Slashdot Mirror
Jon Johansen Breaks iTunes DRM Yet Again
ikewillis writes "Remember earlier today when Apple released an update supposedly blocking the hole in iTMS recently discovered by Jon Johansen? News.com reports that he has already worked around the update, and iTMS can now be accessed from non-Windows/MacOS X systems using the new version of his PyMusique software. You can view his blog entry on the issue (ironically titled So Sue Me). More power to you, Jon!"
He's likely acting as a front for another group doing the grunt work who doesn't want the legal exposure.
Given the current legal precedent he's acquired in Norway, it's highly unlikely Apple will be able to prosecute.
The only way for Apple to actually fix this hole is to handle DRM encryption server side, unless you consider the problem is unresolved due to the fact that DRM is a fundamentally flawed concept.
His server seems to be /.ed
The blog entry is:
The
iTunes Music Store recently stopped supporting iTunes versions below
4.7 in an attempt to shut out 3rd party clients. I have reverse
engineered the iTMS 4.7 crypto which will once again enable 3rd party clients to communicate with the iTMS.
I hope that helps.
If I remember correctly, he never did break the DRM, instead he captured the audio file before it went through the iTunes software, which puts the DRM into the audio file ... therefore there is no DRM to break.
And no, I didn't RTFA
That post is at least a year old.
Funny this was posted back in 10/22/2003
h ol d=1&commentsort=0&tid=141&tid=188&mode=thread&cid= 7278955
Here you go:
http://slashdot.org/comments.pl?sid=83129&thres
Even without regarding the issue that some legit customers are unnecessarily restricted by the DRM, all flawed technology should be exposed.
... not litigated against.
Now, there are nice ways to expose it and not so nice ways to expose it. The best way is to contact the developers privately at first. Then, and *only* if the first method does not work, release the information to the world. I don't know if that is how it happened here, but either way I think Apple now knows about the problem. And they probably have for a while.
When a problem like this is brought to light, then it should be fixed. Furthemore, if the person who exploited it tried the nice way first, I think they should be thanked
Is "sosume" really slipping into IT history already? For those that don't know, and thus get the in-joke, Apple Computers was once sued by Apple Music, the Beatles record label, over the use of the name "Apple". This was back when the Macintosh was still in the early stages of development, long before the much more recent legal spat between the two Apples over iTMS. Part of the settlement agreement that resulted was that Apple Computers would not enter into competion with Apple Music. When Apple shipped the Macintosh with audio support one of the included sound files was called "sosume" - a pun at the expense of Apple Music.
UNIX? They're not even circumcised! Savages!
there are options. there's magnatune.com for starters. Look, there is "someplace else" to buy or download stuff. It drives me crazy that mostly everyone here bitches and complains about the Evil Music Industry, but no one is willing to try out alternatives. Guys there are alternatives. If we would all make use of them, then the artists would sign contracts with those alternates! Besides, it's honest. -ron
The term "Digital Rights Management" is a misnomer. It doesn't let you, the consumer, manage anything. The proper term is Digital Rights Restriction because the technology restricts the ways you are allowed to use your music in ways that copyright law does not allow rights holders to restrict you. You are legally allowed to resell copyrighted material, including digital media like CDs and DVDs. DRR prevents you from exercising your legal rights.
Actually I believe the acronym is DRM for "digital restrictions management". But the point is the same.
funny munging
Where there an iTunes Linux, you would have a point. But there isn't. This program enables Linux users (only, there is no Windows version this time) to shop at the iTunes store (they still have to buy them, this doesn't allow free downloads). The reason there is no DRM on the songs is because the iTunes client would normally add it then. This client doesn't (it cannot remove DRM from already DRM'd songs). And why should it add it, really? It's an extra step and the program already does what it's intended to do.
A tip for you and others just in case you didn't know about this company.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Actually, it was sosumi, and it didn't show up until System 7 (at the same time as the ability to record audio via a built-in mic was added to the Macintosh line).
He's not doing anything illegal. Sweden doesn't have stupid laws like the DMCA.
