Slashdot Mirror
Jon Johansen Breaks iTunes DRM Yet Again
ikewillis writes "Remember earlier today when Apple released an update supposedly blocking the hole in iTMS recently discovered by Jon Johansen? News.com reports that he has already worked around the update, and iTMS can now be accessed from non-Windows/MacOS X systems using the new version of his PyMusique software. You can view his blog entry on the issue (ironically titled So Sue Me). More power to you, Jon!"
He's likely acting as a front for another group doing the grunt work who doesn't want the legal exposure.
Given the current legal precedent he's acquired in Norway, it's highly unlikely Apple will be able to prosecute.
The only way for Apple to actually fix this hole is to handle DRM encryption server side, unless you consider the problem is unresolved due to the fact that DRM is a fundamentally flawed concept.
His server seems to be /.ed
The blog entry is:
The
iTunes Music Store recently stopped supporting iTunes versions below
4.7 in an attempt to shut out 3rd party clients. I have reverse
engineered the iTMS 4.7 crypto which will once again enable 3rd party clients to communicate with the iTMS.
If I remember correctly, he never did break the DRM, instead he captured the audio file before it went through the iTunes software, which puts the DRM into the audio file ... therefore there is no DRM to break.
And no, I didn't RTFA
Funny this was posted back in 10/22/2003
h ol d=1&commentsort=0&tid=141&tid=188&mode=thread&cid= 7278955
Here you go:
http://slashdot.org/comments.pl?sid=83129&thres
Even without regarding the issue that some legit customers are unnecessarily restricted by the DRM, all flawed technology should be exposed.
... not litigated against.
Now, there are nice ways to expose it and not so nice ways to expose it. The best way is to contact the developers privately at first. Then, and *only* if the first method does not work, release the information to the world. I don't know if that is how it happened here, but either way I think Apple now knows about the problem. And they probably have for a while.
When a problem like this is brought to light, then it should be fixed. Furthemore, if the person who exploited it tried the nice way first, I think they should be thanked
Is "sosume" really slipping into IT history already? For those that don't know, and thus get the in-joke, Apple Computers was once sued by Apple Music, the Beatles record label, over the use of the name "Apple". This was back when the Macintosh was still in the early stages of development, long before the much more recent legal spat between the two Apples over iTMS. Part of the settlement agreement that resulted was that Apple Computers would not enter into competion with Apple Music. When Apple shipped the Macintosh with audio support one of the included sound files was called "sosume" - a pun at the expense of Apple Music.
UNIX? They're not even circumcised! Savages!
there are options. there's magnatune.com for starters. Look, there is "someplace else" to buy or download stuff. It drives me crazy that mostly everyone here bitches and complains about the Evil Music Industry, but no one is willing to try out alternatives. Guys there are alternatives. If we would all make use of them, then the artists would sign contracts with those alternates! Besides, it's honest. -ron
The term "Digital Rights Management" is a misnomer. It doesn't let you, the consumer, manage anything. The proper term is Digital Rights Restriction because the technology restricts the ways you are allowed to use your music in ways that copyright law does not allow rights holders to restrict you. You are legally allowed to resell copyrighted material, including digital media like CDs and DVDs. DRR prevents you from exercising your legal rights.
Actually I believe the acronym is DRM for "digital restrictions management". But the point is the same.
funny munging
A tip for you and others just in case you didn't know about this company.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Actually, it was sosumi, and it didn't show up until System 7 (at the same time as the ability to record audio via a built-in mic was added to the Macintosh line).
I guess what I'm getting at is: why patronize this store?
I personally don't for various reasons, however you shouldn't rail those who do for standing up for their rights. That being said, on to the show:
As a content owner, how can I be sure you've deleted the copy you owned when you "sell" it to your friend?
You can't, however if you suspect me of breaking the law on your copyright sue me. Innocent until proven guilty my friend.
They'd just be downloading it for free in the first place, regurgitating something they read on slashdot about a "dying business model" justifying their behavior.
In the states this is a big issue and I agree it is morally wrong however where I live, in Canada, it's a bit different. I pay a levy on all my blank media to prop up the dying recording giants. I figure if I'm going to have to pay them so I can back up my hard drive and burn linux distro ISOs then I'm going to get a little something from them. You can try to argue this point with me all you wish, but if I'm giving them money for essentially nothing then I want something in return.
