Forgot your password?
typodupeerror
Privacy

Andre Hedrick On Hard Drive Copy Protection 143

Posted by Roblimo
from the not-quite-as-bleak-as-you-think dept.
Andre Hedrick, Linux ATA dude and member of the committee that sets ATA hard drive interface standards, got your questions by email yesterday, and we got his answers back this morning. He gives us the inside dope about latest attempt by various copyright-worried industry heavies to stop you from using files in ways they dislike, spiced with a fair amount of humor, because... well, because Andre's just that kind of guy (and we like him that way!)

How voluntary is voluntary?
by squiggleslash

Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?

Andre:

SHALL != MAY :: REQUIRED == OPTIONAL

Because no one in the industry wants to be caught out of sync, it has been a running joke that "OPTIONAL" is the same as "REQUIRED"....

HOWEVER, the case of CPRM got a laugh that it could be the first "OPTIONAL" feature that would remain truly "OPTIONAL"! We all laughed around the room.

DVD CSS is in the world of MMC/SCSI, I can not comment.

Choices...
by cnladd

I apologize for the open-endedness of this question, but I have to ask it anyways. :)

If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?

Andre:

Sorry, I do not feel anything! If you wish to know what I THINK, then I will answer the question. The very nature of asking people how they feel about an issue allows one to wrap it in fuzzy language, and this is how we got into this mess. So THINK DAMN-IT do not FEEL, this is silicon and not flesh!

Think about all the software you own for backup -- WORTHLESS in a CPRM environment. OPEN wallets!!!!

Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?

GOOD MORNING!!!!

How to defeat it?
by sulli

If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?

Andre:

Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.

After creating my proposal, it was deemed too complex to use, thus the only way I would withdraw it was to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary.

Thus it appears that I have agreed to drop the no longer needed enable/disable CPRM feature set, because ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support!

Thus we may have finally won the removal of CPRM from your HARD DRIVE!!

WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO!!!!!!!

Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!

Better solution?
by RareHeintz

The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such efforts are doomed - smart people solve legal problems with lawyers, and technical problems with technology, and know the difference.

My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.

So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?

My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.

Andre:

Media serial number command proposal (e00163r0) by Microsoft, and for the record they are the good guys this time! Ths proposal has more uses than what it is listed. It also used this stuff that is already in the market that you do not know about but use, SURPRISE!!!! (I was also surprised).

This new command could be used a seed for encrypting content, but before you go NUTS - This command is only reporting sections of the IDENTIFY page command. NOT TO WORRY, 30 (thirty) minutes and the HACK to disable it is complete......

It has uses more valuable to Linux than what it is presented as... Imagine that you want automatic hotswap to de/re-register the device, this command is passive and thus will not hang a system....THINK before you COMPLAIN, because I agree technically with the command, and see no harm from it that cannot be undone.

How does 4C justify their position?
by plover

What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?

Andre:

Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.

(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.

Re:How does 4C justify their position?
by Snowfox

How does the 4C justify their position to the consumer? How is this in the consumer's best interest?

Andre:

Don't you what to download the movies you would not pay 7-10 bucks to see at the theater, in exchange for screwing up your computer? Boycott Hollywood and all movies, and see them crumble, is a counter-attack.

I'm still confused
by HuskyDog

I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?

Andre:

BINGO! Give that DOG a DOOLY from the FAIR! (GOOD MORNING!!!!, again)

Enforcement on Open Source platforms
by TWX_

How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?

Andre:

No, the DIRTY work is done in USER-SPACE and the file is written down with standard commands now. The XOR calculations originally proposed for the drive would have made the DRIVE do the DIRTY work.

Is this already approved for SCSI and Firewire?
by VValdo

Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)

First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?

Andre:

It is my impression that the game is over there, but join T10 and raise HELL!

What can we do to help you?
by rho

This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.

So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?

How can we aid your efforts in the most effective way?

Andre:

Well it appears that everyone has ruined the Christmas vacation of the current officers, (I am glad that I did not accept the potential offer to consider vice-chairman at ths time, but I may reconsider), and all the nasty-grams have been forwarded to the members. We have been asked to review the content by the acting chair, with a notice to re-think the actions to be considered in February.

Also you may vent on , but you will get no answer. I will forward this to the members of the committee.

Cheers,

Andre Hedrick
Linux ATA Development

This discussion has been archived. No new comments can be posted.

Andre Hedrick On Hard Drive Copy Protection

Comments Filter:
  • by Anonymous Coward
    You're right.

    Isn't it strange that reading caps-locked text really feels just as unpleasant as if someone was shouting at you?

  • by Anonymous Coward
    Check linux-kernel - He's always that way (on crack that is).

    Come to think of it, if I had to deal with IDE issues all day, I'd partake in a little of the rocky stuff myself.
  • by Anonymous Coward
    Quite a lot of encryption methods work by (or are the mathematical equivalent of):
    1. Generate a string of psuedo-random bits C the same length as the plaintext P.
    2. the encrypted text E = P XOR C.
    3. decrypt by E XOR C

    The arithmetic is that simple, once you have the key C at both ends. The problem is, if you use that same string of bits twice, you are dead; the CIA has cracked things like this just by comparing the two encrypted messages. So most (non-public-key) encryption routines will use some formula that expands a secret key out to a nearly infinite string of bits, so you can use each part of it just once. Shifting and XOR'ing parts of the key with itself are usually part of that. This reduces the problem to protecting the formula and the secret key from analysis -- and most modern encryption routines use the cypher bit string in a bit more complicated manner in order to make this more difficult.

    Or, in the strongest encryption known, you use a true random number generator, one that works on quantum fluctuations in hardware. You make exactly two copies of C. Then you have someone hand-carry one copy to the intended recipient. Once you know it got there without being copied, you use a piece of it to encrypt, the recipient uses the same piece for decrypt, then you both erase those bits. Since there is 1 random bit for each message bit, there is no pattern for a codebreaker to work on. Your only chance is to subvert one of the humans in the system. The traditional implementation of this technique (back when codes were worked by hand) was as a "one-time pad", where they would convert each letter to a number and add the code modulo 26. It's a little easier to do in your head than converting to binary, but gives the same result. The numbers could be generated by something like a Lotto machine. Then a clerk would type each number (manual typewriter) onto a sheet of paper with ONE carbon, triple spacing to leave room to work out the arithmetic underneath. (And you thought your job was boring.) The sheets were assembled into two identical pads, and one goes off by courier. You'd use a sheet once, then burn it.

