Prof. Felton explains why CD DRM leads to spyware:
So if you’re designing a CD DRM system based on active protection, you face two main technical problems:These are the same two technical problems that spyware designers face.
- You have to get your software installed, even though the user doesn’t want it.
- Once your software is installed, you have to keep it from being uninstalled, even though the user wants it gone.
The band My Morning Jacket will distribute unencumbered, uncopy-protected copies of their new record to fans who complain about Sony’s MediaMax bullshit: “It should have been enough that fans are annoyed,” [Mike Martinovich, MMJ’s manager] says. “But [MediaMax’s security problems] should be the final reason.” Nice job, guys. Now, if only the labels would get it, too.
In a post titled “Music Business Blames Apple Again,” TechDirt discusses once again that the music industry screwed. This time, it’s pointing out that they’re irritated with Apple for the iTunes Music Store’s continued flat-pricing model and, to a lesser extent, Apple’s unwillingness to allow other stores and devices to work with iTMS’ DRM scheme. Of course, they can’t pull out of iTMS, either, as it’s the biggest online music retailer by a long shot at this point (and is in fact bigger by volume than some physical outlets). The irony of the whole situation is that it’s the labels who gave Apple all this power in the first place by insisting their music be DRM’d:
There is something [the labels] can do — open up their own store, and sell unrestricted MP3 files at whatever price they want. iPods, and and pretty much any other digital music player, can play those files. The labels’ insistence on trying to control what people can do with the music they buy has gotten them into this mess, and it will take a reversal of that position to get them out.
Courtesy of Wil Wheaton (yes, that Wil Wheaton).
Twenty-five years ago today, Mark Chapman killed John Lennon. I was in the fifth grade, and had no real idea who he was. Another kid — name long since lost — asked me if I knew about it at recess. I’d heard of the Beatles, but didn’t know any of their names or much about their place in the world. My parents, God love ’em, were warbaby nerds (b. 1940) who, in the truest sense of the quote, “had two 50s and went right on into the 70s.” They had no appreciation for or interest in the era’s music despite being essentially the same age as the Beatles and the Stones (no original member of either band was born after 1943; Bill Wyman was born in 1936).
I remember thinking it was odd that a few other kids were so upset, yet I had no idea who the man had been. Soon after I became a relatively obsessive music fan on my own — Mom and Dad didn’t even have real stereos — and grew to understand the shock of the loss. Other musicians have died early, but few were murdered outside their own homes for no good reason, and fewer still were truly pioneers.
The title to this post, as Mike has no doubt noticed, is from a Paul Simon song off his excellent and often overlooked “Hearts and Bones” record, released three years after Lennon’s murder. It’s predominately about Simon’s breakup with Carrie Fisher, but the final track is called “The Late Great Johnny Ace.” There really was a Johnny Ace, but the song is actually about Lennon. The final stanza goes like this:
On a cold December evening I was walking through the Christmas time When a stranger came up and asked me If I’d heard John Lennon died And the two of us went to this bar And we stayed to close the place And every song we played was for The Late, Great Johnny Ace
Mrs. H’s longtime aversion to all things Creed is well documented; we have, occasionally, suggested that perhaps they’re not all THAT awful, and that there might be worse things on the radio than Creed, but we’ve given up on that. And, as it happens, she’s clearly right — at least the part about Scott Stapp being a pathetic asshole.
Melissa the Loud plays the hurdy-gurdy, which is pretty darn cool.
Via Deadprogrammer, who has a blog worth reading; thanks to another entry, we now know we need to go here when we hit NYC later this month.
Like, for example, Jane Siberry’s online store. Check it out.
Freedom to Tinker reports that Sony’s MediaMax DRM installs even if you tell it not to. Again, NEVER install software from a music CD, and MAKE SURE you’ve disabled autorun in you’re running Windows.
We note that folks not on Windows are much, much safer on this point — all these copy-protection schemes require the user to install (albeit unwittingly) software that prevents him or her from using the CD normally; in the absence of said software, there is no DRM. Neither Linux nor OS X have anything so wrongheaded as CD autorun (which even MS has moved away from, we understand), so even if such programs are developed, the user would have to deliberately install them. That’s why they’re frequently called innocuous things like “PlayCD.exe” — what user in their right mind would install it if it were named honestly? Flash hokum and screensavers be damned, there is nothing on a music CD you need to install.
Here’s how to disable autorun in Windows XP. If you’re not sure it’s off, CHECK NOW.
Eliot Spitzer is looking into the Sony/BMG rootkit fiasco. It’s probably gonna be a whole lot harder for the jackoffs at Sony to pretend “no, really, the rootkit thing is no big deal” now that at least two state AGs are looking at them, not to mention the brewing class action suit.