And in the case of iTunes Music Store, you can
- copy for personal backup, including burning to CD in an uncompressed, non-DRM format
- "timeshift" the content (which is admittedly meaningless in this context)
- however, iTunes Music Store's license (fuck the DMCA) prohibits reverse engineering
Since you're able to copy for personal backup to an unencumbered format I don't really have a problem with iTMS as the rest of the rights can effectively be done from that unencumbered format. Right to Timeshift means more than just playback at a later time and does apply here. It means allowing playback on other devices, for example: CD music copied to cassette tape for play in non-CD equipped cars.
Right of reverse engineering for interoperability means the interoperability of the copyright work, not the distribution medium. In this case interoperability for the music to play on non-ipod/non-itunes players. I'm not sure if Apple is legally allowed to restrict interoperability of the iTMS protocols or not as IANAL.
It's not that easy. iTunes on both Windows and OS X depends on Quicktime. Porting Quicktime would be a lot of extra work on top of the special UI things they already do when they port programs. They could use a media framework that is already present on Linux, but I doubt they would want to do that. In addition, to not have a half-assed port, they would have to support iPods and other MP3 players like they do on Windows. I think this part is the least of their worries, since most MP3 players use the USB Mass Storage driver (does iTunes on Windows even support those which don't?), and all iPods are supported in Linux. The main barriers are Quicktime and the iTunes interface.
The largest barrier is that they probably just don't want to do it. It doesn't seem economically sound to me to do so either.
That's a great story, pity it's not true, IIRC.
"Sosumi" was the name of the sound, and it came from the equally amusing battle between Apple Computer and Carl "Billions and Billions" Sagan.
It seems Apple code-named the Power Mac 7500 "Sagan". Not that they were going to call the shipping unit by that name mind you, but just internally they needed to call it something, so they named it after the great scientist, probably out of respect.
In any case, somebody with Carl's crew found out about it and got torqued, and filed a lawsuit. Apple, after an initial WTF? reaction, obliged, and changed the name to the supposedly innocuous "BHA". Turns out that BHA stood for Butt Head Astronomer, at which point more saber-rattling was heard in the Sagan camp.
In any case, the System Software released with the Power Mac 7500 included a new sound, "sosumi." I don't recall it having anything to do with Apple Music.
I'm going to mention it here but someone else has already brought up the so sue me title...
The title of the blog was So Sue Me long before Jon went after iTunes Music Store like this. It's not something he's saying to Apple, ever since the DVD DMCA thing he has had this blog titled that way. Don't get the idea he's got that title in there JUST to spite Apple.
Kyle
http://www.unlogikal.net/
The title of his blog has been "So Sue Me" for much longer than the release of this iTMS hack. it has nothing to do with Apple, all of his releases since the DVD Decryption hack have been announced on his blog "So Sue Me."
Kyle
http://www.unlogikal.net/
Because, of course, the court cases that Jon went through (DMCA infringment involving DVD encryption) relate directly to DMA involved with iTunes. After all, DMCA is DMCA, right? Let's lump all the cases together.
Using this tool might be a problem with Apples ToS and whatnot, but creating the tool is purely a legal issue. And that issue has been clearly settled under norwegian law. There is currently no norwegian law prohibiting you from creating a tool to break any copyright protection mechanism. You have the right to access any "secret" key in your hardware or software. That is why he can do so with impunity. Apple could sue, but they would lose as the law stands today. The public prosecutor knows it and won't do it.
Kjella
Live today, because you never know what tomorrow brings
iTMS already has some strange design ideas behind it - why are the musical selections different for varying countries? I don't get it.
This is a consequence of different entities holding/controlling music distribution rights for different countries. I'm sure Apple would like to secure the worldwide rights for all recorded music...but of course they can't. Hence the patchwork of different virtual "stores" divided along national lines.
We have "artists" like Gwen Stefani releasing cover after cover, first covering Talk Talk's It's My Life then covering If I Were A Rich Man from Fiddler on the Roof, and both covers are atrocious.
