Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Music Media

Napster Adding "Protection Layer" 188

bluecalix writes "According to an article on sonicnet, 'In the new Napster, which the company says will be launched "as soon as possible," users will still be able to swap MP3 files ripped from their own CDs. But Napster will add a new "protection layer" to MP3s as they move from one user's computer to another, allowing the service to control what users do with the files they download, according to a statement from the company.'"
This discussion has been archived. No new comments can be posted.

Napster Adding "Protection Layer"

Comments Filter:
  • by Anonymous Coward
    They are trying to enforce copyright protection, but people that really want to steal and share songs will find a way to do it. This will only stop a few people. It will make life painful if their new format becomes popular, because it will make many other programs obsolete that can be used to play and record (possibly) MP3s. Proprietary formats are not a good thing, because they inhibit growth by removing the ability for other programmers to create editors and viewers. It sounds like it's time to move on from Napster.
  • by Anonymous Coward
    My theory, is that they will simply add a registry entry to keep track of which files you downloaded, and just not allow you to share those. Pretty trivial to bypass.

    However, as we have learned from the DeCSS case, all you have to do is *try* to protect your content, no matter how flimsy the protection.

    Pretty clever of Napster, they could use the DMCA to shift the blame from themselves to the users...
  • by Anonymous Coward
    without knowing the exact methods that napster will employ to 'tag' these mp3's, would this not have the affect of spoiling the internet mp3 pool?

    what I mean to say is, if after a period of time, there might not be any 'untainted' mp3's left...

    this jibe's right with a theory I've had for over a year now, a theory explaining how RIAA might kill napster:

    Spoil the mp3 format, or

    make mp3 trading totally socially unacceptable, tantamount to narcotics or prostitution.

  • by Anonymous Coward
    I predict that their new protection layer will stay unbroken for exactly 6.28 microseconds.

    Any takers?
  • Heck yeah!

    All my files are encoded with the keys 6, 5, 11, 4.

  • by bmetz ( 523 ) on Monday February 26, 2001 @03:10AM (#403565) Homepage
    Why doesn't anyone EVER mention vmware when referring to methods of circumventing this technology? It seems pretty darn intuitive to me that once the data steam leaves vmware linux can have its way with it. There are plenty of loopback capture methods for linux.
  • An unwatermarked copy never exists in memory -- the samples go right out the speakers with the "inaudible" (yeah, right) watermark still in.
  • you really don't understand much about Freenet do you? I suggest you find out [freenetproject.org] before exposing your ignorance again.

    --

  • by Mihg ( 2381 )
    gnapster works just fine with OpenNap servers.
    ---
    The Hotmail addres is my decoy account. I read it approximately once per year.
  • Why don't they just limit the sound quality of the MP3s?

    Because I'm not going to rip my CD collection at 24Kbps or really anything else than the settings I use now (using LAME with VBR). If I don't rip my CDs at 24Kbps, they won't be shared. Say goodbye to Napster's "customer" base once the only people who have files available for download are people who are willing to maintain a copy of their MP3 collection at a lower bitrate specifically for trading with Napster users.

  • Thanks to new copyright law, the copy control measure doesn't really need to work.

    It just needs to exist. Wether it works and is broken, or doesn't work and is broken isn't going to make a difference legally or in circumvent-ability.
  • Will they be providing source patches for all open source free players?
  • Or the voice in the mp3 file says "f t p colon slash slash tunes colon r i a a sucks at my dot leet dot host slash" ... when you play it backwards.
  • The simple fact of the matter is that no matter what kind of stuff Napster puts into the files, they're still music files...and copying just the music (and not the advertisements, if any) just involves capturing the stuff on the way to speakers....and if there are restrictions on the Napster-distributed files, it's solved the same way: record it on the way to the speakers, and make a new mp3 file. Easy, it's beend done before. Unless they come up with something brand new and creative....in which case, somebody smart out there will, too.
  • Don't you think the client would have to be able to unprotect the protection in order to, say, PLAY the mp3?

  • You're right... I was smoking crack and being overly optimistic.
    However even in this scenario, it doesn't mean that the file can no longer be shared. It all depends on how they do the "protection." A form of public key encryption...yes, it would have to be able to remove the encryption. A new file format *could* still be shared, or could be restricted. It could even be done according to the copyright holder's preferences, in case they only want the songs to be downloaded from their own machines (in order to track usage, for example.)
  • It seems that everytime we get into the whole Napster/MP3/RIAA discussion we never really get anywhere. Millions of us like to rip and trade our music for free. We won't buy into any proprietary encryption schemes (ala Liquid Audio) and we always bring up Gnutella/OpenNap/Scour/etc..

    But, what about Ogg Vorbis? Everytime this is brought up as a serious subject - people start to trash it: "the format sucks", "only geeks use it", "it will never work".. "blah blah blah". Someone else posted a message saying that one way the RIAA was going to try to kill MP3 is to piss in the pool. If they can flood the MP3 pool with garbage files, then the format will lose credibility and people will stop trading files.

    So, rather than complain about Napster and MP3 why not work on alternative and completely open formats? If we all told Napster to go fuck themselves and started to develop Ogg Vorbis in earnest we could have a great alternative. Let the Army of Lusers (AOL) use the "Pay-per-listen" Napster that will be born. And the real traders who have been in the scene for awhile should start to switch formats.

    Develop cool software that works well and has *all* the features we want. Develop hardware that plays it. And in the end we can have a truely OPEN format that goes head-to-head with MP3, Windows Media, Liquid Audio, and others. Why is everyone so attached to MP3 anyway? It's not the best format out there... in fact it kind of sucks.

  • napster is going to modify the files on us. Hmm.
    I think Napster has given up the holy 'cause' they were fighting for.. people can swap files anyway... so it's time we publicly, openly did something new to get attention away from Napster. They're just going to turn into another media whore.
  • No.. they could just issue updated clients, and make the servers only work wit updated cilents.
    The flock will follow, and napster will get fat like the media whore they are.
  • IMHO: Disaster. Somebody somewhere has to set up the servers, this is most likely going to have to be an ISP. ISP's hate this shit. They hate NNTP, but have to have it, really. They hate IRC, but have it because someone who works there thinks it's great and insists on keeping it up on some godforsaken P200. It's the mother of all security risks. It eats all their bandwidth when it shits it. In this case it'll attract lawyers faster than a hollywood divorce. Uck.

