruin it for the rest of us. I hope Apple shuts this hole quickly so I don't have to put up with the RIAA imposing some draconian measure that only lets you play the songs on one computer during a full moon with four lawyers looking over your shoulder. It hasn't even reached Canada yet, and you're already trying to make it so that nobody has any right at all.

Oh, and don't give me the line that you're doing this as some sort of protest and this is all very altruistic. Altruists don't hide in their basement, quietly breaking the law. If you're going to protest, get on the news. Shout your name and address to the heavens, say that you're going to keep doing this until your rights are acknowledged, and music is as free as you believe it should be. Breaking your terms of agreement with Apple in the safety of your home doesn't impress anyone, and doesn't get anything done.

Re:I don't know about this

[MoneyT]

Ok, I'm sorry but this is a little short-sighted. Just because you happen to like iTunes doesn't mean that the rest of us do. People who use multiple OS's can't use the files. I can't use them in my MP3 player or in my Discman that plays MP3 CD's.

Jesus I''m sick and tired of hearing this shit over and over again. Look, the AAC files are designed to play on devices with AAC playback ability. If your portable won't play it, bitch at the manufacturer. Second, CDs won't play on my portable casset player, cassets wont play on my portable CD player and my CDs won't play on my iPod. You know what I do? I fucking convert the format like I always have and just like you can do with iTMS files. Jesus you people are whiney.

What DRM issue does this really fix, though?

[snStarter]

I don't get it. You can burn your own CD from the QT files you buy from the iTunes store right? And after they are on CD you can make MP3s of them and do what you will, no DRM associated with them.

So, beyond the rather adolescent desire to hack the encryption, what problem does this solve? There's just no reason. Once they're on CD it's as if you bought them at the store.

It's just ego.

Re:QuickTime hacked, not Apple DRM cracked

[Blymie]

You can't beat an army with a stronger will and with greater numbers. It's why the US lost in Vietnam and why things will always be cracked. You can't beat an army of pirates (some perhaps academics) willing to crack for free.

Unless, of course, DRM makes it into all hardware, computers are sold with locked operating systems that can not be overridden, and Hollywood sees its dream of a completely controlled computer come to light.

doesn't mean anything

[austad]

Just because it's cracked doesn't mean a damn thing. Think about it, all of those songs are already available on P2P networks and newsgroups already. Most of them with superior bitrates.

Just because someone else puts up an AAC of the file on P2P doesn't mean that it's going to cause people to download more illegally. If someone was going to steal the music, they'd just do it with MP3 or OGG, or whatever flavor is already out there.

Think about it, this really does nothing to hurt Apple's business model. The percentage of people that are going to somehow benefit from a ripped AAC file and decide not to buy it from Apple instead is so low that it's insignificant.

What this does mean though, is that I can now play my purchased music on my Linux workstation, and possibly get a portable player that's not an iPod that will play these. I'd say QTFairUse is an excellent name for it, because that's certainly what I'm going to use it for.

Plus, why would one buy music from Apple, only to give it away to total strangers for nothing. I wouldn't. They way I see it, I paid for it, and if you want it, go buy your own.

Apples Fence

[fsterman]

The _very_ nice thing about Apple is that this stuff doesn't matter too much. It would be simple to convert all those AAC's into something else (be it mp3, AIFF, or even a higher AAC and back down) to get rid of the DRM. It's called a fence, you can jump it or you can respect it. Unlike most schemes that require complicated check in and out Apple had the guts and financial sense to do something that will satisfy both sides. It will be interesting to see if the notorious Apple legal will go after this. From what I remember they didn't bust down on people that extended the iTunes music sharing beyond the LAN.

NO!

[herrvinny]

No, people, this is NOT a good thing! Can't people figure out when there's a good thing happening, that they should sit the hell down and let it be? Think about it. Apple's DRM was pretty easy to break, just write the songs to CD and rip them back, without DRM. But the RIAA will use this as an excuse to put more and more DRM, more and more legislation. They'll say, "Well, whatever the computer industry puts out, hackers break it, so we need more legislation." And the Senate, House, and Bush will sign anything into law! Come on people, this is a bad THING!

