iTunes 4.5 Authentication Cracked

fooishbar writes "Yesterday, Apple released iTunes 4.5, which deliberately broke the 4.2 authentication scheme, which had been successfully reverse-engineered. However, crazney has been at it again, and within 24 hours of downloading iTunes 4.5, has broken the new scheme, and added more features to this library along the way. If you want to incorporate iTMS support in your program, give libopendaap a go!" Reader ScottGant submits this story about the Pepsi/iTunes promotion: "News.com has this story about Pepsi's iTunes promotion give-away. The promotion, which is slated to end this Friday, was to have given away 100 million tracks through Apple's iTunes music site. But according to Apple on Wednesday, only about 5 million free songs have been redeemed."

Only five million?

[Liselle]

That's way less than they anticipated. Only 5 million out of 100 knocked me flat. Since iTunes serves a pretty specific market, I guess that says a lot. Especially since the tracks are free. The question on my mind: how many of those 100 million winners actually reached folks? TFA mentioned something about distribution problems.

Also, about the new authentication crack: I am curious how this will impact their deal to offer free weekly songs, I'm assuming it's some sort of deal with the record industry. Today is a fairly uninspiring Avril Lavigne track (but free! I got it anyway! :P), but I have to wonder.

Re:Only five million?

[OS24Ever]

According to a lot of posts on Macrumors.com and other Mac news sites there were a lot of posts from people in the *huge* markets like New York, LA, San Fran, etc who were posting that they never found a bottle with the promotion on it.

Personally in Raleigh, NC I never saw a 'iTunes' bottle but then again I don't drink a lot of soft drinks anyway.

Re:Only five million?

[BrookHarty]

I hardly drink pepsi in the bottle, just the cans from the vending machine. The couple times I did buy bottles, the 24 ounce bottles where winners, the smaller bottles never won.

Bad thing, I never remembered to keep the bottle, I tossed it like normal. Dont know how many other people don't know, or don't care.

Re:Only five million?

[SoCalChris]

TFA mentioned something about distribution problems.

In the area I'm in (Downtown Long Beach, Ca), the iTunes bottles didn't reach most stores until the end of February. All of the stores were carrying Lakers promotional bottles instead.

Once the iTunes bottles started showing up, I won a few songs. When I went to redeem them, iTunes didn't have any of the specific songs that I wanted. They didn't have any Led Zeppelin songs, so I went looking for some songs off of a CD that my wife wants. They didn't have that either, so my caps didn't get turned in.

Re:Only five million?

[Matey-O]

Especially since the tracks are free

I only got about five free songs...See, I have this odd aversion to developing type 2 diabetes that limits the amount of sugarwater I want to drink.

Re:Only five million?

I drink Diet Pepsi, so I opted for cancer instead.

Re:Only five million?

[Mattintosh]

In the St. Louis area, the local Pepsi bottler ran a promo giving away free Blues tickets instead of the iTunes promo. Right about the same time as the Blues fired their head coach during a massive slump, which they pulled out of in time to reach the playoffs and be eliminated in the first round. Pepsi sure knows how to market their product...

I'll stick with Coke, thanks.

Re:Only five million?

[daviddennis]

I was planning to switch from Coke to Pepsi for the duration of the promotion, but as you say it's not cost-effective for heavy drinkers such as myself to buy individual bottles.

I did buy a few and I won all but one of them. I really liked the promotion and I'm sorry it's (nearly) over. There are still caps in the stores, so I think they should have extended the redemption period.

Since I wasn't able to tilt the bottle and see which bottles were winners, I thought it was interesting that I won most of them. I live in LA, and we've only had the bottles for a couple of weeks now. Perhaps they had to use up the winning caps and so a higher percentage of people here were winners.

I think they should have stuck in maybe 3 codes for each 12-pack. That would have given the heavy drinkers a chance to win. The contest as it is seems designed for light drinkers, and that's just plain silly. Why not cater to your huge customers and hope to snag a few from Coke?

