Slashdot Mirror
Jon Johansen Breaks iTunes DRM Yet Again
ikewillis writes "Remember earlier today when Apple released an update supposedly blocking the hole in iTMS recently discovered by Jon Johansen? News.com reports that he has already worked around the update, and iTMS can now be accessed from non-Windows/MacOS X systems using the new version of his PyMusique software. You can view his blog entry on the issue (ironically titled So Sue Me). More power to you, Jon!"
Oh, don't worry. They will.
I wonder, did he work around it that quickly, or was he anticipating Apple's fix and already knew another way around it?
I am proud to assist in bankrupting you sir, but the main reason I don't buy CD's is because they still cost almost 4 times the price of a DVD on sale. So, when the record companies get with the times and charge $5 for a CD, I'll start buying again. Till then, have fun trying to file Chapter 11 under the new Republican bankruptcy rules.
"If you don't like the restrictions set on the songs, then don't pay $0.99 to buy it through the iTMS. Buy it or download it somewhere else..."
In the long run, that is a false option. More and more CDs are copy protected and eventually there will be no more cds made, just as they no longer make LPs. Both the content industry and electronics companies have a vested interest in restricting you from exercising your legal rights under copyright law.
Digital Rights Restriction, such as Apple's ironically named "FairPlay," prevent consumers from exercising their right to copy their music to playback the device of their choice.
Consumers have a number of legal rights that DRR'd music prevents them from exercising, including the right to re-sell their used music. The Doctrine of First Purchase says that you can re-sell copyrighted material without needing permission from the rights holder. This is why used bookstores are legal. And this right to resell still applies to music and digital files, hence the reason that used CD stores are legal.
Consumers have a legal right to re-sell their downloaded music, too, but Apple and other vendors of Digital Rights Restricted music make it technically impossible for consumers to exercise their legal rights under copyright law.
So, it isn't a matter of "Just by a CD or get your music 'somwhere else' and shut up." Fighting the indiscriminate appropriation of consumers legal rights by companies use Digital Rights Restriction technology is an important moral and legal issue
Then ... Apple would be cool.
... Apple wouldn't be allowed to sell music anymore.
Then
His server seems to be /.ed
The blog entry is:
The
iTunes Music Store recently stopped supporting iTunes versions below
4.7 in an attempt to shut out 3rd party clients. I have reverse
engineered the iTMS 4.7 crypto which will once again enable 3rd party clients to communicate with the iTMS.
Even if every person who downloaded music from the Internet did so after paying for the music, such as through iTunes (I don't know if this hack involves circumventing the payment system or only the DRM attached to paid-for songs; I presume that it is the latter, because if it were the former then Apple and others would have a case against Jon for contributory copyright infringement and would have filed that suit already), your store would be suffering just the same.
Your problem is a business model that is becoming increasingly obsolete. Your solution is not to blacklist pirates, but rather to adapt to a market where people legally buy and download music from the Internet rather than purchasing it at physical record stores. If you can't compete in that market, then it's nobody's fault but your own that your business fails as a result.
Failed businesses are nothing to be ashamed of. But you need to do a cost-benefit analysis of each option in front of you. Among them are continuing as you are, adapting to the new marketplace, pursuing your blacklisting system (which only affects pirates, not lawful downloaders), and bailing out.
And remember: Shit happens.
Good thing this was Apple.
Any other company would have just had him killed already.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
of iTunes and see if this is all he is after. That is what he says anyway.
Well, there are those of us who think that no DRM is acceptable - and furthermore that no DRM is unbreakable, and therefore futile. DVD Jon's done a great job demonstrating the latter with iTMS, and previously DVDCSS.
This isn't about getting free music. It's about removing restrictions that traditionally haven't been in place on consumer media. DRM of any kind can become an obstruction even during benign activities traditionally protected under fair use. Sure, i COULD burn my DRMed AACs to a CD then re-rip to an MP3 to get my files onto my NOMAD or CD-MP3 player, but it's a pain in the rear and I'm going to lose my tag info. If there weren't restrictions on the files, that would be a non-issue.
