Slashdot Mirror
iTunes DRM Hole Closed
FrYGuY101 writes "As recently covered on Slashdot, there was a hole in iTunes which allowed music to be acquired from the iTunes Music Store without Apple's DRM applied. Well, Apple has just released an update which closes this exploit."
Well you all knew it was going to happen sooner or later. I'm surprised it didn't happen sooner than this.
My spoon is too big.
from filling one of Apple's holes.
GETPKG - Package Management for Slackware
I like how they handled that... no horrible punishments, no wagging their finger at the community... just fix the hole, force the update (for obvious legal reasons), and carry on loving your customers... I like...
:P
Too bad napster to go couldn't be so accomodating...
---
Programming is like sex... Make one mistake and support it the rest of your life.
When holes like this one open, it's only a matter of time before they close.
Rant:
This is no big surprise. Our favorite music is owned and operated by an industry
who cares more about money than music. The artists who write and play this music
have sold their souls to this industry. Until the artists wise up and use the
Internet to distribute their music on their own terms, this cat and mouse game will continue. It's not going away soon since many artists do it for the money anyway.
Which of course requires that everyone upgrade their itunes to version 4.7. Apparently you can still use PyMusique to preview tracks, just not buy them.
...is going to patch their system so they _can't_ get music without Apple's DRM? Why would a user knowingly restrict his capabilities to avoid copy protection?
-py
iTunes 4.7 has been out for a year now. Apple didn't "just release" anything, they just made it so their servers required you to have 4.7.
From the original story:
He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer.
I don't think it would be trivial to change the time that they add the DRM. So, is this a true fix that won't be broken again quickly? Or is this just a small patch that changes something just significant enough to break the Pymusique application?
I'm a big tall mofo.
Considering you can burn Apple's song on CD and get rid of the DRM, who cares.
What I'd love is a way to download songs from Apple in a non-lossy format! If DVD Jon could do that, I'd give him a lifetime of gratitude!
If someone says he and his monkey have nothing to hide, they almost certainly do.
..someone just releases a patch to PyMusique so that it looks like version 4.7 of ITunes to Apple's servers...
and the endless game continues....
Seems that Slashdot has become the standard bug-report mechanism across numerous OS's and companies.
It didn't plug a "hole". It modified things so that PyMusique won't work anymore. Like they did with Real.
...it requires you place a wad of chewing gum in the headphone jack.
Weaselmancer
rediculous.
Of course the only change that Apple has made is to require iTunes 4.7 as the client. How long before someone figures out how to make PyMusique look like iTunes 4.7?
And as long as they are sending un-DRMd songs down to the client they are suceptible to man in the middle attacks (a proxy server which watches for iTMS traffic and saves the song streams to another file), or to someone directly pulling data out of the iTunes app (though the second would arguably violate the DMCA).
How was being able to PURCHASE something in a form that the user actually wanted an exploit? A bug that would allow someone to gain access to Apple's servers, or to steal information, or - for that matter - to steal songs without paying - all of those would be exploits.
I'm with you. I would cheerfully pay an extra ten cents (or so) per song and put up with the longer download times if I had the option to get iTMS stuff encoded with either FLAC or the "Apple Lossless Format."
In fact, I'm going to send an e-mail to the iTMS sales support folks saying exactly that, and I suggest you do the same.
Information wants to be anthropomorphized.
With iTunes 4.7.1, there are restrictions placed on how many computers you can transfer the songs to. Now I'm forced to upgrade the damn thing on 3 of my computers.
Thanks for nothing, asshole.
What I'd like to see is iTunes to have a 'compress when copying to portable' option, and then have Apple sell lossless.
I don't mind wasting the gigs for lossless on my desktop, but I would object to wasting them on my 1st generation 5Gig iPod. Allowing this option would let me store the master copies at home, but still carry a fair amount of them around portably.
Cheers,
Ian
Maybe you just hold the shift key down when you download
for crying out loud
If you think that you would be signing a big fat contract with the music label, you're just as dumb as most of the artists out there. What you would be signing is a loan. You would be at the record labels mercy. Believe me, you are better off now. At least you don't owe the music labels anything.
how big is an itunes install these days? 20MB? seems like every couple of months i'm getting forced to upgrade: and guess what: it doesn't usually mean i'm getting *more* features...
