More On Copy Protection

AACS (the copy protection system for HD-DVD, Blu-Ray and other high-definition content) continues to crumble. In a nutshell, AACS adds layers to the process of decrypting movies on disc, and the layers are falling one by one. The previous cracks (see my report) opened individual discs and classes of discs; this crack opens all discs playable by a particular software-based player. It’s possible that the studios could revoke that player’s ability to play discs released in the future, but doing so now hurts customers who will have to update their copy of the player.

With all the news about copy protection failure, it’s worth reading some really good articles on why the efforts of multi-million-dollar companies continue to be cracked by smart teenagers. First, Cory Doctorow’s talk at Microsoft Research:

DRM systems are broken in minutes, sometimes days. Rarely, months. It’s not because the people who think them up are stupid. It’s not because the people who break them are smart. It’s not because there’s a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn’t a secret anymore.

Cory references another paper written by Microsoft employees, now called simply “the darknet paper”. It’s a little more technical, but explains the problem well:

We investigate the darknet – a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of darknets are peer-to-peer file sharing, CD and DVD copying, and key or password sharing on email and newsgroups. The last few years have seen vast increases in the darknet’s aggregate bandwidth, reliability, usability, size of shared library, and availability of search engines. In this paper we categorize and analyze existing and future darknets, from both the technical and legal perspectives. We speculate that there will be short-term impediments to the effectiveness of the darknet as a distribution mechanism, but ultimately the darknet-genie will not be put back into the bottle. In view of this hypothesis, we examine the relevance of content protection and content distribution architectures.

Finally, on the business side, science-fiction publisher Baen Books has been leading the charge away from copy protection in the world of electronic books. Editor and author Eric Flint explains why in a series of articles on their web site; here are the first, second, third, fourth, fifth, and sixth articles on that topic. The sixth article is particularly good, as it explains Baen’s (and Flint’s) experiences with publishing online without copy protection:

The titles are not only made available for free, they are completely unencrypted—in fact, we’ll provide you free of charge with whatever software you’d prefer to download the texts. We make them available in five different formats.

And . . .

The sky did not fall. To the contrary, many of those books have remained in print and continued to be profitable for the publishers and paying royalties to the authors. For years, now, in some cases. Included among them is my own most popular title, 1632. I put that novel up in the Baen Library back in 2001—six years ago. At the time, the novel had sold about 30,000 copies in paperback.

Today, six years after I “pirated” myself, the novel has sold over 100,000 copies.

If you’re curious, I encourage you to check out the Baen Free Library for yourself.

Same As The Old Boss

OK, I’ve been busy, which is why I haven’t said much recently. But in case you haven’t noticed, my old employer, the Free Standards Group, has merged with another open-source consortium (Open Source Development Labs, or OSDL) to form the Linux Foundation. I’ve survived the merger, and am still doing most of what I was doing before.

The reaction has been pretty good so far, and even the criticism we are getting has resulted in a good amount of support in our defense.

Suspicion isn’t out of place. The new group will have to earn its reputation, just as the old organizations did. But I think we’re in a good position to show that we’re not about “combin[ing] open source with all the worst aspects of the proprietary commercial software industry” (see the critical link above, last paragraph). Our management is the same as the old groups, and both groups have established records of improving the quality of open source. Is it that hard to believe that we would do more of the same after the merger?

As for me, I’m going to be doing pretty much the same stuff I was doing before, only with a few more helpers. What could be bad about that?

UPDATE (2007-02-16): I had given the impression that OSDL’s management was entirely gone from the new organization, which is not true.  Sorry, guys!

Copy Protection Broken Yet Again

Boing Boing (via Slashdot):

Arnezami, a hacker on the Doom9 forum, has published a crack for extracting the “processing key” from a high-def DVD player. This key can be used to gain access to every single Blu-Ray and HD-DVD disc.

Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the “volume keys” for each disc, a cumbersome process. This break builds on Muslix64’s work but extends it — now you can break all AACS-locked discs.

AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.

My HDTV threshold has been inching lower and lower over time, as issues get resolved: lower-cost HDTV monitors, useful broadcast TV, the defeat of the broadcast flag, useful Linux support in hardware and software. Still, it’s clear that my standing advice–don’t do HD yet–has been vindicated.

How much longer? Some of the HDTV options for MythTV recording can do both standard-definition and high-def. If we accept that the HD stuff has to be watched on a computer, I might very soon move to HD recording for local TV channels.

But for now, it seems the major hurdle is HD cable, an area where the technology is still in transition. The current standard is largely a bust, the new standard being rolled out still doesn’t allow certain capabilities (menus, picture-in-picture), and the new standard is due to be eclipsed by yet another standard in a year or so. It’s also clear that reality has yet to set in; for all the consumer confusion and hassle, HD content doesn’t seem to be lacking at the BitTorrent sites.

So, continue to be careful. If you want to be able to do something with your new HD equipment, make sure you can before you leave the store. The HD powers-that-be have yet to honor any promise about future capability, and have broken some of those promises. So if it doesn’t work on the day of purchase, be ready to live without it forever.

As for me, current capabilities (and current prices) are almost at the level I’m looking for. But I haven’t bought yet.

UPDATE (2007-02-14): According to Ars Technica, this crack is still not complete; while all Blu-Ray and HD-DVD discs available today are cracked, the studios could protect future discs by revoking the keys of the software player used in the crack.  To translate that into non-technical English, users of that player would be required to update their player, and discs made after a certain date would not be crackable–until a new software player’s device key is extracted using the same method.

The Price of Success

Oh, the pains of being an early adopter: Google to charge businesses for Google Apps

But it’s not just small companies who have been champing at the bit to make use of Google’s services, as organizations such as Disney, Pixar, and the University of Arizona are eager to sign up to have hundreds of thousands of accounts managed online by Google. The service was offered for free to businesses during Google Apps’ beta period, but will apparently be going live with subscriptions “in the coming weeks,” according to BusinessWeek. It’s still murky as to how much Google will charge organizations for the service, but the fee will reportedly amount to “a few dollars per person per month.”

Now, it is true that all references to pricing refer to business use; there’s no word yet on whether they will charge noncommercial users. And even if they do, a few dollars per month per user isn’t bank-breaking.

But I wonder how well Google will handle the transition. Will some GAFYD customers get cut off if they aren’t paying attention? Will traditional domain hosting get a rush of new customers fleeing? Will Google’s competitors?

I’ve been slowly, slowly warming to this idea of hosted apps. Google Reader took over from Liferea for online news and blogs after I got tired of the latter’s bugs, and Google Calendar works a lot better than the various hack-fests I’ve tried to get local shared calendars working. But I think I’ll stick with hosting my own domain for now, at least until I get a better sense that the providers have the costs figured out.