As much as we are against it, and as much as we preach that they're horrible, not one of us will do anything. We'll just go on our day downloading music. A bunch of us will even still buy their cd's.
Some of us have built alternative systems that allow donations, written good, Free, easy-to-use e-commerce and audio compression packages, have produced systems that allow electronic rather than expensive physical distribution, worked to get the word out about non-RIAA commercial folks (like Magnatunes), written P2P distribution systems that allow people to distribute data incredibly cheaply, without an incredibly expensive backer to buy a huge pipe, have written Free software to allow music composition, recording, and real-time audio work (thus lowering the barrier to entry in the field), have written music recommendation software that helps people find good artists even if those artists aren't backed by a huge marketing behemoth, and have written Internet radio software to do a similar task.
I'd say that there's a *lot* that has been done; at least to the point where the RIAA is pretty damn concerned about its continued survival, to the point where it's spending public image like mad -- clearly it's worried about something.
Could things be better? Yeah. But it's not as if everyone is just standing around with their thumbs up their asses waiting to see what the RIAA is going to do next.
I think every generation has claimed that it's vanished during the current generation. Same thing happened with the "me" generation (Gen X), during the seventies, and at least all the way back to Socrates.
Well, I don't want anyone logged on to eDonkey or somesuch at work. And believe me, no company policy is enough to stop people from running those things on warehouse terminals having a direct connection to our ERP.
When I'm at work, I'm doing work. I use the computers there for work and the printers there for work (with the exception of printing out directions if I need to go somewhere directly after work). My employer specifically has a policy allowing personal use of outside webmail at work (which I don't do, because I consider that screwing around at work). If I'm screwing around at work, that is an issue for my boss. What I really hate is using systems responsibly then and having some jackass from IT come in and try to do employee behavior control. Can I tunnel past it or do some other sort of stealthy information-passing through the proxy? Sure, but that's underhanded and not something that I want to engage in. What I want is to be treated as if I'm not a criminal by IT.
I'm used to asking questions about open source packages that I can't answer online by logging onto FreeNode and asking the authors there. No IRC access.
I'm used to asking very technical questions about C and threads in their respective newsgroups. No Usenet access.
Now, do I use eDonkey? Of course, but I keep it at home. That's something for my personal enjoyment, and has nothing to do with doing my job.
My view is that if someone is going to abuse the services available, it's no different than abusing the phone system to, oh, make long-distance calls to Chinese sex lines at work. That's not the responsibility of the telecom guys; it's the responsibility of the employee's boss. You don't block long-distance access in order to try to avoid those Chinese sex lines. What cheeses me off is that the IT world seems to have adopted the attitude that this *is* okay for them to try to regulate behavior when it comes to computers, despite not being acceptable for any other company-provided service.
Well, I guess you aren't familiar with this, then.
Actually, I am. I just lent out a copy of The Cuckoo's Egg yesterday to a friend; Cliff Stoll was right in the middle of said worm, and describes it in his book (though not in as much detail as some other authors that I've read). The attack is against the finger *server*, not the *client*. If you were going to successfully attack a client, your best bet would overwhelmingly be the incredibly complex web browser (which *is* allowed through said firewall).
Well, you'd never get employed by me, that's for certain.
Maybe, but said music releases are the bread-and-butter of the RIAA. It consists of member companies that make money by taking marketing of people to a new high. It's not about music -- it's about controlling a few hypercommercialized cash cows that sell to the masses.
That may not be the entire music industry, but it's synonymous with the organization out shotgunning lawsuits at people who download Metallica.
These links do not go over standard port 80 and so may not work behind company firewalls
Just once, I wish that all the "security administrators" out there who are convinced that they are protecting their network from "the evil hackers" by blocking *outgoing* ports need a swift kick in the ass.
God forbid that the evil hackers work their way back up the finger connection and destroy the entire LAN!