(I'm afraid that I like Diet Coke in cans quite a bit more than Diet Pepsi in bottles, so from a conversion perspective this was a flop).

D

Re:Only five million?

[outZider]

What credit card requirement? I don't have a credit card, and I use the service just fine... Gift cards from Target and Pepsi free songs.

Re:Only five million?

[Golias]

No it's not.

Fat consumption has nothing whatsoever to do with diabetes. You could eat bacon 3 meals a day and not have high glucose levels. (Your blood pressure and cholesterol levels might not be so terrific...)

Type 2 diabetes is one of two things: 1. You are not producing insulin fast enough to process large amounts of glucose in the blood.
Or 2. Your body is not absorbing the insulin fast enough to do so.

In either case, when you eat foods that are quickly turned to sugar in the blood (any foods which are high in starch or sugar, including white bread and potato products, and especially sugary foods like Pepsi) your blood's glucose level goes way up, because your body can't process it. This causes all kinds of problems. Fatty foods do neccesarilly raise your blood sugar levels. You may be confused because obesity (fat tissue, not fat consumption) slows insulin absorbtion, and is a contribuiting factor to Type 2 diabetes.

Re:Only five million?

[Golias]

Diet Pepsi is not carcinogenic. Saccharine has not been used in either Diet Coke or Diet Pepsi since NutraSweet (a.k.a. "Aspartame") was introduced in the 80s.

There are all kinds of people (a.k.a. "kooks") who are now trying to tell you that Aspartame is bad for you. Funny how they came to that opinion just as NutraSweet's patent on Aspartame ran out, so anybody can produce a generic form of it cheaply.

I'm convinced that all this hand-wringing about Aspartame is driven by a desire to sell you on new sweeteners, like Splenda. Every time I "follow the money" on somebody issuing warnings about the Aspartame in Diet Coke, I discover somebody who's competing with it.

(Splenda and Sorbitol, by the way, often contain warning that "large quantities my cause mild diarrhea," by which they mean "even a few drops of this stuff will make you explosively burst out liquid faster than a fire hose within the hour, making severe dysentery seem healthy by comparison.")

Re:Only five million?

[Fnkmaster]

Agreed - like any rebate program, the redemption rates are usually quite low. And those are redemptions on 10,20 or 30 dollar rebates - the return is much more substantial than the effort invested. Though the return from this promotion is high relative to the product cost, they might have had a much higher redemption rate if they were giving away something with a higher perceived value and giving it away less frequently than 1 in 3. Though it's nice to get a 99 cent free item with a 1.29 bottle purchase, there's still the cost of remembering to hold onto the bottle cap, signing up for the service and so on to redeem it - realistically, the costs of this effort may be valued by many people at pretty close to the dollar value of the item itself.

Then, as you pointed out quite accurately, there's the system requirements, bandwidth requirements, computer-experience and application installation experience requirements, and the need to be interested in music (many people don't listen to much music, or are just interested enough to listen to what's on the radio). Frankly, I think a 5% redemption rate should be viewed as a rather decent success of this product. If they thought honestly that they'd get a 30% redemption rate, they were kidding themselves. Personally, I think I would have guessed more like 10% based on my sense of the market.

I also think the promotion would have been much more successful if it targetted regular Pepsi drinkers who drink from cans. The return from cashing in these free songs is much higher if you've collected 10-15 free songs, and I'd say the likelihood of that person getting the songs and going through the effort is much higher than the likelihood of somebody else.

I'll us myself as an example (though I'm a bad one in most ways). I am not a regular Pepsi drinker - I drink Pepsi usually only when there are no other options (i.e. no Diet Coke around). I won an iTunes cap while on the road driving from Boston to New York at a rest stop in Connecticut where they only sold bottles, and only sold Diet Pepsi. I have used iTunes and purchased probably 15 dollars worth of songs from iTunes in the past. I thought it was very cool and great that I had a bottle cap worth a dollar, and I put the bottle somewhere meaning to keep and redeem the free song. Nonetheless, I didn't really give it enough thought to be terribly careful with that bottle, and ended up throwing it out by accident when cleaning my car after the drive. Had I gotten that bottle cap upstairs and dropped it by my computer, I probably would have redeemed it at some point. So even among people interested enough, competent enough, and so on who happen to get a winning bottle cap, the redemption rate is likely to be at best maybe 50%? And that's a pretty small fraction of the population

Re:Only five million?

