Microsoft Windows Media Player Encryption Hacked

NubKnacker writes "Here we go again. The Register has the story about the encryption in Windows Media Player being hacked by DVD Jon. From the article: 'Jon Lech Johansen has reverse engineered a proprietary algorithm, which is used to wrap Media Player NSC files and ostensibly protect them from hackers sniffing for the media's source IP address, port or stream format. He has also made a decoder available." This has been pending for some time now. Do you see a reason to install Windows/WMP just to be able to view a webcast?"

And out come the lawyers

Thanks DVD Jon. Keep the interoperbility clause of the DMCA alive!

Re:And out come the lawyers

[ackthpt]

Thanks DVD Jon. Keep the interoperbility clause of the DMCA alive!

What's he got anyway, a red phone to the EFF? I certainly admire what he's doing, but you know he's not just knocking on the door asking for trouble, but banging with both fists.

i wonder if i can get this to fit on a t-shirt, like my DeCSS shirt...

Re:And out come the lawyers

[jav1231]

Since he's already won one case, he's got some precident on his side. Now they just seem to be leaving him alone.

Re:And out come the lawyers

[ackthpt]

Since he's already won one case, he's got some precident on his side. Now they just seem to be leaving him alone.

Could be, but this is Microsoft he's now diddling with. Their approach could be either Open the Bucket o' Lawyers or Come up with a new Windows Media format, ecoding, etc.

Some say as soon as someone figures out Microsoft's strategy, it will immediately be replaced by a new one even more confusing and inexplicable. Others say this has already happened.

Re:And out come the lawyers

Perhaps they'll try to extradite him like this guy: http://www.theglobeandmail.com/servlet/story/RTGAM .20050730.wxdope0730/BNStory/National/ This too involves a foreign national breaking US laws with/using the internet. Here there is no 'physical' object crossing the borders however.

Re:And out come the lawyers

[bobcat7677]

Bucket of Lawyers? I thought lawyers came in cans? Maybe it's a costco thing. Guess I need to get a costco card again...

Re:And out come the lawyers

[cbiltcliffe]

This guy used to live and have a "Pot store" in the city where I live.
While I don't agree with his views on dope, I think it's absolute bullshit that he should be arrested and sent off to a foreign country for breaking laws in a country he doesn't even live in. Everybody else around here seems to think the same thing.
If the US doesn't want people buying pot seeds over the internet, then make damn sure they're confiscated when they come across the border.
When are people in the US going to start being arrested and shipped off to China for not bowing to the emperor, or something stupid like that. The US would be up in arms if someone were to try to impose Chinese law on US citizens living in the US, so why the FSCK should we impose US law on a Canadian living in Canada?!

Sorry....I got more and more pissed off as I was typing that, which I'm sure you can see by the tone......

Re:And out come the lawyers

No, they come in shrinkwrap. You see, it is a little known fact, but EULAs are lawyer spawn.

It is no coincidence that if you cast a bunch of EULAs around, lawyers tend to proliferate at that location, and vice-versa.

Re:And out come the lawyers

[IdleTime]

MS can hire as many lawyers they want, not going to do them much good in the Norwegian justice system. Norway has a good, civilized and modern justice system that doesn't give corporations any more weight than regular Joe. Money is not going to buy them much in the Norwegian justice system, had we been talking about an American court, it would have been a different tune.

Re:And out come the lawyers

[BrainInAJar]

My guess is that since he was found innocent on the DeCSS case, people other than DVDjon are making this software and sending it to him to release

Re:And out come the lawyers

[Shakrai]

Norway has a good, civilized and modern justice system that doesn't give corporations any more weight than regular Joe.

Neither does the American justice system. If you have money you can hire good lawyers and generally make the process really painful for the other side -- but that doesn't have anything to do with being a corporation vs a human being. One individual with a ton of money can make your life a living hell via the legal system just as easily as a corporation can.

Re:And out come the lawyers

[speculatrix]

In another news flash,,, DVD Jon cracks ROT13, used by SCO to protect their secret sources.. Darl BigMac promises to sue.

Re:And out come the lawyers

[Kjella]

Neither does the American justice system. (...) One individual with a ton of money can make your life a living hell via the legal system just as easily as a corporation can.

Perhaps the GP should rephrase that as "that doesn't give the one with a ton of money more weight than regular Joe". DVD-Jon has been through our entire court system mostly on free legal representation, and while it has obviously taken a lot of his time he isn't bankrupted or anything. How expensive would it be to take a civil action all the way to the Supreme court if you aren't backed by the EFF or some other charitable contribution?

Kjella

Re:And out come the lawyers

he shouldnt be allowed to leech off of tax payers dollars for his legal needs, socialism is a BAD THING (TM)

Re:And out come the lawyers

Canada allowed the deportation. They obviously made that decision based on some evidence or the idea that something illegal was going on. Blame Canada for letting him go jackass and take responsibility for your own problems instead of trying the easy road and blaming them on everyone else.

Re:And out come the lawyers

[Alsee]

Bucket of Lawyers? I thought lawyers came in cans?

It's a Red state / Blue state thing. On farms every possible kind of crap gets hauled in buckets. In cities every possible kind of crap comes as canned goods.

-

Re:And out come the lawyers

[node+3]

So, when Ford deliberately killed people with the Pinto, it was sentenced to life in prison?

When Microsoft was convicted of a felony which adversely affected hundreds of millions of people, the case was dropped because MS is such an upstanding citizen which only committed the felony by accident, and will never do such a thing again?

Face it, the American system favors corporations over people far more often than the reverse. Two big factors in this are:

1. The corporation has all the rights of a citizen (under a completely deranged Supreme Court ruling long ago), yet aren't saddled with the obligations a private citizen has.

2. Certain economic ideologies (which the current administration has taken to an extreme) place the economy at the pinnacle of its earthly moral system, and so treat the corporation as something of a deity to be served by man, instead of being a system which exists solely to serve man.

Re:And out come the lawyers

[Quinn_Inuit]

I agree entirely. He has committed no crime in the U.S. If we sent troops to get him, that would be an act of war against a sovereign nation. If he has committed no crime in Canada, then Canada should stand by its citizen. A hypothetical problem for this approach is the person who stands in Canada and shoots someone in the U.S. In that case, the person has committed a crime in Canada, and the gov't would have legal grounds to grab him in the first place. Were Canada to refuse to prosecute, then I think a justifiable response would be a U.S. incursion into Canada to obtain the shooter, but only with the understanding that we would be committing an act of war. Of course, we could argue that Canada's condonation of the attack on the U.S. citizen was the initial act of war, but that obscure the main point, which is that such an incursion is not just an incitement to war, but an act thereof. Note that I said it would be justifiable. Not necessarily the appropriate thing to do, just justifiable.

Re:And out come the lawyers

[DavidTC]

What's going on in Canada is that no one will convict people of selling pot seeds. At all. It takes them five minutes to return 'not guilty'..

Jury nullification at its finest.

And they tend to vote against people who push those kinds of cases.

However, it remains illegal. And, because it is illegal, Canada can legally extradite who do it to other countries where it's illegal.

Look at that. Trans-national jury shopping!

You can Blame Canada(TM) but, the fault here is of the politician who thinks sucking up to the US is better than expressing the will of the Canadian people. Blaming the Canadians for this is like blaming Americans for Enron. Nope. It's their bought and sold elected officials.

However, those of us in the US, however, have no one to blame for our drug war but ourselves. Years of the system preaching about the evils of drugs and no politician can fix the drug war, not even ones who want to, because they will be called 'soft on crime' and voted out of office.

Re:And out come the lawyers

Norway do not extradite people to a country who have a more severe punishment than Norway. In any case Norway will NEVER extradite any norwegian citizen to USA or any other contry with "unhumane" prisions. In norway a prisoner gets a one man cell and can have a tv and a pc with him, it's more like a good hotel. The longest sentence in Norway today is 21 years in prison (murder), and usualy gets out in 14 years. Computer crime will just be a slap on the hand, maybe a couple of months for show. Most prisnor take extra education or some sort of job training when thry serve. if jon got a prison sentens, he would most likely only get more time to reverse engineer his next project.

Re:And out come the lawyers

[bhiestand]

I think you're missing the point.

As Americans, we value and respect freedom. We even encourage it! Its simply that, under our definitions, freedom ends where the moral beliefs of the most conservative person in a society begin.

In all seriousness, as much as I agree on his views on dope, smuggling goods into a country is illegal damned near everywhere. There are all sorts of international treaties for this. An american would get in trouble for constantly shipping porn into saudi arabia just as a canadian would get in trouble for shipping marijuana into america. A russian would also get in trouble for bringing radioactive material into the US. You can't simply say "Well, yes, he was trying to smuggle controlled substances into that country, but if that country didn't want them there, their customs service should have worked harder!"

Imagine if you caught me, an american, mailing all sorts of things that offend you into canada. Sure, I didn't cross the border with it, but I sure as hell did break canadian law! In fact, I'd be breaking american law, thanks to that little customs declaration form you have to fill out when you're mailing something.

Re:And out come the lawyers

Heh - last time I checked, the smuggler in that definition is the American client.

Canada, thankfully, also has a mechanism by which we can safeguard denizens of our country - we extradite, sure - unless we think the possible penalties in the foreign country are too harsh.

In that case we will often prevent extradition, or force concessions to not apply more punishment than Canadian justice.

In one landmark case, we refused to extradite an American landed immigrant for a crime he committed *in* the US. He had been caught en flagrante delecto with his then 17 y.o. boyfriend in New York(?) (perhaps it was NJ - it's been a while) state.

That activity is not a crime in Canada at all (unless you're the kid's teacher, or a cop or clergyman) - so even though he was American, the fact that he would face many, many years in prison in the US was enough for our courts to block his extradition.

There is a grass-roots campaign getting into full swing about this attempt at US leverage on our justice system - I wouldn't count on the US actually getting its hands on Mr. Emory. And even if they do, they may find that they had to accede to sentencing restrictions up front in order to make it all happen.

Why the US (as a Federal entity - there are some states with very realistic pot laws) is sooo anti-pot I will *never* understand.....

Re:And out come the lawyers

The deportation has not yet been allowed. It will be before the courts for quite some time, I would suspect.

Mr. Emory is literally known coast to coast in this country amongst the pot smoking set. I would not at all be surprised that up to 25% of Canadians have at least heard of him at one time or another.

Grass roots political support is on the upswing, and there will be a generous litigation fund to back it all, I have no doubt.

Guess I have to put my money where my mouth is - time to find the donation site (I've already signed one petition, and written a couple of letters to my MP and to our PM).