I like No Doubt and Gwen Stefani but I don't care for either cover. However "Rich Girl" is actually a cover of a minor Nineties dancehall hit of the same name by Louchie Lou and Michie One. I like the original "Rich Girl" quite a bit. Obviously it's derived from the song from Fiddler but I wouldn't call it a cover of it.
Not true at all!
a y/ game_pages/crystal_quest.html
Sosumi PREDATES system 7,and predates powerpc "BHA" sagan, in fact it is from a system 6 3rd party video game apple stole it from !!!
If you read all the posts in the thread before commenting you would have learned that!
Poermac 75000 debut !?!? No!
The powerPC mac that shipped well after Sosumi debuted in system seven and years after Sosumi SHIPPED in "Crystal Quest" game for Mac !!!
Sosumi was a sound resource stolen from a game released over a year earlier called "Crystal Quest" a game for system 6.
http://www.whatisthe2gs.apple2.org.za/the_fairw
The sound was stolen by apple and then renamed Sosumi and placed into System 7.
Facts are facts.
And dirty lies are sometimes trivial to prove. Any copy of Crystal Quest will show how correct I am.
Patrick Buckland never did sue apple over the sound effect. (He was the game author)
That game had lots of cool sound effects by the way.
The best was the sound for winning a level it was a comical "Ahhhhh!" sound.
Why is it that 6 people posted five different fake origins of the Sosumi story tonight and I alone seem to know the damned truth? Sheesh! At least i TRIED to educate people this time. (six times no less). Someone else will have to carry the torch. I am getting tired of trying to correct all the misinformation and anon posters have a limit to how many factual corrections they can post in 24 hours (10 corrections maximum).
The only reason I am trying to educate people again and again is becasue NO ONE is reading the -1 posts and some fool keeps modding these facts down for no reason.
According to a CNET article I read on this, only a linux version will be released (see last paragraph here. They are explicitly NOT releasing a windows version this time, presumably to minimize any antagonization of Apple by limiting it to such a small target audience that doesn't have "sanctioned" options to shop on iTunes.
Before the DeCSS case, it wasn't really clear. They thought they had a paragraph they could twist into applying, even though it was never designed for such a case.
They got struck down in court. Twice. Didn't even try to argue their case before the Supreme court. That is why they won't try prosecuting him over anything he does with Apple's DRM now.
Live today, because you never know what tomorrow brings
That's a great story, pity it's not true. The original poster was correct. Quoting from Macworld's "Mac & PowerMac Secrets, 3rd Edition":
And later, from the same page:
My Greasemonkey scripts for Digg &
sorry, thats completely inaccurate
the 7100 was "Sagan" (the 6100 was "Piltdown Man" and the 8100 was "Cold Fusion") [link]
sosumi the system sound was included in system 7, several years before the 7100 was ever created (that shipped with 7.5) [link]
turn up the jukebox and tell me a lie
Prior to the iTunes 4.7.x breakage (I don't mean the recent breakage, I mean the anti-Hymn breakage), Hymn would leave all identification info in any files it unprotected. In essence, the files were (lightly) watermarked.
With iTunes 4.7, Apple changed it so that watermarked but unprotected files wouldn't play.
The solution? Remove the watermark.
By breaking the ability to use iTunes music fairly (for example, in a device other than an iPid), Apple essentially forced the authors of Hymn to make their software more suitable to piracy.
retrorocket.o not found, launch anyway?
The Yahoo story is full of incorrect information. Engadget did a good job of pointing it all out.
First off, this is Norway. Norway is notably short on laws with awe inspiring monikers. You don't see titles like "Digital Millenium", PATRIOT" or "Save The Children."
DVD Jon got off because the non-infringing use case was a clear slamdunk. It made it possible to play legally owned DVDs on a Linux PC. As a bonus, the software is of little use to counterfeiters.
Effectively, the DMCA criminalizes reverse-engineering. Since that's only against the law in the US (with the Queen apparently happy to send her own to Uncle Ernie) there was nothing to charge him with. The MPAA lobbied fiercely for extradition but the fact that what he did was no more criminal than chewing gum in LA kind of spoke against that.