I remember at the place I used to work, I once asked a DNS question (I wanted to know whether I could have a CNAME set up.) The IT guy (long distance, sounded Indian) that eventually called me back, who *claimed* to be a "DNS administrator", had no idea what a CNAME is, but after about ten minutes of talking finally said "Oh, an *alias*!"
I don't get it. I'm pretty sure that IT people weren't always this clueless. I'm suspicious that they aren't all like this, but I can't figure out why I have a perpetual cloud of bad ones following me around all the time.
The same mentality goes into buying Alienware boxes.
Suppose you make a ton of money each year. You want to do something cool with it, and maybe you like video games (or your kid likes video games), but you aren't a computer builder any more than the guy down the street with a Ferrari is an auto mechanic. You just go find some expensive, fancy looking, powerful computer, and buy that. Ta Da! Alienware!
You get enough people wanting to use P2P software (including for infringement) and you put pressure on ISPs to provide more bandwidth and not just highly asymmetric "web and mail access".
Applications that push technology further are great.
If people weren't infringing on copyrights with P2P software, there'd be a lot less P2P usage out there.
So now you have of people who are marginally better off, many of whom are crazy or otherwise unemployable, and generally unskilled.
Or you could use the money to provide more valuable tools to those who *are* producing something.
If you had a proposal to, y'know, generate *useful* jobs for said homeless types, then I might be more sympathetic.
I'm not adverse to the idea of a Basic Income scheme (everyone is guaranteed some minimum income from the state); in today's society, it's probably reasonable. But that is a long-term solution, not a "dump money at homeless for a little bit because it makes me feel fuzzy inside" type solution.
Shortly after they started using Mulberry, they started using some other closed-source third-party service called Blackboard. I wonder how long that's going to last...
Given that Blackboard is a buggy, slow, ugly piece of shit, I hope not long.
I'm rooting for Eolas. You have to make software patents unacceptable to large companies before they'll go away. Eolas is trying to make a quick buck, but in the process is making companies take a long, dubious look at the dangers of having software patents around.
Open Source isn't at much risk. The sort of people that back Eolas and friends are doing the ambulance-chasing trick -- try to extract large amounts of money from big, rich types in high-risk cases. There's no money to squeeze out of Mozilla -- just a long, protracted battle.
The sort of people that use patents against Open Source are entrenched types that keep vague threats of infringement alive to keep OSS projects from entering their little pond. Usually those big companies above.
This makes patents much more dangerous to large companies.
Eolas didn't even cause that much damage in terms of prescedent or direct impact. The point is that now every lawyer and lawyer-backing investor knows that they can pull down half a billion dollars from a large company if they can just find one group of sharks with a patent. Lots of incentive to start a feeding frenzy.
Tell you what. Suppose we have a new rule that anyone who wants can punch you in the face. But you can make any one person stop by saying "Don't punch me any more, please!"
Asking to be removed from a telemarketer's list is kind of like that, except they can punch you from anywhere in the world.
Enterprise class means it's designed to be deployed across an entire enterprise/organization with centralized management, out of the box.
You're awfully generous to the vendors out there. Let's take a look:
Seagate sells "enterprise class" Cheetah hard drives. How one would deploy a hard drive across an entire organization with centralized management does not immediately jump to mind.
That 10x price increase is there for a reason, if you support any enterprise you _will_ need to offer 24x7 support 365 days a week, probably install everything yourself by flying out to them, and maybe even hand hold them through every upgrade and security patch. It takes a good deal of work to support an enterprise customer and not all businesses are up to task.
So what you're trying to say here is that Windows is not enterprise class?
I haven't RTFAd, but that may be what SSH is talking about. Or it could be just marketing droid speak. Like I said, I didn't RTFA. But, "enterprise" can be a legitimately used term.
The problem is that it sounds good and saying that something is "enterprise class" makes no material claims about its capabilites. It's pretty obvious that jamming "enterprise" in lots of places is going to happen.
Frankly, I don't see why open source needs to earn market respect. Frankly, I've found that good open source software technically beats the pants off its closed source brethren, and I wonder with each *closed source* product whether it will measure up to the standard set by the similar open source one. I'd expect SSH to suck more than I'd expect OpenSSH to suck.
