Slashdot Mirror
Jon Johansen Breaks iTunes DRM Yet Again
ikewillis writes "Remember earlier today when Apple released an update supposedly blocking the hole in iTMS recently discovered by Jon Johansen? News.com reports that he has already worked around the update, and iTMS can now be accessed from non-Windows/MacOS X systems using the new version of his PyMusique software. You can view his blog entry on the issue (ironically titled So Sue Me). More power to you, Jon!"
If you don't like the restrictions set on the songs, then don't pay $0.99 to buy it through the iTMS. Buy it or download it somewhere else...
Bravo, rare to meet someone with a set of balls these days.
Wanna get nasty? - DaNasty
Back when Apple introduced their iTunes Music Store, they offered something unique: one could buy a song for 99 cents no subscription, unlimited CD burns, and iTunes played MP3s. The other online choices were obtaining the music illegally or getting into some draconian subscription thing the big record companies were doing.
Apple didn't put hugely restrictive DRM on the files; you could burn the song to a disc as many times as you wanted or load it onto as many iPods as you wanted. You can move songs pretty easily between Macs without too much hassle. This was great compared to the other schemes the record companies had come up with -- like paying a fee every time you wanted to burn a song to a disc.
Now this guy is circumventing Apple's DRM scheme so that eventually Apple has no choice but to make it even tighter or shut the business down due to piracy. Plus, they're giving Microsoft a great "I told you so" -- remember back when Microsoft crippled Windows Media Player from even ripping 128 bit MP3s to push users into their proprietary media format? From the Wall Street Journal (April 2001):
You want to prove your l33t skills or fight against The Man -- fine, go pick a more serious target (I'm sure the Electronic Frontier Foundation could think items that are more important than free music).
You want to know why companies come up with ridiculously restrictive copy protection schemes? You can thank guys like this.
Insert simplistic political, ideological, or personal proselytization here.
More power to you, Jon!
Why do people relish in this?
Yes, yes, I'm sure it would be wonderful if Apple wanted or intended to sell music without DRM. But they, and the content owners - you know, those people who actually have LEGAL RIGHTS to the content - don't intend to do that. And it's their service and their content. Whether or not things "can" be technically done aside, does anyone realize that? Or is that just completely lost in the vacuum of "Information wants to be free"?
You posted all that text just two minutes after the story is posted? I smell a troll.
Apple just drops DRM.
... Apple would be cool.
Then
I am proud to assist in bankrupting you sir, but the main reason I don't buy CD's is because they still cost almost 4 times the price of a DVD on sale. So, when the record companies get with the times and charge $5 for a CD, I'll start buying again. Till then, have fun trying to file Chapter 11 under the new Republican bankruptcy rules.
This is awesome, Jon is single handedly causing a pretty reasonable DRM scheme to rapidly degrade into something nearly unusable. Thanks man!
More power to you. That's just beautiful.
You know what you are getting when you buy songs from iTunes, DRM encryption that ties the song to you.
If you don't like their terms, simply don't shop there, and don't buy Apple's music.
Creating these hacks is really like taking the silverware and plates out of a restaurant when you know you are really paying just for the food.
It's so hypocritical how slashdot really realy really hates GPL violators, but cheers something like this.
This is why you guys are a complete joke and have no respectibility whatsover.
"If you don't like the restrictions set on the songs, then don't pay $0.99 to buy it through the iTMS. Buy it or download it somewhere else..."
In the long run, that is a false option. More and more CDs are copy protected and eventually there will be no more cds made, just as they no longer make LPs. Both the content industry and electronics companies have a vested interest in restricting you from exercising your legal rights under copyright law.
Digital Rights Restriction, such as Apple's ironically named "FairPlay," prevent consumers from exercising their right to copy their music to playback the device of their choice.
Consumers have a number of legal rights that DRR'd music prevents them from exercising, including the right to re-sell their used music. The Doctrine of First Purchase says that you can re-sell copyrighted material without needing permission from the rights holder. This is why used bookstores are legal. And this right to resell still applies to music and digital files, hence the reason that used CD stores are legal.
Consumers have a legal right to re-sell their downloaded music, too, but Apple and other vendors of Digital Rights Restricted music make it technically impossible for consumers to exercise their legal rights under copyright law.
So, it isn't a matter of "Just by a CD or get your music 'somwhere else' and shut up." Fighting the indiscriminate appropriation of consumers legal rights by companies use Digital Rights Restriction technology is an important moral and legal issue
Even if every person who downloaded music from the Internet did so after paying for the music, such as through iTunes (I don't know if this hack involves circumventing the payment system or only the DRM attached to paid-for songs; I presume that it is the latter, because if it were the former then Apple and others would have a case against Jon for contributory copyright infringement and would have filed that suit already), your store would be suffering just the same.
Your problem is a business model that is becoming increasingly obsolete. Your solution is not to blacklist pirates, but rather to adapt to a market where people legally buy and download music from the Internet rather than purchasing it at physical record stores. If you can't compete in that market, then it's nobody's fault but your own that your business fails as a result.