There's already an option for that for the ipod shuffle. I'd imagine that there's some way to either enable it for other ipods, or bug apple enough that they'll add it for other ipods like they did with the shuffle music and other options for the 4th gen ipods.
11 was a racehorse
12 was 12
1111 Race
12112
..how ass-like they would look suing DVD Jon... again!
Besides, I really don't think there was anything illegal in his hack this time. Even with the U.S. DMCA included into consideration.
Misrepresenting software to get around the DRM could be interesting legally. (Yes, I know browsers can do this -- but not to avoid DRM.)
Comment removed based on user account deletion
Exploit (the transitive verb): to make productive use of : to make use of meanly or unjustly for one's own advantage
Exploit (the noun): a notable or heroic act
It's understandable that people abuse words (as in the subject) but can't we all at least try to avoid doing so when the word as a noun already has a distinct meaning?
So how long before I'm not permitted by law to modify data which I have paid for...
Unless something's changed in the last 18 months or so, I thought the DMCA already did that (in the US). It prohibited the breaking of encryption schemes that are used to enforce copyright, and I don't believe it had any provisions for fair-use based exceptions. So while you may have bought a song from iTunes, and you paid for and own the data (in this case, the file), you are not legally allowed to remove the original compressed 128k audio data from it's DRM wrapper. You ARE allowed to burn it to a CD of coruse, as per the license...but at that point to get a compressed file usable in a non-iPod player, you'd have to recompress it, and double lossy compression is no fun.
Has this changed?
And on a side note, in most cases you no longer pay for data, but rather you pay for a license to use said data, and the data is included in the bargain. So, for instance, you don't pay for a copy of Microsoft Office...you pay for the priveledge of using MS Office, and Microsoft provides you with a disc containing it. Same with iTunes...you don't really pay for the file, you pay for the license to download and (within the limits of the agreement) play the song, and the file is provided to you.
And before you think I don't agree with you, I feel that, especially in the cases of entertainment-related data (music and movies) that this is bullshit, and that we need to bring back the idea of fair use.
The problem with this, though, is that the songs are already low quality (128Kbps, even though the AAC compression is pretty decent; I have a hard time hearing any artifacts in them). If you burn them, then re-rip them, you're compressing the audio even further, creating a lower-quality version of the song than you already had.
You're not making the lossy original lossier, though. I can't think of too many (any?) audio transcode applications that don't essentially decode the original format into what amounts to an uncompressed waveform and then compresses it into the new format. This is exactly the process for AAC->CD->MP3, since iTunes requires a conversion to physical media.
While its true that iterating this process many times will ultimately have a degrading effect on audio quality, the point at which this is the case is dependent on the codec, bitrate and strategy (VBR, etc). Even 5-6 years ago it was believed that dozens of analog copies between minidiscs were required to show generational effects of transcoding.
I seriously doubt that a single AAC->WAV->MP3 conversion at quality bitrates would show any noticable degredation, especially not in the usual listening environments (cars, mass transit, urban areas, most home audio setups) due to the quality of the equipment and the noise floors associated with the locations.
I wonder how happy all the Hymn and J-Hymn users out there are about what DVD Jon did. By releasing PyMusique, he got Apple to force everyone to use 4.7 iTunes if they want to use the iTMS. I believe that 4.7 broke Hymn and unless that has been addressed, now people will no longer be able to remove the DRM from music that they purchased from the iTMS.
What happened was fine, nothing to get your knickers into a knot about. When you buy music with DRM you are agreeing to use it according to the terms set forth. One of those terms is that you agree to how the terms may change in the future. That is why I do not buy music with DRM, the fact that what I can do with that music can change at any time.
It is too bad that the Apple DRM happens to be one of the least onerous and DVD Jon gave Apple a reason to make people move to slightly more restrictive terms with 4.7, but still just the fact that Apple can modify what you can and cannot do with the music from the iTMS is an immediate turn-off for me.
I'd prefer to see FLAC support in iTunes. I know its probably not something they'd support on the iPod, but a lot of live sets are offered in FLAC format and it'd be great to be able to import the FLAC files directly into iTunes and only convert them to MP3/AAC if I wanted them playable on the iPod.