Yes, Apple's DRM is less obtrusive than most, but it still locks you out from things you've traditionally been allowed to do. And that's simply not OK.
I'm no fan of DRM, but it's about time SOMEBODY finally has the right goal in mind. Make legitimacy more convenient. I've been paying $10 a month for nearly 2 years now to Rhapsody. Since then, I've made 0 (zero, just in case any of you thought it was a typo.) MP3 downloads. Why? Their subscription service is significantly faster and easier. Okay, subscription's not for everybody, but the price is right and the service beats P2P.
Believe it or not, the *AA can compete with free. I'm looking forward to the day that this is more widely understood. I really want the instant gratification of buying content on-line.
"Derp de derp."
And those of us who have *paid* also have the right to remove the DRM once it gets to us. Sounds fair to me.
If you don't want to then fine... wait until you upgrade your computer and find that DRM has locked you out because you 'copied' the files to the new one.
Just some food for thought...
If Apple really doesn't want to have to use DRM on it's iTunes downloads, and they write patches that are supposed to fix loopholes and these patches are easily defeated...
Is it conceivable that Apple doesn't care if the patches are easily circumvented? "Yeah, we'll fix something we don't really want, and if you happen to break it, you outfoxed us *wink wink nudge nudge*
Just a thought.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
If I remember correctly, he never did break the DRM, instead he captured the audio file before it went through the iTunes software, which puts the DRM into the audio file ... therefore there is no DRM to break.
And no, I didn't RTFA
Their DRM infringe on my right to:
* Copy music to the playback device of my choice.
* Re-sell a product I have purchased (selling a book second hand is legal. Selling second-hand music is also legal. See Doctrine of First Purchase for more details).
Anyone that gives me back my legal rights, is someone who deserves encouraging.
The music industry is plagued by an enormous problem of legacy. Creativity has been stifled by the labels' continuing drive towards commercialization. We have "artists" like Gwen Stefani releasing cover after cover, first covering Talk Talk's It's My Life then covering If I Were A Rich Man from Fiddler on the Roof, and both covers are atrocious. These are examples of an industry which is creatively bankrupt and where profit is the bottom line. It seems like nowadays the only place you can find creativity is in underground music, before the industry has commercialized and destroyed it.
Music needs a new distribution model, one where the artist is in the driver's seat and has complete creative control over their work. The Internet has rendered traditional music labels obsolete, they're aware of this, and they're fighting their eventual downfall tooth and nail. They will lose.
DRM is based around cryptographically unsound principles. In order to play DRM encrypted music you need the encrypted content and the key on your local system. Given this you have everything you need to unlock the encrypted data, it's only through obfuscation in the client that the key is hidden.
Eventually the industry will have to come to terms with this fact and the fact that their distribution model is antequated and obsolete. We need people to continue proving DRM is an unsound technology so eventually they give up on it entirely.
Funny this was posted back in 10/22/2003
h ol d=1&commentsort=0&tid=141&tid=188&mode=thread&cid= 7278955
Here you go:
http://slashdot.org/comments.pl?sid=83129&thres
Um, wrong...
RTFA: the "back door" doesn't strip out the DRM. It merely lets you play it on Linux - if you want to get it, you need to buy it.
As iTunes already allows you burn purchased tracks to CD (allowing them to be ripped into MP3s according to the article), all this does is allow you to play music you purchase. After all, what are the odds that the music you steal is DRM'd when there's so much un-DRM'd music to steal instead?
All this is doing, as far as I can see, is filling a hole in the market by producing a player that works under Linux. Heck, they're not even releasing a Windows version - Windows already has a free-as-in-beer player in iTunes.
"Software is too expensive to build cheaply"
Ok people, let's review the facts, since most people don't seem to know or read...
1. DVD Jon lives in Norway, where the majority of this stuff, including the release of DeCSS which breaks DVD encoding, is illegal. The court case failed.