Re:And out come the lawyers

[Shakrai]

Perhaps the GP should rephrase that as "that doesn't give the one with a ton of money more weight than regular Joe". DVD-Jon has been through our entire court system mostly on free legal representation, and while it has obviously taken a lot of his time he isn't bankrupted or anything. How expensive would it be to take a civil action all the way to the Supreme court if you aren't backed by the EFF or some other charitable contribution?

Actually I tend to agree with the other reply to your post. In a civil action it's not the job of the taxpayers to provide you with legal services for free. In a criminal action it should be (if you can't afford them) because that's the state trying to convict you of something and take away your rights. But if I sue you because you are allegedly stealing my copyrighted works or even for the more mundane (you wrote me a bad check) why should taxpayers with no relation to the case pay for your defense?

What I think should happen (but I'm not holding my breath) in the United States would be for the loser in a civil case to have to pay reasonable attorney's fees to the winner. That is, if RIAA sues Grandma on the basis of an incorrect IP match, then they should have to pay her lawyer once it gets tossed out of court. Theorically the courts have the power to do this right now but it's pretty rarely done unless the case brought was way out of line.

Re:And out come the lawyers

[cfuse]

What's he got anyway, a red phone to the EFF?

It's the other way around: the EFF wait 'till it gets dark, then they shine a DVD logo on the clouds, which is DVD Jon's que to make evil DRM makers piss their pants with fear.

Re:And out come the lawyers

[cfuse]

Bucket of Lawyers? I thought lawyers came in cans?

Lawyers come in pipes, just like effluent does.

Re:And out come the lawyers

[cbiltcliffe]

An american would get in trouble for constantly shipping porn into saudi arabia just as a canadian would get in trouble for shipping marijuana into america.

If you, as an American, were to ship porn to Saudi Arabia, would you be ok with the US government shipping you off to the middle east to be stoned to death?

Somehow, I don't think you would. You'd be up in arms, rightly so, about how the porn is legal in your country, and if Saudi Arabia doesn't want it there, then be sure to stop it at the border.
It's not your responsibility to know what's legal/illegal in another country, unless you're actually visiting said country.
If a foreigner isn't supposed to ship legal-in-his-country-but-illegal-in-yours goods to your door, then the US customs, in theory, has no reason to exist.

Re:And out come the lawyers

[bhiestand]

I'll tackle your responses in order of most outrageous to least outrageous.

In fact, I'd be breaking american law, thanks to that little customs declaration form you have to fill out when you're mailing something.

I assure you we don't stone people to death here. If they were going to put me in jail for six months, it wouldn't surprise me if the US did send me. And I'd somewhat expect it. I mean, honestly, who doesn't know that it's illegal there? Who doesn't know that pot is a controlled substance in America? If it's being done as civil disobedience to try to get the law changed, don't whine about the fact that you get caught. Go to jail and let people feel sorry for you.

It's not your responsibility to know what's legal/illegal in another country

But my last sentence was "In fact, I'd be breaking american law, thanks to that little customs declaration form you have to fill out when you're mailing something."

There's a difference between not knowing what's legal in a country and knowing something is illegal in a country and trying to find ways around customs.

Now I don't remember from TFA, if the guy genuinely thought it was legal in the states, filled out the customs form saying "10 marijuna seeds" etc. then I don't think he should be in any trouble at all. If he knew, but figured mailing it would be safe as long as he lied on the customs labels, then yes, he broke laws. Sure, I think the laws are stupid and archane, but I don't want a precedent of "if it's a controlled substance you can just mail it here with impunity" to be set.

Re:And out come the lawyers

[cbiltcliffe]

In fact, I'd be breaking american law, thanks to that little customs declaration form you have to fill out when you're mailing something.

Whenever I've shipped something small by Canada Post to the US, I've never had to fill out a customs label. The only time we have to do that is if we're shipping by private courier company.

I don't know all the details of how he shipped his pot, but if it was mailed, he didn't declare anything, because he didn't have to, hence no Canadian laws were broken.

Since everywhere I've read about this says it was a "mail-order company", I'd guess he probably mailed them.

As soon as I can figure this out..

[ackthpt]

I may use it, but I'm usually only watching Windows media stuff when I have little other choice.

Previous link Linus on /. is interesting.

>Linus Torvalds in a recent LKML posting:

Gaah. I don't tend to bother about slashdot, because quite frankly, the whole _point_ of slashdot is to have this big public wanking session with people getting together and making their own "insightful" comment on any random topic, whether they know anything about it or not.

Quoted for truth.

Linus is a good guy, but in this instance I metamoderate him over the head with a rancid carp.

Re:As soon as I can figure this out..

[Astrorunner]

Linus: You know, before I answer any more questions there's something I wanted to say. Having received all your letters over the years, and I've spoken to many of you, and some of you have traveled... y'know... hundreds of miles to be here, I'd just like to say... GET A LIFE, will you people? I mean, for crying out loud, it's just an operating system! I mean, look at you, look at the way you're dressed! You've turned an enjoyable little job, that I did as a lark for a few years, into a COLOSSAL WASTE OF TIME!

[ a crowd of shocked and dismayed slashdotters.... ]

I mean, how old are you people? What have you done with yourselves?

[ to CmdrTaco ] You, you must be almost 30... have you ever kissed a girl?

[ CmdrTaco hangs his head ]

Re:As soon as I can figure this out..

[ackthpt]

[ to CmdrTaco ] You, you must be almost 30... have you ever kissed a girl?

Actually, I think he's the only one who has...

Re:As soon as I can figure this out..

[gardyloo]

Linus is a good guy, but in this instance I metamoderate him over the head with a rancid carp.

      Gah! Every noob knows that a four-day-old trout is MUCH better for metamoderation!

Re:As soon as I can figure this out..

http://groups.google.com/group/linux.kernel/msg/c3 5a4b9879f591d6?hl=en&

Re:As soon as I can figure this out..

[evilviper]

[ to CmdrTaco ] You, you must be almost 30... have you ever kissed a girl?

Well, he's maried... So no.

Re:As soon as I can figure this out..

Linus is a good guy, but in this instance I metamoderate him over the head with a rancid carp.

Yes, but is he wrong?

Re:As soon as I can figure this out..

[ackthpt]

(USENET link to full article)

Oh, sure! Put it into context, just when we're metadmoderating with dead fish (and just before we get around to the lutefisk!) You trouble maker!

honestly, I do hope Linus sees this ;-)

Re:As soon as I can figure this out..

[Nimey]

Are you saying he's wrong?

Re:As soon as I can figure this out..

[ackthpt]

Linus is a good guy, but in this instance I metamoderate him over the head with a rancid carp.

Yes, but is he wrong?

Ok, you're posting as an AC so I can't see your history of postings and moderation, but I've been clubbed like a baby harp seal by negative mods when not only have I been right, but informative or even insightful, simply for the fact that someone disagreed with me. I've also seen outright fabrications moderated up to +5 informative.

One enduring legacy of /. is that it's another democracy (kinda-sorta, with the heavy hand of the owners getting in now and then) and not much gets in the way of a good drubbing with a dead fish, deserved or not. ;-)

Re:As soon as I can figure this out..

[Afrosheen]

Hahaha, nice Shatner rip. What movie was that from? Or was that from a Saturday Night Live skit?

Re:As soon as I can figure this out..

Here's a photo of his wife:

http://www.fent.net/Halloween-2004/Halloween-2004- Images/8.jpg

Re:As soon as I can figure this out..

[SilverSun]

And he went on:

And don't get me wrong - I follow slashdot too, exactly because it's fun
to see people argue. I'm not complaining


He is so right.

Re:As soon as I can figure this out..

[extrasolar]

Why is kissing a girl so important? It is wise to question our assumptions.

Re:As soon as I can figure this out..

[ackthpt]

Hahaha, nice Shatner rip. What movie was that from? Or was that from a Saturday Night Live skit?

SNL, back in the 80's IIRC. Some guy comes out whispers in his ear and points very deliberately at something which looks like a contract. Shatner then says something to the effect of it was an example of when his mind was controlled by some creatures of some planet and then will happily sign anything they've brought and regale the convention with more Star Trek tales of adventure. It was pretty funny and I only saw it the once, the original showing.

Re:As soon as I can figure this out..

gaaaaaaaaayyyyy...

Re:As soon as I can figure this out..

[networkBoy]

<quote>And he went on:

And don't get me wrong - I follow slashdot too, exactly because it's fun
to see people argue. I'm not complaining


He is so right. </quote>

<self fulfilling prophecy>
You sack of shite, how dare you say that I argue too much, it's just because you're jealous of me isn't it?
That and you want to be a better at "in Soviet Korea grammar nazis fun make of you with Beowulf clusters" jokes than me too eh?
</self fulfilling prophecy>

<note to mods>
Be gentile. . . . please
</note to mods>

Re:As soon as I can figure this out..

[Master+of+Transhuman]

No, a can of sardines which is supposed to only be used for trading.

(old joke)

Re:As soon as I can figure this out..

kinda reminds me of the time linus won the super bowl all by himself:

http://leroybrown.com/torvalds/linussb.html

Re:As soon as I can figure this out..

[GPLDAN]

Turns out.... Kathleen was his laptop.

Re:As soon as I can figure this out..

[AdamWeeden]

Be gentile

I'm Jewish you insensitive clod!

Re:As soon as I can figure this out..

[Hosiah]

I metamoderate him over the head with a rancid carp

Actually, if Linus Torvalds says I'm publicly wanking, then that's probably what I'm doing. It's just kind of difficult not to break stroke when I'm looking at phrases like "rancid carp".

Re:As soon as I can figure this out..

[empaler]

Nonono, he's sensitive metrosexual...

*snigger*

Re:As soon as I can figure this out..

[empaler]

O you who turn the wheel and look to windward...

Sorry, that word always brings back that one...

Re:As soon as I can figure this out..

[afidel]

Funniest thing I have read in a LONG time. I literally spit popcorn all over my monitor. Kuddos =)

Re:As soon as I can figure this out..

[Feztaa]

If you've done it, you'd know why.

Re:As soon as I can figure this out..

[extrasolar]

Come on guy, think about it for a second next time. Then post. Things go more smoothly when you do it in that order.

Yeah!

[Deanasc]

Is there anything DVD Jon can't do?

Re:Yeah!

[Pyrowolf]

... get a job from any reputable company, unfortunately. Someone as resourceful as Jon, if given an opportunity, could be priceless.

Re:Yeah!

[Deanasc]

I'm sure that when he's old enough to sign a contract he'll have job offers. Maybe not from Microsoft but from some small company who wants to become the next Microsoft.

Re:Yeah!

crack Janus.

I'd love to be able to use the Unlimited part of my Yahoo unlimted account to actually play wma files on my portable, which plays wma file, but did not cost enough to be "playsForSure" compatible..... I'm not looking to steal music. I have a shitload already, all legal. I'd love to be able to use the subscription without the hardware being dictated to me... Hey, Jon.... how about a way to do this bud? I'm waiting.