    Strict peer-peer will save you. The ISP's will not be bothered by it because as far as they're concerned it's just more layer 3 traffic. Legally they would have a simple time claiming they had no way of policing it. If you're clever and use some encryption, they won't be able to police it.

    Peer discovery and propgating queries are the hard bit. How do I know which machines are within (say) a dozen hops? How do I propogate a search? How does it scale.

    Yes, it's hard. But a worthy goal, don't you think?

    Dave

  • by WasterDave ( 20047 ) <davep.zedkep@com> on Sunday February 25, 2001 @06:29PM (#403580)
    None. It'll be done peer-peer.

    Dave
  • by WasterDave ( 20047 ) <davep.zedkep@com> on Sunday February 25, 2001 @06:58PM (#403581)
    I doubt they'll take the time to develop a cryptographically secure system.

    They don't need to: There are open source (BSD licence) cryptogtraphy toolkits that work perfectly well. The sword cuts both ways.

    Dave
  • by WasterDave ( 20047 ) <davep.zedkep@com> on Sunday February 25, 2001 @06:40PM (#403582)
    The thing that Napster are forgetting is why it is they were so successful: It was a classic example of viral marketing. People used it because it was useful. Then more people used it because other people told them it was great - not because they'd seen a billboard advertising it. If they want to charge for napster, and the downloaded MP3's only work on that one machine - its not going to be useful is it?

    So the message to those wishing to ego-pander by having (say) 100 million people using their software is simple: Go.

    It has to work on Windows, like it or not, and it has to be simple. It has to be secure, it has to scale, it has to be able to search, and it would be damn handy to the lamer in the street if it could cut collections of MP3's to audio CD.

    Obviously it has to be completely decentralised, cos RIAA are going to go nuts.

    Go for it. Make it work. And do yourself a favour by not putting the letters 'GN' at the start of it's name.

    Dave
  • by WasterDave ( 20047 ) <davep.zedkep@com> on Sunday February 25, 2001 @08:17PM (#403583)
    Well, it won't be an MP3, will it? It'll be some proprietary Napster file format. Most likely your Napster client has a private key and a public key. When you get an MP3 from someone else, your client gives their client the public key, their box uses this key to encode the outgoing .mp3 as a .nap, then it can only be played on your box because only your box has the private key.

    Piece of piss. How does it play in an MP3 player? It won't.

    Dave
  • Maybe Microsoft would not sign any drivers that work under vmware? And then when vmware changes the card it emulates, DMCA them to death.
  • My main thought is that the opennap servers could still use the old clients and we'd all be happy as hell still.
  • This was destined to happen from day one. Napster is a business. Napster cannot be, in the long run, a free service that helps people pirate mp3s. (Yes, that is what it primarily does.)

    Yes, I'll miss napster. Yes, this sucks. But I'm tired of people acting all hurt and betrayed....
  • Winamp (and I imagine other programs) is capable of directing the output to a WAV file that can be burned to a CD with no difficulties whatsoever. And this is assuming you want an audio cd when you're finished. How exactly they expect to prevent me from copying files and burning them straight, I have no clue.

    However, my best guess is that it will involve storing all mp3's inside a loopback type encrypted filesystem, and all mp3 playback will have to be through napster's program. Of course, this is far from foolproof. A couple days with a disassembler, and all this will be for naught.

    Of course, I still say that none of this matters. Napster can be whatever it wants to be. I don't use it, never have used it and don't plan to start anytime soon. I can't keep up with the inflow of mp3's I'm getting now, why would I want to make the "problem" worse. :)

    -Restil
  • Does anyone really think that they are losing fidelity by using analog outputs?

    Dump the "secure audio" to a metal formula cassette tape (assuming you've got a deck that will actually use it well), a DAT tape, or an audio cd burner.

    Seriously, you a lot of fidelity from the mp3 encoding process to begin with and virtually none from the analog output to your speakers. All it takes is one person with a DAT drive with line level inputs to supply everone else with an unencumbered version of anything at all.

    Until someone comes up with a way to encrypt something up to the point that it reaches our ears then there will be no such thing as "secure audio."

  • "Nuff said?" - not at all, chinless.

    Gnutella will never pull the kind of critical mass needed. It's only a matter of a very small amount of time before it's shut down. There have been many documents written on the major lack of scalability in the Gnutella architecture - whereby single searches start to require gigabytes of bandwidth when you start to get respectable numbers of users on the system.

    Try again.

    --
  • Napster is required to try to stop people from trading illegally, and to make a good faith effort. Do you think they really care if people bypass it? No, they don't. Napster's execs wanted and encouraged the various thefts. They just want to satisfy the court.

    So, don't complain. Napster's thinking just like you are.

  • Anyone know of a good windows client?

    WinMX, AudioGNOME, RapIgator ... See for yourself [sourceforge.net]
    ---

  • I do not agree. Napster needs something to say "Hey look, we're controlling the content! So stop suing us!" This appears to be what they're doing here.

    Do you think Napster would allow you to actually *see* the MP3? My guess is it will be encoded into some sort of super-large cache. And you will have no control over it. And there will be a game where Napster keeps on hiding the songs better and better. And the energy expended in this "game" could be better spent on OpenNap.

    And why you're wrong, PhatKat, is because of this:
    1. Napster is not platform independent. You can only run Napster on their pre-approved platforms.
    2. It would be a mistake to assume that Napster is being careless here. They want to be a viable business much more than you want your free music.

    Anyway, that's my two cents, take what you want from it...
  • Yes, its BS protection, its probably a cripple in the napster client. Easy enough to use a different Napster client. Unless the fed then shuts down the usage of alternate Napster clients in the same manner DeCSS is illegal. Then the precedents would be all around to begin the total systematic criminalization of any software that isnt produced by a big corporation.....Im sure MS will have quite a few many other usages for precedents like this.
  • I'm sure this scheme will be cracked in short order... I doubt they'll take the time to develop a cryptographically secure system. Of course, the crack will be an illegal "circumvention device", but legality has never been much of a concern to Napster users (myself included, I must admit). Of course, a weak scheme could be just what Napster wants... then they'll at least be able to give some lip service to the music companies, while making copyright abuse just a bit less convenient for their users -- and, most importantly, shift the blame from themselves to the evil crackers. Maybe we'll soon the the gallery of Protection Layer removers on Dave Touretzky's page.