2. Nobody broke Apple's DRM. All this does is retreive the music before the iTunes client adds the DRM. How is this possible? Apple's iTunes client adds the DRM because it needs the client to generate the key. Doing it any other way would likely be a tremendous processor increase on the iTunes servers.
3. Apple can sue DVD Jon if they choose, but it will likely do no good.
The way I see it, there's only one safe path for Apple. They should release an iTunes client for Linux along with a statement that any further attempt to block their DRM will be followed up with a lawsuit. Sure, the lawsuit part is either a bluff or a waste of time, but at least they eliminate the "It's just so we can run on Linux" argument.
Creating these hacks is really like taking the silverware and plates out of a restaurant when you know you are really paying just for the food.
Or perhaps it's more like bringing your own tupperware with you when you go to the restaurant, so that you can take the food with you and eat it anywhere you want.
[Record Labels, to Apple] Sorry, you can't guarantee security with your store, so we won't license the music to you anymore.
Perhaps he should have titled his blog "So slashdot me"
Why do we have to treat the music labels like some kind of poor skittish fawn in a petting zoo? I mean, you say they are scared of offering online music because it may be, um, cracked. The big news flash is this: If you buy the CD, it is already "cracked" so to speak. Did they forget about CDs? Should we help the music industry lock down CDs somehow so they don't get so scared they stop selling us music all together?
Like I said earlier today, I could buy music from the iTunes store, which comes in a mediocre sound quality (compared to DRM-free CDs), in a format that doesn't work with my portable music player. Then I could burn it to a CD, then rip the CD into another lossy format to lose even more quality, all just so I could use the music like I want to. Honestly, it would be a lot easier to just obtain the music illegally, because I'm not gonna run out and buy an iPod or sit at my computer all day. To be honest, I've decided to stick to CDs for now.
To keep the ease of use and freedom we already have with music, we have to recognize this DRM for what it is: a power grab. Anybody with half a brain can see it is pretty much just as easy to share music you rip off a CD as it is to share music you've downloaded. Whether you consider the DRM a hassle or not, there is no doubt that you are losing control you once had. Why would you want to pander to these people and their anti-consumer goals?
The way I see it, the music labels themselves are hurting online legal music, because I would be buying singles and so on, if I didn't get less rights and more hassle out of it. As far as I'm concerned, they can just not have my money, you know? I'm not going to encourage what they are doing. Hurting the iTunes music store or this kind of locked up DRM business model doesn't seem so bad.
As for the people cracking these DRM schemes, well, its not necessarily illegal, depending on how free of a nation you live in. It's hard for me to see it is inherantly unethical either. It's not like the music is being being taken without paying.
This is simply amazing slashbotters saying this guy shouldn't be a hero because he violated a EULA click license. Is it april 1st already?
Have you ever been to a turkish prison?
...The client could then decrypt the song using its private key...
... but the cost would be significant even if it did work.
And uh, where exactly is this private key going to be hidden on a users own machine that they can't find it? This is exactly the fundamental flaw of DRM everyone keeps talking about. If the client can decrypt it, the client can be hacked. For software clients this is no longer even a question. For hardware clients, we're just not sure yet
Note: Things like Palladium which would try to take away a user's "root access" to their system *might* create a platform that could make hard DRM possible, but that's all thoery until it hits the field. (And it's questionable whether customers will swallow that particular cactus bulb. Some folks speculate the only reason many products *cough*DVD*cough* survive today is because customers know they can get around supposed restrictions.)
I doubt that they really care that much if you rip off the RIAA or whatever, but what they do care about is getting you to build up a library of music that can be played back on your iPod and no other portable player. They have always said that they didn't expect to make money on the ITMS, that it was to encourage people to buy iPods. Well, what better way to encourage them to let them build up large libraries of music that must be played back on an iPod?
;-)
Well, that's my theory, anyway.
And I'm never wrong.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
"You know what you are getting when you buy songs from iTunes, DRM encryption that ties the song to you."
