We don't need a design, because somebody will come up with something. I don't know what, but I'm sure it'll happen so why worry?
Here's my idea - let's get people to pay for the cost of something up front using donations.
I like the fact that you're considering economic solutions, it's a lot more than most people do! But I don't think it'll work.
The first problem is that it removes the profit motive. Donations work for Wikipedia because its costs are pretty low, and most people who work on it aren't compensated. Because of that it's understood to be an altruistic not-for-profit foundation. If there's one thing that capitalism vs communism taught us though, it's that the profit motive is a pretty big deal. Your idea removes this because it sets an upper limit on how much you can earn. Most people probably wouldn't want to donate a $100 to a film project, when it already has enough to cover costs. The vision of tremendous profit is what motivates at least some enterprises.
The second problem is that many projects don't recover their costs and are subsidised by the ones that do. This is especially true in the movie and video game markets. If projects are funded by up-front donations, that can't work anymore as it's not possible for a movie or game to make significant profit. That means it's harder to take risks. Let's say Will Wright proposes this cool game calld "Spore". He isn't really sure what it'll be like yet, all he knows is it'll involve growing lifeforms and stuff. He'll get a bunch of donations because, well, he's Will Wright. But what if he can't raise enough? What if vague promises of "really cool shit" don't motivate people to fork over the $100 or so (to offset the fact that most people are no longer paying)? In the current system he can subsidise it with the profits from The Sims. In your model, he can't.
The final problem is that this doesn't work for new entrants to the market. How can anybody know if this up and coming director will produce something good or not? It's his first film? $10 million is not a big budget these days for an entry-level film with a few special effects, but where does it come from? Sure, Spielberg might be able to get that easily but what about somebody not so famous?
Even with all these problems, I think this model can work in a few places. Open source software where features are added by contract is one example, except there it's usually pretty clearly defined in the contract what is required and the cost is usually paid for by businesses rather than an amorphous cloud of benefiters. But we'll see. Maybe it'll go this way regardless.
After all, access to that embarrassing video clip can always be revoked
I'm not aware of any existing DRM systems that can revoke particular pieces of content, that is a pointless thing to be able to do. Key revocation is about disabling compromised players, not suppression of content.
There is also the problem of evil chips ensuring that the only software that Bill Gates approves of will run on your machine.
That is a gross distortion of the facts. There is no such "evil chip". The only thing you might be thinking of is the TPM, which is an open standard implemented by many vendors and in fact was supported by Linux before Windows. The TPM does not prevent you from running Linux. In its most "evil" usage, it simply prevents you from lying about the state of your machine. If you have to lie about what you're doing to convince people to give you their work, then that's your problem and possibly theirs, but it's certainly not the TPMs.
Being able to see the latest teen idol is in no way an acceptable tradeoff for these losses.
Who says the rest of the world agrees with you? There's a whole lot of people out there who buys stuff from the iTunes store despite the DRM. I myself buy stuff from it, because I can't get The Daily Show here in Switzerland and Jon Stewart makes me laugh. I guess you would look down your nose at this pop culture, but I don't really care, because I think it's fair that I pay Comedy Central a bit of cash and they give me half an hour of entertainment.
I've also read the specs for the TPM, LaGrande and AACS so I am under no paranoid illusions about what they can or cannot force me to do. I'd recommend them, they are an interesting read even if you dislike the ideas.
1) The problem DRM tries to solve is the preservation of a particular business model that allows content packagerss and distributors to use their position in between artists and their audience to keep the largest slice of the creative-works pie for themselves.
Well, there's some truth to that. It's undoubtably true that DRM is being used for many different things at once - Microsoft/Apple use it to lock people into their platforms, the record companies are using it to maintain their business model, etc, but I don't think you can credibly argue that the poor musicians are trapped by the evil record companies.
I know a couple of musicians and they all want a record deal, because it is the first step along the rocky road to fame and money. Artists who go the "new" road and release their work as MP3s on Myspace sometimes get discovered, and then they get a record deal. Why? Because the record companies do offer them something compelling that they can't get by going it alone.
Whether you believe this particular business model is obsolete or not is irrelevant though - it's not your decision to make. Write a hit album and then your decision will carry some weight, because it'll set an example for others. So far we're many years into the brave new world and the record companies keep signing new artists.
On the other hand, there is no evidence at all that cheap copying has stemmed the flow of professional creative works. Show me one musician, one author, one director anywhere who has said, "I thought about making this album/book/movie but decided not to because it could be copied too easily."
It happens more often than you might think. It's not phrased that way though, rather, it's phrased as "we don't think the return on investment for this artist is worth it", which can mean many things but sometimes does indeed mean "the kind of people who like this music are the kinds who will just download it". And then if the musician trying to get funding can't get it, maybe they go work at their local McDonalds instead of sitting around writing their next album because after all, they have bills to pay just like anybody else.
I haven't seen this with my own eyes, but my brother has. These days he is mostly writing and arranging music for artists who target the 40s-60s market, lots of classical stuff, because there's still money in that, along with the odd teeny bopper. Whether piracy has actually affected the bottom line is hard to prove because there's too many variables, but there's no doubt that the perception of piracy has made the decision-makers a lot more conservative. Of course this is a vicious circle - they produce the stuff they know will be bought and then people go "oh noes! the evil record companies produce monotonous crap so they deserve what they get".
2) What is this "the" free market of which you speak, and how does it relate to the huge diversity of actual free markets in the real world, which vary in their legal and economic structure enormously?
You're arguing a technicality of language rather than answering my original question. It should be clear I was talking about a market that sets prices based on supply and demand, which is pretty generic and applies to most definitions of "market" I'm aware of.
I am claiming exactly what I claimed before - that there was probably an economic system out there that is capable of dealing with such goods. Whether such a system is a market of some kind or not, I don't know and neither do you. Right now it seems unlikely because setting a price based on supply and demand is pretty fundamental to what a market is, but by altering the parameters of the market it might become possible (you can imagine a system in which people are paid for a work in advance of it being produced, for instance).