OTOH, I do agree that the SSH people had a pretty reasonable argument a while back that "OpenSSH is confusing and infringes on our trademark."
If Microsoft made a release of Windows with some extra CLI utilities bundled in and called it Microsoft EnterpriseLinux, we'd probably be quite pissy about trademark infringement, but that's essentially what the OpenSSH people did.
I think this kind of thing is pretty symptomatic of our times.
Socrates had the same problem with the rhetoricians of his time, thousands of years ago. I think it's more of a general problem with the way the human mind works -- we like things that trigger more "good" neuronal responses, so people figure out how to take advantage of this quirk.
Whenever you hear enterprise you can be assured someone in marketing is trying to BS you. It's really a keyword to denote that there is no good reason why something is better or bigger, merely that someone is trying to con you. It's almost as bad as synergy.
The other marketing BS keyword is "technology", when used in the form "foo technology". An engineer would never say "HTML technology". He's familiar with HTML, he says "HTML" every day, so he has no reason to tack on the entirely useless "technology" on the end. Marketroids, on the other hand, know that "technology" has positive connotations, so they ram it on the end of every tech-related thing. I find that the "technology" filter, along with the "enterprise" filter, work pretty well in reducing the amount of useless things I need to read.
Oh, yes. And remember that for media presented to the user in an analog format (currently the majority of content that people want to protect), there's always the analog hole. After all that work, money, time, effort, crypto PhDs, vendors, promises, advertising and getting the public to buy into it, pissing off your hardware guys, outcompeting cheaper competitors, forging agreements with slippery people who are out to stab you in the back, and dealing with dubious governments and consumer advocacy groups, the content can be simply and easily ripped by anyone who can solder two wires to a speaker cone. This comes at only a very slight reduction in quality (remember that people are already settling for the quality of *MP3s*, where 90% of the data is already being thrown out at the factory!), which may even be recoverable with clever software tools that understand the lossy compression algorithm that the publisher is using.
So, don't be afraid of the DRM-using industry. Pity them. They have things a hell of a lot worse than you do.
I really don't like the increasing complexity of devices that don't need to be complex. Complexity tends to decrease reliability.
My last motherboard, an ASUS, had an in-BIOS MP3 player. That qualifies as "unnecessary, reliability-decreasing feature", in my opinion.
As for the latest sky-is-falling-on-copyright-infringement alarmist crap from Slashdot, pay no heed. This whole thing is a lot of horseshit that companies are using to extract money from the publishing industry. Many, many companies try to do this. If you make a commodity device (Flash storage, for instance), you're desperate to do *something* to make more money on it.
So, let's take a look at what this system is probably going to do.
Assume that the engineers *really* knew what they were doing and made *no* errors (and that security in hardware is pretty hard to do and there isn't much of a culture of that in the hardware world).
It's a pretty good bet that if properly designed (*not* necessarily the case), each device has some sort of embedded public-private keypair. They use this to transfer symmetric keypairs to do bulk data transfer between each other.
This means:
* Everything is on one IC, and there is no inter-IC bus involved. Tapping busses between ICs within a DRM-using device is a good way to break the protection. bunny broke the X-Box by using the fact that not everything is on one IC. Probably reasonable for the Flash world, where this is already the case.
* The hardware's pseudorandom number generators (that symmetric key has to come from somewhere) are secure. An attacker can twiddle power to screw up PRNGs...maybe zero them, induce current, screw with the power lines at just the right frequency, whatever. This is not trivial to avoid.
* There are *no* diagnostic interfaces left in the hardware. Trying to make every hardware engineer lose their diagnostics in the release product is like trying to convince a fish to jump out of water and stamp around on land for a bit.
* The crypto algorithm involved doesn't get broken (once it is in lots of products, you are irrevocably committed).