Re:Yeah!

[lou2ser]

According to his wikipedia page, he's currently 22 years old.

http://en.wikipedia.org/wiki/Jon_Johansen

Re:Yeah!

[Saeed+al-Sahaf]

...And living with mom and dad in true geek style!

Re:Yeah!

[psetzer]

Prove the Church-Turing Hypothesis.

Re:Yeah!

[Master+of+Transhuman]

Make Windows worth a shit.

Re:Yeah!

[courtarro]

That's a negatory good buddy. According to your link, he's currently 21, ready to celebrate the completion of his 22nd year in mid-November.

Re:Yeah!

[Deanasc]

I had it in my head he was still 16. I guess that was a few years ago.

Why this happens

[sdirrim]

You know, this only happens because Microsoft is the industry standard. Imagine a world where there are competitive OS and software markets, with no Internet Explorer phenomenon. You wouldn't get this, because developers would actually try to create secure programs. Instead, Microsoft takes programs that are more or less comparable, and incorporates them into it's products, thus killing any competition for that program! (Read: Excel and Lotus 1-2-3)

Re:Why this happens

[Iphtashu+Fitz]

You know, this only happens because Microsoft is the industry standard

Microsoft is the "industry standard" only because they are big & powerful & have the ability to force others to do things their way. Standards are based upon community support. What DVD Jon is doing is showing that there's little community support for Microsofts so-called "standards".

Re:Why this happens

[ScrewMaster]

To paraphrase Jack Handy: "I can imagine a world with out DRM, without corrupted standards, without proprietary formats ... and then I can imagine Microsoft attacking that world, because they'd never see it coming."

Re:Why this happens

[bedroll]

Congratulations, you have a new sig.

Re:Why this happens

[Master+of+Transhuman]

Or to paraphrase Dr. Noah (or Bill Gates):

"I can imagine a world without DRM, without corrupted standards, without proprietary formats ..."

"Q: You are for all that?"

"A: No, no, I'm against all that!"

Re:Why this happens

[4of12]

Standards are based upon community support.

Or acquiescence, as the case may be.

Re:Why this happens

[h4rm0ny]

No, what DVD Jon is doing, is helping make Microsoft proprietary protocols and formats become the standard. The true form of resistance to this would be to not use it and compete with a different format.

No offense to him intended - what he's doing has merit, and breaking the DVD encryption was a favour to everyone. But the wider implications of this particular effort should be at least considered,

Re:Why this happens

[Hosiah]

Microsoft is the industry standard.

"Industry standard" is an interesting way to pronounce "global monopolizing monomaniacal bully".

We were just talking about this a few posted storys back: http://linux.slashdot.org/article.pl?sid=05/09/01/ 2047253&tid=109&tid=106 when I said that Microsoft didn't need to take an active role in cross-platform compatibility, if only it would just stop obstructing it, spoiling the whole computer experience even for people who don't use Microsoft. Watch, MS will go after this with it's characteristic Mafia-thug club. And this is just so the rest of the world can *deal* with it's file formats shoved in the public's face.

Re:Why this happens

[ScrewMaster]

Yes, and I wouldn't be surprised if this is just a tactic to get a better deal from Microsoft.

nscdec.c

[coolnicks]

http://nanocrew.net/software/nscdec.c

"VLC should have NSC support in the near future."

Re:nscdec.c

http://nanocrew.net/software/nscdec.c "VLC should have NSC support in the near future."

Yess... anyone who reads TFA woule have no trouble finding this... why the post?

Re:nscdec.c

[MoonBuggy]

What I want to know is when VLC's going to get WMV3 (aka Windows Media Player 9) codec support on non-windows platforms. Our good friend Jon demonstrated it in November 2004, yet playing those files on a Mac was, for a long time, impossible and even now requires a paid for Quicktime plugin (only $10 or so, but even that took it's own sweet time to be released).

Re:nscdec.c

His latest post has instructions on how to compile VLC with WMV3 support.

Re:nscdec.c

[MoonBuggy]

I stand corrected - time to try it then :)

Re:nscdec.c

[aichpvee]

Karma whoring, what else? And look, it worked! You think it'll work for me too:

Download: nscdec.c (MD5: 7c81ca49bc68c2b8671d00f0cdf960e3)

Let the best player win!

[RUFFyamahaRYDER]

FTFA - "It's more likely that the purpose is to prevent competing media players from supporting the NSC format," he observed.

Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!

Re:Let the best player win!

[ackthpt]

Exactly right... Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win? Argh!

Ok, maybe I'm just stupid ignorant, but I haven't found a way to record Windows Media streams to my HD to watch again later. Maybe it's there and I'm such a git I can't find it. But if it's not there, maybe one reason why is to prevent people from doing that very thing. Nothing like a proprietary format to ensure you only get to see what the provider wants you to see and when they want to make it available to you.

Re:Let the best player win!

[derflammenhund]

best player win, eh

Well, see microsoft doesn't care about any of that there or whatever you want to say. Best player for windows is obviously windows media player!

Best player for the mac is obviously windows media player! except for that horribly slow, completely unable to scrub through videos, and it only makes the WMV3 codec available to itself... those are good features, right?

(i'm sick of not being able to trash wmp and run with mplayer alone)

Re:Let the best player win!

Downloading:
  SDP Downloader
  CoCSoft Stream Down

Cutting editing/encoding:
  Asfbin
  VirtualDub 1.4c-asf

Happy Googling.

Re:Let the best player win!

if your talking about mms:// streams http://packages.debian.org/unstable/net/mimms will do that. i normaly use it to record from xfm.co.uk and steal music when i cant be botherd to pay for the album or when there is no album out yet.

Re:Let the best player win!

[nmb3000]

Ok, maybe I'm just stupid ignorant, but I haven't found a way to record Windows Media streams to my HD to watch again later

It can be a pain sometimes depending on what kind of security and encryption they are trying to use, but basic MMS (WMV, ASF) streams can be captured with SDP (free! OSS!).

I've used it a few times with varying success. I'd give it (in the last 2 years or so) about a 75% chance of success.

Re:Let the best player win!

[stoborrobots]

$ mplayer -streamdump -streamfile fun.wmv mms://server.domain.example.com/path/fun.wmv

Re:Let the best player win!

[FlynnMP3]

"... a way to record Windows Media streams to my HD to watch again later."

1) Get Firefox & use it.
2) Goto menu item Tools
3) Select Options...
4) Select Downloads
5) Click on "Ask me where to save every file" in the Download Folder section.
5) Click on the Plug-Ins button (in the File Types section)
6) Find the extension of the movie and click on the checkmark to disable browser support for that extension.
7) Click ok a few times to get out of Options.
8) View source on the page where the video is that you want to save (or do this before step 2).
9) Search for SRC and repeat the search till you find the URL of the movie. (ditto)
10) Highlight and copy the URL from the source. (ditto again)
11) Open a new tab and paste the copied URL. Press ENTER or click on Go.
12) Firefox will bring up a dialog of what you can do with the file. One of the options is to save.

There are easier ways to save the file. Having a program intercept a URL click if it has a certain extension (http://www.xi-soft.com/default.htm) and other ways. If you savvy (or want to learn) about web source code, then this way works perfectly fine.

-FlynnMP3

Re:Let the best player win!

[Jesus_666]

...And it doesn't understand AVI, and it doesn't understand anything else except for pure WMV3 files (at least it doesn't on my iBook)...

Yay for the great Windows Media Player! (Well, it does do what it says on the label...)

Re:Let the best player win!

[kleinux]

To simplify a little you can usually save embedded media in Firefox with Tools|Page Info|Media. There you will see a list of all embedded media on the page. In this you will usually find the url of the video and you can press save on that line. This will sometimes produce an empty file, but works most of the time.

This is how I view most embedded media when at home under Linux.

Re:Let the best player win!

[Dolda2000]

Why don't they just leave this kind of thing open for everyone to impliment with their own player and let the best player win?

Because they'd lose?

Re:Let the best player win!

[assassinator42]

For windows, WM Recorder is the best I've used. It monitors using wincap I believe, grabs the url that WMP is streaming, and connects itself and saves it. Thus you can close the media player while it downloads.

Re:Let the best player win!

[M1000]

firefox: crtl-i (page info window).
select the media tab, select the file, click save as...

Re:Let the best player win!

[Feztaa]

I always hated 12-step programs.

1) Tools->Page Info
2) click "Media" tab
3) Scroll through list of the media until you find the one you're looking for
4) select it and click "save as"

Now you have a video file saved that you can open with whatever you want.

an added bonus!!!

[jshaped]

"Do you see a reason to install Windows/WMP just to be able to view a webcast?"

Well sure!!!
But I've already installed Windows for its lovely properties of stability, speed, and beauty.

Re:an added bonus!!!

[PeteDotNu]

But is this really sarcastic?

I've just upgraded to a 19" LCD monitor at home. Comparing Windows 2000 (well, it's Windows XP, but with the old theme) to GNOME, I have to admit that Windows looks more elegant.

Also, as far as speed goes, the Windows GUI does seem to be faster (though the OS itself takes a fortnight to boot because of the anti-virus and firewall required, so GNU/Linux scores an equaliser).

Stability? Yeah, okay, GNU/Linux wins. And also on security, usability, features and TCO.

Re:an added bonus!!!

[jshaped]

Yes, it is sarcastic.

Re:an added bonus!!!

[Master+of+Transhuman]

You forgot Windows premier attraction: security!

Re:an added bonus!!!

[Master+of+Transhuman]

"Comparing Windows...to GNOME, I have to admit that Windows looks more elegant."

That was your first mistake - comparing it to GNOME.

GNOME is UGLY-FUGLY. That's one reason I use KDE - and one reason why TUX Magazine says people prefer KDE over GNOME three to one.

Re:an added bonus!!!

there is no way that gnome is as ugly as your face.
btw, kde is for fags. i hope u like it in the ass!

Re:an added bonus!!!

[h4rm0ny]

I realize this is anecdote vs. anecdote, but I'm using KDE here and I find it no different to Windows XP in terms of speed. In fact, the Kubuntu system I'm on at the moment is actually on a slightly lower spec.

But then both systems have reached the point where the GUI works as quickly as I do, so improvement past that point is invisible.

I love this guy

[roynux]

I can't say how much I love this guy.
Not because I will use his hack to play encrypted content, but just to show everyone that DRM is used to lock the users, not the data.

Re:why did he do this ??? :-(

[yfkar]

For us who don't want to install an entire OS just to be able to see a video, this is a great day.

Uh-oh!!!