Failed businesses are nothing to be ashamed of. But you need to do a cost-benefit analysis of each option in front of you. Among them are continuing as you are, adapting to the new marketplace, pursuing your blacklisting system (which only affects pirates, not lawful downloaders), and bailing out.
And remember: Shit happens.
Let's do all we can to make legal online music downloading look like a shaky, invalid alternative to CD-buying, so we can ensure that record labels never change and embrace the new model. After all, we can't just NOT BUY THE SONGS if we don't like the DRM, right?
Every time this gets cracked, it hurts online legal music. The labels are already paranoid as it is, and this is exactly why. They know these kinds of people are out there waiting to crack it all. You're only hurting the iTunes music store and the business model as a whole.
This isn't going to be popular with the 'no DRM is good DRM' brigade. So Sue Me.
So Jon's done it again. Well, the man has testicles of steel because Apple are currently taking legal action against another single person. Making the blog title 'So Sue Me' is just asking for it, IMHO. Even if (and I say *if*) Apple haven't a leg to stand on, they can afford far fancier lawyers. Rather him than me.
What's the knock-on effect ? Apple have to have some DRM in place to keep their corporate music-land clients happy, or the contracts they've signed will be revoked, and they'll lose loadsamoney. This is just a guess, but I'm pretty sure the RIAA/whoever wouldn't have given Apple carte-blanche to sell their music without some degree of "protection" (whether required or not is a different argument).
So, Apple will have to respond. Off the top of my head, I think they'll be forced into making the iTMS contact Apple regularly for a right to play the library (similar to Kerberos). The right to play will be governed by whether the library is "legal" or not (ie: if any tracks have the same signature as on the iTunes website, but no DRM, prevent playback of either the entire library or just those songs.
Or they could do DRM management completely on the server, change the file format to heavily encrypt the system, change the OS, hell, change the machine hardware if necessary.
The point is that none of this is good for me, or in fact for Apple, but they'll be forced to go down this road because their clients will demand their "protection", and people like Jon will keep on breaking anything too lenient. So, in the end, Apple either lock the system down completely using hardware, or they drop the music business. Well done guys, now everyone's happy.
Simon.
Physicists get Hadrons!
of iTunes and see if this is all he is after. That is what he says anyway.
I'm no fan of DRM, but it's about time SOMEBODY finally has the right goal in mind. Make legitimacy more convenient. I've been paying $10 a month for nearly 2 years now to Rhapsody. Since then, I've made 0 (zero, just in case any of you thought it was a typo.) MP3 downloads. Why? Their subscription service is significantly faster and easier. Okay, subscription's not for everybody, but the price is right and the service beats P2P.
Believe it or not, the *AA can compete with free. I'm looking forward to the day that this is more widely understood. I really want the instant gratification of buying content on-line.
"Derp de derp."
Just some food for thought...
If Apple really doesn't want to have to use DRM on it's iTunes downloads, and they write patches that are supposed to fix loopholes and these patches are easily defeated...
Is it conceivable that Apple doesn't care if the patches are easily circumvented? "Yeah, we'll fix something we don't really want, and if you happen to break it, you outfoxed us *wink wink nudge nudge*
Just a thought.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
I mean, if you want a DRM hero, isn't the EFF a better role model than this guy? Yeah, we might all hate DRM, but this guy really is breaking an agreement HE MADE to access the iTMS. I'm not really impressed with his sense of ethics. If I borrow your gun and promise not to shoot you, then I DO shoot you to protest gun laws, how is that even a little right? So, don't attack my analogy, tell me why it was OK for him to lie to Apple and say that he WOULD respect their DRM and then turn around and crack it. Simple... it's NOT right.
Yeah, I guess I'm funny like that.
It's too bad that these guys don't spend their efforts on something truly useful for the Linux community, such as building and/or improving:
1. Compatability with Garmin GPS hardware/software
2. Visio compatibility
3. Linux tax and finance software
Instead, they're just focusing on low-hanging fruit. And it's not great fruit - I'd rather just rip my CDs to MP3 instead of paying $1 for an un-DRM'd song.
The guys who work on the Kernel, Mozilla, OOo, PostgreSQL, etc, deserve a hell of a lot more press and credit than these guys.
Instead of suing this very smart individual... Pay him. He knows more about what you are doing then you do.
"A learning experience is one of those things that says, 'You know that thing you just did? Don't do that.'" - DNA
1. Apple: [Fixes DRM holes]
2. Johansen (and the hackers he's serving as a cover for): [Makes new DRM holes]
3. GOTO 1.
MEANWHILE
[Apple, to record labels] You see there is no way to remove the DRM from iTunes purchases.
[Apple's users] Cool, I can remove the DRM from iTunes purchases.
EVERYONE WINS
I can't understand the people who are dumping on "DVD Jon" for breaking the iTunes DRM scheme. I am quite fond of Apple, and like their products, but I continue to stay away from both the iPod, and iTunes. Why?
- Because they attempt vendor lock in: I can only easily use the iPod with iTunes.
- Becuase the files have DRM, and can only be easily used on iTunes, and the Ipod: In order to use iTunes music on my linux box (which I use an MP3 jukebox,) I must break the DRM.
- Because iTunes wants to manage and take over my music -- It wants to be my SOLE music application. I much prefer to manage my music files in the filesystem.