Re:BFD

[joekra]

t's also noteworthy that similar code has been circulating quietly for quite some time on the Mac side. Anyone with even moderate knowledge of the QuickTime APIs could implement code to do this with minimal effort. It's trivial. I myself have written code that re-encodes the protected AAC's to MP3 so that I can play them on an old Rio that I still use sometimes.

No! No! No!

You don't think this is interesting because you do not understand what it does.

The Mac tools/code you talk of takes Protected AAC, decodes it to raw Audio (PCM/AIFF) and then Reencodes it.

This takes Protected AAC to Unprotected AAC. No transcoding (no loss of quality) involved.

Re:Maybe they'll figure this out someday

[X_Bones]

I don't think that computers remove the profit from producing music, just from distributing it. As long as there's a demand for music, artists can sell it for some price and make a living from it. But with iTMS, Amazon's recommended lists, fan bulletin boards, and so on, there's no need any more for a massive information and distribution network like the RIAA. People can find what they like and hear about other music from people with related tastes, and they can do this on their own. I think that's probably the biggest threat to the RIAA: informed consumers.

But I guess as long as they have money and are able to buy politicians, they'll stick around.

Re:QuickTime hacked, not Apple DRM cracked

[Erioll]

It makes piracy a hassle for whom? Certainly not the pirates. They'll just go on sharing perfectly unenecrypted files.

DRM only inconveniences the people who are paying for their music.

Exactly. In reality, there are only a few types of people out there in terms of music, and piracy in general:

• Die-hard Piraters: These people will pirate whatever they can, from whatever source. They pay for nothing, ever, be it software or music, movies, etc. VERY legally Liable
• Convenience Piraters: If it's easy, and they think that the legal way of getting it is too expensive/inconvenient/restricting, they'll pirate stuff, but only at near-zero risk of getting caught. Only really liable to RIAA, and not worth pursuing.
• Non-pirates, but Hackers (us): Won't do it because their morals actually tell them that even if it IS easy, if there is NO chance of getting caught, it's still wrong, and so they don't pirate anything because of morals, but wanting to help the little guy too.
• RIAA and MPAA Lackeys: These people are the absolute angels to people like the MPAA and the RIAA. Do what you're told, buy our things at our terms, and we'll all be happy. Ya right, but they do exist, and at least they are safe from lawsuits (probably, but DMCAv2 and other things may make even the innocent guilty).

The first group are NOT in large supply, but do provide a fair amount of content you otherwise wouldn't see, like movies out before they are in theatres, cracked full versions of expensive software tools (almost any Adobe product), etc. These people are NOT going to be stopped by anything short of MASSIVE inconvenience to pirate something, or uselessness even if they did. CD Keys for Online Play are a good example of foiling these people, at least to a degree. Games that have MOST of their value online (Quakes, *Craft, etc) will lose relatively fewer players to piracy, since the CD Keys will keep the online stuff straight (for the most part. I know that there are workarounds, etc, but this is in general).

The Second group, of what I call "Convenience Piraters" is quite a large group. Most people who download music that they didn't buy fall into this catagory. They are also the group that is most easily targeted by Online Music Services like iTunes. Most times, the things pirated by them they see as not hurting anybody, and/or that it's overpriced anyways (music fits this perfectly). A moral discussion about this is a whole topic in itself, but most of these people don't see what they are doing as really "wrong", or else they probably wouldn't do it, because they are basically good people.

The Fourth group of Lackeys is self-explanatory.

US! Some of us sometimes fall under Convenience Pirates, but most of the time we don't. But most of us believe in Fair Use, and we make many great tools that let us use our LEGALLY obtained media and other things. MPlayer should be completely legal everywhere, as any other "player" should be. Same thing as DeCSS. The first group of rampant pirates use tools like DeCSS to pirate and hurt people, but people like us use them for playing our stuff, not distributing it to 100k people.