Remember that this is a system that relies on *zero* breaks. Maybe the manufacturer can have an "update key" and release new protected content with hidden "updates" to invalidate existing compromised keys, but this takes a while to propagate around the system. Once such a system is released, the manufacturer is gambling that not a single person, in any lab, with microscopes and the works, anywhere, can break the thing. Once it gets broken, that person can distribute all the protected content (and possibly even create a "modification" to disable the protection on other devices, if the break involves the compromise of a key). The math is *wildly* against the publishing world here. It's a safe assumption that the publishing world will make dire legal penalties, heavily watermark content (and probably tag with the IDs of devices that it passes through) to try to track down any such break, but it's still a seriously long-shot gamble for them -- and a break is likely to happen after they are widely deployed and are committed to the scheme, as happened with DVDs.
And remember that nobody gives a damn about simple data transfer. That data has to go somewhere -- the Flash drive. So now every device that *consumes* this data (sound cards, video cards, etc) has to also be similiarly secure, and not have any breaks. That is a *huge* undertaking. If one consumer is Windows running under Palladium (e.g. a trusted software MP3 player), then you have to secure a vast software system, as well as much of the hardware in a computer system, against any breaks. That means *Windows local kernel security must be airtight*. Every bluescreen you see is a violation of that! Even better, you can't use a single good prepackaged solution, because then you run into the bus-attacks-across-multiple-ICs problem -- every single device needs a custom chip, and that chip has to perform *all* the t
Slashdot Mirror
Yeah, but you didn't have an enormous industry with the serious need to set an example floating around at the time.
As much as we are against it, and as much as we preach that they're horrible, not one of us will do anything. We'll just go on our day downloading music. A bunch of us will even still buy their cd's.
Some of us have built alternative systems that allow donations, written good, Free, easy-to-use e-commerce and audio compression packages, have produced systems that allow electronic rather than expensive physical distribution, worked to get the word out about non-RIAA commercial folks (like Magnatunes), written P2P distribution systems that allow people to distribute data incredibly cheaply, without an incredibly expensive backer to buy a huge pipe, have written Free software to allow music composition, recording, and real-time audio work (thus lowering the barrier to entry in the field), have written music recommendation software that helps people find good artists even if those artists aren't backed by a huge marketing behemoth, and have written Internet radio software to do a similar task.
I'd say that there's a *lot* that has been done; at least to the point where the RIAA is pretty damn concerned about its continued survival, to the point where it's spending public image like mad -- clearly it's worried about something.
Could things be better? Yeah. But it's not as if everyone is just standing around with their thumbs up their asses waiting to see what the RIAA is going to do next.
What happened to personal responsibility?
I think every generation has claimed that it's vanished during the current generation. Same thing happened with the "me" generation (Gen X), during the seventies, and at least all the way back to Socrates.
Well, I don't want anyone logged on to eDonkey or somesuch at work. And believe me, no company policy is enough to stop people from running those things on warehouse terminals having a direct connection to our ERP.
When I'm at work, I'm doing work. I use the computers there for work and the printers there for work (with the exception of printing out directions if I need to go somewhere directly after work). My employer specifically has a policy allowing personal use of outside webmail at work (which I don't do, because I consider that screwing around at work). If I'm screwing around at work, that is an issue for my boss. What I really hate is using systems responsibly then and having some jackass from IT come in and try to do employee behavior control. Can I tunnel past it or do some other sort of stealthy information-passing through the proxy? Sure, but that's underhanded and not something that I want to engage in. What I want is to be treated as if I'm not a criminal by IT.
I'm used to asking questions about open source packages that I can't answer online by logging onto FreeNode and asking the authors there. No IRC access.
I'm used to asking very technical questions about C and threads in their respective newsgroups. No Usenet access.
Now, do I use eDonkey? Of course, but I keep it at home. That's something for my personal enjoyment, and has nothing to do with doing my job.