The system, while probably the best DRM scheme out there, is still too locked up for me.
DVD Jon is making tools that allow complete ligitmate fair use of iTunes music. If I buy a song from the iTunes store, break the DRM, and use it on my linux box, record it to an MP3 CD for use in my Sony MP3 CD player (and perhaps a car CD MP3 player as well,) I am not breaking the law. This is fair use. Unless I break Apple's DRM, I cannot do this. (Ripping to CD and then re-encoding doesn't count. Plus its a waste of my time.)
We as consumers should NOT allow the music industry to take away our fair use rights, and in the process, rip us off. Going along with even the pretty liberal Apple DRM scheme is still supporting the music industry in that goal.
Notice it's in italics. Given the editors can't be bothered to vett articles (remember the "battery booster sticker" article a few weeks ago?), it's not really the editor's opinion.
Given all the disgust lately (comments grumbling about stories is nothing new, but it seems unscientifically at an all-time high) I would say the majority of in-story commentary doesn't speak for Slashdot readers at all. In fact, a lot of commentary offered up by story submitters is poorly worded, shoot-from-the-hip crap that would get modded "troll" if it were a comment.
Please help metamoderate.
Because, of course, the court cases that Jon went through (DMCA infringment involving DVD encryption) relate directly to DMA involved with iTunes. After all, DMCA is DMCA, right? Let's lump all the cases together.
In other news, I will no longer be going to court for any speeding tickets I get. Since I already went once, and was cleared of charges, it obviously means I can do so again and again.
Look, I understand these arguments (and have for a long time). But I can't help but consider that your arguments invalidate something else which you no doubt support, which is encryption for your own personal privacy. Why is that "okay", and DRM isn't? And further, why is DRM not okay simply because you have a key embedded in software or a device for playback?
What about a smart card reader for accessing media content through some new video over IP content providers, or CableCard? Is that just "obfuscation", and since you have to have the key to view the content anyway, might as well just consider it worthless? That argument is disingenuous at best.
This isn't about a dying "business model" as much as you'd like it to be. This isn't tantamount to Congress legislating that every horseless carriage have a horse whip to save the horse whip maker.
Sure, it's going to have to change. But even in this brave new world you envision, we'll still have concepts like copyright and ownership. Some may choose to distribute their music freely and widely. Others may decide they'd like people to pay for it. What you're really saying is that you'd like the "business model" we call, you know, "paying for things people want you to pay for" is "dying", and you're muddying the waters with your own personal dislike from artists you consider too "commercial".
Has it ever occurred to you that if you consider the entire industry and its artists creatively bankrupt that you don't have to patronize it in any way, shape, or form? After all, it's the commercial tripe that's on the iTunes Music Store anyway, right? If it's so horrible, it seems that you shouldn't have any problems not using the iTunes Music Store, eh?
And how do content owners using DRM prevent you from patronizing and supporting your underground artists? What's that? They don't get the attention they deserve because the music industry is monopolized by people you view as money grubbing fat cats who don't care about quality? Hm. I don't quite see the problem there.
"The internet" hasn't rendered music labels and their functions obsolete. What it's done is made it infinitely easier to instantly violate content owners' rights, and then do the mental gymnastics to justify not paying for things that don't belong to you (or support subverting content owners' or distribution mechanisms' legitimate protections in the name of some righteous mission that some equate to the civil rights movement).
Does this mean there will be a paradigm shift and that the industry will have to respond? Sure. But when all is said and done we'll still have property, copyright, and rule of law.
And we'll still have freeloaders and a modern, Internet version of Peter Pan who says it's all okay.
I have to say is one of the quickest hacks for a software update I have seen in some time.
:)
Props Jon you never know you might get an job offer from Steve himself
"The most dangerous creation of any society is that man who has nothing to lose." - James Baldwin, American author
There is nothing flawed about DRM.
Allow me to give you a quick refresher on public key encryption. With public key encryption Alice has a public key and a private key. Anything encrypted with the public key can only be decrypted with the private key. So Alice keeps her private key private and allows Bob to have her public key.
Now let's look at how DRM tries to turn this upside down and fails. With any DRM, the basic concept is that Bob is going to give Alice her private key, but try to keep it totally private from her. By definition it needs to be stored on her device (PC, ipod, whatever) to decrypt what Bob sends her, but he does not want her using it in any way that he disapproves of. So convoluted schemes of symmetric encryption and security by obscurity are developed to store this private key in such a way that only certain programs on Alice's device can access it, but nothing else can (nor can Alice access it directly). However, since the machine is under Alice's control it is only a matter of time before she finds it or figures out how to use it to decrypt data as she pleases. This is why nearly every DRM scheme in history has been broken.
It is a fundamentally flawed concept.
It's NOT a possibility that record companies will back out of the downloads market - they have no choice, it's here to stay. Apple is only stands to gain popularity with something like this; if people can download legit software without the risks their player and REAL growth potential, OSX & friends - as long as they convince record companies that they're doing the best they can to thwart these hacks they can continue to benefit from the bait that is the iTMS and from which they make little direct profit.
...
