Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Music Media

My.MP3.com releases Beam-it Beta for Linux 137

kurowski writes "My.MP3.com has released a Linux port of its Beam-it software. It relies on a closed-source library, but the (command-line) Beam-it front end comes with source and is GPLed. Way cool! (By the way it acutally works, too.) " We've been playing around with something similar in our office for a while - it's a lot of fun to have.
This discussion has been archived. No new comments can be posted.

My.MP3.com releases Beam-it Beta for Linux

Comments Filter:
  • I am quite curious as to exactly what this does.
  • If I reverse engineered this closed library. Would I get into trouble like that DeCSS chap? I would like to find, out of general interest, what attributes relate to which album by send lots of pseudo randomly generated data sets upto the server.
  • Is it safe to assume that the lawsuit against MP3.com about Beam-it didn't pan out? Or is it still going on, and mp3.com is just pretending not to worry about it?
  • MP3.com apparently is doing what the Big Recording Industry failed to do, which is create a market for music and audio entertainment distribution. They use modern technology to make the method of listening more flexible, rather than being confined to either tapes or a dozen songs per CD that can only be played in bulky, battery hungry players. They promote a market of listening to a large library of music on the run.

    Compared to what the Big Recording Industry had in mind for us (nothing,) its a great change.
  • The BeamIt software reads what CD is in your cdrom drive and then gives you access to MP3 files of the songs on the CD.

    The songs are then listed on http://my.mp3.com for your listening pleasure.

    Noel

    RootPrompt.org -- Nothing but Unix [rootprompt.org]

  • Don't get me wrong or anything, I'm just as happy as the next guy that they released a linux version of their project, but I jsut feel that because they kept the best parts of the program hidden inside a library that even if someone chooses to exercise the right given them by the GPL, they won't really be doing much more than skinning. On the other hand, this is the area that will get the most work anyway, as people make various versions, some for X, some as a text gui, some for emacs and so on, but it'll never be more than just designing skins unless the library is GPL'd. I don't think it's as great a thing as it could be until then.

    Daniel

  • Does MP3.com's Beam-It software work with the studios' CD's or is it limited to MP3.com CD's? I tried to find this information on their Website when Beam-It was first announced, but everything was a little ambiguous.

  • Studios' CD's. Which is why they're getting sued.
  • It theoretically works with any CD (if MP3.com has a copy and has ripped the mp3's). I haven't used it for a couple of weeks because I was having trouble beaming anything. Might be high time to give it another go on my OS of choice :)
    .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*: ._.:*~*:._.
  • I think that this would be protected under the reverse engineering exception to the DMCA. See 17 U.S.C. 1201(f).

    In the DeCSS decision just released, the judge noted that the exception didn't apply because the exception applied only to software and there was no evidence that the program was written for te "sole purpose" of achieving interoperability. Since you are working on software and can probably put together some evidence of this (in the DeCSS hearing, they simply failed to send in their affadavits in time!) then you should be okay.

    I highly doubt that MP3.com would sue you under these provisions. They have a strong interest in not seeing copyright law strengthened, and it would be their technological measure that you would be circumventing...
  • by rcade ( 4482 ) on Friday February 04, 2000 @06:07AM (#1305628) Homepage

    Beam-It is software that reads the ID of audio CDs when you insert them in the drive and checks to see if that CD is present in MP3.Com's database. If it is, the tracks on that CD are added to your personal My.Mp3.Com account so you can listen to them in streaming MP3 and RealAudio format -- no file transfer is required, so you can "beam" a CD instantly. About 8 out of 10 CDs I own were known to Beam-It, so now I can listen to them anywhere through a Web browser.

    Another feature I tried out is Instant Listening. If you buy a CD from a company participating with Mp3.Com, it is added to My.Mp3.Com the moment you purchase it. Instant Listening is a great excuse to buy an album over the Net -- there's nothing like receiving instant gratification while shopping in your pajamas.

    The only downside to Instant Listening is that the MP3.Com partner I purchased from, Jungle Jeff [junglejeff.com], took 10 days to send the CD.

    Instead of suing MP3.Com, the RIAA should be looking at how My.MP3.Com facilitates impulse purchasing at online music stores. The recording industry already has a monopoly on the artists most people want to hear. They can reap even more rapacious profits on CDs sold electronically without the overhead of distribution, packaging, store promotion, and other brick and mortar costs.

  • From what I've experienced it only seems to work with some American CD's. Out of my (expansive) CD collection I only got The Verve: Urban Hymns [the-raft.com] to be recognised.
  • by powerlord ( 28156 ) on Friday February 04, 2000 @06:13AM (#1305632) Journal
    Okay,
    I'll admit. Its cool to be able to go home, go through my CD collection and instantly have access to those same Songs at work (where I have a high speed connection). I do have a few problems with the service though:
    1) Why would I want some company to be able to catalog what CDs I have and which I don't? (I haven't seen their privacy policy yet... but should I expect direct mail asking if I want the "Latest CD from such and such"?)
    2) What about when I'm stuck behind a firewall somewhere and don't have easy access? I'd rather have a CD full of MP3's (I just finished burning one that had 15 CDs worth of music).
    3) Are small volume and no-name CDs going to be available? (or am I going to have to make my own MP3s of them if I want to carry them around?).
    4) How much bandwith is it actually going to take?
    They seem to have very little information available until you create an acount and give them your e-mail address. Something about that bothers me.

  • I think that mp3.com is creating the future of music.

    Let me explain my experience with them:

    I wanted to learn more about Baroque music so I went to their site searched on Baroque and found several groups that played that style of music. I downloaded example songs from their CDs. Decided I liked a group called Moscow Baroque [welcome.to] I ordered their CDs at less than what I would buy a cd for in a brick and morter. They arrived quickly. The CDs had both audio tracks for cdplayers and MP3 files.

    Now this is a group that is a group that is not big enough to be picked up by a big label and sold. But the MP3 people can sell their music, and allow me to preview it.

    BTW I do not have anything to do with mp3.com except as a customer.

    :)

    Noel

    RootPrompt.org -- Nothing but Unix [rootprompt.org]

  • if you reverse engineered this lib, they'd send you to Norway and then the news hounds would keep bugging you for interviews and such.

    is THAT what you want? I thought not ;-)

    --

  • by technos ( 73414 ) on Friday February 04, 2000 @06:15AM (#1305635) Homepage Journal
    Stay out of it.. The library is closed for a reason, namely keeping the RIAA off their back. (So far it hasn't worked, though) If we knew how it validated CD's, we could just throw random CD checksums at the server until it gave everything up. Instant piracy potential, and instant RIAA lawsuit..

    As for the DMCA and it's RE clause, thats for 'interoperability'. They've supplied a library to link against, so the interop argument is a short lived one.
  • by griffjon ( 14945 ) <GriffJon@@@gmail...com> on Friday February 04, 2000 @06:16AM (#1305636) Homepage Journal
    As I understand it, beam-it reads your cd and sends an A-ok message to my.mp3.com saying that you have the ability and fair-use right to listen to said CD.

    Now, unless they're doing some good encryption inside the client, couldn't one just sniff one's local cablemodem neighborhood for connections going to the beam-it IP range and capture those packets, then send them out from your machine after a bit of modification and get rights to any CD your neighbors have rights to?