We are the most misunderstood group, but also often the easist to target with lawsuits, like Jon Lech Johansen with DeCSS, and recently with the iTunes crack. We want to use our legally purchased stuff however we want, and even though bad apples (that first group again) will misuse it, that doesn't mean that it should be illegal.

It is ironic how Sony went to bat for the consumer in the BetaMax case with VCRs, and is now on the RIAA's side for music. These companies need to realize that if iTunes distributed music in OGG format, that piracy would not go up much, if at all. People would be HAPPY with what they have, and any distribution of such files would be 100% illegal, with NO legal middle ground. (For those who don't know, in the early da

Re:QuickTime hacked, not Apple DRM cracked

[adrianbaugh]

That comment shows why DRM is nothing to do with fair use.
If you bought a DRMed track then fair use probably allows you to re-encode it as a non-DRMed track for personal listening on a machine that can't cope with DRMed tracks.
However, being able to remove the DRM from a file doesn't give you the right to redistribute the content (via kazaa or whatever) whether you bought the track or not.
DRM systems that can be rendered useless by the breaking of a single version of a single player application are useless as a means of prevention of the redistribution of copyrighted material - you can bet that if a vulnerable application exists the big-business pirates will get a copy of that application. As it stands the DRM on DVDs has been rendered useless; the DRM on Apple's AAC files may be about to be rendered useless; I wouldn't bet against Microsoft's WMA being broken at some point (it only takes one faulty version of Windows Media Player, remember). DRM has not, does not and will not prevent commercial 'piracy'; it just restricts the utility of digital media formats to the average consumer.
This is why, even back in the day, the DeCSS case[0] was so important. It demonstrated that DRM mechanisms were only as robust as their most fragile player application (and therefore, given that software is inherently buggy, fundamentally unsound as an honest business method).

Apple's DRM does get in the way

[sjonke]

For most the limitations of the iTMS tracks probably isn't an issue, for me it is and as such I choose not to buy music from it, instead to buy a CD and rip to unprotected AAC. We have more than 3 computers I would like to be able to play music on. An older iMac hooked up to the stereo which is the main in-home music box. A computer that is destined to reside in the trunk of my car hooked up to the car stereo. A PowerBook that I use commonly to play music at work and an older iBook that gets used to play the music from the iMac elsewhere in the house. I can't use all 4 for Apple DRM'd music. Why not? They are our computers and its our music and I should be able to play the music on any of them. Why only 3 allowed? If the number were 100 it would be just as effective at stopping mass distribution and such a number really wouldn't limit legal owners of the music.

As such I look forward to a completed version of this tool and its availability on the Mac (though I presumably could run the Windows version in VirtualPC). Not to get music from others (as has been noted it wouldn't offer anything you can't already get via other easier means) but to allow me to use music purchased on iTMS as I see fit and without audio quality loss. Indeed the availability of this tool would make me reconsider purchasing music from the iTMS - currently there's compelling enough reasons to no do so and so I don't.

Re:Maybe they'll figure this out someday

[b-baggins]

Today's wants are tomorrow's needs. You really ought to read some Adam Smith.

The desire for goods and services will never go away. When food becomes free, people will take that money and spend it on other things. When those things become free, people will spend it on yet other things.

If robots manufactured every material thing in the world for free, people would pay money for ideas. Or for the human touch of service, or for the nostalgia or curiosity of non-robot manufactured items.

To want is a basic foundation of human nature. To say that some day we will never want (which is basically what your post maintains), is to completely ignore a fundamental human trait.

But its probably irrelevant...

[tkrotchko]

Because if you're intent on pirating commercially, you'll just buy the CD in the first place. What's $12 for a CD if you're intending on ripping off the thing and selling it illegally?

This is kind of a tempest in a teapot, really.

Re:Way to go

[Bob9113]

This isn't about fair use any more. This is about "fuck over any company that uses price tags."

This is the most rational statement I've seen in this thread so far.

