Slashdot Mirror
Jon Johansen Breaks iTunes DRM Yet Again
ikewillis writes "Remember earlier today when Apple released an update supposedly blocking the hole in iTMS recently discovered by Jon Johansen? News.com reports that he has already worked around the update, and iTMS can now be accessed from non-Windows/MacOS X systems using the new version of his PyMusique software. You can view his blog entry on the issue (ironically titled So Sue Me). More power to you, Jon!"
Oh, don't worry. They will.
I am proud to assist in bankrupting you sir, but the main reason I don't buy CD's is because they still cost almost 4 times the price of a DVD on sale. So, when the record companies get with the times and charge $5 for a CD, I'll start buying again. Till then, have fun trying to file Chapter 11 under the new Republican bankruptcy rules.
The only way for Apple to actually fix this hole is to handle DRM encryption server side, unless you consider the problem is unresolved due to the fact that DRM is a fundamentally flawed concept.
Good thing this was Apple.
Any other company would have just had him killed already.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
of iTunes and see if this is all he is after. That is what he says anyway.
Well, there are those of us who think that no DRM is acceptable - and furthermore that no DRM is unbreakable, and therefore futile. DVD Jon's done a great job demonstrating the latter with iTMS, and previously DVDCSS.
This isn't about getting free music. It's about removing restrictions that traditionally haven't been in place on consumer media. DRM of any kind can become an obstruction even during benign activities traditionally protected under fair use. Sure, i COULD burn my DRMed AACs to a CD then re-rip to an MP3 to get my files onto my NOMAD or CD-MP3 player, but it's a pain in the rear and I'm going to lose my tag info. If there weren't restrictions on the files, that would be a non-issue.
Yes, Apple's DRM is less obtrusive than most, but it still locks you out from things you've traditionally been allowed to do. And that's simply not OK.
I'm no fan of DRM, but it's about time SOMEBODY finally has the right goal in mind. Make legitimacy more convenient. I've been paying $10 a month for nearly 2 years now to Rhapsody. Since then, I've made 0 (zero, just in case any of you thought it was a typo.) MP3 downloads. Why? Their subscription service is significantly faster and easier. Okay, subscription's not for everybody, but the price is right and the service beats P2P.
Believe it or not, the *AA can compete with free. I'm looking forward to the day that this is more widely understood. I really want the instant gratification of buying content on-line.
"Derp de derp."
The music industry is plagued by an enormous problem of legacy. Creativity has been stifled by the labels' continuing drive towards commercialization. We have "artists" like Gwen Stefani releasing cover after cover, first covering Talk Talk's It's My Life then covering If I Were A Rich Man from Fiddler on the Roof, and both covers are atrocious. These are examples of an industry which is creatively bankrupt and where profit is the bottom line. It seems like nowadays the only place you can find creativity is in underground music, before the industry has commercialized and destroyed it.
Music needs a new distribution model, one where the artist is in the driver's seat and has complete creative control over their work. The Internet has rendered traditional music labels obsolete, they're aware of this, and they're fighting their eventual downfall tooth and nail. They will lose.
DRM is based around cryptographically unsound principles. In order to play DRM encrypted music you need the encrypted content and the key on your local system. Given this you have everything you need to unlock the encrypted data, it's only through obfuscation in the client that the key is hidden.
Eventually the industry will have to come to terms with this fact and the fact that their distribution model is antequated and obsolete. We need people to continue proving DRM is an unsound technology so eventually they give up on it entirely.
In other words, your "rights" are not being violated by DRM.
There ain't no rules here; we're trying to accomplish something.
"The iPod is my playback device of choice. I buy songs that work with it. I don't go to Real or Napster, buy music, and then try to work around their DRM to strip it and make it compatible with my iPod."
Why not? Today, the iPod may be your device of choice, but what if, tomorrow, a company comes out with a much, much better device. Will you still be happy? You won't if you bought Rights Restricted songs from Apple. Your songs will live and die on that iPod like a caged animal and your investment will forever be tied to Apple's largesse--and the life-span of your iPod. Your argument is like a person in a locked room saying he chooses to stay in the room of his own free will, not realizing that he can't open the door should he ever decide to leave.
The term "Digital Rights Management" is a misnomer. It doesn't let you, the consumer, manage anything. The proper term is Digital Rights Restriction because the technology restricts the ways you are allowed to use your music in ways that copyright law does not allow rights holders to restrict you. You are legally allowed to resell copyrighted material, including digital media like CDs and DVDs. DRR prevents you from exercising your legal rights.