I guess I could just link to Baen Books here, or to any number of bands like the Bare
DRM will fail on its own, because it is anti-consumer, and impossible (cryptographically speaking) to implement securely. We live in a (mostly) free market society. As publishing firms continue to push DRM, new markets will open and will eventually replace the DRM firms, by offering superior products.
This paragraph just seems really vague to me, sorry. DRM isn't inherantly anti-consumer as the success of the iTunes music store seems to show, likewise, it hasn't been a problem with satellite TV which is DRM protected (they send you the data but you gotta pay to access it). The P4 smartcard eliminated satellite TV piracy overnight, despite it being impossible (cryptographically speaking)... the trick is that theory and practice are not the same.
I would, however, agree that eventually somebody will come up with a solution that doesn't involve DRM. Either the group of people who publish content in unencumbered formats will grow to seriously challenge the existing "big boys" as has already happened to some extent with open source software (modulo games)... or somebody will invent an economic system that obsoletes the need for DRM.
These freedoms are being threatened every day - not just in the United States. Even my own country (Canada) is under attack by the various recording companies and individuals with a stake the game.
Look, I hate to break it to you but those evil recording corporations are just representing their clients. I've worked with musicians in the past, my brother writes music for up and coming pop stars, and they all dream of making enough money to go full time (or better). Whether they're sugary popstars or real musicians, they all want to do what they love for a living instead of working behind a desk at a job they hate (and who can blame them)... and right now that means signing with a record company. Doing the odd concert here and there just doesn't pay the bills especially if you aren't well known. Although a lot of these big media companies can be pretty damn evil, they're no more evil than most big corporations are and ultimately they are responding to the desires of the people who write the music in your collection.
The main point missing from this relatively well organized and civil rant is what to do about it. It's always easier to point out he problems than the answers.
That's the problem with pretty much the entire anti-DRM movement. It has no credibility because it only points out problems and not solutions.
I have a pretty unpopular opinion here on Slashdot - I am broadly supportive of DRM. Fortunately I also have great karma and don't care much about losing it, so I don't mind arguing the case for DRM here. One of the things that bugs me about Slashdots DRM coverage is it's full of people pointing out problems, and never solutions.
The basic problem DRM tries to solve is really simple - we want professionals to produce high quality 'creative works' despite us having technology that can replicate such an item for zero cost. The free market really can't cope with that at all, because it makes "supply" in the economic sense infinite therefore price becomes zero, implying that something has no value. That's clearly rubbish, and quality creative works definitely have value to millions of people.
Nobody really knows how to design an economic system that works in the case of zero-cost-copies though so for now, we'll have to make do with what we've got - the free market - and bodge/hack things together until it works. These hacks will always be suboptimal and have lots of problems, hacks always do, but it's the only option right now. Typically this is done by preventing zero-cost copies, which allows the market to set a price, meaning the people who made the creative work get paid.
As it happens, that's really hard. Computers copy information, that's what they do, and unfortunately people can't be trusted to just follow the rules of the system left to their own devices. Instead people do a cost:benefit analysis and think, well, it's not likely I'll be caught, so I'll go ahead and break the law. Who cares, everybody else does it anyway. So it has to be enforced at the technology level, otherwise we just screw ourselves over in the long run when content production just becomes economically unsupportable.
I don't like the fact that FairPlay locks you into Apple, that Janus locks you into Windows Media, and that neither of them run on Linux. I really don't. But I also don't see a real alternative. An open DRM scheme has been proposed by Sun but never took off, because it's not enough to have a design - you must also have code, a commitment to repair it when breached, deals with the people who make the stuff in the first place etc.
The alternatives to DRM that are suggested are usually pretty pathetic. "Make money off concerts" might work for (some) musicians but not for software developers, "make multiplayer games that enforce it server side" might work for (some) software developers but doesn't work for musicians, and nobody really thought about what happens when we perfect the ebook reader.
As more and more moves into the digital realm this issue is just going to get bigger and bigger. It isn't going to go away just because it'd be convenient for Slashdotters, especially because for every poster here who really cares about the ability to write open source viewers there are at least 3 who just like getting free movies off BitTorrent.
When somebody can give me a sound, scalable, generic and implementable economic design for goods that cost money to build the first time but are free to copy from then on, I might start to protest against DRM, because I'd actually have an answer to the question of "If not DRM then what?". Until then I'll continue to argue the case for it, use it despite the inconvenience and who knows, maybe even implement it in future.
This is crazy. I can't believe people are "disturbed" by this. Firstly, it's the most trivial thing ever. You don't have to read it. Secondly, contrary to popular opinion, Google is not the borg and employees can and do criticise the company. I've heard more than one person comment that they aren't a fan of TotT, but it's not because they find it "sinister"... it's because some people just don't like how strongly some other people push unit testing. And in my experience that's true of many software companies:/
Seriously, if you want to see a not-quite-right urinal then there's a pub in England that has eye-level screens in the gents loo, which play soft-porn movie clips. Advice on unit testing is pretty tame in comparison to that.
Oh pish. Of course in theory you can always extract the key from any player, in practice it's possible to make this so hard to do nobody can manage it. This is the approach satellite TV vendors have used - of course they keys are somewhere inside those smartcards or devices, but good luck to you if you try and extract them. The fact that most software players suck at protection is no news, for as long as there will be software HD-DVD/BluRay players, there will be leaked title keys. However, the point is that whilst it's easier to crack software players it's also easier to update/upgrade them, so the cost of a player revocation is much lower.
So what do creators of players do? Well, there are variety of techniques you can use to obfuscate the keys, make it harder to extract them, make it easier to update in the case of breaches, and so on. These techniques have been used successfully by Blizzard and Microsoft - Windows Media DRM is "self healing" and whilst tools to extract the keys do occassionally surface, they tend not to work for long. Blizzards "Warden" anti-bot software is pretty good at both detecting software modifications and preventing them from working, again the trick is to make online updates very easy.
Finally, there are hardware/software features being developed that can hide information inside the hardware so extracting the keys becomes a matter of hardware cracking rather than software cracked (look at LaGrande) which is a much harder problem fewer people are able to do.