    --

  • either they have a really brilliant idea, or this is as silly as it seems. kinda sad, really.
  • and, to anyone who says that it's only giving lip service to the court ruling, and it's meant to be broken, I say that's even sadder
  • This screams out to me, that if they 'reverse
    engineered' this system, then it's a violation
    of DMCA and they can be sued? The intent of this
    system was to prevent people finding the information
    contained within it. The intent of CSS was to
    prevent people finding the information contained
    within it.

    Could be an excellent case for someone to trial :)
  • I remember hearing a long time ago when napster
    was still quite young, that it had an off by one
    buy where it would truncate the last byte off
    every download. This didn't really have any
    noticable effect on the an mp3, so the bug went
    unnoticed. Except that files that were popular
    ended up being many generations old and therefore
    would have the last part of the song truncated.

  • Regardless of posturing, piracy is the one and only raison d'etre of Napster. Regardless of what they implement or how effective it is, Napster is no more.

  • Okay, back to ratioed FTP servers, where I was bagging full albums before Napster made lunch a bit more interesting.

    This "protection layer" thing is both bullshit and a great way to alienate the user base- this, and it would be a bitch to implement on the Mac. [the Mac version of Napster sucks enough as it is.] If they're going to go through with making the experience shittier for everyone in order to assuage the greed of the record labels, the least they could to is actually, you know, IMPROVE THE QUALITY OF THE SERVICE at the same time. But I doubt we'll see, say, a useable search engine any time soon.
  • >Dumbass. That's in the frame headers, not the idiotic ID3 tags.

    Whups. Thanks for the clue, deeznutsclan.

    Moderators: He may have been inflammatory, but he was right [oreilly.com]. See table 2-1 in the O'Reilly chapter I linked to.

    If the protection bit is on, then a checksum follows the header. They can do this in every frame of the file.

    My original point still stands - a third-party utility can just as easily strip or reset the bits after downloading through the NewNapster client. But the bits are in the frame headers, not the ID3 tags. (Serves me right for taking the output of TinAMP seriously :)

  • >I really hate to see common extensions (.wav , .avi , etc) being non-standardized into different sub-types that may or may not work with my applications.

    Paranoid theory: Maybe that's what RIAA's plan is.

    Fact: Napster has a large userbase.
    Fact: The new napster will also have a large userbase, at least for a period of time
    Fact: Users trade MP3s offline
    Fact: Newbies are often "compulsive upgraders"

    Therefore, we can assume that when NewNapster says "You need to update your MP3 player" to play these MP3s-that-aren't-MP3s, they'll do it.

    We can further assume that they'll share these files over other media.

    We can conclude that if these files continue to be shared, that not everything that ends in ".mp3" will be playable in old-sk00l MP3 players (hardware or software).

    Thus, the base of existing MP3s is sufficiently-contaminated that clued-in users no longer trust that a file ending in ".MP3" is playable, and they stop trading en masse and go back to trading amongst themselves, a few files at a time.

    The widespread sharing of MP3 files is stopped. The USENET MP3 groups are also abandoned (think: flood of clueless n00bies with cable modems and NewNapsterized MP3s), and we go back to the dark ages.

    I don't think it'll happen - but it's a possibility. All that has to happen is that NewNapster not suck as much as we think it will ;-)

  • by Tackhead ( 54550 ) on Sunday February 25, 2001 @06:38PM (#403603)
    There are "Private:", "CRCs:", "Copyrighted", "Original", and "Emphasis" bits in my ID3 tags.

    Betcha the "new" Napster simply flips these bits, and "asks you" to "upgrade" your MP3 player to something that honors those bits.

    WTF else could they do and still have the downloaded files play in an MP3 player?

  • Yes, they *could* do these things, *but* do they *want* to? Napster has just been beaten --- do you think they will willingly embrace their occupiers and do exactly as they command? NO! They will do as little as possible, just to give the appearance of compliance.
  • Patch for GNapster:

    -send_to_server("type=gnapster");
    +send_to_server("type=BigBronapster");
  • by QuoteMstr ( 55051 ) <dan.colascione@gmail.com> on Sunday February 25, 2001 @09:14PM (#403606)
    So capture the network traffic being sent to Napster and send it from gnapster. Classic replay attack. If worst comes to worst, you can extract the key from the client --- after all, if it encrypts something, it needs to have something to encrypt it with.

    Encryption is *not* a pancea, it does not magically make everything unbreakable. Like any other tool, it is useful in places, but it's just that, a tool. It has limitations. Encryption does not allow you to trust the client --- *NOTHING* does.
  • That is absolutely hilarious. They will use a bit in the file, the "Copyrighted" field for solving all their problems. Give me 5 minutes and I'll whip up a C util to unset that bit on all my mp3's. Seek, Read, And, Write. Hey, now none of my songs are copyrighted and I can trade them. Problem solved.

    Justin Dubs
  • by {Hecubus} ( 62076 ) on Sunday February 25, 2001 @07:09PM (#403608)
    The way the system is set up now is that the mp3 itself never actually goes through napster. In order to somehow "add a layer" to the mp3, it would have to pass through napster at some point. Last time I checked 1,786,189 files were online. When each one is transferred, napster has to come in contact with it. This would take too much bandwidth to work properly.

    This could be done at the client level, but would need to have everyone using the new client. This is time consuming and does not stop people from using the old client with something like opennap.

    How could the new napster client be sure that the mp3 was from his/her own cd collection? As easily as new mp3's come with a new "protection layer", I can remove it.