So, the music executives have forced DRM on Apple and so they have to provide it in their files. But they aren't really doing anything. Basically the DRM is to prevent files from being just put on Kazaa and spread around the world. Yet, the DRM doesn't really stop this. There's still the burn and re-rip strategy which is quite effective, as well as the "buy a CD method" which is also effective for getting files onto the internet. The only thing this does stop is file which the person has purchased being accidentally leaked on the internet by some hard-drive scanning P2P program. Anybody who still wants to distribute their purchased music can still do so. All it stops is people who don't want to share their purchased music from sharing it unintentionally.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
For so long, one of the more legit arguments for downloading music via p2p was that music publishers gave customers no other options other than to purchase an entire, overpriced CD when all a person wanted was one or two songs. Now we have a multitude of options for buying music pretty damn inexpensively online with a very reasonable implementation of DRM, and some people still want to jump through hoops to cheat the system? For god's sakes, write your own music if you're that cheap!
A post a day keeps productivity at bay.
You are (and always have) bought a license to use a copy, and the rights you have on how you can use that copy are limited.
You do not have, for example, distribution rights.
You cannot buy a copy of a movie or song and then broadcast it. That requires a different type of license.
You do, however, have your fair use rights, which, I agree, are being eroded and trampled upon. Sure, we can just burn to CD and then rip the MP3s back to get rid of Apple's DRM, but using any technique to bypass DRM or copy protection is a Federal Offense (tm) via the DMCA.
So all this bitching and whining about how YOU can't do what YOU want with YOUR music is drek. When you go produce your own music, then it's really YOUR music to do with what you want, and you can philanthropically hand it out on a web at your own expense all you want.
But you are buying a license from somebody with this stuff, and that license clearly delineates what rights do and do not come with it. If you don't like it, then don't friggen buy it.
You're like the people who bitch about gas prices going up but keep driving your cars. Or even worse - the people who plan a one-day "drive-out" where NOBODY BUYS GAS! That'll show those evil oil companies! That'll MAKE them listen!
If you re-encode to the same format using the same encoder, the loss is probably minimal. If you re-encode to, say, MP3 or Ogg Vorbis, which quite probably have different ideas about which data should be thrown out, you're more than likely to start hearing defects much sooner.
Michel
Fedora Project Contribut
It is rapidly turning into a biased Apple fan site.
Bravo, well said.
For the first time ever, I'm finally seeing "This DRM is good!" posts on slashdot. And that my friends, is the end of slashdot.
Why? Because slashdot was known for their absurd pro-free software anti-DRM stance. Would you give a rat's ass if slashdot was like every other news site out there ? No.
Sunny Dubey
Just a hypothesis: I suspect that, irrelevant of any DRM/RIAA/"The Man" issues, Apple might be reluctant to offer lossless encoding just on the basis of data transfer. You may be willing to wait a couple more minutes for your song, but on the supply side Apple would have to deal with the logistics of moving many, many more bits out of their store. That's not cheap; the consumer face of the Internet can belie the true costs of data transfer. I don't know for a fact that this is a knockout argument against lossless compression on iTMS, but it's certainly a serious concern.
"There are hundreds of game theorists at the gates, sir, and they want to hold an election!"
When you re-rip, you recompress (unless you rip only to WAV and never create MP3's).
The method you outline will inject some distortion into the file, much as you would get if you tooka JPEG file and re-compressed it again.
Walking into a brick and mortar building and purchasing a good old fashioned CD is still a method for getting music. And it doesn't have a DRM attached to it. So why does everyone insist on attaching a DRM to purchased music files? How are they different than the physical CD? A physical CD takes me less than 3 minutes to either rip into AAC or make a physical copy and pass around to whomever I please. Putting a DRM on things is just like saying, PLEASE, TRY AND HACK ME. Its no different than telling kids that they can't drink until they're 21. If you don't make a big deal out of it, neither will they (look at countries that don't have a drinking age for example). On top of that, we all know that DRM is a useless technology. You give the person an encrypted file AND the keys to open it. Wheres the security? And now for the honer system theory.... If it were made blatantly clear when you purchased a song from the iTMS that YOUR NAME and ACCOUNT NUMBER were embedded into the file (just like a license plate on a car), I would certainly think twice about sharing that file on a P2P network. At the same time I would have an unlocked unrestricted file to do as I please with.