Yes, it is Sosumi, but we all know what Jon was getting at when he titled his article... And acutally, it's nearly ironic, too.
I guess what I'm getting at is: why patronize this store?
I personally don't for various reasons, however you shouldn't rail those who do for standing up for their rights. That being said, on to the show:
As a content owner, how can I be sure you've deleted the copy you owned when you "sell" it to your friend?
You can't, however if you suspect me of breaking the law on your copyright sue me. Innocent until proven guilty my friend.
They'd just be downloading it for free in the first place, regurgitating something they read on slashdot about a "dying business model" justifying their behavior.
In the states this is a big issue and I agree it is morally wrong however where I live, in Canada, it's a bit different. I pay a levy on all my blank media to prop up the dying recording giants. I figure if I'm going to have to pay them so I can back up my hard drive and burn linux distro ISOs then I'm going to get a little something from them. You can try to argue this point with me all you wish, but if I'm giving them money for essentially nothing then I want something in return.
And in the case of iTunes Music Store, you can
- copy for personal backup, including burning to CD in an uncompressed, non-DRM format
- "timeshift" the content (which is admittedly meaningless in this context)
- however, iTunes Music Store's license (fuck the DMCA) prohibits reverse engineering
Since you're able to copy for personal backup to an unencumbered format I don't really have a problem with iTMS as the rest of the rights can effectively be done from that unencumbered format. Right to Timeshift means more than just playback at a later time and does apply here. It means allowing playback on other devices, for example: CD music copied to cassette tape for play in non-CD equipped cars.
Right of reverse engineering for interoperability means the interoperability of the copyright work, not the distribution medium. In this case interoperability for the music to play on non-ipod/non-itunes players. I'm not sure if Apple is legally allowed to restrict interoperability of the iTMS protocols or not as IANAL.
Microsoft?!?! Bullcrap! Wrong!
a y/ game_pages/crystal_quest.html
Sosumi was a sound resource stolen from a game released over a year earlier called "Crystal Quest" a game for system 6.
http://www.whatisthe2gs.apple2.org.za/the_fairw
The sound was stolen by apple and then renamed Sosumi and placed into System 7.
Facts are facts.
And dirty lies are sometimes trivial to prove. Any copy of Crystal Quest will show how correct I am.
Patrick Buckland never did sue apple over the sound effect. (He was the game author)
That game had lots of cool sound effects by the way.
The best was the sound for winning a level it was a comical "Ahhhhh!" sound.
It's not that easy. iTunes on both Windows and OS X depends on Quicktime. Porting Quicktime would be a lot of extra work on top of the special UI things they already do when they port programs. They could use a media framework that is already present on Linux, but I doubt they would want to do that. In addition, to not have a half-assed port, they would have to support iPods and other MP3 players like they do on Windows. I think this part is the least of their worries, since most MP3 players use the USB Mass Storage driver (does iTunes on Windows even support those which don't?), and all iPods are supported in Linux. The main barriers are Quicktime and the iTunes interface.
The largest barrier is that they probably just don't want to do it. It doesn't seem economically sound to me to do so either.
That's a great story, pity it's not true, IIRC.
"Sosumi" was the name of the sound, and it came from the equally amusing battle between Apple Computer and Carl "Billions and Billions" Sagan.
It seems Apple code-named the Power Mac 7500 "Sagan". Not that they were going to call the shipping unit by that name mind you, but just internally they needed to call it something, so they named it after the great scientist, probably out of respect.
In any case, somebody with Carl's crew found out about it and got torqued, and filed a lawsuit. Apple, after an initial WTF? reaction, obliged, and changed the name to the supposedly innocuous "BHA". Turns out that BHA stood for Butt Head Astronomer, at which point more saber-rattling was heard in the Sagan camp.
In any case, the System Software released with the Power Mac 7500 included a new sound, "sosumi." I don't recall it having anything to do with Apple Music.
I'm going to mention it here but someone else has already brought up the so sue me title...
The title of the blog was So Sue Me long before Jon went after iTunes Music Store like this. It's not something he's saying to Apple, ever since the DVD DMCA thing he has had this blog titled that way. Don't get the idea he's got that title in there JUST to spite Apple.