    This was definitely unbreakable as long as everyone followed the rules. Therefore the Soviets under Stalin used it. But around 1940 as the world situation heated up, their lotto machines fell behind the demand. So they started putting three carbons in their typewriters and thereby doubled their output. Surely re-using the code just once wouldn't hurt right? Wrong. Our codebreakers were usually five years behind, but they did crack thousands of messages eventually. Some of that fuss about Soviet spies from 1945 to the mid 50's was real -- based on decrypted messages, but they couldn't bring the decrypts into court when they tried the spies because the Soviets would have plugged the leak.
  • by Anonymous Coward
    I'm still trying to figure out what IT is. Ive got copy protection on my brain.
  • by Anonymous Coward
    Jeez, if these replies were posted to those +5 comments on a regular thread, they would have all been marked -1 Flamebait/Offtopic. There was more content in the questions than the replies.
  • Fuck that. I flush low-flow toilets two or three times purely out of spite.

    - A.P.

    --
    * CmdrTaco is an idiot.

  • Is it just me though, or is Andre on a litte too much coffee or something?
    Dude, you've obviously never talked to Cliff Stoll. Compared to him, Andre's on Valium. I'm having this vision of Cliff sitting...well, above a chair, with the cushion averaging about four inches or so above the chair, and Cliff himself about another five or six above that as he bounces up and down. One of the marks of someone who cares far more about what they're saying than about looking cool...obviously excited about the topic. Andre strikes me in a similar fashion.
  • no he isn't. that's Andre's usual style that we see regularly on linux-kernel, very blunt and to the point in the fewest chars possible.

    however, whether you like his atypical style or not, he definitely knows his stuff - he maintains all the linux-ide drivers, implemented most of the newer stuff in them (ATA33/66/100, serial ATA, etc..) and was invited to sit on the T13 committee that decides on future ATA standards - a committee typically composed of representatives from various vendors.

    you can rest assured he didn't get that seat cause the committee were looking for a dealer. :)
  • Still easy enough to break -- write a program that acts as a debugger and captures the data from RAM itself. Even if you have to capture a byte at a time, it's virtually impossible to protect the decryption process that you cannot break it.

    I fail to see how a debugger in RAM is going to capture anything interesting if the decryption is done inside the monitor. Yes, this hard drive encryption is silly, but it can be done easily enough if someone has the determination.

    The wheel is turning but the hamster is dead.

  • All forms of copy protection can be defeated.

    1. User requests secure file from a remote site
    2. Remote machine asks for Hardware (in this case, it's a hard disk) ID number
    3. Remote site checks uniqueness/validity of number
    4. Remote site sends back a key to unlock that media with specific hardware.
    5. User proceeds to download encrypted media.
    6. User can now view media from that hardware, but not from any other hardware.
    Of course, this doesn't stop anyone from intercepting the decrypted data leaving the hard disk -- but that is akin to recording your favorite DVD onto VHS (or mpeg-4, or whatever). Plug Intel's new encrypted monitor spec in, and the data won't be decrypted until it gets to the monitor...

    Yes, I am afraid you can securely encrypt data. They know how, and they will do it eventually. Until then, we need to educate. Just like dongles of yesteryear, but without the hassle of plugging anything in.

    The wheel is turning but the hamster is dead.

  • There are a couple things.

    Check kerneli.org [kerneli.org] for some more info, as well as encryptionhowto.sourceforge.net [sourceforge.net]
  • RAID the drives, then the controller will split the data over x drives. A encrypted Filesystem would work - the drives would never see any plaintext/stream information at all.
  • Wow, what an interview!

    Did he used that style of language to intimidate the committee too?

    *ducks*
  • Microsoft is forced (think politically for a moment) to take one stance - I think they actually are silently happy about it, and were it not for the DOJ nipping at their heels, I think we both know they'd be behind it 100%.

    Fawking Trolls! [geekizoid.com]
  • More like the Steve Ballmer Charm School..

    Seriously, have you ever seen Ballmer in an interview? He talks like this guy writes..
  • UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT Information is ENCOURAGED, ESPECIALLY to COMPUTER BULLENTIN BOARDS.
  • The CA voter registration card rquires no proof of citizenship.
    Well here in Texas you need to be a citizen to register, and you need to show your Texas ID/Driver's License to cast a vote. Is it my fault your state is so fucked up?
    Oh, you're a liberal
    Yup. A "yellow-dog" through and through. But I DO have the balls to identify myself publically and stand by my opinions.

    Anyway, why hide behind "Anonomyous Coward"? Is is because you don't want Mommy and Daddy to know that you are using the computer when they told you not to? Or maybe it is because you are a yellow-bellied, chicken-shit goat fucker???
    --
    You think being a MIB is all voodoo mind control? You should see the paperwork!
  • Votes from Floridians were far more important than votes from the other 49 states.
    The ones that were counted that is...
    I wonder how many illegal aliens and legal residents, cast ballots?
    Proof, please. Facts, statistics, photos, etc. would be great. Don't just mindlessly parrot Rush Limbaugh's paranoid delusions...
    Remember, only citizens can legally vote.
    However, judging from the sentence previous to this one, U.S. citizens don't have to learn English grammar...
    --
    You think being a MIB is all voodoo mind control? You should see the paperwork!
  • From what I gather, every media device that would conform to this spec would require a unique key. (Otherwise there is no reason why I can see that the data couldn't be transfered to another HD).
    If this is the case, why not write a hardware abstraction layer that traps for the command to retrieve said key, and instead return some bogus, bub non-unique key? Obviously this would affect performance a bit, but the impact shouldn't be that big.

    Also, how the hell would this affect those of us running RAIDs? or are we not allowed to do that either?

    Move to Canada: No DMCA, no UCITA, no software patents, no bullshit.
  • ...and is nigh incomprehensible. Ladies and gentlemen, we have ourselves a robot.

    Which is scary. Because robots are scary. Or funny. Or both [1000robots.com].

    This comment may only be cached on copyright-enforcing hard drives, because I own the copyright and therefore 1 0WNZ J00.

    < tofuhead >

  • Whoops, not quite the best link. But 1 5T1LL 0WNZ J00.