AACS itself is just a piece of mathematics that makes it plausable for every key in the world to have its own player key, and to revoke those keys with linear storage cost. AACS itself has not been broken. Badly written players have been, but that was always going to be a problem. This guys issue is that if he distributes his crack, the chance of the studios figuring out which player he attacked increases, at which point they can revoke it (probably they can already guess, there aren't that many around right now). If he doesn't distribute the crack then the system relies upon him purchasing every title released and extracting the keys at home, which just doesn't doesn't scale. Sure a few titles might be lost, but who cares when thousands are published every year....
I think the guy is pretty naive, in mixing up theory and practice like this. He says:
If you can play it, you can decrypt it! There is nothing you can do about it. The only thing they can try is to slow people down.
Well, like I said, satellite TV seems to disprove this. The box itself can play any channel (ppv movie channels for instance) but it's pretty hard to decrypt that stream if you haven't paid for it. So hard in fact that in the case of DirecTV I think it only happened once. The HU card was broken (at ridiculous expense, cost and risk), so they rolled out the P4 cards and the system has been secure ever since. Sky Digital in the UK was never broken at all. If the movie guys are determined eventually they'll just go the route digital TV companies did and ban software/pc based players.
This fix is in line with the typical timing and attention given Apple security updates - relatively quick and competent.
Not sure I'd agree with that, actually. Apple is generally regarded as being slower than Microsoft at patching problems. According to the MOAB folks the QuickTime HREF universal XSS was patched slowly and then only for MySpace (huh?). Plugin XSS is pretty serious! It's possible they got better, but according to this study from 2006 it took them 91 days on average to fix known exploits.
IIRC nearly a third of their "Apple Bugs" are 3rd party problems to begin with.
Yes, of course, it's silly to call it the "Month of Apple Bugs" when they are also reporting exploits in third party software. Unfortunately, it's also understandable - the fact that many security problems in Windows are caused by third party software does not stop people blaming Microsoft for the insecurity of the Windows platform. Given that quite a few of these third party exploits are privilege escalation (eg instant root), it is Apples problem. If third party devs cannot write secure code then they'll end up in the same situation as Windows - and it seems they can't write secure code (no surprises here). Apple are already being targetted by attackers.
MOAB are still flaming Apple Inc., Apple users, and anyone else who critiques their methods, and it's gotten personal and insulting. They come out swinging their fists at the Apple community, then cry foul because someone hits back.
I quite agree that these "Month of X bugs" things seem to be quite irresponsible and even immature. I'm not sure what the point of them is, except to make a bad situation worse.
They said one of the exploits was reported to them as a Zero-Day which is in fact being exploited by a malicious self-encrypting program (if you can call xord strings self-encrypting). So it seems there has indeed been an "outbreak".
Valleywag seems to be mounting a 1-man crusade against Second Life right now. They either generate or publicise pretty much any negative news about it they can. As to the rest of the news industry, well, journos like to talk about it because it's basically unique and the idea is a bit sci-fi.
I mean generalises out to non-music forms of data. "Make money off concerts" doesn't work for software developers, obviously. It's also kind of a sucky solution for musicians who for whatever reason don't do huge concerts - either they're too eclectic, or they are producing the sort of music that you don't perform live (drum'n'bass for instance).
All you can do with security is hope to make something secure enough that it's not worth somebody's trouble to break it. The problem is that only one person has to break the security to make the entire security regime worthless.
Not really - only one person has to break it for it to be worthless for that song. Filesharing networks only work because everybody rips their music and shares the whole collection. If you had to rely on somebody to go through contortions for every song, typically you'd only be able to find what you're looking for some fraction of the time. Given that P2P networks are unreliable and tend to be riddled with malicious files, it doesn't take much to get people to move to something better (as the success of the iTMS shows).
Even if the recording companies go that way in the end, this issue isn't going to disappear. Too many people are employed making information/data these days. It's been 20 years and we still have copy protection on software, because without it piracy is just rampant. Too many people basically don't care. I've seen people try and get tech support for something they pirated more than once. Even if DRM for music goes away, there is still video, software, books, pictures.... the list is growing all the time.
Personally, I'd be in favour of a DRM system that was reasonably secure (ie, had hardware support) and wasn't tied to any particular vendor or publisher - simply because for all the bitching about DRM rarely does anybody have a credible alternative that generalises (so "make money on concerts" doesn't count). Unfortunately such a DRM system doesn't exist and I doubt it will anytime soon, there is just too much incentive for the designing company to control it.
Ever notice that whenever you read an article in the newspapers about something you know about, it's always riddled with errors? This article made me think of that. In my not so humble opinion, this is just a really, really bad piece of writing. Where do we even start?
Furthermore, since Google is acquiring copyright material at no cost, it seems to be treating books quite differently from all other media. It is prepared to pay for video and music, but not, apparently, for books. The Google defence is that their Book Search system is covered by the legal concept of "fair dealing".
I guess he means fair use, not fair dealing. I'm not sure why he thinks Google is paying for music. This is news to me...
But the second thing to be said is that I could read whole passages of my books of which I own the copyright. At once a huge intellectual property issue looms.
The ability to quote or use small parts of a work as fair use has always been there as far as I know. This is a new way to use it, that's all. Is this post a looming intellectual property issue now?
Jeanneney says that Google is not what it seems. Its search results are biased by commercial and cultural pressures. He has a point. Try this: go to Google Book Search and enter Gustave Flaubert. The first results are full of English translations of Madame Bovary.
Given that the author points out elsewhere that the American libraries are the first to allow digitization of copyrighted books, I'm not sure why he is surprised by this.
"It's the readers who will have the final say"...
No, it is the teachers who will have the final say. They will determine whether people will read for information, knowledge or, ultimately, wisdom. If they fail and their pupils read only for information, then we are in deep trouble. For the net doesn't educate and the mind must be primed to deal with its informational deluge. On that priming depends the future of civilisation. How we handle the digitising of the libraries will determine who we are to become.