[Pig+Hogger]

Expect some Louisiana military relief effort units to be redeployed soon to Norway, for a Search-and-Destroy operation aimed at Jon!!!

Re:Uh-oh!!!

[HermanAB]

Nope, Jon is safe. The US military is occupied in Luisiana.

Re:Uh-oh!!!

[Reducer2001]

...and Iraq, and Afghanistan...

Re:Uh-oh!!!

[Zemplar]

Don't tell me, another search for WMDs [Windows Media Decoders]?

Re:Uh-oh!!!

Right after they are done at Iraq, which would be about never.

Bring on the MS shills.

[Lellor]

If Microsoft, the MPAA, and other corporations don't want their systems hacked, they must make sure that there is a way to play the content on alternative systems easily. Vendor lock in is not acceptable and the people have spoken. Linux (and other non-MS OS) users should not be forced to run Windows to play DVDs or ASFs or whatever. That is all.

Re:Bring on the MS shills.

[goldspider]

What separates a "shill" from somebody who simply prefers Windows?

And why don't I hear anything about Linux "shills" here on Slashdot?

Just because you disagree with them, doesn't mean their comments should be utterly dismissed... unless of course you're not really interested in having a debate.

Re:Bring on the MS shills.

[mengel]

The implication is that a shill is payed money or employed to pipe up a the appropriate time with the appropriate response, or is otherwise in cahoots with the stage magician, three-card-monty dealer, con man, used car salseman, or other such person who employs a shill.

So the reason that you don't hear about Linux "shills" is that there isn't any money to pay them [in the minds of those people who think people are being payed by Microsoft...].

Of course, in actuality, organizations like Red Hat, SuSE, and the Free Software Foundation are every bit as capable of employing a shill as Microsoft is; as to whether any of those organizations actually do so, I will leave you to decide for yourself.

Re:Bring on the MS shills.

[dgatwood]

What separates a "shill" from somebody who simply prefers Windows?

What's the difference between the pope and the Easter Bunny?

Re:Bring on the MS shills.

[DigitalJeremy]

Re: sig - "Support Western separatism"?? That has to be the most UN-Canadian thing I've ever heard...there's always France!! If you really want seperatism...separate yourself from Canada.

Re:Bring on the MS shills.

[DickBreath]

Instead of shills, let me talk about advocates.

As a Linux advocate, I am interested in promoting Linux. I don't care what Microsoft does, as long as it doesn't affect me. I am not interested in restricting what Windows users are able to do.

I find it interesting that Microsoft advocates, as well as Microsoft itself, finds it necessary to attempt to foreclose any opportunities for Linux or FOSS in general to advance.

I am always astonished by this when I talk with Windows zealots.

I don't begrudge them being able to run whatever software they want. They can believe whatever they want. Run whatever they want. But they feel it necessary to support every effort by Microsoft to prevent me from running whatever I want to run.

And then, ironically, those very same Windows advocates are always the biggest software pirates I know.

Why does it so deeply trouble them that I only run Linux at home? Why does it so deeply trouble them that now I might be able to access some media streams that I could not formerly access?

Re:Bring on the MS shills.

The word is "paid".

Re:Bring on the MS shills.

Don't be a cock!

Re:Bring on the MS shills.

[Trepalium]

And why don't I hear anything about Linux "shills" here on Slashdot?

You have. Only they're typically called Linux zealots. Both terms are horribly overused. Someone praises Microsoft or criticises Linux, no matter how lightly, and they're called a Microsoft shill. If they do the opposite, they get called a zealot. I've read articles where the author has been called both on the same story. It was rather amusing.

Re:Bring on the MS shills.

[Feztaa]

The Easter Bunny gives me candy.

Cool but not super cool

[Psionicist]

What this does is simply to take one of those files with meta info about a stream and translate it to a human readable format. The meta file looks like this:

[Address]
Time To Live=0x00000002
URL=023m000000001WQ01q07G0S00w02y 0Bm1Z06y0P01b06C0Sm0k06q0QG1Z0780Rm1p06y0PW
1q02u 0Om1l06q0Bm1f07C0OG1m06a0Bm1j0700TG1m06S0SW1X06G0P G0k06G0R01i0000
Player Version=020m000000000MD00k0300BW0n02u0Cm0u03K0C000 00
NSC Format Version=029G0000000008Cm0k0300000
Channel Version=0x00000083
Name=026G000000000UKW1b06m0QG1 X06C0OG1p07G0KW1X06G0QG1l0000
IP Address=02EG000000000KCW0p03C0BW0p02u0Cm0k0340000
IP Port=0x00000457
Delivery Mode=0x00000002

The utility translates it to this:

[Address]
Time To Live=64
URL= /media/files/Cisco.asx
Name= Demonstration Content
IP Address=169.254.10.1
IP Port=22593

So you can grab the stream without using the MS program and netstat.

The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.

Re:Cool but not super cool

[Tackhead]

> So you can grab the stream without using the MS program and netstat.
>
> The utility is more like a utility like base64 decoders (this is not base64 though) than a circumventing tool.

Something like it would, however, make a damn nice Firefox plugin.

It's grown particularly galling during the Katrina disaster - if you're a TV station, and you're putting up a 2-minute clip of a news article or interview that you broadcast a few hours ago, why in God's name are you making us re-download it every time we want to view it?

Your servers are half melted down due to Slashdotting, your bandwidth costs are through the roof. If you must use a proprietary video format (seriously, if you're scared people won't be able to get the XVID codec, what's wrong with good old MPEG?), at least let us download the damn thing.

You stream live content. You download static content. Is the difference that hard to understand? Or is it that news broa-buffering-dcasters hav-buffering-e a strange sexual fetish for buf-buffering-fering?

Re:Cool but not super cool

Nope, it's their utter ignorance that only page view counts matter. Especially for advertising.

Re:Cool but not super cool

[Derek+Pomery]

I'm a little confused. Why would a Firefox plugin be needed to allow you to save streaming content?
mplayerplug-in already has the option to save everything it views to a directory you specify
${HOME}/Desktop/mplayer_downloads for example.
I'm pretty sure it does this whether the file was streamed to the player or pointed to the player by Mozilla.

Re:Cool but not super cool

[d34thm0nk3y]

Correction:

Nope, it's their utter ignorance that only ad view counts matter. Especially for advertising.

Re:Cool but not super cool

[StormReaver]

"...your bandwidth costs are through the roof."

Probably not. Most places that big, at least in the States, pay a fixed (but large) monthly fee for unmetered broadband and guaranteed throughput.

Re:Cool but not super cool

[damiam]

what's wrong with good old MPEG?

It's huge amd hard to stream. Quicktime MP4 would probably be a better choice.

Re:Cool but not super cool

[infestedsenses]

The main reason is that they want the viewer to see the film as soon as possible after clicking without having to wait too long. It's all about interaction and on-the-fly functionality. Technologies such as AJAX have their foundations on this principle.

Streaming formats start playing right away (after shortly buffering) and continue to download while the user is already viewing the film. IIRC, for AVI files (because you mentioned xvid) you need to have the complete file to view it. MPG can be viewed without being complete but I don't know enough about it to comment on its streaming capabilites. The Quicktime format seems to have a nice combination of both streaming capabilites and downloadability. Any open source alternatives that behave like this?

I can understand the motivation for streaming content on news sites, trying to be at the bleeding edge, getting the information to you faster, faster, faster. It also works in favor of the viewer: why would I want to wait ages when I am worried sick and want to see what is going on in the area my relatives are currently in (e.g. Katrina disaster)? It's also a way to simplify your site... just click and watch, saves you the hassle of having to choose a download folder, navigating to it, opening it in your player of choice and deleting it afterwards. 4 steps or 1 click?

Re:Cool but not super cool

[larytet]

a question - how can i open that "watch" links on CNN.com ? they look like JavaScript links. how can i fetch URL and download the content ? i will greatly appreciate any link to useful tutorial. i filled the support form on CNN.com website where i ask to change format from streaming to downloading of nonDRMed files and suggest OGG Vorbis or AVI, but my uneducated guess is that they are going to ignore it. hack remains the only option. i think i am able to compile VLC on my machine.

Re:Cool but not super cool

[larytet]

ok. i figured this out let's say that JS argumet on the page is /video/us/2005/09/03/koinange.convention.center.la test.cnn the link to ASX is http://dynamic.cnn.com/apps/tp/video/us/2005/09/03 /koinange.convention.center.latest.cnn/video.ws.as x add URL http://dynamic.cnn.com/apps/tp/ and filename video.ws.asx script for GreaseMonkey is one the way

Re:Cool but not super cool

[larytet]

i wrote JS script to solve the problem with CNN media links see instructions here (requiers GreaeMonkey extension and firefox) http://larytet.sourceforge.net/howto.shtml

Best known export!

[firepacket]

Article from theregister.com
Norway's best known IT export, DVD Jon...

Awsome. I didnt know they were exporting those. I wonder how high they tax. I want one.

Re:Best known export!

[harmonica]

Awsome. I didnt know they were exporting those. I wonder how high they tax. I want one.

While you're at it, also try their salmon.

Re:Best known export!

[billybob2001]

He's Region 2 only - is that ok with you?

Re:Best known export!

[flutkatastrophe]

DVD Jon

A toilet that plays DVD's????

Re:Best known export!

No, that would be the MPAA.

Re:Best known export!

[WormholeFiend]

Now I know what coffee jetting through the nose feels like.

Re:Best known export!

[KillShill]

you have to pay a levy to the RIAA/MPAA in case you copy DVDJon.

Re:Best known export!

No worrys... Once you own your own DVD Jon, he will crack his own region code for you.

Is it really needed ?

[dandraka]

What I understand from the article is that the actual video stream isn't protected; what's encrypted is the server/file location and (perhaps) a username/password.

Is it really so ? Or have I missed something ?

Re:Is it really needed ?

[firepacket]

What I understand from the article is that the actual video stream isn't protected; what's encrypted is the server/file location and (perhaps) a username/password.

Is it really so ? Or have I missed something ? This is exactly the case. And because the address and port are so easy to find through netstat, "It's more likely that the purpose is to prevent competing media players from supporting the NSC format,"

Re:Is it really needed ?

And also enables 3rd party programs like Windows Media Recorder to profit their manufacturers.

Re:why did he do this ??? :-(

[I_Want_This_ID]

Why? All encryption mechanisms (save quantum) can and will eventually be defeated. This has been known for quite some time. Why does this make it a sad day ?

Imagination run wild...

Girl in the wild west: "DVD Jon, you're my hero!"
DVD Jon (disguised as the Lone Ranger): "Stay here, it's not over yet" (gets out revolver)

Man, I need to stop watching TV...

Re:Imagination run wild...

[Stalemate]

Man, I need to stop watching TV...