[Golias]

And like they say: If you can't give cancer to a white lab rat, you're just not trying.

This is annoying.

[Pave+Low]

The idea that Apple is "breaking" or "crippling" this part of iTunes is misleading. It wasn't a feature that Apple provided to begin with, and any hacks to break the DRM scheme will be thwarted by Apple eventually.

If you don't like this, you shouldn't use iTunes at all and don't buy their music because this is something they need to sell music online. Last I checked, you can just buy the CD at the store that contains no DRM at all.

Re:This is annoying.

[m0rph3us0]

First Sale Doctorine. You can do what you want with things you purchase.

Re:This is annoying.

[wanerious]

You did not purchase the song. Read the agreement. You purchase the right to listen to the song subject to the conditions outlined in the agreement. If the agreement is not to your liking, do not purchase the song.

Re:This is annoying.

[amdg]

Last I checked, you can just buy the CD at the store that contains no DRM at all.

The problem is that you never know what you are going to get when you buy a CD. Many CDs these days come with DRM that stops you from playing the songs on computers and even some stereos. And you don't know until you try it at which point the stores won't let you return it because it was opened. So given the choice between a useless, ~$15, round, shiny piece of sh... err... plastic or a ~$10 downloaded album that I can burn to a CD, copy to my iPod, or play on 5 different computers, I think the choice is obvious. The phrase "lesser of two evils" comes to mind.

Re:This is annoying.

[RatBastard]

But you knew going in that iTunes only runs under MacOS and Windows. You knew that when you agreed to the EULA. You agreed to their conditions when you signed up.

You are under obligation to abide by the terms of the agreement you entered with Apple. Apple is under no obligation to support every OS out there.

If you don't like the conditions Apple places in iTunes Music Store, including the limited number of supported platforms, don't use the service.

Re:This is annoying.

[IamTheRealMike]

People seem to be conflating two unrelated things. iTunes can stream music from its library to other clients on the network. This is entirely independent from iTMS, the music streamed by DAAP can easily be music you ripped yourself.

So really this has nothing to do with hurting Apple, or not agreeing to a "EULA", and it has everything to do with Apple cynically attempting to manipulate network effects. Your brother sharing his CD collection on the home network using iTunes? You can't use WinAmp, WMP, RhythmBox, Muine or whatever to access that, you have to use iTunes too. Then when you share your music, it cascades onwards.

This is especially true in places like homes, student flats and college networks, like the ones crazney is on. Really, Apple have no excuse for this: restricting DAAP can only have one goal and that is to use peer-power of the type that keeps Windows entrenched to give iTunes an upper hand. As such it frankly deserves to be cracked.

I know crazney. He's a good guy. We talk often - he isn't out to screw Apple or steal music. He wants to play the music on his Mac laptop using the iTunes streaming system: this seems totally fair to me.

Re:This is annoying.

[badasscat]

You did not purchase the song. Read the agreement. You purchase the right to listen to the song subject to the conditions outlined in the agreement.

I have two words for you: bull, and shit.

I don't care what their agreement says. Nobody has to "purchase rights" to "listen" to a song. If I want to listen to a song that's playing out on the street as I happen to be walking along, nobody has any right to charge me for the privilege. Conversely, nobody is allowed to sign away their rights under the law. If I sign an agreement saying "I hereby grant you the right to kill me by strangulation" that still doesn't give you the right to kill me and it doesn't give me the right to commit suicide either (which is illegal in most states).

