Slashdot Mirror
Apple's iTunes DRM Cracked?
joekra writes "The author of DeCSS is back in the spotlight with a new application called QTFairUse. The new application attempts to convert DRM'd AACs to non-DRM'd AACs on Windows machines. MacRumors has done some limited testing on it and has found it doesn't yet work as advertised... but they do offer a look into how it works."
thread here.
Belief is the currency of delusion.
I read the comments on MacRumours, and basically this program is not an Apple DRM crack but a hack for QuickTime (windows version) which dumps the decrypted AAC stream to disk before it is sent to the AAC. This is done by patching QuickTime and writing the data in memory to disk. It is easy for Apple to change QuickTime to make this app useless, but it is nevertheless an interesting approach.
That said, it is certainly possible to reverse-engineer the decryption routine in QuickTime instead of hacking the application itself. It is just a matter of time.
One day they'll figure out that computers have made the marginal revenue for producing a song ~= $0. The whole music industry needs to undergo a revolution to stay profitable and I don't think anyone has figured out what that revolution needs to be.
Hopefully this doesn't have any negative impact for the end users. It's always sad when the generic end user gets screwed because someone decided to hack/crack a product to give them additional functionality.
Why release it with your name attached to it? Didn't he learn something after the whole De-CSS trial?
I am the person who did the original testing for MacRumors. Here are the final steps:
The raw aac file that QTFairUse produces can be played in a windows app called foobar.
To play back in itunes is a little harder. One must run an application called faad.exe to fix the "atoms?" of the aac file. After that is done one must add the MPEG-4 wrappers using the program mp4creator found in MPEG4IPutils. Make sure to use the -optimize tag, or else the file will triple in size. After this is all done you end up with a m4a file with the decrypted aac content in a MPEG-4 wrapper playable in itunes.
For any question related to DeCSS or QTFairUse, you can reach Jon at jon.johansen@sealandgov.com
...
Here's a photo of his new place of residence incidentally
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
DRM in iTunes is changed. Please repurchase all of your old songs. Seriously, the DRM with Apple's music wasn't that bad. Why make it so that they have to change things around? Remember iTunes Music Sharing? You use to be able to stream from any computer to any computer. Since people didn't use it for personal use, they forced it to only work on the same subnet (thereby not allowing users at work to access music from their home machine). I wouldn't say Apple is perfect, but they're more on our side than Microsoft is.
I have no
By breaking the means the industry hopes to use to make their business viable you are only going to force them to cancel future projects which make music and other media easy for consumers to buy. Not everything can be free. Do you expect to get paid for a days work? And if Apple is forced to end their service because everyone just steals the music, then what will be left with? I will tell you. Microsoft will push a DRM-based protection scheme which is based on hardware and locks out non-Windows users.
Stop screwing these companies!
Brennan Stehling - http://brennan.offwhite.net/blog/
There are plenty of programs out there that will capture your computer's audio output. WireTap for example is a free Mac utility from Amrbosia that does this. You can also burn your music to audio CD and re-rip it as an MP3. I don't see why this is a big deal. Apple's DRM is fair and people who buy songs from iTunes already have the opportunity of using something like KaZaA but have chosen not to. This isn't going to make any exclusive content available on KaZaA or anything. Reading the description I think the whole point is just to try to humiliate Apple and the music industry. If thats the case its a bad thing, because Apple is FINALLY turning the music industry around on digital music.
The method you describe causes some loss of quality
DRM AAC -> AIFF -> AAC
This method does the following
DRM AAC -> AAC
It's being compared to an analog hole attack because it doesn't actually solve the encryption scheme, but instead lets QuickTime do the decryption, and then captures the plaintext AAC file that is stored in memory.
Truely, it's still digital at that point, so it should be called the "plaintext hole".
Apple has been pretty liberal with their protected aac files compared to some other digital music retailers. Play on up to 3 computers, burn to cd, play on iPod. I've bought about 250-300 songs from iTMS and have never been inconvenienced by their DRM. Do you think their DRM being cracked might change any of this? I can just imagine the RIAA trying to use this as an excuse to implement some sort of draconian measures. For years now people have been screaming for fair online digital distribution. We finally get something that works well and is fair on both sides and some jackass cracks it. I sort of feel like next time the RIAA dupes some ignorant senator into introducing some insane bill that completely infringes on our rights we're not going to have a leg to stand on. Apple gave people what they asked for, then got shit on. What does everyone else think?