I don't know enough about Jon's latest project or iTunes to know what the non-infringing or infringing uses are. He's definitely not getting charged under the DMCA.
On the political side, Okokrim, the white collar crime unit, played the role of Corporate America's frothing dog last time. They've obviously got one on for Jon but they've got to back off or come up with a rock solid case. The last investigation had to cost a bundle and if this one is at all close, it starts to look like they are spending a great deal of taxpayer's money to harass a prominent person.
Jon's been here before and he doesn't seem nervous. I'm guessing he's got his ducks in a row: a solid non-infringing use, maybe a method of capturing and playing back the actual packet stream, the analogue hole and unsuitability for commercial use.
My take is that Jon and his counsel believe that what he has done is legal in Norway and that they can make a solid case for it.
You have Rip, Mix, Burn (which you can do as long as you have CD's) confused with Download, Mix, Burn - which you can actually do TEN times. Except that it's really unlimited because the limit is on a playlist, not per song!
Tell my why, when it is so technically simple to do so, iTunes does not store a burn count on a single song. That doesn't seem to help the bottom line any.
Maybe, just maybe, some businesses actually do care a little about the customers - you know, the ones you have to constantly convince to give you more money? That's hard to do when they are all angry at you because you keep chipping away at what they can do and throwing arbitratry roadblocks at them.
people like you simply do not get business. It's far more than just money, it's SUSTAINABLE cash. Any business that wants to last longer than it takes to pull away from the curb in the pickup has to give people what they want in order to get money from them in a cycle. So the truly smart run businesses understanding they are there to serve you, not control you.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
3) Archival, the right to make backup copies of purchased works.
Note that even the page you link to notes that this applies only to computer software (and, no, the motion picture embodied in a DVD is not computer software; look at 17 USC 101 for the definition of a 'phonorecord' and you'll learn why just because something's digitally encoded and requires a computer 'machine' to make perceivable, doesn't make it software).
geek. lawyer.
Most of the end user licenses of software and services are completely meaningless in Europe (and in Norway).
The laws protecting the customer are far stronger here, and the seller cannot impose rules on the buyer without explicit (hand signed) acceptance of EACH clause on a written contract.
Yes, you guessed it, even Microsoft's EULAs have been proved to be largely unenforceable (for example) in Italy.
Ciao, Renato
Rip, mix, burn is what you do to a CD. Get it stright. :)
And as someone else commented, it's not limited to 5 times.
That SHOULD be all the nudge-nudge-wink-wink you need, sheesh.
May I recommend you to look at JHymn and the Hymn project, in general? These will strip the DRM from your files (and your files only, btw). Since they only perform the decryption and do not re-encode anything (the output is an unprotected AAC file, m4a), there is no loss in quality :-))))
To elaborate on this, the 'precedent' system in which past rulings form a legal ground for deciding future cases is part of common law, which as the link indicates is generally found in English speaking countries.
The rest of Europe, including Norway, basically uses civil law, in which in the end only the written law counts.
I have been reading a lot of comments on here where people are bitching about the fact that the system was hacked. "if you don't like DRM, don't use iTMS" - things of that nature.
WTF people. How is corporate america going to learn its lesson unless we teach it to them?
(tangent: why do you restrict your argument to America?)
Quietly working around DRM doesn't teach that lesson. Withholding our custom does teach them, to some extent.
Now, what should happen according to Free Market models, and if the average geek assumptions hold, is that commerce learns that there is a bigger market for non-DRM content than there is for DRM content. The drop DRM and everybody's happy.
The problem with this assumption is that it assumes a perfect information flow: that commerce magically knows who would buy what and for how much.
By cheerily buying DRM content, and stripping/sidestepping the DRM, we send the message "you're doing great"
By withholding our custom, we send the message "something about your product does not appeal to me".
OTOH is it our job to do companies' market research for them?
here's a link to the google *text cache* of the blog (www.nanocrew.net/blog/ ). Yeah even the normal google cache is slow.
peterrenshaw ~ Another Scrappy Startup
And if they made you sign a contract giving yourself as their slave, that would be also enforceable for sure...
There are certain things that even if signed with blood, can't be legally binding.
IANAL but write like a drunk one.