Copyright law is pretty clear and the first sale doctrine well established. If I buy a song from iTunes, it's mine and I can do what I want with it provided I don't do anything to violate copyright law. That includes stripping the DRM to exercise my rights as expressly provided in copyright law (don't forget, fair use is not some nebulous concept someone came up with on Slashdot, it is part of the actual law).

Now, you can try to quote various things from the DMCA if you want, but that won't win you many friends around here. And I don't interpret the DMCA as overriding fair use rights anyway, and neither does anyone else I know of.

4.5 busted sharing with previous versions

[crackshoe]

my main problem with 4.5 is that it no longer allowed sharing with other itunes running boxen on my home network - the one machine i had updated to 4.5 ( my parents imac) couldn't accesss my music on the g5. it seems like a fairly annoying thing that wouldn't be particularly hard to not break for no particular reason. while i personally think theres no reason to break apple's authentication or other security features in itunes (the current permisions are more than enough for me, and i have less than 20 pruchased tracks, and only 2 machines i play em on), its nice to know that work arounds do exist.

Only 5 million songs is no surprise

[profet]

I live in NYC and have seen exactly 1 bodega with iTMS Pepsi bottles.

Maybe someone forgot to ship these things to places where people actually would use them?

Re:That was quick

[pudge]

I hope apple didnt invest too much time/money in this new fixed drm. Will these media pimps ever learn?

This isn't about DRM, it is about access to the music store, sharing, etc. outside of the iTunes application.

And despite the poster's assertion, there's no real reason to think the authentication scheme was intended to break compatibility; as most developers know, sometimes you need to make changes for other reasons that force a break in compatibility. If this WERE about DRM, I'd say it was likely, but I see no reason to think this separate change was deliberate. It may have been, but no one's given any reason to think it.

Re:Why do "free" songs require credit card numbers

[YrWrstNtmr]

That's because for a "free" song you had to give them your credit card number.

No, you didn't. I got two free, no credit card required.

No they didn't

[CptChipJew]

I've worked for marketing companies that created similar promotions for their clients. Promotions like this are created with the full knowledge that the vast majority of winning caps will be tossed. 5% is actually a pretty strong number considering the L.A. Lakers caps they had in L.A. were only redeemed at a rate of 1.2 % (You got $10 off at Foot Locker) Have you noticed that 90% of the time McDonalds announces "We're giving away a million dollars!" that you never hear about anybody winning the prize?

Re:Why do "free" songs require credit card numbers

[DiscoOnTheSide]

I dunno what iTunes *YOU* were using, but I never had to give my credit card # and I'm on free song #9 and counting...

Pepsi Redemption Rate

[MyNameIsFred]

...according to Apple on Wednesday, only about 5 million free songs have been redeemed...

I wonder what the typical redemption rate is for the Pepsi, Coke and other softdrink give aways. I know for paper coupons the redemption rate is about 2 percent. Granted alot of those coupons go straight into the trash. However, when people print coupons from the web only 20 percent are redeemed. And if someone is going to print them, you would think they would use them.

My point, is the Pepsi-iTunes rate of 5 percent unexpected?

I'm sure Apple doesn't care.

Their new strategy seems to be fixed, and it's a strict policy of lip service. If they make sure:

- The De-Fairplay utilities don't have public development sites, and instead are forced to be these little files passed around on USENET and P2P and slashdot like they're some sort of contraband, well out of the public eye

- The way things work change just *SLIGHTLY* with every minor release of iTunes, causing all the De-Fairplay utilities to have to be updated with every minor release

Then, well. The slashdotters get to keep their de-Fairplay utilities and use them as much as they want; and from the RIAA's perspective, Apple's "doing something" about piracy, because there's no longer a publically visible way to crack Fairplay, and so they don't revoke Apple's license to sell music. Everybody wins! Except our civil liberties.

Right-- fairplay still works.

This is about authentication with the itunes music store, not removing the playfair drm protection.