My view is that if someone is going to abuse the services available, it's no different than abusing the phone system to, oh, make long-distance calls to Chinese sex lines at work. That's not the responsibility of the telecom guys; it's the responsibility of the employee's boss. You don't block long-distance access in order to try to avoid those Chinese sex lines. What cheeses me off is that the IT world seems to have adopted the attitude that this *is* okay for them to try to regulate behavior when it comes to computers, despite not being acceptable for any other company-provided service.
Well, I guess you aren't familiar with this, then.
Actually, I am. I just lent out a copy of The Cuckoo's Egg yesterday to a friend; Cliff Stoll was right in the middle of said worm, and describes it in his book (though not in as much detail as some other authors that I've read). The attack is against the finger *server*, not the *client*. If you were going to successfully attack a client, your best bet would overwhelmingly be the incredibly complex web browser (which *is* allowed through said firewall).
Well, you'd never get employed by me, that's for certain.
Exactly my point.
Maybe, but said music releases are the bread-and-butter of the RIAA. It consists of member companies that make money by taking marketing of people to a new high. It's not about music -- it's about controlling a few hypercommercialized cash cows that sell to the masses.
That may not be the entire music industry, but it's synonymous with the organization out shotgunning lawsuits at people who download Metallica.
Apparently (according to their website), MediaSentry was just purchased by "SafeNet Inc".
Slashdot has a new quandry -- SafeNet apparently makes Linux products.
But, on the other hand, they have a bunch of software patents (many of which appear to be devoted to doing DRM in hardware).
Good or bad, good or bad...hmm...
Where else but on Slashdot would you find an imaginary, ancient, dead language grammar Nazi.
You need a question mark at the end of that sentence.
These links do not go over standard port 80 and so may not work behind company firewalls
Just once, I wish that all the "security administrators" out there who are convinced that they are protecting their network from "the evil hackers" by blocking *outgoing* ports need a swift kick in the ass.
God forbid that the evil hackers work their way back up the finger connection and destroy the entire LAN!
I remember at the place I used to work, I once asked a DNS question (I wanted to know whether I could have a CNAME set up.) The IT guy (long distance, sounded Indian) that eventually called me back, who *claimed* to be a "DNS administrator", had no idea what a CNAME is, but after about ten minutes of talking finally said "Oh, an *alias*!"
I don't get it. I'm pretty sure that IT people weren't always this clueless. I'm suspicious that they aren't all like this, but I can't figure out why I have a perpetual cloud of bad ones following me around all the time.
People buy Ferraris, right?
The same mentality goes into buying Alienware boxes.
Suppose you make a ton of money each year. You want to do something cool with it, and maybe you like video games (or your kid likes video games), but you aren't a computer builder any more than the guy down the street with a Ferrari is an auto mechanic. You just go find some expensive, fancy looking, powerful computer, and buy that. Ta Da! Alienware!
You get enough people wanting to use P2P software (including for infringement) and you put pressure on ISPs to provide more bandwidth and not just highly asymmetric "web and mail access".
Applications that push technology further are great.
If people weren't infringing on copyrights with P2P software, there'd be a lot less P2P usage out there.
When will people realize that having personal firewall != security?
Why?
So now you have of people who are marginally better off, many of whom are crazy or otherwise unemployable, and generally unskilled.
Or you could use the money to provide more valuable tools to those who *are* producing something.
If you had a proposal to, y'know, generate *useful* jobs for said homeless types, then I might be more sympathetic.
I'm not adverse to the idea of a Basic Income scheme (everyone is guaranteed some minimum income from the state); in today's society, it's probably reasonable. But that is a long-term solution, not a "dump money at homeless for a little bit because it makes me feel fuzzy inside" type solution.
Shortly after they started using Mulberry, they started using some other closed-source third-party service called Blackboard. I wonder how long that's going to last...
Given that Blackboard is a buggy, slow, ugly piece of shit, I hope not long.
I'm rooting for Eolas. You have to make software patents unacceptable to large companies before they'll go away. Eolas is trying to make a quick buck, but in the process is making companies take a long, dubious look at the dangers of having software patents around.