Kyle
http://www.unlogikal.net/
It was the 7100, not the 7500, that was called the Sagan. I know- I own one.
As for sosumi, that was around before the 7100. I may not know what the origin is, but I know what it isn't, and it's not that.
The title of his blog has been "So Sue Me" for much longer than the release of this iTMS hack. it has nothing to do with Apple, all of his releases since the DVD Decryption hack have been announced on his blog "So Sue Me."
Kyle
http://www.unlogikal.net/
While it is true that Apple ran into trouble with Carl Sagan, it was actually the 7100 which was initially codenamed after him (the 7500 was TNT), and this wasn't until circa 1993/1994, at which point sosumi had reportedly already been released (7100s ran OS 7.1.2 as the min version, and sosumi was reportedly in OS 7.0, which was released in early 1991. Unfortunately I don't have a copy of 7.0 with me in order to check it.)
Apple's final response, after the BHA bit, was actually to rename the 7100 'LAW', for Lawyers Are Wimps.
Because, of course, the court cases that Jon went through (DMCA infringment involving DVD encryption) relate directly to DMA involved with iTunes. After all, DMCA is DMCA, right? Let's lump all the cases together.
Using this tool might be a problem with Apples ToS and whatnot, but creating the tool is purely a legal issue. And that issue has been clearly settled under norwegian law. There is currently no norwegian law prohibiting you from creating a tool to break any copyright protection mechanism. You have the right to access any "secret" key in your hardware or software. That is why he can do so with impunity. Apple could sue, but they would lose as the law stands today. The public prosecutor knows it and won't do it.
Kjella
Live today, because you never know what tomorrow brings
iTMS already has some strange design ideas behind it - why are the musical selections different for varying countries? I don't get it.
This is a consequence of different entities holding/controlling music distribution rights for different countries. I'm sure Apple would like to secure the worldwide rights for all recorded music...but of course they can't. Hence the patchwork of different virtual "stores" divided along national lines.
We have "artists" like Gwen Stefani releasing cover after cover, first covering Talk Talk's It's My Life then covering If I Were A Rich Man from Fiddler on the Roof, and both covers are atrocious.
I like No Doubt and Gwen Stefani but I don't care for either cover. However "Rich Girl" is actually a cover of a minor Nineties dancehall hit of the same name by Louchie Lou and Michie One. I like the original "Rich Girl" quite a bit. Obviously it's derived from the song from Fiddler but I wouldn't call it a cover of it.
Not true at all!
a y/ game_pages/crystal_quest.html
Sosumi PREDATES system 7,and predates powerpc "BHA" sagan, in fact it is from a system 6 3rd party video game apple stole it from !!!
If you read all the posts in the thread before commenting you would have learned that!
Poermac 75000 debut !?!? No!
The powerPC mac that shipped well after Sosumi debuted in system seven and years after Sosumi SHIPPED in "Crystal Quest" game for Mac !!!
Sosumi was a sound resource stolen from a game released over a year earlier called "Crystal Quest" a game for system 6.
http://www.whatisthe2gs.apple2.org.za/the_fairw
The sound was stolen by apple and then renamed Sosumi and placed into System 7.
Facts are facts.
And dirty lies are sometimes trivial to prove. Any copy of Crystal Quest will show how correct I am.
Patrick Buckland never did sue apple over the sound effect. (He was the game author)
That game had lots of cool sound effects by the way.
The best was the sound for winning a level it was a comical "Ahhhhh!" sound.
Why is it that 6 people posted five different fake origins of the Sosumi story tonight and I alone seem to know the damned truth? Sheesh! At least i TRIED to educate people this time. (six times no less). Someone else will have to carry the torch. I am getting tired of trying to correct all the misinformation and anon posters have a limit to how many factual corrections they can post in 24 hours (10 corrections maximum).
The only reason I am trying to educate people again and again is becasue NO ONE is reading the -1 posts and some fool keeps modding these facts down for no reason.