I misread your comment as saying something about "Girls gone wild" so that makes 2 of us.

Re:why did he do this ??? :-(

[LiquidCoooled]

It doesn't make any difference which OS you watch it in nowadays, in this version Greedo still shoots first :(

Windows....

[zappepcs]

Personally, if I have to load MS products to view, read, hear, or use something, then I will never view, read, hear, or use that data... period!

If DVD John can crack it, then it wasn't secure in the first place. In my opinion, DVD-J is making the world more secure by showing people that their encryption sucks. Go John go...

Re:Windows....

Congratulations. You define the term slashbot.

Re:Windows....

[Flamesplash]

Personally, if I have to load MS products to view, read, hear, or use something, then I will never view, read, hear, or use that data... period!


So you choose your information based on the format not the content. interesting, do you also only watch one News station?

If DVD John can crack it, then it wasn't secure in the first place.

So just because one guy in the entire world of 7 Billion could crack it makes it insecure? I'm pretty sure it will provide the service MS wanted it too despite this release.

Re:Windows....

[hobbit126]

So just because one guy in the entire world of 7 Billion could crack it makes it insecure? Yes. If it were secure, no one could crack it. Because it can be cracked it is not secure. This isn't a very difficult thing to understand. There's no grey area in security.

Re:Windows....

"In my opinion, DVD-J ..."

I think you will find that its DVD+J

- humble AC

Re:Windows....

[ikegami]

If DVD John can crack it, then it wasn't secure in the first place.

He didn't actually break any security. Even if MS has used the best encryption in the world and had implemented it perfectly, DVD John could have created this tool.

For Media Player to read the file, it needs to decrypt it. By necessity, that means both the decryption algorithm and the key with the decryption algorithm are located in Media Player. It's just a question of finding the algorith and where the key is stored. There are no secrets, so the algorithm does not need to be broken, and the key does not need to be brute-forced.

That's where "Secure Computing" comes into play. It tries to prevent you from seeing the files containing the algorithm and/or the key. Fortunately, this does not exist yet.

Re:Windows....

[Randall311]

Good point. I think that not gathering information soley because the media format requires a particular product is a dumb idea. Not having access to that product is one thing, but refusing to use it simply because it's by Microsoft is idiotic. --Shane what's up buddy! Group64 misses you.

Re:Windows....

[naph]

don't ya think that maybe in the same way that the RIAA and co's efforts to crush P2P apps has forced their development to become increasingly sophisticated, and increasingly hard to shut down... that constantly cracking DRM and encryption is going to force companies trying to protect their content to go to more and more extreme lengths? so ultimately the efforts to circumvent DRM will only force to to learn and adapt and get uncrackable.

i'm not saying people shouldn't be trying to crack these if they really are insecure... i'm just sayin... :P

Re:Windows....

[h4rm0ny]

Well, I'm not the OP but two things to consider:

1. If one person out of seven billion cracks it, then seven billion people can access it - e.g. DVD Jon cracks DVD encryption and now we all watch DVDs on our PCs.

2. Refusing to use Microsoft-only formats/protocols to recieve media sends a strong message to the media provider that they should offer something else if they want his attention. This works for news-outlets and entertainment,

If you're suggesting that he is seriously impairing his learning or life-quality by cutting off these sources, then that would be a counter-point to point two. But I think it's unlikely that he can't get the same information or entertainment elsewhere.

Re:Windows....

[brinticus]

Your point that DVD-John is showing the limitations of the short life of encryption is exactly why I think we should praise, not condem him (and others of his ilk). Good insight, and it's exactly what I would have posted if you hadn't.

~brinticus

Re:Windows....

[jlc46]

you CAN'T make multimedia secure. The USER has to be able to view it, which means that you have to provide the user with a player to view it, and the key must be either in the player, or a way to get the key must be in the player. Either way you can reverse engineer the method, and decrypt the file, even if your encryption method is secure.

You can't have it both ways, you can't both let the user view the data while keeping the data secure from copying, at least not in a method that is safe from the most simple cracking.

Of course in this case it wasn't about securing the content, but the same principles apply.

Re:Windows....

[arminw]

.....and get uncrackable....

If it can be watched/listened to, it will ALWAYS be crackable at least until they put DRM chips in the speakers and displays. At some point the content has to be available to the human senses and therefore accessible to be copied. Maybe the copies won't be perfect, but they should be good enough to tell if the content is worth paying for in a higher quality. Watch and listen to the stuff and if it is garbage (mostly true) erase it again. If it great stuff, worth keeping, then it may be worthwile to pay for it.

Poor Linus

[TubeSteak]

/me puts on a flame suit

Maybe Linus is just bitter cause he doesn't have a low UID

Re:Poor Linus

[mce]

Speaking as someone who does have a low UID: in general he's right in his opinion of /.

/me has been asbestised long ago, so...

Re:Poor Linus

[DataPath]

low UIDs are overrated.

Re:Poor Linus

[BrainInAJar]

And you can buy them on ebay

MOD PARENT FUNNY!

[Spy+der+Mann]

It's times like this when I wish there was a "+1, sarcastic" rating.

Re:MOD PARENT FUNNY!

['nother+poster]

Yes. And a "+2, Irony Rocks!" would be a nice one on rare occasions.

Re:MOD PARENT FUNNY!

[shut_up_man]

There might have to be a "-1 sarcastic" rating as well...

Re:MOD PARENT FUNNY!

[chucks86]

+400(lb) Comic-book Guy.

Re:why did he do this ??? :-(

[James_Aguilar]

Then you should know that any encryption which can be broken like this is really not worth appreciating.

What a shameful tabloid-press like headline

[flowerp]

A correct headline would have been:

Proprietary encoding of Media Player Broadcast definition files successfully reverse engineered.

The problem is, no one really makes use of NSC files anyway. Most streaming media is still done as simulcast, not as multicast.

Re:What a shameful tabloid-press like headline

[Spy+der+Mann]

A correct headline would have been:

Proprietary encoding of Media Player Broadcast definition files successfully reverse engineered.

Helloooo, this is Slashdot. Such a headline would've NEVER been published.

Re:What a shameful tabloid-press like headline

Helloooo, this is Slashdot. Such a headline would've NEVER been published.

Well, maybe only once.

Hire him

[bahwi]

I think Microsoft should just hire DVD Jon and whoever else and have him write the algorithms and encryption. I know it's counterproductive, and I know he would probably oppose it, but throw enough money under there and most morals head out the door. DRM is coming, and if this guy is going to keep cracking them, you're gonna need someone better than him to write it, or get him so he'll be on their side.

Ah well, until then, what's the next one for him to hack? Can't be too far off now.

Re:Hire him

[bersl2]

Shhhhhhh! Don't give them ideas!

Re:Hire him

Taking something apart is much easier than building a good system. Besides, that kind of obfuscated file took how long to reverse? How long do you think it would take to impliment it in the first place? Reversing something is usually a much longer process than the actual construction of the algorithm. Just because he's good at reversing doesn't mean that he knows shit about putting together a good algorithm. Heck, if he's that good he'll just continually dismiss anything that he tries to make because "I can beat this". Even if he comes up with something that he would find difficult to reverse, it's all a question of perspective and eventually someone out there will make short (or long) work out of it.

Re:Hire him

[bahwi]

That's ok, Hire him to break it in the private sector not the public sector.

Re:Hire him

Yeah, that's what happened to Eight-Track Eddie. You don't hear anything about HIM anymore!

Re:Hire him

[daserver]

Well since DRM is by design broken it wouldn't matter much. More info here: http://www.craphound.com/msftdrm.txt

Re:Hire him

[Alsee]

I think Microsoft should just hire DVD Jon and whoever else and have him write the algorithms and encryption.

The "problem" is that DRM is not actually encryption, it's obfuscation. You are GIVING people the encrypted content, you are GIVING people the decryption algorithm, and you are GIVING people any keys required. If you didn't then they wouldn't be able to view it at all.

Hiring DVD Jon wouldn't make one bit of difference. No matter what algorithms and keys Jon comes up with, he'd still have to GIVE them to everyone in order to be able to view the files at all.

Encryption is when Alice wants to send a message to Bob and prevent Charlie from reading it. Encryption can be extremely secure. You can do fantastic encryption to keep stuff secret against Charlie.

With DRM you are Alice attempting to send a message to Bob so that Bob can read it, but you are trying to somehow keep it secure against Bob. It doesn't work. You can't give it to Bob and keep it secret from Bob at the same time. DRM is fundamentally flawed logic.

This is why you (almost) never hear about military encryption or bank encryption or credit card encryption or other proper encryption being cracked, yet you ALWAYS hear about DRM systems falling apart. You can encrypt the files on your hard drive and the FBI could attack it for a hundred years and not get anywhere. That is a valid encryption task. You can create a DRM system and it generally falls apart in a matter of hours, days, or at most a few months. DRM is not a valid encryption task, you're not trying to keep secrets against an outside party. You're tring to keep secrest against an inside party. Trying to keep secrets against people who ARE AUTHORIZED to read the files.

You generally can't "crack" legitimate encryption. On the other hand a skilled person can always look at at the DRM system YOU'VE GIVEN HIM and that you have AUTHORIZED him to view files on, and he can and read around inside and figure out how it works. Once you've authorsed someone to read/view something then it is no longer within the realm of encryption.

The new Trusted Computing DRM system they are pushing is the same thing, with the single twist that your personal key is hidden inside a microship. Well if you're a bright college student and you have a well equipped college lab handy, well it's STILL merely a matter of looking inside they chip you've been given and reading out your key and then the entire system falls apart.

DRM is a fundamentally broken idea. It is simply impossible to give people something and keep it a secret against them at the same time.

The real problem with DRM are the stuipid laws attempting to get DRM to "work". The DMCA says that NONINFRINGING people can go to prison for up to five years. Innocent noninfringing people. There's a bill, the DMCRA, which would simply amend the DMCA to say that noninfringing people are not criminals and do not go to prison. Under the DMCRA anyone who commits copyright infringment would face the exact same laws and penalties as before, the DMCRA only protects noninfringing people. I have never heard anyone give any reason or argument why noninfrining people *should* go to prison. If any Americans would like to support the DMCRA and insure noninfringing people do not unjustly face prison under the DMCA then please click my SIG and register your support.

-

Re:Hire him

You know corporatism has completely engulfed slashdot when the advice to "sell out to the man" is considered Interesting.

Re:Hire him

[Kadin2048]

I think this wins the award for most intelligent comment (so far) in this entire article.

Listen up, people. There are a lot of people talking crap on the internet in general, and on Slashdot in particular (what's new?), and especially when it comes to DRM. The above post sums it up quite nicely.

It's a stupid, stupid idea, and the sooner that companies understand that and stop prosecuting the wrong people, then the sooner we'll actually have something approaching 'secure computing,' and not just some corporate farse.

