What's that, the Russian Roulette theory? That's why (for example) people who have dared to drive drunk and not killed someone find it much easier to allow themselves to do it in the future. Same goes for many many bad decisions people make everyday.
The argument "we did it this way before and nothing bad happened" is a compelling trap, and should be given little weight in decisions.
I'm not trying to discount the value of experience here. What I'm saying is that if something seems dangerous, and you can come up with no better argument than "nothing bad's happened yet," then it's probably a good time to make sure your insurance is paid up.
I edited the reply a bit to make it more, well, sensible. I hope the content is retained, yet a bit more accesible.
How voluntary is voluntary?
by squiggleslash
Is making the CPRM spec a feature that can be turned off truly making it voluntary,
given that presumably some content will not be supplied to users who fail to
leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption
and non-zero region encoding?
Andre:
SHALL != MAY:: REQUIRED == OPTIONAL
Because no one in the industry wants to be caught out of sync, "optional"
tends to be the same as "required." CPRM, however, may be the first "optional"
feature that would remain truly "optional."
Choices...
by cnladd
I apologize for the open-endedness of this question, but I have to ask it
anyways.:)
If this copy protection were to become mandatory, I can definately imagine
the effects that it would cause. But what effects - both long and short term
- do you feel this would cause?
Andre:
The software you keep as "backup" would become
worthless.
How to defeat it?
by sulli
If this is forced through the industry, how would one write a DeCSS-like tool
to defeat it? Is it in some way bypassable in software?
Andre:
Unlike DeCSS that has media with seed keys that can not be updated, ATA devices
(not ATAPI) can be updated as old keys are hacked.
After creating my proposal, it was deemed too complex to use,but I reefused
to withdraw it unless we were to use the simple rules of Word0 Bits 6/7 to define
FIXED/REMOVABLE as the boundary. Thus ATA-Devices supporting Word0 Bit6 set
to ONE are not going to be allowed to have CPRM support.
This may in the end mean we have finally won the removal of CPRM from hard
drives. This is good. However, it looks like removable ATA is still going to
be bound to CPRM rules. This includes Compact FLASH, IBM MicroDrives, Sony Mem-Stick....
Things that are defined as "media" and not fixed.
Better solution?
by RareHeintz
The hard-drive copy protection scheme seems to me to be yet another attempt
(in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of
multinational corporations with scarcity-based proprietary information models)
with a technical fix. On/., it may be taken as an article of faith that such
efforts are doomed - smart people solve legal problems with lawyers, and technical
problems with technology, and know the difference.
My question, though, stems from the fact that (like it or not) software companies
are within their rights to get paid for software they write, and to set up their
own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection
gets successfully scuttled (and I hope it does), what better solution might
there be for proprietary-model software companies that has the benefit of providing
them superior protection from pirates without screwing the rest of the world
out of the benefits of the currently open hardware model, such as "fair use"
under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way
toward killing media-based copy protection - give them an out, and they might
take it.
Andre:
Media serial number command proposal (e00163r0) by Microsoft is surprisingly
good. It also uses stuff that is already in the market.
This new command could be used a seed for encrypting content, but this command
is only reporting sections of the IDENTIFY page command, so it will be easy
to circumvent.
It is particularly useful for Linux. Imagine that you want automatic hotswap
to de/re-register the device.This command is passive, so it will not hang the
system.
How does 4C justify their position?
by plover
What is 4C's reponse to "why don't you push for enforcement of the current
copyright laws instead of an unpopular techno "fix" that will be thwarted upon
release?" How do they justify their position?
Andre:
Most likely the law passed 2 years ago that provides and supports copyright
encryption. Ask John Gilmore of the EFF. I think they are doing that with this
model.
(Politics) If people will get off their butts and follow what their government
is dumping on the country, you would be able to prevent this from ever coming
to life.
Re:How does 4C justify their position?
by Snowfox
How does the 4C justify their position to the consumer? How is this in the
consumer's best interest?
