Slashdot Log In
SDMI Cracked Too Soon
Posted by
Hemos
on Thu Oct 12, 2000 01:59 PM
from the shoulda-waited dept.
from the shoulda-waited dept.
Andrew Leonard writes "Two off-the-record members of the SDMI coalition have confirmed to Salon's Janelle Brown that all of the SDMI watermarks have been solidly broken." It's too bad this didn't happen in a year - because now it's been cracked before it was even released, and they'll delay even longer.
This discussion has been archived.
No new comments can be posted.
SDMI Cracked Too Soon
|
Log In/Create an Account
| Top
| 387 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Re:Disappointing (Score:5)
Perhaps you haven't been paying close enough attention: They are out to screw you.
They want to re-write the rules of retail sales, replacing title transfer with "end-user licenses" (just about any software package).
They want to re-define lawful behavior, taking away your right to exercise your curiosity about the world around you (anti-reverse-engineering clauses).
They want to take away your standalone computer and replace it with a "licensed networked digital media reception terminal," complete with credit card reader.
They want to take away your right to do with your property as you please (:Cue:Cat).
And they want to do this without soliciting your input or consent, and then make you pay through the nose for the privilege of being screwed.
Now, perhaps those things aren't important to you. Perhaps you're not a terribly curious person, or perhaps you're of the opinion that, "I would never need or want to do those things." Perhaps you feel that The Law is The Law, regardless of whether there's a valid ethical foundation for it, or how or why or for whom the law was enacted. Or perhaps you're thinking, "That will never happen in this country." Well, fine, you don't think it's important.
But in my book, this is tyranny, pal; it's damned important; and I will not sit still for it for one nanosecond. This is war, a war of ideas, a war for the digital society of the future. And the enemy has all the lawyers, guns, and money. (And no, this is not hyperbole. What is at stake here is nothing less than who will get to define the social and ethical framework by which we will conduct our lives in the digital universe.)
We are not dealing with people here; we are dealing with corporations. They have no ethics, no morals, no conscience. They are amoeba. They respond to but a single stimulus: Money.
Look at what they are doing. Think about the possible consequences (not just to yourself, but to your neighbors and family). I hope you will discover that the situation isn't as easily dismissed as you may currently believe.
Schwab
Re:... I think they did expect this ... (Score:3)
Yeah - a chill ran down my back as I was reading the Salon article. I imagined this conversation transpiring:
Judge: "Why didn't you encrypt your music more strongly?"
RIAA: "We tried, but every encryption and watermarking scheme we tried proved vulnerable. It turns out to be physically impossible to secure digital media. So we just went with ROT13 as our copy protection to limit costs."
Judge: "Is this true? Is it impossible?"
Geek: "Well, ummm... in a word, Yes... mmmm - mayven"
Judge: "I see. Well, if it's impossible to protect the data, then any means of protection can be considered reasonable protection when applied to defend a copyright. [whack!] Rule in favor of the plaintiff."
Crack SDMI-HOWTO (Score:5)
Here's how to crack your SDMI-campatible player:
1) Download SDMI file
2) Download compatible player
3) Set your sound card input to 'What you hear' or whatever equivilent
4) Start your choice
5) Press 'Record'
6) Play SDMI file
7) Wait until end of play
8) Press stop
9) Encode your
10) Put on gnutella
Or if you have a hardware player:
1) Prepare player to play music normally
2) Dismantle the player, until you get down to a loudspeaker. Cut off the two wires and solder them into a standard microphone audio jack from your local hardware store
3) Start your choice
4) Plug the new microphone jack into your sound card
5) Play SDMI file
6) Wait until end of play and click 'stop'
7) Encode
8) Put on gnutella
Clever eh? I'll take my $10,000 in cash, sterling used notes please.
Michael
...another comment from Michael Tandy.
Ok, so who did it (Score:5)
Re:Is This a Surprise? (Score:3)
Did they not expect this? (Score:4)
The best possible result for SDMI would have been for at least one of the watermarks not to have been broken during the public examination period, then they could have released hardware and software knowing that it was better than any of the discarded watermarking solutions.
