Slashdot Mirror
President of RIAA Says Sony-BMG Did Nothing Wrong
Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" It seems that the latest spin is to portray the Sony rootkit as no more of an issue than a software coding error that unintentionally creates a security hole. Will they get away with it among the non-technical public?" Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!
Sherman would be correct -- in a free market. Fortunately for us, those who rely on helping create freedom-reducing laws eventually find themselves violating their own creations.
The real dilemma for content creators was their inability to collude together on a newer standard to replace CD, and now it is too late. Wouldn't you be mad if your cartel couldn't react in time to new situations?
The simple fact that any audible signal can be recorded is important, yet the record companies still seem blind that they have a viable MP3 market because most consumers (with jobs) would rather pay $1 (with Jobs) than spend 20 minutes finding a song illegally or even bothering to rip their own CDs. I have more than a few friends who've rebought albums from iTunes that they own on CD. $10, to them, is worth the time.
Does the RIAA need to continue the "piracy is wrong" campaign? Yes! But that should be the limit. Let honest people know they're not reimbursing others for the content they pirate, and I believe you'll see people continue to pay. I believe people are generally good and moral (99% of the time even a thief acts in a good way).
Do record labels need copy protection and lawsuits? Not against consumers, not even the guy seeding a torrent to hundreds of others. They need to re-evaluate their market and see that people will pay and more people are becoming more technologically inclined so even at a lower price they can see bigger profits.
Nonetheless I don't think we need to worry about the RIAA or rootkits or whatever much longer. The new generation (10-16) of kids recording today are already using the next distribution system (PureVolume and MySpace). I know of a few young bands already making decent money selling very professional CDs by promoting their music online for free.
I'm starting to filter the RIAA news (at least mentally) since it isn't news to me. They had a great run of 70 years, and just like gaslamp lighters, their time has come.
RIP A CD, R.I.P. R.I.A.A.
The comparison is apt and honest. I can't count how many times regular application software has done this to me. For example, the time I put Outkast's Speakerbox CD into my drive, and I found a buggy version of Firefox had installed and masqueraded as a system DLL. Or the time I was listening to William 0rbit's Strange Cargo, all the while the CD was secretly installing an unpatched IIS server and updating the kernel to keep the install from showing. Boy, that sucks every time. :(
Clearly the analogy as apt, and we need a more progresive, less bigoted view: Just because it's a shrouded rootkit doesn't mean it's a security hazard.
Satan says Hitler did nothing wring!
I wonder if Cary would be saying that if the RIAA was named in several lawsuits and was facing the the bad press Sony is currently getting?
The most surprising thing to me about this whole affair is that there are companies selling rootkits. Which makes me wonder -- who else is buying them? Who knew this was a legal commercial enterprise? Can we get a list of their other customers?
I was wondering when - after I bought a recent album - Konqueror opens up instead of Amarok. I thought, WTF? Then I realized I had a Sony CD. I'd be pissed if I were a Windows user - or worse, a sysadmin - and this thing got installed on my desktop.
The Kai's Semi-Updated Website Thingy
I'm sure they'd love the DMCA to include permission for them to place rootkits with impunity. Because we all know that DRM is FAR more important than protecting all the data on my hard drive. I'm sure he's perfectly willing to put his money where his mouth is and run the Sony rootkit on his personal and business computers...
Never mind that their software contained copyrighted code
So... If I shoot someone for stealing, I'm just being responsible, and I can also claim I had no knowledge of Smith & Wesson makings things that really kill people? "B-but judge, I thought they'd just get scared from the sound, and run away...? *sob*"
Blog -
Foot Sandwich
Hold up, wait a minute, let me put some pimpin in it
So...waiting days after this rootkit was shown to the wild before actually taking action is considered responsible? Let's give FEMA an award for speed and responsibility!
This is like a M$ shareholder saying there is nothing wrong with their business practices.
the fact that this whole r00tkit fiasco has set DRM back by years.
Hey Hemos! What color is the sky on your planet? Think about it for a minute. Do you truly believe that this minor incident with Sony-BMG will have any significant effect, even with Sony let alone any other label? I guarantee you that Sony_BMG is already scrambling to get the "latest generation" DRMed CDs on the shelves before Christmas. You must live in Fantasyland.
Wow, look at the dirty laundry being spun today! Notice no mention of stealing others IP to try to lock down your own.
Yes, HOW MANY times have I put a CD in my WIntel workstation and had software secretly installed on it? Must be at least a hundred...no, a thousand? ...no, a million? ...no
Oh yeah, I forgot.... It HAS NEVER happened before this
That's why we must stop it NOW.
"President of RIAA Says Sony-BMG Did Nothing Wrong"
In other news, cows give milk.
Anyone interested in local radio coverage of this story, CJME.com is about to do a show on the Sony rootkit, you can listen live at 10:05AM CST, and again in the evening for a rebroadcast. Sorry, no podcast is made.
Saskboy's blog is good. 9 out of 10 dentists agree.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Sony may not have done anything patently illegal. The EULA does inform the end user that they are making modifications to their system. However this fact is (reportedly) buried in the EULA and there is not any install notification. The fact the program goes so far to hide itself that it reprograms part of the windows core system (and does not implement proper checking which can lead ot deliberate crashing) is definantly unethical.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
Actually, I'm only surprised it took the RIAA so long to stand in line with Sony on this publicly.
See my blog for my free opinions.
"the technology they used contained a security vulnerability of which they were unaware"
Which is why you beta test stuff BEFORE you release it. Otherwise, you risk getting yourself in these situations. Just ask Microsoft.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
It's true, he never did his own laundry.
He who knows best knows how little he knows. - Thomas Jefferson
This post 0wn3d by sOny - Greets go out to Mitsubishi, Toyota... thanks to Toshiba for t3h maths. Secret message to Cary of RIAA: LOL can't believe u said it, now I owe you $5
This is awfully interesting... From TFA
University of Southern Mississippi, The Student Printz: History seems to show that anything done to stop files sharing will only create new methods and technologies to get around their controls. In light of that, should the middlemen (RIAA, et al) be thinking about ways to bring consumers what they want -- which they'll mostly end up getting in any case -- instead of futilely struggling to keep their finger in the dike, which ultimately only causes further public unhappiness with them?
Cary Sherman: History also shows that no matter what is done to stop bank robberies or shoplifting, some people will always find a way around those techniques. Does that mean we should simply give up and allow people to take what they should be paying for? Record companies ARE trying to give consumers what they want. Think of how music was available just a couple of years ago and how it's available now. You can buy an individual track, at any time of the day or night, and get it instantly on line. You can subscribe to services with a million-and-a-half tunes to choose from that you can listen to whenever you want, for an all-you-can-eat monthly fee.
Hrmmm Did he ever stop to think that if "Record companies ARE trying to give consumers what they want." Then the ratio of Illegal music downloads to Bank Robberies might be a little more consistent with what he is implying? Companies need to realize that copy protection isn't a trade off. It's a limitation. And it's a limitation that most people don't want to bother with.
Losers whine about their best, Winners go home to fuck the prom queen
I agree with simple copy protection meant to keep Joe User from just sending files over the web but it's impossible to stop him from lending his CD to a buddy to be ripped. This will never hurt the pirates as they'll just find a way around it and continue what they do. The RIAA is hurting the legit users more than pirates who could care less.
"Nothing unusual" != "nothing wrong". Sherman's response that Sony's crimes against its customers aren't unusual makes it worse. He defends the crimes by saying they're standard practice. He should get frogmarched to prison after a RICO case shows he conspires with the media cartel to commit these crimes, and to cover for them.
--
make install -not war
A popular news site known as Slashdot was crashed today by hoardes of users posting anger-deranged rants about the RIAA simultaneously...
If Sony clearly indicated that they were installing a rootkit on the users' systems, than I think indeed they did nothing wrong. It's their product, after all, so if they want to include a rootkit, that's fine. The only reason I say they need to indicate the presence of the rootkit is that it is the kind of software that you would normally expect not to be included (in good faith).
However, I doubt that Sony would have clearly indicated the presence of the rootkit. How do you even begin to clearly indicate the presence of something that most people don't even understand? I haven't been following the case, though, so I can't say anything more about it.
Please correct me if I got my facts wrong.
Hi,
a rootkit is a rootkit others will go to jail for such crap.
CU
9000h
Bah! And don't even get me started on the oil companies or Microsoft. ;-)
Can somebody please point to me a list of all thise supposed software that has basicly removed all security from a machine? I can't think of a single legit program out there that when installed, hides stuff on your computer and allows viruses to use this same technology to hide themselves on the machine. When removed, kills hardware drivers in your computer and leaves your computer wide open for just about any type of computer attack.
I think they are off by claiming that LOTS of software has done stuff like this in the past but Sony is the first to do so and then turn around and try to fix it. I seem to think Sony is in a class of their own when it comes to a sideeffect of software being installed like this.
I'll put a rootkit in every home!
He goes on to praise Sony's "responsible" attitude in handling the problem?
They are responsible for putting it in there, and the next line after that makes me laugh even harder.
how many times that software applications created the same problem
Other then virusus/trojans....let me think none?
We've sold off industry, education and science. Looks like our business leaders are now selling their soul. Sure they've done bad things in the past, but their actions are now so blatant. They don't even try to hide what they do any more; they just "pee on our legs and tell us that it's raining".
At what point can we say that business has gone to far? When PR boys start trying to convince us that it's ok for them to install stuff to spy on us? I'm waiting for the brain implants and mandatory goggles to "protect their intellectual privacy rights".
Yuck.
What are you eating? isItVeg?.
Will they get away with it among the non-technical public?
Anyone ever lost betting on the ignorance of the general public?
I am and always will be a stereotype, because who in their right mind prefers mono?
University of Berlin Tecnological College: Herr Führer, vhat do you say to zese Fascist dogs who proclaim zere rights are being infringed?
Führer Sherman: We believe in the right of the individual to listen to music the way they want, as long as that way is our way! Eventually we will have the music-listening public marching to a single tune, our tune, and a great day will come when we will bring all nations under our heel!
University of Berlin Tecnological College: Sieg Heil! Sieg Heil!
Where's Neville Chamberlin when you need him?
GetOuttaMySpace - The Anti-Social Network
Powersauce bars are great!
"It is not advisable, James, to venture unsolicited opinions."
Every time they say something like this, steal a song. Everytime they Do The Right Thing (tm), buy a song.
An I am such a sissy that I post this AC
I personally boycott Sony due to their business practices in both the music and computer industry. Luckily we aren't completly at the whim of Sony.
I've been using Windows since windows 95. Currently on XP, as it has the best driver support for my laptop, linux otherwise if all hardware is supported.
Once mactel laptops come out I will boycott microsoft as well!! Boom headshot!
The RIAA is right -- Sony got way more criticism than they deserved (but for understandable reasons).
"...there is nothing unusual about technology being used to protect intellectual property..."
There is also nothing unusual about technology being used to 'steal' it and share it on a P2P network, either.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
I wonder if the RIAA would be happy to have Sony's rootkit on all their computers? Perhaps the RIAA computer systems should be used as test beds to make sure future Rootkits are secure or is it "Sure, its a good thing, just don't put it on my computer".
Click Click Bloody Click PANCAKES!
the technology they used contained a security vulnerability of which they were unaware
i don't have one of the discs with the rootkit on it, but I remember the consumers not being aware that the program was installed.
By that logic, I should be able to install a key-tracking program on this guy's PC.
I have never let my schooling interfere with my education.
I truly, deeply, and sincerely hope all his personal computer systems are rooted by all the DRM flavors out their simultaneously. Then he can live with what he claims is not a problem at all for the rest of us.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
There is a difference between a software bug that allows an attacker to take over your computer and deliberately installing a backdoor to allow anyone who knows how to take over your computer.
I don't see how this has anything to do with technology being used to protect intellectual property.
The RIAA is behaving just like Microsoft did with SCO, taking advantage of the situation and feeding FUD supporting stupidity.
No wonder everyone hates the RIAA.
Sigs are for morons... Wait a minute...
... with a single digit!
These are the same guys that believe that lobbying to create laws to protect intelectual property (DCMA) is a good thing.
One can hardly expect them to consider the technology arena as holy and untouchable.
Basically they only care about the bottom line - they'll do whatever it takes as long as they don't loose money by doing it it.
Those of us involved with IT security know this attack vector all too well. If you want to really scan for virus and trojans on a crtical PC, you map the administrative shares C$ D$ etc to another PC, and run the virus scanner on that machine.
That way you know for certain that you haven't been rooted, a kit can only hide from the PC it is hidden on, not another machine.
I see rootkits all the time, the main entry is through backup software exploits rather than O/S holes. (Or autorunning CDs). You will regularly see script kiddies taking advantage of a root kit placed there by other hackers.
So anyone who works in IT, especially someone who works in root kit creation, cannot claim that they were unaware of potential security problems.
It was incredibly irresponsible and pleading ignorance is no excuse.
It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein
It took a California lawsuit, the EFF, and a week of bad press on Slashdot for them to pull this.. :)
This is "responsible"?
I tend to agree with a lot of other posters on here that if it were an individual they would be in jail right now.....
How the heck is it responsible?
I really like the part where Sherman says the record industry is really a lot more giving when it comes to allowing the copying of data...
The responsible thing would have never put the rootkit on the disks to begin with.......
Piracy is bad, but so is getting rooted...
Where is the middle ground? Id like to find it and sit there.
Jeez.....
