Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
It's funny.  Laugh.

E-Book Copy Protection, For What It's Worth 294

AudioBooksForFree.Com writes "WHSmith have challenged AudioBooksForFree.Com to breaks Microsoft Reader e-book protection. It just took 30 minutes." No, they didn't break the encryption; instead, this is just an application of the idea that it's very hard to make something which can be displayed but not copied.
This discussion has been archived. No new comments can be posted.

E-Book Copy Protection, For What It's Worth

Comments Filter:
  • by jedwards ( 135260 ) on Saturday October 05, 2002 @05:27PM (#4394521) Homepage Journal

    I just popped of the "PrtScn" keycaps from all my keyboards and burnt them. I don't want Microsoft's lawyers after me for DMCA violations.
  • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday October 05, 2002 @05:27PM (#4394523)
    The article hits the nail on the head: if you can see it, you can copy it. Please note that the recording industry thinks they can change this sort of thing, by requiring all analog to digital converts (ADCs) to respect some sort of digital protection. Those dumb shits... :)
    • by weston ( 16146 ) <westonsd&canncentral,org> on Saturday October 05, 2002 @05:56PM (#4394629) Homepage
      the recording industry thinks they can change this sort of thing, by requiring all analog to digital converts (ADCs) to respect some sort of digital protection. Those dumb shits... :)

      I think they could do it. Add a "watermark" into the audio data -- just encode a little bit of information into some band where human perception isn't that great -- and outlaw the production or import (or possession!) of any and that doesn't respect the restrictions implied in this recording (and maybe telephone whoever the RIAA hires to police this).

      Of course this could even be defeated. But you'd need to either modify the ADC, or you'd need to have a physical piece of electronics that could filter out the copy protection signal. Not only would these be illegal to distribute (or maybe even possess!), but once people have to go and purchase something like this, rather than download some software, it's that much more likely they'd just pay for the music.

      Don't imagine it can't be done. It's technologically feasible, if the right laws got into place. I'd certainly hope the tech industry would fight this tooth and nail, and that WE would fight it tooth and nail, but it's certainly not outside the realm of imagination, or possibility.

      • There is no way they can stop me from putting a microphone near the speaker.
        Yeah, there would be some loss, but if you use good equipment, not a lot. And I can't see them outlawing speakers and microphones (tough you never know)
      • by ParisTG ( 106686 ) <tgwozdz.gmail@com> on Saturday October 05, 2002 @06:18PM (#4394706)
        ...and outlaw the production or import (or possession!) of any and that doesn't respect the restrictions implied in this recording...

        This is not feasible. These devices are so wide-spread already, that pretty much everyone has several of these, in one form or another. Unless you went to everyone's home, and destroyed them all, then passing the law is futile.

        But, just to play devil's advocate... I am currently working on a vehicle project which uses several ADCs to monitor various voltage levels. These devices can be bought for pennies each, and can also be used to sample an audio signal. If your prediciton comes true, these devices would now be illegal, and their replacements would be 1000x more complicated (since they now have to have logic to detect the watermark). So now, instead of buying a 5 cent chip to monitor my voltage levels, I have to buy something significantly more expensive and more complicated, for no good reason.

        In other words, it's not gonna happen.

      • Don't imagine it can't be done. It's technologically feasible, if the right laws got into place. I'd certainly hope the tech industry would fight this tooth and nail, and that WE would fight it tooth and nail, but it's certainly not outside the realm of imagination, or possibility.

        Maybe theoretically it can be done, and practically it might even be legislated, but this will never work, and it better be more than the technology industry fighting it.

        "If you can see it or hear it, then you can copy it perfectly" needs to become a common mantra. To express the futility of any of these copy measures to someone who doesn't understand digital technology, use a good analogy. For instance, some of these proposed laws are roughly equivalent to mandating that all sharp edges (or potentially sharp edges) must have built in safety guards and require a license to carry, whether it's a steak knife, a plate glass window, or a block of iron.

        People don't seem to realize that digital components are as ubiquitous and cheap as many raw materials. Outlawing or restricting their use according to the whims of the RIAA makes about as impractical and stupid as outlawing or taxing water to prevent drowning.
        • [i]Outlawing or restricting their use according to the whims of the RIAA makes about as impractical and stupid as outlawing or taxing water to prevent drowning.[/i] A better analogy would be to tax tap water so companies like Evian won't lose revenue.
        • People don't seem to realize that digital components are as ubiquitous and cheap as many raw materials.

          Which is exactly why the poster is right. Most consumers would not know what to do. They'd end up going along with the restrictions. Engineering majors would have their moments of fun when they're poor but clever college students with access to parts to build their own ADCs, but that's about it. And with most consumers running their Trustworthy Computing Platform, mucking about with the files in software won't be legal or easy.

          This is all dependent on insane legislation, but we all should be well aware by now that sanity and the legislative process as we know it in the U.S. are not necessarily correlated.

      • > Not only would these be illegal to distribute (or maybe even possess!),
        > but once people have to go and purchase something like this, rather than
        > download some software, it's that much more likely they'd just pay for
        > the music.

        You forget that it's only the person doing the copying who needs all this specialised (and perhaps eventually, illegal) hardware - once the music/video/ebook has been captured in an unencoded form, anyone can snarf a copy and play it.
    • by binaryDigit ( 557647 ) on Saturday October 05, 2002 @10:40PM (#4395423)
      if you can see it, you can copy it

      Well, sorta. One thing that you can't simply "copy" is interactivity. DVD's are an excellent example. While you could copy the film, you can't "copy" the menuing. You also can't simply "copy" the various audio tracks (directors commentary, other languages, etc) and have them selectable. Now, you could copy all these things piecemeal and then put them back together with a DVD authoring program, but who'd do all that just to save $14.99.

      So I think that what we'll start seeing a lot more of is "non-linear" content. Stuff that you can't just simply "press record" to get. This combined with reasonable prices will thwart many a casual copier. Then to boot, the mass pirater gets hurt because they don't want to spend the time to make "nice" copies, so they'll just copy the movie. Which will still make them bucks because a lot of people just want to see the movie anyway. But more and more people are getting addicted to all those fancy new features. And certainly, anyone who wants to "own" a copy often will definitely want those features.