Joy: Being able to listen to any of my songs the second it occurs to me
Sorrow: having to "authorize" myself to listen to music that I love
Joy: sharing my favorite songs with my friends
Sorrow: Having to spend hrs giving friends tech support dealing with work arounds to stupid DRM measures that make them feel lost
Joy: finding new music that I love
Sorrow: fearing getting busted for checking out someone's recomendation
Joy: art, technology, freedom
Sorrow: greedy fuckers; the constant vigilance freedom requires
Joy: Cracking the shit out of IP
Sorrow: It's come to this: having to justify it to the stupid Slashdot consumers
On a Mac, try this:
.. ..
#open itunes
#begin playing music
netstat | grep 3689
#look for multiple connections to the same computer, that's his address
#on the right and yours on the left
setenv him HISADDR
setenv me MYADDR
#en1 = wireless, en0 = wired
sudo tcpdump -i en1 -s 0 -w itunes.log src $me and dst $him
#begin playing each of the songs you want (only need to play a second or two)
#don't close itunes!
#hit ctrl-c in terminal with tcpdump running, it should say it captured some number of pkts
strings itunes.log | egrep "(GET.*update)|(GET.*databases)|Validation" > songs
#songs now has a list of magic cookies, each alternating line is the file or the password
grep GET songs > get ; grep DAAP songs > daap ; wc get daap
#the first two lines of first column should be the same (tested under iTunes 4.1.0)
paste get daap | egrep "GET.*items/" | sed "s|.*GET|./get_one|" > get_all
cat > get_one
#then type these next two lines, hit return, and hit ctrl-d
wget --header="Client-DAAP-Access-Index: 1" \
--header="Client-DAAP-Validation: $4" "http://$him:3689$1"
chmod +x get_one get_all
./get_all
#close itunes
#now to rename the songs to have sensible extensions
mkdir tmp
mv *mp3*session* *m4a*session* tmp
cd tmp
ls | grep session > old
tr '?=' '\t\t' < old > new0
cut -f1 new0 > new
cut -f2 new0 | sed "s|session-id|mv|" > new1
paste new1 old new > fix_all
chmod +x fix_all
./fix_all
rm old new new0 new1 fix_all
mv *.mp3 *.m4a
cd
rmdir tmp
#after loading into itunes, can use one of several applescripts to rename the filenames from 454.mp3
#some of the scripts rename *.m4a to *.mp3 - then the songs don't play. to rename them back
#move the *.mp3 AAC files to their own directory, then
ls *.mp3 | sed 's/\\/\\\\/g' | sed 's/\$/\\\$/g' | sed 's/"/\\"/g' |\
sed 's/`/\\`/g' > files
cat files | sed 's/^/mv "/' | sed 's/\.mp3/.mp3" "/' > old
cat files | sed 's/\.mp3/.m4a"/' > new
paste "-d\0" old new > fix_all
chmod +x fix_all
./fix_all
rm files old new fix_all
With great power comes great fan noise.
I don't get it. You can burn your own CD from the QT files you buy from the iTunes store right? And after they are on CD you can make MP3s of them and do what you will, no DRM associated with them.
So, beyond the rather adolescent desire to hack the encryption, what problem does this solve? There's just no reason. Once they're on CD it's as if you bought them at the store.
It's just ego.
I bet Apple would like this to some extent. This could mean that content that people buy from Apple is worth even more to the purchaser than before, without any [direct] cost to Apple. I'm sure Apple would have wanted DRM-less content, but that would not have been a reasonable deal with the RIAA/copyright holders.
Maybe I'm wrong though.
I thought that Jon was innocent, that he didn't actually write DeCSS but had help distribute it?
I'm curious.. did he do this for a similar reason as the one he claims he created DeCSS for - namely to play back DVDs on Linux ?
:)
I can't seem to find it in any of the articles, nor in his blog.
If there is no similar reason, does that mean that the reason of DeCSS's existence should be reviewed ?
Was 'hollywood' right, and he really just wanted digital dumps of the movies, just as - seemingly - he just wants a non-AAC'd digital dump of the music here ?
Not inciting a discussion on whether people should be allowed to do this in the first place - that's a whole other discussion
Just because it's cracked doesn't mean a damn thing. Think about it, all of those songs are already available on P2P networks and newsgroups already. Most of them with superior bitrates.