"How many burns are you allowed of a movie? None. How many of a videogame? None. You get the idea. Even the CDs with content protection allow consumers to burn 3 copies or so for personal use. The idea is not to inhibit personal use, but to allow personal use but discourage (not prevent, you can never prevent) copying well beyond personal use."
Actualy it was my understanding the Supreme Court put this issue to rest about 8 years ago. We are entitled to one (1) archival copy of our media. I'm not aware of this having changed in the last few years. I guess I shouldn't be surprised they are saying this. It's a different world they live in.
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
Why does the president of the RIAA feel compelled to make an ass out of himself? The RIAA is doing some stuff I can perfectly understand, up to suing teenagers and their parents, because the RIAA believe these teenagers to be involved in copyright infringement.
However, stepping up to defend one company's abuses, and stabbing at software projects that "merely put a patch online" just makes him lose credibility. Now, the RIAA is rapidly going from the desperate copyright guard dog to the evil money grabbing oppressor that many people already view them as.
Hey, maybe Sherman is actually on the people's side? Trying to kill the RIAA from the inside?
Please correct me if I got my facts wrong.
Last time it was a felt-tip pen, this time it's gaffer tape. I bet a pen will work just as well.
To quote Gartner in one the playfuls.com link:
"After more than five years of trying, the recording industry has not yet demonstrated a workable DRM scheme for music CDs. Gartner believes that it will never achieve this goal as long as CDs must be playable by stand-alone CD players."
Let's call this one the disable-the-data-track-hole.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I totally agree with dada21. The time has come for the RIAA.
They are obsolete and are trying desperately to stay in control in an age where technology has outpaced them. Its either time for them to disband completely or change with the times. If they continue on their current course something similar or worse than the Sony/BMG Rootkit fiasco is destined to occur, and it may spell the end of the RIAA right then and their.
Or, iTunes and Napster could just put them out of business and artists and bands will publish their own music online or via their own privately owned studios. The Internet gives all of that freedom, but the RIAA just doen't get it yet and probably never will. Its sad really.
Michael "TheZorch" Haney
thezorch@gmail.com
http://thezorch.googlepages.com/home
How can DRM be set back when it's never got off the ground in the first place? As far as I am aware there is yet to be a single form of DRM that has even come close to forcing the use of recording of the output signal(s) in order to make a copy of a digital media file. Even Gartner is apparently now saying that DRM is a waste of time and predicting that the studios will abandon the idea in favour of enforced DRM controls in the hardware. Personally, I doubt that is going to work out any better given the totally ineffective DVD region coding scheme, but there does seem to be a sharp increase in lobbying going on, so maybe Gartner is on the right track.
UNIX? They're not even circumcised! Savages!
Birds with similiar plummage are rumored to travel in like groups.
It's too late for Sony. I will never buy any product from them again! That those profits to the bank.
Arguably, Sherman is right
No, he and the others want to pretend that Fair Use doesn't exist. I pray for the day when they all get smacked royally for violating our rights.
"there is nothing unusual about technology being used to protect intellectual property."
That's Darth Sherman to you.
Fear is the enemy; the one true enemy. {Sun Tzu-The Art of War}
Who died and gave the RIAA supreme Legislative and Judicial control in this country. Sometimes I think this group just has a serious pair that someone needs to walk up and slam a bat between
MY GOD, they are using the Jedi mind trick on us! "This is not the Sony exploit you are looking for... it can go on about it's business of destabalizing your system's security. Move along now... Move along"
"Help me Obi-/.-Kenobi,your my only hope!" -$
and saw... "Its all coming back to me" as he wizzes into the wind. Yes, software has vulnerabilities, some create vulnerabilities, but most of the time you voluntarily and knowingly install this software onto your system, or it rides along with software that you downloaded because you didn't feel like buying an equivalent piece of software in the store. Norton anti-virus also picks up some of these ride-along software now. When i buy a piece of software from a store from a reputedly good software maker, i do so with the understanding that the piece of software i install is listed on the front of the box. Sony's problem is that they pulled some bs that you would expect from some seedy company hoking your privacy for an mp3 encoder or something. If i buy quicktime full version, i expect to only have quicktime and only quicktime install on my system. If i play a music cd, i expect there to be music and only music on that cd. Sony did wrong, while they may not be legally punished for it, they violated the unwritten contracts between paying customers and software companies. (Yes, when you buy a sony bmg music cd, you're buying a piece of software that plays music, you can pop a mechwarrior 3 cd into a cd player and listen to the in game soundtrack, so software can have music tracks too). This unwritten agreement is that if i pay for your software, you'll keep your protection schemes from messing with my computer and it will only kick in when i use your program. If you fire up a game with safedisk vX on it, the cd copy protection only kicks in at that time, not before, and not after you close the game. If you fire up photoshop cs2, the keyvalidation happens once during install and it only checks that your key remains valid according to the hardware specs of your system. The only memory resident program is a gamma loader which doesn't break anything if you shut it down/keep it off. Yes sony screwed up, yes they should be rebuked, and yes, this is the predictable responce to the RIAA's more and more vigilante style tactics. Some day i can see them riding into town and tarring and feathering people who fileshare.
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
Got Milk...er Root, ummmm
My favorite part of it all is that it was stated by the Gartner group that the entire "protection scheme" can be defeated with a small piece of scotch tape placed on the outer track. Yay, low tech hacks for poorly implemented DRM... I mean come on.
Plus the fact that there was stolen open source code, I think adds up to the fact that Sony "did something wrong." Who the fuck made the RIAA so powerful? I mean seriously, they've positioned themselves as the be all end all... and for some reason we let them become so powerful a force. I think work needs to be done to clip their wings to keep them from becoming even more far reaching and powerful... EEF? Anyone? Buehler?
http://teasphere.wordpress.com - A little spot of tea
The record companies spend a lot of money in producing a protection mechanism that costs a lot of money, prevents some users from playing the discs, and ends up causing severely bad PR for them... And the real beauty is - their DRM doesn't work!
Sure, it may prevent some people from ripping songs from the CD, but anyone who wants to will manage to do get a copy. They'll find software that will do what they want, or if they're completely stuck, they'll just download it from someone who has managed. Professional pirates will be able to make a copy anyway (with or without DRM). Several applications will work in Windows. A lot of the people with the technical ability to know how to rip a CD will turn off autoplay anyway.
I wonder if Sony, or any of the music cartel have actually done any research at all on how effective their technology is at its purpose? Or rather how effective their technology is at increasing sales, which is, after all, what they actually want.
Just because the RIAA comes out and makes the argument that they have been more responsible than some others in handling this, doesn't mean I'm suddenly all warm and fuzzy about Sony.
I have railed and fussed about Microsoft for year, but this mishandling of DRM, going against codified law in the US regarding 'fair use', their foot-dragging on Blu-Ray, and their desire to totally dominate my home entertainment, makes them far worse than Microsoft in my eyes, and I'm not a big fan of the MS lifestyle.
What the RIAA and the record companies don't get is that the more CHOICE we have, the less we're likely put up with the bull from anyone. Most people put up with software errors because they don't know they have options. They are not willing to put up with music creating software errors, because they can always buy music elsewhere.
As for me, I have a great Sony Discman I bought years ago. That's probably the last Sony product I will buy unless they really learn to change their minds. Sony has become a dishonourable company.
Granted, of course, if the RIAA came out supporting Linux, I'd be tempted to switch to BSD, too.
Linux - because it doesn't leave that Steve Ballmer aftertaste.
The only thing they did wrong was breaking the 11th commandment.
Thou shall not get caught!
If a square is really a rhombus, why aren't all triangles purple?
Given that:
1) The Sony rootkit contains pirated open source code, and
2) The RIAA finds nothing wrong about the Sony rootkit
It follows that RIAA does not consider the piracy of copyrighted material wrong... Well, I'm off to go copy a few CDs, with the cartel's blessing this time.
"how many times that software applications created the same problem?"
How many times have software applications that were installed on my machine without my knowledge created the same problem? How many times have software applications that were impossible to uninstall from my system created the same problem?
The only instance I can think of are other root kits and spyware, and I do my best to keep my system free of those criminal pieces of software as well.
The problem with Sony BMG's software is not the defect, it's the underhanded way it is delivered to a computer to begin with. Sony BMG has no right to install software on my computer without my knowledge. When inserting a music CD into my computer, there is no expectation that software will be installed. Sony's software SHOULD pop up a big "I'm about to install this software on your machine" dialog, with a big "OK" and "CANCEL" button, like other comercial software from respectable companies.
We appreciate you as a customer, and want to do anything to make your shopping experince the very best!
However, because of a recent wave of shoplifting, everyone buying a product will have to shoot themselves in the foot with this here shotgun.
Thank you for your patience!
ps. If you shoplift, we'll prosecute your 14yo daughter, and fine her $250.000. Thank you!
Blog -
Sure, most of the schemes do not affect ripping on my platform(Linux), but I am unwilling to support a distribution method that unfairly restricts basic fair use. So whenever I see a CD that I would like to purchase but its copy protected, I make sure to give it a 1-start review on amazon stating the reasons why I wont purchase it. Its quite simple, if enough people refuse to buy copy protected content and make it publicly known, the industry will be forced to release real CD's.
No, but they do have auto-run on for everything, because turning it off requires editing the registry
FALSE
(Windows XP) Go to My Computer. Right click the CD-ROM drive, hit properties. Click the AutoPlay tab, and select "Take no action" or if you prefer "Prompt me each time to choose an action" to get a nice pop-up window asking what you want to do. No regedit required at all.
-everphilski-
so basically i can write a virus, infect millions of PCs and just claim that I am protecting my IP?
i just have to make up some makeshift software or music or anything i can electronically ditribute and circumvent any anti virus law?
wow
Just what is being sold here? Music, with a 3,000 word EULA -- or software? I think what has been created is an entirely new category of product.
And I, for one, feel this new product is being sold under deceptive marketing practices that have it masquerading as be a product it's not. It pretends to be a regular music CD, with only fine print informing you otherwise. This deserves full investigation by all regulatory authorities with appropriate punishments doled out. In addition. these CDs should be sold in an entirely different section of any store from regular music discs.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
"Hey, I know we were found in your house in the middle of the night after breaking in a window, but we've cleaned up the mess and put in a new pane of glass. Aren't we responsible"?
Now, if only the non-technical people could see this....
Cary is right. This stuff was out there, working (in a broken, insecure) way for about 2 years. Windows has been out there, working (in an somewhat insecure way) for longer. The same for sshd and a bunch of other programs.
Where were the security experts who help to protect the millions of windows machines?
Well, at first I was figuring they somehow were asleep at the switch, but then I thought -- OK, if they run OpenBSD, OSX or Linux, perhaps they just didn't notice that there was a giant rootkit running on their machine.
If I was a security researcher who runs windows on my desktop, I'd be thinking, "back to the drawing boards."
And I guess this is a good reason to run some freaky os like Zeta -- the rootkit just isn't going to work, unless you are running some sort of emulation software to emulate a PC.
http://www.thebricktestament.com/the_law/when_to_
"And for generations, students have spent their hard-earned dollars on the music they love in the local college record store. How many of those stores are left now? Makes you realize just what the impact of illegal downloading can be, and why we've taken the actions we have."
0 -cd-settlement_x.htm
First of all, hard-earned is questionable. I know plenty of college students who never worked before or during college, so maybe he should quantify the statement by adding 'parents' hard-earned money. Also, it would be about one generation that has even dealt with this issue, not 'generations' as if file-sharing was something people did back in the Bronze Age.
Second of all, I highly doubt these college 'record' stores closed because of illegal filesharing, more likely they closed due to big-box retailers offering CDs at highly-discounted rates, thereby making money by overall volume of sales, not individual purchases.
Third of all, it doesn't make me realize anything, except that the music industry are hypocrites for having settle a lawsuit for price-fixing/gouging in 2002 and then claim they are losing money now. Was that price-gouged projected earnings, or actual earnings they are losing? This only leads me to believe that the music recording industry is a very greed-driven industry and they probably don't really care about the low-volume 'college record stores' anyway.
Read more here: http://www.usatoday.com/life/music/news/2002-09-3
He who knows best knows how little he knows. - Thomas Jefferson
Sherman says:
> You can't simply make an extra copy of a Microsoft operating system, or virtually any other commercially-released software program for that matter.
which is really interesting. Last time I checked it was trivial to make a copy of the Windows XP installation CD. Heck, you can even download a trial version.
Activation is of course a different matter. It is new with XP, and it is a major pain in the ***. But I guess for an OS it is acceptable, especially if you also receive free security updates. Registering every single CD before playing would be fun, hm?
You would think that the music business would learn by now, but apparently they are pretty slow learners. They are using an old fashioned antiquated system of delivering their product that has no means of protection built in. To take a line from Alan Iverson "CD's??, we talkin' about CDs?" Who the h*ll still wants music on purchased CD's. Hey Music Men please try and keep up. CD's are dead. How may people still listen to a CD they bought? Maybe some but most people use a portable music player like the ipods. Or if they do use a cd then its one that they created with a playlist of the songs they most like to hear. The music industry is so scared of all the different ways that people like to listen to their music because they have not found a way to give us this flexibility themselves. Their answer? Try to make us stay in their little box that they can control. Pathetic, unimaginative, and just plan old dumb that is the biggest problem with the music industry. Hey Record Labels, you're loosing business because you are stupid and lazy not because people are ripping you off. Give your consumers the music they want how they want it and they will pay for it. Make them come up with their own ways of getting the music in the format they want and you'll feel threatened. Get creative on distribution not on restriction and you'll have a much more loyal customer base.