And Rosa Parks knew what she was getting into when she refused to give up her seat on the bus. Knowing that your are going to have your rights violated by a business does not mean that you have no right to complain. Your not suggesting that Rosa Parks should have moved to the back of the bus because |She knew what she was getting into| are you?
"Creating these hacks is really like taking the silverware and plates out of a restaurant when you know you are really paying just for the food."
No, it is like taking the onions off your burger when you know that the menu shows the burger WITH onions.
"It's so hypocritical how slashdot really realy really hates GPL violators, but cheers something like this."
This is nonsensical. Most people that hate GPL violators, hate them because the GPL violators are performing the same act as the DRR (Digital Rights Restriction) groups are doing. Building their projects on the shoulders of those that came before, then trying to stop anyone else from doing the same. It's not about honoring or breaking a license. It's about submitting an idea to society, then trying to control the idea, even if it means that part of our culture is lost to future generations.
Fox Movie Channel tells why DRM/DRR is a catastrophy in the making.. "Sadly, 90% of films made during the silent era are gone, due to neglect or chemical decomposition. 50% of films made before 1950 have suffered a similar fate." Much of our cultural history was lost. Now that we have ways for millions of people to help stop this from happening again, DRR shows up, and we are faced with it all happening again.
>Whatever happened to not patronizing companies/vendors/services you fundamentally disagreed with?
people have been broken. they are weak and without principles.
that's why most refer to themselves as "consumers" these days.
A tip for you and others just in case you didn't know about this company.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Yeah reasonable like being able to sell the music your purchase, or running on any other device besides an ipod. Thats fair and reasonable. If apple goes bankrupt, there will be no way for me to get my music onto another computer,ala all those guys who bought DIVX movies. Thats very fair. I love all these post supporting apple, but when Napster gets cracked there was not one highly modded post saying what the guys did was wrong. You apple fan boys are a bunch of hyprocrites.
Have you ever been to a turkish prison?
Every time this gets cracked, it hurts online legal music.
No, it only hurts schemes that rely on DRM. It doesn't hurt on-line music sales that don't rely on DRM.
After all, we can't just NOT BUY THE SONGS if we don't like the DRM, right?
The existence of DRM still threatens me because as long as people erroneously believe that they can make DRM work, they will be trying to put all sorts of bogus technological protections in my hardware.
So, I don't buy DRM'ed music, but I still consider it very important, and applaud, that people break the hokey DRM schemes that companies try to build business models around.
You certainly don't have to buy it, nor use it (especially since using without buying it would be stealing it), but frankly I don't think it's your place or anyone else's to tell people not to subvert it. People have a moral right, and perhaps a duty, to work to subvert things they think are unjust. And while I personally don't really feel that FairPlay is terribly unjust, I have a certain amount of understanding for those that do. If you want to argue morals, fine--but as someone who otherwise agrees with you, I take offense to the suggestion that people should not actively work against causes they find repressive.
If people think it's wrong, they're going to do their best to subvert it (regardless of what 'it' is). And as long as they're doing it from countries where this subversion is legal (ones without DMCA-like laws, in the case of DRM) then
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Johansen's app doesn't help to steal music, but allows non-Mac users to BUY it from iTunes. Apple doesn't like it, but it's debatable if even they have been injured in a legal sense.
This has nothing to do with "Congress" saving a business model.
Yes it does. Their business model is based on "First Sale Doctrine" and that model is moot in a digital world where the cost of reproduction is esentially zero. And so they are attempting to create new laws in congress so that they can sustain their business model. I believe Robert Heinlein put it best:
There has grown up in the minds of certain groups in this country the notion that because a man or a corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary public interest. This strange doctrine is not supported by statute nor common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back, for their private benefit.
The copyright owners own the content, period, and get to decide how it's used, by whom, and under what conditions, whether you like it or not.