Open Source isn't at much risk. The sort of people that back Eolas and friends are doing the ambulance-chasing trick -- try to extract large amounts of money from big, rich types in high-risk cases. There's no money to squeeze out of Mozilla -- just a long, protracted battle.
The sort of people that use patents against Open Source are entrenched types that keep vague threats of infringement alive to keep OSS projects from entering their little pond. Usually those big companies above.
This makes patents much more dangerous to large companies.
Eolas didn't even cause that much damage in terms of prescedent or direct impact. The point is that now every lawyer and lawyer-backing investor knows that they can pull down half a billion dollars from a large company if they can just find one group of sharks with a patent. Lots of incentive to start a feeding frenzy.
Tell you what. Suppose we have a new rule that anyone who wants can punch you in the face. But you can make any one person stop by saying "Don't punch me any more, please!"
Asking to be removed from a telemarketer's list is kind of like that, except they can punch you from anywhere in the world.
Now do you see why people get pissed off?
Control port forwarding with ACLs that include permit/deny statements and patterns matching...target hostname
And you're saying that you consider this a feature, not a bug? In an security system?
Wasn't it SSH version 3.0 that let you authenticate under an existing user account, just by typing any two-character string for the password?
But it did so in an enterprise-class fashion.
Enterprise class means it's designed to be deployed across an entire enterprise/organization with centralized management, out of the box.
You're awfully generous to the vendors out there. Let's take a look:
Seagate sells "enterprise class" Cheetah hard drives. How one would deploy a hard drive across an entire organization with centralized management does not immediately jump to mind.
Intel makes "enterprise class" chipsets.
Logitech's V500 Cordless Notebook Mouse is apparently a true enterprise-class wireless solution.
I just chose three companies at random and plonked in "site:companyname.com enterprise-class" into Google.
That 10x price increase is there for a reason, if you support any enterprise you _will_ need to offer 24x7 support 365 days a week, probably install everything yourself by flying out to them, and maybe even hand hold them through every upgrade and security patch. It takes a good deal of work to support an enterprise customer and not all businesses are up to task.
So what you're trying to say here is that Windows is not enterprise class?
I haven't RTFAd, but that may be what SSH is talking about. Or it could be just marketing droid speak. Like I said, I didn't RTFA. But, "enterprise" can be a legitimately used term.
The problem is that it sounds good and saying that something is "enterprise class" makes no material claims about its capabilites. It's pretty obvious that jamming "enterprise" in lots of places is going to happen.
Frankly, I don't see why open source needs to earn market respect. Frankly, I've found that good open source software technically beats the pants off its closed source brethren, and I wonder with each *closed source* product whether it will measure up to the standard set by the similar open source one. I'd expect SSH to suck more than I'd expect OpenSSH to suck.
OTOH, I do agree that the SSH people had a pretty reasonable argument a while back that "OpenSSH is confusing and infringes on our trademark."
If Microsoft made a release of Windows with some extra CLI utilities bundled in and called it Microsoft EnterpriseLinux, we'd probably be quite pissy about trademark infringement, but that's essentially what the OpenSSH people did.
I think this kind of thing is pretty symptomatic of our times.
Socrates had the same problem with the rhetoricians of his time, thousands of years ago. I think it's more of a general problem with the way the human mind works -- we like things that trigger more "good" neuronal responses, so people figure out how to take advantage of this quirk.
Whenever you hear enterprise you can be assured someone in marketing is trying to BS you. It's really a keyword to denote that there is no good reason why something is better or bigger, merely that someone is trying to con you. It's almost as bad as synergy.
The other marketing BS keyword is "technology", when used in the form "foo technology". An engineer would never say "HTML technology". He's familiar with HTML, he says "HTML" every day, so he has no reason to tack on the entirely useless "technology" on the end. Marketroids, on the other hand, know that "technology" has positive connotations, so they ram it on the end of every tech-related thing. I find that the "technology" filter, along with the "enterprise" filter, work pretty well in reducing the amount of useless things I need to read.
Really? I heard that Brazil was pretty hot these days, but I guess I was wrong.