Today on Freedom to Tinker, Prof. Felton outlines what’s wrong with even the non-rootkit DRM on CDs. Put simply, there’s no way to make such a scheme work without adding software to your computer that watches for the CD in question and keeps certain things from happening. Given the house-of-cards nature of Windows, this is a recipe for disaster even if we don’t worry about the security implications — and those are even bigger concerns. You don’t NEED to install software on your PC to play or rip a CD. Period.
It’s important to recognize that these problems are caused not by any flaws in SunnComm and Sony’s execution of their copy protection plan, but from the nature of the plan itself. If you want to try to stop music copying on a PC, you’re going to have to resort to these kinds of methods. You’re going to have to force users to use extra software that they donÕt want. YouÕre going to have to invoke administrator privileges more often. You’re going to have to keep more software loaded and running. You’re going to have to erode users’ ability to monitor, control, and secure their systems. Once you set off down the road of copy protection, this is where youÕre going to end up.
The Heathen Adopted Homestate has filed a civil suit against Sony BMG over the rootkits, as they violate a state anti-spyware law. Said law provides for fines of up to $100K per violation.
Pamela Jones over at Groklaw nails it. Read this.
BoingBoing reports that Link Wray, the king of rock-and-roll guitar, is dead at 75.
No, not the shotgun; the columnist. Influential Wall Street Journal tech writer Walt Mossberg explains just how dumb the new Sprint music store is. Case in point: the songs cost $2.50, and are very restricted in use — this compared to Apple’s iTunes Music Store, which has a universal $0.99 price point and fewer use restrictions. Sprint’s songs won’t play on an iPod at all, so we’re sure this is just gonna take the world by storm.
Via Yahoo:
BOSTON – It’s been the better part of a decade since Napster and other free song-sharing services began scaring the daylights of the music industry. And still recording companies can’t find an effective anti-piracy technology to save their hides. The fact that so-called digital rights management might always be a doomed experiment became painfully clear with the fiasco that erupted after Sony BMG Music Entertainment added a technology known as XCP to more than 50 popular CDs. After it was discovered that XCP opened gaping security holes in users’ computers — as did the method Sony BMG offered for removing XCP – Sony BMG was forced to recall the discs this week. Some 4.7 million had been made and 2.1 million sold. Factor in lawsuits that Sony BMG could face, and it’s worth wondering whether the costs of XCP and its aftermath might even exceed whatever piracy losses the company would have suffered without it. That’s not even accounting for the huge public relations backlash that hit Sony BMG, the second-largest music label, half-owned by Sony Corp and half by Bertelsmann AG. “I think they’ve set back audio CD protection by years,” said Richard M. Smith, an Internet privacy and security consultant. “Nobody will want to pull a ‘Sony’ now.” Phil Leigh, analyst for Inside Digital Media, said the debacle shows just how reluctant the labels are to change their business model to reflect the distribution powers — good and bad — of the Internet. He believes that rather than adopting technological methods to try to stop unauthorized copying of music, record companies need to do more to remove the incentive for piracy. “The biggest mistake the labels are making is, they’re letting their lawyers make technical decisions. Lawyers don’t have any better understanding of technology than a cow does algebra,” Leigh said. “They insist on chasing this white whale.” It’s easy to understand why the music industry wishes songs could magically be prevented from being ripped from CDs and shared freely. … [But] “It’s an arms race that the content owner can never win,” said Yankee Group analyst Michael Goodman. “In order to make it usable, you also have to make it beatable. If you really truly want to lock it down, it is possible to lock it down. But it is so onerous on the user that they’d never want to use it in the first place.”
Also from BoingBoing; this time, even the government’s calling bullshit:
The Department of Homeland Security’s Computer Emergency Readiness Team advises that you never install CD DRM: “Do not install software from sources that you do not expect to contain software, such as an audio CD.”
BoingBoing reports that a clever guy managed to use the DNS system to determine roughly how widespread Sony’s malware is. The answer is perhaps best expressed by “HOLY SHIT!” If he’s right, it means Sony has infected a huge number of networks, many of them government or military in nature.
Freedom To Tinker has examined the uninstaller Sony has offered for download to “undo” their rootkit shenanigans, and discovered it is very very dangerous; details to follow. Can Sony just not do ANYTHING right?
BoingBoing has this roundup of the Sony rootkit fiasco for your enjoyment. Remember: don’t put a Sony CD in your computer.
While Sony has promised to stop using the rootkit stuff for a while, Alex Halderman over at Freedom to Tinker points out that they’re still lying bastards who want to put spyware on your computer without your consent.
See, many Sony title use something called MediaMax that (a) installs on the sly and (b) lies to the user — ie, the OWNER OF THE COMPUTER AND CD — in the process. Furthermore, Sony provides no way to remove this software.