Just because someone else puts up an AAC of the file on P2P doesn't mean that it's going to cause people to download more illegally. If someone was going to steal the music, they'd just do it with MP3 or OGG, or whatever flavor is already out there.
Think about it, this really does nothing to hurt Apple's business model. The percentage of people that are going to somehow benefit from a ripped AAC file and decide not to buy it from Apple instead is so low that it's insignificant.
What this does mean though, is that I can now play my purchased music on my Linux workstation, and possibly get a portable player that's not an iPod that will play these. I'd say QTFairUse is an excellent name for it, because that's certainly what I'm going to use it for.
Plus, why would one buy music from Apple, only to give it away to total strangers for nothing. I wouldn't. They way I see it, I paid for it, and if you want it, go buy your own.
Need Free Juniper/NetScreen Support? JuniperForum
The _very_ nice thing about Apple is that this stuff doesn't matter too much. It would be simple to convert all those AAC's into something else (be it mp3, AIFF, or even a higher AAC and back down) to get rid of the DRM. It's called a fence, you can jump it or you can respect it. Unlike most schemes that require complicated check in and out Apple had the guts and financial sense to do something that will satisfy both sides. It will be interesting to see if the notorious Apple legal will go after this. From what I remember they didn't bust down on people that extended the iTunes music sharing beyond the LAN.
Is there anything better than clicking through Microsoft ads on Slashdot?
(posted anyonymously for the usual reasons)
Another way to do this is with the Compressor program (by Apple) included with Final Cut Pro. Just drag the DRM'd AAC file into Compressor, choose AAC from the menu, and watch as it transcodes to unencrypted AAC. You can convert that to MP3 from iTunes if you want, or write up a little AppleScript to automate it. The only downside is that you lose the metadata tags (you could probably decode that format and write an application to convert them to IDv3 tags), but it works pretty well.
Note: I'm posting this not because of any hatred for Apple, but because I like to be able to listen to my music on my SliMP3 and this is the only way to do so besides burning and ripping from a CD.
No, people, this is NOT a good thing! Can't people figure out when there's a good thing happening, that they should sit the hell down and let it be? Think about it. Apple's DRM was pretty easy to break, just write the songs to CD and rip them back, without DRM. But the RIAA will use this as an excuse to put more and more DRM, more and more legislation. They'll say, "Well, whatever the computer industry puts out, hackers break it, so we need more legislation." And the Senate, House, and Bush will sign anything into law! Come on people, this is a bad THING!
t's also noteworthy that similar code has been circulating quietly for quite some time on the Mac side. Anyone with even moderate knowledge of the QuickTime APIs could implement code to do this with minimal effort. It's trivial. I myself have written code that re-encodes the protected AAC's to MP3 so that I can play them on an old Rio that I still use sometimes.
No! No! No!
You don't think this is interesting because you do not understand what it does.
The Mac tools/code you talk of takes Protected AAC, decodes it to raw Audio (PCM/AIFF) and then Reencodes it.
This takes Protected AAC to Unprotected AAC. No transcoding (no loss of quality) involved.
Apple does EXACTLY WHAT EVERYONE SAID THEY WANTED and they still get fucked over.
This isn't about fair use any more. This is about "fuck over any company that uses price tags."
This entire argument has lost every last shred of whatever legitimacy it may have once had.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
You also don't seem to know what fair use is.
Fair use is anything that, in light of the four factors listed in 17 USC 107 (or via judicial tests that predate that codification) is fair.
The examples given in 107 are NOT blanket allowances. They're illustrative of the sorts of things that might classically be fair use. That's why it says 'for purposes such as' and not 'only for purposes of.'
Reproducing and distributing otherwise infringing copies on street corners may not be infringement if it's fair per the four factor test. And yet there have certainly been educational and news reporting infringements that were not fair uses.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
The hack allows you can get an unprotected AAC from a protected AAC losslessly. Using the audio CD method would require re-encoding and the use of a CDR. I agree that it's not as neat as DeCSS, but it does provide a better quality unprotection mechanism than was available before.
my blog
No need for Final Cut Pro, you can do a similar thing with iMovie. To avoid being redundant, but at the expense of seeming narcissistic, I'll link to my earlier post.
Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
For most the limitations of the iTMS tracks probably isn't an issue, for me it is and as such I choose not to buy music from it, instead to buy a CD and rip to unprotected AAC. We have more than 3 computers I would like to be able to play music on. An older iMac hooked up to the stereo which is the main in-home music box. A computer that is destined to reside in the trunk of my car hooked up to the car stereo. A PowerBook that I use commonly to play music at work and an older iBook that gets used to play the music from the iMac elsewhere in the house. I can't use all 4 for Apple DRM'd music. Why not? They are our computers and its our music and I should be able to play the music on any of them. Why only 3 allowed? If the number were 100 it would be just as effective at stopping mass distribution and such a number really wouldn't limit legal owners of the music.
As such I look forward to a completed version of this tool and its availability on the Mac (though I presumably could run the Windows version in VirtualPC). Not to get music from others (as has been noted it wouldn't offer anything you can't already get via other easier means) but to allow me to use music purchased on iTMS as I see fit and without audio quality loss. Indeed the availability of this tool would make me reconsider purchasing music from the iTMS - currently there's compelling enough reasons to no do so and so I don't.
--- What?
Sometime in the Windows Media Player 7 or 8 era I decided to start ripping my legally purchased (or licensed?) collection of CDs for listening while at my computer. I did not share these files with any one else nor did I listen to it in two places simultaneously. At the time the default media encoder produced rips with DRM.
I then made the poor choice of upgrading from Win2k to XP with no expectation that it would have any effect on the hours I spent ripping my collection to my computer for my use. Perhaps it is the price of stupidity, but my online collection was rendered immediately useless because WMP decided I was on a new computer and therefore had stolen my rips from myself.
I have been a very satisfied user of iTunes/iTMS and have spent considerable money purchasing from iTMS. Under iTunes Advanced menu there is an item "Deauthorize Computer...". I fear even selecting this item and unwittingly invalidating hundreds of USD in iTMS purchases. I also have no idea what will happen should I decide to upgrade my CPU, add a drive, or even change the IP address of my machine. Or, perish the thought, have to reload XP because I have the poor taste to run Outlook or IE. Suffice to say, all of my iTMS purchases have been burned to CD-R because I'm not quite that stupid.
So here is one legitimate user who wants to not run afoul of the RIAA who may end up with direct losses because I don't have control over my purchased product.
Because if you're intent on pirating commercially, you'll just buy the CD in the first place. What's $12 for a CD if you're intending on ripping off the thing and selling it illegally?
This is kind of a tempest in a teapot, really.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
People are _obviously_ willing to pay (oh, say, about $.99) for good download speeds and high-quality encoding. Most people who use the Music Store don't care that it's "legal" or "right" or whatever. Apple just found the right price point for what they offer -- a better user experience than the free services like KaZaa, Gnutella, etc.
However... I have had some very annoying problems with the iTunes DRM recently. Got the main logic board replaced in my laptop (by Apple) and suddenly couldn't play my purchased music. Couldn't re-authorize because I'd already authorized three machines and now one was gone forever (didn't know in advance that they'd be replacing the logic board, or that I would lose my rights if they did). Had to email support and wait about 48 hours to get my music back by deauthorizing the other computer. And they warned me that "we don't normally do this".
Another time I wanted to email a song to a friend -- I thought he'd like it and maybe buy the album. Of course he couldn't play it. Nice.
More recently I purchased music and I was _never_ able to play it -- I'm told it's already authorized on three machines even though I've yet to play it once. Whatever. I guess I have to contact Apple support again.
I don't feel this is really Apple's fault -- they've done as well as you can with DRM, but the fact is that it just sucks. I now realize that I paid for an _inferior_ product to what I could have gotten for free. I would rather download a bit slower, get a lower bitrate, and be able to use my damn music like I can with any other medium!
Now, if they combined high-quality, fast dowloads, and free usage, then most people would STILL buy the the songs for $.99 and they would actually be happy with their purchase a year or two later when they've had to move it across machines or whatever other diallowed activieties that we normally do without thinking when using CD's or whatever. As it is, I think people will sour on this over time.
Okay -- I'm rambling now, but the point is that they'd be doing at least as well without the DRM, and customers would be happier longterm. That's how they should be competing with P2P -- not by putting out products that are superior in some ways and vastly inferior in others.