Andre:
[reply omitted as -1, offtopic]
I'm still confused
by HuskyDog
I gain the impression that compliant (presumably closed source) software encrypts
data as it flows on and off the drive using keys which are specific to each
drive. So, if the file is moved to a different drive it won't decrypt any longer?
Have I got the right idea? If so, its only applicable to those prepared to run
closed source software, right?
Andre:
Exactly right.
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media
if the operating system has the ability to use partition types that encrypt?
Wouldn't a layer in an OS kernel be able to circumvent a good portion of the
measures if the data does not reach the drive in its original form?
Andre:
No, now the work is done in user-space and the file is written with standard
commands. Originally the drive would have done the work.
Is this already approved for SCSI and Firewire?
by VValdo
Last week we read that a copy-control scheme similar or identical to CPRM
has been already approved for SCSI and Firewire (without objection...probably
because no one knew about it.)
First off, is it true? Secondly, why hadn't we heard about this before? Can
we expect this technology to be built into all new SCSI and Firwire hardware,
or is "optional" there too?
Andre:
It is my impression that the game is over there, but if you're concerned,
consider joining T10.
What can we do to help you?
by rho
This proposal is a tragedy to personal liberties and freedoms (and rates pretty
high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes?
Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Andre:
Send email to cprm@linux-ide.org. I won't reply, but I will forward comments
to the members of the committee.
The consumer diamond market has artificially high prices, and is controlled almost entirely by a single family in South Africa. They restrict or release supply as they see fit. It's like the oil cartel done right (from their point of view, I mean.)
There are problems where OOP is good, and problems where it's not such a good idea. If you insist on using one or the other, pick those problems that it's suited for.
I'm curious. Would you mind giving a few examples of problems you think are well-suited for OOP, and a few that are not?
as long as software vendors make it clear that their software will not work without CPRM, I wouldn't call it unscrupulous. Stupid, given how many people won't have the drives, but not unscrupulous.
If that happens, buy RedHat. I can't imagine a better scenario for a booming Open Source industry.
Have you no pride? You don't bother to even LOOK at what you've typed before you post it.
If you're a programmer, I'll bet it takes a half dozen iterations for your code to even compile.
As the article said, the light bulb lengthened the day for many people.
Right now I spend 1.5+ hours on the road a day coming and going to work. Why can't someone innovate a way to cut out that time and make my life better - teleport me, beam me up
Light bulb, teleportation, yeah, they're pretty much in the same ballpark.
And if the just about impossible task of developing practical teleportation were accomplished, you figure its impact on society would be to get you to work faster?
Microsoft has more money than God. What do they care about a bit of lost revenue here and there?
They care quite a bit.
Less revenue means less power. Wall Street doesn't care how much money there is in the bank. That a result of what has already happened. Wall Street cares about what is going to happen, and one important indicator of that is revenue, both current and projected.
Why does MS care so much about what Wall Street thinks? It cares because a steadily rising stock price allows them to dangle stock options to hire and retain high-quality engineers, which not only helps them but ups the ante for the competition, who in turn have to spend a disproportionate amount of money for their own engineers.
Without a rising stock price MS suffers from brain-drain, while at the same time its competitors have an easier time finding and retaining good help.
There are anti-trust laws governing these console game makers. They would be happy to give the hardware away for free and sell you the games at $100 a pop.
So you're saying it would be illegal for Sony to give away its consoles? Are you saying they can't charge $100? Just what are you saying? I think you just made that up.
Slashdot Mirror
It's going to be moving pretty damn fast.
Maybe it'll hit your shift key.
Skylab.
What's that, the Russian Roulette theory? That's why (for example) people who have dared to drive drunk and not killed someone find it much easier to allow themselves to do it in the future. Same goes for many many bad decisions people make everyday.
The argument "we did it this way before and nothing bad happened" is a compelling trap, and should be given little weight in decisions.