You are exactly right. The natural price of copies is zero. The market is moving toward that natural price (though you have found a more colorful way to express this economic identity). The cost of copying IP is zero. Therefore, the natural price of copies is zero (the natural price in an economic system is equal to the unit cost of production).

This entire argument has lost every last shred of whatever legitimacy it may have once had.

On this I must disagree. It is just now gaining the very first glimmer of legitimacy. When people were claiming that it was just a matter of having the right feature-set to make the consumer want to pay a non-zero price for a good with a zero unit cost of production, it had no legitimacy.

I'm not saying this is a good thing (though that is also true, but requires a much longer discourse on price theory), but it is as true as gravity.

WHY!!!! Do you WANT the RIAA to win???

[falcon5768]

Cause thats all a hack like this will do.

honestly we cant beat the RIAA, there is no way in hell unless california falls off the face of the earth (sorry to all those nice californians) , they are WAY too strong.

SO Apple plays nice, they give us fair use, but give them the controls they want, but ONLY controls that limit trading, really if you need your songs to be on three computers at the same time, you have problems, but you can burn them and put them on as man iPods as you want. It's your music, you just have to make sure it stays YOUR music.

So what do some of us do, PROVE that the whole lot of us are diviants and hack the freaking DRM, PROVING the RIAA right that they shoulkd have tighter control.

They win. They couldnt win if Apple proved a DRM model could work and still could give the users the rights they where garenteed to have. But this proves that people dont care, they are willing to hack things and now willfully break the law (since it IS illegal to hack DRM files acouding to the DCMA no matter how flawed the law is) letting the RIAA say "See we need more control," and getting it, instead of them saying "See we need more control," and being asked why cause there is a proven model that shows they dont need it.

WAKE UP EVERYONE, THE FREE NAPSTER RIDE IS OVER, If we want a feasable working internet media model that allows us to have films and music, and anything else, we have to make sacrafices.

It's just like free speech, we all want it but the minute someone says something we dont like we try to censor them, and we cant. IT DOSEN'T WORK BOTH WAYS.

There goes a lot of good things...

[kageryu255]

Great. I bet this completely hoses the Thanksgiving vacations of a large number of Apple employees. I wonder how many people in legal, software engineering, QA, and the make-nice-with-the-record-companies departments just had their plans for the week yanked right out from under them.

Not to mention that this really damages a Good Thing.. even the most zealous anti-DRM person has to be able to understand that'll be easier to get the record industry to loosen their frantic grasp one finger at a time than to try to wrest their precious billions away from them and force drastic change. Yeah, bad for the big companies, big deal... but bad for the artists, bad for the Apple employees who worked their butts off to create this, bad for the end users when the record companies start calling it a failed experiment.

I have sympathy for those who have difficulty with Apple's DRM terms. I hit the 3-computer cap myself... 2 machines at work, 1 laptop at home, 1 desktop at home, my girlfriend's tower... However, I have NO sympathy for people who bitch about it like Apple's out to ruin them. That clause about Apple reserving the right to change the terms whenever they want? If a huge petition is delivered to Apple politely clamoring for that limit to be raised to 4 or even 5 computers, who's to say they wouldn't do it, or at least try to convince the record companies? People who complain about it not being international? If they missed it, I suggest they check into the news that Apple is in heavy talks to get iTMS launched for international customers. If they saw that news and ignored it, then they should STFU.

The iTMS isn't Apple out to rip off customers.. Apple has publicly admitted it's not a profit generator. It's there as an innovation, a jedi hand wave to get the record companies to realize there is a better way, to start them willingly down the path to change. I know a lot of people who spent 80+ hour weeks getting the iTMS launched, and their biggest fear was that someone would break the FairPlay system and bring it all crashing down.. while the impact to sales is hard to predict, how can these paranoid record companies who have til yet regarded online music download services as their big enemy (even if they're just a scapegoat for their own mistakes) learn to embrace this new technology that can be good for everyone?