Ok people, let's review the facts, since most people don't seem to know or read...
1. DVD Jon lives in Norway, where the majority of this stuff, including the release of DeCSS which breaks DVD encoding, is illegal. The court case failed.
2. Nobody broke Apple's DRM. All this does is retreive the music before the iTunes client adds the DRM. How is this possible? Apple's iTunes client adds the DRM because it needs the client to generate the key. Doing it any other way would likely be a tremendous processor increase on the iTunes servers.
3. Apple can sue DVD Jon if they choose, but it will likely do no good.
The way I see it, there's only one safe path for Apple. They should release an iTunes client for Linux along with a statement that any further attempt to block their DRM will be followed up with a lawsuit. Sure, the lawsuit part is either a bluff or a waste of time, but at least they eliminate the "It's just so we can run on Linux" argument.
Creating these hacks is really like taking the silverware and plates out of a restaurant when you know you are really paying just for the food.
Or perhaps it's more like bringing your own tupperware with you when you go to the restaurant, so that you can take the food with you and eat it anywhere you want.
There is nothing flawed about DRM.
Allow me to give you a quick refresher on public key encryption. With public key encryption Alice has a public key and a private key. Anything encrypted with the public key can only be decrypted with the private key. So Alice keeps her private key private and allows Bob to have her public key.
Now let's look at how DRM tries to turn this upside down and fails. With any DRM, the basic concept is that Bob is going to give Alice her private key, but try to keep it totally private from her. By definition it needs to be stored on her device (PC, ipod, whatever) to decrypt what Bob sends her, but he does not want her using it in any way that he disapproves of. So convoluted schemes of symmetric encryption and security by obscurity are developed to store this private key in such a way that only certain programs on Alice's device can access it, but nothing else can (nor can Alice access it directly). However, since the machine is under Alice's control it is only a matter of time before she finds it or figures out how to use it to decrypt data as she pleases. This is why nearly every DRM scheme in history has been broken.
It is a fundamentally flawed concept.
Why do we have to treat the music labels like some kind of poor skittish fawn in a petting zoo? I mean, you say they are scared of offering online music because it may be, um, cracked. The big news flash is this: If you buy the CD, it is already "cracked" so to speak. Did they forget about CDs? Should we help the music industry lock down CDs somehow so they don't get so scared they stop selling us music all together?
Like I said earlier today, I could buy music from the iTunes store, which comes in a mediocre sound quality (compared to DRM-free CDs), in a format that doesn't work with my portable music player. Then I could burn it to a CD, then rip the CD into another lossy format to lose even more quality, all just so I could use the music like I want to. Honestly, it would be a lot easier to just obtain the music illegally, because I'm not gonna run out and buy an iPod or sit at my computer all day. To be honest, I've decided to stick to CDs for now.
To keep the ease of use and freedom we already have with music, we have to recognize this DRM for what it is: a power grab. Anybody with half a brain can see it is pretty much just as easy to share music you rip off a CD as it is to share music you've downloaded. Whether you consider the DRM a hassle or not, there is no doubt that you are losing control you once had. Why would you want to pander to these people and their anti-consumer goals?
The way I see it, the music labels themselves are hurting online legal music, because I would be buying singles and so on, if I didn't get less rights and more hassle out of it. As far as I'm concerned, they can just not have my money, you know? I'm not going to encourage what they are doing. Hurting the iTunes music store or this kind of locked up DRM business model doesn't seem so bad.
As for the people cracking these DRM schemes, well, its not necessarily illegal, depending on how free of a nation you live in. It's hard for me to see it is inherantly unethical either. It's not like the music is being being taken without paying.
there are options. there's magnatune.com for starters. Look, there is "someplace else" to buy or download stuff. It drives me crazy that mostly everyone here bitches and complains about the Evil Music Industry, but no one is willing to try out alternatives. Guys there are alternatives. If we would all make use of them, then the artists would sign contracts with those alternates! Besides, it's honest. -ron
...The client could then decrypt the song using its private key...
... but the cost would be significant even if it did work.