By the RIAA logic, folks who engage in file sharing are also doing nothing wrong. After all, they are not distributing for a fee, no physical property is stolen, and many users are unaware that most artists only receive a very, very tiny percentage of each CD or tape sale (usually $.30 or less per unit). So, because the average Joe is REALLY hurting the average artist with each MP3 download, but doing so UNKNOWINGLY, due to his misguided idea that the artist is getting $11 out of each $17 CD sold, then of course the average Joe is innocent of wrongdoing.
Hey if that kind of logic (feigned ignorance) works for the RIAA, it ought to work for file sharers as well.
This is why unless a REALLY compelling release comes out (e.g., Pink Floyd, Weird Al) I don't buy RIAA material - not even from so-called "independent" labes which are really just shell companies owned by RIAA labels. Heck, I haven't even bought Roger Waters' "Ca Ira" because it is a Sony/BMG release in the states. Instead, I am looking for an overseas source for it - legit or otherwise, and I emailed Sony as such.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Sony has been saying they did nothing wrong all along so it's not a surprise to hear the RIAA chime in. So others do it too, does that mean a burglar should get off because others have broken into your home? Protect their content, they are entitled to that, but not at the expense of our data.
This is another of the RIAA's great stabs at PR by pouring gasoline on a fire.
Makes you wonder of any of their people went to business school.
*coughbullshitcough*
Unauthorized installation of software.
Deliberate introduction of software that creates security vulnerabilities.
Unauthorized alterations to system function (namely, disabling the CD drive) if the DRM software is removed.
Is it any wonder that their CDs are now banned from most workplace computers, have been criticized as 'a threat to Homeland Security' by the DHS, and are facing multiple class actuion lawsuits?
I'd say Sherman has his head up his ass if he considers this the result of Sony "not doing anything wrong".
Patrolling ftw
What Sony did wasn't responsible, it was, in fact, a crime in many areas. Call and report it to your local police department.
On the civil side, you don't have to wait for the class action lawsuits against Sony BMG Music Entertainment and First 4 Internet to wind their way through the courts -- you can sue on your own in Small Claims Court. For a useful guide to get you started, visit SonySuit.com.
-- Mark Lyon http://www.marklyon.org
The RIAA's total arrogance is a blatant slap in the face for consumers.
We all need to unite and vote with our wallets because they've made it obvious that the ONLY thing they respect is the almighty dollar. They certainly don't respect OUR rights.
Please everyone, make a New Year's Resolution to NEVER buy another Sony CD.
By attempting to take over computers with their rootkit, the anti-American, Fascist Sony leadership has committed electronic terrorism against the United States! Therefore, all members of their organization (Al-RIAA) should go directly to Guantanamo Bay, do not pass court, do not collect any more royalties!
(Okay, so I'm only half-serious -- but hey! It could happen, given that we've done it to others for less!)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
However, I doubt that Sony would have clearly indicated the presence of the rootkit.
... which I think is not especially legal.
... anymore than purposefully hiding a virus in a piece of software is a "bug" or "accidental vulnerability." In both cases, (CD with rootkit or software with malicious virus) the person distributing the damaging product should be held liable.
No "doubt" is needed. We know what they did. They created a piece of hidden software that would automatically break into users computer's, and install unauthorized software. At no point did a user even have a chance to read a EULA or to understand the implications of what was being installed, since the entire process was being hidden. This sounds suspiciously similar to "computer hacking"
If Sony clearly indicated that they were installing a rootkit on the users' systems, than I think indeed they did nothing wrong.
No, if Sony had not installed rootkits on people's computers, then they would have done nothing wrong. Alas, they installed rootkits on computers, without consent. Furthermore, I'm not convinced that explaining in the EULA "we're going to install a rootkit" would even be legal. The company installing a rootkit should still be liable for damages due to negligence, and users can also (very legitimately) claim that they didn't fully understand how bad/vulnerable a rootkit is.
Frankly, the fact that Sony recalled the CDs and is offering free replacements is fine... but the class-action lawsuit against Sony should be continued. Why? Well the average user (who knows nothing about computers) won't know how to check their machine or remove the rootkit, etc. They will have to hire someone more knowledgeable to do so. So really anyone who bought a Sony CD recently should be given enough money to cover the cost of a computer technician checking their machine. Sony should compensate the end-users at least to that extent, in order to actually undo what they've done.
The comparison to other software is absurd. When I download and run some piece of software, I know I'm taking risks that the software might be buggy. When I play a music CD, I take the risk that the CD might not sound great. However, if a company willfully installs vulnerable software on my computer without my consent, that's not the same as a "bug" or "accidental vulnerability"
I've talked to some of my friends who would are not part of the /. crowd. None of them had any idea that Sony cds have a security flaw that can affect their computers. One of them actually had the rootkit on their computer from when they put their CD into iTunes.
So while Mr. Sherman may praise Sony for doing such a much more than software companies I think Sony needs to do even more. A higher percentage of people using software expect to need to download updates for their computer than percentage of people using CDs. Then there is the whole debate going on in court of whether Sony distributed illegal software...
Loading software that can aid others in hiding nefarious programs (I know, just 1 small part of what the rootkit accomplishes) is sort of like...
I wanted to protect the money I deposited in my bank account by breaking in and taking my money from the bank's safe.
In both cases, there are side effects that should be frowned upon by law enforcement agencies.
Breaking/damaging the computer that the root kit is loaded on and weakening the security of the internet vs. damaging the safe and building in which the money is stored in.
I have a bumber sticker in my cubicle that says
Bank Robbers get something you can't pay for, money itself.
Most shoplifters steal stuff for one of three reasons: A) because they're too embarassed/unable to buy it (pr0n, Prep H), B) because they're sociopaths and enjoy it/are compelled to do it, or C) because they plan on making money reselling it.
Only A) might apply in the case of downloaders. Very few shoplifters steal stuff because they have an culturally different notion of property than that of the owner.
Now, if he'd used burglary in the Third World, that analogy may have made sense.
"If we're rich European businessmen, in some SE Asian country to oversee our sweatshop operations, the impoverished masses are going to think that they have some right to the wads of cash we make off of their labor. Does that mean we should simply give up and allow people to take it?"
See, that analogy would fly.
It has already been reported that the anti-virus companys helped create the rootkit. The anti-virus companys were paid to protect their customer from these things. Can you ever trust them again? Is it worth paying them an annual fee when all they are doing is keeping out people that do not pay them off! MS may become the biggest loser as governments realize the Windows OS has this bigger then Everest hole in it. As they wake up they may realize they need another solution and FAST! Governments deal in billions of dollars, surely they have the expertise to review the code of FOSS to determine if there are back doors. So when you are protecting the keys to the kingdom who do you choose?
Gizmos Gagets For Ninjas
"Oh Kent, I'd be lying if I said my men weren't committing crimes."
"Touche"
I was thinking about this the other day, we need a DJ P2P network. Where radio can play and rate any music on it. Music should have a tag pointing to the band's website where CDs / merchandise can be sold directly benefitting the band.
Cost of entry for a new band would be minimal, just upload your song(s) and convince a DJ to check it out and rate it. Which isn't that hard, most of them are pretty sick of hearing the same old crap 15 times a day. This already happens with tapes but tapes aren't easy to distribute, whereas with this, distribution is automatic (as long as the DJ liked it and others check out the particular DJ's new song list).
I am not in anyway affiliated with Max Cannon
There has been a lot of backlash from the Sony blunder, and I think the backlash will continue because there's a relatively low speed of propogation from the techies to the non-techies, but it's there. I tell people all the time about the Sony rootkit who have no idea what a rootkit is - let alone that Sony had put one out. Without fail they are interested in learning the basics of a rootkit (allows programs to hide on your computer by corrupting the OS) and without fail they are angered by what Sony did.
So now to have the RIAA come out and say "me too!". Nothing could be better. There's a lot of anger coming Sony's way, and I'm glad to have the RIAA volunteer for their fair share. First community-minded thing they've ever done.
-stormin
The Southern Baptist Convention has creationism. On Slashdot, we have porn.
Does XCP (DRM) run on Wine?
I'm not willing to buy that Celine Dione record just to get a hold of the DRM software on it. Another thought worth noting, is how the DRM software loads; is it a viral, embedded application in the Compact Disc music format, to quietly run the moment a Microsoft Win API media player interprets the music format of the Compact Disc, or is it executed with an "AUTORUN" file and referenced as a file itself? Thanks everybody.
without prejudice
Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!
What if the unnamed programmer who coded this rootkit made it unsafe "on purpose", in order to convince the public that DRM mesures are unsafe and dangerous? It's really unlikely, but if it were to be true, man that guy was really brilliant, no?
There are millions of songs downloaded from the internet for free on a daily basis. It happens all the time! It's not unusual, so must be there's nothing wrong with it. I'll go back to being a scurvy pirate now. Yarg.
However I'd like to see the RIAA's feedback on the (at least alleged) LGPL violation by Sony in this. Would the RIAA (MPAA, BSA, etc.) encourage companies to practice what they preach? As posted previously on Slashdot there was a potential LGPL violation. My suspicion would be that the RIAA takes a "no comment" stance, hehehe....
...in bed
The thing that intrigues me is the RIAA has the nerve to support this action when Sony clearly suggested (not in a press release but in recalls) they made a mistake. This shows the RIAA does not care about their PR. It seems to me the RIAA views us as consumers who will buy their product at any cost, regardless of how they treat us. Like suggested before, they have a monopoly at hand. I'm hoping in the future that some of the consumers can conform to suggest reasonable methods of distribution and rights to combat the RIAA's evil actions. If not I think the RIAA will keep on pushing for complete control over digital distribution and rights.
I'm sick and tired of the MPAA/RIAA saying they can do ANYTHING they want with DRM! It's MY computer, NOT theirs. They MAY NOT do stuff to my system without my consent!
"" According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem?".
The difference is that an application give the end user some benefit. This one limits the end users ability to control their own computer. Also an application can only make your system vulnerable while it is running. This root kit gets installed as a service I believe so it is running all the time.
Finally an Application can be uninsulated.
Nope Sony screwed up and we are made as hell. I am not going to buy any CDs from Sony for a while and if I feel the need too I will ripe them on my Linux box first and make new clean CDs ASAP.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
In other news, Satan says murder is fun!
Sherman: "Sony, good job on the root-kit idea, too bad you got caught" ... /cry /moan oooh we are all so pooor plz stop downloading or we sue u!"
Sherman: "Oh yea and
What the PC world needs is a CD driver that comes up and says:
Multi-session disc inserted.
2 sessions detected.
Select session to use (cr for newest): __
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Comment removed based on user account deletion
Did you all see today's FoxTrot? It appears that existence of Sony's rootkit is becoming more and more mainstream.m ics/20051121/cx_ft_uc/ft20051121
http://news.yahoo.com/news?tmpl=story&u=/uclickco
The thing thats REALLY bad is that the software installs on your system (disabled) even if you DON'T say "yes" to the EULA.
I'm really hoping that lawsuits brought up with this stuff brings the whole "I can put anything I want into an EULA and it's binding" mantra we hear from certain software and content providers.
To pass this off as a bug "of which they were unaware" is horribly inaccurate.
The software hides itself -- by design, not as a bug.
The software makes itself difficult to remove -- by design, not as a bug.
The software places itself in fundamental system areas, like accessing the CD, compromising those areas -- by design, not as a bug.
No, the problem isn't a bug. The problem is a company thinking they have the right to get into places on my system that they have no business being, and then hiding to make it difficult to clean.
A common component of all anti-spyware legislation and attempts that I'm aware of is that everything has to include a reasonable and effective uninstall procedure, that clears out the software. Sony didn't have this -- again by design.
Furthermore, the "vulnerability" in this program that SONY was "unaware of" is not a typical software bug that developers might be reasonably unaware of. This software is specifically designed to hide any file starting with the $sys$ prefix! The idea that the creators of this software are "unaware" of something they specifically designed this program to do is almost as insane as the fallacy above.
Whats worse, the uninstaller is designed to break security too! If you are putting a remotely accessible ActiveX control on a machine, which has a function called "ExecuteCode," you're allowing any web page to "ExecuteCode" on that machine. This isn't a vulnerability, its a bad design, and the design is so obviously bad that it is impossible to be sympathetic.
If you are savvy enough about computers to be designing DRM software in the first place then obviously you would know that these things are problems!
Causal fallacy.
It's not like he doesn't know it, but why bother building proper arguments when you can get away with absolute b*llshit and still be quoted as a respectable source? I couldn't finish reading the whole article, and to compare file-sharers to bank robbers and shoplifters was just insulting.
Cary Sherman: Obviously, anyone who has stopped downloading (or uploading) illegally will not get sued.
Thank you, Cary Sherman, for your infinite compassion towards us petty thieves, we are not worthy of such.
A high-placed source at Sony BMG has emailed me with some interesting information about the ongoing rootkit DRM fiasco. My source says,
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I believe you mean "Gogo Gadget poor implementations."
Yet another reason to go to Digg.com; correct Inspector Gadget quotes.
Just kidding.
---
WARNING:Slashdot karma not redeemable in the afterlife.