    Now, don't get me wrong--I'm all for a very powerful interpretation of what is fair use and what isn't; but MP3.com should take reasonable precautions.

    Side-note. What if, for every collection of unlicensed MP3s you downloaded by a particular artist, you send that artist a check for $10 directly, not through the record company.

    "Are you beginning to see the possibilities?" (Strange Days)
  • I know my understanding of programming and the GPL are both very basic, but it was my understanding that you couldn't do this. The GPL states that if a program that requires specific libraries to work is GPL'd, those libraries must _also_ be GPL'd, with the exception of the actual operating system -- yes?

    That would mean that a GPL front end on top of a proprietary environment that is not an operating system would be a violation of the GPL.

    Unless I'm wrong! I don't deny that I could be wrong! I'm not a programmer.


    +----------------------------------------------- -------

  • There's no uploading involved. It checks your CD-ROM drive & verifies if you have a physical copy of a CD. If you do, then it gives you (password protected) access to the MP3s of it.
  • Be careful! The DeCSS wasn't covered under the reverse engineering clause (according to the preliminary injunction). If the RIAA or mp3.com sees this as trying to circumvent a copy protection scheme, then you could get hauled into court. Granted just like the DeCSS you would (will) probably win either the first case or on appeal... but still if you are trying to avoid _all_ legal troubles.... I'd consult with a lawyer!
  • Maybe they released a linux version so it could be reverse engineered :)

    I was using Beam-It on Windows and there were alot of people having problems with it (according to the beta testers forum). Perhaps they are looking to the slashdot community for vision.

    Regardless, this is a wonderful step for MP3.com.

    .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._ .:*~*:._.
  • by BigGaute ( 81475 ) on Friday February 04, 2000 @06:20AM (#1305643)
    As far as I can see, either the original poster is wrong when he uses the wording "library" or the choice of GPL is not appropriate.

    What I mean by that is that since the GNU GPL does not allow linking to proprietary libraries, unless the library in question is a core part of the os, (and then only if the GPLed app is not distributed with the os itself), it would seem that nobody except for the copyright owners are allowed to distribute this app.

    I did not check this out on the website myself, since they apparantly wanted me to register, which I will not do on principle. So could someone with less scruples than me go and check this out?

    The net effect of this could be that eg. Debian will not distribute Beam-It, in the same way that they will not / can not distribute KDE.

    I would like to stress again that I could not check this out for myself, so could someone else please do it? For all we know, the orginal poster simply expressed himself inaccurately. Thanks...

  • Maybe I just don't get it, but from what I can read on the my.mp3.com site, the songs from your CD aren't really uploaded. I'm I wrong ?

    ***quote**
    Beam-it(TM) software is a revolutionary program that lets us instantly identify what CDs you own so that we can add them to your My.MP3.com account. With Beam-it(TM), you'll never have to upload song files or convert your CDs to MP3s.
    ***unquote**

    From what I understand, the client would send info on the CD (the same identifier used to recognize a CD when inserted and link it with a CD database?) and then the site would automagically, without upload, add the mp3 files of that album to your list @ my.mp3.com for your pleasure.

    Not that I would do something like that, but is it then possible for somebody who hacks the client to make it believe he has any CD he wants to have and magically have access to the mp3s for those CDs on my.mp3.com??

    Maybe I'm just totally out...

    Egoine
  • by Hnice ( 60994 ) on Friday February 04, 2000 @06:21AM (#1305645) Homepage
    I was wondering how long it was going to take for MP3.com to do this -- given the fact that the Linux community tends towards a more zealous and open defense of the manner in which Beam-It approaches the issue of ownership of information, it really behooves them to support the OS.

    Also, I'm amazed at what a bunch of bad-asses they're being. Lawuit filed, they didn't run and hide, they ramped up their advertising and encouraged people to sign up their friends. Sure, this is good for their business, but I'd like to believe that it also shows some sense of the politics of turning people onto the issues of ownership that this all raises.

    Maybe I'm giving them too much credit, but there seems to be a real understanding of the fact that their business is predicated on certain assumptions about who owns the music, and how they ought to be able to use it, that are pretty progressive.
  • The only problem with this from the music publisher's perspective is the fact that there is no confirmation of ownership involved. By this I mean that all that is required for me to gain access to the latest Offspring CD is that I have one in my drive when I first run the software to gain access to it via MP3.com - so nothing prevents me from taking my 100+ CDs over to your place and letting you use them to get access to them. Then you come to my place with your 100+ CDs and I get access to your CD collection. You could form "lending clubs" that brought together many CD owners to build a library of several thousand CDs and let everyone have access to them. Alternatively, I could set up an account and 20 of us could all input our collection to the same account building a huge collection and then we simply share the account.

    Its no wonder the music industry is upset at this - it threatens their existence if it continues as a trend. Basically they will be reduced to an industry of recording studios which produce the master recordings, distribution will be free of charge to most people, with only small percentage actually buying the CDs.

    This may be just the thing to put the profits back in the hands of the musicians though - something long overdue IMHO. I hate middlemen generally.

    Just my $0.04 Cdn

  • by mwillis ( 21215 ) on Friday February 04, 2000 @06:31AM (#1305649) Homepage
    I am liking this program. Linux version works fine; I installed it and went through a stack of CD's with repetitions of the command

    beamit -e userid -p mypass ; eject

    It's a lot easier than ripping a stack of CD's, that's for sure. As to what it does... you can download some of the source and have a look. There is a binary-only shared library, no code for that, but the beam-it user program, says:

    In addition to code written in-house, Beam-it uses code from the following software packages:

    o cdparanoia, by Monty http://xiph.org/paranoia/index.html
    o Grip, by Mike Oliphant http://www.nostatic.org/grip
    o libcdaudio, by Tony Arcieri

    It appears that usually "beaming" works really quickly, and occasionally it's really slow with lots of net activity. I wondered if it's doing some kind of distributed cd ripping activity when it finds an unidentified CD. But maybe cdparanoia is just working hard on one sector of my scratchy CD's.

    A quick look at the shared library shows some interesting things

    nm /usr/lib/libmsp.so
    /usr/lib/libmsp.so: no symbols

    strings /usr/lib/libmsp.so
    ...
    msppGetAttributeValue
    msppEncryptMD5
    MD5Init
    MD5Update
    MD5Final
    ...
    Software has expired, please update
    ...
  • There's no uploading involved. It checks your CD-ROM drive & verifies if you have a physical copy of a CD. If you do, then it gives you (password protected) access to the MP3s of it.

    Are the passwords unique or do they change on a fixed schedule?
  • I just used beam it to upload a cd and now I can listen to mp3's without encoding them or using my own hard disk space. That kicks ass. On a side note you have to set up your netscape mime types. They give pretty good directions on how to do that. Although they are directed at windows users and tell you to use RealPlayer I found every thing works if you replace realplayer with xmms %s. That's not enough though. When you try to listen it will redirect you to a page that says your browser is not set up. If your mimetypes are setup all you have to do is click where it says that you do not want to be directed there anymore.
  • If you write the program yourself, you can use any license you like. For example, you could use the GPL, *with the exception* that the program can be linked to one specific library. This "modified GPL" is, however, not compatible with the GPL. For example, what they're doing now is probably OK (I don't know the software), but if they're using GPLed code like readline, then they're violating the GPL. If they wrote all code themselves however, there's no problem. Maarten
  • by Anonymous Coward
    it is MD5 checksummed to your username and passwd (encrypted) sniff it yourself, that is how I found out.