Kiteboarding Gear Mention slashdot and get 10% off!
"It's a fine line that has been hotly debated since the days of Socrates, but there is an important qualitative difference between those who do things that are ultimately "functional" (i.e. produce a product which in some way furthers the aims of survival and reproduction) and those things which are "artistic" (i.e. things which do not further survival or reproduction). It has been argued by some (like Scott McCloud) that the moment one bleeds into the other (i.e. the money starts mattering more than the art), it's no longer art."
...
+3 points for quoting Scott McCloud (of Understanding Comics, for those just joining us), but -10 for totally mangling his point.
If I may quote, from page 168-169:
----------------
"Rare is the person in any occupation who expresses nothing, and rare is the artist who cares nothing for success, i.e., survival!
"The 'fine artist' -- the pure artist -- says to the world: 'I didn't do this for money! I didn't do this to match the color of your couches! I didn't do this to get laid! I didn't do this for fame or power or greed or anything else! I did this for art! In other words: 'My art has no practical value whatsoever!'"
----------------
The point that you missed in misquoting McCloud is that artistic merit is not exclusive of monetary value. It's entirely possible to create moving works of art, and want to be well-compensated for it. Michaeangelo painted the ceiling of the Sistine Chapel under commission, for instance.
To claim that there's any financial value where the art suddenly ceases to become art may be a claim you hold, but it's not one McCloud does.
Or, as he says it, "'Pure' art is essentially tied to the question of purpose -- of deciding what you want out of art."
Class dismissed. Alaren has to spend the next three nights re-reading Understanding Comics, and this time actually reading the words instead of just looking at the pretty pictures.
--R.J.
Electric-Escape.net
So what happens if you download with iTunes, but are running a packet sniffer to grab all the data? Couldn't you then look at those packets and get the unencrypted music from them?
WTF? Last time I checked, all Jon (there's no 'h' in his name) wants to do is watch dvds and listen to music purchased via iTunes on his Linux box. What Jon has done is indeed illegal in some countries (more extreme /. members would call them corporate states), but I don't think that any honest person can say it's unethical.
It's really quite simple. If you buy something, you can do whatever the hell you want with it, so long as your actions don't harm anyone. Don't give me that "indirect harm" bullshit, either. I'd give you ground if we were talking about releasing the plans for building an antimatter bomb, but not for something so inconsequential as circumventing DRM and copy protection.
"The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
I'm wondering what the reactionary response to this will be.
In high school (a long long time ago) a friend of mine got a -3 on a question on a test. The girl sitting next to him got a -1 on the same question with a near identical response. He complained and the situation was resolved by giving the girl a -3 instead of a -1.
My point, instead of raising awareness of the stupidity of the law and making it better for the rest of us...will DVD Jon just ruin it for us? Will his escapade just serve to make DMCA laws worse? Will the RIAA use this to show that DMCA laws are not tough enough?
I tried for 5 years to come up with a clever sig...only to realize that I am not clever.
"Do you have any documantation of the "mediocre quality" claim?"
Yes. The act of lossy compression throws away some of the music. First today is phase information, second to go is all the harmonics, third to go is the complexity of the music.
"It sounds just as good as CD to me."
You ask for documentation, and then turn around and say "gee, mediocre music sounds just as good as CD's on my crappy apple-brand ear buds".
What a revelation. My god. King of the clueless.
Some people would be content to be ignorant and keep it to themselves. Not you...you parade it like you're proud of not understanding the magic technology in your iPod-magic-box. Ignorance to you is more than bliss, its a badget of courage that lets you say to anybody with an ear or a clue "Hey you, I can't tell the difference between FM radio and a CD, and I'm gawdamn proud of it".
All hail the power of no-nothing. The land where ignorance is king, and anybody who challenges that is just stupid, or whiny or a geek or something that threatens your iPod (which is Apple supplied Magic).
Cripes. No wonder the world is a screwed up place. There's probably more than the one of you out there.
Sure, if you don't mind your musical career being over.
See, the big labels put in an exclusivity clause. Sure, you can "simply walk away", but you can't then release music commercially, even as part of another band, until you've paid them back what you owe and they've given you permission to record for someone else, or the duration of the contract you signed has expired.