    Napster must realize this, and hopefully this is just a move to keep the RIAA at bay for a while because they're "doing something" to stop it, despite how easy it is to get around.
  • As we know and predicted, Napster is just like any other company. Money whores.
    Here is rule 1 of Business 101 for those that don't know.
    "Make money anyway you can. This includes screwing anyone that inhibits this including your own customers."
    I think it is going to make it hard for people to continue to support Naps court battle now as things like this come out.
    The fight is still crucially important, even though it helps a common whore like Napster.
  • There was another article about this a while ago that I read. Don't remember the URL. Basically it said that their plan was to have the peer that is hosting the mp3 to come up with a secret key for each peer that requests the mp3 and then encrypts it on the fly as it is going over the wire after sharing the key with the peer. Then you can only play the mp3 inside Napster which has the key to decrypt the mp3.
  • Napster isn't forgetting why they were so successful; they painted themselves into a corner with their total disregard for copyright and the record labels' power. Now they are getting sued into oblivion and are being forced to re-implement their entire system. If Napster could continue what they are currently doing and keep all the viral marketing going, they certainly would. Unfortunately for them, the RIAA is holding a gun to their heads and it's a _really_ big gun.

    Note: I'm not against Napster or rooting for the RIAA, just stating the facts.
  • by GregGardner ( 66423 ) on Sunday February 25, 2001 @09:08PM (#403612) Homepage
    This article from inside.com has more details on how this "copy protection scheme" will work. Basically the peers share a secret key and then the mp3 is encrypted with the key on the fly. Then presumably the mp3 is kept encrypted and your Napster client is the only thing with the key to decrypt it, so you'd have to play the mp3's in the Napster client.

    http://www.inside.com/jcs/Story?article_id=23794&p od_id=9 [inside.com]

  • ssssssssshhhhhhhhhhhhhhhhhhhhhhhh.... someone will use the DMCA to ban vmware :)

    ----
  • If used properly, Napster will help reduce the risk of transmission of mp3's and many other internetly transmitted diseases
  • Just how the hell do they think they're gonna stop anyone from burning the mp3s they download? Encrypt them, and only be playable through the client? Hmm...speaker goes to line in...and there's aprogram recording on line in...
  • Once upon a time
    people traded MP3s
    the did it with people
    they knew in IRC,
    and in ICQ,
    and with FTP,
    and in other ways
    that the world wouldn't see.

    "Everything you know is wrong. (And stupid.)"
  • Hey, don't worry about this! This is just an attempt to make napster seem to be keeping in line with the court's opinions. There's no way that they had enough bandwidth and processor power to do this themselves... do the mp3s ever get transferred directly through napster's servers in the first place? Even if this were possible, how could they make it platform independent? And if the layer gets added as it's being passed through, doesn't that mean it's already getting traded?

    I'm convinced this is just an attempt to assuage the powers that be with some meaningless techno-spindoctoring. No worries here. Whatever it is, it sounds lame. And if it is as carelessly implemented as it sounds, it shouldn't be hard protection to sidestep.
  • It has to work on Windows...
    Do yourself a favor and get the efficiency of native machine code without the headache of making your users get a Java virtual machine - or caring what version of the JVM is available for a given platform.

    Apple has announced it has no plans to support a JVM later than 1.1.8 on the classic Mac OS so you can't use all those great collection classes in Java 1.2 and be cross platform! (See Apple's Java Developer page [apple.com] and scroll down to where it says "Mac OS Classic Java".)

    Use a cross-platform application framework. That way you can program on Linux, Mac, BeOS, Windows or maybe even QNX and deliver for all those schoolkids running Windows ME on their parents' PC.

    One such framework, for C++, is ZooLib [sourceforge.net]. There are many others, as you can see from The GUI Toolkit, Framework Page [theoffice.net].

    Read about why it's important to write cross-platform code. [sourceforge.net]

    I'm most familiar with ZooLib, because I've been working with it on the products I write for my clients, and I helped ZooLib author Andy Green prepare it for open source release late last year under the MIT License [sourceforge.net].

    ZooLib offers all of the following implemented as C++ classes:

    • Multithreading, with cross-platform C++ thread classes and various kinds of locks (simple mutexes, reader/writer locks) - multithreading is important for something like a servent. For systems like the Mac OS that don't have preemptive threads it has a handrolled thread scheduler.
    • GUI, with a uniquely flexible layout method. The widgets are rendered by platform appropriate renderers, and you can make custom widgets. There's a renderer that will call through to the Appearance Manager [slashdot.org] on the Mac OS, if it's running.
    • platform-independent TCP networking, it's implemented in terms of sockets on Linux, WinSock on Windows, sockets on BeOS and MacTCP on Mac OS. I think Open Transport may be working too on the Mac, I'm not sure - but on all platforms you use the same C++ classes for your networking with no platform-specific client code needed.
    • Thread-safe reference counted smart pointers, for quick, efficient memory management that's free of leaks.
    • Extensive debugging support - assertions in core components and a debugging memory manager, handy macros for assertions and the like
    • Single-file database format with C++ interface. Create ZDatabase objects with ZTables in them. Much zippier than SQL and more pleasing to the object-oriented soul.
    • File objects - you instantiate a ZFile object from a ZFileRef object, then use its Open, Close, Read and Write methods
    • Platform-specific file open and save dialogs with an API that's consistent with the rest of ZooLib. Filter by filetype on the Mac or filename three letter extension on windows. While ZooLib is cross-platform, it breaks out into platform specific code in cases like this where it's appropriate, in a way that's considered entirely sacreligious by the Java community.
    • Streams that can be chained to provide filtering, somewhat like the iostreams classes in the C++ standard library but more appropriate for use with binary data. This is how you typically read or write to a file or network connection.
    • Handy preprocessor macros to deal with platform specific code or selecting options like debug builds.
    • Offscreen graphics buffers that may be manipulated directly via pointers or accessed in a manner that is transparent to the bit depth via GetPixel and SetPixel calls. All platforms have the same API that provide a wrapper around platform bitmap buffers. I believe there's a purely homegrown in-memory implementation, plus platform implementations bounds to the native GUI layer like GWorlds on the Mac OS.
    However, ZooLib doesn't yet have everything it needs. Read about that here [sourceforge.net]. But I think it will work fine for the application suggested here, and the needs given in that page are being addressed.

    ZooLib 0.81 is known to build with MetroWerks CodeWarrior [metrowerks.com] on Windows and Mac OS, gcc on Linux, and gcc on BeOS [be.com] for Pentium.