  • I think it's an overreaction. People have ALWAYS been able to share, borrow (from the library, even), trade CD's. Just because there is a way to get around security, doesn't mean the majority of people WILL.

    How about hidden cameras, magnetic strips, bag checks, etc. at retail stores. Just about anyone can figure out how to get around these security devices. But the majority of people still pay money for merchandise.

    The RIAA has nobody to blame for piracy than themselves. The only times I have taken part in music piracy is when I simply have to have a piece of music that is "too obscure" to be considered for widespread distribution. When I do pirate music, I try to contact the musicians to pay them directly because it is not their fault the RIAA doesn't consider them "mainstream".
    Okay, I think I'm done ranting now.

    .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._ .:*~*:._.
  • I believe it goes this way:

    You set up a user name and password with MP3.com
    Download Beam-It, put in each CD, and have it recognize it.
    Then, you can access the links to all of your CD's MP3's, via a web interface, with your username and password... which is like any other place where you can change your password.
  • by Rambo ( 2730 ) on Friday February 04, 2000 @06:44AM (#1305659)
    Never have I seen so much whining! A company puts its butt on the line, going up against the RIAA to provide this service. They provide huge amounts of bandwidth to accomodate full quality streaming (128kb/44KHz). Then they release a Linux client.

    And what do we hear? "Hey, they want my email address-- I won't use anything that requires an email address" "They released it under the GPL but kept a library closed-- I won't touch it!" And last but not least, "How can we crack it so we can pirate all these CDs?!"

    People, for once in your life stop looking a gift horse in the mouth and appreciate what someone has made available for you.
  • by Anonymous Coward
    A good idea, except that the music that everyone else listens to besides me is absoleute crap. Everyone is a bunch of unreasonable turds. My neighbors listen to crap, you listen to crap, the CEO of mp3.com listens to crap. CRAP! Crap for dumb turds ... kinda ironic, isn't it?

    But the question I have is what if I have multiple versions of the same album? If I have, say, the 1998 release of Dark Side of the Moon on CD am I entitled to listen to the 1987 release on mp3? What about more subtle differences, like the "remixed" version of The Joshua Tree? How does it tell the difference? Oh yeah, quit being a bunch of dumb turds!
  • Could you please specify in your posts which Linux is meant.
    I have a Alpha, PPC and m68k boxes so most binary-only ports are useless for me.
    So next time could you please say "a Linux/x86 binary is released" ?
  • I agree entirely. Somebody mentioned the lawsuit in the Beam-it beta testers forum. Something to the effect of "fun while it lasted". The moderator closed the thread and said "Pay no attention to the lawsuit. That is for the lawyers. Keep right on beaming." Bad-asses indeed :)

    .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._ .:*~*:._.
  • I can't link to the i386 library on my (Linux/Alpha, Linux/PPC, etc). Can I reverse engineer the library so it does? That would qualify as interoperability, wouldn't it?
  • What I want is the server portion so anyone and everyone can create their own server as MP3 broadcaster.

    you want live365 [live365.com]. (I am not affiliated, but it's amazing what kind of free advertising you can get from people who like your service...) here's the deeper link [live365.com]
  • Since x86 is by far the dominate way Linux is used, I think you are safe to assume that unless there is a platform specified, it is x86.

    Yes I know Linux is used on sparc/alpha/ppc/etc, but the reality is that x86 is what the vast majority use. No I don't have any hard evidence to back this up, do you have any to refute it?

  • My own personal experience has shown no problems with Beam-it - and this is on three separate PCs with several hundred discs.
  • " 1) Why would I want some company to be able to atalog what CDs I have and which I don't? (I haven't seen their privacy policy yet... but should I expect direct mail asking if I want the "Latest CD from such and such"?) "

    Read the service agreement - to my knowledge they won't be doing this.

    "2) What about when I'm stuck behind a firewall somewhere and don't have easy access? I'd rather have a CD full of MP3's (I just finished burning one that had 15 CDs worth of music). "

    Well, then you don't have access to it. This isn't magic - it won't do your laundry either.

    "3) Are small volume and no-name CDs going to be available? (or am I going to have to make my own MP3s of them if I want to carry them around?). "

    Probably not - at least for a long while. I'd imagine they will start filling requests from most popular to least. Considering the hundreds of thousands of recordings available, you can't expect them to have ALL of them available.

  • So, how do you feel about using a program whose core functionality is hidden from you? It seems to me that there is very little difference between the approach of releasing an "Open Source" player written to work with the hidden Windows API and releasing a "GPL'ed" player written to work with a hidden proprietary library. It means you have no control, you can't do what you want with it. I would not describe this as "Freedom Fighting". It's a shallow attempt to wrap themselves in the flag of freedom.

    Maybe I'm giving them too much credit

    I fear so. They're about as progressive as wearing a Che Guevara t-shirt if they continue down this road.

  • That is how it works. And it's why the RIAA is suing... someone could potentially figure out how to access the entire collection MP3.com is hosting.
  • I may be somewhat off course here, but it sounds to me like this would be an excellent opportunity for someone like myself to get back all of CD's that I've lost in the past due to scratches.

    Essentially, as long as my CD's (which was of course bought legally) contents track is intact, I can add it to my database on mp3.com, and then capture the stream being sent to my harddrive, and voila, I have the mp3's. If I want, I can then just uncompress and write the files to my CD Burner.

    I'll definately have to give this a shot.
  • by ColPanic ( 22062 ) on Friday February 04, 2000 @08:14AM (#1305674) Homepage
    We have been trying to do the reverse engineering here today. They seem to have a pretty good verification process. Heres what we have figured out.

    The client connects to a text command interface on cdver.mp3.com:8094.

    User authentication is done in two parts first

    HELO mail=email@ddr ver=1.00 cver=LINUX100 sern=XXXXX

    The server provides the sern number on connection.

    Then:
    AUTH meth=md5 pass=XXXXXXXX

    Presumably this is an md5'd password for the user.

    Then to lookup the ID of a CD in their database

    MDID time=cdlength tkof=list,of,track,offsets

    This information is available publicly from CDDB.
    The MDID command will return an "mdid" number, used to identify the CD.

    Now for the CD verification process

    VFCD mdid=mdidnumber

    This starts a verify for the CD
    The server will then send a list of of requested track data in the form

    331 bits=16 trk=11 chnl=stereo nsec=7 encd=pcm size=8232 rate=22050 sect=49855

    This request is repeated for a number of tracks, in apparently random order.

    The client then needs to get this information off the CD, and send it up.

    RVDT trk=11 sect=49855 nsec=7 rate=22050 chnl=stereo bits=16 size=8232 [followed by 8232 bytes of data]

    So it seems that the only way to authenticate the CD is to be able to answer any query about the data on the CD, which would mean that you aready have the CD....

    So after looking at this, I'm fairly convinced that MP3.com should not only win their lawsuit, but that they seem to be in the right, having taken due diligence to ensure that someone does in fact have the CD before handing over access to them.