Stupid RIAA. I'm glad to pay for what I want if you offered it. As it is I think I'll go steal some RIAA music. Or buy some independent stuff.
Cheers all.
By breaking the means the industry hopes to use to make their business viable you are only going to force them to cancel future projects which make music and other media easy for consumers to buy.
It is not possible for DRM to work. That's what researchers have been saying since day 1. If I can hear it, I can record it. These cracks aren't happening because people are unethical, they're happening because DRM is an inherently flawed idea. It's like asking people not to use pop-up blockers. Using an inherently broken technology in a way that is unpleasant to the end user is not ever going to stand the test of time. Even should police force be used it won't last forever - eventually the economic will of the consumer will be satisfied.
This is not unlike the lesson learned from the dot-coms. It has to be both technologically practical and an improved satisfaction of wants or it will not work. Having one and wishing really hard that the other was true is like trying to sell the electric cars from the 1980's.
The economic model behind music has got to change. Per-copy sales is not possible when copying has an arbitrarily close to zero cost. You can't charge for something that costs nothing.
Stop-Prism.org: Opt Out of Surveillance
Or do you claim that communication with the Internet of the future will require the TPM to be turned on?
Cisco, Symantec, and Trend Micro have issuded press releases about new routers that will deny you an internet connection if you aren't running Trusted Computing.
Of course they advertize it as an anti-virus measure. Even the slashdot story got it wrong: Cisco Working to Block Viruses at the Router. These routers do not block data. They require you to be running Trusted Computing and then they can be further programmed to check that you are running specific anti-virus software using remote attestation.
Cisco's Network Admission Control program would enable companies to install on every PC and mobile device a client, called the Cisco Trust Agent, which could attest to certain levels of security...
However, the technology won't work unless security software can tell the Trusted Agent application the current state of security on the computer or mobile device.
The technology might also spur sales of PCs and devices that use trusted-computing hardware--controversial technology that uses encryption, special memory and security software to lock away secrets on a PC from prying eyes...
"We need a trust boundary between the network and these devices, and the system needs hardware and software to do that,"
Sure, they are advertizing it for corporate network use, but can anyone really doubt that ISP's will start installing them and requiring you to run Trusted anti-virus software as part of the terms of service?
If you don't submit to Palladium / TCPA / whatever, then you will be denied any internet connection at all.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
honestly we cant beat the RIAA, there is no way in hell unless california falls off the face of the earth (sorry to all those nice californians) , they are WAY too strong.
SO Apple plays nice, they give us fair use, but give them the controls they want, but ONLY controls that limit trading, really if you need your songs to be on three computers at the same time, you have problems, but you can burn them and put them on as man iPods as you want. It's your music, you just have to make sure it stays YOUR music.
So what do some of us do, PROVE that the whole lot of us are diviants and hack the freaking DRM, PROVING the RIAA right that they shoulkd have tighter control.
They win. They couldnt win if Apple proved a DRM model could work and still could give the users the rights they where garenteed to have. But this proves that people dont care, they are willing to hack things and now willfully break the law (since it IS illegal to hack DRM files acouding to the DCMA no matter how flawed the law is) letting the RIAA say "See we need more control," and getting it, instead of them saying "See we need more control," and being asked why cause there is a proven model that shows they dont need it.
WAKE UP EVERYONE, THE FREE NAPSTER RIDE IS OVER, If we want a feasable working internet media model that allows us to have films and music, and anything else, we have to make sacrafices.
It's just like free speech, we all want it but the minute someone says something we dont like we try to censor them, and we cant. IT DOSEN'T WORK BOTH WAYS.
"Slashdot, where telling the truth is overrated but lying is insightful."
with digital audio editing programs. Long gone are the days that require million dollor studios to be able to create a polished piece of work.
Now, a talented producer/sound guy is still needed and still requires skills. But anyone with a natural sound for music and practice can be damned good.
First, by the terms of service for the iTunes Music Store, you cannot do this. Attempting to circumvent the DRM renders your license to use iTunes null and void, and violates the terms of the Music Store, letting Apple cut you off. (Not that it matters to those who do this sort of thing.) Likewise, attempting to circumvent DRM violates the well-respected and highly loved DMCA, which could land you in jail.