      So we are in the interesting place that the media industries best weapon against piracy is to take advantage of the technology more and sell it at a reasonable price, not the worst thing in the world.
  • by groman ( 535485 ) <slashdot@carrietech.com> on Saturday October 05, 2002 @05:28PM (#4394525) Homepage
    1) Create a font that bit-encodes every character in a machine recognizable fashion.
    2) Write a program/script that launches an e-book reader and scrolls down taking screenshots and running them from primitive OCR(not really character, since your font is just monospaced pixel encoding with no anti-aliasing, it should be very easy).
    3) Decide if certain areas are noise, whitespace or pictures. Apply.
    4) Generate LaTeX file, or PostScript.

    Oh dear, did I just violate DMCA?
    • by Anonymous Coward
      Way back someone wrote a utility for the Amiga that can read text off practical any part of the screen. It is pretty fast in spite of the fact that it is doing text recognization off the bitmap screen.
    • by billstewart ( 78916 ) on Saturday October 05, 2002 @06:20PM (#4394714) Journal
      You're mostly correct today, but your assertions may not remain correct for very long, especially if Fritz Hollings gets his bills adopted.

      Almost every PC-like computer today lets you get at instructions to the video display adapter somehow. As computers move to tighter integration, with low-to-medium-end graphics adapters built into the system chipsets, this may require more cooperation from the operating system because there's nowhere to stick a digital logic probe, but it's still doable.

      Almost every video display adapter available today lets you get at the digital version of the image before it's fed to the D/A converters. (Audio probably doesn't.) In the past it was simply a result of the obvious architecture for building the things - using some kind of frame buffer than your equipment can write in. Depending on the system, this may take some complex programming, but it can be done. It's also convenient for some applications, such as print-screen and other screen dumps, so it's good to have. (And OCR is good enough you don't need special OCR fonts any more, just simple conventional ones.) The systems that don't let you do that are largely special-purpose things that don't have general-purpose programming available to the users (e.g. video games.) And

      But that may not always remain true - the Digital Rights Management crowd are agitating to get control of system design, because all your bits are belong to them and they want to keep it that way. Imagine if your video board and sound board or their integrated chipset equivalents used encrypted data formats instead of unencrypted - it wouldn't matter that you put a logic probe in the line, because you couldn't read the bits. It wouldn't even require much extra CPU - the RC4 encryption algorithm is strong enough, fast enough, and uses very little memory. Key exchange is requires some CPU, but it would be pretty simple to build a public-private keypair into the adapter, where the public key is retrievable by the CPU but the private key is only accessible to the adapter, and require a setup message (either at boot time, or perhaps on a per-application basis) that creates a session key, pk-encrypts it, and hands it to the adapter.

      As a crypto geek, I've got mixed feelings about this - I'd like to be able to write an encrypted voice telephony or video conferencing system that not only couldn't be eavesdropped on, but also couldn't be wiretapped by a virus stealing the data path. But the TCPA / Palladium / Fritz Hollings view of DRM basically requires the system to give root access to any program that wants to use the security, and that's blazingly unsafe. It's not clear to me that you can get away with much less than that and still get real application security, but the stuff's obviously Not Ready For Prime Time even on a requirements basis, much less a design or implementation basis.

      • But, by Jove, if I can see it on the screen, I can retype it. Tedious - yes, impossible - no, if you really want to do it!
      • especially if Fritz Hollings gets his bills adopted.

        In order for DRM to work, everyone (or a large majority) has to have it. Computers without solid DRM will be able to copy protected content. If not enough people have DRM enabled machines, the infrastructure (license servers etc) becomes unprofitable to support and the copying still goes on.

        The government could mandate DRM enabled machines, but that will take years to have any effect as most people aren't going to buy new machines until their old ones are outdated. The government isn't going to mandate that everyone scrap their perfectly good computers for DRM enabled ones. Even the most apathetic citizen isn't going to sit still while the government requires him to buy a new computer.

        So, what makes a computer outdated anyway? Availability of more processing power, more memory and storage make more resources available to applications (Andy giveth and Bill taketh away). So what happens when the resources stop coming? The applications stop using them. Nobody's going to buy a program that you can't buy a machine to run it on, right? So, if the programs aren't using more resources, when does a computer become outdated? When it stops working. I don't know about you, but most of the computers I've upgraded were perfectly functional, but short on resources. So, the upgrades to DRM enabled machines are going to take even longer. With nobody buying them, the computer manufacturers are either going to go out of business, or, more likely, make the government realize it ain't working.

        The government could mandate that all new programs be written for DRM enabled machines. This won't fly because the software industry won't sit still while the government forces them to write programs for machines nobody has, but even if it did, so what? People generally have software that already does most of what they need it to. They just won't be buying any new software.

        The *AA could entice people to buy the new machines to play their precious content, but the funny thing about the products the RIAA and the MPAA sell, even if they have forgotten, is that it is just entertainment. People will spend $200 on a DVD player. They won't spend $2000 on a new computer just to watch movies that they'd probably rather be watching on their $200 DVD player. So, they either don't sell any movies or they have to sell non-DRM protected versions, which defeats the purpose of having DRM.

        Okay, suppose for a second that everything goes the *AA's way and everybody has a DRM enabled machine. Don't think for a second that being illegal is going to stop the influx of non-DRM enabled chips on the black market. A $0.30 chip in China that will get $100 here is a big incective for somebody to find a way to get it in. The US government's war on drugs has already shown they can't stop everything from getting in. Being against the law and being enforceable are two different things. If enough people have the illegal chips, the courts won't be able to keep up. And it only requires a few people to have the illegal chips for the de-protected content to get loose.

