iTunes DRM Hole Closed

FrYGuY101 writes "As recently covered on Slashdot, there was a hole in iTunes which allowed music to be acquired from the iTunes Music Store without Apple's DRM applied. Well, Apple has just released an update which closes this exploit."

Stops the RIAA...

[datadriven]

from filling one of Apple's holes.

Impressive

[Quasar1999]

I like how they handled that... no horrible punishments, no wagging their finger at the community... just fix the hole, force the update (for obvious legal reasons), and carry on loving your customers... I like...

Too bad napster to go couldn't be so accomodating... :P

Re:Impressive

Only because it was pretty damn embarrassing and very difficult to pursue legally.

Re:Impressive

[GigsVT]

loving your customers

By forcing DRM onto them?

Re:Impressive

[0x461FAB0BD7D2]

I think they've realized that DVD Jon is pretty much untouchable. He walks a fine line, but hasn't yet crossed it.

It's not out of the goodness of their heart, but more because lawsuits are pretty damn expensive.

Re:Impressive

[ray-auch]

Note that (per previous news stories, and probably on /. too) the update they are now forcing has more limits on what you can do with the music.

See eg. here.

Note the comments about no one being forced to upgrade... well, not any more.

Re:Impressive

[cyngus]

Yet it remains the most consumer-friendly DRM around. Let's also remember that Apple itself could probably care less what you do with your music, but it has to reach some common ground with the record companies.

Re:Impressive

[2starr]

If you allow anyone to do anything with the music, the record industry won't allow songs to be sold digitally or would require higher fees to make up for the losses. I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me. So, yes... they were looking out for me when they made that move.

Re:Impressive

[jbarr]

loving your customers

By forcing DRM onto them?

They are simply "enforcing" a standing policy, not "forcing" DRM. And it is a policy that their customers have already agreed to. Plain and simple, if you don't want DRM, don't use their service.

Re:Impressive

[Satan+Gave+Me+a+Taco]

That's what he is you know, a fucking asshole ...The very simple and easy to live with rules that Apple laid out are just too much for some people ...All the crying people do about the big bad evil DRM screwing up the world and the "1984" type predictions are going to come true but it'll end up happening because the assholes among us will turn their noses up at every reasonable compromise along the way ...it will be in a sense our own fault.

It's wrong to assert that "assholes among us" are the source of the problem. The labels are the ones imposing restrictive DRM. When a person or a entity acts in a reactionary manner, it is their own fault, not the fault of the thing they are reacting to.

If you don't like the rules at iTMS then go buy your music elsewhere and quit screwing with the way the rest of us buy it)

I don't buy at ITMS. I buy CDs, so I can rip to whatever format I want, with no DRM. But I support people like DVD John who are proving that DRM doesn't work. The record labels will have to change their business model to work with human behavior. What you propose is us changing our behavior to work with their business model. I couldn't disagree more.

Re:Impressive

[ElleyKitten]

Except, everyone already can do anything with music. Almost every song you could want you can find through pirating, and when you pirate you don't have to deal with DRM, you can get the music in any format you want and it will play in any player you want. The goal when selling music digitally is not to attempt to make sure your customers don't pirate, but to make sure that what they're paying for is better than what they don't pay for.

Re:Impressive

[NEW22]

The sad thing to me is relationship your are willing to put yourself in, in relation to the music industry. I mean, if you buy a CD you could rip it to any format very easily. Going through iTunes may save money in buying singles, but you get the music in a locked up format with mediocre quality (compared to CD), and the format doesn't even work on a lot of portable music players (such as my iRiver iHP-120). It would actually be easier for me to illegally download new music right now, if I wanted to actually use it the way I want. So, you put yourself into this appeasement relationship with the music industry that is basically limiting us and screwing us over for very flakey reasons. It's like "Daddy said we could get digital music if we are all good until Friday!".

To hell with that kind of attitude. They can either lose money, or they can give us what we want. Its their choice. CDs are an open format you can use anywhere. Why is it so absurd or wrong or ridiculous to expect the same in downloading music over the internet?

Re:Impressive

[Jah-Wren+Ryel]

You sir, are a very reasonable fellow.

"The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore all progress depends on the unreasonable man."
-- George Bernard Shaw

Re:Impressive

[Sanity]

I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me.

Yeah, those evil programmers hurting those poor multinational record labels by writing software that allows us to exercise our fair use rights under copyright law.

Your bend over and take it attitude makes me sick.