Wrong! Try reading the Constitution sometime. Once a work is published it is by its very nature a public work. They government grants the origiator a limited time copyright and with it come certain restictions and allowances. The inablity to resell or otherwise use the work in personal ways is beyond the scope of the granted copyright. These technologies are attempts to add restrictions to these works so that they become the sole distributor and "Second Sale" and personal use become impossible.
They don't have to encrypt the music. Apple is well within its rights to sell the music in the ways it sees fit on its own service.
Yes they are, and I am well within my rights under the constitution to place that music on phonogragh, tape, eight track, cd and any and all music playing devices I own.
Additionally, this argument is worthless, because even if it was encrypted, you'd be on the side of arguing that it's ok to break the encryption.
If GM sold cars with that only accepted gas from GM gas pumps and I removed their gas tap and replaced it with a standard gas tap, would I be breaking the law?
If you don't believe in copyright, licenses, or "trade secrets"
This isn't about doing away with copyrights and licenses completely. Its about returning to what copyright laws original intent was "to promote the progress of science and useful arts, by securing for limited times, to authors and inventors, the exclusive right to their respective writings and discoveries" and not to line the pockets of the middle men over and over again.
Oh, I forgot, those things only apply to the things you want it to, not corporate interests.
Please read the eighth section of the first article of the constitution I don't see anything in there about corporate interests. What I do see is the promoting of scientific progress and useful arts which are clearly public interests.
Two-minute penalty.
WIndows buyers can already purchase songs from ITMS using iTunes for Windows.
What he is doing is helping people bypass Apple's terms of service on iTMS (i.e. no Fairplay DRM, no restrictions to 3 machines, etc.)
Avoid Missing Ball for High Score
I'm going to mention it here but someone else has already brought up the so sue me title...
The title of the blog was So Sue Me long before Jon went after iTunes Music Store like this. It's not something he's saying to Apple, ever since the DVD DMCA thing he has had this blog titled that way. Don't get the idea he's got that title in there JUST to spite Apple.
Kyle
http://www.unlogikal.net/
I know the AC was being funny, but he has a very valid point. People are not pirating music with PyMusique.
Our friends at the RIAA want to stop the rampant copyright infringement, right? Here's how:
1. Stop suing the people you want as your paying customers.
1a. Stop suing little old ladies that may not be your customers, but generate massive public sympathy when covered in the media.
2. Change iTMS and friends to do digital watermarking, instead of digital restrictions management.
All of a sudden, everybody's happy! The RIAA keeps their income and can still go after the worst copyright infringers (after politely asking them to cease and desist), Apple sells more iPods because people like me are less worried about draconian DRM methods, society gets the fair use rights they are owed, and judges can finally focus on dealing with white collar criminals rather than thousands of 13-year-olds who are nothing but music fans.
Because, of course, the court cases that Jon went through (DMCA infringment involving DVD encryption) relate directly to DMA involved with iTunes. After all, DMCA is DMCA, right? Let's lump all the cases together.
Using this tool might be a problem with Apples ToS and whatnot, but creating the tool is purely a legal issue. And that issue has been clearly settled under norwegian law. There is currently no norwegian law prohibiting you from creating a tool to break any copyright protection mechanism. You have the right to access any "secret" key in your hardware or software. That is why he can do so with impunity. Apple could sue, but they would lose as the law stands today. The public prosecutor knows it and won't do it.
Kjella
Live today, because you never know what tomorrow brings
According to a CNET article I read on this, only a linux version will be released (see last paragraph here. They are explicitly NOT releasing a windows version this time, presumably to minimize any antagonization of Apple by limiting it to such a small target audience that doesn't have "sanctioned" options to shop on iTunes.
Prior to the iTunes 4.7.x breakage (I don't mean the recent breakage, I mean the anti-Hymn breakage), Hymn would leave all identification info in any files it unprotected. In essence, the files were (lightly) watermarked.
With iTunes 4.7, Apple changed it so that watermarked but unprotected files wouldn't play.
The solution? Remove the watermark.
By breaking the ability to use iTunes music fairly (for example, in a device other than an iPid), Apple essentially forced the authors of Hymn to make their software more suitable to piracy.
retrorocket.o not found, launch anyway?