This sort of test is silly- just because it can't be broken today, by people for whom $10K is a lot of money, doesn't mean it won't be broken the day after it is released.
Their $10,000 would have been better spent on a few hours by a professional cryptographer in reviewing the algorythm.
Re:Excellent! (Score:3)
bocott coke, and maybe 20% of the people who agree with your cause will boycott it.
That translates into a 20% drop in revenues (um, if Coke didn't own every other company in existence, and only produced just coke).
but with this contest, if just one hacker doesn't boycott it, (and who wouldn't want an extra $10,000 for a few hours work?), then the boycott utterly fails. Y'all should've just gone for it.
It would have been nice to see the wasted effort to mass-market this stuff and watch it be cracked. That would have been sweet. But it's also pretty satisfying to watch a hacker-boycott still crack the thing in a matter of weeks. If all the hackers had gone full-tilt into this, can you imagine how quickly it would have fallen? Might have saved them a little hubris.
Re:Better idea: cheap mp3s (Score:3)
quality [belgacom.net]?
And regardless of where mp3 ends up legally, Ogg Vorbis will replace it if licensing becomes a huge issue.
Re:... I think they did expect this ... (Score:3)
The problem, as the post-Napster environment will show, is that the only people left to sue are your preferred customers.
*This* is the bind - you don't need to protect the music from those who don't really care about the music, and you can't protect it from the people you want to please. And last time I checked, suing people doesn't usually make them happy.
They want the impossible technical solution because they see it being practically impossible to protect it legally.
What they've really got is that there will be no effective and usable protection either legally or technically.
um, sorry. here's your reality check... (Score:3)
*sigh* ... name one (except playback) involving nothing but Free Software.
The MP3 issues I was referring to have nothing to do with content; they have everything to do with licensing the Fraunhoffer patents.
From mp3licensing.com:
Oh yes, and LAME is not exempt... from the LAME page:
...and no, I don't have US$ 15,000 to throw around. Do you?
Re:Still don't understand (Score:3)
The CD would never be playable in a player you could digitally connect to a computer. They're talking about replacing everyone's CD player. Most likely with some digital memory type player.
Sounds like a hard sell, until that new Backdoor Boyz CD is ONLY available in SDMI. Possibly given away in some kind of promotion. Then all the kiddies run out and buy SDMI players. (or they give them away at McDonalds or something) Then, armed with those sales figures, the industry approaches the hardware manufacturers and sez "hey, this is profitable" cash flies under the table, a blowjob here, a blowjob there, (my embellishment), then there are more SDMI players out there, and they don't threaten their revenue by making MORE music SDMI-only. Soon, only non-RIAA companies sell non-SDMI music, and while this is a competitive advantage in an ideal market, RIAA propaganda, promotion, marketing, legal-dirty-tricks, drive the indies out of business.
Then, the RIAA bribes, er partners with Microsoft to provide free SDMI players in the ONLY web browser still available, that just happens to be on 90% of desktops - and breaks other plugins that play MP3s, only geeks will be able to download MP3s and get them to play.
Then, you could likely download SDMI files and listen to them on your computer, but no player (in theory) will allow you to decode the content, other than directly to the speakers.
Of course, where this fails is when someone comes up with their own decoder, or even a sound-card driver that dumps the sound data to a place that can be decoded, instead of to the speakers. Or if someone figures out a hack for the player to do raw digital-out, or something like that. Worst-case scenario, if SDMI is better than CD sound quality (it would almost have to be to sell, unless they sell for a reduced price, unless they could fool all of the poeple all of the time - which isn't really necessary, you only have to fool most of the people with most of the money), then output from the player is audio, you simply take some decent equipment, and re-encode it. Some loss, but free distribution of previously copy-protected works makes it worth it, as long as the quality is acceptable.
Re:Excellent! (Score:4)
Not so excellent. If you read between the lines, the technology companies are hoping that they throw out watermarks and go with Digital Rights Management. DRM is a codeword for "end to end controlled encryption." It's like Kerberos for music, and it means that you have to use their software, special hardware, etc etc.
Re:Can I point out... (Score:5)
Thank you!! An intelligent, incisive question, one worthy of conspicuous, public debate.