According to a CNET article I read on this, only a linux version will be released (see last paragraph here. They are explicitly NOT releasing a windows version this time, presumably to minimize any antagonization of Apple by limiting it to such a small target audience that doesn't have "sanctioned" options to shop on iTunes.
Before the DeCSS case, it wasn't really clear. They thought they had a paragraph they could twist into applying, even though it was never designed for such a case.
They got struck down in court. Twice. Didn't even try to argue their case before the Supreme court. That is why they won't try prosecuting him over anything he does with Apple's DRM now.
Live today, because you never know what tomorrow brings
That's a great story, pity it's not true. The original poster was correct. Quoting from Macworld's "Mac & PowerMac Secrets, 3rd Edition":
And later, from the same page:
My Greasemonkey scripts for Digg &
NOT TRUE!!!
a y/ game_pages/crystal_quest.html
The data on wiki is not correct at all.
Apple stole the sound effect from a system 6 3rd party video game entitled Crstal Quest.
Sosumi was a sound resource stolen from a game released over a year before system 7, called "Crystal Quest" a game for system 6.
http://www.whatisthe2gs.apple2.org.za/the_fairw
The sound was stolen by apple and then renamed Sosumi and placed into System 7. (and possibly 6.0.7 sound manager update)
Facts are facts.
And dirty lies are sometimes trivial to prove. Any copy of Crystal Quest will show how correct I am.
Patrick Buckland never did sue apple over the sound effect. (He was the game author)
That game had lots of cool sound effects by the way.
The best was the sound for winning a level it was a comical "Ahhhhh!" sound.
sorry, thats completely inaccurate
the 7100 was "Sagan" (the 6100 was "Piltdown Man" and the 8100 was "Cold Fusion") [link]
sosumi the system sound was included in system 7, several years before the 7100 was ever created (that shipped with 7.5) [link]
turn up the jukebox and tell me a lie
Prior to the iTunes 4.7.x breakage (I don't mean the recent breakage, I mean the anti-Hymn breakage), Hymn would leave all identification info in any files it unprotected. In essence, the files were (lightly) watermarked.
With iTunes 4.7, Apple changed it so that watermarked but unprotected files wouldn't play.
The solution? Remove the watermark.
By breaking the ability to use iTunes music fairly (for example, in a device other than an iPid), Apple essentially forced the authors of Hymn to make their software more suitable to piracy.
retrorocket.o not found, launch anyway?
The Yahoo story is full of incorrect information. Engadget did a good job of pointing it all out.
First off, this is Norway. Norway is notably short on laws with awe inspiring monikers. You don't see titles like "Digital Millenium", PATRIOT" or "Save The Children."
DVD Jon got off because the non-infringing use case was a clear slamdunk. It made it possible to play legally owned DVDs on a Linux PC. As a bonus, the software is of little use to counterfeiters.
Effectively, the DMCA criminalizes reverse-engineering. Since that's only against the law in the US (with the Queen apparently happy to send her own to Uncle Ernie) there was nothing to charge him with. The MPAA lobbied fiercely for extradition but the fact that what he did was no more criminal than chewing gum in LA kind of spoke against that.
I don't know enough about Jon's latest project or iTunes to know what the non-infringing or infringing uses are. He's definitely not getting charged under the DMCA.
On the political side, Okokrim, the white collar crime unit, played the role of Corporate America's frothing dog last time. They've obviously got one on for Jon but they've got to back off or come up with a rock solid case. The last investigation had to cost a bundle and if this one is at all close, it starts to look like they are spending a great deal of taxpayer's money to harass a prominent person.
Jon's been here before and he doesn't seem nervous. I'm guessing he's got his ducks in a row: a solid non-infringing use, maybe a method of capturing and playing back the actual packet stream, the analogue hole and unsuitability for commercial use.
My take is that Jon and his counsel believe that what he has done is legal in Norway and that they can make a solid case for it.
You have Rip, Mix, Burn (which you can do as long as you have CD's) confused with Download, Mix, Burn - which you can actually do TEN times. Except that it's really unlimited because the limit is on a playlist, not per song!