I don't even know what to make of this paragraph. The net doesn't educate? Teachers will dictate how we read books in the future? If students only read books for information, we're doomed? It seems like a random collection of ideas that aren't backed up with logical argument, but exists only to give a punchy ending paragraph.
I admit, I never cared much for The Times, but this sort of writing is below even their standards. It jumps all over the place, gets the facts wrong, generalises too much and is sensationalist in style. Poor show guys.
In order to get their messages past all the anti-spam measures around these days, these guys have to send out almost totally undreadable misspelt nonsense with completely misleading subject lines.
Yes. The fact that modern spam is unreadable garbage is a huge win for us, the good guys. It means that to run an effective spam campaign you now need to to spend say 10 million spams instead of only one. The success rate is way, way lower so you have to bump up the volume to get the same hit. If it weren't for botnets, spam would probably be on the decline by now because simply delivering the quantity of mail needed would be impractical. Unfortunately we do have botnets, so all we see is the same amount of spam, but more nonsensical. Still, if one day we can solve the botnet problem, it means the spam problem will largely be solved at the same time.
I can't beleieve that people receive these things and then go on to purchase something. It doesn't make sense.
Viagra, and its competitors Cialis and Levitra, are all prescription drugs. Presumably, a lot of people either want to use them but don't actually need them, or are too embarassed to go to their doctor and admit they can't get it up. Buying online is anonymous and there's no risk of anybody finding out. You can't buy them from legit sites because they are prescription, so spammers mop up the black market. We could probably halve the volume of spam tomorrow by making Viagra non-prescription.
As to why people buy penny stocks on the advice of spam, well, I guess they are just morons.
Re:a Rose by any other name is still full of crap
on
IsoHunt Shut Down?
·
· Score: 1
lol, how stupid. So it's every man for himself, is it? Well, I don't think that sounds like much fun myself, but hey sure if you're up for it why not? I am assuming that from now on you won't:
Use the internet. It's built by other people after all, and it requires you to pay for it.
Go to a supermarket. That food is grown and delivered to you by other people.
Plug into an electricity socket
Oh what's that? You don't want to live in a cave? Well then I guess as you rely on other people all the time you'll have to learn how to respect their work, won't you. Christ, what a little shit you are. "Oh noes, the world is not perfect so that gives me carte blanche to rip people off whenever I feel like it, woe is me!". Why not just admit that you don't actually give a crap about anybody but yourself, and get it over with?
I took a look at those posts, and they are not relevant to this issue. It's definitely an Apple problem.
Firstly, the SolidWorks example, "it crashes when it gets to 2gigs of RAM". Of course it does, you can only allocate 2gigs of RAM on 32 bit Windows without a magic switch that is off by default. When an app can't allocate any more RAM, it'll start getting NULL pointers back from malloc (assuming the machine doesn't grind into swap hell) and most apps aren't OOM safe. So it's a different issue.
Another one is "Half Life crashes when I enable the 3gig switch in boot.ini". The reason this is a switch off by default in Windows is that many poorly written apps make assumptions about pointers returned from malloc/VirtualAlloc, like being able to tweak the high bit to store their own information. When the OS starts handing out pointers above that boundary therefore, things start to break. Almost certainly, this is what is happening. This doesn't necessarily implicate Half Life - it could easily be a problem with any library it uses, third party or otherwise, or it could be some code injected into Half Life by some virus scanner/anti-spyware program etc.
None of these posts implicate the video driver as a problem.
You mean on the phone or on the PC? I just drag/drop files onto the storage and never really noticed it as an issue. The W800 series can't store enough to make transfer time an issue, really. Hopefully the 4gig versions are usb2. The music player on the phone works pretty well for me, though it could be improved.
If Mac OS X is truly the foundation of the iPhone, buggy apps shouldn't be able to do the things you and Steve are warning against.
So? This is also true of any Java phone, which has perhaps the best security model in any shipping operating system today. The whole idea that buggy apps can trash your phone is bizarre. I think it must only be true of "smartphones" that are also PDAs and have their own platform like Symbian, PocketPC or whatever. Most phones only do Java and they have no security issues beyond bad UI design (modal install dialogs, for instance, which are exploitable). But that's easy to fix.
I was fully going to switch to this phone in June. No joke. But this statement by Jobs has certainly installed boundaries for my imagination running wild with this device's potential.
It's a nice phone. But as far as I can tell it's no more stylish/amazing than the W950i. For those who haven't used the SonyEricsson consumer phones before, they have a very Mac-like UI with all kinds of nice transitions, effects, great artwork etc. Also very easy to use. They have 3D accelerators too so if the fancy 3D effects are well received I expect SE to add them to their phones as well Meanwhile, these phones are also pretty cheap if you get them on contract and appear to be a strict superset of the iPhones features - that is, they do everything the iPhone does, and also more. My W800 has been a great experience and I'd not hesitate to upgrade to the 950 when I get a new phone. Incidentally though I believe SE have little penetration in the states, they completely own the UK. You see them everywhere. And why not - they are really great phones.
I cannot believe people are still saying this. How many stories about botnets do we have to have on Slashdot before people realise that UNIX is not secure either.
Look. The vast majority of this crap comes in via browser exploits these days. Running malicious attachments etc is not such a favoured technique anymore. There is nothing in UNIX that stops applications from being written in an insecure fashion, there is nothing in UNIX that stops apps hooking each other to hell and back (which is largely what these bots are doing when they steal data), there is nothing in UNIX that even makes it hard to install a rootkit. Just phish the password out of the user, or wait until an authentication dialog appears and overlay your own, or wait until a privilege escalation attack is found (new ones appear all the time). But as you don't need root to steal data, send spam, display popup ads or any of the other things bots do this is really just a nice-to-have bonus, it's not essential.
The fundamental architecture of Windows NT is no different to UNIX these days. They are both seriously flawed because they are based on a threat model from the 70s, when the world of computing was totally different. Having an administrator user and also a "regular" user who are really the same person is a nasty hack that doesn't solve the problems at all. Apple don't have the answers... have you seen how easy it is to suck SSL protected form data out of Safari? Neither does the Linux community. SELinux has gone down the route of totally static policy, which is fine for servers but worthless for desktops.