    Here you go. [1000robots.com]

  • The next time your talking to someone non-technical that took a loss with the tech stocks, mention the real reason for the loss was the DMCA. Get enough prople calling their congresscritters blaming them for loosing their shirts because of this silly law may be the only way to get rid of it. I know they are mostly unrelated but the same is true the busty girl and the beer in the beer ads.
  • Just think, the freedom of our harddrives is in the hands of this man.

    I wonder if big industry executives can even take him seriously with that kind of attitude.

  • Yeah, but isn't that right out of a Carlin bit?
    I associated the whole "ask what I think, not what I feel" bit with Rush Limbaugh, who has said the same thing (more or less) before. Andre must be a dittohead. :-)
  • Excellent observations! This is proof that hardware based consumer controls are here to say and we can expect to see even more "technology assisted law enforcement" in the future.

    Future HaXorS will require hardware/firmware curcumvention techniques in order to maintain the current flexibility enjoyed by today's software based circimvention techniques.

    If the US public decides to remain allied with Micky Mouse and Hollywood, we may well end up with "Government Sanctioned Codes" along with "Computing Facility Liscensure" before too long.
  • I know this is totally off topic, but low volume toilets seem to be a bigger waste then their predacessors. How is water being saved, when I have to flush the damn thing 3 times to get a healthy crap into the sewer system.
  • But he mentioned that now this is all done in user space.

    That would circumvent any harddisk encryption or raiding since by the time the data was retreived and verified it would be in a readable format.. Andre mentions that in previous plans the process was the DRIVES responsibility.. but here he counters that.

    -Largos

    As always, if I appear to be wrong / make a mistake, let me know kindly.
  • This is not Andre. This is George. Or, Andre is George on slashdot, however you want to put it.

    Here's the interviewee's user page (also her in text -- slashcode is not making it a link for some reason: http://slashdot.org/users.pl?op=userinfo&nick=gbd ), if you have to convince yourself. The writing style is unmistakeable and unreplicable. The only difference is that he never says "GOD" (all caps) and his wife is not mentioned. I guess that's because it's a technical topic.

    No problem, you're welcome; glad I could clear that up.

  • I edited the reply a bit to make it more, well, sensible. I hope the content is retained, yet a bit more accesible.

    How voluntary is voluntary?
    by squiggleslash

    Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?

    Andre:

    SHALL != MAY :: REQUIRED == OPTIONAL

    Because no one in the industry wants to be caught out of sync, "optional" tends to be the same as "required." CPRM, however, may be the first "optional" feature that would remain truly "optional."

    Choices...
    by cnladd

    I apologize for the open-endedness of this question, but I have to ask it anyways. :)

    If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?

    Andre:

    The software you keep as "backup" would become worthless.

    How to defeat it?
    by sulli

    If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?

    Andre:

    Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.

    After creating my proposal, it was deemed too complex to use,but I reefused to withdraw it unless we were to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary. Thus ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support.

    This may in the end mean we have finally won the removal of CPRM from hard drives. This is good. However, it looks like removable ATA is still going to be bound to CPRM rules. This includes Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "media" and not fixed.

    Better solution?
    by RareHeintz

    The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such efforts are doomed - smart people solve legal problems with lawyers, and technical problems with technology, and know the difference.

    My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.

    So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?

    My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.

    Andre:

    Media serial number command proposal (e00163r0) by Microsoft is surprisingly good. It also uses stuff that is already in the market.

    This new command could be used a seed for encrypting content, but this command is only reporting sections of the IDENTIFY page command, so it will be easy to circumvent.

    It is particularly useful for Linux. Imagine that you want automatic hotswap to de/re-register the device.This command is passive, so it will not hang the system.

    How does 4C justify their position?
    by plover

    What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?

    Andre:

    Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.

    (Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.

    Re:How does 4C justify their position?
    by Snowfox

    How does the 4C justify their position to the consumer? How is this in the consumer's best interest?

    Andre:

    [reply omitted as -1, offtopic]

    I'm still confused
    by HuskyDog

    I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?

    Andre:

    Exactly right.

    Enforcement on Open Source platforms
    by TWX_

    How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?

    Andre:

    No, now the work is done in user-space and the file is written with standard commands. Originally the drive would have done the work.

    Is this already approved for SCSI and Firewire?
    by VValdo

    Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)

    First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?

    Andre:

    It is my impression that the game is over there, but if you're concerned, consider joining T10 [t10.org].

    What can we do to help you?
    by rho

    This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.

    So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?

    How can we aid your efforts in the most effective way?

    Andre:

    Send email to cprm@linux-ide.org. I won't reply, but I will forward comments to the members of the committee.

    Cheers,

    Andre Hedrick
    Linux ATA Development

  • Of course, this doesn't stop anyone from intercepting the decrypted data leaving the hard disk -- but that is akin to recording your favorite DVD onto VHS (or mpeg-4, or whatever). Plug Intel's new encrypted monitor spec in, and the data won't be decrypted until it gets to the monitor...

    Yes, I am afraid you can securely encrypt data. They know how, and they will do it eventually. Until then, we need to educate. Just like dongles of yesteryear, but without the hassle of plugging anything in.

    Still easy enough to break -- write a program that acts as a debugger and captures the data from RAM itself. Even if you have to capture a byte at a time, it's virtually impossible to protect the decryption process that you cannot break it. Every hour that one takes in designing a copy protection software technique, delays breaking it by a skilled cracked by 1-5 minutes. I don't believe there's any form of copy protection out there that hasn't been broken, nor do I believe there ever will be. There's enough possible flaws in this that even if most were able to be closed, there'd still be methods for getting at the data. This will only protect against the least determined pirates, the rest will find a work-around. Remember that even DeCSS wasn't the first DVD decrypting software -- most just used the DVD software for decrypting and either captured the decrypted frames from video RAM or via DirectShow, or captured the decrypted data from RAM as the DVD player ran.
  • Not sure if this works, but:

    /dev/hda1 is a file. Think about it. Instant encrypted filesystem? Certainly less overheads than conventional loopback. Anyone know if this would work?

  • ... I would be more inclinded to ask:

    1) does he have more of what it is he is taking?
    2) would $5 be enough for one hit?