  • There are probably five different and intellectually valid interpretations of the GPL as it applies to this situation. Debian subscribes to the one that says you can't unless you include a disclaimer or additional exception. This certainly isn't the view of any of the other distributions, some of whome employ GNU members.
  • Why not use a loop device (/dev/loop0) to immitate a CDROM so you don't need to burn CDs and waste time/blank CDs? Better yet, why not just write your own Beam-it like client that takes a CDDB hash and turns it into a Beam-it hash. I bet they might even be the same thing. Better yet, why not just buy music and support the artists you like?
  • This is only a relevant comment for binary-only releases. Perhaps the dominant way Linux is used is now to run proprietary binary-only software, but it _is_ worth mentioning that for a long time the dominant type of software was redistributable, free source code, and with that you are safe to assume that if you have gcc then one way or another you can compile it on your platform.

    Naturally, there are caveats- for instance, I never did manage to get the Open Look window manager running on my linuxPPC system :) however, the basic point still holds, or used to.

    If we're in fact going to use proprietary binary-only x86 software for everything, why not just use windows and have lots more of it?

  • by dennisp ( 66527 ) on Friday February 04, 2000 @08:26AM (#1305678)
    "couldn't one just sniff one's local cablemodem neighborhood for connections going to the beam-it IP range and capture those packets"

    I'll give you a cookie if you can find an MSO Cable provider who is this clueless. This is a major rumor that as far as I know, has never been true. The only major security hazard as such has been the allowance of broadcasts on the local network which allowed people to view network neighbourhood and other local network broadcasts. The vast majority of MSO's have fixed this problem within the last few years. Many modems also have encrypted communication from modem to cmts.

    I just wanted to clear that up. I am ignorant of my.mp3.com so I can not comment any further.

  • <I>It relies on a closed-source library, but the (command-line) Beam-it front end comes with source and is GPLed.</I>

    If it is pure GPL then it is violating it by linking to a proprietary library, they should either use the LGPL (but then other companies can use their software with their own library, I don't know if they are willing to allow it) or use a GPL with a special clause, or (and this amy be the better thing for them maybe) they can us e the MPL/NPL adapted for them.

    Personally I would prefer to have it GPL'd completely but for a company this is not always possible, or at least not always the better solution.
  • There are probably five different and intellectually valid interpretations of the GPL as it applies to this situation.
    "Intellectually valid", whatever that means, maybe. Legally, there can only be one. The argument, as far as I have been able to discern, is as to whether or not the restrictions of the QPL are sufficient to make it proprietary, which in the context of the GNU GPL is defined to be anything that is more restrictive than the GPL. I believe there is broad agreement that libraries that are generally agreed upon to be proprietary may not be linked with GPLed code in this fashion (unless you're the copyright holder, of course).

    In this case, what we're talking about is almost certainly not the QPL. Once again, is there anyone with any account who would care to check this out?

    Debian subscribes to the one that says you can't unless you include a disclaimer or additional exception. This certainly isn't the view of any of the other distributions, some of whome employ GNU members.
  • My question is, is it possible to be logged in from multiple locations at once under the same account? I would assume mp3.com has restrictions as such to prevent someone sharing their account with many people.

    "with only small percentage actually buying the CDs"

    Can you actually download the songs? If not, its use is limited to the computer. I think it's very useful in the process of buying CD's over the net because it brings instant gratification - at least, while you are at your computer.
  • by Anonymous Coward
    You are correct. You never upload the contents of the CD, the program just verifies that you have the CD.

    Now, in terms of hacking the client. The client does not verify that you have the CD, the server verifies that you have the CD. So in order to defeat the scheme you have to be able to feed the server what it needs.

    According to another post, the server does not JUST ask for the "ID" on the CD. There isn't even an ID on the CD. The ID is a unique identifier created on the fly by looking at the track info on the CD. Its extremely unlikely that two cds will have the same number of tracks that are the exact same length and start and end of the exact same sectors.

    If the beam-it software asked for just the ID, then you could write simple client that queries the CDDB.

    Apparently the server also wants you to upload a a sector or two from the CD to really show that you have it in the drive. So now you hacked client also has to contain some sectors from each CD you might want to pirate. And its not clear if it always requests the same sectors. But either way 45,000+ cds * a few sectors / CD makes this client pretty big.

    AND mp3.com can change what sectors they are looking at if someone did release such a cracked client.

    So it looks like in order to defeat the scheme, you need to have all the data on the CD even though it will only actually look at a small portion of it.

    So if you have the CD already then they are lots of ways to rip the data so my.mp3.com is not any more of a threat than a cd burner or an mp3 encoder.

    Now, what I find interesting is that the RIAA wanted to impose a CD-R tax on us, because they were going to be losing so much money to CD piracy. But it is quite clear that no one is going to be ripping CDs to CD-Rs in a year or two (are people even doing that now?). Between broadband and portable mp3 players, there is no sane reason rip a cd and burn it to cd-r. YET, the RIAA would still be collecting tax for CD-Rs.
  • I hope that mp3s are not the future of music, for 3 reasons. 1. They sound awful. 2. You don't get liner notes, et cetera. 3. The combination of the my CD player's DA converter and my receiver's preamp is far superior to the combination of mp3 decoders and my computer's preamp. This is the case with most people. 4. Lousy mp3s don't make good frisbee like projectiles. I can only pray that people realize that music media's first priority should be sound quality. That's happen about the same time people realize that SUV's are ugly, gas sucking, impracticle weapons.
  • crush said:
    It seems to me that there is very little difference between the approach of releasing an "Open Source" player written to work with the hidden Windows API and releasing a "GPL'ed" player written to work with a hidden proprietary library.

    Perhaps you should try out the software you're bashing before you criticize it. The GPL'ed piece of software is NOT the player, its the bit that authenticates your ownership of the CD to the webserver. The webserver sends the tracks of those CDs you're authenticated for in plain old MP3 streams, for which you can use anything you'd like. Zipwow

  • You can't "uncompress" an mp3, can you? That's like the same thing as "zooming in" on a jpg. mp3 works by sacrificing bits.
  • There are several programs to convert Mp3 back into Wav which then can be burnt to a CDR -- If the File is at encoded at 128k (Which on my.mp3.com they have 2 settings 64k and 128k I believe) then that is CD Quality - It will sound identical to the CD when listened to with the human ear.

    I'm just glad that there is a linux version now - I only run windows at work and I've been bringing my CD's in a few at a time to 'beem' them -- now I can do it from home and listen to the MP3's at work! I hope this site does not get shutdown...

    Later,

    There is no spoon...

  • When he says uncompress I think he means unencode, or returning to the WAV format from which it was encoded. Yes, it will not be as good as the original copy. But the point still stands.
  • Perhaps you should try out the software you're bashing before you criticize it.

    In general this would be a good idea, but I don't want to get a username and password for mp3.com. I accept you correction, I should have read the article more carefully. So, let me restate the question which you carefully avoided , and which is after all really the meat of my post, do you think that there is any difference between using a

    "Open Source" CD Authenticator written to work with the hidden Windows API and a "GPL'ed" CD Authenticator written to work with a hidden proprietary library. ?

  • Sorry, I'm not sure if I'm getting this correctly:

    you can listen to them in streaming MP3 and RealAudio format -- no file transfer is required, so you can "beam" a CD instantly.

    When you say no file transfer is required I'm not sure what you mean. Is the mp3 not being streamed from Mp3.Com across the web?