Speaking entirely on behalf of myself, you are correct that a cohesive vision of How Things Should Be has been absent from my rants. This is because I believe designing a successful, durable, workable, just system would require the efforts of a group of incredibly talented, wise people, the likes of which have not been gathered since the framing of the Constitution. I don't believe I possess such gifts.
I do have a few vague, disconnected ideas. To fully appreciate them, however, you need to understand the framework in which I developed them:
Axiom: When the ability to copy is ubiquitous, and when the incremental cost of copying is effectively zero, the effective value of any given copy -- including the "original" copy -- is zero. (I state this as axiomatic, but I'm willing to discuss its merits. And please note that this assertion says nothing about the effort/resources required to create the original in the first place.)
As a supporting argument, consider the universe presented in the TV show Star Trek. (This may seem silly, but Star Trek is a useful framework for comparison, as everyone's familiar with it.) In a world where everything, including physical objects, can be replicated at zero cost, what is the economic impact? I argue that the market-based economy collapses completely, since its fundamental supports (scarcity and inconvenience) have been eliminated.
I also believe that the social impact will be that casual copying will be seen as perfectly okay, and that the desire to not share copies will be seen as childish. After all, if anyone anywhere -- including artisans -- can copy anything at any time for nothing, then what, fundamentally, will be wrong with copying anything?
So, in a universe where copying everything is seen as perfectly okay, is there anything an artisan should still have control over? I contend that the most crucial aspect of creativity still needing strict controls is the artisan's reputation.
Consider: On a visit to the Enterprise, you see an object you quite like. Naturally, you ask, "Wow! Who made that?" Both you and the object's creator would like to be certain you receive an accurate answer. Note that the question of whether the object you saw was an original or a copy is irrelevant. You no longer care if an object is "genuine;" you want to know who did it. In other words, you want to know about their reputation. (After all, maybe they did other cool stuff, too.)
...Okay, so we don't live on the Enterprise (yet), and we all still have to pay the rent. However, I strongly believe the concept of reputation will be central to a re-design of economics and the concept of intellectual "property" in the digital universe. Reputation will become a chief scarce resource in the digital universe, because it is an artist's reputation that will guide you to their other scarce resource: their time. And it is their time that you will be paying for (no more doing stuff "on spec").
In terms of more immediate, concrete proposals, I've heard the following ideas floated:
For example, let's say John Carmack creates his latest game, qDuOaOkMe, and decides that, for all his efforts and that of his company, he wants to see $50 million. So he posts it to the site: "qDuOaOkMe: $50,000,000". People the world over pledge $25, $50, $100, whatever they feel it's worth toward the final price. When the price is reached, Carmack gets the money, and the game is released free to all. The entry is also kept open on the site so people who didn't bid can continue to throw tips. If the price is not met after a pre-set time, all pledges are returned to the bidders, and the game isn't released.
Other ideas are likely out there, and worthy of attention.
Also for immediate consideration, there should be some study into the use of digital watermarks for identifying the artist of a given work. Right now, all the discussion surrounding watermarks has been with an eye toward controlling proliferation of copies, which is unworkable. However, I believe even the most virulent opponent of copy protection would support using digital watermarks to identify the artist, thereby preserving -- wait for it -- their reputation.
Like I said, I don't think I have what it takes to completely design the new system. I've also completely avoided rather sticky issues, such Moral Rights (e.g. should an artist be able to enforce the declaration, "No, you can't use my painting in the background of a porno video"). But I do know that the current system will ultimately prove to be fundamentally unworkable, if for no other reason than the sheer numbers involved (how many copyrighted works will you need to test against to make sure you're not infringing?).
So, yes, you're right. We need to think about this, and it needs to be done rationally and publicly. Too bad the entertainment industry's using all that bandwidth to paint us all as criminals.
Schwab
Re:Crack SDMI-HOWTO (Score:5)
If you are actually interested in learning something about this, get Information Hiding: techniques for steganography and digital watermarking by Katzenbeisser and Petitcolas and read the proceedings of the Information Hiding conferences, called Information Hiding I and II (maybe a III by now), published by springer.