  • I'm amazed at all the highly-moderated comments dismissing Andre's replies simply because they don't like the way he types©
    I, for one, had no problem understanding his responses, and besides being INSIGHTFUL, they were also much more INTERESTING and FUNNY than most of the drivel that gets posted on here© The "wake up after getting screwed" response was pure genius, IMHO©

    But for all th' people who have been comparing Andre Hedrick to Zippy the Pinhead, maybe this will help you: Understanding Zippy [wwwzippythepinheadcom]©

    -the wunderhorn

  • I thought that both SCSI and Firewire have had capabilities similar to the proposed CPRM for ATA for some time. And, clearly, in this case optional meant optional. Why is the ATA case different?
  • I'm taking bets on the number of startups that will go and make drives the old way without those stupid encryption schemes.

    I am also taking bets on who will tumble first after both Linux and Windows fail to suport the new technology.

    How wrong am I?

  • by Anonymous Coward
    OK, that's it, i'm going to grab the kernel source *now* and read the ATA portions. I am extremely curious to see if his /* source comments */ are as easy to follow, upfront, logical, and well-structured as this interview.

    void drive_interrupt_handler(int p, int i, char d) {
    (p _)=(i-'a')[d]:!(i-'z')?*(p //SET the HAPPY BITS!!!
    _)=32:(i>='A'&&i<='Z')&&((3&8|2)[O](d+1,d,24 L),
    *(p _)=0[d]=i); // BOING!!!
    }

  • I guess NOW we KNOW where ZIPPY THE PINHEAD went.

    1st Law Of Networking: Loose ends are bad, termination is good.

  • The only one I can come up with is for a hard drive in some form of embeded system (Like the flight controls on an aircraft) where you would want to make sure that no one was tampering with the code. Or maybe in a top secret computer to enforce classification.

    Still would not want it on my desktop/server or Tivo.

    The cure of the ills of Democracy is more Democracy.

  • Not to dump on Andre or anything, but I see writing like this all over the net. It's what happens when people who speak English as a second or third language try and be funny and breezy. Instead of being funny and flippant and informal, it just ends up reading like it was written by crack monkeys.
  • CNN [cnn.com] is running a complementary article to this interview titled Proposal to limit copyright on hard drives draws fire [cnn.com]. The article presents an overall view of the issues, describes who the different proponents and industry players are, and comments on the implications for end-users and Open Source programs.

    Considering the source, this was a well-balanced, well-written article. It also mentions that one of the main proponents of HD copy protection refuses to being interviewed.

    Cheers!

    E
  • Some things are embedded, but the sheer size of the data precludes using ROM (utterly prohibitive price-wise) or you've got something like a "smart file cabinet" like the DoD has on some of their platforms that stores things like topo maps that are linked to a GPS system, etc.

    For these, ROM/EEPROM is not an option. I can see where there's going to be problems with this copy protection scheme with things like DoD platforms. They like controlling the crypto themselves (and they use a hell of a lot tougher stuff than would be inflicted here)- and this just gets in the way. Also, if for some reason they don't have the magic keys and the drive encrypts something critical and won't decrypt...well, the results could very well be excessively fatal.
  • New toilets are required to use no more than 1.6 gal per flush.

    Look, if we can get a PC colled down to -40 just to overclock it, if *must* be possilbe to overflush a toilet, if that's your main worry.

    Karma karma karma karma karmeleon: it comes and goes, it comes and goes.
  • This is the worst "ask slashdot" ever. The questions were much more insightful than the answers. In the future I hope that ./ screens potential interviewees for their ability to carry a coherent thought. Even the interview with Lars Ulrich of Metallica was better, and he had someone dictate his spoken response.
  • ...Either that or Robert McElwaine, PHYSICIST!

    Schwab

  • Once upon a time there was a kook on the Usenet that I found amusing. His name was Robert E. McElwaine. His tagline was "UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT Information is ENCOURAGED, ESPECIALLY to COMPUTER BULLETIN BOARDS."

    See the resemblance? Check out the McElwaine classics here [umich.edu]
  • I think the quote was meant to be "you can vent all you want on /., but..."

    This might be a charitable interpretation, but I think his text got MUNGED.

  • I think the subject says it all. Modded down because of his choice of editor.
  • XOR is just used as a generic way of applying ciphers to plaintext. Use a secure algorithm such as IDEA or RC4 to create a pseudo random bitstream using your key as input, and XOR that with the plain text. On the other end, the recipient regenerates the same bitstream and XOR's it with the cipher text and out pops the plaintext.

    In any well designed cipher system, the generated bitstream will never be repeated so the technique you describe isn't of much use. Technicially, the output of the cipher is the "key" and your passphrase or key or whatever is a "key generating key".
  • This makes it much easier for MS and friends to keep you from loading software on more than one system - thus allowing them to suck more money out of your wallet. Think about that before you buy more software (if you do, I'm not saying that you specifically are that brain dammaged) from monopolists.

    Fawking Trolls! [geekizoid.com]
  • (Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.

    Not really. Most people are, essentially, sheep. They want bread and circuses--they really don't care how they get them. Juvenal was write. Just look at the policy debates in the US; they're all about how much bread (needed goods) or circuses (unneeed goods) should be given to the masses, financed (of course) by those who actually produce more than they consume.

    As long as Joe Q. Luser can get his movie and watch it, as long as he can write a letter to his mommy, as long as this doesn't cost him overmuch, he's happy. He doesn't care that he has no freedom. It's like proponents of affirmative action or hate crime laws--they don't realise, or force themselves not to recognise, that these things are the exact same as that which they are meant to remedy. They don't care that they have become the enemies of freedom, because it is their plates that are full, just like proponents of segregation and discrimination didn't care one bit about the harm their policies caused others--they were OK, and that's all that mattered to them, and matters to their modern-day equivalents.

    Joe Q. Luser will not see what he could have had, a world of information, of technology, of freedom and liberty. He's happy with the limited information he receives from his mass-media outlets, the crippled technology he uses and the security provided by eliminating freedom. The corporations and megacorporations are happy because they can line their pockets. The only people who are unhappy are those who saw what the future could have been, who worked for it, and who saw it snatched from them and replaced with a drab substitue.

    There are two great modenr dystopias: Orwell's 1984 and Huxley's Brave New World. Of these, Orwell's is the less accurate and the less frightening. Human nature being what it is, that scenario is extremely unlikely--although perhaps somewhat possible. Far more terrifying is the Brave New World in which all are happy and satisfied, in which strife, conflict and competition are a distant memory, in which there is no reason to change and the inhabitants of which, indeed, think that wanting the old ways is insane. They do not realise that they are living second-rate lives; it is impossible even to explain it to them. They are happy--theur bread and circuses are guaranteed and plentiful.