MacOS and Linux are statistically insignificant, but if people keep recommending them as a "solution" then soon they won't be and then we'll find, oh look, it's just as easy to create Mac botnets as it is Windows botnets. What little trust is left in computer security people will then be gone.
The fact is, residential computing is fucked. Utterly, utterly fucked. The guy quoted by the NYT is right, the war was already lost a long time ago, and people keep pretending it wasn't. The war was lost when the computing community decided that user based DAC security models could stop malicious software. They can't, they don't, and they never will so please stop saying MacOS or Linux are somehow inherantly better, when they aren't! They are at best temporary band-aids.
The Win32 API makes heavy use of macros for versioning, so I do not believe you can classify it as "rare". Maybe it's rare on UNIX but that's a failing, not a strength.
Centralised databases are pretty easy to shut down though. Even if you host them in Russia, or whatever, they can be blocked at the ISP level in the West.
Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.
Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.
The sad thing is that it's named ReiserFS because in a past life somebody screwed him over and tried to steal his work. He felt that by naming it after himself, he'd protect himself from that kind of duplicity again. Yet here he is, losing his lifes work all over again....
Did he do it? Who can know these things. The gluttony of evidence here is almost suspicious in itself. Who really buys a book on how to commit murder, then doesn't chuck it after the deed is done? Especially somebody like Hans who is not stupid. If I was a cop this sort of thing would be ringing alarm bells in my head saying "setup".
Slashdot Mirror
Well, your proposal boils down to this:
I like the fact that you're considering economic solutions, it's a lot more than most people do! But I don't think it'll work.
The first problem is that it removes the profit motive. Donations work for Wikipedia because its costs are pretty low, and most people who work on it aren't compensated. Because of that it's understood to be an altruistic not-for-profit foundation. If there's one thing that capitalism vs communism taught us though, it's that the profit motive is a pretty big deal. Your idea removes this because it sets an upper limit on how much you can earn. Most people probably wouldn't want to donate a $100 to a film project, when it already has enough to cover costs. The vision of tremendous profit is what motivates at least some enterprises.
The second problem is that many projects don't recover their costs and are subsidised by the ones that do. This is especially true in the movie and video game markets. If projects are funded by up-front donations, that can't work anymore as it's not possible for a movie or game to make significant profit. That means it's harder to take risks. Let's say Will Wright proposes this cool game calld "Spore". He isn't really sure what it'll be like yet, all he knows is it'll involve growing lifeforms and stuff. He'll get a bunch of donations because, well, he's Will Wright. But what if he can't raise enough? What if vague promises of "really cool shit" don't motivate people to fork over the $100 or so (to offset the fact that most people are no longer paying)? In the current system he can subsidise it with the profits from The Sims. In your model, he can't.
The final problem is that this doesn't work for new entrants to the market. How can anybody know if this up and coming director will produce something good or not? It's his first film? $10 million is not a big budget these days for an entry-level film with a few special effects, but where does it come from? Sure, Spielberg might be able to get that easily but what about somebody not so famous?
Even with all these problems, I think this model can work in a few places. Open source software where features are added by contract is one example, except there it's usually pretty clearly defined in the contract what is required and the cost is usually paid for by businesses rather than an amorphous cloud of benefiters. But we'll see. Maybe it'll go this way regardless.
I'm not aware of any existing DRM systems that can revoke particular pieces of content, that is a pointless thing to be able to do. Key revocation is about disabling compromised players, not suppression of content.
That is a gross distortion of the facts. There is no such "evil chip". The only thing you might be thinking of is the TPM, which is an open standard implemented by many vendors and in fact was supported by Linux before Windows. The TPM does not prevent you from running Linux. In its most "evil" usage, it simply prevents you from lying about the state of your machine. If you have to lie about what you're doing to convince people to give you their work, then that's your problem and possibly theirs, but it's certainly not the TPMs.
Who says the rest of the world agrees with you? There's a whole lot of people out there who buys stuff from the iTunes store despite the DRM. I myself buy stuff from it, because I can't get The Daily Show here in Switzerland and Jon Stewart makes me laugh. I guess you would look down your nose at this pop culture, but I don't really care, because I think it's fair that I pay Comedy Central a bit of cash and they give me half an hour of entertainment.
I've also read the specs for the TPM, LaGrande and AACS so I am under no paranoid illusions about what they can or cannot force me to do. I'd recommend them, they are an interesting read even if you dislike the ideas.
Well, there's some truth to that. It's undoubtably true that DRM is being used for many different things at once - Microsoft/Apple use it to lock people into their platforms, the record companies are using it to maintain their business model, etc, but I don't think you can credibly argue that the poor musicians are trapped by the evil record companies.
I know a couple of musicians and they all want a record deal, because it is the first step along the rocky road to fame and money. Artists who go the "new" road and release their work as MP3s on Myspace sometimes get discovered, and then they get a record deal. Why? Because the record companies do offer them something compelling that they can't get by going it alone.
Whether you believe this particular business model is obsolete or not is irrelevant though - it's not your decision to make. Write a hit album and then your decision will carry some weight, because it'll set an example for others. So far we're many years into the brave new world and the record companies keep signing new artists.
It happens more often than you might think. It's not phrased that way though, rather, it's phrased as "we don't think the return on investment for this artist is worth it", which can mean many things but sometimes does indeed mean "the kind of people who like this music are the kinds who will just download it". And then if the musician trying to get funding can't get it, maybe they go work at their local McDonalds instead of sitting around writing their next album because after all, they have bills to pay just like anybody else.
I haven't seen this with my own eyes, but my brother has. These days he is mostly writing and arranging music for artists who target the 40s-60s market, lots of classical stuff, because there's still money in that, along with the odd teeny bopper. Whether piracy has actually affected the bottom line is hard to prove because there's too many variables, but there's no doubt that the perception of piracy has made the decision-makers a lot more conservative. Of course this is a vicious circle - they produce the stuff they know will be bought and then people go "oh noes! the evil record companies produce monotonous crap so they deserve what they get".