Fairplay still works without any changes. A "friend" did the following last night:

1. Using an old version of itunes on a pc, purchased a new song from the music store.

2. Launched VLC on the PC, and found it had no problem playing it. Checked c:\documents and settings\[username]\application data\drms and there was a new file: XXXXXXXX.005, in addition to the other two files that were already there. They had extensions .002 and .004

3. Upgraded itunes on the PC to 4.5. Bought another song. It shows fairplay v2 when you look at it's info.

4. VLC can also play this one. No new file in the drms directory was created.

5. Copied both songs.m4p and the key files from drms to the mac running the latest itunes. Put the keys in ~/.drms

6. Ran playfair (v 0.5.0) against the two songs. They decoded into .m4a files which show no protection, and play fine in VLC, and itunes.

7. Just to double check, bought a third song using itunes on the mac. Ran playfair against it (still using the keys from the PC) and it decoded and plays fine.

My conclusion is that as long as you have the keys, you can still use playfair. My friend gets the keys from the PC running VLC. I don't know if other techniques may have been broken by the new itunes.

I don't have any problem with the ethics of removing the protection. I don't-- I mean, *wouldn't* use it to illegally share the music. It's just nice to have clean files in case Apple quits developing itunes for the PC, or some other unlikely scenario.

Why so few redeemed songs...

[BRSQUIRRL]

Ii might have something to do with the inconvenience of downloading and installing iTunes, creating an account (which includes entering a credit card number), and then finally entering the code and picking a song.

But I think more importantly, the vast majority of people simply don't know much about iTunes (or don't even know what it IS). I dug a lot of "one free song" bottle caps out of the wastebaskets in our office because people didn't have a clue what they were...however, once I showed them how to redeem them, their reaction was usually something like "I can get any song I want?!? COOL!". This leads me to believe that Apple still has a ways to go in terms of public interest and awareness of the online music store scene...which is actually an exciting opportunity for them.

Re:Why do "free" songs require credit card numbers

[crackshoe]

Except you didn't have to give them a credit card to get the songs. I didn't have to put in any credit card informtaion until i actually bought a track -- after i had downloaded 18 free iTunes songs. So yes, they were actually free. You only needed to give them an email addy to create the account (or at least I did, but i used the account i'd had with apple for 2 years, so they already had my email).

5% sounds about right

[71thumper]

Given the classic assumptions on "mail-in rebates" that only 10% of the people actually bother if the amount is less than $100...5% is actually amazingly high for something that has a very narrow audience given the number of people who by Pepsi (i.e., lots of people that bought winners didn't care about iTunes).

Re:Fantastic.

Wow. That's fascinating. I never realized the Great Wall of China ended in Japan.

Good?

[wanerious]

And cracking the authentication scheme is considered ... good? I love iTunes and the iTMS. If Apple pulls out of the market because it tires of people breaking their rules out of a overblown sense of entitlement, we'll all be worse off.

Re:Good?

[IamTheRealMike]

No, but most people on Slashdot don't know what they're talking about (including you it seems).

Crazney has broken the pointless encryption on streaming things in the iTunes library to other machines on a LAN.

It has nothing to do with iTMS. Repeat after me: it has nothing to do with iTMS.

The encryption on streaming tunes between clients only serves two purposes: to try and keep people on the Apple upgrade treadmill and to force people to use iTunes on all their machines if they want to stream music between them from the iTunes library. This is your own music we're talking about here, no copyright violations are taking place.

To be frank, Apple is taking the piss with this sort of encryption, and now the piss is being taken out of them. Too bad, but it has nothing to do with FairPlay.

Re:What stopped me from downloading

[ScottGant]

You mean you missed the big honking Pepsi logo right in the middle of the iTunes home page that said "Redeem your free song here"?

How is this authentication Cracked.

[raptor21]

If a person still needs a account to login to iTMS with this bit of reverse engineered method, the Authentication hasn't been cracked!!!

Authentication cracked means that you cand take an encrypted password and retreive the plain text for and already existing account.
All this guy seems to be able to do is figure out where and how iTunes sends its login information, so he can put it in his own application.

Sounds like an ego thing to me

[Infonaut]

"Hah! I cracked it in a matter of hours!"