And uh, where exactly is this private key going to be hidden on a users own machine that they can't find it? This is exactly the fundamental flaw of DRM everyone keeps talking about. If the client can decrypt it, the client can be hacked. For software clients this is no longer even a question. For hardware clients, we're just not sure yet
Note: Things like Palladium which would try to take away a user's "root access" to their system *might* create a platform that could make hard DRM possible, but that's all thoery until it hits the field. (And it's questionable whether customers will swallow that particular cactus bulb. Some folks speculate the only reason many products *cough*DVD*cough* survive today is because customers know they can get around supposed restrictions.)
"You know what you are getting when you buy songs from iTunes, DRM encryption that ties the song to you."
And Rosa Parks knew what she was getting into when she refused to give up her seat on the bus. Knowing that your are going to have your rights violated by a business does not mean that you have no right to complain. Your not suggesting that Rosa Parks should have moved to the back of the bus because |She knew what she was getting into| are you?
"Creating these hacks is really like taking the silverware and plates out of a restaurant when you know you are really paying just for the food."
No, it is like taking the onions off your burger when you know that the menu shows the burger WITH onions.
"It's so hypocritical how slashdot really realy really hates GPL violators, but cheers something like this."
This is nonsensical. Most people that hate GPL violators, hate them because the GPL violators are performing the same act as the DRR (Digital Rights Restriction) groups are doing. Building their projects on the shoulders of those that came before, then trying to stop anyone else from doing the same. It's not about honoring or breaking a license. It's about submitting an idea to society, then trying to control the idea, even if it means that part of our culture is lost to future generations.
Fox Movie Channel tells why DRM/DRR is a catastrophy in the making.. "Sadly, 90% of films made during the silent era are gone, due to neglect or chemical decomposition. 50% of films made before 1950 have suffered a similar fate." Much of our cultural history was lost. Now that we have ways for millions of people to help stop this from happening again, DRR shows up, and we are faced with it all happening again.
MTV has obtained exclusive contracts such that certain music videos could only be found on MTV.
MTV still plays videos?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
You certainly don't have to buy it, nor use it (especially since using without buying it would be stealing it), but frankly I don't think it's your place or anyone else's to tell people not to subvert it. People have a moral right, and perhaps a duty, to work to subvert things they think are unjust. And while I personally don't really feel that FairPlay is terribly unjust, I have a certain amount of understanding for those that do. If you want to argue morals, fine--but as someone who otherwise agrees with you, I take offense to the suggestion that people should not actively work against causes they find repressive.
If people think it's wrong, they're going to do their best to subvert it (regardless of what 'it' is). And as long as they're doing it from countries where this subversion is legal (ones without DMCA-like laws, in the case of DRM) then
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
In the long run, that is a false option. More and more CDs are copy protected and eventually there will be no more cds made, just as they no longer make LPs
Wow. All this brand new vinyl I bought the other day must be a figment of my imagination. Time to lay off the acid...
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
"it isn't a matter of "Just by a CD or get your music 'somwhere else' and shut up." Fighting the indiscriminate appropriation of consumers legal rights by companies use Digital Rights Restriction technology is an important moral and legal issue."
True. It is. Personally I couldn't care less if they locked up all the music in the world. I am much more worried about the bigger picture, as you say. I don't know if I fight enough. But I write, and I try to inform. But no one listens. Quite frankly, not many of us are fighting the onslaught. No one cares, because they can still sit back in their vinyl chair and watch boobies from satellite with their 55" TV they bought at 22% interest from Best Buy.
Ask anyone not a regular reader of Slashdot what they're doing to send Orrin Hatch a clear message to leave our computers alone. They'll look at you as if you're eyes just fell out. Ask them if they're fighting Trusted Computing. They won't have an inkling of what you're on about. Ask them if they hate the draconian licensing scheme of Windows XP. They don't care. Ask them what the perpetual copyright is doing to our Public Domain... Ask them why we are constantly giving up our individual rights for the rights of a faceless corporation. As long as the mob has their reality TV and buckets of beer, they won't lift a finger.
I wish more of us were proactive. I wish I did more, honestly. The world is in need of some no-doze because the planet's spiraling out of control.
I can only hope the line that wakes up the unwashed masses isn't too far down the road. But, in the smaller picture... it's just music. I don't necessarily give two monkeys about it anyway.
It's the Stay-Puft Marshmallow Man.
Two-minute penalty.
I'm going to mention it here but someone else has already brought up the so sue me title...
The title of the blog was So Sue Me long before Jon went after iTunes Music Store like this. It's not something he's saying to Apple, ever since the DVD DMCA thing he has had this blog titled that way. Don't get the idea he's got that title in there JUST to spite Apple.