        Hollings bill needs to go down because it is broken and fundamentally wrong. But it's not going to do a damned thing for protecting copyrights. The only thing it's going to get us is behind the rest of the world in technology.
      • Minor nit-pick: if you're using an LCD screen, the image may never go to D/A converters. It might be a bit tricky to decode that interface back into text -- but probably easier than the tempest tricks that let you duplicate a CRT image by analyzing its RF emissions. (Which, of course, would be another way of taking a copy.)
      • by Erpo ( 237853 ) on Saturday October 05, 2002 @11:26PM (#4395537)
        Imagine if your video board and sound board or their integrated chipset equivalents used encrypted data formats instead of unencrypted - it wouldn't matter that you put a logic probe in the line, because you couldn't read the bits. It wouldn't even require much extra CPU - the RC4 encryption algorithm is strong enough, fast enough, and uses very little memory. Key exchange is requires some CPU, but it would be pretty simple to build a public-private keypair into the adapter, where the public key is retrievable by the CPU but the private key is only accessible to the adapter, and require a setup message (either at boot time, or perhaps on a per-application basis) that creates a session key, pk-encrypts it, and hands it to the adapter.

        I think this is the eventual plan, but as far as I know it's not implemented yet, nor is it in the works. However, I remember reading in an article about HDTV that the DVI interface currently supports almost exactly this scheme. Scary, no?

        But the TCPA / Palladium / Fritz Hollings view of DRM basically requires the system to give root access to any program that wants to use the security, and that's blazingly unsafe. It's not clear to me that you can get away with much less than that and still get real application security, but the stuff's obviously Not Ready For Prime Time even on a requirements basis, much less a design or implementation basis.

        I actually took the time to start reading through the "general" and "PC-specific" TCPA specs and, while it's certainly a bad idea, it doesn't require as much of a security sacrifice as you suggest. Individual applications that need to make use of "security functions" have two resources at their disposal.

        The first is a crypto coprocessor soldered onto the motherboard. If that crypto chip is satisfied with the state of the system (signed OS, signed drivers, encrypted display connection) then it releases certain private and public keys to signed applications on request. In order to be signed, executable code (in the OS, drivers, or software package) must not at any time disclose those keys to other applications, store them unencrypted on disk, or do anything else that could lead to exposure of those keys to an untrusted entity.

        The second resource all programs have access to is the a small program running in what I guess could be called "ring -1" (in palladium it's called "the nub"). By making requests to this program, an application can allocate "secure" memory for itself that neither the OS nor any other program can access. This could be used to store unencrypted uncompressed video frames, for example, before they are sent to the video card.

        In other words, individual programs that make use of TCPA "security" functions don't gain root access to the system - they access a limited TCPA API to perform a few functions that execute at a privilege level above that of the OS. The TCPA effectively eliminates the rights of the end user, but it does so in a tidy way.
      • by Meridun ( 120516 ) on Saturday October 05, 2002 @11:30PM (#4395548) Homepage
        You are correct here as far as you go, but there is still an issue.

        In order for a monitor to work, it must be viewable

        I know that's a blindly flash of the obvious, but the author's point still stands. While you might no longer be able to do digital screen captures via PrintScreen or software, at worst case you could still take a picture of the screen and OCR it.

        He made an extremely good reminder to people that, so long as people are involved, encryption will ultimately fail on some level, because the end product MUST be decrypted for us to use.

  • PrntScrn (Score:5, Funny)

    by orthogonal ( 588627 ) on Saturday October 05, 2002 @05:30PM (#4394535) Journal
    Print Screen, a treacherous tool of terrorists for twenty-rwo years.

    Obviously, only terrorists use Print Screen.
  • Palladium ? (Score:5, Interesting)

    by Bugmaster ( 227959 ) on Saturday October 05, 2002 @05:31PM (#4394541) Homepage
    Correct me if I'm wrong, but isn't this exactly the kind of thing that Palladium aims to prevent ? If you are not allowed to capture your screen or to record sound via the soundcard, then you can't copy protected material.
    • Re:Palladium ? (Score:4, Interesting)

      by roman_mir ( 125474 ) on Saturday October 05, 2002 @05:38PM (#4394568) Homepage Journal
      How do you prevent me from using a digital camera to take shots of the computer screen, then feed it back into a computer and OCR the image?
      • by Anonymous Coward
        Because in a palladium world, ordinary people won't be allowed to take pictures, videotape weddings or record their own music. It's a hard blow, but in exchange we get more Hollywood movies and pop-star music.
      • See here [slashdot.org]. Just one or two more bad laws and we will all be slaves.
    • Re:Palladium ? (Score:3, Interesting)

      by pantherace ( 165052 )
      S-Video out -> linux box with S-Video in
      Stereo out -> stereo in

      problem solved.

  • Unfortunately (Score:2, Informative)

    by Order ( 469817 )
    Unfortunately this method of "decryption" requires MS reader to be installed on your system. Which isn't possible when you're running Linux.

    It's nice as "proof of concept" (although it's by no means new - I have seen a program that gets the contents of MS Reader files more intelligently, by automatically copying-and-pasting every page), but it won't help you to read a .lit file on Linux.
  • by Kwil ( 53679 ) on Saturday October 05, 2002 @05:33PM (#4394551)
    ..more ammo for the folks who want to legislate Palladium and hardware implemented digital restrictions management.

  • Audio Books (Score:4, Informative)

    by T-Kir ( 597145 ) on Saturday October 05, 2002 @05:36PM (#4394564) Homepage

    I used to work for a typesetting company on my industrial placement (internship in US terms), and we also produced SGML documents for another company who created audio versions of the files we supplied.

    The previous placement student came in handy when the audio book company lost the master password to a whole archive of audio books, he cracked the files and unlocked the affected files. The other company was run by friends of the management of our company, so there weren't any 'confidentiality agreements' or anything... but I dread to think how the current laws (which weren't implemented then) would have affected us there.

  • second impressions (Score:5, Interesting)

    by cmckay ( 25124 ) <cameron...mckay@@@colorado...edu> on Saturday October 05, 2002 @05:36PM (#4394565) Homepage
    My initial reaction to this article was, "Big whoopitydoo... this guy can take screenshots."

    But then another point from his mini-essay leapt out at me. How many millions of dollars have companies spent on creating "copy-protected" file formats, and how pointless is this pursuit? Heck, that's the business to go into... the snake oil of the 21st century.

    )I know many people have made this point before, but it just hit me in an interesting way today, and I thought I'd throw it out there for all to see.)
    • by octalgirl ( 580949 ) on Saturday October 05, 2002 @06:45PM (#4394819) Journal
      It's always the simplest things. Like security, there are so many things you can do to tighten things up, but people will still tape their passwords to their monitors. I can see it now - the next wave of "innovative" copy protection will be issuing new keyboards with the Print Screen key conveniently missing.
      • I've lost far too many of those stupid post-it notes. I prefer to write my passwords (and usernames) on the monitor bezel with a Sharpie pen.