    I can see that this is sort of neat, but it sounds like a nightmare to me in terms of centralized control of information. I'd much rather not have mp3.com knowing what I buy and how often I listen to it across the web. I'd rather make my own mp3s from CDs and send them to my box at work.

    Also what about the bandwidth problems that this will cause? Are mp3.com going to be responsible for all the sluggish transfers? I can see how it is great for them to use the net for their private gain, hopefully they'll be charged some whacking great fee proportional to the traffic that they inflict on this shared resource.

    he recording industry already has a monopoly on the artists most people want to hear. They can reap even more rapacious profits on CDs sold electronically without the overhead of distribution, packaging, store promotion, and other brick and mortar costs.

    Even better.

  • Follow up:

    I just signed up and checked it out. It seems that you can not download the files. You must stream the mp3's. This could be circumvented through the use of recording software at the client end. However, this is irrelevant as it would be easier to just create mp3's from your own cd and send them over to a friend.

    Also, it is 128k, which is not CD quality, and I can easily tell the difference between it and my original CD (although, those of you with crappy stereo's or computer speakers probably wouldn't).

    I have sent e-mail to mp3.com regarding the possibility of thievery by multiple simultaneous logins shared by multiple people. I await a reply. Hopefully it will be soon, so that I can reply on this story.

    I have done my own personal checking of this, and so far it seems you can not use from multiple locations at once. Here is what I got when I tried to access from multiple IP's.

    "We're sorry, we've noticed you are trying to stream from a URL that is no longer active. Please generate a new playlist and try again"

    So it does indeed seem that they do have protection from this. As soon as I tried accessing from somewhere else, my original stream cut, and the new one didn't work as well. So, basically, the direction of your comment is invalid.

    Bravo mp3.com.
  • You can unencode an mp3 back into wave format. You have to be able to unencode it or you wouldn't be able to play it.

    There's some minor loss with mp3 compared to actual cd audio but your average consumer is not going to notice most of the time.

    You might be able to notice if you compared two tracks side by side with a good pair of high quality headphones, but other than that, if you can stand listening to the quality of mp3s, unencoding them will essentially have the exact same quality.

    However, if your cd is scratched to the point where it's difficult to read, the beam-it software probably will not be able to verify you own the cd in the first place.

    It works by requesting small sections of tracks off of a cd, which you send and it verifies as correct. If you can't play or rip your cd, I doubt they will be able to verify it's the cd you say it is.

  • I Forgot my password.. I have SO many to remember these days.. How about this.. Lets have one password for all the great slashdot readers.. lets make it somthing orginal. like cypherpunks and maybe the email could be root@slashdot.org and we will promise to only listen to the music for wich we barrowed CD's from our friends.. and unlocked. Good thing NO ONE works at a Sam Goodey or Maybe a Tower Record and has access to PC and alot of spare time or really extended breaks.. thats. I promise not to abuse the slashdot account.. and I know you wont either..

    nudge.. nudge.. wink wink.. .2 winks are better than a nudge ay ay ay
  • Beam-It reliably sent my NT machine to BSODs -- and I hadn't seen one of those for about a year prior to that.
  • Duh, another follow up. Something occured to me after writing this: Question: How easy is it to change back and forth between accounts on my.mp3.com? If it is fairly easy, what the previous poster said would be easily achievable. I could just beam up 20 cd's change accounts, then beam them up to my friend somewhere halfway across the world. This would, in effect, "duplicate" the cd's (as long as you are at your computer). I have sent another message to them regarding this loophole. This one does seem a serious problem as there is no e-mail or other authentication after "beaming" a cd up.
  • crush wrote: So, let me restate the question which you carefully avoided , and which is after all really the meat of my post, do you think that there is any difference between using a

    "Open Source" CD Authenticator written to work with the hidden Windows API and a "GPL'ed" CD Authenticator written to work with a hidden proprietary library. ?

    First, one point. What 'hidden Windows API' are you now comparing this to? The thing the Beam-It authenticator uses (the CD-ID) seems to be a well-defined part of the standard for creating audio CDs.

    Until I understand that half of your question, I don't think I could provide an answer.

    Do I think it should be open? Sure. Am I really that worried about it? Nope. Some kind of open 'authenticator' would be nice, but it doesn't seem to have as insiduous an effect as a proprietary player, in my opinion.

  • bash$ ldd /usr/bin/beamit
    libmsp.so => /usr/lib/libmsp.so (0x4001a000)
    libc.so.6 => /lib/libc.so.6 (0x40024000)
    /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)


    it's a library (libsmp is the one in question, and as far as I can tell it's only available as a binary). So it would appear that there is a GPL violation in effect here.
  • I think that you're sort of missing my point.

    I believe that in spite of the not-completely-open status of a particular piece of software, any piece, that software can still provide the means for an advancement of access to certain other, distinct type of information. In this case, the contents of any such hidden proprietary functionality is far less interesting to me than the contents of the mp3s themselves. Is this a sacrifice, then? Maybe, a little. But I think that this creates access to a lot more than it hides. With this in mind, it's ambiguous at best in terms of its relative freedom-fighting purposes.

    Furthermore, I take issue with 'proprietary library'. In fact, the whole issue is that the CDs themselves *are* proprietary. The CDs aren't GPL'd. Therefore, *some* part of this process has *got* to be hidden from my view, or the entire thing becomes illegal, and not very nice. It's possible that a moral consequence of making this tool completely open would be the tool's elimination for perfactly valid legal reasons! That, i can say for sure, I don't want.
  • I agree with you. I really don't understand why it is that people complain when core functionality is hidden. It's very like all that complaining that people did about TrollTech not so long ago. I mean, God, there giving us something free!!! Now we can spend more money on beer. The people that go on about needing access to information remind me of that Stallman guy....what is it that he says? something like:

    Since the purpose of GNU is to be free, every single component in the GNU system has to be free software. They don't all have to be copylefted, however; any kind of free software is legally suitable to include if it helps meet technical goals. We can and do use non-copylefted free software such as the X Window System.

    This means much more than just saving everyone the price of a Unix license. It means that much wasteful duplication of system programming effort will be avoided. This effort can go instead into advancing the state of the art.

    Complete system sources will be available to everyone. As a result, a user who needs changes in the system will always be free to make them himself, or hire any available programmer or company to make them for him. Users will no longer be at the mercy of one programmer or company which owns the sources and is in sole position to make changes.

    Schools will be able to provide a much more educational environment by encouraging all students to study and improve the system code.

    Maybe that's why people are whining. They want what they are using to be free. It is manifestly NOT, if the library is hidden, otherwise, as I pointed out in a previously down-moderated post, there is no difference between this program being GPL'ed and me modifiying it and me modifying a program written to the windows API.

    This is a shallow attempt to get the kudos of being free. Actually, I should rephrase that to allow for another possibility: this is either cynical or else half-assed.

    If you can't see that a program that depends on a hidden library is a problem then maybe you should check out this discussion of library licenses:

    LGPL [gnu.org], but in case you don't feel like reading it here's a quote about libraries:

    Proprietary software developers, seeking to deny the free competition an important advantage, will try to convince authors not to contribute libraries to the GPL-covered collection. For example, they may appeal to the ego, promising "more users for this library" if we let them use the code in proprietary software products. Popularity is tempting, and it is easy for a library developer to rationalize the idea that boosting the popularity of that one library is what the community needs above all.