Re:Hire him

[Alsee]

Thanx. BTW you *have* clicked my SIG, right? :)

-

Re:why did he do this ??? :-(

[GigsVT]

You can't know if that's true, unless you can prove P=NP.

-1 Troll!

[meringuoid]

Read that fourth paragraph carefully, mods!

Why do they even bother?

[NetNinja]

I see the whole encryption scheme as a lesson in frustration.

Why even bother when someone is able to defeat it in less than 24hours?

The more you try to hold on to something the easier it is to let it slip away.

Can someone out there please give a clear and succinct explanation to this whole encryption scheme?

Re:Why do they even bother?

[rob_squared]

"The more you try to hold on to something the easier it is to let it slip away."
-NetNinja "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
-Princess Leia to Governor Tarkin

If an evil empire capable of star travel couldn't figure it out, then one capable of Clippy can't either.

It's actually a good codec

[m50d]

That's why I'm willing to use it. Looks a bit blocky, but compresses incredibly well - I have a wmv music video that's smaller than an mp3 of the song in question. Also, I've found it the easiest of the main video formats (windows media, real, and quicktime - ogg theora and dirac just aren't ready for primetime yet) to get working in linux - just dump the dlls in the right format and both xine and mplayer can play them flawlessly, even as streams from websites (just install gxine or kaffeine). Real is harder, at least if you don't want to use their OSS-only official client, and quicktime is an absolute nightmare. So I'm all in favour of requiring windows media player to view videos, because the alternatives are worse.

Re:It's actually a good codec

no way. if you really can't leave withous media encoded in patented formats at least stick to what is supported by ffmpeg (for esample sorenson video in quicktime is supported, the latest wmv formats no).

Re:It's actually a good codec

[Xtravar]

Most WMV files that I play on linux are poor at seeking, whereas they don't have that problem in windows. I can't stand that so I usually just delete them.

Also, your argument about it being easiest to use in linux is crazy. Maybe you aren't using a good enough distro, but WMV was the only format I had to work for. All my AVI files, which are hodgepodges of different codecs, work fine. Hard drive space is cheap enough, I don't care about the benefits WMV brings. As far as I'm concerned, XviD + ogg are golden. I have less codec problems in linux than I ever did in windows.

I installed WMV, Real, and QuickTime codecs all at the same time, and they all work, just by throwing some DLLs around. I haven't tested streaming all that much, but I honestly don't care since streamed stuff is not worth the hassle.

Are you some Microsoft mole, trying to convert everyone to that crippled WMV format?

Re:It's actually a good codec

[Jonny_eh]

I dunno, avi files combined with mp3 for audio and xvid for video work quite well! (That is if we're talking downloadable video, not simulcast)

Re:It's actually a good codec

[m50d]

It might be supported in ffmpeg, but my personal experience is that there is no way to play a quicktime video embedded in a web page on linux, a feat that's relatively easy with wmv.

Re:It's actually a good codec

[m50d]

I installed WMV, Real, and QuickTime codecs all at the same time, and they all work, just by throwing some DLLs around. I haven't tested streaming all that much, but I honestly don't care since streamed stuff is not worth the hassle.

I was thinking purely of streaming. Being able to view streaming wmv took no effort at all for me - it was just a case of (in my particular distro) USE=win32codecs emerge kaffeine and I can see it fine in konqueror, doing the same with gxine would allow you to see streamed wmv in netscape/mozilla and derivatives. Real was a bit more troublesome (I resorted to manually downloading the codecs in the end) and quicktime I still haven't got working. (It's fine for local content but won't stream). When it's just files on your system, yes, divx is easier, but I have yet to see a complete setup for streaming it, and the bandwidth required would probably be prohibitive.

Re:It's actually a good codec

[m50d]

I was thinking streaming. Few places seem to offer video for download (of course kaffeine makes it very easy to save the stream they're sending you)

Re:It's actually a good codec

[Alsee]

I have a wmv music video that's smaller than an mp3 of the song in question.

Would that be Music in the dark by Joe "blindman" Jenson?

-

Re:It's actually a good codec

[evilviper]

Looks a bit blocky, but compresses incredibly well

I've used just about every codec out there, and WMV isn't all that good... I'd say it's just slightly better than MPEG-4. Other codecs like H.264 are much better, and can be played NATIVELY on absolutely any system (no need for propritary DLLs that only work on x86).

ogg theora and dirac just aren't ready for primetime yet)

VP3 (upon which Theora is based) was ready about 6 years ago. Mature, open source, patent free, etc.

Also, I've found it the easiest of the main video formats [...] to get working in linux - just dump the dlls in the right format and both xine and mplayer can play them flawlessly, even as streams from websites (just install gxine or kaffeine).

This is completely ridiculous. The WMV DLLs don't work any better than the Real DLLs, or the Quicktime libs. I can't even guess where you got some crazy idea like this. PEBKAC

So I'm all in favour of requiring windows media player to view videos

No you aren't. MPlayer and Xine aren't Windows Media Player, so you obviously don't want WMP to be required, even though you say so. MPlayer and Xine can't handle these obfusticated playlist files yet, nor the DRM, or many of the other idiotic things Microsoft does.

At least Real and Apple (quicktime) haven't sent cease and desist letters to open source projects, claiming their file format is protected by patents, and demanding support be removed (see VirtualDub).

Re:It's actually a good codec

[Dave2+Wickham]

What's so hard about playing Real video in Linux?

1. Download Realplayer for Linux (noting that the Linux version is a lot nicer than the Windows version, completely lacking ads, annoying "REGISTER NOW" screens, etc.)
2. Install.
3. Run Realplayer
4. Open the video.

I'm not sure if Real supports multiple architectures, but as you were talking about using DLLs anyway, this isn't important.

Re:It's actually a good codec

[Feztaa]

Totem with the xine backend and the codecs have been able to play every file I've thrown at them, including Real audio/video formats.

Re:It's actually a good codec

[m50d]

Lol, no, nothing of the sort. Kiss Me by Sharp (kpop, please don't tell anyone I have it). The video is grayscale maybe half the time, but it's still pretty impressive.

Re:It's actually a good codec

[m50d]

Other codecs like H.264 are much better, and can be played NATIVELY on absolutely any system (no need for propritary DLLs that only work on x86).

I haven't seen a streaming solution for anything other than wmv, real and quicktime.

VP3 (upon which Theora is based) was ready about 6 years ago. Mature, open source, patent free, etc.

I haven't heard it mentioned. All the attention seems to go to theora, which last I knew had only just stabilised the file format and was a fair way from a 1.0 release, and dirac which isn't even that far along.

This is completely ridiculous. The WMV DLLs don't work any better than the Real DLLs, or the Quicktime libs. I can't even guess where you got some crazy idea like this.

Simple experience, that's all it is. Maybe it's the streaming format that works better than real's, also the way real streams can be made unsaveable is a real pain. As for quicktime, it /is/ harder to get the dlls working - there are different, incompatible versions - and I have been simply unable to play quicktime streams on linux, at all. I think this is due to problems with their playlist format

No you aren't. MPlayer and Xine aren't Windows Media Player, so you obviously don't want WMP to be required, even though you say so.

No, but I don't mind websites "requiring" it. (i.e. it being their only officially supported player) because it's better than requiring real (which sucks on linux and the streams are troublesome playing in an unofficial client) or quicktime, which I have found no way to play on linux at all.

MPlayer and Xine can't handle these obfusticated playlist files yet, nor the DRM, or many of the other idiotic things Microsoft does.

None of these have affected me. I have been affected by inability to play quicktime streams, which I suspect is an identical obfusticated playlist issue, inability to save real streams to play in my car, which is a DRM problem and more than I've ever seen MS do, and difficulty setting both of those up to play on linux.

Re:It's actually a good codec

[m50d]

As I said, the official client only supports OSS for output. I have an alsa system so I have to mess around with unreliable wrappers (presumably it does mmaped I/O or something. Either way the net result is it's a nightmare to get working without OSS)

Re:It's actually a good codec

[Dave2+Wickham]

Ah, sorry, didn't notice that part of your post somehow. I do run an ALSA system too, though, and don't have that problem; could be because my sound card is an emu10k1?

Re:It's actually a good codec

[m50d]

Could be. AIUI it's a lot easier to sort if you have a card that does hardware mixing, unlike my onboard via82cxxx which is basically the cheapest sound chip ever.

Re:It's actually a good codec

[evilviper]

I haven't heard it mentioned.

Yes, you just did.

I have been affected by inability to play quicktime streams, which I suspect is an identical obfusticated playlist issue

No, it's a user error.

inability to save real streams to play in my car, which is a DRM problem and more than I've ever seen MS do

Again, user error. You simply don't know how to save them, because you haven't bothered to learn. The same could be said in reverse if someone had learned how to save Real streams, but not WMV streams.

And you're completely wrong. WM actually encrypts streams with DRM by default. You won't notice if you're just playing them on your local machine, but if you send them to another machine using MPlayer/Xine, you'll see nothing but a green window with noise, and only hear blips. THAT is what Microsoft does, and they are the ONLY COMPANY doing that. Now, the DRM enabled by default is something you can disable fairly easily if you know it's there and know you NEED to disable it, but Microsoft is being very sneaky about it.

Re:why did he do this ??? :-(

GOOD algorithms are a thing of beauty.

BAD algorithms are ... not.

Nobody whines over the disuse of the bubble sort. There are far better algorithms, as well as better algorithms that are just as simple. Why then should we treat encryption algorithms differently?

If anything, the destruction of a poor/weak algorithm is a good thing- it should (theoretically) cause something better to be created. Something better will inevitably be created anyway, but there's no sense in pretending a given algorithm is acceptable when it's apparently not too difficult to break.

MS is probably pissed that it happened, but they ought to be even more pissed that it was possible in the first place. Others have created encryption algorithms that have lasted far longer, and still others have created algorithms that stand to this day.

IMO you've committed the fallacy of division: since the whole has a given property, that each of the components has that property. Encryption algorithms are (good|appreciated|helpful|cool)... this does not mean that any given encryption algorithm (can|should) be described in the same way.

Re:why did he do this ??? :-(

Of course it's true. No matter how strong the encryption the attacker (such as DVD-Jon) always has access to the decryption key. Once the key is retrieved from wherever it is stored in the player the encryption can easily be broken.

Alternatively...

[benhocking]

You can build a quantum computer... and then prove that QP=NP (where QP implies polynomial in time on a quantum computer). QP=NP is also an unsolved statement. One difference is that it seems to me to be more likely to be true than P=NP.

Windows Media 3

[JoseFilipe]

If the stream has a Windows Media 3 embedded, will I be able to play it?