There needs to be this competition. If a better music player comes out or if iTunes introduces annoying "bonus features" (privacy invasion, advertisements, etc.) just because they've been able to force users to stick with what would become a music platform, iTMS customers users would be screwed. With this healthy checks and balances system of hackers vs RIAA, RIAA and service providers will not be so smug as to take advantage of us, knowing we might pack up our tunes and leave.
Also, I don't want to hear any arguements about how this fight should be fought in the court room because nobody has the kind of money that the record companies do. Another important distinction between good and evil sides is that the record companies won't stop at a compromise, their thirst is never quenched. This is evident in the large number of personally verifiable legit music lovers that don't irresponsibly share their music collections out. We just want to be legit
oh shit, dinner's ready
Jason
We have "artists" like Gwen Stefani releasing cover after cover, first covering Talk Talk's It's My Life then covering If I Were A Rich Man from Fiddler on the Roof, and both covers are atrocious.
It was No Doubt that did It's My Life (Gwen Stefani used to sing for them), and I preferred it to the original. I fail to see how you get from "I don't like this song" to "music distribution is broken". What's wrong with simply leaving it at "I don't like this song"?
DRM is a cryptographically unsound concept. Flawed at its very core. Nobody who understands PKI (and is being honest) actually believes in it, just clueless media providers (and the techies who take advantage of them by building DRM).
Finkployd
This is simply amazing slashbotters saying this guy shouldn't be a hero because he violated a EULA click license. Is it april 1st already?
Have you ever been to a turkish prison?
...The client could then decrypt the song using its private key...
... but the cost would be significant even if it did work.
And uh, where exactly is this private key going to be hidden on a users own machine that they can't find it? This is exactly the fundamental flaw of DRM everyone keeps talking about. If the client can decrypt it, the client can be hacked. For software clients this is no longer even a question. For hardware clients, we're just not sure yet
Note: Things like Palladium which would try to take away a user's "root access" to their system *might* create a platform that could make hard DRM possible, but that's all thoery until it hits the field. (And it's questionable whether customers will swallow that particular cactus bulb. Some folks speculate the only reason many products *cough*DVD*cough* survive today is because customers know they can get around supposed restrictions.)
I doubt that they really care that much if you rip off the RIAA or whatever, but what they do care about is getting you to build up a library of music that can be played back on your iPod and no other portable player. They have always said that they didn't expect to make money on the ITMS, that it was to encourage people to buy iPods. Well, what better way to encourage them to let them build up large libraries of music that must be played back on an iPod?
;-)
Well, that's my theory, anyway.
And I'm never wrong.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
The used music store in my town is thriving. People buy used CDs, "listen to them" for a while, and then sell them back for a fraction of what they paid. The store makes money over and over again on the same merchandise, and even more money when people find music they like and keep the CD. And it's all perfectly legal! For the store owner, anyway. (And for now...)
More likely, Apple will do what they should have done in the beginning: Apply the DRM on the server side, rather than relying on the client to do so. Hymn or JHymn may then be able strip the DRM, but that's a separate issue (and a much clearer violation of DCMA and other copyright laws).
There ain't no rules here; we're trying to accomplish something.
Me, I like covers.
I think Sinead O'Connor's Gloomy Sunday is better than Billie Holliday's, Kirsty McCall's New England better than Billie Bragg's, and you could train a dog to sing Willie Nelson's greatest hits better than Willie Nelson.
encore
Look, I understand these arguments (and have for a long time). But I can't help but consider that your arguments invalidate something else which you no doubt support, which is encryption for your own personal privacy. Why is that "okay", and DRM isn't? And further, why is DRM not okay simply because you have a key embedded in software or a device for playback?
Because encryption for my personal privacy doesn't infringe on any of your rights whereas DRM infringes yours, mine and everyone elses rights to copy for personal backup, right of resale (doctrine of first sale), right to timeshift and right to reverse engineer for interoperability.
Your arguments and contrasting of issues are not congruent.
This isn't interesting, it's drivel.
1) No, the copyright owners *don't* get to decide how I use the things I have bought from them (and doubly so if, as is the case with PyMusique, I never agree to their spurious 'Terms of Service'); they only have the right to say whether I can *further distribute* their copyright work. It's called 'Fair Use'.
2) It is OK to break encryption and reverse engineer my own property. See above 'Fair Use'
3) We all believe in Copyright, but what you are espousing isn't copyright.
So, when the record companies get with the times and charge $5 for a CD, I'll start buying again.
Wierd, I already do that...on iTunes.
You don't have an inherent right to music. If you think CDs are overpriced, you don't magically have the right to steal it (and yes, it's theft...if GPL violations are "stolen source code" then piracy is theft).
Note I didn't say that DRM - neither the concept of it, nor the spirit of it - was perfect. All it is is a catch-all term for an imperfect mechanism to protect the rights of content owners. I'm also aware that things like DRM, copy protection in general, the Broadcast Flag, etc., only hinder and inconvenience legitimate, honest users, while only acting as a minor roadblock to pirates.