In explaining this case to a friend I came up with an analogy that I think does a good job of expressing the issues. Imagine, if you will, that you purchased a new coffee mug that came with a warmer that could be plugged into either a wall socket or a USB port and would keep your coffee warm while you worked. Now imagine the company that sold the coffee mag+warmers was run by a very paranoid person who feared that people might copy his patented coffee mug warmer and illegally sell knock offs. So, in addition to drawing power from the USB, if it was plugged into a computer the coffee mug warmer would silently install a back door on your computer, search your hard drive for schematics that looked similar to those of the coffee mug, and connected to the internet an uploaded your personal information to a server run by the coffee mug company. Further imagine that the software used techniques to hide from the user and the OS and conceal this fact. Now, just to add some spice, image that the software was found to both have a serious security vulnerability and to contain code that was infringing upon someone else's copyright.
Sony is selling discs intentionally designed to trick users into thinking they are CDs, when in fact they are not CDs, they are devices that act like CDs enough so that the user does not notice that they are something else, while silently trying to hack that user's computer. Hopefully, the individuals involved will face criminal charges for their actions.
He's right. But those applications are usually called 'viruses,' 'trojans,' or 'worms,' and their authors face jail time when they're caught.
Never shake hands with a man you meet in a fertility clinic.
"... when the president does it, that means that it is not illegal."
The RIAA - Now More Than Ever!
--- Attorneys Assisting Citizen-Soldiers & Families -
Maybe it's just a coincidence, but I just blogged earlier this morning that they should be compensating users financially for the trouble they have caused. And/or face some criminal liability.
Seems like the only way to rid yourself of their blunder is to wipe and reinstall windows. IMHO users should be compensated for that.
There's absolutely no way that Sony didn't realize the risks associated with using a rootkit. It's been covered here before (among many other places, typically regarding spyware). So we can safely say they knew what risk existed.
They were just hoping everyone was to dumb to realize what they were doing.
Am I bias or just looking to attack Sony? No, definately not. I didn't get this garbage, heck I'm not even a real music fan, so the whole thing is a null as far as I'm concerned. To be honest, I like Sony hardware. So I'm not a anti-sony jerk taking advantage.
I just know I hate reformatting my computer because windows got screwed up, and I know what I'm doing and can do it quickly. There's quite a few people out there with this garbage installed on their computer... and some don't even realize what's going on.
Come on Sony... open up your wallets and compensate them for your blunder. You knew what you were doing was wrong. You did it anyway. Now compensate. If it were up to me, your execs would be in jail for a year or two for hacking, since that's effectively what you did.
I really don't want Sony to get off free here. Just think about what the next one is going to try and get away with. Just wait until version 2.0 includes a keylogger to ensure you don't transcribe the lyrics.
Come on Feds... don't back down.
The purpose of DRM is to prevent the customer's computer from functioning properly, and obeying the commands of the computer owner. Thus DRM is inevitably a security violation. Or in the words the RIAA might use, DRM is theft--of the computing resources of another person.
So as long as Sony apologised then everything is ok? So when we catch the next hacker that installs a rootkit, we can let them go secure in the knowledge that they have apologised!
I've not heard a more truthful analogy in ages.
Comment removed based on user account deletion
Comment removed based on user account deletion
With its rootkit Sony is clearly in violation of existing law and someone in Sherman's position should know that. If it was not Sony but some teenager he would be sitting in jail now.
Dear RIAA:
Your rootkit has stolen my:
- Computer safety. Imagine you suddenly find your door locks disappeared and everyone could enter.
- Electricity. Your rootkit consumes CPU usage I *never* agreed on giving you.
- bandwidth. Because of your rootkit, I can't allocate 100% of my communication channels for my teleconferences.
- sleep. I don't know if I'll be called by the FBI because some hacker used your rootkit to commit illegal acts using my computer.
In other words, you're stealing my MONEY, you **tards!
Sincerely,
disappointed customer.
Let alone the fact that calling it a "defect" is a blatant lie, because the thing everyone's complaining about is what the rootkit was designed to do! No, the only thing "defective" (from their perspective) about their rootkit was that they got caught
The management Sony-BMG and the RIAA are all a bunch of criminals, who have committed crimes far worse than any copyright infringers could ever could. They shouldn't be holding press conferences; they should be in prison!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
So, the official stance of the RIAA is that they have the right to infect peoples computers with rootkits.
And the software only phones home in order to download a service pack to fix the vulnerabilities discovered after release. This is all for your protection, Winslow.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Great comment! The loophole, though, is that they said "nothing unusual," not "nothing wrong."
In other words, they know it's wrong, but think it's standard practice. Kinda like we know it's wrong to download music we haven't bought, but it's standard practice.
However, that is not really the issue which Sony is attempting to defend. Sony is attempting to defend an action which essentially transfers ownership of _your_ computer to itself. And it is that which prompted the legal slap, and rightly so, for what it's worth.
The fact that Sony seems to be unable to learn that lesson is another issue, and apparently one's only recourse seems to be to boycott their recordings. In my case, that seems incredibly easy to do, since I own a vanishingly small number of them.
Just got a press release in our newsroom that the Texas Attorney General Greg Abbott is suing Sony BMG.
Full release can be found at http://www.oag.state.tx.us/oagnews/
Don't mess with Texas.
Crap. I guess that ploy would only work if I sent people a CD of something they'd actually want to play.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Just to touch on the subject of the RIAA and the true theft that occurs...
If you do the research you will find out that a band's first contract (and sometimes their ONLY contract) is NOT designed to give them any say. Remember Hootie and the Blowfish? Their debut album (Cracked Rear View) grossed over 12 million copies. Do you know how many of those 12 million their label gave away to record clubs like BMG or Columbia House (you know the buy 1 get 12 free deals)? 4 million. That is 4 million albums that they will NOT get paid for, and guess what else? It was written into their contract and they had NO say about it. This hasn't happened to them only either. This type of clause is in 98% of new band contracts. The same thing goes for promotional discs sent to record stations. The bands pay for those (and everything else including, studio time, music videos, producer's fees, mixing fees, mastering fees) out of the advance they receive from the label, but they don't get paid for the promotional copies. They have to eat the cost, and hope they can make it up somewhere else, like touring or merchandising. Furthermore, remember that the band doesn't begin to make ANY money until every dime of their advance from the record label is paid back.
The ONLY way that you begin to have any say in your contract negotiations is if you have 2 or 3 really successful albums. Only then can you begin to negotiate your contracts. Do you think a band like Green Day was able to get a really great contract when they first signed up? NO, they didn't. However, after 10+ years and more than a few platinum albums, they now have negotiating power, but most labels aren't looking that far in to the future. As far as they are concerned, most artists have a shelf life of about 3-4 years and then they are old news (just look at Britney, Christina, and Creed if you want some examples).
Remember Record Labels are nothing more than banks. They will stand there with the money and the contract, waiting to see which of the new artists will wade through the river of crap and emerge from the crap with a pen, just waiting to sign. If you don't want to sign the contract, they aren't going to beg you because they know there are others that are willing to do it, if you don't.
I have nothing clever to put here...
Hey, FBI, there's still time.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Music CD's were not intended to contain computer progams. Does your CD player execute windows programs? So how is this the same as a software vendor installing software onto your computer? Music is not Software and there is no implicit agreement that programs will be added to your PC when you play a redbook music cd.
That is the inherent problem with their argument. Its apples to oranges. Games install copy protection, but a game is designed to run on the PC.
This is very much like buying a book, a medium which stores the written word and is replayed by your eyes and brain, and the pages are laced with an invisible substance that is absorbed into your skin and prevents you from repeating the story. A computer is an extension of your brain, and illegally installing protection software and hiding it very much like illegally drugging someone to force them to do your bidding.
Comment removed based on user account deletion
the President of the US claims that he did NOT lie to the world, manipulate intelligence on WMD to sucker Congress into authorizing the use of force, send US soldiers to die in a country with no plan for winning the peace (let alone a plan to bring them home), appoint the man who penned the policy condoning torture Attorney General, or reveal the identity of an undercover CIA officer as political payback against Ambassador Wilson for revealing the truth. Nor are the Vice President's ties to Halliburton in any way related to the excessive contracts granted and paid for services not performed.
Nor did a member of his party call (which, with a few, notable exceptions seems to lack them) a decorated combat veteran a coward on the floor of the House last week. Nor did they try to label Max Cleland (a decorated, disabled combat veteran) unpatriotic for questioning the administration's policies.
And I believe him. Time to check under my pillow: the Tooth Fairy may have left me a dollar.
Using technology to protect copyright is one thing, however Sony's software installed itself without asking, did not uninstall cleanly, and violated copyrights itself. Unauthorized access to a computer is a violation of US federal statutes, as is copyright violation. And if Sony knew that the rootkit broke Microsoft's pitiful
security model, or if they failed to exercise due diligence in this matter, they could be civilly liable under implied warantees of merchantibility. An example of an implied warantee would be if you bought gasoline from a station that ruined your car engine.
Well, I don't really think that the ILoveYou virus was any serious because I WASN'T INFECTED. I wonder what would the RIAA say if their computers were breached because of the rootkit. Just imagine the irony of downloading songs directly from the RIAA because they were infected with a rootkit virus... Sweet...
"I see undead people" Warcraft III - Necromancer
After the Sony Rootkit incident, I'd sooner get a tattoo from Tijuana roadside vendor (using a "refurbished" needle) than buy music on a CD.
Just avoid RIAA related cd's using http://www.magnetbox.com/riaa/
Can someone please throw a bomb through this guy's window? We don't need people like him wasting precious air and living space on this planet.
He has a point...Traditionally software isn't pulled off the shelves when a security flaw is found in it. Imagine Windows being pulled off the shelf once a month... Nevermind...I forgot that people bought music from Sony and not software ;)
And his comment about the patch on the internet? Sony would look MUCH better by now, if they actually had posted a real patch for this problem aka as a clean uninstaller!
That this is turning off music buyers is a growing story. It also points to their envisioned future.
If they want to be selling music they need to get their act together. Both Sony and EMI's stupid DRM fail to work with the leading portable music player, the IPod. Get it yet? Even if this shit had "worked" and not actually hosed the user's system, it would still be a "broken" CD because it does not do what customers want it to - transfer to a portable music player.
I suppose they can grunt and say, "What's the problem? Jus go use deh Itunes or WMP." Well, well, well where does that leave brick and mortar retailers? Out of luck, that's where. Nothing new there. Given their policy of RIAA only or no RIAA at all and other crappy anti-competitive practices of old, they have always hated retailers because they have an inherent loyalty to the actual music fan.
Oh yeah, they hate their artists too and I would not buy stock in any of them. That means they hate everyone.
Friends don't help friends install M$ junk.
Ok RIAA, you just confirmed the idea that you have of your customers: a stupid mass of people with money to spend, and that can be cheated, tricked, lied to, and fed with reashes and repacks and "new versions" of things they already own. On the other hand, the "stupid mass" can be sued, terrorized and bullied if they start to drift from the path that *you* think it's right... Afterall, "people don't even know what a rootkit is, why should they care?".
This things really make me angry because this sort of behaviour torward the *customers* should get the attention of the government and the companie(s) responsible for such actions should have a really heavy punishment (yes, punishment). Imagine if the food industry started to quietly insert some sort of "tag" into the food so that when we eat something that we grown in our backyard, we get awfully sick...
By the way, I would like to see legally how does it compare a copyright violation (for example ripping a CD or using P2P) with some other crimes... My guess is that copying a bunch of stupid CDs is getting too much importante in the eyes of the law...
And yeah, yeah, I know that legally "copying is theft", "it's the same as stealling a car" and all that, but let me remind you that freedom of speech and associaton was a crime in many countries too (usually during ditatorships) and that even if something is legally a crime, well, it doesn't make that automatically "right" or "aceptable". Laws are made by human beings wich are (gasp!) prone to errors, corruption and weakesses, as any other human being. If the law says something and we don't agree, maybe it's time to *change the law*, or at least voice our opinions.
how many times that software applications created the same problem?
Yeah, that shareware side scroller I wrote - it accidentally installs a rootkit, violates the DMCA and copyright, and breaks your CDROM drive. Ooops.
..for someone to bring a lawsuit against Sony under the DMCA for circumventing Windows security or something. Surely the DMCA is ambiguously worded enough to allow for this? :)
I don't plan on buying _any_ Sony products until after Christmas.
Sony doesn't care about what people think only about if people buy their products. If we don't make a measurable dent on the pocket book for a couple weeks then they'll just go back to installing spyware on all their CDs.
I hope a lot of other people decide to do the same thing.
I think Sony obviously knew that what they were doing was wrong, otherwise they wouldn't have gone to such lengths to hide it. If you have to hide something from your customers, chances are it's at least unethical, if not illegal.
Five Dolla Moddy-Moddy?
I suppose the problem is going to be that all cartels fall in time, and in every case the role played by the market is going to be open to debate.
Anyway, I'm curious as to whether you cite any examples.
Don't let THEM immanentize the Eschaton!
First let's take a look at the claim that Sony was merely trying to add a layer of protection to their IP by using XCP and weren't aware of the potential security flaws.
For starters, if they just wanted to encrypt their data or have a program running in the background that prevented the user from opening a certain application, this is all possible with XCP. In fact, the only reason to use XCP is to bypass the built-in security measures that your computer should have immutably enabled and functioning. That is, they wanted their DRM software to be in a position of ultimate control over your computer. Ordinary security features prevented this, so they install XCP to hijack your computer, to bypass security - and not only that, but they provide that control to any program that prefixes its name with $sys$. That is, XCP is a security flaw by its very nature and it was licensed with just this functionality in mind. There is no other reason to use it, but to circumvent security measures.
Now I'd like to address the seemingly prevalent belief that people are up in arms against this software primarily because it may allow a virus or other undesirable program unfettered access to you system.