Re:Impressive

[Hamhock]

His point isn't that he loves DRM, it's that the record companies can pull support for online downloads altogether if they want, thus removing the very conveinent resource that iTMS is. Everytime DVD-John (or someone like him) releases something like this it makes the record companies nervous, and presumably less willing to deal with an online service as open as Apples is (if you think it's not that open, you're wrong, it could be a lot more locked down then it is, and it may get to that point if these 'hacks' keep coming). Record companies ARE evil, but that's irrellevant in the context of iTMS. iTMS is beholden to the record companies. Messing up iTMS as some sort of philisophical 'fuck you' to the record companies only hurts the end user and Apple, not the record companies.

Forces upgrade

[danbond_98]

Which of course requires that everyone upgrade their itunes to version 4.7. Apparently you can still use PyMusique to preview tracks, just not buy them.

What did Apple "just release"?

[DavidLeblond]

iTunes 4.7 has been out for a year now. Apple didn't "just release" anything, they just made it so their servers required you to have 4.7.

Re:Who exactly...

[crimguy]

Good question. Unfortunately, Apple will require the upgrade for continued use of the iTMS.

Is it a fix or a patch?

[bigtallmofo]

From the original story:

He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer.

I don't think it would be trivial to change the time that they add the DRM. So, is this a true fix that won't be broken again quickly? Or is this just a small patch that changes something just significant enough to break the Pymusique application?

Re:Is it a fix or a patch?

[siriuskase]

It appears that they ask the application to identify itself and if it isn't iTunes 4.7, it won't download. Sort of reminds me of those websites that checked to make sure you were running IE. That led to other browsers acquiring the ability to misidentify themselves. If that's so, it'll only take a week.

Now what we need is for Slashdot to verify that the user isn't someone who's going to run off and tell Apple.

Believe it or not, Apple's DRM doesn't bother me

[Anita+Coney]

Considering you can burn Apple's song on CD and get rid of the DRM, who cares.

What I'd love is a way to download songs from Apple in a non-lossy format! If DVD Jon could do that, I'd give him a lifetime of gratitude!

So then..

[TheVampire]

..someone just releases a patch to PyMusique so that it looks like version 4.7 of ITunes to Apple's servers...
and the endless game continues....

Want a hole fixed? Publish to Slashdot!

[unsung]

Seems that Slashdot has become the standard bug-report mechanism across numerous OS's and companies.

Apple bias.

[northcat]

It didn't plug a "hole". It modified things so that PyMusique won't work anymore. Like they did with Real.

It plugs the hole, but unfortunately...

[Weaselmancer]

...it requires you place a wad of chewing gum in the headphone jack.

Not really closed

Of course the only change that Apple has made is to require iTunes 4.7 as the client. How long before someone figures out how to make PyMusique look like iTunes 4.7?

And as long as they are sending un-DRMd songs down to the client they are suceptible to man in the middle attacks (a proxy server which watches for iTMS traffic and saves the song streams to another file), or to someone directly pulling data out of the iTunes app (though the second would arguably violate the DMCA).

Re:No surprise

You forgot to mention The Man. The concept of The Man is essential to all sixties-flavored artistic-integrity rants.

Peace.

Re:No surprise

[Golias]

Our favorite music is owned and operated by an industry who cares more about money than music.

I write software for a living, and guess what? I care about money more than software.

You are welcome to work at whatever craft you do for free all you like, but professional musicians (and yes, professional music sales executives) have a right to charge for their work by whatever means they consider to best suit them.

The artists who write and play this music have sold their souls to this industry.

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers. There's no way schmucks like you are ever going to hear my music unless I "sell my soul" to the record industry, because I don't have hundreds of thousands of dollars to spend on marketing and promotion.

g/marketing and promotion/s//payola/

Re:Believe it or not, Apple's DRM doesn't bother m

[Golias]

I'm with you. I would cheerfully pay an extra ten cents (or so) per song and put up with the longer download times if I had the option to get iTMS stuff encoded with either FLAC or the "Apple Lossless Format."

In fact, I'm going to send an e-mail to the iTMS sales support folks saying exactly that, and I suggest you do the same.

Re:Believe it or not, Apple's DRM doesn't bother m

[mccalli]

What I'd love is a way to download songs from Apple in a non-lossy format!

What I'd like to see is iTunes to have a 'compress when copying to portable' option, and then have Apple sell lossless.

I don't mind wasting the gigs for lossless on my desktop, but I would object to wasting them on my 1st generation 5Gig iPod. Allowing this option would let me store the master copies at home, but still carry a fair amount of them around portably.

Cheers,
Ian

Shift

[trueguru]

Maybe you just hold the shift key down when you download

You'd be screwed too

[jocknerd]

If you think that you would be signing a big fat contract with the music label, you're just as dumb as most of the artists out there. What you would be signing is a loan. You would be at the record labels mercy. Believe me, you are better off now. At least you don't owe the music labels anything.