However, there is nothing about the digital realm that negates the rights that content and copyright owners have had all along. It does, of course change things: it makes things much easier to duplicate, ad infititum, perfectly, and distribute globally almost instantaneously. Things aren't necessarily represented by a physical manifestation. Does that reduce their value? Are you arguing their value in the "old" world was artificial? As a content owner, how can I be sure you've deleted the copy you owned when you "sell" it to your friend? YOU may, but if the digital world has proven anything, many people wouldn't. And indeed, many people would think it's perfectly okay. In fact, they wouldn't even be selling it. They'd just be downloading it for free in the first place, regurgitating something they read on slashdot about a "dying business model" justifying their behavior.
And in the case of iTunes Music Store, you can
- copy for personal backup, including burning to CD in an uncompressed, non-DRM format
- "timeshift" the content (which is admittedly meaningless in this context)
- however, iTunes Music Store's license (fuck the DMCA) prohibits reverse engineering
I guess what I'm getting at is: why patronize this store?
Yet another round of the "Apple is secretly good" theory. Apple doesn't give a fuck about you, your rights, the RIAA, or anything else. They are interested in a business model which makes them money. They say bullshit to you (Rip, Mix, Burn, just not more than 5 times), they say bullshit to the RIAA, and they keep everyone satisfied enough to make money. If you think they are on your side then you are hopelessly naive.
In Soviet America the banks rob you!
Johansen's app doesn't help to steal music, but allows non-Mac users to BUY it from iTunes. Apple doesn't like it, but it's debatable if even they have been injured in a legal sense.
any other company wouldn't have had a chance..
.
and others have already tried. it simply is legal for him to do what he does, end of story.
but real reality is: APPLE IS NOT FRIENDLY against perceived threats, friendliness is just an IMAGE they've managed to keep up and will keep up as a lot of their fans are in a reality distortion field where they don't see anything negative about Apple. Apple is just as sue happy and bitchy to 'steal'(clone) others technologies as microsoft is
The problem is not one of absolutes. 2048 bit RSA is not unbreakable, but as there are no known attacks other than brute force, the prospect is quite daunting, when the keys are handled properly.
In DRM, the keys are not handled properly, making the prospect of compromise so laughably simple one wonders why even use RSA (I suppose to pretend there is some teeth to it).
It is not a problem of computation, so Moore's law and large key spaces don't really apply. It is simply security by obscurity. Where did they try to hide the private key on my machine?
Palladium actually gives DRM some teeth, assuming it really is tamperproof.
The tit for tat can go on forever, but the companies may begin to question why they are blowing so much money on something so easily broken.
Finkployd
I have been reading a lot of comments on here where people are bitching about the fact that the system was hacked. "if you don't like DRM, don't use iTMS" - things of that nature.
WTF people. How is corporate america going to learn its lesson unless we teach it to them? Are we just going to bow down to them and do whatever they want us to do? Or are we going to have to prove to them that DRM is pointless and will never work?
We are telling them that we don't mind paying for music. That the rise of illegal file swapping wasn't because it was an easy way to steal music, it was simply a better way to acquire and listen to music. That DRM is just a false sense of security for the RIAA and really is unnecessary (see my previous post here)
I hope every DRM everywhere is broken. What are they going to do? Stop selling media?
Kiteboarding Gear Mention slashdot and get 10% off!
> The(i)r GPL infringes on my right to:
> * Copy source code to the project of
> my choice without attribution.
Only if you then distribute the project. If it's just a home-grown project for your own personal use, there is no problem. GPL restrictions are only on distribution. You have a right to copy music to a playback device of your choice, but not to somebody else's playback device.
> * Re-sell an application I have coded
> with said code (using second hand code
> is legal.).
You can re-sell GPL'ed software your heart's content - term 1 of the GPL explictly says so.
Your analogy is very weak, bordering on stupid.
Or to play the music they got off iTMS because it was free with their Pepsi on their Linux boxen?
The Farewell Tour II
And Rosa Parks knew what she was getting into when she refused to give up her seat on the bus.
It is a sad day that a comparison is made between DRM and Rosa Parks.
Rosa Parks was a revolutionary in the sense that she made a bold statement against racism. Racism is an institution that evolved from slavery, the ownership of another human being. It was government sanctioned in the South and enforced by law. It treated individuals as second class citizens based on color. Lynch mobs killed black people for looking at whites the wrong way and justice turned a blind eye.
DRM has never killed a single person and I doubt it ever will.
I urge you to pay more respect to the dead in our history instead of trivializing them or their cause to be on the same level as free music. DRM is nothing...open up your eyes to the magnitude of the true evils of this world and the horrors that this piece of work called man can accomplish.
ed
So, don't attack my analogy, tell me why it was OK for him to lie to Apple and say that he WOULD respect their DRM and then turn around and crack it
Maybe he didn't read the click-through agreement? Or maybe he just doesn't like the inability to play the music on his non-iPod mp3 player even though he legally acquired the music and considers this fair-use (like using a VCR to record a movie) as long as doesn't redistribute the music to random people? Or maybe he understands the entire futility of trying to create an audio DRM system when the audio analog hole is currently (and probably forever) unpluggable so he doesn't see anything wrong with a digital hack compared to hooking speaker output into his line-in and pressing record? Or he could just like the challenge of being a hacker in both meanings of the word. Unless he is distributing the cracked music to others, I see no moral crime here even if he is violating laws.