Basically the worst they can do is claim a TOS violation and not let him (or anyone using standalone clients) use the server.
You can't sue someone for connecting to a public server, especially if the intent of use is perfectly legal. You pay for a song, then what does it matter how it is transferred?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Moreover, and this is nearly as bad as the practical difficulties of dealing with "secure" hardware the user has complete access to, it's designed by a company with a timetable and a budget.
The best minds in the world fuck up cryptography and security when they have decades of time to work and peer all the review they can handle.
Along comes a company that wants to do DRM. They could do use a very strong cipher but the chip that does that costs $0.05 instead of $0.03. They could open it up to peer review but they want it secret and they want it by the end of next quarter. They could have the code audited for security but that would take an expensive consultant.
Whoops. Now the cipher can be brute-forced a few years down the road. Whoops, their implementation drops bits of the key when the user does a chosen-plaintext attack. Whoops, there's a buffer overflow in in the firmware of the DRM chip. Now it can be reprogrammed to dump the unencrypted audio stream onto the hard drive.
Big business is never going to change the way it thinks. Their decisions will be based on what will give them good margins this quarter and next, not what will keep them secure for years to come. DRM is in a terrible position because it has to go in consumer electronics, where these pressures are at their worst.
I rarely criticize things I don't care about.
Include with the CD a one-time-use download link for cell-phone ringtones.
Include with the CD a DVD of video clips.
Include with the CD a CD of watermarked MP3s, at high bitrate.
Include with every purchased CD a sticker of the band or whatever.
The question is, though, does the RIAA want to stop piracy, or does the RIAA want to sell more records? The RIAA should be concentrating more on the latter than the former, IMO. That's where the money is; it doesn't really matter from an economic standpoint how much piracy there is, as long as they are selling the records, however from a dogmatic and philosophical point of view RIAA is in the business of "protecting its product". Where portection equates to restriction on consumers, and they wonder why consumers don't buy as many CDs as they used to (not to mention the number of new CDs released is dramatically falling).
To elaborate on this, the 'precedent' system in which past rulings form a legal ground for deciding future cases is part of common law, which as the link indicates is generally found in English speaking countries.
The rest of Europe, including Norway, basically uses civil law, in which in the end only the written law counts.
Assuming (and I wouldn't even dare to hazard whether this is or isn't so) it is illegal to acces iTunes with "unauthorized" software they'd need to have a log of _him_ connecting to the service. As for "breaching" his contract with iTunes, who says he actually engaged in one by making use of their services.
It's like someone built a very large wall with 1 door in it, offering a service to people who want to look at what's behind the wall and making those people use that door (i.e. Apple). Then someone else comes around, looks at the wall (or listens to stories of people describing the wall) and says: "Well, here is this periscope like contraption, that you can use to look over the wall if you should choose to."
But of course, IANAL.
"Stolen" is a strong word with specific legal meaning. If the sound originates from the game (and I'm not actually questioning it), I can readily see it as fair use, considering the related lawsuits and legal precedence, but I'm not a lawyer. Janet Jackson sampled my Mac system sound, and used it in one of her songs. My startup sound for the Mac was also used in the movie Jurassic Park (when they rebooted the park's computers).
Furthermore, if my ears are correct (and they usually are) one of the sounds in that game was "stolen" from Peter Gabriel.
If you weren't being so juvenile, you might be more persuasive. Try removing the hyperbole and begin using proper grammar.
You, alone, know the truth? Well, I'm responsible for Sosumi, the System 7 beeps, and the startup sound (which all remain in use today). I don't actually remember where or how I obtained the original sound. Most of them I created such as the startup sound and others, some I obtained such as the monkey sound that made by a friend's wife.
Personally, I felt having my startup sound used (or "stolen" in your words) by Steven Spielberg to be a form of flattery.
Are you a representative of Mr. Buckland? What is your interest in this matter? I'd like to hear from him instead.