And that's not the worst of it. It's not necessarily you who gets to decide whether to "simply walk away"; the record label can decide that it's not going to bother releasing anything you record, but you're still under contract and can't record for anyone else.
I know a couple of musicians who got fucked that way. They signed with a major label (Polygram). After a couple of singles, the label decided the musicians hadn't been profitable enough, so nothing more would be released. However, they couldn't go back to their indie label, because they were under contract for the next 8 years. So, that was the end of their musical career as artists; they worked as producers for a while, then found jobs outside the music industry.
I guess if all you care about is making money, and you don't mind your musical career ending totally if you fail to make big bucks, then a major label contract would seem like an OK deal.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
If your beloved indy artists were any good, most of them would sell out to the major labels in a second.
Don't blame me; I'm never given mod points.
> Do you have any documantation of the "mediocre quality" claim?
Well, the fact that Apple provides the option to rip/encode your cd's with their lossless codec implies (to me) that the AAC codec is not as good in quality of sound. I could live with their current DRM if I were able to purchase songs and download them in their lossless codec, as it would allow me to burn a CD in actual CD quality, but I don't think that option is currently available.
Just out of curiosity, if someone provided you with some "documantation", would iTunes music suddenly sound not-as good as CD?
I suspect without the marketing and promotional work of the major labels the rock world would become more like the classical world. Mentally people would become much more aware of the contributions of composers / writers and not just those of performers. In rock Jerry Leiber & Mike Stoller (Love potion #9, Yakety Yak, Poison Ivy, Hound Dog) are about the only song writers where their fame has surpased the performers that made their works hits.
The net effect would be the more pure music market would become composer driven where a performer would be known for how well they handled a particular composition. On the other hand you would also have a performance drivern market where very good performers are known and have freedom to choose from a wide range of composers and thus lesser known composers get discovered first by well known performers and then by the general public.
I think far less music would end up being sold but I'm not sure quality wouldn't skyrocket. Such things are very hard to predict.
DVD Jon (and others) made a program that let you download songs from iTunes service so that you pay for the songs, but get them without DRM -- and that was bad.
Hymn (what ever) did the same thing -- and that was good.
Now, also hymn is blocked because of DVD Jon -- that is bad.
Everybody is mad at DVD Jon, because now they can not share their iTunes songs and they have to burn them on CD's and then rip from there.
And all the time I thought it was Apple the was restricting the use of the songs and thus Apple should have been the bad guys, but apparently as they are Apple, they can not - by definition? - be the bad guys and therefore DVD Jon had to be the bad guy. Right?
I must get one of those lovely Macs so I can (not) share my music and I can (not) use it where I want as it's just so nice...
appledot indeed...
There are a number of utilities (for example Audio Hijack) that allow you to do this on the Mac.
According to CVS for PyMusique a workaround was checked in 12 minutes ago.
Why is everyone so passionate about listening to music or watching movies? Where is the focus of the human being today that postings on /. about DRM, piracy, RIAA, and other media-related topics tend to draw more postings than any other subject?
I understand being passionate about something, but seems to me that how and where you listen to music should not even be on your top 10.
The advent of digital media is contributing to the decline of free thought. All people posting pro- and anti- multimedia copyright issues should redirect their passions to things that make a difference in their communities. All of these postings are just reiterations of previous postings with a different subject line. "There is nothing new under the sun."
It is this type of behavior and response to "The Man" that gives them knowledge of the power they possess. A power, by the way, they do not rightfully deserve! The music and movie industry is geared towards our entertainment. How is it that entertainment has this kind of impact on us? They should not be able to draw these levels of emotions from people, unless it is through the content of the media, not the cost or format.
If you want to send messages to the powers that be, quit buying music, quit pirating music, quit paying $60 for a ticket to a concert for a washed-up 80s hair band. Read a book. Write a book. Paint something. Take your kids to the park, sans iPod. Learn to play an instrument. Write YOUR OWN music. Put the power of entertainment back in it's rightful place: in YOUR hands.
Flame me if you like. Call me a dumbass. Fact of the matter is, regardless of what my opinions are on this topic, who I think is right, or who I think is wrong, I am the one who has the ultimate decision and control over what entertains me and the impact it has on my life. You should reclaim the same.
~kiddcreole
There are 10 kinds of people in this world: Those who know binary, and those who don't.