Ok, you're a clever guy. We get the message.

But is your ego helping those of us who would like the RIAA to see the light and start being more open in their approach to digital music?

Upgrade the other machines!

[RatBastard]

What the planet of Hell do you need a workaround for? Just upgrade the other machines! iTunes is *DUM, DUM, DUMDUM* FREE (as in beer)! Is it really so hard to upgrade a free program?

Hooray!

[cubicledrone]

It's a great day! We found a new way to screw over the one company who actually found a way to provide what everyone said they wanted: convenient, electronic distribution of music at a fair price.

But wait, that's not really what they wanted. What they really want is stores with no cash registers and libraries of thousands of pieces of music representing the creative efforts of generations of people while valuing those libraries at zero.

Oh, and they also want to complain about greed.

Re:Hooray!

[PhrostyMcByte]

Don't forget free quality pr0n, we want that too!

Dear God...

Here's a thought for you who didn't find a Pepsi Bottle with a yellow cap: TRY ANOTHER STORE. Just becaue 9/10 stores in my immediate area don't sell Sobe's Love Bus Brew, ndoesn't mean I won't travel somewhere that does.

To those who couldn't find where to insert your code on iTunes. USE YOUR EYES. It was right there on the front page: "PEPSI iTUNES GIVEAWAY." With a Pepsi logo with headphones on it. Click on it, insert your code, then it says ONE FREE SONG in the upper right hand corner. Find a song, click DONWLOAD, and it downloads it free.

To those complaining about having to use a credit card: How else are you going to pay for the songs you download? Food stamps?!

And about the DRM. c'mon people. Apple has to play the game of the law and the game of the recording industry in order to sell these things. But you tell me. How many other service let you KEEP the rights to the songs you bought, allowing them to be burned with the only restriction: Can only burn the same PLAYLIST 7 times to CD....Hell, Add or subtract a song from that playlist and you have a whole new playlist ready to burn.

People...just have no sense of reason. This is the BEST legal download service available on the market. Plus, the software is free, and is THE BEST jukebox software, on ANY platform.

Even WINBLOWS users are stating that "opinion." Should be more like fact if you compare all the others.

So

[cubicledrone]

was to have given away 100 million tracks through Apple's iTunes music site. But according to Apple on Wednesday, only about 5 million free songs have been redeemed."

So iTunes is a failure.

Let's close it up. Unplug the servers and shut down the site.

They haven't sold enough Macs either, so let's close that down too. Can't make a dime unless they're the #1 record-setting, fastest-growing business in the history of civilization.

Re:Yay for hackers!!!

[shark72]

"I don't know why they bother trying to up the security. There is no way to secure media content that is compatible with mass distribution."

It's the "a little goes a long way" paradigm. There's not a car lock that will stop a sophisticated thief who wants your car, but it stops 90% of the punters. Same with locks on doors and copy protection on computer games and gaming consoles. There are likely professional car thieves who also wonder out loud why the car manufacturers don't just give up because it's a losing battle, etc., but it's not going to happen, either.

"They need to work on their business model, because this piecemeal anti-cracking stuff is a joke."

Apple has sold 70 million songs in their first year, and the iTMS is the most wildly successful of any of the legitimate download services, by a wide margin. I think their business model suits them just fine. Remember, Slashdot readers != the general populace. The little annoyances of playing cat-and-mouse with the "all music must be free" crowd is just one part of doing business and is similar to the fraud and theft issues that many other retailers deal with.

hacking itunes is wrong

[voss]

Itunes maybe drm but they consistently have the most generous terms and usage limits. They also are reasonably priced. They put out a good product at a fair price...and they dont charge subscriptions. They are also the only paid song program for Mac users.

Itunes is a good thing , and if you hack their songs without paying you are a thief. It is not like Kazaa where you might say there is no victim, Itunes is based on selling its product,and if Itunes fails mac users are screwed.

If there is someday an Itunes for Linux are you going to hack that until it dies too?

Re:5million, because they want a credit card.