You're arguing a technicality of language rather than answering my original question. It should be clear I was talking about a market that sets prices based on supply and demand, which is pretty generic and applies to most definitions of "market" I'm aware of.
I am claiming exactly what I claimed before - that there was probably an economic system out there that is capable of dealing with such goods. Whether such a system is a market of some kind or not, I don't know and neither do you. Right now it seems unlikely because setting a price based on supply and demand is pretty fundamental to what a market is, but by altering the parameters of the market it might become possible (you can imagine a system in which people are paid for a work in advance of it being produced, for instance).
This paragraph just seems really vague to me, sorry. DRM isn't inherantly anti-consumer as the success of the iTunes music store seems to show, likewise, it hasn't been a problem with satellite TV which is DRM protected (they send you the data but you gotta pay to access it). The P4 smartcard eliminated satellite TV piracy overnight, despite it being impossible (cryptographically speaking) ... the trick is that theory and practice are not the same.
I would, however, agree that eventually somebody will come up with a solution that doesn't involve DRM. Either the group of people who publish content in unencumbered formats will grow to seriously challenge the existing "big boys" as has already happened to some extent with open source software (modulo games) ... or somebody will invent an economic system that obsoletes the need for DRM.
Look, I hate to break it to you but those evil recording corporations are just representing their clients. I've worked with musicians in the past, my brother writes music for up and coming pop stars, and they all dream of making enough money to go full time (or better). Whether they're sugary popstars or real musicians, they all want to do what they love for a living instead of working behind a desk at a job they hate (and who can blame them) ... and right now that means signing with a record company. Doing the odd concert here and there just doesn't pay the bills especially if you aren't well known. Although a lot of these big media companies can be pretty damn evil, they're no more evil than most big corporations are and ultimately they are responding to the desires of the people who write the music in your collection.
That's the problem with pretty much the entire anti-DRM movement. It has no credibility because it only points out problems and not solutions.
I have a pretty unpopular opinion here on Slashdot - I am broadly supportive of DRM. Fortunately I also have great karma and don't care much about losing it, so I don't mind arguing the case for DRM here. One of the things that bugs me about Slashdots DRM coverage is it's full of people pointing out problems, and never solutions.
The basic problem DRM tries to solve is really simple - we want professionals to produce high quality 'creative works' despite us having technology that can replicate such an item for zero cost. The free market really can't cope with that at all, because it makes "supply" in the economic sense infinite therefore price becomes zero, implying that something has no value. That's clearly rubbish, and quality creative works definitely have value to millions of people.
Nobody really knows how to design an economic system that works in the case of zero-cost-copies though so for now, we'll have to make do with what we've got - the free market - and bodge/hack things together until it works. These hacks will always be suboptimal and have lots of problems, hacks always do, but it's the only option right now. Typically this is done by preventing zero-cost copies, which allows the market to set a price, meaning the people who made the creative work get paid.
As it happens, that's really hard. Computers copy information, that's what they do, and unfortunately people can't be trusted to just follow the rules of the system left to their own devices. Instead people do a cost:benefit analysis and think, well, it's not likely I'll be caught, so I'll go ahead and break the law. Who cares, everybody else does it anyway. So it has to be enforced at the technology level, otherwise we just screw ourselves over in the long run when content production just becomes economically unsupportable.
I don't like the fact that FairPlay locks you into Apple, that Janus locks you into Windows Media, and that neither of them run on Linux. I really don't. But I also don't see a real alternative. An open DRM scheme has been proposed by Sun but never took off, because it's not enough to have a design - you must also have code, a commitment to repair it when breached, deals with the people who make the stuff in the first place etc.
The alternatives to DRM that are suggested are usually pretty pathetic. "Make money off concerts" might work for (some) musicians but not for software developers, "make multiplayer games that enforce it server side" might work for (some) software developers but doesn't work for musicians, and nobody really thought about what happens when we perfect the ebook reader.
As more and more moves into the digital realm this issue is just going to get bigger and bigger. It isn't going to go away just because it'd be convenient for Slashdotters, especially because for every poster here who really cares about the ability to write open source viewers there are at least 3 who just like getting free movies off BitTorrent.
When somebody can give me a sound, scalable, generic and implementable economic design for goods that cost money to build the first time but are free to copy from then on, I might start to protest against DRM, because I'd actually have an answer to the question of "If not DRM then what?". Until then I'll continue to argue the case for it, use it despite the inconvenience and who knows, maybe even implement it in future.
This is crazy. I can't believe people are "disturbed" by this. Firstly, it's the most trivial thing ever. You don't have to read it. Secondly, contrary to popular opinion, Google is not the borg and employees can and do criticise the company. I've heard more than one person comment that they aren't a fan of TotT, but it's not because they find it "sinister" ... it's because some people just don't like how strongly some other people push unit testing. And in my experience that's true of many software companies :/
Seriously, if you want to see a not-quite-right urinal then there's a pub in England that has eye-level screens in the gents loo, which play soft-porn movie clips. Advice on unit testing is pretty tame in comparison to that.
Oh pish. Of course in theory you can always extract the key from any player, in practice it's possible to make this so hard to do nobody can manage it. This is the approach satellite TV vendors have used - of course they keys are somewhere inside those smartcards or devices, but good luck to you if you try and extract them. The fact that most software players suck at protection is no news, for as long as there will be software HD-DVD/BluRay players, there will be leaked title keys. However, the point is that whilst it's easier to crack software players it's also easier to update/upgrade them, so the cost of a player revocation is much lower.
So what do creators of players do? Well, there are variety of techniques you can use to obfuscate the keys, make it harder to extract them, make it easier to update in the case of breaches, and so on. These techniques have been used successfully by Blizzard and Microsoft - Windows Media DRM is "self healing" and whilst tools to extract the keys do occassionally surface, they tend not to work for long. Blizzards "Warden" anti-bot software is pretty good at both detecting software modifications and preventing them from working, again the trick is to make online updates very easy.
Finally, there are hardware/software features being developed that can hide information inside the hardware so extracting the keys becomes a matter of hardware cracking rather than software cracked (look at LaGrande) which is a much harder problem fewer people are able to do.