    • Hell, with a halfway decent camera, you could probably automate it to feed the images to your OCR, and process them just about as fast as you could view the original.

      I suppose the **AA's next step is to require that OCR software include a function to prevent it from being applied to copyrighted material. Um, yeah, how exactly do you do that without outlawing all but the most primitive forms of OCR?

  • I've done this too. (Score:5, Interesting)

    by Teach ( 29386 ) <graham AT grahammitchell DOT com> on Saturday October 05, 2002 @05:41PM (#4394575) Homepage

    I mentioned this in the book review of God's Debris about a year ago, but it bears repeating here.

    Over a year ago I paid for and downloaded the DigitalOwl TitleVision ebook version of Scott Adams' interesting God's Debris. I paid $5 for it.

    I also downloaded the reader, installed it, and read the ebook. I liked the book, but hated the proprietary, Windows-only "reader" application. So, using a screen capture utility, I took screen shots of all 90 pages of the book, saving them as .PGMs. Then I booted into Linux and used gOCR and a shell script to do initial OCR conversion of all the images. Finally I spent a while with grep and a spell checker cleaning everything up. Overall, this took me about five hours.

    Now I've got a 143KB ASCII text file with the same content as my 195KB encrypted .OWL file. I don't ever plan to give anyone a copy of my plain text version; I like Scott Adams and want him to get paid for his work.

    I'm sure what I did would be considered illegal by Digital Owl (though probably not by Scott Adams). I'm just glad I won't have to try to hunt down a copy of the TitleVision viewer fifteen years from now if I want to read the book again.

    The moral of the story is: there's always a way.

  • if they didn't break the encryption, and all they did was take pictures and OCR it, is it still news? thats the digital equivalent of a photocopy. I must be missing the punchline to this story...
  • I thought this was particularly choice spin, leaving reporters without any catchy quotes:
    When contacted for a response, Microsoft's PR firm responded, "Thank you for calling us with your story about the MS Reader. At this time, we are choosing not to participate in this particular
    opportunity, but wish you well."
    (Emphasis mine.)

    PR is media hacking.

  • by EnVisiCrypt ( 178985 ) <groovetheorist@hotmail. c o m> on Saturday October 05, 2002 @06:01PM (#4394649)
    "Ok everyone. Here is the newest unbreakable scheme. On the license, we give everybody their unique key to unlock their content. When they playback/read the file we've given them, we deliver the bitstream through the speakers, then the use their heads to calculate the unencrypted result. Don't follow? Here's a demo!"

    "Here's Dustin Hoffman, he's going to show us how this is done. I just hit play here, and..."

    *a blindfolded Dustin Hoffman walks onto the stage*
    *a modem-like squeal is emitted from the speakers*
    *presenter holds up a placard reading "Oops, I did it again"*

    dustin: "Yeah, definitely Britney Spears."

    *audience claps*
    *more squealing*

    dustin: "Yeah, definitely Crime and Punishment. Yeah."

    Presenter: "Thank you, thank you. Be sure to come back next time, when we will discuss the solution to the "humming/speaking" circumvention method"
  • by X86Daddy ( 446356 ) on Saturday October 05, 2002 @06:10PM (#4394673) Journal
    For another answer to DRM garbage, Baen [baen.com], publishers of sci-fi and fantasy books have the 100% correct idea about eBook copy restriction and encryption:

    Don't do it!

    They just released the latest book in their Honor Harington series on Tuesday, and it included a CD with various formats of eBooks of every book in that series and other books that they publish. And best of all, no stupid restrictions. Here's [baen.com] their release about the CD.

    I applaud their move, and recommend purchasing this book and others from them (Note: I'm a big fan of the author, David Weber, but not involved with Baen in any way, etc...).
  • by boa13 ( 548222 ) on Saturday October 05, 2002 @06:11PM (#4394676) Homepage Journal
    Baen Books, who are known on Slashdot [slashdot.org] for their Free Library [baen.com], and who also offer their WebScriptions [webscription.net], all of which in several formats including e-books, do not to use encryption in the e-books they publish. Roughly, their argument is that it's costly, useless and unfair.

    From the 6th Prime Palaver [baen.com]: The Library's track record shows clearly that the traditional "encryption/enforcement" policy which has been followed thus far by most of the publishing industry is just plain stupid, as well as unconscionable from the viewpoint of infringing on personal liberties. (...) the fundamental obstacle to the success of electronic publishing [is] the industry's obsession with encryption. I suggest you read the whole document, it's quite interesting.
  • by rjh ( 40933 ) <rjh@sixdemonbag.org> on Saturday October 05, 2002 @06:12PM (#4394681)
    In 2000, I was working for a startup e-publishing venture. As such, we had the usual lemmings coming to us and saying that if we'd just license their whizbang technology we could never lose a single text to those "internet-based piracy groups". Since I was the only employee with experience in crypto and security, I was invited to sit in on the sales pitches these guys made to our executives. (Our executives were mostly Marketing guys, but the CEO was technically an engineer. In a striking show of how weird start-ups could be, the Marketing guys actually listened to Engineering and the `engineer' CEO not only couldn't write a line of code, but got convicted of felony fraud...)

    One Canadian firm showed up with a dog-and-pony show involving a CD-ROM with a "protected" picture of a sailboat. They claimed that the image was watermarked and whenever anyone tried to copy the image, the OS would recognize the copymark and refuse to copy it. Not only that, but the image was in a special proprietary format, so nobody could even view the image until they installed the DRM software. They were obviously very pleased with their offering.

    At that point I took the CD-ROM they were showing us and excused myself for a few minutes. I went into one of the back offices and threw it into a Win32 machine. Installed the DRM software, loaded up the image. Beautiful picture of a sailboat. Tried to copy it. Couldn't. Screenshot? Disabled. But they'd let me print it out... ... So I printed it out on the company's high-quality color laser and scanned it back in as a .JPG. Burned the new image to a CD-ROM and walked back to the sales pitch. Gave them both CD-ROMs and told them, "thank you for coming down, but I believe we'll go with another vendor." Total time: less than five minutes.