:-) Nowadays, I don't. I don't agree with the RIAA, MPAA, and SPA, but I don't feel right violating copyright laws, either. I couldn't care less about my neighbors/friends/relatives/customers. If they feel like using an illegal copy of Windows, fine. (I'm a computer consultant, so it usually means more money for me fixing their computer.) But, I have ripped all my CDs to my computer, I have backup copies of all my software CDs (with the originals stored in a waterproof box in the basement,) and I often copy DVD-Videos to my hard drive so they are easier to watch later. So I like the ability to do what I want with my data, but I won't use those means to break any copyright laws. (Other than the DMCA, because I see the circumvention of DRM as a basic 'fair use' right, not as something that should be illegal.) One recent example is that I rented "Finding Nemo", but didn't get around to watching it before it was due. So I copied it to my computer, watched it the next day, then deleted it. That is considered fair use. I paid for the right to watch the movie for a limited time. I watched it, then 'returned' it (by both returning the DVD, and deleting the copy.) So I was within my fair use rights.
Second, I feel that I have purchased this music, Apple phrases it as me purchasing it (rather than 'renting' it,) so I should be able to do whatever I want with it. The same as I can do whatever I want with a CD. As long as it doesn't break copyright law. For example, what happens if, god forbid, Apple closes its doors five years from now. It's very conceivable that I could still have my current Mac in 5 years, with all my purchased music. What happens when, two months after the doors close, I get myself a nice new G7 system at fire-sale prices? I obviously wouldn't be able to authorize that computer. And the RIAA wouldn't let Apple 'unlock' all music upon closure of Apple. So they only way to get my music to work on this new computer would be to use un-DRMed copies. So I can see a perfectly legitimate use for this.
As a note on my ethics: Once upon a time, I downloaded music off the internet. I downloaded movies off the internet. (And pr0n. LOTS of pr0n...) I downloaded software off the internet. (I also used Windows, which, to me, was the worst of my transgressions.
In closing, I will probably download this utility (or a final, fully functional version,) and just keep it on a disc somewhere, for the 'just in case'. Since everything I want to do with my purchased music falls within the limits of what Apple's DRM lets me do, I have no reason to use it. But, as in my example, if I ever have a need to move my music to a new computer, and the ability to authorize computers has gone away, I would want the ability to get around it. (Look at what happened to those Divx users. Some people purchased the 'unlimited' versions, and they're worthless now that the Divx service has closed. Not very unlimited.)
P.S. Yes, this violates the iTMS terms of service. Period. The terms of service say that doing ANYTHING to circumvent DRM revokes your rights. Even burning to Audio CD, and re-ripping into MP3 (or AIFF, or AAC...) can be considered a 'circumvention', because you did something expressly to rid the music of DRM. So all of you trying to justify it by saying that it isn't technically removing DRM need to re-read the terms of service (and the DMCA, for that matter.) ANYTHING you do that ends up with a non-DRMed file is circumventing DRM.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
Great. I bet this completely hoses the Thanksgiving vacations of a large number of Apple employees. I wonder how many people in legal, software engineering, QA, and the make-nice-with-the-record-companies departments just had their plans for the week yanked right out from under them.
Not to mention that this really damages a Good Thing.. even the most zealous anti-DRM person has to be able to understand that'll be easier to get the record industry to loosen their frantic grasp one finger at a time than to try to wrest their precious billions away from them and force drastic change. Yeah, bad for the big companies, big deal... but bad for the artists, bad for the Apple employees who worked their butts off to create this, bad for the end users when the record companies start calling it a failed experiment.
I have sympathy for those who have difficulty with Apple's DRM terms. I hit the 3-computer cap myself... 2 machines at work, 1 laptop at home, 1 desktop at home, my girlfriend's tower... However, I have NO sympathy for people who bitch about it like Apple's out to ruin them. That clause about Apple reserving the right to change the terms whenever they want? If a huge petition is delivered to Apple politely clamoring for that limit to be raised to 4 or even 5 computers, who's to say they wouldn't do it, or at least try to convince the record companies? People who complain about it not being international? If they missed it, I suggest they check into the news that Apple is in heavy talks to get iTMS launched for international customers. If they saw that news and ignored it, then they should STFU.
The iTMS isn't Apple out to rip off customers.. Apple has publicly admitted it's not a profit generator. It's there as an innovation, a jedi hand wave to get the record companies to realize there is a better way, to start them willingly down the path to change. I know a lot of people who spent 80+ hour weeks getting the iTMS launched, and their biggest fear was that someone would break the FairPlay system and bring it all crashing down.. while the impact to sales is hard to predict, how can these paranoid record companies who have til yet regarded online music download services as their big enemy (even if they're just a scapegoat for their own mistakes) learn to embrace this new technology that can be good for everyone?