    If you use CodeWarrior you can cross-compile and cross-debug; check out Thursby Software [thursby.com] for some filesharing solutions that work well for this. (Tip - on Windows, select the "MacBinarize" post-linker in the target linker prefs when building a Mac target - you also need to derez all your resource files and include them as Rez text source).

    While it should ultimately work, there are known build problems with BSD, CodeWarrior for BeOS PowerPC and Visual C++ on Windows. These are all being worked on and full support for all these platforms is expected before long.

    Other cross-platform frameworks I'd like to note are:

    • The Adaptive Communications Environment [wustl.edu] for cross-platform networking
    • GTK [gtk.org] - yes, that's right, GTK! but you must forgo using XLib calls and POSIX calls that are not in the ANSI C Standard Library
    • The Netscape Portable Runtime [mozilla.org] for the non-GUI aspects of cross-platform development
    • The Mozilla XPToolkit [mozilla.org] for cross-platform GUI
    • Mozilla Netlib [mozilla.org] for network and file stream access
    • Mozilla XPInstall [mozilla.org] for cross-platform installation, packaging and updating.
    • Also check out AbiWord [abisource.com], a great cross-platform WYSIWYG word processor that's open source, with an open file format. As far as I know the only product coded in AbiWord's XP framework is AbiWord itself, but it's worth looking into for another look at how people architect these things.
    While there are undoubtably many powerful advantages to the Mozilla framework, it often receives a great deal of criticism for being heavyweight - hard to code to, slow, and hungry for memory.

    People often mistake these problems for valid arguments that one should not do cross-platform development, or perhaps not render your own widgets when doing so but depend on platform specific ones (like AWT vs. Swing), but I think the lightweight, well architected, efficient and easy to use ZooLib answers those arguments very eloquently.

    Help me teach the Free Software community to write quality code [sunsite.dk].


    Mike [goingware.com]

  • Okay, let's say I have a number of Unix systems, a couple of Windows machines, and an MP3 archive server on a relatively fast network connection.

    What P2P 'file sharing' service should I install if I want to share my files with my friends, most of whom run Win95?

    What P2P client should I install if I want to be able to download MP3s from random strangers? Which alternative to Napster has the biggest library?

    Lastly, which service gives me the most 'protection' (anonymity, etc) against being sued by RIAA or raided by the FBI?

  • Maybe I just don't get it... what exactly are they trying to accomplish here?
    "Hey all you record labels! Time to get happy! Call off your lawyers because we're still going to let our users pirate your songs, but they can only give them away if they actually bought your CD! Oh, sure they can still give away billions of copies - but those people can't pirate them! Until they crack our protection algorithm which we think they pretty much will, because if we change the file format too much then it breaks every MP3 player ever made. Oh, and even if they don't crack our file format, they sure as hell will Digital-Analog-Digital the songs and redistribute them that way."
    My take on this: Napster ignores lawsuits until they have huge market. Napster gets huge market. Napster redefines onlines music from .MP3 to .NAP and licenses player technology. THEN (and only then) Napster takes steps to bill consumers for downloads in small-easy-to-swallow-prices and cuts profit-sharing deals with labels.
  • Dude ... music is enormously expensive to record, and by not paying for music you asked for this. I have been warning people since the advent of Napster that not paying for music, would result in other ways of companies to make money which are much more intrusive than simply paying for pure music (such as advertsting).

    And if you circumvent this, they will just put in more advertising, but integral to the music. The Boston Symphony will be required to modify the last few bars of Beethoven's Ninth to include the Coca-Cola jingle. Backstreet Boys will be comissioned by AT&T to sing about the wonders of 1-800-CALL-ATT in every song. Etc. Etc. Etc.

    Why don't you just pay the artists so it doesn't have to come to this? I would much rather have pure music, than music diluted by advertsting.
  • Something like this was bound to happen, and it's a bit of a surprise it took so long.

    Napster is a centralised index and a company. That means there's ONE source to go after, ONE company to sue, and ONE entity to force changes on. Napster knuckles under, and here we are.

    However, fewer people are going to use this new Napster, especially when other (better) systems are coming to maturity. This may be the push Gnutella needs for widespread legitimacy.

  • Good bye Napster,
    Good bye Napster,
    Good bye Napster,
    I won't be using you now.

    I think it's time to uninstall it.

    Maybe if Napster moved to Canada we could use it without all this crap.

    Then of course the RIAA's song would be "Blame Canada".......
    --

  • Comment removed based on user account deletion
  • by Gefiltefish ( 125066 ) on Sunday February 25, 2001 @07:05PM (#403641)
    Judging by the huge demand for file-sharing that has been evident through Napster, this is not an activity that will soon fade out.

    Rather, the RIAA's contribution to shutting Napster down or gimping it with ridiculous restrictions will ultimately work against those who wish to prohibit sharing of music and files.

    It reminds me of what my doctor says about taking antibiotics, "Take them until they're gone. If you only take a few, you'll just kill off the weak bacteria and eventually create a stronger strain."

    Well, this is exactly what will happen. Once a central server-based system like Napster goes down, we will see noncentralized systems like the Gnutella model increase in size and reliability. The RIAA will shoot itself in the foot by forcing file-sharing to become easier to use by consumers and increasingly untouchable by industry and government.
  • what if the mp3 is encrypted with a key that has to be checked out of a centralized server?

    One word: OpenNap. OpenNap servers will use one well-known key. If you trade MP3s over OpenNap instead of Napster Inc's network, you already have the key to descramble them.

    See also Pinocchio's comments on Napdot [napster.com] to see why a restricted Napster just won't work.


    All your hallucinogen [pineight.com] are belong to us.
  • What if they where to the protection it locally on your PC?

    It would not work, as clients cannot be trusted in a secure situation (e.g. Quake cheating). Fifty bucks says there will, within two days of the release, be either a patch that disables DRM encoding in the client or a clone client that doesn't even do DRM.