AACS itself is just a piece of mathematics that makes it plausable for every key in the world to have its own player key, and to revoke those keys with linear storage cost. AACS itself has not been broken. Badly written players have been, but that was always going to be a problem. This guys issue is that if he distributes his crack, the chance of the studios figuring out which player he attacked increases, at which point they can revoke it (probably they can already guess, there aren't that many around right now). If he doesn't distribute the crack then the system relies upon him purchasing every title released and extracting the keys at home, which just doesn't doesn't scale. Sure a few titles might be lost, but who cares when thousands are published every year ....
I think the guy is pretty naive, in mixing up theory and practice like this. He says:
Well, like I said, satellite TV seems to disprove this. The box itself can play any channel (ppv movie channels for instance) but it's pretty hard to decrypt that stream if you haven't paid for it. So hard in fact that in the case of DirecTV I think it only happened once. The HU card was broken (at ridiculous expense, cost and risk), so they rolled out the P4 cards and the system has been secure ever since. Sky Digital in the UK was never broken at all. If the movie guys are determined eventually they'll just go the route digital TV companies did and ban software/pc based players.
Not sure I'd agree with that, actually. Apple is generally regarded as being slower than Microsoft at patching problems. According to the MOAB folks the QuickTime HREF universal XSS was patched slowly and then only for MySpace (huh?). Plugin XSS is pretty serious! It's possible they got better, but according to this study from 2006 it took them 91 days on average to fix known exploits.
Yes, of course, it's silly to call it the "Month of Apple Bugs" when they are also reporting exploits in third party software. Unfortunately, it's also understandable - the fact that many security problems in Windows are caused by third party software does not stop people blaming Microsoft for the insecurity of the Windows platform. Given that quite a few of these third party exploits are privilege escalation (eg instant root), it is Apples problem. If third party devs cannot write secure code then they'll end up in the same situation as Windows - and it seems they can't write secure code (no surprises here). Apple are already being targetted by attackers.
I quite agree that these "Month of X bugs" things seem to be quite irresponsible and even immature. I'm not sure what the point of them is, except to make a bad situation worse.
They said one of the exploits was reported to them as a Zero-Day which is in fact being exploited by a malicious self-encrypting program (if you can call xord strings self-encrypting). So it seems there has indeed been an "outbreak".
Valleywag seems to be mounting a 1-man crusade against Second Life right now. They either generate or publicise pretty much any negative news about it they can. As to the rest of the news industry, well, journos like to talk about it because it's basically unique and the idea is a bit sci-fi.
Why not use the web interface?
I mean generalises out to non-music forms of data. "Make money off concerts" doesn't work for software developers, obviously. It's also kind of a sucky solution for musicians who for whatever reason don't do huge concerts - either they're too eclectic, or they are producing the sort of music that you don't perform live (drum'n'bass for instance).
Not really - only one person has to break it for it to be worthless for that song. Filesharing networks only work because everybody rips their music and shares the whole collection. If you had to rely on somebody to go through contortions for every song, typically you'd only be able to find what you're looking for some fraction of the time. Given that P2P networks are unreliable and tend to be riddled with malicious files, it doesn't take much to get people to move to something better (as the success of the iTMS shows).
Even if the recording companies go that way in the end, this issue isn't going to disappear. Too many people are employed making information/data these days. It's been 20 years and we still have copy protection on software, because without it piracy is just rampant. Too many people basically don't care. I've seen people try and get tech support for something they pirated more than once. Even if DRM for music goes away, there is still video, software, books, pictures .... the list is growing all the time.
Personally, I'd be in favour of a DRM system that was reasonably secure (ie, had hardware support) and wasn't tied to any particular vendor or publisher - simply because for all the bitching about DRM rarely does anybody have a credible alternative that generalises (so "make money on concerts" doesn't count). Unfortunately such a DRM system doesn't exist and I doubt it will anytime soon, there is just too much incentive for the designing company to control it.
Ever notice that whenever you read an article in the newspapers about something you know about, it's always riddled with errors? This article made me think of that. In my not so humble opinion, this is just a really, really bad piece of writing. Where do we even start?
I guess he means fair use, not fair dealing. I'm not sure why he thinks Google is paying for music. This is news to me ...
The ability to quote or use small parts of a work as fair use has always been there as far as I know. This is a new way to use it, that's all. Is this post a looming intellectual property issue now?
Given that the author points out elsewhere that the American libraries are the first to allow digitization of copyrighted books, I'm not sure why he is surprised by this.
I don't even know what to make of this paragraph. The net doesn't educate? Teachers will dictate how we read books in the future? If students only read books for information, we're doomed? It seems like a random collection of ideas that aren't backed up with logical argument, but exists only to give a punchy ending paragraph.
I admit, I never cared much for The Times, but this sort of writing is below even their standards. It jumps all over the place, gets the facts wrong, generalises too much and is sensationalist in style. Poor show guys.
Yes. The fact that modern spam is unreadable garbage is a huge win for us, the good guys. It means that to run an effective spam campaign you now need to to spend say 10 million spams instead of only one. The success rate is way, way lower so you have to bump up the volume to get the same hit. If it weren't for botnets, spam would probably be on the decline by now because simply delivering the quantity of mail needed would be impractical. Unfortunately we do have botnets, so all we see is the same amount of spam, but more nonsensical. Still, if one day we can solve the botnet problem, it means the spam problem will largely be solved at the same time.
Viagra, and its competitors Cialis and Levitra, are all prescription drugs. Presumably, a lot of people either want to use them but don't actually need them, or are too embarassed to go to their doctor and admit they can't get it up. Buying online is anonymous and there's no risk of anybody finding out. You can't buy them from legit sites because they are prescription, so spammers mop up the black market. We could probably halve the volume of spam tomorrow by making Viagra non-prescription.