Trying to force revolution upon the record companies will just make them lash out, act irrationally, and fight all that much harder. It's better to get them to decide that what consumers want really is the right path. They have to make that decision.. then they think it's their idea, and they're much happier to go along with it!
My opinion all boils down to one Japanese proverb about three feudal warlords:
What if the bird will not sing?
Nobunaga answers, "Kill it!"
Hideyoshi answers, "Make it want to sing."
Ieyasu answers, "Wait."
Which of these is going to be the most effective? I guess your answer has a lot to do with your personality and the techniques you use to attain your goals.. but in feudal Japan, I think it's fair to say that Nobunaga's power was dramatic but short lived, Ieyasu's was complete but he had to wait quite a long time.. in fact, until everyone else had disappeared... Hideyoshi's story was the most impressive as he rose from a farmer's son employed as a sandal-bearer to absolute ruler of Japan.
(OT: If that story intrigues anyone, check out the book "Taiko" by Eiji Yoshikawa -- he also wrote one about Musashi, the swordsman famous for his strategy and two-katana techniques)
As long as there's one link out there that is not controlled
Yeah, you can try to find an ISP that doesn't force Trusted Computing on you. It can be a major problem though. But you are still going to be locked out of any websites and other things that use it.
And once a signifigant number of ISP's use it they can enforce it end-to-end for the entire internet chain. Any ISP that doesn't use it could be locked out.
there will be workaround drivers, etc that will provide the challenge/response mechanisms of TCPA without the DRM bullshit.
I'm a programmer and I've studied the design. You can't work around it with drivers. The challenge/response mechanism is cryptographicly rock-solid and relies on keys locked in the hardware. Every ship has a different key and those keys can be revoked individually or every key from a given manufacture can be revoked en-mass if one of them botched their design.
Barring a major mathematical breakthrough or fully functional quantum computers, the only way to defeat the system they've designed is a serious hardware hack. One method would be to dig your key out of the crypto chip. Chemically strip the chip and read your key with a high-power microscope. You could then run an emulated TCPA system and have total control over your computer. The other approach would be to allow the crypto chip to function normally but to seize control over signals on the motherboard. I think digging the key out is probably the easier option.
Either method requires a pretty well stocked lab. A student could probably do it in a college lab. The problem is that either method really only "fixes" a single computer at a time. If you try to use the same key on multiple machines they could detect that and revoke the key. That forces you to dig out a seperate key for each computer.
The REAL fix is for the news media to pick up on the real story and for the public to reject the system. There was an uproar that killed the Pentium3 CPU serial numbers, this is far nastier. The problem is that they are going to spend a fortune on disinformation and propaganda campaign claiming that it is a good thing.
Every single argument in support of it can be shot down with a single argument: There is no possible jusification to forbid the owner from knowing his master key. Given identical hardware you still get every claimed benefit when the owner has his master key, and having your master key eliminates every possible way the system can be abused against the owner.
It is an easy and non-technical concept that the public can understand:
(1)The owner should be able to know his master key.
(2)The mere fact that you know something cannot reduce your computer's ability to protect you.
(3)Knowing your master key means that no one else can take control of your computer and use it against you.
There is absolutely nothing wrong with "new hardware", but the owner MUST be allows to have his master key.
Of course the Trusted Computing Group will never willingly agree to do this, their defininition of "trusted" is that you can't control your computer. They want to trust the computer to enforce DRM against it's owner. Their whole strategy is to market the benefits of new hardware while ignoring/concealing the fact that it does not justify denying the owner his master key.
They are/will be advertizing how good and nutritious apples are. Pointing out that they are packing cyanide pill inside isn't good enough. If we argue against poison apples we'll lose. People will buy the advertizing and take the good with the bad. We need to hit them with the argument that they are simply refusing to sell apples without poison pills. It will be a difficult argument because it is a technical issue, and they will do everything they can to dodge it. They are going to present it as an all-or-nothing package deal.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Price isn't necessarily determined by costs, it's determined by what the market will bear. If the market will only bear 0 price music, then the system has broken down, and the opportunity cost of spending most of your time as an artist will become much steeper. We would dry up the primary pool of capital available that enables artistry as a profession instead of a hobby.