    Now for the real punchline:

    That DRM solution racked up $12.6 million in sales for their firm in the 1999-2000 fiscal year. Almost all of that was profit, given how minimal their development costs were. That's $12.6 million dollars for a DRM system that wouldn't even stop a twelve-year-old.

    This is what I think a lot of us here are overlooking. There's a tremendous amount of money to be made in the field. Palladium, if it goes through, absolutely regardless of whether it works or not, will be a cash cow for Microsoft the likes of which they can't imagine.

    Microsoft knows that Palladium doesn't have to work. They just have to make people believe that it'll work--which explains all the Palladium PR blitz as of late.
    • Couldn't. Screenshot? Disabled. But they'd let me print it out...

      What makes you think you will be alowed to print in the Paladium Millenium? With a little work, even a digital camera can be told not to take pictures of the screen. Remember the little Timex PDA watch that got it's information from flashing pixels? A digital camera can be programed to look for a signal and not take a picture when it's detected. Measure and counter measures can keep most people from making coppies. Those people will either not have the service or pay some greedy asshole for it.

    • Obviously these massive engineering companies don't think that any DRM can't be broken/circumvented ever. That's why their goal is to make it as inconvenient as possible to do so. Would you go through the hassle of finding a high-res printer, scan the image, and save it as a jpg everytime that someone wanted a copy? Moreover, would a casual user? No. That's the goal.
  • by Shazatoga ( 614011 ) on Saturday October 05, 2002 @06:22PM (#4394718)
    And it took only 30 secs for slashdot to bring them down. If the RIAA/MPAA were crafty enough you think they could use slashdot to destroy their enemies. "Hey dudz go to www.dvdinstoripandincodethingy.com, with this you can rip and encode any DVD in 3 minutes on a 386!" *Screams are heard 3 seconds later from the poor server, running openBSD on a gameboy, as it melts* Why waste money on laweryes when one slashdot story will do all you need. And if the site comes back up just re-submit, and its on the front page again. Gotta love slashdot ;).
  • frickin ancient (Score:2, Informative)

    by Anonymous Coward
    there was a post to abeb 6/24/2002 entitled "Convert LIT to RTF: ACHIEVED"
    - - - - -
    Yes, I know, it's supposed to be impossible. Well, it takes some work, but
    it's LESS work than scanning from paper, and you can get comparable if not better

    I am proud to report that I have successfully converted a Microsoft Reader LIT
    format e-book into an HTML book. The book was "Uhuru's Song", by Janet Kagan,
    and I will post it when I finish editing.

    No, I didn't crack the LIT format, or the encryption.

    This method was designed to work with *encrypted* e-books; if it's non-encrypted,
    a scripting method to copy and paste pages via the clipboard could work.

    (Of course, if it's non-encrypted, it's probably easier to just locate the source
    material that the LIT was generated from.)

    A description of the process follows.

    Short description:
    Screencap each page of the LIT file into image files. Enhance and enlarge
    the image files to improve results. Use OCR software to recognize the text
    in the image file. Proof and edit.

    Software used:
    Windows 2000
    Microsoft Reader 2.0 for PC
    IrfanView version 3.70
    Windows Script Components version 5.6
    Capturing.wsf script (attached)

    Detailed description:

    Acquire your LIT book and all the software listed. (You can substitute a
    different OCR package if you want, or a different screencap package if you hack
    the script.)

    Set your display settings to the highest resolution you can, BUT ONLY 256
    COLORS. Keeping the color count low minimizes the nasty effects of Cleartype.

    Open the book in Microsoft Reader, displaying page 1.

    Start IrfanView. Do Options/Capture, selecting these options: Capture area:
    Foreground window - Client area Capture method: Hot key F11 (to set the hotkey,
    click inside the box and then press function key 11) Capture option: do not
    Include mouse cursor (leave unchecked) Saving method: Save captured image as
    file Destination directory: (type your desired directory) Save as: (Any
    LOSSLESS type you want. I suggest PNG because it's generally smallest. DO NOT
    USE JPG.) Click Start.

    Start the script. Answer its questions (folder, starting & ending page
    number). It will begin capturing pages from MS Reader. It will take up to 1.6
    seconds per page, which would be 100 pages per minute.

    When capturing is done, the script will notify you with a popup.

    Go back to Irfanview. Do the following to the files in your capture directory:

    * batch rename, using a sensible template name (I used page###)

    * batch process with the following Advanced options:
    + crop
    This is needed to get the ebook title off the top, and the riffle slider
    off the bottom. experiment with a single file to get the crop
    dimensions. On my project, the original size was 808x1078; my crop
    settings were Xstart 70 width 700 Ystart 70 height 910. Note:
    Irfanview has a bug in the batch processing dialog which ignores what
    you type for starting Y-coord and uses the same as the starting X-coord.
    So set them the same and work from there.
    + Set DPI: 200.
    Your OCR software may be different, but mine required that the DPI be
    between 200-800. Your screencaps will not have a true DPI number so we
    fake it here.
    + Resize: Set new size as percent of original: Width 200% Height 200% You can
    experiment with larger resizes. Blowing up the images is absolutely
    necessary for OCR software to work; the OCR software needs more pixels to
    work with than a regular screencap can give it.
    + Convert to Grayscale
    + Brightness: -40
    This gets rid of the pale yellow dotscreen pattern.
    + Contrast: +127
    This maximum contrast enhancement converts almost all the grays to
    black. You might want to experiment here too to get the best
    recognition; I got a lot of recognition errors where "cl" was recognized
    as "d". Less contrast might have improved that.

    * a SECOND batch process with just this Advanced option:
    + Change color depth: 2 colors (Black/white) (1BPP)
    (Do not try combining the batch processes!)

    For each batch process, you'll need to either change the extension, change
    the folder, or enable "Overwrite Existing Files" in Advanced options (which
    I don't recommend).

    At this point you have a folder full of b/w screencaps, with everything but the
    actual text cropped out.

    Go into CuneiForm99's Batch Recoginition Utility and set it up to recognize all
    the images in the folder. (Remember to only put the b/w ones in the batch.)