    All your hallucinogen [pineight.com] are belong to us.
  • Dude ... music is enormously expensive to record

    Bull. All you need to record techno are a computer, a tracker [modplug.com], a sample set (start with GM.dls that comes with recent Windows), a player that writes wav (Winamp), and a Vorbis [vorbis.com] encoder.

    modify the last few bars of Beethoven's Ninth to include the Coca-Cola jingle

    This is already happening. Witness "Summer Girls" by LFO (the "Abercrombie and Fitch" song). But jingles don't even have to mention the product name anymore; witness licensing of popular songs in commercials such as "Da Da Da" by Trio (used in a VW commercial) and various golden oldies used in Burger King commercials.

    Why don't you just pay the artists so it doesn't have to come to this?

    Because the labels don't provide an efficient way to buy the two good songs on the album without buying the ten filler songs.


    All your hallucinogen [pineight.com] are belong to us.
  • by yerricde ( 125198 ) on Sunday February 25, 2001 @07:02PM (#403646) Homepage Journal

    if the idea is to keep people from burning MP3s to CDs, there's nothing to keep them from writing dummy device drivers as an intermediate step.

    SBLive already has this (What-U-Hear); I'd think InterTrust (contracted by Napster to provide restrictions management) would have thought of this already. Anyway, Windows ME and Windows XP contain a Secure Audio Path that only drivers signed by Microsoft can use. And to be signed, a driver must disable all digital outputs (spdif, what-u-hear, write to .wav) when the Secure Audio Path is open.


    All your hallucinogen [pineight.com] are belong to us.
  • Correct me if I am wrong, but if Napster adds an extra layer to these MP3 files they will either:

    * Not be MP3 files anymore therefore you'll need special players to listen to the files, in which case people will just use a tool to remove the extra layer and convert them back to regular MP3 format

    or

    * Be playable with any regular player, therefore making this protection layer useless anyway.

    And don't forget, once a file is burned on a CD as a regular audio track, it can be ripped again as a good old MP3.
  • And people will just write programs to strip mp3s of these "protection layers."

    Next!

    (When will they learn?)

  • by SlamboS ( 129106 ) <alambos@umich.edu> on Sunday February 25, 2001 @07:23PM (#403650)
    It all ended on that day
    When a few actually wanted to pay
    And Napster gave in
    To Big Brother's whim
    That day Napster could no longer stay.
    __________________________________________
    The people that are willing to pay for napster are the people that don't know how to download MP3s from other sources. The reason for this is probably that they aren't exactly computer junkies. They probably don't spend much time on their computers and therefore don't get mp3s to play them on their computer. They get them to put them on CDs and play them in their car or whatever. Napster will kill themselves by becoming a slave to the music industry. Why would anyone pay for napster to get stupid songs that they can't play anywhere but their computer? After the first few months of their subscription service, subscribers will probably die down once they realize how stupid it is with a small user pool and altered songs.

    I don't know how many costs they would have, but I don't see them making a huge amount of profit with this plan. They could even go bankrupt. They really only have two logical options: Close now or keep up the legal battles. It's obvious their only reasoning behind this move is to please the music industry, their enemy. Yes, Napster is a business, but this move doesn't look very businesslike - Napster is basically letting the music industry control them. Whatever they do, the music industry will be watching them. If napster doesn't go bankrupt, it will just turn into a place like cdnow.com, except you can't even get CDs from it. It's the napster self-destruction.

    /whois John Galt
  • by SkulkCU ( 137480 ) on Sunday February 25, 2001 @06:29PM (#403652) Homepage Journal

    the new Napster

    Oh, so it'll be pretty much like the old Napster, except now nobody will like it.
  • 2 workarounds:

    1. Hack the code in either the client, the driver or the kernel. Or hack the hardware. Only needs to be done once, then the means to do so could be distributed. Illegal under the DMCA in the US. DMCA might be unconstitutional - but that often doesn't stop them.

    2. Just get 2 sound cards and the best darn audio cable (high quality and shielded! Preferably with gold plated connecters, and as small as possible) you can get and feed the audio out of the secure card into the audio in of a non-secure card (which could be on another PC). And record that.

    Digital to analog to digital conversion does far less harm to the signal than MP3 encoding does. Of source, re-encoding back into MP3 might hurt (if I take an MP3, turn it to wav and back again, do I lose info that survived the initial encoding into MP3?)

    Maybe fair use, may be legal or illegal under the DMCA, but it is not really circumventing because the conversion from a protected format was done by authorized software - so the actual protection mechanism wasn't circumvented or bypassed - it was used as designed. You are intercepting a non-protected signal, and you might get off on that. Or might not. See a lawyer for advice. we all know of one judge would be convict you no matter how good of a case you make.

  • if(client.type != "BigBronapster"){
    kill(connection);
    }

    or, something like that

    Rate me on Picture-rate.com [picture-rate.com]
  • by Eloquence ( 144160 ) on Sunday February 25, 2001 @06:40PM (#403664)
    Gnutella is working quite well again. Remember, the scalability problem doesn't mean that the network congests at a given size, it just means that you will only see a limited part of the network, which is really no big deal if that part is big enough.

    Check out BearShare [bearshare.com], it's one of the most powerful Gnutella clients around and works nicely here. Other than that, see infoAnarchy (sig) for news & updates on Napster alternatives, as well as a comprehensive list of them.

    --

  • > Most likely your Napster client has a private key and a public key. When you get an MP3 from someone else, your client gives their client the public key, their box uses this key to encode the outgoing .mp3 as a .nap, then it can only be played on your box because only your box has the private key.

    The private key have to be on the client to play the file. So, reverse engineering of .nap files is possible. And, if the underlying is a MP3 stream, then the original MP3 can be re-constructed.

    Napster doing something like that is like putting a huge blinking neon, reading "hack me" on each napster copy.

    Software copy protection is futile.

    Cheers,

    --fred
  • Why don't they just limit the sound quality of the MP3s?

    People could still trade files freely, and if they really liked a song, they would want to go buy the CD for the better quality. It would be good business for the record companies - people would still get exposed to artists they would otherwise not take the time to seek out. It would also be good for Napster assuming the RIAA went for it. Napster would retain a significant amount of it's appeal and "customer" base, and might get out of the hotseat in the process.