People are used to security flaws within windows. They happen all the time and MS releases patches. They are not well loved for it, but for the most part, people continue to use windows and tolerate the seemingly ubiquitous lack of security. Why then, would they make an exception for Sony's case? I believe the answer lies not in the DRM itself, but in Sony's arrogant and anti-consumer attitude that they're right to control their "property" usurps the consumer's right to control the functionality of his or her computer.
One statement that whoever-it-was in this interview made in defense of Sony was that DVD's have been DRMed forever. You can't rip them to disk, you can't copy them, you can't even play them in non-licensed players. CDs, on the other hand, (as manufactured by Sony) are designed not to prevent you from playing them, or copying them, or presumably using them as you see fit, but rather to prevent you from copying in excess and giving too much of Sony's IP away without their consent. The problem with this logic is that for one thing, nobody is giving the movie companies kudos for locking down their DVDs. That I can't legally rip my copy of Spaceballs to my iPod video isn't a fact that gains MGM much love. And secondly, CDs were never designed to be crippled in the first place. When I buy a CD, I expect it to behave like a CD. Sony wants to change the way CDs behave - and the only notice they give you about it is an enigmatic little "CP" icon and the words "content protected". Content protection sounds good to me - does that mean that my CDs will scratch less, or that if I lose the CD, the content will continue to be made available to me, because I paid for the content? I thought not.
Lastly, I'd like to take issue with the notion that the Sony fiasco has set DRM back for years. I don't think it has. In the official release, Sony has only recalled the discs with XCP and has all but promised that future CDs will be released with some form of DRM. As long as the methodology doesn't usurp the functionality of the computer or provide in any egregious way a security risk, Sony will continue to distribute crippled CDs. That is, after all, the reason for the fiasco in the first place. It wasn't the DRM that got them in hot water, it was the way they went about achieving it. There are still many CDs out there with the "CP" logo that Sony hasn't recalled. Santana's newest CD comes to mind.
This is the way that the future is going to go. DRM has more than a foot in the door, it nearly has a whole leg. The Sony fiasco must serve as a wake-up-call for us, or we risk losing the public domain forever. (DRM + DMCA = unlimited copyright terms) We mu
More FUD. The shame of it is that most non-technical users don't have a clue what the problem is in the first place. I tried to get a couple of non-techie friends to boycott Sony over this but had trouble explaining exactly why (I gave up in the end). I think Sony know this and one of their Executives more or less admitted it quite recently. "We can do whatever we like, as long as our users don't understand whatever it is we are doing". As with some others above, I like Sony hardware but won't be buying any in the near future because of this. Anyway I haven't bought a music CD since the RIAA started taking children to court for file sharing. I'm not completely anti-corporate, it's just that I've started to get this very nasty feeling I'm being exploited somehow whenever I hand over money to one of these companies. Market Branding is all about the "customer feel-good factor" but what these guys are doing is completely destroying their brands. I don't feel that way about buying video games and movie DVD's at the moment - (although Valve are doing their best to put me off video games with Steam and the MIAA are feeding up their lawyers for the big push). The whole thing leaves a very bad taste in my mouth and I'm giving these people less of my money because of it. It isn't good business. It's going to break at some point I'm sure of it. I can feel the pressure building.
As an international entity, I'm hoping that Sony will have to bend over to the courts in at least a few countries. Anyone who expected the RIAA to accept blame raise their hands? How about we let a judge decide instead.
Ethics is such a foreign concept to them.
But then, being americans, we would probably settle for a $150 discount coupon on a new VIAO.
"Doing what i can, with what i have." ~ Burt Gummer
So RIAA sees nothing wrong with Sony's violation of copyright law so long as it's to protect their big corporate property...no surprise there, not like RIAA hasn't encouraged violations of other areas of copyright law in order to benefit themselves. And RIAA evidentally sees nothing wrong with introducing software to people's computers without their permission, that does undisclosed things, and cannot be removed without breaking the machine. Nope, nothing wrong with screwing over other people's property to make a buck.... No surprise there either though, they've constantly been encouraging that very thing for quite some time.
Is it no wonder that so many people think that RIAA is evil?
Sherman is wrong. There's an enormous difference between a security hole in DRM software and standard software: normally, any software I install on my machine is running with my permission and knowledge, performing a function that I chose and doing it for my benefit. Sony were trying to get their code onto end users' computers without those users understanding exactly what is was doing, and naturally the software functioned entirely for the benefit of Sony and not the users.
Richard Stallman clearly explained the problem and explained all the issues that Sherman doesn't want us to think about in an essay called Can you trust your computer?. If Stallman had the marketing clout of the RIAA's members and vice versa, I suspect we wouldn't be in this situation today.
1) They're being "responsible" because they're being "sued."
2) Regardless of the myriad cybercrimes under which SonyBMG is currently being sued, usually when companies install software that circumvents a customer's expected right to a freedom of choice, they get punished by the government under anti-trust law. See Microsoft.
There's nothing about this issue that's either legal, moral, or intelligent.Tim from http://www.boycottsony.us/ was the guest on the radio program, and he did a fine job of convincing the radio host John Gormley how bad this DRM infection is. If all technical people were as gifted verbally as Tim is, then we'd see a lot fewer problems from companies trying to exploit consumer ignorance.
The rebroadcast is tonight CST at www.ckom.com
Saskboy's blog is good. 9 out of 10 dentists agree.
http://www.kwtx.com/home/headlines/1996172.html
Texas is suing Sony BMG Music Entertainment, alleging the company illegally installed spyware on millions of music CDs that Attorney General Greg Abbott says can make computers "vulnerable to computer viruses and other forms of attack."
Abbott said the spyware installs files onto the computers on which the CDs are played.
$sys$nothing_to_see_here
What a load of horse crap. Local record stores were going the way of the dinosaur long before illegal downloads. The Best Buys of the world, which subsidized below-cost album sales in order to attract buyers to their higher-margin electronic gear are what drove the local record store out of the market. The situation was made worse by cheap albums being sold via mail-order online distributors. (Made cheap by the high volume of the online retailers).
I don't know how much money the record stores and IP owners lost on online piracy. The truth is that nobody really knows. Record companies exaggerate one way, and the free-everything people exaggerate the other way. However, it seems pretty reasonable to assume that with college kid dollars going into online music stores and forced buy-ins to the university music repository, the dollars will not flow into local record stores.
Besides, the recording industry could care less about the mom and pop record stores. Those guys sold in crappy volume compared to the larger chains. Further, the local stores sold indy music, and any profits from that never touched the coffers of the RIAA member companies.
Sherman/RIAA have to know that they're bullshitting. I mean, these are shrewd businesspeople. I can see right through the bullshit -- and I'm just some dork posting on Slashdot. This stuff is really simple -- do they think that this will pass muster with most of the American public? We're not that dumb, are we?
-Turkey
I would think that you could claim damages, including recovering whatever extensive costs were required to restore your system, if a bit of malicious software caused damage to your system.
What is my data worth?
I think getting a honey pot set up, with Sony's Rootkit, and some old SQL non-transferable licenses set up on it might do nicely for 5 or 6 thousand in actual damages, to begin with. Add in my own time to restore the system to working order (another couple of thousand) and punitive (Triple damages?).
Multiply that times, let's say, 10% of the slashdotters out there, all filing suits in every state and district of the US... a million individual lawsuits, with recognizable evidence of criminal negligence, damages, and likely a ton of defaults on the order of billions in judgements, might actually sink RIAA, as the other big labels realize how foolhardy all of this DRM crap really is.
Just goes to you that the RIAA and all affiliated with it do not deserve your attention.
It's your time, your attention. Place your valuable time in artists who trust you and don't treat you like criminals.
We should start creating a list of idie labels that practice a more acceptable license - like this one from Candyrat Records.
They have 60 seconds of each track available to preview the music (again no DRM).
Plug - take a listen - It's real music - not some mass market crap pushed down your throat.
"there is nothing unusual about technology being used to protect intellectual property."
Hey, did the RIAA just tell us that many music publishers commonly pirate open-source code into rootkits and place them on their CDs as common practice?
The parent was modded down for NO REASON. This post was ON TOPIC and some shameful moderator came in and CENSORED THE POST. How can people get away with this sort of shameful acts of cowardly censorship?
However, because of a recent wave of shoplifting, everyone buying a product will have to have their bags checked.
They already do this, and it's equally illegal.
Joe A. Consumer has clearly been lulled into a nice, foggy trance. We need to mobilize. Lawsuits are fine and everything, but if you really want to put the pinch on them, STOP GIVING THEM MONEY. They can fend off lawsuits till the cows come home. What they can't make you do is purchase something against your will. The "Holiday Shopping Season" is upon us. Let's show them what we're made of.
.... or... shut up and take it in the baloon knot with a, "Thank you, may I have another."
Step 1) Boycott Sony. All things Sony. Sony Pictures, Columbia/Tristar, Sony/BMG Music, Sony Electronics, AIWA Electonics, Sony Ericsson cell phones. Give 'em a month to cool their heels and think about this.
Step 1a) Boycott RIAA. All things RIAA. Buy no CDs or Concert Videos. Don't listen to music on the radio. Listen to the stuff you already own legally. Give them a month to cool their heels and think about this.
Step 2) Listen for the change in attitude.
Step 3) Repeat as necessary.
There's no need to engage in piracy, litigation, rioting or any other behavior with collateral expense. Simply don't buy anything from them.
If that's what Sony believes, then they show a remarkable disregard for their customers, a remarkable level of greed, and a totally unbelievable ignorance of the way in which people use music.
Just another reason not to buy retail music.
I have seen a couple of reports that the rootkit included code written by DVD Jon having to do with iTunes security.
I cannot verify this, I have not seen to root kit.
I would really like it to be true. Sony steals others intellectual property in an attempt to protect music they distribute, and the RIAA says they have done nothing wrong.
I really hope that some can validate this story.
i'm jsut waiting for the riaa to come up with a way to sue people that hear a song on the radio or off of a friends cd. to me audio memory is the same thing as havin a backup on my pc.... only on the pc i can remember things a lil better :-p
and i wonder what sony is trying to give the riaa for them to give these kinda statements... perhaps all the lists of the rootkitted cds?
"How many times that software applications created the same problem? Lots."
Yeah. Applications like spyware and adware, which are ILLEGAL in many jurisdictions, will soon be (draft laws), or should be. Then there are viruses and worms. Perhaps the head of the RIAA would like to name some of those many other applications, and stand side-by-side with them to defend their shared principles?
It's like saying that because it is common for people's car windows to get broken during robberies, it is okay that Sony broke a window for reasons other than robbery, provided they replace the window.
It just ain't so.
Also, if the car is generally screwed up from that point on, without the owner even being aware why, and it takes a trip to the mechanic and an engine transplant (system reinstall) to truly fix that "error", you can bet that people would be damn angry.
It was irresponsible from the start. The main problem is caused by a *feature* of the software, not a bug. While it is true that it was incompetantly implemented, the fact remains that the software was largely doing what it had been designed to do -- screwing around with the low-level system software relating to the CD-ROM driver. Even though extricating the software was harder than intended because of the bug, it is no excuse for messing with a user's system to this degree, and making it that vulnerable to abuse or error, especially for users that PAID FOR THE PRODUCT!!
Other audio "copy protection" schemes are only slightly better in degree. They are still rife with compatibility and quality problems thanks to the intentional corruption of the Red Book CD standard, and dealing with that is costing both the hardware and software manufacturers loads of money.
A simple message needs to sink in: once customers understand what these discs are, and what liberties may be taken with their computers, customers do not want these fake, non-Red Book, potentially "infectious" CDs. Once the RIAA's clients lose the customers' trust, they will be in far deeper trouble than what is caused by pirates that will circumvent all these tricks anyway.
Burglar uses stolen hammer to break a glass window on a private home and steal valuables, gets caught on amatuer video, suffers a week of bad press, then his lawyer defends him saying he did nothing wrong.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
http://news.bbc.co.uk/1/hi/technology/4456970.stm
About 2 hours old now. And yup, It even touches on the rootkits own copyright infringments.
Estimates the damage caused to SONY's bottom line in the tens of millions for this one incident, not counting the pending legal action taking place in Cali, NY, and now Texas.
The real piracy problem is with people mass-producing illegitimage copies of CDs and DVDs and passing them off as genuine. It's the discs that end up for sale at the corner of Nevins St and Flatbush Ave that are really hurting them, not the paying customers. Instead of directing all this energy and money towards DRM, lawsuits against filesharers, and Sony's defense, maybe they should focus more on helping the police crack down on illegal production and warehousing of ripoff CDs/DVDs and lobby the government to do something more aggressive about China.
Since when can't you copy a Windows CD?? Or most other commercial software programs?
The pot calling the kettle white.
If you have a decent proxy you can block the site there and redir people to a page that says "call IT. we know who you are"
If it causes harm intentionally, then you are guilty of fraud and destruction of property, and should be subject to criminal as well as possible civil penalties.
If it causes harm unintentionally, you should still be subject to civil penalties.
There is no excuse for software that causes harm unless I clearly waived my rights to redress and that harm was unintentional.
While this may be reasonable if the software is free (as in either speech or freedom), it is not reasonable if the purpose of the software is to protect someone else's property interests.
The bottom line, is that such untrusted, unvetted code, should only be deployed to dedicated machines where the harm is not likely to be wide-spread (i.e single purpose devices), and particularly where the harm will affect those who would naturally benefit from what the software should do: if a firmware upgrade is sent to my cable box by my cable company, and it kills the box so that I get a refund on not being able to view content, this is likely reasonable. But it should certainly not kill a general purpose computer. If anything, that is an argument for dedicated devices who's sole purpose is the decryption and display of encrypted content.