    At the end of the job wizard, go into Recognition options. On the Recognition
    tab, clear ALL the checkboxes under Recognition parameters; on the Format tab,
    you probably want to uncheck "Font Size" and leave "Italic", "Bold", and
    "Paragraph" checked. Now click OK.

    Start recognizing.

    When you're done, you'll have an RTF that is at least as good as a raw scan of
    a paper book. Go proofread and edit it.
  • by Turmio ( 29215 ) on Saturday October 05, 2002 @06:58PM (#4394858) Homepage
    Pretty hilarious :) [tky.hut.fi] Wonder if that book collection is protected...
  • Since Print Screen can be used to thwart copy protection, isn't Microsoft in voilation of the DMCA? You can't make devices that crack copyright protection!
  • Devil's Advocate (Score:5, Insightful)

    by the_burton ( 147439 ) <the_burton@hotmail.com> on Saturday October 05, 2002 @07:16PM (#4394898) Homepage
    If the world were a free and happy place, then authors and artists would be not need to be paid for their intellectual property. In this utopian land, everyone would be equals and if you provided happiness and joy with your works then that would be your job, and you wouldn't need to get paid. Unfortunately, this society does not exist and as our current one does not seem to be heading in this direction, it becomes necessary to provide the means for independant artists and authors to sell their wares.

    The problem with the e-book reader is one of the greatest hurdles to overcome in order to transition to a truely electronic society. How can you protect the rights of the author when anybody with a bit of patience or some programming skills can just print screen his / her blood, sweat and tears and give it away to free for anybody on a p2p network? Anybody who argues that all information should be free obviously isn't relying on a royalty check to provide food for their children.

    I have a unique idea for the e-publishing world, but there's no point in executing it if the ability to easily circumvent any security precautions exists. So basically I'm asking any programmers out there if they've come across a way to disable the print screen function in a windows app? Or to return a black window when a screen request is being made for a print screen?

  • by atkulp ( 611079 ) <ariankulp AT gmail DOT com> on Saturday October 05, 2002 @07:20PM (#4394912) Homepage
    Someone else mentioned that Windows Media Player prevented screen copy. The reason for this is video overlay. Most graphic cards support overlays as faster ways of writing streams of changing video frames to the display without worring about the actual window. If you turn graphic acceleration all the way down in WMP I believe it will play directly to the player window rather than overlay, thereby allowing a capture but most cards won't be able to keep up the same performance that way. I was on some site looking at satellite images a few months ago (I think TerraServer [terraserver.com]) and they gave me the option of smaller images, or nice big images with copy protection (which required a plugin download to see them, though still right in the browser). I tried to capture the images then using PrtScrn and got logos of the copy protection with no sat image. It seemed likely that the window showed the logo, then they used video overlay for the actual images. I wonder why makers of eBook readers don't use overlays in the same manner for this reason. I used the MS Reader awhile ago and it seemed to allow specific titles to allow/disallow printing, clipboard copy, and Save As functionality. If they also used overlays they would be much harder to defeat (though of course still not impossible). As it is, it would take less than an hour to automate PrtScrn, OCR/save, push keystrokes to change to next page. Images are nice, but MS Office XP includes nice OCR now so the tools are mostly at hand!
    • The software he used to do this was Hypersnap DX, and it can see through video overlays as well.
    • video overlay (Score:3, Insightful)

      by Erpo ( 237853 )
      I believe you're referring to my post that contains video overlay. I'm aware that video overlays can be captured quite easily with the right software or when video acceleration is turned off - I was using WMP as an example to show that 'printscreen' by itself isn't a magic answer to everything. Most slashdotters (in my opinion) are aware that if something can be seen it can be copied. However, too many (again in my opinion) believe that if it can be seen, it can be copied easily (i.e. with printscreen). I see this fallacy as dangerous as it encourages people to feel secure in the false belief that DRM cannot be implemented in a way that interferes with their lives and is not worth worrying about.

      Thank you for your comment, though. I did neglect to mention in my original post that directshow overlay can easily be defeated...I hope nobody got the wrong impression. :)
    • Terraserver.com is owned by Micro$oft. 'Nuf said.

  • by Vegan Pagan ( 251984 ) <deanas@earthliMONETnk.net minus painter> on Saturday October 05, 2002 @07:35PM (#4394943)
    If the lack of DRM was going to harm books, it would have happened years ago. Anyone can take a book, rip off the binding, put the pages in a self-fed scanner, use text recognition software to turn the images into text, then upload the text file into a P2P network. It only takes a few hours and almost no effort. The fact that print publishing still thrives tells me that people still value browsing through a store full of already-printed books. E-books are already inconvenient compared to printed books and free web pages (each in its own way), so DRM will kill them outright.
  • Farenheit 451 (Score:5, Interesting)

    by kfg ( 145172 ) on Saturday October 05, 2002 @07:35PM (#4394949)
    Allow me to reproduce a 'cracked' copy of a digitally available text, right here, right now:

    Now is the winter of our discontent made glorious summer by this sun of York, and all the clouds that lowered upon our house in the deep busom of the ocean buried. Now our brows are bound with vitorious wreaths, our brusied arms hung up for monuments, our stern alarums changed to merry meetings, our dreadful marches to delightful measures. Grim visaged war hath smoothed his wrinkled front, and now, instead of mounting barbed steads to fright the souls of fearful adversaries, he capers nimbly in a ladies chamber to the lacivious pleasing of a lute.

    etc., etc., etc..

    How did I accomplish this grand task? I *memorized it.* Yes, the whole frickin' play, from start to finish and I'm not exactly the only one. I personally know dozens of others who have done the same thing. It's actually not that difficult once you've decided to do it.

    But wait, don't buy now, there's MORE!

    Oh sure, a 4 hour Shakespeare play, anyone can memorize that, but what about. . .the Bible?

    Sure, across the world there are literally thousands of people who have actually managed to commit the entire Bible to memory. And these people have nothing on the Indian Pandits who memorize the Vedic texts. These people memorize them, then memorize every other word, then every third, etc.. Then they repeat the process *backwards.*

    So, is every digital device capable of storing at least 256 bits of data going to have to have an installed database of every text in the known universe to compare against what I manually enter into it? Nevermind this digital to analog conversion device I can interface directly with my brain called. . . a pen.