--
Want a free iPod?
Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
Wired article as proof
Most systems are mathematically sound, but there is always a flaw in the implementation that allows someone who is clever enough to sneak in. For example, SSH as a protocol and encryption system is secure, but some implmentations had a small flaw in them that allowed them to be cracked. All the headlines yelled "SSH broken" when the reality was that an implementation was broken. In this case, the DRM algorithm is secure (AFAIK) but the implementation is broken because the music is sent in the clear to the computer since the client needs to individually encrypt the music file with its own key. The only way to get around this flaw is to have the server encrypt it which would take a lot of CPU power (maybe grid computing of custom FPGA chips would help here) or to have the client run a TCPA system so that a 3rd party can't tweak the client. This sort of flaw is exactly why MS et al are pushing Trusted Computing.
However, this still won't stop the analog hole of plugging a wire into the output and input of the soundcard until the media is encrypted all the way to the speaker. At that point, the only way to get past this implementation would by to have a mike set up next to the speaker (or spliced between the analog amp and the magnet) and then filter the signal to try to get rid of the analog noise.
No, you paid Apple for a specifc file, with certain electronic restrictions on it, and you recieved that file, paid for, under certain conditions, outlined in the CONTRACT you AGREED TO before you purchased anything.
If I pay you for your house, for a certain price and sign a contract saying that I will not burn the house down, and I burn the house down, I'm violating the contract I signed. I payed for the house, and can do what I want with it, but I also signed a contract.
Don't like the contract, don't buy iTMS
T Money
World Domination with a plastic spoon since 1984
I don't think Gwen Stefani is the fault of legacy in the recording industries. Gwen always said she wanted to be rick and famous. And when she was poor and playing small groups in clubs and fairgrounds, it was cute, sad... she said she wanted to be one of those annoying and famous people with her name and lights, but she basically lived out of the back of a van playing crappy gigs in traditional musician fashion. You had to empathize with her, because everyone knows musicians in that situation. And you have to admit, Tragic Kingdom had some original and interesting tracks on it.
But Gwen is now exactly who she wanted to be. She has become the rich, famous, self-centered girl she always was, only now she's actually rich and famous. That which allowed her fans to empathize with her, and her with her fans, is gone. And in it's place are terrible covers of If I Were a Rich Man (I didn't think It's My Life was that bad), and vaccuous cameos in Kid Rock videos. I don't think this happened because she lost control over her music, so much as the change in lifestyle which comes with money made her lose connection with her audience.
A similar problem struck Alanis Morisette. Radio overplay aside, Alanis had always composed music because she was unhappy. And her audience responded to this. Enough people responded, that soon she was rich, successful, and gave her the power to solve her problems and make herself happy. Which she did. And she lost the drive to make music. Eventually she found it again (she gives a great interview about this), but because she was no longer singing about being tortured, she lost the audience that had that connection with her.
Most artists don't survive the transition from poor no-name slob to rich superstar simply because they sing about their experiences, and their experiences go from things everyone can relate to, to experiences very few people on the planet have. What would Bill Gates sing about that any of us here would connect to? Compiler woes? Kobain was highly relatable up until the end simply because he suffered the entire time. Dr Dre still raps about the kids in the hood and yelling at his grandma on the front porch, despite the fact that he owns million dollar mansions and essentially lives like an investment banker for talent.
The point is that the problems with the music industry that you had pointed out are not so much with legacy, but money. Too much money and too much success will destroy pretty much any artist. Even overthrowing the big 5 wouldn't change that.
The ______ Agenda
I know the AC was being funny, but he has a very valid point. People are not pirating music with PyMusique.
Our friends at the RIAA want to stop the rampant copyright infringement, right? Here's how:
1. Stop suing the people you want as your paying customers.
1a. Stop suing little old ladies that may not be your customers, but generate massive public sympathy when covered in the media.
2. Change iTMS and friends to do digital watermarking, instead of digital restrictions management.
All of a sudden, everybody's happy! The RIAA keeps their income and can still go after the worst copyright infringers (after politely asking them to cease and desist), Apple sells more iPods because people like me are less worried about draconian DRM methods, society gets the fair use rights they are owed, and judges can finally focus on dealing with white collar criminals rather than thousands of 13-year-olds who are nothing but music fans.
Yes, of course! Non-Mac means Windows. And since Windows users can already buy from iTunes, then why do we need more non-Mac iTunes software?
Looks like people really doesn't understand Copyright.
You didn't pay for the song. You didn't buy the song. You payed for the right to listen to it, one the media/format provided.
Several people have quoted the "First Sale" right/law. Guess what ? When you buy a CD, you are not only paying for the songs, but also for the physical media. You buy the media, and pay for the right to listen to the music (that is why you can't give copies to others). Since there is no way to sell the media (CD) without the music, the first sale right applies, indirectly, to the songs. Erasing the midia or changing it in any other way will decaracterise(?) the product, changing it into something else.