Oh, yes. And remember that for media presented to the user in an analog format (currently the majority of content that people want to protect), there's always the analog hole. After all that work, money, time, effort, crypto PhDs, vendors, promises, advertising and getting the public to buy into it, pissing off your hardware guys, outcompeting cheaper competitors, forging agreements with slippery people who are out to stab you in the back, and dealing with dubious governments and consumer advocacy groups, the content can be simply and easily ripped by anyone who can solder two wires to a speaker cone. This comes at only a very slight reduction in quality (remember that people are already settling for the quality of *MP3s*, where 90% of the data is already being thrown out at the factory!), which may even be recoverable with clever software tools that understand the lossy compression algorithm that the publisher is using.
So, don't be afraid of the DRM-using industry. Pity them. They have things a hell of a lot worse than you do.
I really don't like the increasing complexity of devices that don't need to be complex. Complexity tends to decrease reliability.
My last motherboard, an ASUS, had an in-BIOS MP3 player. That qualifies as "unnecessary, reliability-decreasing feature", in my opinion.
As for the latest sky-is-falling-on-copyright-infringement alarmist crap from Slashdot, pay no heed. This whole thing is a lot of horseshit that companies are using to extract money from the publishing industry. Many, many companies try to do this. If you make a commodity device (Flash storage, for instance), you're desperate to do *something* to make more money on it.
So, let's take a look at what this system is probably going to do.
Assume that the engineers *really* knew what they were doing and made *no* errors (and that security in hardware is pretty hard to do and there isn't much of a culture of that in the hardware world).
It's a pretty good bet that if properly designed (*not* necessarily the case), each device has some sort of embedded public-private keypair. They use this to transfer symmetric keypairs to do bulk data transfer between each other.
This means:
* Everything is on one IC, and there is no inter-IC bus involved. Tapping busses between ICs within a DRM-using device is a good way to break the protection. bunny broke the X-Box by using the fact that not everything is on one IC. Probably reasonable for the Flash world, where this is already the case.
* The hardware's pseudorandom number generators (that symmetric key has to come from somewhere) are secure. An attacker can twiddle power to screw up PRNGs...maybe zero them, induce current, screw with the power lines at just the right frequency, whatever. This is not trivial to avoid.
* There are *no* diagnostic interfaces left in the hardware. Trying to make every hardware engineer lose their diagnostics in the release product is like trying to convince a fish to jump out of water and stamp around on land for a bit.
* The crypto algorithm involved doesn't get broken (once it is in lots of products, you are irrevocably committed).
Remember that this is a system that relies on *zero* breaks. Maybe the manufacturer can have an "update key" and release new protected content with hidden "updates" to invalidate existing compromised keys, but this takes a while to propagate around the system. Once such a system is released, the manufacturer is gambling that not a single person, in any lab, with microscopes and the works, anywhere, can break the thing. Once it gets broken, that person can distribute all the protected content (and possibly even create a "modification" to disable the protection on other devices, if the break involves the compromise of a key). The math is *wildly* against the publishing world here. It's a safe assumption that the publishing world will make dire legal penalties, heavily watermark content (and probably tag with the IDs of devices that it passes through) to try to track down any such break, but it's still a seriously long-shot gamble for them -- and a break is likely to happen after they are widely deployed and are committed to the scheme, as happened with DVDs.
And remember that nobody gives a damn about simple data transfer. That data has to go somewhere -- the Flash drive. So now every device that *consumes* this data (sound cards, video cards, etc) has to also be similiarly secure, and not have any breaks. That is a *huge* undertaking. If one consumer is Windows running under Palladium (e.g. a trusted software MP3 player), then you have to secure a vast software system, as well as much of the hardware in a computer system, against any breaks. That means *Windows local kernel security must be airtight*. Every bluescreen you see is a violation of that! Even better, you can't use a single good prepackaged solution, because then you run into the bus-attacks-across-multiple-ICs problem -- every single device needs a custom chip, and that chip has to perform *all* the t