    The fact that I can, and may have to, rely on the circumvention device of Farenheit 451 gives you some idea of the whole moral temperature of digitally locking books. It ain't bookburning but it's treading powerfully close on its heels. In fact, the only way for e-books to ever triumph will be. . .to burn all the books.

  • The year is 2020, we are all enjoying Duke Nukem Forever (just came out) and 3DFX is back as the number one graphics card maker, and MS Palladium is everywhere.

    So as someone is reading their Palladium protected E-Book, they type what their eyeballs see on a laptop, into an ASCII TEXT file. Why? Because they are a hobbyist. They love freedom. And then the .txt file finds its way onto FreeNet and PeekABooty and P2P.

    Back in 2002, some troll paid by RIAA et. al. to scan the web reads this post, and shits their pants. Because if someone can see it, they can type it, and everyone around the world can enjoy it.

    Think of the act of typing something into plain text as a "freedom fix". Nice name, eh? Not "crack" or "patch" but "freedom fix". Start using that term.

  • by Erpo ( 237853 ) on Saturday October 05, 2002 @07:55PM (#4395009)
    The author hit the nail on the head - copy protection is impossible. However, the example he used (capturing data with the printscreen key) is a weak illustration of this fact, especially considering the recent speculation about palladium. For example, think about clips played using video overlay in windows media player. Pressing print screen while playing one would yield an off-black rectangle where you would expect a video frame to be. The real reason copy protection is not possible is a little more complicated than "print screen".

    I think it's pretty well understood that now, in the pre-palladium/TCPA universe, copy prevention is impossible. If you can read a CD, you can copy it. Perhaps your specific cd burner's firmware isn't robust enough to write specific "strange" bit patterns, but bit-for-bit cd-duplicating machines cannot be fooled. If you can watch a movie contained in a file, you can send it to a friend. Even if that file is encrypted, the player program must decrypt it in order to play it and that decrypted data can be grabbed and written to disk.

    At first glance, it seems like palladium will put a stop to this with its careful use of encryption and digital signatures. This is not true. Information physics didn't just fly out the window. All that Palladium accomplishes in connection with modified PC hardware is a separation of user and computer into two entities. Currently, users have complete control over their systems. Any OS can be run and no information is hidden from it by the hardware. The system, all by itself, is incapable of protecting its own private keys from the user. It is incapable of preventing the user from assuming its identity. A palladium OS running on TCPA-compliant PC hardware changes this. A TPM, or Trusted Platform Module, charged with the responsibility of certifying that a DRM-aware OS is running on the hardware is included on the motherboard and has its own sets of private and public keys. The critical difference between a TCPA-compliant computer and a PC of today is that the TCPA PC has its own "identity" separate from its user as defined by its ability to keep its keys confidental and process information using them.

    It is well known that the only way to be sure a secret is kept is to make sure that all entities who know that secret agree to keep it a secret. If even one entity "in the know" decides to divulge it to an outside party, that information can no longer be controlled. Palladium/TCPA tries to implement copy protection by ensuring that the only entities that get access to that information agree to keep it a secret - namely the TPMs. In other words, if you were to enter your credit card information into a web site in order do download a palladium-protected movie, you didn't purchase the video for yourself. As it would be transmitted as data encrypted using the TPM's public key, you actually be purchasing the video for another entity, your TPM. The idea is that TPMs will obtain various metrics of the system on boot (is the OS signed or unsigned? the drivers? etc...) and only perform cryptographic operations at the request of the system if everything checks out. In addition, a special "trusted" cpu mode that has the same kind of power over kernel mode that kernel mode has over user mode (an inexact description but good analogy) is used to provide for allocating memeory that is only readable by a trusted application through calls to the program running in trusted mode. That's Palladium/TCPA in a nutshell. The reason that everyone seems to be so upset about it is that, in a bug-free environment, there are no software attacks on the system. The are many hardware attacks, such as special memory that can be used by the system and read by another device, soldering capture devices into output cards, or physically opening the TPM and extracting its cryptographics keys. The list goes on. Also, as information only has to be liberated from the "circle of friends", including all TPMs in all computers and the ??AA, once a single hardware mod would create an unpluggable leak through which an infinite amount of infomation could flow.

    Critical and unrepairable holes in Palladium have been found before it has been deployed.

    This brings me to the reason I'm writing this post: slashdot is permeated with ignorant fear. People believe that their ability to get copies of music, movies, and software without paying a cent is going to be in jeopardy. While this creates a great deal of support for anti-palladium initiatives (which is good), ignorant advocates can seriously hurt the fight for sensible treatment of information and universal recognition of the truth of information physics by providing passionate but incorrect and empty arguments against palladium and the TCPA (which is bad). So, if you'll still be able to get free entertainment in a palladium world (albeit with much more difficulty and a soldering gun), why is palladium bad? A number of very serious reasons:

    Palladium will work reasonably well as attacks, though possible, are difficult. Over time, the majority of computer users would be convinced to believe the dangerous fallacy that copy protection is possible with the support of sufficient laws and technology. This belief (whether fostered by ignorance or campaign contributions) in our elected representatives what spawned the DMCA. In other words, your freedoms are in jeopardy as well as your friday night movie-and-popcorn party.

    Palladium claims that it is capable of protecting your personal information - your name, address, credit card number, etc... - and puts you in a position of total control over how that information is used. Users that are bamboozled by the tantalizing promise of "trusted computing" will place their important personal information into the care of an unreliable system under the control of an entity that has profit rather than the users' best interests at heart. That is, they will forego the only true way to make sure personal information is kept confidential - not giving it to the computer. This may become incredibly difficult when the latest version of windows kindly demands it during the install process to activate the user's initial one-year license term.

    In order to work, palladium-enabled service providers must be able to verify whether or not the cryptographically signed message coming from the client computer saying "This computer is running DRM-aware software," was signed by a TPM which is reporting accurate system metrics. In order to make sure those messages are unspoofable (by emulating the TPM in software) a central registry of all TPMs and their individual public keys must be maintained and made accessible. In other words, all palladium computers will have unique indelible ID tags and will report them over the internet to whoever asks. I don't have to explain to slashdot the privacy implications of this kind of system.