Actually, I recommend reading the Information Hiding conference procecedings for everyone - they present a number of techniques that will appeal to those with interests in privacy, cryptography, information theory, steganography, watermarking, biometrics, covert channels, etc.
One of my favorites in the proceedings covers designing biometric authentication tokens that are anonymous, non-transferable, and privacy protecting.
This is going to be really redundant (Score:4)
They should be using CueCat XOR encryption (tm) for their watermarks.
Mike
"I would kill everyone in this room for a drop of sweet beer."
To paraphrase Ian Clarke (Score:3)
-josh
Do market powers apply any more? (Score:5)
But then I thought about it. I believe that the music industry has enough power over the users that they'll take what they can get. I don't think the market _could_ realisticly fight the will of these companies. They have little competition, because all the "competing" companies have all globbed together in the form of RIAA.
I don't see a peaceful end to this, because there is a lot of money at stake, and whenever there is money, there is also a rabid foaming-at-the-mouth mob of greedy bastards willing to trample anybody in their way to get at it.
So maybe we should not worry so much about this standard being cracked, because if it was, it'd work just like the DeCSS fiasco, but maybe they'd learn from the mistakes of the MPAA's lawyers. What we need to start worrying about is a way to break loose from this feudalism where the consumer no longer has the power to change things in their favor (partly because most of the consumers are not informed enough to fight back, and there is a lot of money going to PR to keep it that way). Consumers are now Serfs, and large media companies are now lords. I imagine eventually there will be something like a revolution, moving us along the line towards democracy in the information world, but it'll take a while =:-(
Better idea: cheap mp3s (Score:5)
an easier route (Score:3)
1. lobby congress to legalize murder.
2. hire disenfranchised serbian death squads.
3. locate any person with an IQ above 90.
4. kill all persons with an IQ above 90.
This will have two impacts. It will mean that they'll finally be able to sell Backdoor Boyz to EVERYONE, and that nobody smart enough to crack SDMI will be left alive.
That would be MUCH easier and cheaper than developing a crack-proof protection scheme.
Oh wait, I forgot, there's always DONGLES!
Technology's no solution. The problem's more basic (Score:3)
The problem is one of economic distribution. How to get money from the consumers into the pockets of the producers in some fair and equitable way.
One model which almost works is ASCAP. They're in charge of charging radio stations and other broadcasting media, based on their market penetration numbers, some money for every piece of material the boadcasters, uh, broadcast, (ASCAP IS Big Brother,:-) and then they shovel that money into the pockets of the "authorities of record" who can claim to be the producers of the material that was broadcast. (That's how artists still get screwed today. NEVER, ever, give away your copyright.)
One model which would work in the "Age Of Napster" is to use micro-payment to charge a published sum from the recipient of a file, if the transmission is not declined, regardless of the content or the size of the file, for every transmission of the file over the internet.
Purely local transmission of the file can be presumed to be fair use, back-ups, change of media etc. Re-transmission over the internet would kick-in the micro-payment scheme which would insure that the Metallica's of the world can please just shut up!
This could even be applied to establishing connections for streaming media.
By the way that leaves the RIAA, the MPAA and other neo-Luddites out in the cold. Let those parasites get real jobs.
Excellent! (Score:5)
I was initially 'with' everyone here and in the community on the issue of boycotting the challenge, because I thought it would 'punish' the proponents of SDMI if they went to the trouble of commercializing it only to have it quickly broken. I presumed that breaking it now would help the SDMI.
However this article [salon.com] points out a lot of things that seem to be coming true and mentioned in the article that is the focus of this slashdot item, that basically the music company executives didn't expect it to be broken, don't have anything to fall back on, and the SDMI may in fact fall apart now that two years of their work have been effortlessly cut into shreds! Which is EXCELLENT news!
I really wish that the article quoted above had been written earlier and had come to our attention earlier, for it is quite a valid and compelling counter to the "rah rah let's boycott the challenge" idea.
Basically, maybe we were all wrong, and cracking it quickly and effortlessly will not help the SDMI, but actually destroy it! Go crackers!