You could've hired me.
However, that is not really the issue which Sony is attempting to defend. Sony is attempting to defend an action which essentially transfers ownership of _your_ computer to itself. And it is that which prompted the legal slap, and rightly so, for what it's worth.
It's easy to lose sight of what the issue is here -- the parent post is very much right.
It doesn't matter whether you like the RIAA, the artists, or whether you use MP3s.
The issue at hand is very simple.
Sony dumps some very low-level software on your system that alters the way the system works in some unexpected ways. The vector that this software is arriving in is not expected -- many sysadmins on corporate networks, for example, allow audio CDs (to help prevent copyright violation from people bringing in MP3s).
Sony has essentially done something to the system that the user does not expect.
This is a very classic case of going behind the user's back to do something that he is not going to want to have happen. The same thing happens with a lot of other software out there, true, but having a Gator or Bonzi Buddy from *Sony* instead of a random shady startup is a little different -- that says that this is an attempt to legitimize doing anything to a user's computer that a software vendor can get away with.
The counterclaim made by Sony when someone pointed out that they were doing something nasty surreptitiously was that "most users don't know what a rootkit even is". Yes, that may well be true. However, the problem is that something is being done to my system at a low level -- I don't know how my car works, but I trust my mechanic not to break it. When I stick an audio CD in a CD drive, I expect it to play music, not to modify the function of my kernel. The fact that the typical user does not have the knowledge necessary to understand how he is being screwed over and what to do to repair the problem is absolutely no defense against this.
Furthermore, they claimed that this was perfectly acceptable, and appear to be ready to do it again. The question is not minor -- this is the first time that I'm aware of that a mass-market company is attempting to do nasty stuff to computer users, and taking advantage of the fact that few users are able to identify what software is causing problems and what might be a bad idea to do to their system. Fortunately, there are a few technically knowledgeable and competent people out there (like the well-respected gentleman at Sysinternals) who are able to bring this up. If Sony can get away with this, it's a green light to any *other* company that sees a perceived advantage in somehow modifying your computer system to do so via any means necessary. Today, Windows boxes are the only ones affected, but what about tomorrow, when Linux and Mac OS boxes are hurt?
If Sony is not slapped down *hard* legally for this action, the floodgates of adware and spyware from major companies will have been opened.
I'm rooting very, very hard for the ambulance-chasers on this one, and it has nothing to do with the fact that this involves DRM. Software is something that Joe Average has to deal with on a daily basis, and his ignorance about how his system works or how to fix damage done to it should not be something that it's okay for every company in the world to exploit.
Sony is *not* going to listen to anything other than legal suits on this one -- if they were going to listen to common ethics, they would have done so by now.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
This article on Yahoo! says DRM is doomed. FTA: "The fact that so-called digital rights management might always be a doomed experiment became painfully clear with the fiasco that erupted after Sony BMG Music Entertainment added a technology known as XCP to more than 50 popular CDs."
Let's hope. I always thought this was stupid. I bought the CD. The concept of fair use says I should be able to listen to it when, where and how I want. Fussing about people trading music just goes to show how badly the music industry knows it's wrong and that it's been screwing artists since the beginning. They're not treating their artists nor their customers well.
"Sometimes the truth is stupid." - Lawrence, creator of Prime Intellect
Using Sharmans logic its fine to download music, everyone else is doing it too!
``It follows that RIAA does not consider the piracy of copyrighted material wrong... Well, I'm off to go copy a few CDs, with the cartel's blessing this time.''
No, no, no, you've got it all wrong!
It's not about breaching copyright.
It's about who harms who. Small folk harming the large corporations? BAD! Large corporations harming the small folk? Standard practice!
Please correct me if I got my facts wrong.
I demand that President Sherman present credible evidence to support his claim of Weapons of Mass Duplication!!!!!!!!!!!
Let's play a game of 'Good Idea, Bad Idea'.
---
Good idea: Implimenting a copy protection scheme.
Bad idea: Implimenting a copy protection scheme without analyzing it first.
---
Good idea: Monitoring your customers' reactions in order to quickly and intuitively react to any problems they encounter with your product.
Bad idea: Monitoring your customers' reactions in order to quickly and intuitively react to any problems they encounter with your product, and then sweeping the problems under the rug.
---
Good idea: Asking for help from third parties to save time and money in developing your product.
Bad idea: Asking for help from total idiots to save time and money in developing your product.
---
Good idea: Informing your customers that your product could modify the content of their PCs - their personal property - and how.
Bad idea: Not informing your customers that your product could modify the content of their PCs - their personal property - and how, and then denying it in spite of conclusive proof that says otherwise.
---
Good idea: Dealing with rogue business affiliates strictly, or severing ties in response to a mess like this.
Bad idea: Praising rogue business affiliates for creating a mess like this.
---
It looks like the RIAA is just full of good ideas. Honestly, these aren't the kind of people who I wish to do business with. This just goes to show how slackassedly the RIAA deals with business partners when they cause a massive breach of ethics and customer trust by failing to properly analyze a poorly constructed third-party copy protection scheme they implimented, and then sluggishly respond to the fiasco by posting ineffective third-party patches without actually attempting to reach customers or willingly going public about the issue.
Folks, Sony obviously doesn't care whether or not their products damage your property, and neither does First 4 Internet. F4I is guilty for making this bastard of a CPS, and Sony is just as guilty for distributing it without even looking at it, and then barely even trying to help fix the problems it causes. It doesn't matter what this talking head from the RIAA says. This isn't just a programming error, this is a royal fuckup of unimaginable magnitude - a prime example of an absolute lack of good business sense and business ethics. One would hope that F4I and Sony will get what they have coming for this, but something tells me Sony will likely load off the blame onto F4I and get out of this unscathed... Business as usual.
However, I can safely say that this turn of events will not curb my habit of buying music second hand, and I certainly know whose products to avoid now. I'd hate to see if there was a safety recall involving one of Sony's products. That'd probably go something like this.
"Upon analyzing this product, we have determined that it poses a great danger to the consumer - an obvious and highly dangerous flaw in its design-"
"Sony has done nothing wrong here! It's just a design error. Mistakes happen, sir."
"... I don't know where you come from, but here in America, we don't like it when portable CD players explode unintentionally-"
*obnoxious snoring*
"ARE YOU LISTENING TO ME, YOU JERK-OFF?!"
"Huh?"
"According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware"."
Well, that and it probably violates multiple state laws... What's that saying? Ignorance of the law thing...
The race isn't always to the swift... but that's the way to bet!
Except for violating the license for LAME and DVD-Jon's work? Will developers of both of these products sue Sony blind for stealing (and then trying the public's patience with this PR agency directed campaign to clean up their image?) If Johansen gets a big settlement would it cripple DRM permanently? Will the lawsuits include pressure from governments, who now realize they could leak secrets just because their secretary listened to a music CD at work? And that's only the accidental espionage...
As disturbing as everything about this case is, the scarier part is how Marc stumbled across this rootkit. Are there enough genius-level diagnosticians amoung us to find the dozens of rootkits that are better crafted than this F4I junk? Rootkits used by governments to spy on each other, AND US? Who was it that called the internet the greatest boon to covert intelligence gathering since the submarine cables in the North Atlantic?
Mr Russinovich, PLEASE open a trade craft school to teach the best and brightest how to detect and code for removal of these threats. Corporations and governments will pay for their security experts to learn, professors will seek the knowledge to teach others, and AV companies will pay to send programmers to learn how to code removal tools for a lucrative new market, Ignore pleas by our overlords at MS and the Fed. Hopefully the designers of removal tools will not bow to pressure from the lazy spook types, who won't be able to sit back and snoop PCs for much longer before being found out.
_____ Computers are so complicated... I thought I never learn how. Then I found out there was Free Pornography on them.
Comment removed based on user account deletion
The simple fact that any audible signal can be recorded is important, yet the record companies still seem blind that they have a viable MP3 market because most consumers (with jobs) would rather pay $1 (with Jobs) than spend 20 minutes finding a song illegally or even bothering to rip their own CDs. I have more than a few friends who've rebought albums from iTunes that they own on CD. $10, to them, is worth the time.
It comes down to this.
The record companies have identified that control of artists are slipping away from them.
There are hordes of little nasty DRM companies that will promise the moon to get a fat contract from someone like Sony. People like the earlier company that tried corrupting the error-correcting information sufficiently to keep audio CDs from working properly in a computer. When you pair a technically inept, worried, rich company with a nasty little DRM company who promises a way out, the rich company's executives will make some pretty fucking stupid decisions.
I worked with one of Phillips' researchers who was working on watermarking and other approaches to DRM. I mentioned that a particular approach that took a huge amount of mathematical work to avoid being stripped out by MP3 seemed unlikely to last for very long, even without someone cracking the system deliberately, because psychoacoustic models are constantly getting better. He looked at me, sighed, and said, very honestly, "Yes, you can't really do DRM on an audio CD as a permanent solution -- but there are research dollars there, so that's what we work on."
Currently, if a single person can rip a CD, the audio will hit P2P. And there are so many technically ept people out there that the question of whether or not someone can rip a CD isn't even an issue -- the answer is just yes.
All these solutions are aimed at trying to prevent ripping. That's a lost cause. You can't do that. It's just too easy to rip audio at least once.
The record companies' (merely perceived or not) problem is the people *downloading* music, not the people ripping their own CDs to iPod or similar (unless they're *really* trying to sell the audio twice over -- once in digital format and once on a CD). The problem is that those people downloading music are also the people completely unaffected by attempts to eliminate ripping -- someone, somewhere, will *always* manage to rip audio. The only people getting shafted by these schemes are the legitimate customers, the ones who are trying to listen to audio on an iPod or their computer or so forth.
Any real solution (which may or may not be feasible, but it's a starting point) needs to do something in which physical modifications to a *player* are necessary in order to play the audio, or something along these lines -- anything that requires work on the part of each infringer, not on the part of a single person somewhere on the Internet, because that's a lost cause. The RIAA is pissing off a lot of people and blowing money on solutions that could *never* work in the long term, not even a little, and they're blowing any opportunity that they might have of making a workable DRM system, or of exploring ways to survive in a new world in which DRM doesn't *exist* and copying is easy.
The degree to which the RIAA member companies have been sold snake oil by security companies is amazing. You gotta feel for them.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
I do, however, have a problem with not being able to give 1 cent to the artist, without HAVING to give $1 to the record company.
Sure and you can. Many of these bands have an address for fan mail. Send them a few bucks. What are they going to do, send it back?
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Summary of the article: "Somebody in the record business said something."
Record company execs live in their own imaginary world, where music exists only because they're here to own it and sell copies of it. Expecting them to say anything sensible in a PR statement is like asking your dog to explain the Federal Reserve system.
shame on these people... Sony cracks people's computers -> RIAA issues comment saying it loves that. What's next? will RIAA sue F-Prot for copyright infringement bc. they say in their site that Sony rootkit is malicious?
this is getting more ridiculous everyday
will joe gonna be afraid to buy legal copies because they crack computers?
What is so laughable is that the recording industry had an alnost fool proof copy protection scheme. They (the industry) broke it in the intrest of profitablity. It was called a vinyl record.
echo "America - It's not fascism when /we/ do it!" | sed s/America/Sony/ | sed "s/fascism/copyright infringement/"
I find it highly highly diappointing that no charges have been filed for this instance.
I don't really expect them to be read, but I fired off emails to my senator, representative, and DA. Using their online forms obviously.
Why the senator and rep? Because at this level it is probably a political decision whether to go foward or ignore SonyBMG.
Da*n I wish I had that sort of clout.
What I think is at stake here, from a personal viewpoint, is the question, Are corporations liable under the law, to obey it. And if they are not, why are still legal to form them.
Secondly if they are free to ignore the law, why should the rest of the populace follow the law. SonyBMG violated it on both the technical side, as well as the spirit of the law. I can understand that if a technicality is broken, but the spirit of the law is maintained, that at the end of the day it can be justified. Or if any part of the law is unconstitutional, would be another exception.
Cause if SonyBMG gets away with this, I see no reason why I cannot purchase a nuke, technically, or at least a really large cannabis farm. Providing I incorporate first.
Autoplay is different than Autorun.
Nice try, although what you suggest won't protect you against a Sony CD.
... the president of RIAA did not say that Sony did nothing WRONG. He said that the idea of protecting content wasn't unusual. He made, as far as I can tell, no moral judgements on Sony's actions. In other words, like a typical corpropolitico, he said nothing.
I'm thinking of the "homeless hacker" who almost went to prison for showing the NYT that their systems weren't secure, of Kevin Mitnik, of a bunch of other people who have been threatened with or gone to prison for "accessing a protected computer system."
Governments world-wide have these laws.
Why are no Sony executives incarcerated yet? Do they own all of the world's governments?
(MRC="handout")
I disagree with some of the sentiment posted here that "This sets back DRM several years". Nothing short of a class action suit against Sony will convince the public that it's a bad thing for anyone to put software on your own computer without asking, especially one that snoops on you and leaves you even more vunerable to attack.
Who needs to worry about RFID tags when your own home PC watches your every move and reports it to
big corporations! Hell, the FBI could do exactly the same thing as Sony and get it put into law that every PC must have ratware installed! The ISP's would rather this than spend the serious money required to monitor your actions at the local network feed!
Bavarian Purity Law of Rice Krispie Squares: Rice Krispies, Marshmallows, Butter, Vanilla.