[shawnce]

You do not need to provide a credit card.

They ask for it if you want set up the ability to purchase music at the time you open the account but you do NOT have to provide it to redeem a free song.

Pepsi F*CKED the distribution

[rjung2k]

End of February? You were lucky -- I was working in Anaheim since January 2004, and we didn't see any yellow iTunes caps until the third week of March, which was right before the promotion ended.

I'm still getting yellow caps now; it's a good thing Apple is still letting me redeem them (at least through tomorrow), because I've already cashed in 7 or 8, and could reap a few more between now and the end of work tomorrow.

Re:hacking itunes is wrong

[Eliman]

Perhaps you don't understand: libopendaap isn't about hacking iTunes. libopendaap is about other programs "talking daap" with other programs (and specifically iTunes). It's about interoperability; interoperability is perfectly legal.

Re:Arms race

[shawnce]

Actually if you have listened to Steve Jobs comments he doesn't believe that DRM can unbreakable in this regard. Instead you provide a compelling service with flexible allowances to win folks over and in doing so you attempt to grow the market for bought music. So in general they have not attempted to make an unbreakable system.

That however doesn't mean you don't attempt to enforce those allowances (legally in general they need to do that to insure proper precedents are set). I believe Apple will try to do that without causing problems for its customers, without punishing folks for the acts of a few, at least based on comments by Steve and company. Apple also has to attempt enforcement to likely placate record companies and artists listing song on the store.

Anyway, it is like the issue of cassette tapes back in the day... folks worried that rampant pirating of music would take place and kill sales. Well pirating did take place but the connivence of the tape form factor allowed things like tape players in cars, smaller/cheaper/easier to use stereos, and portable players like the Walkmans. This grew the market size for music and the large gains in market size easily offset the loss do to piracy.

You make a good way to buy and listen to music, one easier to use, more convenient and reasonably priced to out compete the illegal channels (generally most folks like to do the right thing). This is the thinking that Steve and company has stated a few times.

Personally I see hacking around FairPlay as a waste of time, it yields me nothing that I cannot already do based on my needs. If it pushes the business world to more draconian DRM and/or stronger legal actions that "punishes" everyone then it is doing folks more of a disservice then a service.

That DRM must be a breaze to crack!

[amichalo]

So let me get this straight...
(1) I spend 99c downloading a song
(2) I spend the next X hours of my life writing or downloading an Apple DRM decoder
(3) I end up with a non-DRM song and a 99c credit card bill

I can see why this is easier than just performing step 1 and quitting. I mean, since I have 6 computers I need to play the song on, or I want to burn 8 of the identical CD, or I have no life.

Some shortcomings, but the DB makes up for them

[Monx]

iTunes on Windows is slow

I believe that it was a poor design choice on Apple's part, but iTunes performance degrades quickly in the presence of shoddy video drivers. This may have been your problem. Also, if you disable SoundCheck (or just let it finish running) performance improves dramatically. SoundCheck determines the volumes of your music files and has iTunes compensate for bad rips, etc.

iTunes on Windows is slow

FairPlay is the DRM system used on files from the iTMS. iTunes could care less what you do with any of your files that were acquired elsewhere. It will even let you stream audio across your network with almost zero setup.

Winamp 2.95 is fast, convenient, and smart.

It sure is better than the 3.x version, but it has zero library management functions. It takes no time to search for a song in my library in iTunes. If I want to hear a song, I can begin to type any part of its name or its artist's name or even the album name and the song list updates live with each keystroke. It often takes just one or two characters to bring the song you want into the window. That is the one feature that sets iTunes apart from Winamp for me. I really liked Winamp and Macamp but I hated trying to find a particular song. I had to use filesystem searches, but that's not good enough.

You might want to take a second look at iTunes after you update your video drivers. Since you want it to be light weight, turn off all of the music store and sound enhancement features (turn off SoundCheck!). Then you will have an awesome music library management program. I think that if you have a significant music library that you will appreciate the search feature so much that it will eclipse iTunes other shortcomings.