I hate the DMCA, RIAA and DRM as much as every other slashdoter, but barking at the wrong door isn't helping.
morcego
What motivation does DVD Jon have, other than pleasing his apparently large ego, to break the Apple DRM method? Instead, postulate this. What entities have a vested interest in seeing the Apple music distribution method fail, RIAA, Microsoft.
RIAA - Despite the success of the iTunes store, I'll bet the RIAA still salivates for the kind of revenue they used to generate with CDs before online P2P distribution came along. If they can prove that legal online distribution is insecure (because of people like DVD Jon) then they can pursue their lawsuit strategy to scare people out of using P2P.
Microsoft - If FairPlay doesn't work out, Microsoft has a brand spanking new DRM waiting in the wings. What better way to convince the RIAA that FairPlay isn't secure enough to protect the RIAAs assets, than to hire the most notorious DRM hacker currently known to make a public spectacle of the whole thing.
hmmmm....
So what your saying is I don't own any of the software on my computer, i just have a license to use it the way they deem fit? And if it would be wrong to violate their EULA? Forexample writing negative reviews on certain software because its implicity stated in the EULA? Or benchmarking the software as stated in the Microsoft .Net software? Or what about the spyware EULAs that say I can't run a AdAware to remove the software? Whats scary is if we keep up this attitude, we won't own anything, everything will be licensed to us. So businesses can lock us into their monolopy and limit our freedom of choice.
Have you ever been to a turkish prison?
YOUR reasoning is faulty, I'm afraid. Linux has significant market share. None of the others do. If I wrote my own OS today, would I expect Apple to write a client for it? No. But I might expect to write a client for an OS gaining market share rapidly.
I know a LOT of people who use alternative OSes. I know NONE who use HP-UX, OS/2, Plan9, or GNU/Hurd as their OS. Shit, why not add in IRIX, Dynix, VMS, AIX... I think even RMS uses Debian. If you said SkyOS, Syllable, ReactOS, etc, maybe I'd buy that, but even those aren't excluding a large customer base. Anyone using BeOS or Solaris knows there are certain things they have to go elsewhere for.
For the record, a Linux client could be made to run on the BSDs and Solaris too (like XFCE does).
Basically the worst they can do is claim a TOS violation and not let him (or anyone using standalone clients) use the server.
You can't sue someone for connecting to a public server, especially if the intent of use is perfectly legal. You pay for a song, then what does it matter how it is transferred?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Moreover, and this is nearly as bad as the practical difficulties of dealing with "secure" hardware the user has complete access to, it's designed by a company with a timetable and a budget.
The best minds in the world fuck up cryptography and security when they have decades of time to work and peer all the review they can handle.
Along comes a company that wants to do DRM. They could do use a very strong cipher but the chip that does that costs $0.05 instead of $0.03. They could open it up to peer review but they want it secret and they want it by the end of next quarter. They could have the code audited for security but that would take an expensive consultant.
Whoops. Now the cipher can be brute-forced a few years down the road. Whoops, their implementation drops bits of the key when the user does a chosen-plaintext attack. Whoops, there's a buffer overflow in in the firmware of the DRM chip. Now it can be reprogrammed to dump the unencrypted audio stream onto the hard drive.
Big business is never going to change the way it thinks. Their decisions will be based on what will give them good margins this quarter and next, not what will keep them secure for years to come. DRM is in a terrible position because it has to go in consumer electronics, where these pressures are at their worst.
I rarely criticize things I don't care about.
Apple's iTunes client adds the DRM because it needs the client to generate the key.
It needs something derived from the key to do the encryyption, you mean, and the key lives in the client.. so the design is slightly easier this way.
Doing it any other way would likely be a tremendous processor increase on the iTunes servers.
Other DRM schemes, including all the eBook schemes I know of, do it in the server. And CPU time is cheap: I'll bet there's more CPU use in a gooogle search, and that's "free".
The way I see it, there's only one safe path for Apple.
Do the encryption in the server.
Like I said before, if they do it right, Jon can't 'break' them. That's apparently too big an 'if'.
Include with the CD a one-time-use download link for cell-phone ringtones.
Include with the CD a DVD of video clips.
Include with the CD a CD of watermarked MP3s, at high bitrate.
Include with every purchased CD a sticker of the band or whatever.
The question is, though, does the RIAA want to stop piracy, or does the RIAA want to sell more records? The RIAA should be concentrating more on the latter than the former, IMO. That's where the money is; it doesn't really matter from an economic standpoint how much piracy there is, as long as they are selling the records, however from a dogmatic and philosophical point of view RIAA is in the business of "protecting its product". Where portection equates to restriction on consumers, and they wonder why consumers don't buy as many CDs as they used to (not to mention the number of new CDs released is dramatically falling).
But he isn't just "attacking" his own hardware or software; he's logging onto iTunes through his own software in violation of the terms of service which he agreed when he created his account. Most jurisdictions have a criminal offence covering "unauthorised access to computer systems" - does Norway really not?
And he is surely acting in breach of his contract with iTunes, albeit this would be a civil rather than criminal matter. Would Norway not consider this a contract law claim?
hell yeah, more power to you.
lets show them why they shouldn't ever try and make a business model succeed! Lets show them that all digital users reject the idea of obeying any kind of license. woooo!
that's sarcasm by the way. If you want to ruin the party, do it in your own back yard, not ours. (the people who actually pay for songs / respect the fact that they are -allowing us- to participate in this, and that its not some diety-given right to get music a la carte.