Remember:
Sony has announced it will halt production of the r00tkit CDs, though it may still use other forms of DRM.
Of course, why trust them?
Yeah, they of the appliance-smashing cover of Total Eclipse of the Heart? There’s a Rockumentary. From the filmmaker’s project writeup:
I’m going to follow Hurra Torpedo as they tour across the United States, and capture every smashed fridge on film. I will be there for the music, the magic, and also for the quiet times when the boys are just being themselves. I will capture the faintest noise, the loudest silence, and the unspoken internal lives of these three visionary young men. I’ll be there for the groupies, the fights, the parties, the jam sessions, and the make out sessions. I will be with them the whole time, like that woman in that movie about those gorillas in that mist. Only instead of gorillas, I’ve got Norwegians: Aslag, Egil and Kristopher. And no mist.
The site is a video blog of sorts (the clips are in Flash). Do not miss the frat party, the trip to the American appliance store, and (in the Behind The Scenes area), the clip about the groupie.
Virus writers take advantage of the security holes presented by Sony’s rootkit, and Ed Felton is openly calling Sony’s little hack “spyware,” as are Computer Associates. (Prof. Felton also points out that Rutgers has advised its community NOT to put Sony CDs in their computers.)
What the hell were Sony thinking?
Today is the 30th anniversary of the Wreck of the Edmund Fitzgerald (via MeFi). Growing up, I always assumed it happened a really long time ago; the notion of a tragic shipwreck seemed like a historical thing, not something that still happened — and the notion of a folk song about something that happened during my lifetime seemed weirder still. But there you go.
It just keeps getting better for ol’ Sony:
My brother’s brother-in-law is Neilson Hubbard. His band “Strays Don’t Sleep” has a video that got noticed by Gawker Media’s Screenhead today. Go Neilson!
If you’re an audiophile and have far more money than sense, perhaps you’d like to buy some of these products:
OPUS MM Speaker Cables
Apparently, “OPUS MM unleashes thrilling levels of performance…”. That may well be so, but OPUS MM also unleashes thrilling amounts of cash from your obviously overfull audiophile wallet. Your shiny new speaker cable will set you back a truly outstanding thirty thousand, seven hundred and fifty dollars, and no cents. I’ll say that again: $30,750.00
Queen is touring again with Paul Rodgers singing.
Check it out. (Flash, SFW.)
(It’s the same guy who did the video for the acoustic version of Radiohead’s Creep, which is also well worth your time.)
BoingBoing points us to this gem (local copy): the Boxtops “performing” their hit “The Letter.” Knowing what we do about lead singer and songwriter Alex Chilton’s later career, we sort of wonder if this was the best they could do, though.
When Fox gets ahold of this, it’ll be When Bjork Attacks!
Because the Doors continue to have a “unanimous consent” clause in their partnership — much to the chagrin of Manzarek and Krieger — and John Densmore wouldn’t sell out, even for $15 million. (LA Times story; local PDF.)
Upset that their business model is, well, broken, they’re now trying to force Apple to raise iTunes music store prices from 99 cents by threatening to take their ball and go home. They figure that music sales via iTMS drive iPod sales, and that therefore Apple will listen. They are wrong; all evidence is that it’s the other way around, which means pulling out of iTMS really just screws the label.
When playing a CD becomes a “privilege,” not a right:
Of course, the industry is trying to accomplish its objective by publicly lamenting piracy. If the public and “their” politicians believe that the entertainment industry is on the verge of collapse, they’ll be much more likely to accept restrictions on use of content that they’ve paid for. For this reason, most industry talking heads keep their comments in check when talking about DRM schemes, but from time to time we’ve seen people truly speak their mind. Such is the case with Tommi KyyrŠ, of IFPI Finland. Mr. KyyrŠ told Tietokone (Finnish) that the ability to play CDs on computers is a “privilege,” and that people who have problems with CDs laden with DRM should just buy new CD players.“Now, we need to understand that listening to music on your computer is an extra privilege. Normally people listen to music on their car or through their home stereos,” said KyyrŠ. “If you are a Linux or Mac user, you should consider purchasing a regular CD player.” (Translation via tigert.com)The comments come in the context of a debate over copy-protected CDs. As we have previously reported, CDs with copy protection do not play on all CD players, although this is certainly not just limited to computer CD players. Some older players also won’t play the discs, either.