Re:Believe it or not, Apple's DRM doesn't bother m

[k_187]

There's already an option for that for the ipod shuffle. I'd imagine that there's some way to either enable it for other ipods, or bug apple enough that they'll add it for other ipods like they did with the shuffle music and other options for the 4th gen ipods.

Re:No surprise

[Zeneris]

Only trouble is the label is only giving an advance (i.e. a loan) so in reality you will probably only see a tiny return or even be in debt, even after any nominal royalies, because so much gets sucked up as "expenses"! Wise up, even top 10 artists can be poor!

Re:No surprise

[Short+Circuit]

The best music and software tends to be funded by culture, not money.

Re:Wouldn't that be crossing the line?

Misrepresenting software to get around the DRM could be interesting legally. (Yes, I know browsers can do this -- but not to avoid DRM.)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:No surprise

[webbroberts]

If you really care about making money, then you definitely want to avoid the industry contract.

Steve Albini published an excellent rundown of how the industry screws signed bands. In summary:

The Balance Sheet: This is how much each player got paid at the end of the game.

Record company: $ 710,000
Producer: $ 90,000
Manager: $ 51,000
Studio: $ 52,500
Previous label: $ 50,000
Agent: $ 7,500
Lawyer: $ 12,000
Band member net income each: $ 4,031.25

Re:No surprise

[smcdow]

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers.

You have no idea what you're talking about. I know bands (I live in Austin, of course I know bands) that have not only didn't make money on their contracts, but ended up in debt to their record companies. The record companies charge their "expenses" to the band. Bands get a "statement" every month showing all the details and transactions, and the band has to arrange to repay any negative balances on the statement. The record company can use this to blackmail the band -- like not releasing an album and locking down the masters so that the band couldn't release the album under any circumstances. It's all legal because, well, the band signed the contract.

Word to the wise: If you do get a record contract, and your AR guy shows up one day to "take you out to lunch", just simply decline. Otherwise, you'll be the one paying for lunch, 'cause they'll just charge the band for a lunch "expense". It'll show up on your next "statement". Especially if you were signed by a major label. True story.

Re:No surprise

[aug24]

Actually my best friend's father is an excellent independent singer songwriter See here, so you're definitely right that it can be done, but it's only feasable if you dare take it up as a full time career with all the risk. He gigs full time (to packed audiences, he's really good), to keep his sales up.

But to make real money, or do it without the risk, it's the cartel or nothing.

Justin.

Re:Imagine..

[sh00z]

Sort of. He could only have violated the TOS if he had agreed to them through the iTunes EULA. Since this program wasn't using iTunes, the Terms of Service weren't invoked.

Re:so hymn no longer works then...

[ndvaughan]

I just upgraded to iTunes 4.7.1 (after Apple released their "fix"), bought and downloaded a two tracks, and used j-hymn 0.7.5 to convert them. It worked flawlessly.

Re:No surprise

[Ubergrendle]

From a mid-90s interview with Neil Young on Canada's Much Music...

Pop-tart interviewer: "How do you feel about the commercialisation of rock music? How do you feel when a Bob Dylan song is used to sell cars?"
Young: "I hold no illusions. We lost. Long ago."
interviewer:"Did you sell out?"
Young:"Well, I'm here on your show..."

Re:So this is what we come to

[dant]

So, the music executives have forced DRM on Apple and so they have to provide it in their files.

Please stop perpetuating this myth. Apple have publicly stated that they would continue to use DRM even if the music labels didn't ask them to.

FairPlay is about stifling competition as much or more as it is about protecting copyrights.

Parent is insightful? The mods are on crack!

[Frodo+Crockett]

I would prefer that a few bad DVD John-like people not ruin it for me.

WTF? Last time I checked, all Jon (there's no 'h' in his name) wants to do is watch dvds and listen to music purchased via iTunes on his Linux box. What Jon has done is indeed illegal in some countries (more extreme /. members would call them corporate states), but I don't think that any honest person can say it's unethical.

It's really quite simple. If you buy something, you can do whatever the hell you want with it, so long as your actions don't harm anyone. Don't give me that "indirect harm" bullshit, either. I'd give you ground if we were talking about releasing the plans for building an antimatter bomb, but not for something so inconsequential as circumventing DRM and copy protection.

Re:MOD PARENT UP!

[Sanity]

It's so plain and simple. You can pirate all the music you want (just make sure you cover your tracks). But don't assume that piracy is your natural given right.

Fair use is my right, and it isn't piracy. You should really learn the difference if you are going to try to participate in these discussions.