    DVD, CPRM, effectively-eternal copyrights and the like are all second-rate technology which fools the masses into accepting drab existenced. The dawn of the Brave New World is at hand. Even now, those of us who recognise what could be are dismissed as crazy, as wanting to stifle growth, of standing in the way of progress. I see now way to stem the bleak tide of control.

  • I've been doing that for years with PGPDisk now. Ooops, only Win32.

    I'd be surprised if there wheren't anything similar for Linux. Me thinks implementing something at the block-device driver level would be even simpler than at the file-system level.

    Btw. the PGPDisk source is available. Search and you'll find.

    Breace
  • Yeah exactly. What's up with the vagueness about that M$ thingy? And what the hell is this supposed to mean:

    Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!

    When just before it's stated that this is based on one or two bits to identify the difference tween removable and fixed. In other words how hard to it be to CRACK THAT? Like pretend my MicroDrive is FIXED. I'm sure I've got it all wrong, but PLEASE be a bit more clear about things like this.

    Breace
  • All forms of copy protection can be defeated.

    This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.


    Assuming that this, or something like this, is true, it doesn't reallly matter. The goal of the pro-IP community is not to eliminate piracy, but to reduce it -- not from a technical, but rather a practical point of view.

    Since the DMCA criminalizes and provides causes of action for circumvention technologies (which anti-copy protection is a species), this could substantially deter the extent to which "user joe" is willing to go to circumvent. Once the hacked machine becomes contraband, leading to risks of forfeiture or worse, folks tend not to own them.

    While history showed that a vital industry in copy-protection circumvention has always existed where copy-protection existed, the DMCA wasn't around then. This is different.

    Only the marketplace can respond here -- as they did once before. When hard disks became standard equipment, consumers no longer accepted copy-protected software as a matter of course, and a competitive software business responded to consumer demand.

    The best response is to provide competitive software that is open and unprotected. This pressures competitors to follow suit -- provided the rank-and-file actually give a damn. Traditionally, "user joe" doesn't much care about legal or technical things, but he REALLY GETS PISSED WHEN HIS SOFTWARE STOPS WORKING. If this happens again, the copy pro won't matter because businesses won't use it by sheer force of capitalism.
  • Did I just read that the cipher is a simple XOR?
    Andre: No, the DIRTY work is done in USER-SPACE and the file is written down with standard commands now. The XOR calculations originally proposed for the drive would have made the DRIVE do the DIRTY work.
    And now a reading from the book of Schneier (Applied Cryptography)
    I. Discover the length of the key by a procedure known as counting coincedences. XOR the ciphertext against itself shifted various numbers of bytes, and count those bytes that are equal. If the displacement is a multiple of the key length, then something over 6 percent of the bytes will be equal. If it is not, then less that 0.4 percent will be equal. This is called the index of coincidence. The smallest displacement that indicates a multiple of the key length is the length of the key.

    II. Shift the ciphertext by that length and XOR it with itself. This removes the key and leaves you with plaintext XORed with the plaintext shifted the length of the key.

    It may be time to dust off my abacuss and sharpen up the crayons.

  • Depends on whether you did it for love or money.
  • Video cards with TV out are only required to support macrovision if you are playing back a DVD. My (ok, ancient) Matrox RR-Studio doesn't spit out macrovision -- of course, it also won't play DVDs because of it. This is merely a protection of the rights the studios have bought -- they paid for macrovision on that disk so they do have the right to enforce what they paid for.

    I love seeing that lie about VCRs. I have two VCRs that don't give a rat's ass about macrovision. Macrovision was designed to confuse the AGC on VCRs. Only the more expensive VCRs have AGC's that can deal with this noise. Just about all video decoders will capture macrovisioned signals without distortion -- and set a bit somewhere to tell you macrovision is there. [For the record, there are even DVD+VCR combo devices available now too. I don't know how the hell they get away with it, but there it is.]

    Low water use is mandated by the Clean Water Act. If you bothered to keep up with what us humans are doing to ruin the planet, maybe you'd understand why this matters. [FWIW, the Colorodo river no longer reaches the ocean. etc. etc. etc.]
  • You're right. It is just as uncomfortable :)

    I don't think it's uncomfortable in the same way though. When someone is yelling at me, I want to hit them. When THIS guy USES CAPS too MUCH, I just want to close my browser. :)

    Dave

    Barclay family motto:
    Aut agere aut mori.
    (Either action or death.)
  • Nice fast alternative to encrypted file system - spg's got a good idea here. You have to be pick an appropriate RAID format - if the files are broken up into 8KB pieces, that's probably enough that the disk controllers will latch onto them anyway, though only the blocks with the start of the copy protection software should trigger it. But there ought to be some straightforward way to deal with that problem.
  • Okay, I've seen a bunch of posts asking what this is and what it would be used for, so here's my 2 cents:

    The tech proposed (as I understand it) basically gives an ATA drive a key with which it encrypts/decrypts data on writes/reads. Basically the end result is that if you burn a file (say an MP3) to a cd only the drive that burned it will have the keys to decrypt it. That's my rough understanding... and this would apply to HDs as well...

    Now from what I deciphered from his answers the revisions mean that 1) the encryption will only be done for removable media and 2) it will be done by software, not the drive controller

    Basically if I interpreted the answers correctly, it means that those of us using Linux or other Open Source OSs won't have to worry about it because our software won't be using the encryption so that CD of MP3s burned on a Linux box will be readable on any system... although disks created on OSs using the system will still not be readable by us...

    I think I deciphered that correctly =)

    .technomancer

  • It's usually the case, always for ANSI, that membership and participation in a standards setting organization is voluntary. I.e., he volunteered. Frequently members come from other organizations (either professional, not for profit, or commercial) with an interest in the standard being prepared. Peace Marty
  • If that were true, Microsoft wouldn't be opposing this standard.

    Can't you at least read a little of the discussion before making such an inane comment?
  • http://www.scramdisk.clara.net

    Many people use it on Windows instead of PGPdisk. I don't know about you, but after that ADK fiasco, I have serious doubts about NAI's ability to review and ponder their own code. It seems to me that, being the #1 encryption software provider on the planet, they'd be a big target for tempting offers from certain 3-letter agencies to munge a piece of code here or there.