Boy, aren't you a hero!!
"Look guys, I cracked Timothy's login-password again!!" Yep, YOU surely could appreciate THAT, couldn't you!!
Jerry Smith
Care to back that up with any statistics? The past couple of months has seen releases numbered in the hundreds. Has there been a significant decrease in the number of titles released? If anything it seems like more are being released, because more and more reissues are coming out, both of old-stuff already on LP (The Talking Heads' The Name of This Band Is Talking Heads) and of old-stuff already on CD (NIN's expanded edition of The Downward Spiral).
If including DVDs stops piracy...
Did people still pirate Dave Matthews Band's Busted Stuff?
Or Les Savy Fav's Inches?
Or Coldplay's Live?
If including shirts stops piracy...
Did people still pirate Gwen Stefani's Love Angel Music Baby?*
Or Rancid's Indestructible?*
If including video clips stops piracy...
Did people still pirate Fiona Apple's Tidal?
Or Dizzee Rascal's Boy in Da Corner?
Or Madvillain's Madvillainy?
If including video clips AND a bonus disc of B-sides stop piracy...
Did people still pirate Royksopp's Melody A.M.?
If including free poster stops piracy...
Did people still pirate Björk's Medulla?*
If including a $20 off coupon for Reebok sneakers on a $10 CD stops piracy...
Did people still pirate 50 Cent's The Massacre?
If an album is of staggering artistic achievement...
Did people still pirate the Stone's Exile on Main Street?
Nothing, and I will repeat, nothing will stop piracy. Fugazi is one of the most anti-RIAA, anti-high-priced-CD bands out there, with their MSRP / list price being a mere $10.98, and you can still find their stuff on file-sharing networks.
Piracy != Bad
Piracy != Lost Profits
Piracy will always exist. Have a good product, have good value-added stuff on your CDs, don't gouge your consumers, don't expect to make millions and millions just because you have a CD, and you'll be OK.
---
* This was done, regretably, at a premium price.
Small potatoes make the steak look bigger.
Assuming (and I wouldn't even dare to hazard whether this is or isn't so) it is illegal to acces iTunes with "unauthorized" software they'd need to have a log of _him_ connecting to the service. As for "breaching" his contract with iTunes, who says he actually engaged in one by making use of their services.
It's like someone built a very large wall with 1 door in it, offering a service to people who want to look at what's behind the wall and making those people use that door (i.e. Apple). Then someone else comes around, looks at the wall (or listens to stories of people describing the wall) and says: "Well, here is this periscope like contraption, that you can use to look over the wall if you should choose to."
But of course, IANAL.
By breaking the ability to use iTunes music fairly (for example, in a device other than an iPid), Apple essentially forced the authors of Hymn to make their software more suitable to piracy.
Do you only listen to things you want to hear? You can burn your iTMS music to CD, and then you can do whatever the hell you want with it, including play it on something other than an iPod.
Besides that, it's not your "right" to violate the terms of service, violate the DMCA, and do what you want with the file. If you don't like the file, don't buy it. Maybe if enough people don't buy it, they will change the way it works because it's not working out for them. If you really want change, there are better ways to go about it than to break the law. Breaking the law will cause most people to think that your point is not valid, and you will not be heard.
That means everyone has to update their client software...AGAIN. They just forced millions of people to upgrade, and now they do the same thing...again!?
How come when Microsoft tries to stop supporting, say, Windows 98 or VB6 like 8 years after release, everyone goes nuts, but you'd easily suggest Apple updates a core app used by millions of DESKTOP users TWICE, both times freezing them out of the service in the meantime, without batting an eyelash?
"Perhaps the next step, apple will have to put the DRM on before it sends the file?"
This is the obvious next step i'll agree. But as i understand it. I thought about this when I read the article the other day, but this might be an even greater hole that the current one. DRM is tied down to your computer in some way. In order to DRM a tune your computer would have to send some information about itself to the server which DRM's the music file before sending it back. That is something you can easily control. Herein lies the problem with this method. Given a known "data set" (info about computer) used to DRM music , it would be trivial to create a known "data set" and using something pyMusique ensure the music files are encrypted using a data set key that can easily be shared / cracked.
Badly explained - i know - but hopefully you get the gyst.
Electronic Music Made Using Linux http://soundcloud.com/polyp
>'ve always wondered why they let you BROWSE other-
>country iTMS stores? I mean, what's the point?
Probably some naive idea that music fans would: complain to their lawmakers about the stupid laws that require Apple to make separate stores for each country, even in the EU; rather than just post complaints about Apple on discussion groups.
Jerry
Wrong. Selling records is the way the producer/record company make money off music. Most artists get their money from doing tours and live concerts. Only a small minority (like Madonna) get any actual cash from selling records.
Very similar to someone who provides a cable decoder, you mean?
Well assuming that it was a cable decoder that still required you to pay for your stations just like the companies one, then yes. The difference is that I can connect his cable decoder to my Linux TV. So I'll finally be able to start buying songs from them again.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.