Or is this just for loading streams?

Re:why did he do this ??? :-(

[James_Aguilar]

No. See the One Time Pad, which is mathematically impossible to break, even given infinite time and resources.

Windows Media

[callipygian-showsyst]

Do you see a reason to install Windows/WMP just to be able to view a webcast?"

No! I've installed Windows Media--including the Windows Media SDK, WMP10, and the Windows Media Encoder--because it's a great encoder and is included in the price of a windows system. I prefer the sound of WMA-encoded files to MP3s at the same bitrate. And there are at least 50 music players on the market, like my Samsung, that I can just plug in to Windows and sync with Windows Media Player! No need to install any software (unlike those stupid Creative folks with their virus!). Just plug it in and it works.

Re:Windows Media

[NatasRevol]

No need to install any software???? Except of course the 3 pieces you mentions a couple of sentences ago.

And as for the virus....it's a Windows virus. The problem isn't with creative, it's with an OS that's so easily corrupted.

Re:Windows Media

For someone concerned with the audio quality difference between wma and mp3 it looks silly if you use a samsung. Get a decent player. While you're at it, instead of installing wmp10 give oggenc a try:P

Also, most players don't need sync software (imho they should just work as usb mass storage devices) but almost all come with some software included (I bet even your samsung thingy).

Re:Windows Media

[Eric_Cartman_South_P]

Just wanted to say I love your sig. w0ot!

Re:Windows Media

[RzUpAnmsCwrds]

"And as for the virus....it's a Windows virus. The problem isn't with creative, it's with an OS that's so easily corrupted."

That's stupid - it's like saying that murderers aren't the problem because "people are so easily killed."

Re:Windows Media

What are you talking about you can drag and drop
just about anything on a creative and it will play.
unlike ipod, itunes and mp3 thats it.
and from windows try to mount the mac formated drive.

Re:Windows Media

I ran a stop-sign and killed you.. it's YOUR cars fault.

Re:Windows Media

[TeXMaster]

I prefer the sound of WMA-encoded files to MP3s at the same bitrate. It doesn't take much for something to sound better than MP3. The point is, what have you compared it with, other WMA? Have you tried Ogg Vorbis? Have you tried MusePack (MPC)? What about other proprietary formats, like AAC? If you ever did such comparisons, when was it? Have you ran such comparisons recently?

Re:Windows Media

[Feztaa]

The problem with analogies is that they're like trying to tie your shoe laces with butter.

Now, if humans could choose between two different body types, one that's extremely susceptible to automated killing machines, and another that's completely immune to all forms of physical attack, and 80% of the population had chosen the weak bodies voluntarily, then you might have a point.

People don't choose to have fragile bodies, so your murderer example is completely bogus. People choose to run windows, and it's windows' fault that it's so easily exploitable.

Carefull!

[Commuto]

Hey watch your back Jon! With so much power in the reverse engineering scene, one day someone might want to switch you off! Thank you for caring so well for our freedom.

Where can I find NSC files?

[julie-h]

Does anyone know where I can find a NSC file to try it out on?

Re:Where can I find NSC files?

Here's a few. The gibberish at the end of the URL is for defeating Google's "no search term" limitations.

Re:why did he do this ??? :-(

[fossa]

I thought "quantum encryption" was One Time Pad using a quantum technique to ensure uncompromised pad distribution?

It seems about time

[Pope+Raymond+Lama]

The FSF sends in a bodyguard team to care for DVD Jon's well being. It won't be long before assassination atempts against him by corporate minions begin.

Re:It seems about time

[Lehk228]

DVD Jon isn't just one guy, he is the figurehead for a large gang of hackers.

Micro$oft

[bloke1987]

I believe that this might just be another example of micro$oft trying to wipe out the competition. Not only is it creating cheap programs that undercut the competition but makes special formats to force you to use them. This just highlights this fact. How simple can you get. write your link in a strange language so no-one else understands. The truly secure systems pay top hackers and crackers (yep, they really do employ DVD-J) to break into their software / servers etc etc and monitor how it is done. Cunningly enough they then use this to make it even more secure. Lets assume this is now on the net that microsoft will patch WMP with a different encryption in ooo... 2 weeks and get you to download it as "a vital security update for WMP".

RE: Get a Job

I think people are missing the point when they say he should work for microsoft..

He's making information FREE for the world. Now you want him to get a job to make proprietary formats more secure?

I find it hard to believe that anyone would welcome opression..

They created a monster

[intnsred]

Thinking back to years ago when the corporate powers-that-be had a teenager arrested for merely figuring out CSS, I wonder if those corporate bureaucrats realize that they were creating a monster?

I mean, if they had just left the kid alone, his curiousity might have waned and today he might be a stodgy coder writing finance apps.

Instead, they pissed him off, highlighted the system's corruption and injustice, and created a monster.

Re:They created a monster

[madstork2000]

A monster to them, a cult hero to the slashdot minions...

That is an interesting train of thought.
-Ms2k

Windows Media Player

[jskline]

I only use it to watch something internal to my house network. My firewall (IPCop) is configured to block everything that WMP uses port-wise in and out, and can only open links to stuff on my LAN as I have a media server that does produce Windows media from one device (Beyond TV3).

Knowing both Micro$oft's history, and the fact that much of Windows is still akin to swiss cheeze, I don't want to risk it. My kids are predominantly using Winamp and I even shudder with it sometimes.

Cheers

Re:Windows Media Player

[Creepy+Crawler]

If you're soooo scared, go get a therapist.

I hate these iggly-wiggly open sourcers that ARE afraid of Windows and MS apps. God damn man, get a life.

Re:Windows Media Player

[jskline]

Damn...

An honest-to-goodness, dyed-in-the-wool Microsoft zealot!! Cool. Ain't never seen one of them up this close before...

Yes sir. Gotta tow that line for Mr. Balmer and Mr. Bill...

Cheers

Re:Windows Media Player

[Creepy+Crawler]

Fat chance.

I use quite a lot of Linux, but Im no Opensource fanatic.

I use quite a lot of Windows, but Im no MS fanatic.

I like free time. Windows is good once you set it up and clone it to an image on the network. Put g4u and a small partition for linux bootstrap and you have 100 Mbit image copying service. Windows fucks up (yet again) and its back up in 40 minutes.

Windows saves time for the people who make content (of whatever it is, CAD, music, accounting, whatever) and Linux saves time for infrastructure. I can be a "lazy" admin and have it all under control. Combining them all together "Just Works" and saves me time.

WHat I am a fanatic about is doing the same damned repetitive actions again and again.

And the game continues...

[marlinSpike]

How many times do Media companies have to go through the pain and frustration of having their latest encryption schemes thwarted by hackers and enthusiasts?

I think the more level-headed response to piracy is what multi-billion dollar companies like Oracle and IBM have taken -- they let you download and install FULL versions of their flagship software packages, if only you agree to pay them when YOU earn money from their software. These are the companies that pioneered much of the software that runs major IT companies that power the Internet. If they've realized that encryption is a lost cause and that trust and incentives are the only workable solution, then why are the numbskull media execs not learning a lesson from them?!

If users feel a level of trust, I believe media companies will come out ahead. Yes, some amount of piracy will continue, but that's true even today. However, I think if it were easier to get, play and buy media electronically, they'd actually see a dramatic rise in sales, rather than more piracy.

Re:And the game continues...

How many times do Media companies have to go through the pain and frustration of having their latest encryption schemes thwarted by hackers and enthusiasts?

Preferably for an eternity. They deserve no less.

Re:And the game continues...

I think their problem is that it could not be any easier to get and play media electronically. The *buy* part is where their problem lies.

Though I'd hate to see it happen and be condoned by governmental authorities, I think their best bet is a variation of the mafia approach. The mafia makes you pay protection to safely do legal activities like run a business. What may be more tenable because it is illegal is to let everyone keep cracking and downloading stuff, but, with the government's allowance, charge them for protection from civil prosecution. Sorta, change the shotgun lawsuit business model into something more systematic.

Anyways, they really need to give up and try looking at the situation from another angle because the cat has been out of the bag for a long time as far as they are concerned. They hated magnetic tape when it got in consumers' hands because it allowed someone to record something and pirate and distribute it anonymously that way. Other than the fact that the digital method has helped accelerate the volume of piracy, they should look at it as a mixed blessing in that with the digital method at least they may have some way of identifying some of the pirates some of the time.

I love that guy

[Bipedismaximus]

In a purely platonic way of course.

Re:I love that guy

[wizkid]

I second that! In a platonic way of course :)

Re:why did he do this ??? :-(

[rpozz]

I totally agree. While I didn't fully agree with the iTunes hack (didn't achieve anything that couldn't already be done, and broke quite a reasonable service), this is definitely a good thing, like DeCSS. Breaking a service which either enforces price-fixing or having to use a particular OS is ethical, and certainly good work.

And no, I'm not an Apple fanboy (I hate those bastards!), before you ask.

Do nothing.

[Douglas+Simmons]

Don't forget the option of doing nothing. Any moves they'd make in response to this embarrassment, whether moves involving lawyers or redesigning, will attract media attention which would be bad for business because of investor perception of the company changing the company's worth in addition to alerting not just more hackers but the Kazaa crowd entirely that there's nothing to worry about anymore regarding wmv (other than malware bugs, of course).

If I were MS in this situation, I'd sweep this news under the rug and pretend nothing happened. They're too late to go back to the drawing board, too much has been invested, and their reputation to other companies they courted into secure media format cooperations would dive even deeper.

Re:why did he do this ??? :-(

[Adult+film+producer]

"For those of us who truly appreciate encryption on a higher intellectual level"

consider my name... ah come on, it's a joke.. laugh okay ? :-)

Re:why did he do this ??? :-(

[Widowwolf]

Not impossible to break if you get ahold of the pad..Also if you ever read the book "Cryptonomicon" you will see it is possible to break one time padsa based on human error. Basically if the human operator creating the one time pad must do it day in and day out, sometimes they will slip and then, poof you get someone whos a insanely brilliant man who breaks it. Yes i do understand that this book is Fiction but it could happen. Nothing is impossible..remember that

About the sig.

Ontario doesn't get any transfer payments, it infact pays the most out by far. Us ontarians are being robbed more than anyone else, while Quebec sits pretty wallowing in funds it doesn't deserve according to the formula. And recently it's been publisized in the media that our economy can't handle this practice much longer, so fuck you thinking your the ones being drained dry. And also fuck you for having a religiously entangled conservative party, I can vote for the ontario conservatives free of the fear of helping religious extremists (like Kline and co for example). IANAL(liberal)

Re:About the sig.

[DigitalJeremy]

rofl - did I say I lived in the east? not EVERYone in the west is a hick, you know.

it is final: DRM has failed

This is another great example that DRM has failed and should give the rest to any plans of using DRM that might be still being evaluated. DRM has failed to gain any consumer acceptance and simply does not work.