As to why people buy penny stocks on the advice of spam, well, I guess they are just morons.
lol, how stupid. So it's every man for himself, is it? Well, I don't think that sounds like much fun myself, but hey sure if you're up for it why not? I am assuming that from now on you won't:
Oh what's that? You don't want to live in a cave? Well then I guess as you rely on other people all the time you'll have to learn how to respect their work, won't you. Christ, what a little shit you are. "Oh noes, the world is not perfect so that gives me carte blanche to rip people off whenever I feel like it, woe is me!". Why not just admit that you don't actually give a crap about anybody but yourself, and get it over with?
I took a look at those posts, and they are not relevant to this issue. It's definitely an Apple problem.
Firstly, the SolidWorks example, "it crashes when it gets to 2gigs of RAM". Of course it does, you can only allocate 2gigs of RAM on 32 bit Windows without a magic switch that is off by default. When an app can't allocate any more RAM, it'll start getting NULL pointers back from malloc (assuming the machine doesn't grind into swap hell) and most apps aren't OOM safe. So it's a different issue.
Another one is "Half Life crashes when I enable the 3gig switch in boot.ini". The reason this is a switch off by default in Windows is that many poorly written apps make assumptions about pointers returned from malloc/VirtualAlloc, like being able to tweak the high bit to store their own information. When the OS starts handing out pointers above that boundary therefore, things start to break. Almost certainly, this is what is happening. This doesn't necessarily implicate Half Life - it could easily be a problem with any library it uses, third party or otherwise, or it could be some code injected into Half Life by some virus scanner/anti-spyware program etc.
None of these posts implicate the video driver as a problem.
You mean on the phone or on the PC? I just drag/drop files onto the storage and never really noticed it as an issue. The W800 series can't store enough to make transfer time an issue, really. Hopefully the 4gig versions are usb2. The music player on the phone works pretty well for me, though it could be improved.
So? This is also true of any Java phone, which has perhaps the best security model in any shipping operating system today. The whole idea that buggy apps can trash your phone is bizarre. I think it must only be true of "smartphones" that are also PDAs and have their own platform like Symbian, PocketPC or whatever. Most phones only do Java and they have no security issues beyond bad UI design (modal install dialogs, for instance, which are exploitable). But that's easy to fix.
It's a nice phone. But as far as I can tell it's no more stylish/amazing than the W950i. For those who haven't used the SonyEricsson consumer phones before, they have a very Mac-like UI with all kinds of nice transitions, effects, great artwork etc. Also very easy to use. They have 3D accelerators too so if the fancy 3D effects are well received I expect SE to add them to their phones as well Meanwhile, these phones are also pretty cheap if you get them on contract and appear to be a strict superset of the iPhones features - that is, they do everything the iPhone does, and also more. My W800 has been a great experience and I'd not hesitate to upgrade to the 950 when I get a new phone. Incidentally though I believe SE have little penetration in the states, they completely own the UK. You see them everywhere. And why not - they are really great phones.
I cannot believe people are still saying this. How many stories about botnets do we have to have on Slashdot before people realise that UNIX is not secure either.
Look. The vast majority of this crap comes in via browser exploits these days. Running malicious attachments etc is not such a favoured technique anymore. There is nothing in UNIX that stops applications from being written in an insecure fashion, there is nothing in UNIX that stops apps hooking each other to hell and back (which is largely what these bots are doing when they steal data), there is nothing in UNIX that even makes it hard to install a rootkit. Just phish the password out of the user, or wait until an authentication dialog appears and overlay your own, or wait until a privilege escalation attack is found (new ones appear all the time). But as you don't need root to steal data, send spam, display popup ads or any of the other things bots do this is really just a nice-to-have bonus, it's not essential.
The fundamental architecture of Windows NT is no different to UNIX these days. They are both seriously flawed because they are based on a threat model from the 70s, when the world of computing was totally different. Having an administrator user and also a "regular" user who are really the same person is a nasty hack that doesn't solve the problems at all. Apple don't have the answers ... have you seen how easy it is to suck SSL protected form data out of Safari? Neither does the Linux community. SELinux has gone down the route of totally static policy, which is fine for servers but worthless for desktops.
MacOS and Linux are statistically insignificant, but if people keep recommending them as a "solution" then soon they won't be and then we'll find, oh look, it's just as easy to create Mac botnets as it is Windows botnets. What little trust is left in computer security people will then be gone.
The fact is, residential computing is fucked. Utterly, utterly fucked. The guy quoted by the NYT is right, the war was already lost a long time ago, and people keep pretending it wasn't. The war was lost when the computing community decided that user based DAC security models could stop malicious software. They can't, they don't, and they never will so please stop saying MacOS or Linux are somehow inherantly better, when they aren't! They are at best temporary band-aids.
You'd better be willing to bankrupt both Apple and the Mozilla Corporation then, as both have a long track record of major security holes.
The Win32 API makes heavy use of macros for versioning, so I do not believe you can classify it as "rare". Maybe it's rare on UNIX but that's a failing, not a strength.
Centralised databases are pretty easy to shut down though. Even if you host them in Russia, or whatever, they can be blocked at the ISP level in the West.
Yes. The major difference between AACS and CSS is that every player in the world can have a unique key, rather than just the 20 or so keys that CSS used. If PowerDVD is not adequately protecting the key then it will be barred from accessing new titles and a software upgrade will be required for PowerDVD players. For hardware DVD players, the key is usually far better protected anyway, but if it is somehow extracted then a firmware reflash and/or a physical hardware swap (paid for by the manufacturer) is the way it'll be done.
Basically, the summary is totally misleading, as per usual with Slashdot + DRM. AACS has not been cracked. A single badly protected player was cracked and its key will be revoked, as the AACS spec provisions for. The scheme was designed to be "damage resistant" and that's what we're seeing at work.
The sad thing is that it's named ReiserFS because in a past life somebody screwed him over and tried to steal his work. He felt that by naming it after himself, he'd protect himself from that kind of duplicity again. Yet here he is, losing his lifes work all over again ....
Did he do it? Who can know these things. The gluttony of evidence here is almost suspicious in itself. Who really buys a book on how to commit murder, then doesn't chuck it after the deed is done? Especially somebody like Hans who is not stupid. If I was a cop this sort of thing would be ringing alarm bells in my head saying "setup".