    Scramdisk, on the other hand, is worked on by only a few core people, not dozens, giving less of a chance for deliberate tampering. Just an opinion, but it seems that having a few trusted people close to the project working on the code is better in a security product than delegating its creation and upkeep to dozens. And of course, the source code is completely open. Grab it and compile it if you're uber-paranoid.

    It also has advantages PGPDisk doesn't, such as support not only for Win9x and WinNT/2k, but a Linux port is in the works. It's freeware for Win9x and Linux, payware for NT/2k.

    It also has better algorithm choices than PGPDisk. You get your choice of 9 algorithms, including Twofish, and more are on their way.

    Might be worth trying. Scramdisk also has some support for steganography in WAV files, and better yet, for entire encrypted partitions, not just container files. It's very respected, particularly in security-oriented groups on USENET.

  • There are already loopback devices in Linux where a file on one filesystem can become a filesystem all of its own. Thus harmless looking file disk.img contains all the questionable files. If you're worried the disk will be able to still tell that the data is copyright on the way in and way out, simply xor it with "MPAA/RIAA_SUCK"

    Rich

  • What's a DOOLY?

    I don't KNOW what it is, but I'd LIKE one.
  • I quite often hear the argument that "no matter what protections they create, there will be a way to bypass it." While this may be true, I certainly hope that nobody allows themselves to be more accepting of such restrictive technologies as a result. Not only would a circumvention device be illegal under the DCMA, but Joe Average Consumer would not purchase such a device, for ethical reasons. Right now, you can buy macrovision strippers, illegal cable descramblers, and any number of similar things, but most people wouldn't buy one. If the corproations manage to convince the public that freedoms we now enjoy (such as recording a program for later viewing) are illegal, people will feel the same reluctance to purchase a device designed to circumvent that restriction. Unless the default settings on all future televisions, VCRs, CD players, and other devices preserve the fair use rights we now enjoy, we may as well give up those rights ourselves.
  • Ace905 says "All forms of copy protection can be defeated"

    But you'd better not tell anyone how to do it, cause that's illegal now (at least in the US). "Trafficing in Circumvention Technology", it's now called.

  • I still DON'T really UNDERSTAND.

    MAYBE I am a bit tired, BUT I just can't make SENSE of answers OF andre.

    Could SOMEONE explain me how the thing is SUPPOSED to work. And BTW, all-CAPS words may not be NECESSARY.

    ("How is it supposed to work ?" was IMHO, by far the most interesting question in the orignal article, but have not been answered here [or I can't make sense of the answer]. As long as we don't understand this, all the issue is FUD...)

    Cheers,

    --fred
  • Well, this make little sense to me. If the driver crypt when writing to it, then it have to decrypt when reading from it. This would not pose any problem.

    I suspect that the whole thing is much more complex, as there is a need for 'trusted' applications (ie: the one that are allowed to manipulate copyrighted data in an unencrypted form), and maybe a public/private key system between those apps and the disk. But in that case, as soon as one of those app would be broken (by reverse engeneering), the data could be read. And,. anyway, it seems possibler to write a disk driver that lie to all the applications and pretend that it encrypt the data even if it don't. Or maybe applications use crypto to assert that the disk knows a private key. But in that case, as soon as one of those disk key would be leaked, a driver could be built that will pretend beeing this disk.

    Basically I am lost. If anyone understand this, I would _love_ to get a detailled explanation of how it is supposed to work.

    Cheers,

    --fred
  • Hmmm... if SCSI committee (T10) has implemented a version of this copy protection scheme, then does anyone know which document would contain the spec on www.t10.org ? Acronym navigation is no longer my strong point.
  • Yeah, but isn't that right out of a Carlin bit?

    ...Used to be that you would go to a meeting and ask "Well, Bob... what do you THINK?"
    and then Bob would respond with a logical discourse of his thoughts as they relate to the topic at hand in a logical, coherent manner.

    Now, when people talk to Bob at the meeting, they ask "Well, Bob... what are your FEELINGS?"
    whereupon Bob proceeds to dredge up all his crappy personal baggage while spewing out a bunch of fuzzy double-talk that has very little to do with the issue being discussed.

    ...or something like that?

  • Many people have critiqued the manner in which Andre choose to respond. I found it eccentric and amusing. He didn't seem overly sparse on technical considerations of the hardware in question, although admitedly I know nothing in detail of the ATA spec. He was writing for specialist audience.

    What really intrigued me though, [and which I have not yet read any comments in regard to] is what exactly did he mean by
    Ths proposal has more uses than what it is listed. It also used this stuff that is already in the market that you do not know about but use, SURPRISE!!!! (I was also surprised).

    in regards to unique serial numbers on media? Hmm. Makes me wonder about that registration card I sent in for my CDR, as well as all that cheap [with rebates] CDR media out there.


    The pen is mighter then the sword. The sword is mighter then the court. The court is mighter then the pen.

    ---
  • I don't see this as an ATA standard if the encryption work has to be done in user space. I mean, they can add this in to Linux without reworking the IDE / ATA standard. Looks like "they" want to make this look like its required. The guy said so himself that if your using open source software without the offending code, you bypass the encryption. Even if there is "hard drive copy protection" who's to say that you can't FTP a file from your hard drive to another hard drive? I want what they're smoking!
  • Does anyone know Andre's native tongue? His answers, although totally comprehensible to me (it's the coffee), did some ..... interesting things with English grammar.
  • SecuROM: broken
    DiscSafe: broken
    Thousands of other CD-CC mechanisms: broken
    "Secure" ATA: pending

    Exact status of projects marked pending:
    "Secure" ATA: Time to release: t, Time to breach: 0.5t
    Note: This one should prove easy since we can write on the media directly.

    What I want to say is the following: It might be a nice try, but larger HD's and software one's willing to pay for should be higher on the priority list. BTW, I have the f***ing right to make copies for personal use and I'll regard any license agreement stating otherwise as void since it'd keep my from protecting my very own possessions. Thus, such a mechanism would violate some of my more basic rights just as CC on CD's does.

  • Is it just me though, or is Andre on a litte too much coffee or something? ;)
  • If something embedded is that important, it's burned into ROM, and probably not even the EEPROM type, so that way it cannot be tampered with.
    "Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
  • My question was something along those lines too, but I couldn't really figure out what he said to me... oh well...

    "Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
  • From the feature:

    Enforcement on Open Source platforms
    by TWX_

    How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition
    types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the
    measures if the data does not reach the drive in its original form?