There’s also this:
I recently bought a car. In the copious documentation that came with it, nowhere did it say I couldn’t drive the car only in reverse, on dirt roads, without pants, or on Wednesdays. As far as I can tell, I can do pretty much whatever I want with that car, and the people that sold it to me don’t have any say in the matter. Apparently any music I buy might not play by the same rules, with the head of the Finnish branch of the IFPI (the international equivalent of the RIAA) having labeled the ability to listen to music on a computer a privilege. So I need some sort of permission or approval to use something I’ve purchased however I like, in this case, listen to music on the device of my choice? That’s the point of DRM and copy protection, to give the content producer an inordinate amount of control. But the effect of these pointless restrictions on music isn’t that they stop file-sharing, far from it. It’s really the opposite — they encourage it. The IFPI and its friends look at the problem from the wrong side. People have minimal incentive to buy expensive, DRM-laden music when they can get unrestricted versions through file-sharing. Instead of improving their product to make it competitive, the labels hope to club people into buying it by eliminating any alternatives.
When you buy DRM music — either from iTunes, or even “locked” CDs like the Velvet Revolver release — you’re buying into this conversion. Don’t support this tomfoolery.
Via Accordian Guy, we now provide THE BEST GODDAMN HENRY ROLLINS-WILLIAM SHATNER ANECDOTE YOU’VE EVER HEARD, delivered by Rollins, natch. (6MB Mp3; kinda long at 30 or so minutes, but worth it.)
Addendum: Mike points out that Rollins’ Tom Waits anecdote is also pretty fine (4.4MB Mp3; much shorter).
The landlord has elected not to renew CBGB’s lease after all.
Screenhead points us to the skeleton-riffic Burn It Off by the Blues Explosion.
On this day in 1990, Stevie Ray Vaughan died in a helicopter crash outside East Troy, Wisconsin, after sharing the festival stage with Eric Clapton, Robert Cray, Buddy Guy, and a host of others.
I was twenty, and still living in a dorm at Alabama. I still remember hearing the rumor that one of the helicopters serving a concert featuring Clapton had gone down. I had tickets to see Clapton a few weeks later, so I payed attention. I wasn’t the only one that skipped class to stay by the television. CNN, not yet impotent and ridiculous, gave regular updates until we knew that we’d lost Vaughan, not Clapton.
Then? Then we drank. And smoked. And whatever. But mostly we played “Couldn’t Stand the Weather” at about volume 11. Which is what we’re doing now, at Heathen central.
TechDirt explains how.
Apparently, Sia’s “Breathe Me” is used in the Six Feet Under finale that we haven’t yet watched; Screenhead nevertheless points us at the video, which is easily the coolest pseud-stop-motion, poloroid-based music video we’ve seen.
Synthesizer pioneer Robert Moog passed away yesterday. He was 71. You may not know it, but you’ve heard music that would have been impossible without his work. As Engadget points out, this is the end of an era. Rememberances will be posted here; the family is encouraging participation.
The new Dave Matthews Band CD has that ridiculous Sunncomm non-DRM DRM on it — you know, the one that (a) has no effect on non-Windows machines and (b) can be bypassed by disabling Autoplay even on Windows machines. The idea is that the disk ships with a “data layer” containing special, crippled digital music files that work with Microsoft players (but not, of course, the most popular music player). To access them, you’re supposed to let the CD install special software on your PC, which we’re sure won’t cause any problems at all.
Of course, even if you play by these rules, you still can’t get the digital files into iTunes or onto your iPod, so DMB have actually posted instructions — fundamentally stupid, absurdly complex, around-your-ass-to-get-to-your-elbow instructions — for getting Mp3 files off the disk. Why they don’t just tell their fans what everyone in the tech world already knows — again, that the Sunncomm solution is absurdly broken and trivial to bypass is beyond me.
One more time: We at Heathen will not buy any CD shipped with Sunncomm’s bullshit plan. We expect we’re not the only ones. We further expect that adding DRM like this to CDs — which makes it harder for uninitiated buyers to move legally purchased music from CDs to iPods to whatever for personal use — makes it MORE likely, not less, that said buyers will simply resort to illegal downloading or copying from friends.
Remember, RIAA: your failed business model is not our problem. Give us something we want, and we’ll pay you for it. Keep fucking with us, and you’ll get wholly disintermediated.
(Mostly via MeFi.)
Seminal punk club CBGB has been given a legal reprieve by a New York judge.
Read this; the gist:
I have CDs that I have owned for nearly twenty years. I have made back-ups of those CDs. I have converted those CDs into mp3s and more recently into AAC files. I can play them on any device that I want simply by changing the format. If my hard drive dies I still have my CDs. If my portable player dies I still have my CDs. If I decide to run MacOS, Linux, BSD, Windows or any other operating system I will still have my CDs and my CDs will still sound better than the files I downloaded. I have some serious doubts that if music purchased online today will be playable three years from now without breaking the DRM.
He speaks Truth. (More on this issue here — same blog, different author.)