Time for Fairtunes (Score:4)
I hope artists also move to fore -- popular artists (those whose recording contracts permit) should release a song or three (or an album) in all mp3, and just take payment if you keep it. Say, 24 hours trial period, if you keep it longer, you have to pay. Obviously, its all voluntary, but who would balk at paying $3 to $6 for an ablum from an artist they like? I think the honest users of such a service would vastly outway any thieves.
Re:Ok, so who did it (who cares?) (Score:4)
Because the fundamental premise is obviously self contradictory. In order to have a truly effective watermark, the sound must be damaged to the tolerance of an ordinary listener when it's removed. In order to have a publically acceptable watermark, the sound must be unchanged to the most sensitive listener when it's added. The result is that you should always be able to create a procedure that mangles the sound at above the level at which the watermark exists, but below the level where an average listener will care. Doing so may damage the sound for true audiophiles, but won't mean anything to the casual listeners who constitute the lion's share of the market.
Sucks to be the RIAA (Score:5)
Re:Delays aren't necessary bad... (Score:4)
Delays are better than an uncrackable SDMI implemented tomorrow, but the best possible outcome would have been for the RIAA and their hardware cronies to dump billions into hardware and software with big holes in it. As an added bonus many of their customers would have found their draconian stance on IP to be too restrictive, and sales would have dropped. Simply because the "pirated" versions were easier to use.
The RIAA isn't going to learn unless the lesson is painful. I am all for the RIAA making money from their copyrighted material, but not at the expense of my fair use rights.
Oh, and by the way, hopefully this will give Ogg Vorbis more of a chance. MP3s aren't bad but Ogg is better!
Vorbis! Does noone here remember Vorbis? (Score:5)
Ahem, leaving SDMI for MP3 is just leaving the DMCA Swamp for the Patent Quagmire. Out of the frying pan, into the fire.
Why don't we go for the option that doesn't involve breaking the law (and has nice fringe benefits -- MP3 is old tech now), when we can?
And, by the way, the Vorbis [vorbis.org] format is finalized and has been for some time. bps limitations of current encoders are only a result of the encoding software, not of limitations of the underlying format. Not to mention that .ogg seems to be sounding better than higher-bitrate .mp3s as the encoders improve...
This does it, I'm re-encoding[1] all the music on my site to .ogg when I get the chance. I need the space savings anyway.
---[1] that is -- encoding new .oggs from pristine audio, not "converting" the existing .mp3s.
"converting" among lossy formats is always going to sound bad.
Re:Did they not expect this? (Score:5)
The ONLY possible result was to have their watermarking broken. As I mentioned above, it's not possible to secure it.
What you describe as their best possible result would actually be the penultimate nightmare scenario for SDMI. Ramping up production of new hardware and media is an incredibly expensive undertaking. Not to mention the risk of public rejection (for a primo example of this, learn the lessons of DIVX.) To get $2 billion down that path, only to be shot down by hackers. At this point, they're only out a few million. The $10K prize was a spit in the bucket.
As to your last point, professional cryptographers have been telling them this is impossible and a huge waste of money. People with money don't believe in "impossible." They don't understand technology, they understand money. And in their world, money can buy the impossible. They don't live in our world, where code can always do the possible.
John
This is nice - but what about other DRM systems (Score:5)
OK there's the little issue of the DMCA which would make such things illegal in the US.
I wouldn't be surprised if some of the SDMI breaks came from Microsoft to help promote their DRM server based technology.
Terrific! (Score:3)
Your observations about identifying the artist are right on- that's why I for one am very excited about one of the 'fingerprinting' technologies being developed. Basically it will be possible to do net searches in the future on snippets of unlabelled digital audio and return the artist's current website/information. This is incredibly important in a world where the information flows so freely- an example, if you use Napster you'll find all sorts of utterly unrelated bands uploaded mistakenly as They Might Be Giants. This is great for TMBG but unhelpful for the real artists- with the sort of fingerprinting we're talking about this would be trivially fixed, and anyone could track down the true creator's identity easily- again, _reputation_ is the key concept. It will become possible to accurately associate a positive musical experience with a specific name no matter how obscure and non-mainstream: compare this with the days of broadcast radio where you had to first fight just to get _on_ the radio and then pray/pay for the DJ to actually announce your name in association with it! This sort of gatekeeper will become a thing of the past- though it'll still have a place, with the new type of DJ being someone of known good taste and ability to audition more new stuff than most people have.