    Andre:

    No, the DIRTY work is done in USER-SPACE and the
    file is written down with standard commands now. The XOR calculations
    originally proposed for the drive would have made the DRIVE do the DIRTY work.


    ------

    Interesting, so effectively one is not able to work with the data in advance before the hard disk handles it, requiring the hard disk to have some kind of partitioning that is designed in, or at least that's what it sounds like from what is being said here...

    Looks like it's time to go get that 81GB Maxtor now before too much crap happens...

    "Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
  • by Anonymous Coward on Wednesday January 10, 2001 @06:51AM (#516932)

    The jargon file (4.2.3) says it best:

    copy protection n.

    A class of methods for preventing incompetent pirates from stealing software and legitimate customers from using it. Considered silly.

  • by Non-Newtonian Fluid (16797) on Wednesday January 10, 2001 @08:59AM (#516933)
    Is it just me, or did Andre just hit M-x insert-zippyism everytime he wanted to answer a question?

    "How many retired bricklayers from FLORIDA are out purchasing PENCIL SHARPENERS right NOW??"

  • by Nailer (69468) on Wednesday January 10, 2001 @01:03PM (#516934)
    it probably wouldn't even qualify as "circumvention" under DMCA because there are lots of good reasons to encrypt your HD data.

    Yes it would. Just because something had a primary useful purpose which is not circumvention of copyright doesn't mean somebody with a lot of money won't push to give it a semi-outlawed legal status.

    I remember a certain consortium runnign round recently telling the judge They're DECRYPTING DVDs! Um, yes, and so is every other MPAA licensed player. OMS and the resulting players, Xine and OMS, just chose to reverse engineer their decryption keys rather than pay for an MPAA license and the associated restrictions - because they are open source, they cannot do so anyway.
  • by dbarclay10 (70443) on Wednesday January 10, 2001 @06:56AM (#516935)
    Did anyone feel enlightenened by the end of this? I felt that someone had robbed my of my time.

    The questions wern't answered terribly well(I'm not going to single any out), AND HE YELLED WAY TO MUCH!!!!

    It was PAINFUL to READ!

    Are they SURE that's REALLY Andre Hedrick? It LOOKS like some l33t k1dd13's RESPONSE!

    Dave

    Barclay family motto:
    Aut agere aut mori.
    (Either action or death.)
  • by mikej (84735) on Wednesday January 10, 2001 @06:48AM (#516936) Homepage

    Is it me, or is the CONSTANT use of CAPS hugely out of line with the value of the discourse? Maybe I've just trained myself to hate this writing style, but I found it very very hard to take the comments seriously with this kind of RIDICULOUS compositional STYLE.

    Shrug.

  • by festers (106163) on Wednesday January 10, 2001 @07:24AM (#516937) Journal
    Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?

    Although amusing, somehow I doubt this analogy will hit close to home for most of us.


    --------
  • by Richy_T (111409) on Wednesday January 10, 2001 @05:13PM (#516938) Homepage
    All forms of copy protection can be defeated.

    OK, It's time we stopped using their terms and doing their spin for them. Let's call it "content control" which is what it is and not copy protection which it doesn't

    Rich

  • by Hellburner (127182) on Wednesday January 10, 2001 @07:08AM (#516939)
    Yeah, I have to agree. The only image I got was Dana Carvey doing Shrub, Sr. :

    "That's bad...bad!...BAD!...BAD!"

    This guy was useless. I wanted a rally point---whom shalll we put pressure on.
    He provided no real technical explanation, no point of focus toward protest effort, and basically said "Well, write off scsi, they're fucked anyhow...."

    Thanks. With incoherent jibble like this, I don't need Shrub.

    I guess the only answer is this:
    There will be no help: no politicians, no corps, no Naderuseless groups of "protect the ATA whale" freaks. Sorry no dice. No help. Bought and sold.
    So....
    The only answer is coordinated subverted opposition and cooperation:
    How do we proceed to build the hack.

    I volunteer. I don't know a damn thing. But I'll volunteer the cycles and I'll shuttle emails, I'll be a dead drop for info passing. I don't care.

    I am sick of the fed/corp screw.
    END OF LINE, dammit! (Cartman voice)
  • by f5426 (144654) on Wednesday January 10, 2001 @08:08AM (#516940)
    Who is this guy ?

    Well, if you run linux on consumer hardware, this guy is the one responmsible of the IDE drivers. Its web site is at www.linux-ide.org [linux-ide.org]

    Cheers,

    --fred

  • by Fatal0E (230910) on Wednesday January 10, 2001 @07:18AM (#516941)
    a intarviwe wiht JeffK!!!!!!!!!!!!!!!!!!!!!1

    "Waht iS Lunix and woh cals yuo AAT?"

    "Me Ted"
  • by grovertime (237798) on Wednesday January 10, 2001 @06:37AM (#516942) Homepage
    I appreciate Andre's banter, even if I'm unsure of the validity here and there, but what struck my fancy was his affiliation.

    Andre Hedrick, Linux ATA dude and member of the committee that sets ATA hard drive interface standards...

    How did he become a part of that committee? Was he elected or appointed? Did he have to do sexual favours for some of the older members? Seriously though - how does someone attain that (eh-hem) lofty title?

    1. humor for the clinically insane [mikegallay.com]
  • by squiggleslash (241428) on Wednesday January 10, 2001 @07:35AM (#516943) Homepage Journal
    1. This is Andre's NORMAL arguing technique. YOW! By confronting the ATA committee with CONFUSION like THIS they'll tie themselves in KNOTS and not adopt STUPID copy PREVENTION schemes like THIS ONE!!!
    2. Andre PASSED HIS COMMENTS through the TYPE of encryption PROPOSED for ATA to PREVENT the copying of stuff. ZAPP!!
    3. It's Andre Hedrick Day in BRAZIL [hypermart.net], and APPARENTLY CHARLES MANSON thinks he needs TO CALM down!! (OUCH!!)
    Who knows? I'm sorry, but I couldn't make head or tail of his answers, except possibly that he's being flippant because he finds the 4C proposals absurd.
    --
  • by Anonymous Coward on Wednesday January 10, 2001 @06:59AM (#516944)
    Ever wonder why no standalone DVD deck has firewire outputs? Surely digital outputs are the best way to get the best picture. Nops. Banned by the DVD-CCA.

    And video cards with TV outputs are required to support macrovision.