    Don't you think that your line of argument will result in boosting the popularity of a non-free library?

  • First, one point. What 'hidden Windows API' are you now comparing this to? The thing the Beam-It authenticator uses (the CD-ID) seems to be a well-defined part of the standard for creating audio CDs. Until I understand that half of your question, I don't think I could provide an answer.

    Welllll, it seems to me that you're nitpicking trivialities. But I'll answer you anyway. I should have said the "hidden code of the Windows API", obviously I can actually write to the API which is it's purpose.

    So now that we've cleared up that obvious and trivial point. Let's address the problem. The question is whether or not a program which depends for its functionality on a library which I cannot access/modify/control/re-distribute myself is a piece of "Free" software. I don't think that it is. To take the extreme example what happens if I write a library, provide an API to it. This library contains one call, "RunProgram". I've published the API, you can stick whatever interface you like on it, you can GPL it you can feel that you've got freedom. I don't think that you have. Are you worried about it? Frankly your personal feelings are irrelevant. The point is whether or not this is Free.

  • That would be unlikely, as it doesn't use a unique identifier. As you'll notice in earlier posts it asks for random chunks of data from the cd you claim to have.

    The only piracy possibility that seems likely is if the chunks aren't so random as they appear. (They obviously can't store an entire cd to compare it to.) If so, a pirate may be able to give other people all the different chunks of data that the beam-it server may ask for.

    However, if the mp3.com people are smart, they could could store enough of a variety of data per song on their server to be comparable to the size of the mp3 itself. In which case a pirate wouldn't save any time or effort by sending those same chunks to friends instead of the actual mp3s.

  • To be honest I'm not sure that I get this discussion (the whole thing, not just your thread) at all. I've only relied on the /. report which says that the program is GPL'ed but there is a closed-source library. I'm assuming that their not talking about a "music" library but a programming library. Am I totally incorrect in this?

    If I am then it seem to me that you're making a sort of leveraging argument - we can use tools that possibly threaten and undermine our free-software to get access to free music?

    in spite of the not-completely-open status of a particular piece of software, any piece, that software can still provide the means for an advancement of access to certain other, distinct type of information. In this case, the contents of any such hidden proprietary functionality is far less interesting to me than the contents of the mp3s themselves

    But is it? It doesn't seem like it is if all I can do is stream it from mp3.com across the net. In fact I have a hell of a lot less freedom there than if I make my own mp3s. So, I'm not getting increased Freedom!

    Am I totally nuts for thinking like this? I understand that everyones happy that theres a Linux player and we're popular and being catered to and that this is new media etc.... but what are we really getting? Let's look right-down this gift-horse's mouth and then go around and check the other end too.

  • This does not seem to be in the faq. Can you please give a URL to the Real video?
  • Ahh, now I see your problem. Should it be called GPL is your real question. Okay, no. And I think that's addressed below, and will likely be amended soon.

    Your original note had more of a 'scare tactic' voice with "do you trust this software" and "this proprietary software will take over the world" voice, which I don't think is appropriate in this case.

  • Let's face it - the only reason they are ultimately offering this service is so they can keep track of what you listen to and what you own. This is the kind of info record companies pay for...

    So... they're watching you.

    There's supposedly this NSA/FBI/CIA profiling system which tracks people who read certain books - do you think they would be interested in who listens to certain types of music? I wonder if they would buy this kind of info from mp3.com.

    Or maybe schools want to look for those 'unstable' students who sepend too much time listening to the wrong sort of music.

    Trust me.... It's all about information.
  • Your original note had more of a 'scare tactic' voice with "do you trust this software" and "this proprietary software will take over the world" voice, which I don't think is appropriate in this case.

    Well, then you are being more charitable with me than I deserve. I believe that software that is adopted by the Free software community should be Free. This precludes the use of hidden libraries. I don't care if it's called GPL or OSS or X11 or new BSD. I only care if the result of adoption of a piece of software is to discourage the production of free software. Your persistent attempts to misdirect this discussion would seem to be an attempt to use a 'soothing tactic' voice with 'don't worry about non-Free software' , 'this proprietary software won't limint your Freedom' which I don't believe to appropriate in any case.

  • OK, I see your point. Any sacrifice on the open-ness of the functional pieces of software is a net loss because you can always rip them yourself.

    The reason that I disagree with you on the general point is because I'm taking a slightly less focused stance on what 'freedom' and 'control' are here. The freedom to not have to rip cds is a freedom -- it saves me time, hd space, both things which I can spend better in other places. It 'frees' me from my pc's bandwidth issues, by letting me go through mp3.com, rather than my isp and then my crappy copper wire, which again saves me time. Clearly, this also frees me geographically.

    I do understand where you're coming from, but freedom is about compromises -- sure, I'm free not to have a job, but am i sacrificing certain other freedoms (maybe more important, maybe less) if i decide to quit and be broke? This is a similar case from where I sit. The marginal decrease in my control over the processing of my own media is negligible compared to the other, larger ways that this frees me up in terms of mobility, storage space, and time.

    Like I say, I agree with you when you say that this represents a certain loss of control over your own files and your access to them. My point is simply that you're not getting nothing in return for it, and in fact, i'm getting constant access to a lot of information that i might not have had such easy access to -- it's a win, net, by my conception. Our disagreement seems to be about whether this is a fair trade, whether what i'm talking about is in fact 'freedom' and 'control'.

    Does this clarify my point?
  • Yup, I understand you. I guess we just disagree. Thanks for the civil clarification.
    Crush
  • Well, this speaks to my most recent note, on the other thread here:

    I think that you've always got to compromise --

    I have to go to work everyday, but i have the freedom to go to france on vacation. Am i more or less free than someone without a job who never gets to leave downtown hartford 'cause he's broke?

    That's a tough call, but your failure to recognize that there are competing freedoms here, where software is only one, is i think the source of our disagreement.
  • This is, of course, off topic, but I wanted to mention how much I've enjoyed this thread. Certainly the most intellegent conversation I've had all day, but then, I support a marketing company, so i guess i get what i deserve.
  • by crush ( 19364 )
    I think you're being simultaneously both overly paranoid and naive. The real scam going on here is that their cheating you out of your airmailes bonus points! Think about it - instead of having to offer you an incentive to provide information as you do when swiping the grocery card every time you buy kitty-litter the marketing moguls now have direct access to it for Free(TM). But even there I think that this will be a good thing. It will let companies know "What People Really Want" and they can be responsive to our needs and this is a good thing and isn't that what democracy is really all about being able to have the things we want to buy made available for us and aren't we all happy to live in an information age millenium technological forward looking society........choke.
  • Have a look at mookie.sourceforge.net. I am working on a GPL playlist system for mp3 streaming which dynamically points listeners at content.
  • I think that you've always got to compromise -- I have to go to work everyday, but i have the freedom to go to france on vacation. Am i more or less free than someone without a job who never gets to leave downtown hartford 'cause he's broke? That's a tough call, but your failure to recognize that there are competing freedoms here, where software is only one, is i think the source of our disagreement.