Well, it can mean royalties. And it depends on if you are talking about musicians, performers, or writers. Songwriters get money when their songs do well. Think of the song Torn performed by Natalie Imbruglia. It was a cover song made to fit popular radio. But the original band that did it didn't complain, because they were getting songwriting royalties. (BTW, the original song, of which there are several versions, is much better IMO)
My beliefs do not require that you agree with them.
No, he's not.. because I know of these other applications running on my PC (either because I installed them myself, or they came preloaded), so I'm able to update them. Furthermore, these applications (or operating systems), even if they are sometimes buggy, fulfill a purpose for me. Users who listen to a Sony CD on their PC and thus unintendedly install the rootkit a) don't know that it's there and therefore will not patch it, and b) don't take any advantage of this rootkit.
Georg
I think it may have been true at one time, but with today's digital technology, the cost of production and distribution is practically zero. I can cut an album out of my closet with a few hundred in used mixing and recording equipment, make the mp3s available for download, and even burn my own CDs at 24X and drop them off at local record stores or sell them online. For a few thousand in direct one-time costs, I could even upgrade my equipment and do a "professional" job. The major labels exist for one reason only: marketing and promotion. Once people figure this out and start competing with low cost online marketing and distribution systems, the major labels should pass into history. Really, it never ceases to amaze me that the companies that comprise the RIAA get away with suing 12 year olds and old ladies and breaking into home computers with nary a spot on their public reputations. By the way, this is how every dollar is spent by the coop of bands in the RIAA: $0.02 Bleach treatments for Michael Jackson $0.03 Special wardrobe for Superbowl halftime performances $0.05 Bribing congress to pass the DMCA $0.05 Web sites and fan clubs for $0.10 New boobs for (former) teen superstars $0.10 Filing lawsuits against children and old ladies $0.15 Pancake makeup for Madonna $0.15 Sending Rocco out to break the legs of a few DJs $0.15 Renting WETA rendering farm for digital reprocessing of Ashlee Simpson performances $0.25 Recalling millions of CDs infected with malicious Sony/BMG malware -$0.05 Artists share of what they owe the record company on your revenue
Seems like we are going back to the time of Robber Barons (hah, p2p filesharers aren't the only robbers) with William Vanderbilt's famous quote: "The public be damned!"
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
What is the validity of a EULA if it was accepted by someone who cannot enter legal contracts, such as a 6 year old kid who pops in one of these SONY CD into a computer? Surely a 6 year old kid cannot be expected to understand a 3,000 word EULA but can understand the word ACCEPT and click on it.
- Jason Terlecki
I guess they'd be liable for the copies sold in Texas alone. I was figuring for all 2.1 million CD's :)
Even so, I would imagine we're talking more than 10,000 CD's (over a billion dollars).
Kythe
...that's just a guess.
Kythe
I do, however, have a problem with not being able to give 1 cent to the artist, without HAVING to give $1 to the record company. THIS, ladies and gentlemen, is the theft we should all be discussing.
No one forced the artist in question to sign a contract with a big label. If the artist wants to keep all sales proceeds to himself, then he should do his own marketing. If he wants to put out a record under an indy label, then he's free to do that. If he wants to sign with a big label to get the fame and distribution channels, then he should be well aware of the large cut the label is going to take.
...that as things presently stand, the system is so corrupt, useless, and broken and favours corporations so heavily over individuals that at some point in the not so distant future, our only possible recourse might be to take matters into our own hands with some violence?
I'm no advocator of violence, being a left-wing tree hugging socialist, but there are rare times and places when it is indicated, and I can see those perhaps coming. The legal system has failed the people when it comes to business, and we are entirely impotent in the courts and will have to rely on alternative means to achieve success.
(Posted A/C for obvious reasons.)
"He's saying that many companies use copyright protection, and that this software will sometimes result in system instabilities."
Software companies? Like what? Virtually all protection these days is a serial validated with a web lookup.
Can anybody think of copy protection on software that basically takes over the machine?
You were mistaken. Which is odd, since memory shouldn't be a problem for you
1. The RIAA and MPAA are NOT ARTISTIC ASSOCIATIONS!
This merits repeating. The RIAA and MPAA are NOT ARTISTIC ASSOCIATIONS!
Come to think of it, neither is Sony.
Admittedly, they are "industry" organizations, but this also implies that they represent industry interests, which are not always the same as artists' interests. In both cases, you've got lawyers and legal staffers, who serve the interests of distribution companies, financiers, studios, you get the idea.
2. The RIAA and MPAA exist in large measure to perpetuate and protect obsolete business models. It's partially driven (obscured?) by goals of being able to exact revenue from each viewing, each session, each "show". In their minds, this was the way it's supposed to work. I'd like to think they're bright enough to realize they can't keep doing business in quite the same way, but they can't even see which way they are going. It isn't only the technology they don't understand, but those "suits" don't understand the nature of offering the sort of entertainment that makes audiences want to see more, but not necessarily more of the same.
Maybe they're beginning to see that they can't keep fooling all of the people all of the time. Maybe they realize that they can't stay in business by suing their customers and hitting them up every time they try to fairly use something they already have a receipt for. Maybe they're beginning to get the hint that taking a buck for every nickel the artist gets is kindasorta wrong. Maybe their consciences are actually beginning to bother them.
Maybe that was too many "maybe's" for one post.
3. ...lest we forget, the entertainment industry moved to California first to dodge their creditors in the east, secondly to avoid paying tax debts, but also to avoid paying royalties to Thomas Edison. Edison and company invented the production and post-production equipment on which the American film and sound recording industries modified to their own specifications.
Of course the less polite version alleges that they ripped off Edison outright. ...can't be as morally reprehensible as copyright infringement, right?
Maybe some at Sony were, but you can't tell me that the dev that made the software and the legal department didn't know what was going on. There is no way to spin installing a rootkit and making it a good thing. Which is why they are back pedalling. It's not about, "Oops, we made a mistake, sorry." It's about, "Oh shit, we got caught."
Yes, they did a very wrong/illegal thing. However, it can be argued that the whole rootkit fiasco will be good for the consumer. The public is highly aware of this issue. They have also heard the word DRM a few times. Now everytime DRM is mentioned the consumer will say "I don't want your virus on my computer". So yes, it was a bad thing. But in the long run I think Sony's damaged the word DRM so badly that we will benefit from this accidental education of the average consumer. They've done something in one stupid move that we've been trying to for years!
If an officer ever threatens to taze you, say you have a pacemaker.
Once you start deliberately infecting your machines, it's your fault, not Sony's. That's like saying you're going to spill hot coffee in your lap so you can sue McDonalds. You'd be lying if you told the court Sony was installing something without your knowledge, and that you didn't know it would be hard to remove.
I wonder if the President of the RIAA bought any of the music CD's Sony loaded down with that crapware? Yeah right. It's funny how he's accepting it, because it just makes the RIAA look even worse. Even Sony went back and made a fix for it, so they acknowledge that it wasn't right. President of RIAA = Idiot
"how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?"
Who amoung the general public equates a CD full of music to software? I'm thinking no-one. So when a music CD acts like software and starts changing the functioning of your PC, it gets you by surprise. People don't expect CDs to be software, so of course it's a big deal when not only do they act as software, but they create serious security problems... People already expect this of software, but not of content.
Nothing else needs to be said.
------ The best brain training is now totally free : )
In Chapter 4 of So Long, And Thanks For All The Fish," Douglas Adams described Ford Prefect's predicament in a bar in the lower side of Han Dold City when the barman wouldn't accept his American Express card:
"He glanced around at the motley collection of thugs, pimps, and record company executives that skulked on the edges of the dim pools of light with which the dark shadows of the bar's inner recesses were pitted. They were all very deliberately looiing in any direction but his, carefully picking up the threads of their former conversations about murders, drug rings, and music publishing deals. They knew what would happen now and didn't want to watch in case it put them off their drinks."
And later...
"He had, after all, been in the bar all day, he had been drinking a lot of stuff with bubbles in it, and he had bought an awful lot of rounds for all the pimps, thugs, and record executives who suddenly couldn't remember who he was."
Okay, the "music publishing deals" part wasn't exactly accurate, but this stuff was published in 1985. One would be tempted to say it was awfully prescient of Adams, but then again, maybe not.
Those who can, do. Those who can't, write technology blogs.
Causal fallacy.
It's not like he doesn't know it, but why bother building proper arguments when you can get away with absolute b*llshit and still be quoted as a respectable source?
The reason the children at Sony can get away with bullshit like this is because most people don't know what a causal fallacy - or any logical fallacy - is. Debate, civics, and basic logic are not taught in most of today's schools, so most people have little idea when they are being feed ill-formed arguments (or if what they are fed is an argument at all).
This is profoundly dangerous when the people talking are politicians, not just some corporate monkey. Then again, the CEO-as-politician seems to becoming more popular nowadays . . .
EFF Files Class Action Lawsuit Against Sony BMG. Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General.
If I do write virus that I call "DRM kit" that will spread without your knowledge and install without your knowledge onto your computer and the only purpose of this virus will be to hide itself and search your disk for unauthorized copies of my application I created... is it OK? Will I do something against the law? I'm going to protect my property! Just this and nothing else! RIAA will backup me! And if I make some "programming error" that will allow my DRM kit to act as a trojan horse.. ups! Errors happen...
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
They don't have jurisdiction.
Contact your local FBI field office:
http://www.cybercrime.gov/reporting.htm
http://www.fbi.gov/contact/fo/fo.htm
You should also file complaints with your state's
attorney general and with the Federal Trade Commission,
and perhaps with other agencies that I'm forgetting
about at the moment.
Like the devil telling judas that he did not do anything wrong...
Well then, I sure know there's a hole in the President of the RIAA that i'd like to stick a few MB's up right about now...
<overrated>Insert Sig Here</overrated>
I am concerned for your mental health as I have been tracking the growing battle between the RIAA and its member companies and the nefarious 'downloaders' they seek to curb. I envision countless stressful budget meetings, security meetings and reactionary meetings whenever a new DRM method is cracked or discovered like Sony's. The legal budget alone to push record company friendly legislation through in every country you operate in, the necessary 'bribes' to get this to pass, along with the legal funds necessary to enforce these laws and punish offenders must be considerable.
Have you ever thought that perhaps all this money the battle is costing you is ... too much? Would the money you lose by 'giving in' be offset by the great sum of money you are spending to curb a worldwide phenomenon that shows no signs of stopping? Perhaps instead of fighing downloaders, you should recruit them. Find out from them exactly what they would like to see with their downloads (security, high bit rate, different bands, etc.) and then get in the game yourselves. Charge $5 a song, but give the downloader lifetime rights to copy, backup and re-use the contents of the file to his or her heart's content in exchange for this price. Let them choose the bitrate and file type of their download to maximize their possible usage. I know that you miss the days where we bought seven copies of the cassette because they wore out long before our love of the music wore out, but those days are gone and never to return.
You'll make more than a download at iTunes, would embrace a new technology that you should have embraced a long time ago, would save on that giant legal budget and get the rest you most certainly need and deserve. What price is peace of mind?
Sincerely,
Empty Yo
I'll tolerate anything except intolerance.
but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Perhaps this blow will get SACD or DVD-A back on track. I'm hoping one of the two formats will gain more support and am more than willing to buy content in that format. SACDs sound so much better than MP3s or CDs. Sony et. al. need to fight from the value-add perspective and not the legal-assault front.
Which is safer?
(1) Buying a legitimate music CD and inserting it into my computer, or,
(2) Downloading the same music in MP3 format from eMule, knowing that each file has 50 different sources, all with the same security signature?
The answer to that question has been irrefutably decided this month.
This is a significant turning point in the history of music distribution.
This is why, ladies and gentlemen, I listen to public radio. I do not buy CDs from any label that is under the RIAA, and if I do buy a CD it's for a physical copy of something that is in Public Domain.
Only listening to PD stuff doesn't stop me from being afraid of a large corporation like this though, they're bullies and it's apparent that they'll sue anyone, guilty or not. I honestly don't think I could list a single band that is on the top 40, let alone very many current (as in new) bands!
$fortune
Tomorrow has been canceled due to lack of interest.
Satan defended his practice of evil, scientists discovered water is wet, and Generalissimo Francisco Franco is still dead.
/. and you'll find loads of hypocrisy from both sides.
I mean, seriously, this guy is the head of the RIAA. What did you expect him to say? That covertly installing malware on your PC such that it will bring more dollars to his pocket is a bad thing? These guys are the enemy. They think nothing of engaging in hypocritical behavior so long as it's "good" (for them) behavior.
But then again, hypocritical behavior is not something the RIAA has a monopoly on. After all, just find any Linux vs. Anything-but-Linux flame war on
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
A few posters have somewhat addressed the issue in previous Slashdot threads, but no one has really hit it yet. When determining who is at fault and maliciousness of an action, intent is always considered. Not the intent to violate the law, but the intent to do the action that violated the law.
For example, if you walk in to a gas station and grab a 25 cent pack of gum and pay for gas and walk out, you can be held liable for stealing that pack of gum. Not because your intent was to break the law, you obviously intended to do that, but because your intent was to take the pack of gum.
A toddler in the same gas station picking things out of mommy's purse and putting them on the shelves and taking gum off the shelf and putting it in mommy's purse, cannot be held liable for stealing, because they don't even have a concept of taking something that is owned by someone else.
Sony here intended to have their rootkit phone home. They intended for it to hide itself. These are very serious allegations, but none of them are incorrect. Sony might not have wanted to violate Texas spyware law, but it seems clear they did intend to have a piece of spyware that attempted to hide itself and phone home.