This is not, in my opinion, in the interests of society, it's a tragedy of the (creative) commons.
On the face of it, there needs to be recognition that all intellectual works are services, not products. This recognition could imply free copies as the norm, not the exception. But then we have a problem: the master copy costs $X to make and such costs (plus profit, which is really just a future cost) must be covered to create an economic system.
The current system does this inequitably, but in an arguably much simpler manner than any potential alternatives: universal licensing, subscriptions, or perhaps, a capital-market model where you give the artist money after the fact to keep them making their art (whether software, music, etc.).
I haven't heard of other viable alternatives from this crowd.
-Stu
there is an easy crack. Two PCs, one secure, one not. insecure transparently forwards the challenge to the secure and sends back the response.
It doesn't work. You'd capture the entire conversation, but it is pure encrypted garbage. The data is encrypted with a key locked inside the crypto chip on the "secure" PC. The computer transparently forwarding the data doesn't have the decryption key thus it can't understand any of the data passing in either direction.
The only way to beat the system is with an extremely sophisticated hardware hack to the motherboard or by chemically peeling your crypto chip and reading your key out with a microscope.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Clever a troll you are.
No, and I DEFY you to refute anything in this post.
fabled rights breaching technology?
Do you have any idea how Trusted Computing works? I'm a programmer. I have read the design specifications.
It is a very technical issue and there is bad information flying around on both sides, but I have boiled it down to one simple and unbeatable argument. There is absolutely nothing wrong with the "new hardware". The sole problem is that the "new hardware" keeps your master key locked up inside and the owner is forbidden to know his master key. This leads to three points:
(1) Assume two identical computers with identical hardware. The first one is "Trusted Computing" and you are forbidden from knowing your master key. The second one is "new hardware" and you know your master key. There is NO POSSIBLE WAY that the first computer can protect you that the second one can't do just as well. The second computer preseves EVERY claimed benefit.
(2) If you do not know your master key then others can control use your computer against you, such as enforcing DRM. If you know your master key then YOU have control over your computer and it can never be turned against you.
(3) The owner of the computer has every right to rip the chip open and read his key out with a microscope. Yeah, it takes a decent college lab to do so, but you have every right to do it. Once you have dug out your master key then you have total control over the system as I described. If the owner has every right to dig his key anyway then why the hell shouln't the owner simply be GIVEN his key up-front?
So (1) giving the owner his master key presevres every benefit to the owner, (2) it eliminates every abuse, and (3) the owner has every right to get it anyway.
I have no objection to the "new hardware", but there is no POSSIBLE way to justify the design specification forbidding the owner to get his master key. The only possible reason for that requirement is to take control of the computers away from the owners. That requirement can only serve abusive purposes such as enforcing DRM against the owner.
The TCPA design specification specifically reffers to securing the system against "rouge owners". If the system were in fact designed for the owner's benefit then there would be no such thing as a "rouge owner".
These chips will be industry-standard for all motherboards. Microsoft has stated that the TCPA-chip is a component of their Palladium system. This is not a "crock conspiracy theory" - this is corporate press release. It is no conspiracy theory that the Cisco routers deny the end user an internet connection unless they are Trusted Computing compliant, it is corporate press release.
There isn't any press release about ISP's using these routers, but it *is* blatantly obvious. They are being promoted for fighting viruses and worms, what ISP doesn't want to fight viruses and worms? It will be promoted to fight spam, what ISP doesn't want to fight spam? It will be promoted to fight hackers and pirates, what ISP will refuse to fight hackers and pirates?
The only signifigant leap is about the possibility of backbone routers using it. Well, that is up to the handful of corporations that run the backbone routes. Assuming a signifigant number of ISP's have already switched over there is nothing to stop them. There will be all sorts of pressures for them to do so for all of the reasons listed above. The routers can check for far more than just anti-virus software. They can be used to enforce all sorts of contract provisions with ISP's - access rules, billing systems, bandwith limitations, anything. They have countless motivations to do so. They won't use these routers as part of a "conspiracy", they will do it out of self-interest!
But fine, lets say this never reaches the backbone. You still have a situation where all new PC's come with this hardware built in. You have ninty-odd percent of the public running whatever operating sys
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.