Trying to force revolution upon the record companies will just make them lash out, act irrationally, and fight all that much harder. It's better to get them to decide that what consumers want really is the right path. They have to make that decision.. then they think it's their idea, and they're much happier to go along with it!

My opinion all boils down to one Japanese proverb about three feudal warlords:

What if the bird will not sing?

Nobunaga answers, "Kill it!"

Hideyoshi answers, "Make it want to sing."

Ieyasu answers, "Wait."

Which of these is going to be the most effective? I guess your answer has a lot to do with your personality and the techniques you use to attain your goals.. but in feudal Japan, I think it's fair to say that Nobunaga's power was dramatic but short lived, Ieyasu's was complete but he had to wait quite a long time.. in fact, until everyone else had disappeared... Hideyoshi's story was the most impressive as he rose from a farmer's son employed as a sandal-bearer to absolute ruler of Japan.

(OT: If that story intrigues anyone, check out the book "Taiko" by Eiji Yoshikawa -- he also wrote one about Musashi, the swordsman famous for his strategy and two-katana techniques)

Re:TCPA loophole?

[Alsee]

As long as there's one link out there that is not controlled

Yeah, you can try to find an ISP that doesn't force Trusted Computing on you. It can be a major problem though. But you are still going to be locked out of any websites and other things that use it.

And once a signifigant number of ISP's use it they can enforce it end-to-end for the entire internet chain. Any ISP that doesn't use it could be locked out.

there will be workaround drivers, etc that will provide the challenge/response mechanisms of TCPA without the DRM bullshit.

I'm a programmer and I've studied the design. You can't work around it with drivers. The challenge/response mechanism is cryptographicly rock-solid and relies on keys locked in the hardware. Every ship has a different key and those keys can be revoked individually or every key from a given manufacture can be revoked en-mass if one of them botched their design.

Barring a major mathematical breakthrough or fully functional quantum computers, the only way to defeat the system they've designed is a serious hardware hack. One method would be to dig your key out of the crypto chip. Chemically strip the chip and read your key with a high-power microscope. You could then run an emulated TCPA system and have total control over your computer. The other approach would be to allow the crypto chip to function normally but to seize control over signals on the motherboard. I think digging the key out is probably the easier option.

Either method requires a pretty well stocked lab. A student could probably do it in a college lab. The problem is that either method really only "fixes" a single computer at a time. If you try to use the same key on multiple machines they could detect that and revoke the key. That forces you to dig out a seperate key for each computer.

The REAL fix is for the news media to pick up on the real story and for the public to reject the system. There was an uproar that killed the Pentium3 CPU serial numbers, this is far nastier. The problem is that they are going to spend a fortune on disinformation and propaganda campaign claiming that it is a good thing.

Every single argument in support of it can be shot down with a single argument: There is no possible jusification to forbid the owner from knowing his master key. Given identical hardware you still get every claimed benefit when the owner has his master key, and having your master key eliminates every possible way the system can be abused against the owner.

It is an easy and non-technical concept that the public can understand:
(1)The owner should be able to know his master key.
(2)The mere fact that you know something cannot reduce your computer's ability to protect you.
(3)Knowing your master key means that no one else can take control of your computer and use it against you.

There is absolutely nothing wrong with "new hardware", but the owner MUST be allows to have his master key.

Of course the Trusted Computing Group will never willingly agree to do this, their defininition of "trusted" is that you can't control your computer. They want to trust the computer to enforce DRM against it's owner. Their whole strategy is to market the benefits of new hardware while ignoring/concealing the fact that it does not justify denying the owner his master key.

They are/will be advertizing how good and nutritious apples are. Pointing out that they are packing cyanide pill inside isn't good enough. If we argue against poison apples we'll lose. People will buy the advertizing and take the good with the bad. We need to hit them with the argument that they are simply refusing to sell apples without poison pills. It will be a difficult argument because it is a technical issue, and they will do everything they can to dodge it. They are going to present it as an all-or-nothing package deal.

-