    VCRs are required to screw up recording when they see the macrovision signal.

    New toilets are required to use no more than 1.6 gal per flush.

    Rights? What rights?

  • by Scarblac (122480) <slashdot@gerlich.nl> on Wednesday January 10, 2001 @06:54AM (#516945) Homepage
    I'm sure he's doing a great job for the good guys, and knows his stuff very well, but...

    Man, those were some INCOHERENT answers! With lots of CAPITALS! It's the DIRTY STUFF in USER SPACE, man!

    So he got the questions yesterday evening, and the answers this morning? I bet he was already drunk when he received them :)...

  • by sulli (195030) on Wednesday January 10, 2001 @06:56AM (#516946) Journal
    I asked the question "Can you defeat it? [slashdot.org]" and got the following answer: "an encrypted filesystem would certainly do the trick." Since Andre notes that DeCSS-like tools would need to be constantly updated to reflect expiration / revocation of h4x0red keys, wouldn't it make more sense just to, as Andre notes, encrypt the filesystem before it hits the drive, so the drive can't tell whether you have a DivX copy of The Matrix or just random noise?

    I'm no Linux guru but I bet someone here could develop just such a tool - and it probably wouldn't even qualify as "circumvention" under DMCA because there are lots of good reasons to encrypt your HD data. Of course there is the processing overhead, but that's getting cheaper every day (except for Mac users).

  • by Hanno (11981) on Wednesday January 10, 2001 @07:00AM (#516947) Homepage
    I agree. Those are some really strange answers and I stopped reading the interview halfway through. I hope to read Andre's other responses once he woke up and wrote a second set of answers.

    ------------------
  • by MarcoAtWork (28889) on Wednesday January 10, 2001 @07:06AM (#516948)
    ... not give the person interviewed 5 tin cans of penguin mints just before the interview.

    ...check that they didn't SCREW WILDLY the night before.

    ...disable the perl script that inserts RANDOM capitalizations IN the TEXT.
  • by Lotek (29809) <(Vitriolic) (at) (gmail.com)> on Wednesday January 10, 2001 @07:53AM (#516949)
    Did someone at slashdot re-route the Andre responses through the Zippy the pinhead metafilter? [metahtml.com]

    Let's try an experiment - Decide which of the following quotes are from Andre, and which are from Zippy the Pinhead:

    1. "Thus we may have finally won the removal of CPRM from your HARD DRIVE!!
    2. "OKAY!! Turn on the sound ONLY for TRYNEL CARPETING, FULLY-EQUIPPED R.V.'S and FLOATATION SYSTEMS!!"
    3. "WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO!!!!!!! "
    4. "BINGO! Give that DOG a DOOLY from the FAIR! (GOOD MORNING!!!!, again)"
    5. "Tex SEX! The HOME of WHEELS! The dripping of COFFEE!! Take me to Minnesota but don't EMBARRASS me!!"
    6. "This new command could be used a seed for encrypting content, but before you go NUTS - This command is only reporting sections of the IDENTIFY page command. NOT TO WORRY, 30 (thirty) minutes and the HACK to disable it is complete...... "
    7. "I'm thinking about DIGITAL READ-OUT systems and computer-generated IMAGE FORMATIONS.."

    answers below

    Farther down.

    Here they are!

    Answers:

    1. Andre
    2. Zippy!
    3. Andre
    4. Andre
    5. Zippy!
    6. Andre
    7. Zippy!

    IN a more serious vein, it does sound like the hard drive problem either won't happen or will be easy to overcome... YOW!

  • Anyone happen to have links to the Microsoft system he discussed? I like to think I'm in touch with social norms but this dude really threw me some curve balls. So seriously, here's one more question for you.. What did 90% of your responses actually mean?
  • by small_dick (127697) on Wednesday January 10, 2001 @06:56AM (#516951)
    wonderful responses, but... the last question asked what we can do, but Andre basically said "you can vent all you want...but..." i don't think this is the case. earlier in the piece, it is mentioned that a law passed about two years ago spawned this demon crap. i strongly recommend that anyone interesting in countering some of these horrid laws PLEASE JOIN the eff [eff.org] right away...i wish andre had answered the last question this way. finally, the one comment about "give the dog a dooly"...the question and answer were great. anyone not sure they understand all this stuff should look that one over.

  • by Ace905 (163071) on Wednesday January 10, 2001 @07:01AM (#516952) Homepage
    All forms of copy protection can be defeated.

    This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.

    The reason it is possible to defeat all copy protection, is simply because with todays computers you have access to the software you are running; you must have access to it, or it could not be on your system.

    To defeat copy protection, you need only analyze how the software protects itself from illegle copying and circumvent it through the use of additional software, or modifying the original software.

    Software companies can make the process as complicated as they want, the US can pass laws banning all reverse-engineering (Which is the equivilant of banning simple problem solving concepts, ie: 2x4 = 8 but legally you can't find out what 8/4 = ). Or the other way around, (Few what a paradox).

    The only solution to prevent illegal copying is either to have very good public relations and rely on the honesty, and ethic of the general public in relation to your product (This is the best solution);

    Or to offer your product on 'closed' systems, that is, systems where installing software and working with the contents of memory yourself - are next to impossible. Systems which are not made to be configured by the general public.

    To my knowledge, these systems really don't exist; as everything today is made programmable, and the concepts are understood by everybody. You can program for game consoles, PDAs and home computers. And until the price of fabricating technology comes way, way down; there is not going to be a solution to the problem of copy protection because systems are made to have multiple uses, and this in itself gives anyone the ability to modify their software to do things it was not intended to do.

    People demand these options, companies provide them, and then companies get angry that people demand total control over the products they own. It's BS.

    I say, take back the right to use software however you wish; it's up to the companies to convince the users that their software is worth paying for.

    I have a copy of Windoze, I use it regularly, and I refuse to pay for it because I am not convinced, not in the least, that it is worth a hundred bucks; not to me, and not to most computer users. It is closed-system software, and it sucks.

    If microsoft had not cornered the software market so long ago, I would not be forced into running their crappy product for compatibility issues; and therefore I feel I have the right to use it free of charge, how else am I going to play Counterstrike...

  • by kenthorvath (225950) on Wednesday January 10, 2001 @06:35AM (#516953)
    ...to prositution?

    Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?

    Inquiring minds want to know...

Optimization hinders evolution.

Working...