    Any ideas on this? What bitrate? Why wouldn't this work, or how could it work?
  • Or if all else fails, move to Canada. Senator Orin Hatch doesn't work for our government. We don't have the DMCA or anything like it..... yet.
    Better yet, our new Copyright law (from Dec 97?) is quite good (search for "CD tax" or something). It basically says that a person may make copies of any music he wants to listen to, on any media he damn well pleases. The catch is that the person making the copies has to be the person doing the listening. Now THAT sounds like a good model for Napster. :)

    --
  • And what if this song is one that I wrote, that I don't mind freely distributing, would they put the "layer" in anyways?

    What if I owned the copyright to this hypothetical song, and forbade modifications to the file, would they be allowed to add this "protection layer?"

    Just a couple more thoughts, other than the ease of getting past it.

  • Or maybe car alarms or the "ADT" (IIRC) sticker people put on their house windows to alert the bad people that they have a security system, when they don't.

    This is all a bunch of fooey, for the benefit of the RIAA and the stupid users they hope will believe their smoke and mirrors.

    "Beware of dog" signs might work for the casual criminal, but are they really going to stop someone who wants to break into your house? (By the way, DeCSS is the tool used to break into your house [mpaa.org], did you know that?). They're going to realize real fast that the Beware of Dog sign is a fake, and that if you have a dog, it's been dead a long long time.

    Good luck implementing this, Napster. Why don't you bring out your poster child and have him explain how a poor company like Napster is forced to do these horrible things by the RIAA.
  • I'd hate to imagine what happens to their stock if they fail.

    I'm rather looking forward to it - when they fail! No reason to expect them to succeed where others haven't - for all the reasons that copy protection / DRM don't work. (i.e. people will always find some way to circumvent it.)

  • by grammar nazi ( 197303 ) on Sunday February 25, 2001 @07:34PM (#403684) Journal
    it'll take about 2 milliseconds before someone makes a player that ignores the 'protection layer'.

    I agree completely.

    Here's the grammar nazi summary:
    1. Napster is increasing the cost of their service (from $0 to ???).
    2. Napster is removing 'value' from it's service by restricting the files that can be shared.

    This is never a wise business model. Increasing price needs to accompany increasing 'percieved value'. The only way that I would pay for Napster's service is if they increased the value of their service. For free I have access to a lot of music. Why the hell would I pay to have access to less music.

    I desperately hope that Gnutella or Freenet are ready by the time Napster decides to implement there new flawed business model.

  • Prerequisites:
    • Napster will tag downloaded files on the fly...
    • Any file, even Public Domain or "GNUArt [gnuart.net]'ed"
    • Most Napster user download less and less stuff as they usually look for what they want, not "anything available"
    So, concerning the first point, this only goes for future downloads, so, my current 24 CD full of MP3 stuff are not encrypted in any way, am I right ?
    I also think this is the same with most people, so, statistically, who can say that:
    • It won't be the same for current Napster addicts who have plenty of MP3 they can still share?
    • There won't be somebody to just add some filtering on Napster client in order to just ignore "tagged" files?
    So, yes, this won't change much except that only the "latest" songs will be available.
    Now, I just wonder whether somebody actually tracked a Napster song in order to evaluates how many times it is actually downloaded? Maybe this information would just show the Napster people how useless (or useful ?) this is going to be...
    Or maybe their forthcoming "tagging" will be a way for them to perform such statistics as their model is centralized.
    Until then, I'll switch to GNUtella. ;-)
    --
  • by xueexueg ( 224483 ) on Sunday February 25, 2001 @06:29PM (#403700)
    The nightmare that immediately jumped into my mind is that this "protection layer" could come to involve brief advertisements from our favorite corporations, prepended to the beginning of every song. Otherwise, this seems like not much of a problem or hindrance--if the idea is to keep people from burning MP3s to CDs, there's nothing to keep them from writing dummy device drivers as an intermediate step. More power to them.
  • by kyz ( 225372 ) on Monday February 26, 2001 @01:47AM (#403701) Homepage
    As many have pointed out, because the actual transfer of music is peer to peer, so it can just pretend to do 'protection'. I know that non US residents have a legal right to work out the new Napster protocol and write new, appearing-to-be-but-not-actually-compliant clients, but would an open-source Napster client count as a circumvention device in the US? Would the RIAA run to Judge Kaplan to sue those developers? Is the DMCA going to act as a legal cudgel for megacorps to screw over the public?
  • OK, so how the hell is this gonna work? The MP3 format doesn't have content protection built in. I suppose they could "watermark" (degrade) the files. But the problems are immediate:

    1) Someone will reverse-engineer the client as soon as they download it. Illegal in the US, possibly, (not that will stop some people) but there's always overseas users.

    2) The decrypted contents of the watermark have to exist in memory. Big problem. If nothing else, an awful lot of sound cards produce digital output. Feed the output back in, endgame.

    Why not just give up? Or move to the Cayman Islands? This is a silly game, they should stop now.
  • Despite the fact that no one will be willing to pay for something they won't actually own, the new Napster won't fly because they've taken away the only thing that made it pseudo-scalable: bandwidth. I don't care how much money they have, if every one of the trades going on has to go through their servers, there is now way they'll have the bandwidth to handle *anywhere near* the amount of people using it now.

    Don't they know that mp3's aren't web pages? This is big data, lots of it. I would say that I hope they realize this, but since their encryption idea sucks (for the consumer), I really couldn't care less. They'll go down either way.

  • by clinko ( 232501 ) on Sunday February 25, 2001 @06:25PM (#403709) Journal
    Ok, Can You imagine the bandwidth it would take to manipulate EVERY mp3 that goes through napster? That's hilarious.
  • As a relatively amateur user (non-31337), the most annoying thing about this "protection layer" is that it would make Napster's mp3's a new type of mp3. I really hate to see common extensions (.wav , .avi , etc) being non-standardized into different sub-types that may or may not work with my applications. If you want to alter a standard file type in a significant way, at least have the decency to call it something different- that way, I won't have to wonder if a file I come across is an mp3 or an "mp3". I also find it interesting that I will have paid for a song, but won't own it "enough" to move it to a CD. Yay!
  • I doubt anyone, including Napster and the RIAA, has any illusions about any control being crackable, and being done so in a matter of a day or less.

    All they need to do is use that legal equivalent of a spiked basball bat, called DMCA, and sue anyone who publishes the crack, at least in the U.S.