Tell my why, when it is so technically simple to do so, iTunes does not store a burn count on a single song. That doesn't seem to help the bottom line any.
Maybe, just maybe, some businesses actually do care a little about the customers - you know, the ones you have to constantly convince to give you more money? That's hard to do when they are all angry at you because you keep chipping away at what they can do and throwing arbitratry roadblocks at them.
people like you simply do not get business. It's far more than just money, it's SUSTAINABLE cash. Any business that wants to last longer than it takes to pull away from the curb in the pickup has to give people what they want in order to get money from them in a cycle. So the truly smart run businesses understanding they are there to serve you, not control you.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
3) Archival, the right to make backup copies of purchased works.
Note that even the page you link to notes that this applies only to computer software (and, no, the motion picture embodied in a DVD is not computer software; look at 17 USC 101 for the definition of a 'phonorecord' and you'll learn why just because something's digitally encoded and requires a computer 'machine' to make perceivable, doesn't make it software).
geek. lawyer.
Most of the end user licenses of software and services are completely meaningless in Europe (and in Norway).
The laws protecting the customer are far stronger here, and the seller cannot impose rules on the buyer without explicit (hand signed) acceptance of EACH clause on a written contract.
Yes, you guessed it, even Microsoft's EULAs have been proved to be largely unenforceable (for example) in Italy.
Ciao, Renato
Rip, mix, burn is what you do to a CD. Get it stright. :)
And as someone else commented, it's not limited to 5 times.
That SHOULD be all the nudge-nudge-wink-wink you need, sheesh.
May I recommend you to look at JHymn and the Hymn project, in general? These will strip the DRM from your files (and your files only, btw). Since they only perform the decryption and do not re-encode anything (the output is an unprotected AAC file, m4a), there is no loss in quality :-))))
To elaborate on this, the 'precedent' system in which past rulings form a legal ground for deciding future cases is part of common law, which as the link indicates is generally found in English speaking countries.
The rest of Europe, including Norway, basically uses civil law, in which in the end only the written law counts.
I have been reading a lot of comments on here where people are bitching about the fact that the system was hacked. "if you don't like DRM, don't use iTMS" - things of that nature.
WTF people. How is corporate america going to learn its lesson unless we teach it to them?
(tangent: why do you restrict your argument to America?)
Quietly working around DRM doesn't teach that lesson. Withholding our custom does teach them, to some extent.
Now, what should happen according to Free Market models, and if the average geek assumptions hold, is that commerce learns that there is a bigger market for non-DRM content than there is for DRM content. The drop DRM and everybody's happy.
The problem with this assumption is that it assumes a perfect information flow: that commerce magically knows who would buy what and for how much.
By cheerily buying DRM content, and stripping/sidestepping the DRM, we send the message "you're doing great"
By withholding our custom, we send the message "something about your product does not appeal to me".
OTOH is it our job to do companies' market research for them?
here's a link to the google *text cache* of the blog (www.nanocrew.net/blog/ ). Yeah even the normal google cache is slow.
peterrenshaw ~ Another Scrappy Startup
And if they made you sign a contract giving yourself as their slave, that would be also enforceable for sure...
There are certain things that even if signed with blood, can't be legally binding.
IANAL but write like a drunk one.
"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;"
--Artical 1 Section 8 "Constitution of the United States of America" (as quoted from parent's link)
this is the outline for copyrights and patents, the basis for the whole thing in the US. There are a couple of words that are under periodic debate:
"limited times" is under debate in that current policy provides for unlimited copyrights
"Authors and Inventors" comes up every now and then under the argument that only an idividual can author or invent (ie not a corperation (indeed, only indiviuals can apply for patents (which thay can be contractualy bound to turn over to the corperation)))
"exclusive Right" is at odds with "promote[ing] the Progress of Science and useful Arts", and indeed with the rest of the clause. This it raises the question 'are we premoting the public good or the corperate good?' My conclusion is that it is intended to premote the corperate good insofar as
it benifits the overall public good.
Oninoshiko YMMV, IANAL