Kyle
http://www.unlogikal.net/
I know the AC was being funny, but he has a very valid point. People are not pirating music with PyMusique.
Our friends at the RIAA want to stop the rampant copyright infringement, right? Here's how:
1. Stop suing the people you want as your paying customers.
1a. Stop suing little old ladies that may not be your customers, but generate massive public sympathy when covered in the media.
2. Change iTMS and friends to do digital watermarking, instead of digital restrictions management.
All of a sudden, everybody's happy! The RIAA keeps their income and can still go after the worst copyright infringers (after politely asking them to cease and desist), Apple sells more iPods because people like me are less worried about draconian DRM methods, society gets the fair use rights they are owed, and judges can finally focus on dealing with white collar criminals rather than thousands of 13-year-olds who are nothing but music fans.
Because, of course, the court cases that Jon went through (DMCA infringment involving DVD encryption) relate directly to DMA involved with iTunes. After all, DMCA is DMCA, right? Let's lump all the cases together.
Using this tool might be a problem with Apples ToS and whatnot, but creating the tool is purely a legal issue. And that issue has been clearly settled under norwegian law. There is currently no norwegian law prohibiting you from creating a tool to break any copyright protection mechanism. You have the right to access any "secret" key in your hardware or software. That is why he can do so with impunity. Apple could sue, but they would lose as the law stands today. The public prosecutor knows it and won't do it.
Kjella
Live today, because you never know what tomorrow brings
Prior to the iTunes 4.7.x breakage (I don't mean the recent breakage, I mean the anti-Hymn breakage), Hymn would leave all identification info in any files it unprotected. In essence, the files were (lightly) watermarked.
With iTunes 4.7, Apple changed it so that watermarked but unprotected files wouldn't play.
The solution? Remove the watermark.
By breaking the ability to use iTunes music fairly (for example, in a device other than an iPid), Apple essentially forced the authors of Hymn to make their software more suitable to piracy.
retrorocket.o not found, launch anyway?
Include with the CD a one-time-use download link for cell-phone ringtones.
Include with the CD a DVD of video clips.
Include with the CD a CD of watermarked MP3s, at high bitrate.
Include with every purchased CD a sticker of the band or whatever.
The question is, though, does the RIAA want to stop piracy, or does the RIAA want to sell more records? The RIAA should be concentrating more on the latter than the former, IMO. That's where the money is; it doesn't really matter from an economic standpoint how much piracy there is, as long as they are selling the records, however from a dogmatic and philosophical point of view RIAA is in the business of "protecting its product". Where portection equates to restriction on consumers, and they wonder why consumers don't buy as many CDs as they used to (not to mention the number of new CDs released is dramatically falling).
Assuming (and I wouldn't even dare to hazard whether this is or isn't so) it is illegal to acces iTunes with "unauthorized" software they'd need to have a log of _him_ connecting to the service. As for "breaching" his contract with iTunes, who says he actually engaged in one by making use of their services.
It's like someone built a very large wall with 1 door in it, offering a service to people who want to look at what's behind the wall and making those people use that door (i.e. Apple). Then someone else comes around, looks at the wall (or listens to stories of people describing the wall) and says: "Well, here is this periscope like contraption, that you can use to look over the wall if you should choose to."
But of course, IANAL.
"Stolen" is a strong word with specific legal meaning. If the sound originates from the game (and I'm not actually questioning it), I can readily see it as fair use, considering the related lawsuits and legal precedence, but I'm not a lawyer. Janet Jackson sampled my Mac system sound, and used it in one of her songs. My startup sound for the Mac was also used in the movie Jurassic Park (when they rebooted the park's computers).
Furthermore, if my ears are correct (and they usually are) one of the sounds in that game was "stolen" from Peter Gabriel.
If you weren't being so juvenile, you might be more persuasive. Try removing the hyperbole and begin using proper grammar.
You, alone, know the truth? Well, I'm responsible for Sosumi, the System 7 beeps, and the startup sound (which all remain in use today). I don't actually remember where or how I obtained the original sound. Most of them I created such as the startup sound and others, some I obtained such as the monkey sound that made by a friend's wife.
Personally, I felt having my startup sound used (or "stolen" in your words) by Steven Spielberg to be a form of flattery.
Are you a representative of Mr. Buckland? What is your interest in this matter? I'd like to hear from him instead.