    Ok *grin* , so let's have a compromise where I win instead of you? The answer to your question is that it depends on choice. If the bloke in Hartford has chosen a system that means that he has the choice between working and going to France and not-working and staying broke and if he then chooses not to work, well then he's totally free. The reverse obviously applies. Compromise is a great and useful thing that makes it possible for us to get along socially. It's important to seek consensus and understanding. It's also important not to dilute down essential principles until you have in fact given them up (I think).

  • "Legally, there can only be one."

    True. But as of now, all we have are opinions. That's why I said "intellectually valid" as opposed to "legally valid", which would be innacurate.

    "...whether or not the restrictions of the QPL are sufficient to make it proprietary..."

    The issue is not whether the QPL is proprietary or not. It is certainly *not* proprietary. The issue is whether it is "compatible" with the GPL. Many point to Section 6, which talks about extra restrictions. Although the QPL has fewer restrictions than the GPL, a couple of them are *different* from the GPL, and are thus additional.

    Other issues that relate to this are: whether Qt is a module in KDE; whether dynamic linking to non-GPL libraries is or is not allowed; and whether the GPL is binding on third parties. Although the answers to these issues may seem obvious to you, there is by no means a unanimous agreement on them.

    "...may not be linked with GPLed code in this fashion (unless you're the copyright holder, of course)..."

    But KDE *is* the copyright holder for KDE :-) Again, that's not the problem. Debian can but won't distribute KDE because they are of the opinion that they do not have permission from KDE to do so.

    Of coure, KDE may have used some GPL code within its own GPL code, and some are claiming that this is illegal on the face of it, and are seeking an injunction against every distribution that contains KDE.

    "In this case, what we're talking about is almost certainly not the QPL."

    No, it's not. The announcement said "proprietary" and the QPL is 100% Free Software. But the same situation applies with Debian. Even though the authors of Beam-it have a written document saying that everyone and their grandmother can freely redistribute Beam-it, Debian still won't distribute it since they say they do not have the permission to do so (confused yet?). However, if Beam-it has an exception of some kind granting everyone the explicit permission to link to whatever proprietary code they used, then Debian would include it.

    Of course, lest you misconstrue my comments, not every Debian developer holds to this current view. But being a democratic-oligarchy, they can't include KDE until everyone important agrees to.
  • I've enjoyed it too. It's nice to talk to someone rational and civil.
    Regards
    Crush
  • Ah, thanks for posting this - it's great (and wants moderating up). This helps with two things:
    • it shows mp3.com have the CD in their collection;
    • it's the same one that you have in your drive.

    This substantially weakens the plaintiffs' case against mp3.com.

    Of course, RIAA are still gonna complain that mp3.com don't have permission to stream (i.e. copy) this across the net to you...

    By the way, is the connection they stream over SSL..?

  • Good point. Historically, lots of assaults on liberty have taken place gradually (although many have not, of course), and this is certainly a weakness in my approach -- it requires a lot more maintenance and has the potential to lead to other, less desirable circumstances.

    Sorry, btw, I did that thing where I make it look like Im agreeing to disagree, and then attempt make it clear that I'm sure I'm right.

    Gotta go hand out some flyers :) take it easy.
  • Linux version works fine; I installed it and went through a stack of CD's with repetitions of the command
    beamit -e userid -p mypass ; eject
    It's a lot easier than ripping a stack of CD's, that's for sure.

    It also appears to have a -b flag (batch mode) that will do the eject for you, and wait for the next CD insertion. You wouldn't have to type anything; just keep inserting CDs.

    Unfortunately I can't get the client to work with my SCSI CD-ROM... anyone that's gotten it working care to explain the -g flag, or show me the command-line you used to launch it? Thanks!

    --

  • Since sectors are small, it doesn't take very long to send a few. But since you don't know which sectors it will ask for, you have to have all of them. I.E. you must have the CD.

    But is the sectors that it asks for actually random? It seems that to do this mp3.com would have to have a database containing all of the cdda info from every cd in their collection. Say that on average each cd contains 500 megs, this would add up very quickly. Isn't it possible that they just created a database with random sectors sampled from each cd, and then check the client for these specific sectors? This would dramatically cut down on the amount of info they would have to store in there database. A way to test this would be to create two different accounts, and sniff the packets as you beam the same cd under each account. If the sector info is the same, a database could be created with each cd's id and sector info. Which if true, it would seem that the RIAA's case against might have merit.

  • I think it transfers more than just the table of contents. My hunch is that it is doing something akin to an "intro scan," checking the first chunk of bits from each track and sending them back to the server before the server is satisfied that you have a legal copy. So scratched CDs could pose a problem.
  • I actually did a fair bit of digging into their protocol for authenticating cds. I didn't feel like figuring out their user auth code, so I just redirected the client's socket operations through some code I wrote to capture the stream and inject my own data where appropriate. I determined that it is completely impractical to fool their software. They request random sectors from the cd each time. Even on the same cd with different accounts. So even if I capture your session, playing it back won't buy me anything because the server will request different data. In order for this to be effective you have to have all data available, ie. the cd. Now if they only have a small subset of sectors that they check from each cd you could eventually find out what they are, but that would be much more hassle than it would be worth.

    If you can sniff your neighbors traffic you could just get his email/password and login to his account. Or just sniff the mp3 streams and record them back to disk. The possibilities are really limitless there. Had the above method of recorded sessions worked people could have mailed out recorded sessions instead of trading mp3s.

    -Jeff

    PS. I did not do this with fraudulent intent. Record/Playback code is available upon request for those interested.
  • I looked at live365.com and it looks like you need to run NT or mac to be able to listen to their channels...
    I could not get it to work just by modifiying the MIME types of my netscape browser under linux.
    Did anyone manage to get this done?

    Zeb
  • <I>(They obviously can't store an entire cd to compare it to.)</I>

    Perhaps not, but they could store hashes of every block on the CD, and see if the client's data hashes to the same value.

    --


  • Have you ever listened to MP3's at 128Kb/s, as compared with the original CD? There's a world of difference. MP3 compression is lossy - you lose some information, and there's no way to retrieve that information again.

    If 128K MP3s sound the same as CDs to you, then you must be nearly deaf.
  • More like, I want them to know I own the CDs, so I can go to work, and access the MP3s, or go to school, and access them, etc. Some people own enough CDs to make this useful.
  • "...whether or not the restrictions of the QPL are sufficient to make it proprietary..."

    The issue is not whether the QPL is proprietary or not. It is certainly *not* proprietary. The issue is whether it is "compatible" with the GPL. Many point to Section 6, which talks about extra restrictions. Although the QPL has fewer restrictions than the GPL, a couple of them are *different* from the GPL, and are thus additional.

    You know, I am really not interested in discussing QT or the QPL. I am not a Debian developer, though I use debian on my machine. QT is most certainly free software. Although the word "proprietary" is not defined in the GPL, it is most often used to describe that which has restrictions additional to those of the GPL when the GPL is discussed. I'm sorry if there has been any misunderstanding.

    What I would like to discuss is whether or not this case we're seeing here is a GPL misapplication (and notice that I do say misapplication rather than violation here) since this program is apparently built on top of a proprietary library. That would constitute creating a derived work which has restrictions additional to the GPL, which is the same sin that the KDE folks are accused of. Personally, I will withdraw judgement in the case of KDE.