    Hopefully I've managed to replace some ignorant fear with some informed fear. If you're not a member of the EFF, ask yourself why. Right now.
  • The "Analog Hole" (Score:4, Insightful)

    by phliar ( 87116 ) on Saturday October 05, 2002 @07:56PM (#4395011) Homepage
    As the article itself says, this is no rocket science (or even clever hackery). It's just the "analog hole" that the RIAA/MPAA/Disney Axis Of Evil (TM) wants to block with Palladium and similar crap; the rights of consumers and what copyright law actually says be damned.

  • by ymgve ( 457563 ) on Saturday October 05, 2002 @08:25PM (#4395102) Homepage
    As you see now, anything can be copied as long as it becomes photons/sound waves somewhere along the way to our brains. So, the ONLY way to make your precious material totally locked down is to deliver it directly to our brain. You see what I'm getting at?

    Neuroscience, man, neuroscience!

    Invest a billion or two of the dollars you have lying around into developing a good, non-dangerous brain-computer interface. Then you can deliver digital content directly to our minds, with no worries about it getting stolen along the way! But that's not all!

    Millions of geeks will hail you for bringing this invention to light! The ones that were once against you will say your names with awe and respect! Isn't it tempting?

    So do it! Go for neuroscience, to make the world better for all of us!

    (Yes, I want my Matrix-like spine plug that bad.
    And it has nothing to do with the fact that I could then be the star of my very own pr0n reality. Really.)
    • by hyperturbopete ( 168434 ) on Sunday October 06, 2002 @12:14AM (#4395636)

      Invest a billion or two of the dollars you have lying around into developing a good, non-dangerous brain-computer interface. Then you can deliver digital content directly to our minds, with no worries about it getting stolen along the way!

      yeah, think its funy?

      Take a look at these guys [dobelle.com]! They have a test group of patients (who happen to be blind but thats beside the point)

      they stuck wires into their heads. (actually, I think they built some kind of multi-pin connector into their skulls so that the cable is detatchable, which is kind-of creepy but cool).

      So far, they were able to feed extremely low-resolution video DIRECTLY INTO THE PATIENTS HEAD... apparently one of the formerly blind patients was able to perform some limited maneuvers in a car! (on private property)

      here [dobelle.com] is some videos from the same place.

      Pretty sweet, if you ask me, but brings up LOTS of interesting thoughts. Imagine where this technology could be 20 years from now!
    • "When an unemployed iron worker can lay in his Barcalounger and f*ck Claudia Schiffer for $19.95, it's going to make crack look like f*cking Sanka".
  • by UnknownSoldier ( 67820 ) on Saturday October 05, 2002 @09:36PM (#4395255)
    Back in the late 80's, SimCity (original PC version) shipped with this dark red paper that was impossible to photocopy and just as bloody difficult to read except if you held it at the wierdest angles. All you would get is a full page of black from the copier.

    A friend of mine got the bright idea of running it thru the fax machine. He ran each succesive copy thru the fax a few times, and voila! It was clear enough to read!!

    Of course I just kracked the game later (gotta luv the one byte "patch" ;-), but I learnt way back then, that if you can view it, so can a machine, and hence make a copy.

    Maybe there is a reason why the cliché "Turn off the TV, turn on your life" is true:
    Television: Opiate of the masses [dyndns.org]
  • Open the reader on one machine. VNC, PCAnywhere, or Timbuktu to it from a different Win, Mac, or Lin box, then take a screenshot from there. Or, just take a pic of the screen--my dad's new 3MPixel camera does quite nicely.
  • by sbaker ( 47485 ) on Saturday October 05, 2002 @11:02PM (#4395478) Homepage
    I've been emailing the guy who did this - he hadn't even *heard* of Palladium or the ridiculous laws proposed to close the analog hole. So all of his bold assertions about this stuff ALWAYS and FOREVER being ways to circumvent copy-protection are just so much ill-informed nonsense.
  • by ChrisWong ( 17493 ) on Saturday October 05, 2002 @11:02PM (#4395481) Homepage
    A copy protection scheme does not have to be unbreakable. It just needs to be hard or inconvenient to duplicate. When copying requires screen capture, OCR, serious editing, proof reading and reformatting to get good results, not that many people will do it. Sure, a few hard-working pirates might do the work and offer copies, but distribution will always be a problem. P2P networks still require technical know-how, and traditional bootleg venues tend to be transient (often shut down), sleazy or little-known (obscurity protects them). This is why pricy, boxed software still make money even though cheap copies ("Microsoft Office + Visio + Quicken + Windows 98 on CD!") are available for a buck. This is why many people rent or buy lawful VHS/DVDs even though VCD sets or DivX on CDs are possible.

    Anti-duplication schemes do not need to be unbreakable. They only need to be "good" enough to get a significant number of people to pay the premium price.
  • by Ndr_Amigo ( 533266 ) on Sunday October 06, 2002 @04:06AM (#4396119)
    Several people have written software to 'rip' Microsoft E-books over the last year (or even earlier). Technically, it's very easy to do. Personally I've never brought an e-book, I just wrote the software to decode freeware books into a form I can read on my non-windows machines...

    The fatal flaw here is that somewhere, MS Reader has to make an API call to print text. It's very easy on Windows to inject code into another processes memory space, using several methods from special API calls, to altering the binaries Import tables... or even just creating a 'stub' dll to replace one the program loads, and sit between it filtering calls - while making it's OWN access to the programs memory.

    So how do I do it? Simple, about 40 lines of code to hook the font display API calls. Forget screenshots, forget OCR, just log the text the program is printing and dump it to a file.

    It's a fundemental technical problem - sure there are enough ways to do a pure physical copy... from screenshots, to taking a picture of your monitor with a camera. But on the technical side, an operating system that's been designed for any kind of accessability functionality is open to this kind of very simply exploit.

    For example, T2S screen-reading software has to be able to read text off the screen somehow, doesn't it? If you protect the API model to disallow this kind of hooking, you kill accessability features.


    - Ender
    http://scummvm.sf.net/ | http://www.quakesrc.org/

Recent investments will yield a slight profit.