That's a huge problem. Sony may very well end up being a martyr for DRM in such a way that no future RIAA member company will even attempt something along these lines for years to come.
All of it. That's what Attorney General's do. Remember, this is a CRIMINAL prosecution. Not a civil prosecution. Anytime you read "Attorney General" of anything, that's a criminal prosecution.
And to the non-US'ers of us, in US courts, there are two types of cases - civil and criminal. Criminal cases can (usually) only be brought by an agent of the government (Atty General, Inspector General, etc). They usually involve fines and/or jail time. Civil cases are cases that are fought between two private parties where the govt is a non-party and you can't go to jail. You can only be penalized financially or through other non-jail means (attend counseling, etc).
In other words: Divorce = civil. Killing your wife = criminal.
1. Find computer at Sony or RIAA with Sony root kit. You know they eat their own dog food.
2. Hack computer. Randomly remove data, make computer useless.
If they think what they did was not a problem, then directly show them how bad it is to have a machine hacked. They live by the sword, let them die by the sword.
Multi-session disc inserted.
2 sessions detected.
Select session to use (cr for newest): __
Wait, doesn't the audio session have to occur first on a multisession cd (because a regular CD player expects it to be there)?
So if we hit 'Enter' to pick the default (newest) session, we'll be picking the data session with the rootkit!
White House says Enron 'Did Nothing Wrong' Shock. Please..
Cary Sherman, meet Rope. Rope, Cary Sherman. I'll leave you two to get acquainted.
"how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?"
Not only has Microsoft implemented a far worse design, they went up against the DoJ to keep that design in place, and have not only refused to actually back out the design flaw (having a mechanism whereby a document can execute unsandboxed code based only on information available to the ActiveX control that renders the document), but have made an allegedly safer version the core of a new API (.NET).
To quote John Brunner, "There is no difference, both are evil".
Creating a security bug, by mistake is not the same as introducing a security fault by design, thats the differnce between neglignce and criminal intent.
companies that do that, are called "criminal enterprises"
what sherman is saying is false.
the dude is an asshole, seriously, at least give an intelligent reply.
I didn't say infect your own PC.
Simply listen to the rootkit'd CD, leave your PC exposed to the wild world wide web. That's the idea of a "honey pot".
You aren't actually infecting your own system.
I will admit, it is akin to taking that hot cup of coffee and moving about in a crowd, I suppose.
The issue is not that the CD installs software. The issue is that the CD doesn't inform the consumer of its actions and give them the chance to eject the CD. Sony should be fine with it if I'd rather not play the CD on my computer at all than have it install software.
On the other hand, is the CD able to install the software if auto-play is disabled?
most consumers (with jobs)
Problem is that unemployment of American people with a four-year university degree is going up as jobs are outsourced to rapidly developing countries with a much lower cost of living. How can I become a consumer (with job) if even minimum-wage shops consider me overqualified?
Nonetheless I don't think we need to worry about the RIAA or rootkits or whatever much longer. The new generation (10-16) of kids recording today are already using the next distribution system (PureVolume and MySpace).
So what's the next promotion system? A lot of these 10-16 year olds are forced to listen to major label music on commercial FM radio on the bus ride to and from school.
the public domain is now an effective reality.
Say what? RIAA executives, MPAA executives, and other followers of Sonny Bono would beg to differ.
there has to be a third totally clueless idiot to follow the other two spiralling down the black hole to obscurity.
Sony/BMG is proven totally hopeless, particularly when somebody demonstrated that a little hunk of electrical tape on the CD's outer tracks will kill the entire bogus session-2 rootkit PC-munger altogether, and allow the CD to play like it was a real CD-DA.
RIAA thinks they're wits, and they're half right.
Notice we haven't heard from any of the usual suspects in Congress yet, the bought-and-paid-for brigade. DHS for once pointed in the right direction when they implied that Sony/BMG is the terrorist. The entire rest of the free world plus those souls who can blog undetected has called the incomptents out to the alley.
So on the pattern of 3 makes a crowd, there's still one more village idiot that needs to fall in front of a Eyewitness Action News Home Team Leader satellite truck and be recorded as too dumb to breathe in this rape of the legitimate users.
Will it be DoJ not charging Sony/BMG with computer terrorism in court? Will it be our Fearless Leaders looking to crawl in bed with another corrupt and unpopular business giant? Or will Metallica and Lars come screaming out of obscurity yet again to prove once and for all that head-banging is not healthy?
I'm waiting.......
if this is supposed to be a new economy, how come they still want my old fashioned money?
Well, I don't expect the Sony rootkit to infect you from another system. So if you just listen to the CD, but don't let it install, what exactly are you waiting for the honeypot to catch, that you can blame on Sony?
:) )
(I meant that you deliberately installing the rootkit = deliberately infecting yourself
the major strategy in their campaign against P2P is to convince everyone that sharing any copyrighted work is illegal, and that there's no such thing as Free Software, public domain media, or the Creative Commons.
No sound recordings have entered the public domain through expiration of exclusive rights in the United States. The State of New York and several other States recognize perpetual copyright-like privileges in sound recordings, and federal law will not pre-empt these privileges until the year 2067. The only "public domain" in sound recordings is an affirmative abandonment of exclusive rights by each work's copyright owner.
If Sony did nothing wrong, then why are at least 2 lawsuits being filed against them ???
Remember they were behind the insane concept spewed by that senator a while back where they wanted the right to remotely destroy your PC, at their whim..
Having a rooted PC everywhere pretty much would give it to them.
---- Booth was a patriot ----
If the RIAA comes limping to Sony's defense at this late stage of the fiasco, I doubt that it's merely lip-service to assuage Sony's tidal-wave of bad press these days. Not when this comes on the heels of the attorneys general of California and now Texas who have come calling about this issue.
Sony's rootkit is indefensible, period. The less-than-rapid response and holier-than-thou attitude when it became a public issue is going to need a little more than a sales job by the RIAA to rehabilitate Sony. Legally, the writing is on the walls for those guys, and there isn't much cover at this point.
Lets call this what it is - spin by an agency that is well known for its ability to spin just about anything. Think of how many of their cash-cows (err, artists) have stepped in various drug abuse problems, affairs and other tawdery sex acts. Somehow the RIAA actually manages to get them taken care of.
Sony, and the programmers that wrote the root kit should have known they were wrong. If they didn't, then they must have missed more than one or two ethics classes along the way. Of course, their argument would be that piracy too is unethical (at that point I'd ask how two wrongs make a right).
Sony spends a lot of money on the RIAA and since even the worst criminals of them all deserve representation and someone in their corner, I guess that the RIAA is stepping up to the plate for their client. This is one thing that I can say is right in this whole story, the RIAA should be solidly in their client's corner. Unfortunately, their ethics are showing a little more than a slight tarnish.
In the long run, all of this is going to hurt the major labels in their battle for DRM but only a little. The next time around, they will have learned a lesson or two and the next effort will be a bit more proper and ethical but still just as hard to live with.
You could always put in your software RIAA specific clauses allowing free access to their computers if they use your software...
Sony's DRM software didn't "contain" a security vulnerability, it was the security vulnerability.
This pice of walkin shit that doesn't deserve the breath he breathes
.... eat hardy.
should be FRIED in an Electric Chair for his admitted Nazi linkages.
There, I've said it, the Chair of Sony is a Nazi, and a Gay Fag to boot.
The buffet is about ready
Toodles!
While everyone is commenting on how horrible Sony is for doing this, I haven't seen a whole lot of posts about how trusted computing would impact the picture. So far, Microsoft is only cleaning out the rootkit because it's common knowledge. Under a trusted computing model, Microsoft would have *signed the code as trusted* and you probably wouldn't be able to remove it, much less pull it up in a debugger. Microsoft doesn't trust you, or your friends, or anyone you personally know. Microsoft trusts Sony and the RIAA, and they're the ones they're trying to win over to their own DRM schemes. I'm sure they'll be friendly to other companies in the process, just to get DRM accepted everywhere before pulling a 180 and mandating only their distribution method. After all, once DRM is in place in a trusted computer, nothing stops Microsoft from simply turning off the other brands and forcing the use of windows media. After all, they control the trust relationships.
Strange, I don't see RIAA complaining about how Sony broke the agreement for the GPL... On the up side, if we all really screw over RIAA's computers and say it's for copyright protection, it's okay. Hackers, you've been given your mission. XD
please... let me sleep... a little more... yay, no longer annonmyous coward.
Is a fuking moron
If Sony is found guilty in the class action suit, will it open up a venue to sue RIAA and Cary Sherman, the president of the RIAA for harbouring criminals and criminal activity?
PS: I'd like to sue Sony for lost productivity but my employer won't sign a deposition. Anybody know of a class action suit in the making?
"Agreed but what can we do about it."
You can go to the police and report the evidence you have regarding an alleged crime. The police should then go and investigate the evidence and, in case enough evidence is found, justice should have it's cause and a judge should decide wether or not to punish the offender. That should be possible in all countries that signed the TRIPs agreement, including the US and the UK (see below). Article 61 states:
http://www.wto.org/english/tratop_e/trips_e/t_agm4 _e.htm
-+-
SECTION 5: CRIMINAL PROCEDURES
Article 61
Members shall provide for criminal procedures and penalties to be applied at least in cases of wilful trademark counterfeiting or copyright piracy on a commercial scale. Remedies available shall include imprisonment and/or monetary fines sufficient to provide a deterrent, consistently with the level of penalties applied for crimes of a corresponding gravity. In appropriate cases, remedies available shall also include the seizure, forfeiture and destruction of the infringing goods and of any materials and implements the predominant use of which has been in the commission of the offence. Members may provide for criminal
procedures and penalties to be applied in other cases of infringement of intellectual property rights, in particular where they are committed wilfully and on a commercial scale.
-+-
It seems that at least the UK and the US have implemented this in their laws, so I think one could go to the police over this in both the UK and the US:
====
UK
====
http://www.theregister.co.uk/2003/10/07/prison_for _using_kazaa_surely/
-:-
But from 31st October, the new regime introduces a new threat for P2P fans: prison. "There's no suggestion that this is what the new law is intended to catch, and it's not something that the European Directive demands; but the wording could be interpreted this way," says Robertson.
The relevant provision states:
"A person who infringes copyright in a work by communicating the work to the public -
(a) in the course of a business, or
(b) otherwise than in the course of a business to such an extent as to affect prejudicially the owner of the copyright,
commits an offence if he knows or has reason to believe that, by doing so, he is infringing copyright in that work."
Robertson said: "It could be interpreted under these new Regulations that you are now committing a criminal offence when you use KaZaA or other P2P services. You may not be acting in the course of a business; but by making a music file available for download for any other users of your chosen P2P network, you are communicating the work - potentially at least - to millions, i.e. to an extent that the music industry could say is prejudicing its rights."
-:-
Judging on this, in the UK -- the base of first4internet -- one can also be sent to prison over copyright infringement.
Some more or less relevant case law:
http://www.legalday.co.uk/lexnex/simkins03/simkins q403/simkins141003.htm
"PPL applied for an order to commit Mr Tierney for contempt of court in respect of his failure to comply with the court order. It had reportedly made seven previous applications of this nature against Mr Tierney.
PPL succeeded in its application. Mr Tierney had been warned of the consequences of further breaches of the court order only six months previously. The court imposed a term of imprisonment of 35 days. In order that the sentence had the effect of ensuring future compliance, the court suspended the sentence for 40 months."
====
US
====
I find Sherman's comments outrageous. I cannot see myself ethically justified in supporting an industry that encourages the erosion of consumer's personal freedoms and uses corrupt business practises to maintain control of an art form. The empire has outlived its purpose, namely to get music to the people. That is the purpose regardless of the motivations of the people in it.
"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist." -- Dom Helda Camara.
Sure the people working in those sweatshops (By the way, I advise everyone I know to avoid labels that I know have repeatedly used sweatshops, and I don't purchase any of their goods, ever, nor wear them. Nike is a prime example) are making money and are thus able to put some food on the table, but the problem is that these people are first off being paid jack squat, compared to residents in nations that are further developed, and second off the workplace environments are more often than not to the point where they'd be shut down permanently in, again, many nations that are further developed. And if you believe that these jobs are actually helping the country progress in a positive nature, I've a bridge to sell you. All they do is keep the status quo, no more.
These people are being exploited and that's the whole point.
"We invented personal computing." - Bill Gates
I was actually going to point out that they aren't being paid the same wages as more developed countries. Because they don't live in more developed countries. It would be great if the countries were more developed, but driving away business isn't going to increase living standards at all. It would also be nice if companies paid significantly more than market wages, but if you force them to pay the same wages as they would in a developed nation, they simply wouldn't hire workers in developing nations at all. Just having some food is pretty terrible, but it's better than having no food or resorting to prostitution.
English is easier said than done.
is that it hides the atrocities committed by Hitler's regime.
That's why Godwin's "Law" is both stupid and dangerous.
Is Capitalism Good for the Poor?
While the /. community is an exception, it seems to me that most people just don't understand what exactly rootkits do. At best, they're given cursory nods in the news [now] as just another form of malware. The media asks why can't our anti-virus software just detect them? OmniNerd has an article about how rootkits work that is technical enough for /. but without the reliance on source code found so often on Phrack resources, which our non-tech brethren can't understand.
URL: http://www.omninerd.com/2005/11/22/articles/43
When you understand your disbelief in other gods, then you will understand my disbelief in yours.