    Other issues that relate to this are: whether Qt is a module in KDE; whether dynamic linking to non-GPL libraries is or is not allowed; and whether the GPL is binding on third parties. Although the answers to these issues may seem obvious to you, there is by no means a unanimous agreement on them.
    In order: QT is as far as I know not a module in KDE, although that is where it is most often used, and despite the fact that it is very vital to KDE.

    I don't believe that dynamic linking or static linking makes a difference. "Creating a derived work", which is what the GPL (and copyright law in general) talks about is much more subtle than inclusion in a binary.

    As for the GPL being binding on third parties, I am not sure what you mean. Anyone is free to use GPLed software however they see fit. The GPL covers redistribution of GPLed software. Since a priori one does not have a right to distribute software that one does not have copyright on without a license agreement, the only way in which one may distribute GPLed software is by accepting the conditions of the GPL. That is the cornerstone on which the GPL rests.

    "...may not be linked with GPLed code in this fashion (unless you're the copyright holder, of course)..."

    But KDE *is* the copyright holder for KDE :-) Again, that's not the problem. Debian can but won't distribute KDE because they are of the opinion that they do not have permission from KDE to do so.

    Absolutely. The KDE folks can do whatever they want to code that they have written. What Debian can or cannot do to KDE depends on the license agreement. Their opinion as to how far that license goes seems to be different from yours. Debian can only do what the license says. The KDE folks have certainly given informal permission to copy and distribute KDE many times. If KDE was to make this formal by adding "... in addition, you may link this program to the QT library." to their license, Debian would distribute KDE tomorrow - or so I am given to understand. Once again, I am not a Debian developer. As far as I can see, the only thing that KDE would loose by doing so would be the ability to adopt pre-existing GPLed software to work with KDE. (Of course, according to Debian they do not really have that ability to begin with, but this would pretty much constitute an admission.) However, this is one thing that the KDE folks should be wary of already, since there are people out there who do not agree with their reading of the GPL. On the other hand, if they did include the above clause in their license, they would be much more likely to be met with goodwill by free software authors who actually care about these things.

    I don't think that anyone really cares about the core of KDE since the KDE folks are certainly happy to let people distribute KDE. A more interesting question is GPLed code that has been adapted to work with KDE, such as kghostview.

    Of coure, KDE may have used some GPL code within its own GPL code, and some are claiming that this is illegal on the face of it, and are seeking an injunction against every distribution that contains KDE.
    I am not aware of anyone having resorted to legal steps against KDE. If that happened, it would be interesting news indeed...

    If code written by someone whose reading of the GPL coincides with Debian's (and the authors of the GPL) was adapted to work with KDE/QT, it would be very interesting to see what happened. Of course, no-one really wants to find out. This is why there will never be a kemacs under current conditions: everyone knows that this would almost certainly start world war three. 8-(

    "In this case, what we're talking about is almost certainly not the QPL."

    No, it's not. The announcement said "proprietary" and the QPL is 100% Free Software. But the same situation applies with Debian. Even though the authors of Beam-it have a written document saying that everyone and their grandmother can freely redistribute Beam-it, Debian still won't distribute it since they say they do not have the permission to do so (confused yet?). However, if Beam-it has an exception of some kind granting everyone the explicit permission to link to whatever proprietary code they used, then Debian would include it.

    I agree entirely, except that I have not seen a written document anywhere. I did eventually get around to fumbling around the website without logging in anywhere (IMHO, it is rather poorly laid out) and downloaded the tarball. Beam-It appears to include code from three or four different GPLed applications, and the library in question is most certainly not free software by any means. If any of the authors of these applications were to make noise, life would get interesting for everyone who is distributing Beam-It. Fear of things like that is one of the reasons Debian does not distribute KDE, as far as I recall. A commercial distribution would probably get away with destroying all CDs and the like and burning new ones. Debian is a volunteer effort which cannot afford the same sort of resources that eg. Red Hat does. Though once again, I am merely a Debian user, not a developer. (And IANAL.)
    Of course, lest you misconstrue my comments, ...
    I hope not. You've been very pleasant to discuss with so far.
    ... not every Debian developer holds to this current view. But being a democratic-oligarchy, they can't include KDE until everyone important agrees to.
    It is true that not everyone within Debian agrees with the official line. But Debian is a true democracy, and as far as I know these things are decided by majority decisions, not by "important people", whoever that might be.
  • If you just try to download the path to the mp3 with like netscape it gives you a mp3 that says sorry, use a streaming only client. So I wrote a little script to use wget to spoof the winamp user agent and that seemed to work about half the time, and isn't working at all now, im not sure what kind of checks they had going. Hows everyone else do it?
  • The GPL'ed piece of software is NOT the player, its the bit that authenticates your ownership of the CD to the webserver. The webserver sends the tracks of those CDs you're authenticated for in plain old MP3 streams, for which you can use anything you'd like.

    Actually, this is a little disturbing. I don't say this as an OS fanatic, but as someone who thinks that mp3.com is doing neat stuff, and would like to see them beat the RIAA.

    If their security depends on a closed-source library, maybe it's not so strong. Several people here have described an authentication scheme they believe is being used: The server requests random blocks of data from the CD, and compares the data returned by the client to its entries in some database. This is pretty robust, and open-sourcing it won't significantly weaken it: any would-be cracker still has to be able to send back the correct blocks to the server. And if the server can request any arbitrary block, then passing around a crack for the system is no easier than passing around raw WAV files of the CDs that the crack is supposed to let you aquire. Which is sorta stupid.

    So if they're unwilling to open the authentication library, then I'm wondering if it isn't because they are using some less-robust scheme, such as only storing a relatively small and predefined set of blocks for each CD.

    Of course, another possibility is that they kept the library closed source because it will provide a greater appearance of security in the eyes of the court - security through obscurity makes a lot of sense to the technologically unsophisticated. If they open-sourced it, no doubt the RIAA would attempt to portray this act as helpful to crackers.

  • From what other people here have said, it appears that Beam-it answers some kind of challenge-reponse protocol from the server in which it does send pieces of the audio track sometimes.

    The Beam-it README states that it relies on cdparanoia, which I believe is doing some scratch detection-and-compenstation.

    So, as long as cdparanoia can read your audio tracks, then Beam-it will work for you. But if that's the case, you don't need My.MP3.com anyway. Unless the part they ask for isn't the scratched part of your disc.

    I had hoped to use My.MP3.com in a similar way: I wanted to take advantage of their Instant-Listening program to get access to pre-encoded MP3s of all the CDs I buy. I have an empeg that I am migrating all my music to, and ripping/encoding get tedious.

    However, their server software seems to do some tricky stuff to be sure that you're using a "streaming only" player, and not downloading the MP3 file. Nothing that can't be circumvented I'm sure, but maybe it's not worth circumventing.

    But to get back to the point, yes, you could just use a WAV-writer plugin with your MP3 player and get your audio data back as long as Beam-it recognized your CD. I have several very scratched disks that I tried with Beam-it and they all worked. Of course, some of my discs that were in perfect condition didn't work, but that's another story.
  • When I said "democratic-oligarchy", I was meaning that not every Debian user or contributor is allowed to vote. Only those that are Debian members. Both Linus Torvalds and Richard Stallman have made major contributions to Debian, but as far as I am aware, they don't have voting rights for Debian. I didn't mean to be pejorative.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...