Re:why did he do this ??? :-(

[James_Aguilar]

I suppose that it is possible to genetically engineer pigs with wings too. Doesn't mean it's useful to call pigs flying "possible" in a serious conversation.

Re:why did he do this ??? :-(

[arose]

There is nothing mystical about correctly using a one time pad: use a random key, don't reuse keys. The one time pad is dead simple, it's just not very practical.

A Sad Sad sign of the times

[OneMemeMofo]

... That he couldn't take a few minutes to put some comments into his code! =)
As for those who feel it is a dark day for encryption please elaborate a bit more. Is it bad because someone cracked it or is it bad because it was crackable without resorting to using a cluster of supercomputers in parallel? Are there other reasons I'm missing? Thanks!

Using this for years

[cz_eye]

Being a non-broadbander from far far east I was forced to do so on regular basis. The streaming is no-option for me so I am forced to hack the stream server and get to the downloadable content. I can do it for cbsnew.com, comedycentral.com, foxnews.com, cnn.com, msnbc.com and bunch of other servers. Some have their content even very well indexed and sorted by date in the database behind, so someone can pick the track without even looking.. (once u get in) just change the date or increment the story ID and forward it to the download queue. Instant TV and replayable, very nice.

(just kidding of course)

Re:Using this for years

[larytet]

you found links to CNN.com content ? please, let me know how you do it. i tried to read their JS, but i failed miserably. appreciate your help in case you do not want to publish it my email larytet AT yahoo DOT com thanks

Re:Using this for years

[larytet]

i solved the problem see instructions here (requiers GreaeMonkey extension and firefox) http://larytet.sourceforge.net/howto.shtml

Re:why did he do this ??? :-(

[Widowwolf]

what i am saying is that is possible and it did happen during world war 2. By the parent calling this impossible he was wrong

To bad this doesn't help me

[martin_b1sh0p]

Last night I decided to check out the MTV VMAs because I saw a commercial on MTV that said you can watch online, on demand, in total control.

Well I fired up FireFox on my Linux desktop and went to http://overdrive.mtv.com/ and low and behold it said: "We're sorry, you're running a Unix system.".

Well, ok, let me go over to the wifey's XP desktop and fire up FireFox. Low and behold it says you must be using IE.

Well unfortunately IE has never worked properly on my wife's computer. So I'm basically SOL as far as MTV is concerned. Oh well.

What would help me would be a plug-in for FireFox that sends a custom post/get header thingy that let's me tell the web server that I'm on a Windows OS running IE (even though it's FireFox on Linux). I know Opera let's you say you're IE but it doesn't let you change your O.S.

Re:To bad this doesn't help me

[level_headed_midwest]

User Agent Switcher. Do a search for that at the mozilla.org website to pull up the .xpi installer. But be forewarned that most sites that say they require IE do so because they use ActiveX (such as to use THEIR player) and will not work with any other browser.

Re:To bad this doesn't help me

[SharpFang]

http://prefbar.mozdev.org/

Re:To bad this doesn't help me

[plastek]

Well unfortunately IE has never worked properly on my wife's computer. So I'm basically SOL as far as MTV is concerned. Oh well.
I wouldnt call it unfortunate, more like a bonus feature.

Re:To bad this doesn't help me

[WhiteWolf666]

I'm not sure where it is, but I'm *sure* such a thing does exist. I found it before, when I used to regularly use firefox. It's a toolbar, most likely avaliable on the firefox extensions page, somthing about spoofing browser identification.

I don't know where it is, because I usually use Safari or Konqueror (depending on whether I'm in OS X on my powerbook or linux on my desktop), and this funcationality is native to both.

Re:To bad this doesn't help me

well said. Same about jon stewart show... I have mplayerplug-in installed. Still I have to use curl the url 'grep' the .asx line. Use mplayer -playlist ".....asx" Now I know how user friendly...

Re:To bad this doesn't help me

I think this is just what you're looking for.

Re:To bad this doesn't help me

[martin_b1sh0p]

Sweet!! Thanks!

Re:To bad this doesn't help me

[martin_b1sh0p]

Thanks as well. Couldn't find one that did this, now thanks to the /. crowd I have two to choose from :-)

Re:To bad this doesn't help me

[planetoid]

Is this what you're thinking of?

Don't think so, What DMCA?

What DMCA?
Because, thank God, American "justice" is of no consequence in my country (Norway) - so DVD-Jon will be free to continue.

Of course, for you US citizens it's another matter, but then again you get what you pay/vote for.

Re:Don't think so, What DMCA?

Of course, for you US citizens it's another matter, but then again you get what you pay/vote for

No, I get what the idiots around me pay/vote for.

Re:Don't think so, What DMCA?

[aichpvee]

No, you get to pay for what the idiots around you vote for.

NOT an encryption!

Come on, people. What his program does is just:

- read some hexadecimal data
- read some base64-encoded data (though with the character set [0-9A-Za-z{}])
- have an exploitable overflow, because converting a UTF-16 buffer into a UTF-8 buffer of the same size is VERY dangerous

Please, please, for the sake of all cryptographers, don't call it an encryption! Mind you, I'm glad that VLC will have NSC support. But it's not as if it was designed to be a strong protection in the first place -- MS just wanted to avoid copy-paste. This is nothing like DeCSS.

Re:why did he do this ??? :-(

The universe has a finite amount of energy, and hence computation. It should be possible to use a key length sufficiently long that brute-forcing it would require more energy than actually exists. (OK, should quantum computers prove feasable they would still be able to do it.)

Of course, you can always break encryption by some other method, e.g. let someone with the key decode the data and then steal it.

No such thing in our legal system

[andersh]

You're mistaken - we don't use Case Law in Norway. Our legal tradition is Scandinavian/continental civil law - where precedents are very weak arguments as opposed to the US/UK Common Law system.

US vs NATO? = UK takes control of US

Being founding members of NATO - Norway could then ask every other member of NATO to defend it! The British would have a perfect opportunity revoke that silly "indepedence"! :)

Re:why did he do this ??? :-(

[GigsVT]

Well, yes, but that's not a flaw in the encryption, that's a flaw in the idea of DRM.

Current encryption technology was never meant to be used this way.

What you are saying is like saying "All screwdrivers that are used as cold chisels will break eventually." Well, duh.

Well...

As I understand it, he's more the "release" guy.

Especially now, because he can grab headlines by humiliating the DRM makers every time he releases something.

N.B. That's not to say that he hasn't got anything to do with the coding/reversing of these schemes, just that these things are reversed by more than just him working alone.

At least, that's how I understood the story.

Re:Well...

As I understand it, the people who put forth that "story" (read: theory) are simply envious. At least, that's my theory.

Re: Opression

[lullabud]

I, for one, welcome our new oppresive Microsoft employee of the month DVD Jon overlord.

Technically, not hacked.

[Baloo+Ursidae]

Editors: Please take note of the proper definitions of hack and crack.

Re:Technically, not hacked.

You need to fix those definitions. This was reverse engineering, and absolutely is an exercise in hacking. No malicious intent. He solved a puzzle - and that's what hackers do (in the old sense of the word).

No, I will not install Media Player

[DougMelvin]

I can not believe that people are still trying to broadcast streaming media via proprietary and "locked" technology. I, for one, will use this new decrypter to view any streaming broacasts that use this technology. I'd like to also rant a little on Quiktime who now bundles iTunes.. if you are not using a windows 98/me you are forced to install iTunes just to view a .mov file.. That's BS.. I now use Quiktime alternative and Media Player classic which may be download alone, or bundled with the kazza lite mega codec pack.

Re:No, I will not install Media Player

...if you are not using a windows 98/me you are forced to install iTunes just to view a .mov file...

Oops, you're wrong.

Re:No, I will not install Media Player

[DougMelvin]

this goole search show that the page you posted is not linked to from anywhere within Apple's site. I do thank you for providing that link, and I will pass it on, however, the average user who goes to apple.com and clicks download will not find the standalone version. period.

Re:No, I will not install Media Player

I can not believe that people are still trying to broadcast streaming media via proprietary and "locked" technology. I, for one, will use this new decrypter to view any streaming broacasts that use this technology. I'd like to also rant a little on Quiktime who now bundles iTunes.. if you are not using a windows 98/me you are forced to install iTunes just to view a .mov file.. That's BS.. I now use Quiktime alternative and Media Player classic which may be download alone, or bundled with the kazza lite mega codec pack.

you're a fucking tool.

Clear and succient explanation...

[Otto]

Can someone out there please give a clear and succinct explanation to this whole encryption scheme?

Sure. The gist of it is that you put your video file on a web server. Then you put what is basically an INI file on a webserver as well. People download the INI (renamed to an NSC extension), their media player fires up, reads the INI, finds the location of the media file, and starts downloading and playing it.

But then anybody could load and parse that INI and get your media file. So they obfuscated the INI file by changing the important bits of it to be what looks like nonsense.

This obfuscation works by shifting all the text into it's hexadecimal equivalent, performing some fairly minor math to shift those numbers into some other numbers, and then spitting out the hex as text. Couple other bits are added on to the beginning though... it uses a couple of different encoding types, and a length field to tell you how much data there is, but that's the gist of it.

It's not actually "encryption" because there's no actual key used. It's about as much encryption as ROT13 is, it's just a little more complicated than that.

Reminds me of Infamous Sun engineer post

In reply to Linux's David Miller:
Bryan Cantrill on comp.sys.sun.hardware

OT: Potential Victory for Open Office

OT

but why is this news not on /. yet..........

Massachusetts Eyes Open Office Standards
http://www.internetnews.com/ent-news/article.php/3 531991/

Innocent!

..until proven guilty :)

Re:why did he do this ??? :-(

[I_Want_This_ID]

That's exactly what quantum encryption does, and it solves the problem of key distribution that is the serious weakness of the one time pad.

Damned right.

"Sorry....I got more and more pissed off as I was typing that, which I'm sure you can see by the tone......"

No need to apologize. You are completely right.

W(ho)TF uses WiMP?

Last time I tried to view a movie or listen to sound on it, the piece of garbage launched my web browser and redirected me to some site saying that there were the maximum users allowed to view the file(?) WTF?!?! I immediately ditched WiMP and vowed to never d/l a .wmv / .wma. WiMp is as useless as those formats, so why would I want anything to do with it?

WTF are you smoking?

WiMP does NOT just work. It simply doesn't work period:

http://slashdot.org/comments.pl?sid=160890&cid=134 67785

Class action for damaged keyboards

Now I know what coffee jetting through the nose feels like.

Will you join the class action suit against billybob2001 for damages to computer keyboards and screens?