I'm not trying to discount the value of experience here. What I'm saying is that if something seems dangerous, and you can come up with no better argument than "nothing bad's happened yet," then it's probably a good time to make sure your insurance is paid up.
How voluntary is voluntary?
by squiggleslash
Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?
Andre:
SHALL != MAY :: REQUIRED == OPTIONAL
Because no one in the industry wants to be caught out of sync, "optional" tends to be the same as "required." CPRM, however, may be the first "optional" feature that would remain truly "optional."
Choices...
by cnladd
I apologize for the open-endedness of this question, but I have to ask it anyways. :)
If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?
Andre:
The software you keep as "backup" would become worthless.
How to defeat it?
by sulli
If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?
Andre:
Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.
After creating my proposal, it was deemed too complex to use,but I reefused to withdraw it unless we were to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary. Thus ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support.
This may in the end mean we have finally won the removal of CPRM from hard drives. This is good. However, it looks like removable ATA is still going to be bound to CPRM rules. This includes Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "media" and not fixed.
Better solution?
by RareHeintz
The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such
efforts are doomed - smart people solve legal problems with lawyers, and technical
problems with technology, and know the difference.
My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.
Andre:
Media serial number command proposal (e00163r0) by Microsoft is surprisingly good. It also uses stuff that is already in the market.
This new command could be used a seed for encrypting content, but this command is only reporting sections of the IDENTIFY page command, so it will be easy to circumvent.
It is particularly useful for Linux. Imagine that you want automatic hotswap to de/re-register the device.This command is passive, so it will not hang the system.
How does 4C justify their position?
by plover
What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?
Andre:
Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.
(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.
Re:How does 4C justify their position?
by Snowfox
How does the 4C justify their position to the consumer? How is this in the consumer's best interest?
Andre:
[reply omitted as -1, offtopic]
I'm still confused
by HuskyDog
I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?
Andre:
Exactly right.
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?
Andre:
No, now the work is done in user-space and the file is written with standard commands. Originally the drive would have done the work.
Is this already approved for SCSI and Firewire?
by VValdo
Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)
First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?
Andre:
It is my impression that the game is over there, but if you're concerned, consider joining T10.
What can we do to help you?
by rho
This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Andre:
Send email to cprm@linux-ide.org. I won't reply, but I will forward comments to the members of the committee.
Cheers,
Andre Hedrick
Linux ATA Development
So then you liked them until you learned that you shouldn't?
And I suppose you watch two televisions at once.
I think you're confusing Copy and Paste with reusability.
I'm curious. Would you mind giving a few examples of problems you think are well-suited for OOP, and a few that are not?
If that happens, buy RedHat. I can't imagine a better scenario for a booming Open Source industry.
Why be so cynical?
Maybe they just did it because they thought it would be fun. Ya know, like hacking used to be.
That's Sergeant Carter to you, son. Now drop and give me twenty!
Have you no pride? You don't bother to even LOOK at what you've typed before you post it.
If you're a programmer, I'll bet it takes a half dozen iterations for your code to even compile.
Turns out it's true this time. The P4 is it, folks. Might as well get used to it.
Or even misquoted out of context.
Newton said that.
Light bulb, teleportation, yeah, they're pretty much in the same ballpark.
And if the just about impossible task of developing practical teleportation were accomplished, you figure its impact on society would be to get you to work faster?
They care quite a bit.
Less revenue means less power. Wall Street doesn't care how much money there is in the bank. That a result of what has already happened. Wall Street cares about what is going to happen, and one important indicator of that is revenue, both current and projected.
Why does MS care so much about what Wall Street thinks? It cares because a steadily rising stock price allows them to dangle stock options to hire and retain high-quality engineers, which not only helps them but ups the ante for the competition, who in turn have to spend a disproportionate amount of money for their own engineers.
Without a rising stock price MS suffers from brain-drain, while at the same time its competitors have an easier time finding and retaining good help.
So you're saying it would be illegal for Sony to give away its consoles? Are you saying they can't charge $100? Just what are you saying? I think you just made that up.