  • By changing the mp3 file format, then we dont have an mp3, we have a Napster file. Such a file would have to be protected by encryption or some key, else Napster wouldn't be able to control what happened to a file unless they learn how to puppet Windows completely. What does this mean?

    We get a monopoly on the file format. If Napster is determined to prevent its users from using their files elsewhere, then it won't give out the encryption to decode it and remove the protection. The only truly secure choice is to use a DVD style monopoly on media players. So much for quality. Heck, if they wanted to charge to use the files anywhere else besides the Napster client, money will flow to them one way or the other.

    Just as in DeCSS, somebody will probably want their own DVD/mp3 player, and thus crack the encryption. All we're getting into here is the same old debate on whether it is legitimate to modify the files because it was distributed to you accordingly.
  • by robbason ( 262158 ) on Sunday February 25, 2001 @06:50PM (#403728)
    There are two issues here:
    1. could they block alternative client tools?
    2. could they keep people from removing the protection?
    the answer to 1. is probably. Certainly they could sue anybody who is distributing alternative client tools ala deCSS and keep those tools out of the hands of most users. They could also have some kind of access mechanism that would change every couple of weeks that would be transparent to end users who would get automatic client updates to be able to use the new access mechanisms. Thus a determined hacker could get through the protection, but they would have to do it again every couple of weeks and couldn't reasonably distribute the hack to a wide enough user community to pose a threat to napster.

    the answer to 2. is less clear. Obviously they couldn't change the way you access older napster files on your computer. They could encrypt them, which isn't terribly feasible in terms of having to be decrypted for every playback unless the encryption is weak (maybe I am wrong on this). What about having a funky scrambled format that changed regularly? then anyone cracking it would again have to distribute updates through illegal means, which is slow, whereas their software could remember the old formats and descramble based on the date of the file.

    I guess my point is that they don't have make it impossible to decrypt mp3 files to win. They just have to make it impractical for users to do it on a wide scale.

  • I agree with many of the posters that it's likely this copy protection will be easy to hack. I doubt that it will be on purpose, but napster just doesn't have the kind of resources or time it takes to play this kind of game.

    Napster doesn't have the resources to do it right, but InterTrust does. If they're the ones hired to do this, it'll be their biggest project ever. Make-or-break. Of course it'll probably still get hacked, but if a Digital Right Management solution can work, they're the ones who'll do it.

    I'd hate to imagine what happens to their stock if they fail.

  • Ok, Can You imagine the bandwidth it would take to manipulate EVERY mp3 that goes through napster? That's hilarious.

    They could probably run it off a 486 and cable modem, once they start both charging money and restricting the use of the files.
  • right now, if user A goes out and buys a new CD, and someone downloads it from him, the availability of this song on Napster doubles. Being that "protected" MP3s will not be available for download, the number of users you can download a given song from greatly decreases. Chain reaction: people who actually buy music have all their bandwidth taken, give up and continue buying music. People who don't buy music get frustrated that the honest people left and that there's no music left on Napster. Napster goes out of business. Of course, this all changes if we are allowed to download downloaded music. But then the client would actually contain code to undo the protection layer, making it just that much easier to crack. Plus, I'd imagine the RIAA wouldn't care for this too much, either.
  • Each person could just share an .mp3 called "ftp://login:pass@hostname". Then, when a person sees that someone has the mp3 they want, they just connect to their ftp site and get the real thing. Napster is just a service for finding mp3s anyway; the actual transfer is peer to peer.
  • It sounds like a condom.

    Seriously, though, this is what Napster needs to legitimize its service. For years, Napster has been the equivalent of a smuggler's hideout, filled with law-breaking malcontents. However, with the advent of content tracking and protection, Naspter can ally itself with the music industry instead of being perpetually at odds with it.

    I want the convenience of downloadable music as much as anyone, but I am not willing to steal from artists just for my own convenience. I welcome any legitimacy and legality that Napster can bring to online music trading.

    - qpt
  • by sleeper0 ( 319432 ) on Sunday February 25, 2001 @07:10PM (#403744)
    And this is just another example.

    I agree with many of the posters that it's likely this copy protection will be easy to hack. I doubt that it will be on purpose, but napster just doesn't have the kind of resources or time it takes to play this kind of game. But I do think that it's a legitimate attempt. Napster investors and board members aren't looking to play cute tricks and sly wink-wink kind of routines with all the visibility this has in the country and on the hill. This is all about making their authorized subscription service, which seems like it at this point will have only one major contributor, Bertelsmann (and if other label showings are any indications, maybe only with a few hundred selected traffic)

    The main issue is really the injunction. Once a reasonable rewrite is made, napster will be compelled to turn off file sharing. The injunction has nothing to do with appropriate copy protection. It will still be illegal to swap songs, even if you can't burn them.

    So that leaves the high profile 1 billion dollar deal [cnet.com] that is nothing more than a political stance, an effort to show good faith that napster wants to pay. Can you imagine as a record label taking $30 million a year to give a license to piracy?? Do you think any of the labels would take that deal from off-shore pirates? And a little honesty... Where does the $200 million a year that napster would have to produce come from? How much revenue did they book in '00 ? Probably no more than 10-20 million, and if they did that would put them at the top of the heap in private online music ventures.

    The real truth of the matter is that no one, NO ONE, is doing well with online music. No one can beg borrow or steal licenses to deliver digital as the primary medium. What you're left with is a bunch of marginal online radio apps and places that offer a horrible cross-section of downloadables (emusic). Or deals where the right to stream is gotten buy buying in the correct brick and mortar store. It makes no difference, look around at the online music industry and everyone is laying off. It's simply a game of how much money you have left before you go under.

    Napster is no different. The $50 million they got from Bertelsmann had heavy contingencies. If you had made an investment in napster, wouldn't you have been looking at the appeal results as to how you felt about following through with the investments.

    They even hinted at doing napster for movies and games. Apparently they saw scour's unqualified success as a reason to run down that road. What on earth makes them think they can be successful against the MPAA when the RIAA has been so effective?

    Napster's management has cracked like everyone else's, and they are desperately grasping at any business plan that hits their desks. It's quite interesting to watch, you can be sure it will continue to be entertaining.

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...