I can relate an anecdote of stuff that's still going on, that illustrates your point. I used to have music on mp3.com (before they turned their contract towards the Dark Side ;) ). It's not mainstream at all- in fact some of it is rather user-hostile, for instance a strange marimba-driven track named Bone Dragon. None of this brought me pop stardom, understandably- but I know my way around a mixing desk and build a lot of radical, high-performance equipment that goes against the habitual sonic dreck people inflict upon their recordings these days (see Britney Spears...), and I attracted some attention from some iconoclasts, and in fact I built *REPUTATION* as someone who could get a sound, an impressively professional sound. This has led me to the point where I'm seriously contemplating doing sound engineering work for a startup (not RIAA) that I've been talking to, and in fact already have a sale of commercial rights for a piece of my music waiting for when the deals are finalised (I'm also making extensive use of my sharpness and paranoia in relation to the contract that people will end up seeing- another area of reputation getting involved). And the first piece of music to find a home in this new context is... 'Bone Dragon'. Yes! The totally uncommercial, peculiar one! *g*
The point is- reputation is fscking _gold_ man. It is substantially more important than immediate cash. The fact that 'Bone Dragon' is out there as lots of mp3s, with my blessing upon their further noncommercial copying, does _not_ make it licensed for commercial use. If someone wants to run that in an advertisement they have to talk to _me_! (If they want to add cheesy singing munchkin jingles to it they'd better be offering a LOT of money, and I mean a LOT. Background use or use under narration does not tend to destroy the soul of the music so readily.) And if they want something else that's like that- again, they have to talk to me. Commercial interests can't legally copy and use the free music I have out there being copied under fair use- and _nobody_ can copy what hasn't been performed yet.
It all reminds me of some of the tenets of the Progressive Party (for which I'll do some voting this November). They are not big fans of inherited wealth, or of wealth derived from high lofty positions. If you think about that a bit you see that what they're advocating is a much tighter link between WORK and wealth- and that speaks for me, very much. Trouble is, I'm a musician (among other things) and that industry is utterly fixated on the creation of intellectual property which is expected to go on earning money _without_ me, for longer than I live. Frankly, I can't see the logic behind this. Okay, supposing I write a hit song and record it wonderfully- certainly that's worth being paid for. Once it's been recorded- then what? Where is the justification that I should be _entitled_ to never work again based on having done really great work once upon a time?
I don't see it, so I am essentially unperturbed by the idea of tossing my music and work out there for the world to scavenge and copy back and forth unpayingly. If I'm any good at it, there'll be people who like what I do- like it well enough that they _ask_ for more, or want me to spend my time engineering _their_ music or some such activity. "Shut up and play your guitar!" "Mix my album!" "Do more ambient!" And the answer is of course "What's it worth to you?". My ability to earn a living wage ought to be tied to my willingness to _keep_ _working_ and producing stuff to benefit people.
For this reason I completely and totally disrespect the RIAA and everything they stand for, and have total contempt for SDMI. It's just more attempts to impose a price on something that was once rare and has become a commodity too cheap to meter- art. Instances of art in the digital domain are too cheap to meter, they are free, there's no sense even _trying_ to mess around with micropayments and that crap (you'll be nickel-and-dimed to death!). Art is free. ARTISTS ARE EXPENSIVE. Think commissions, 'patrons'. If you can imagine a sort of art you _can_ get someone to produce it- what's it worth to you?
Of course.... (Score:4)
"You see?" they'll say. "Evil nasty hackers destroyed our benevolent effort to release music to the masses before we could even bring it to market. They've proved there's no way to distribute music in an open model."
The solutions they'll offer, of course, are:
- a hardware tax on everything, including computers, that can play or create audio files; and
- mandatory hardware-based encryption for CD players.
Don't laugh. No one thought they'd get the same requirements passed on DAT, which was heralded as all that and a plastic Jesus.