Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Music Media

Open Source DRM 328

Posted by timothy from the not-necessarily-an-afj dept.
Clyde writes "The different worlds of DRM and Open Source have come together under OGG-S, a project that just recently went to beta with their Open Source DRM toolkit. The project license in GPL and uses OpenSSL for its encryption engine. It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis."
This discussion has been archived. No new comments can be posted.

Open Source DRM More

Open Source DRM

Comments Filter:
  • Tell me, Open Source DRM: is it a Good Thing or a Bad Thing?
    • I don't know. I guess I should stop worrying and let the /. crowd think for me on this subject. =)
    • bad of course. it goes against everything Libre Software stands for

      • Re:Please (Score:2, Interesting)

        by Planesdragon ( 210349 )
        So....

        How about PGP? Strikes me as rather wrong, making it hard to read any message I put on my computer. Definitly against the tenents of Free Software.

        • Re:Please (Score:3, Insightful)

          by intermodal ( 534361 )
          theres a difference between wanted encryption and unwanted encryption. I do not care to explain to every device in my computer that i didn't steal a media file. I want it to just obey my orders and play the damn thing.
          • Why do you think this will require you to explain any such thing? It looks to me as though the idea is when you buy the file, you also get a license key. Then, every player on the system locates that key automatically, without complaint.

            • Re:Please (Score:3, Insightful)

              by intermodal ( 534361 )
              yes, but what if i tear down that server or replace the hard drive? seems to me that either i can tote the pair wherever i like, copying it freely, or i cannot when i reinstall move it from one system to the next. Also, if i want to burn this to CD and play it on my MP3 player in my car, how is this taken into account?

      • Re:Please (Score:5, Insightful)

        by Soko ( 17987 ) on Thursday April 03, 2003 @06:19PM (#5656247) Homepage
        bad of course. it goes against everything Libre Software stands for

        Hunh? What, Libre Software stands for making sure any and all content should be available without compensating the creator of the content in any way, shape or form? We use a license [gnu.org] that restricts how your code is used, yet you want no restrictions on how the creations of others is used? *Rhetorical Question* Are you after a free ride, or Freedom?

        I understand that you want fair use rights, as do we all. IMHO, if someone wishes to release thier creations with DRM, they are free to do so. I am free to ignore thier creation due to the DRM if I wish. Libre Software providing the freedom to release your creation as you want, and being compansated if you wish, is a good thing as it provides more freedom.

        Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality, unfortunately. Using OSS tools to provide such restrictions, though distasteful, seems to be almost acceptable. At the very least, it shows that some proponents of Software Libre are sensitive to the needs of content creators, and so offers an olive branch to them. That should show we're not after a Free Ride, but Freedom.

        Soko
        • You twisted what i said. I don't steal media files, but i dont want to spend my time making my devices believe me that i didnt steal it. I just want it to play the file without questioning me. Theres a difference between impeding my fair use and crippling my media's portability. I have a network, for example, and I dont want to have to explain to every one of my 20 computers that I own a file that I use from my server.

        • Re:Please (Score:3, Interesting)

          by Christ-on-a-bike ( 447560 )
          I am free to ignore thier creation due to the DRM if I wish

          But of course, that's not how it really works.

          Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality

          What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense.

          You seem to think DRM is a 'harmless technolog

          • Re:Please (Score:3, Interesting)

            by einer ( 459199 )
            And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.

            If I have a product that I only want to distribute over a pair of drm headphones, and there's a market to buy it, it'll sell. You ARE free to ignore DRM. Content is a product, not a necessity.

            NSYNC could release their next album on a copy proof (hypotetically of course) CD. It would still sell. The value to the consumer isn't that they can copy it or back it up, it's that they can listen
        • I actually think this is a good thing. It will help Open Source Software gain acceptance many places it is accepted yet. This will also help to develop a more bulletproof DRM technology which could help safegard the movement from the attacks of Hollywood....

          There is also another benefit to open source DRM. If the current content providers continue to aggressively lock their material down, it may provide an option for those of us who want to see Free (as in Speech) content develop and become a viable mod
    • At first glance [sidespace.com] it's not so bad. Looks like they simply encrypt files and demand a license through their client to decrypt them so you can hear it. The devil may be in the details and the moral premis is evil.

      How does the client prevent piping of the decrypted output? Without that, you might as well skip the encryption. With that you get right back to the nasty non free world of files you can't write and someone else owns your computer.

      DRM is an attempt to prop up and extend the whole dead tree publis

    • A good thing.. (Score:5, Insightful)

      by elemur ( 7613 ) on Thursday April 03, 2003 @06:49PM (#5656471)
      Its good.

      Why? Because it would be implemented in, obviously, an open manner with publically defined protocols and specifications. Therefore, anybody who wanted to build an infrastructure to support DRM could do so without locking people into a single vendor or implementation.

      Somebody asked why couldn't you just change the libraries to let you bypass it? Well sure, if you can change the code on the machine, you *may* be able to bypass protections, depending on what they are. For example, if the file (text, sound, media, etc.) is encrypted and requires a decrypt key, mucking around in the code isn't going to help it decrypt itself.

      Now.. what about extracting the protected media after the decrypt step? Well, thats a bit harder. In fact, that was how people broke Microsoft's first WMP protection.. they wrote a null sound driver that just dumped the output to a file. Works pretty well. Don't think that they didn't notice, when all of their drivers need to be signed these days..

      Anyway.. there are different parts to Digital Rights Management. Step 1 is access.. can you access a file or not. Crypto protects that, and no open or closed source will change that. Step 2 is decrypted control. Who can manipulate the decrypted bytes of the media? That is up to people to implement and protect as they see fit.

      Remember that an OSS DRM solution could provide an open source platform for building closed source clients and devices.. You have the advantge of an open standard combined with actual devices using it.

  • Is this possible? (Score:3, Insightful)

    by man1ed ( 659888 ) on Thursday April 03, 2003 @05:41PM (#5655914) Homepage Journal
    How could you prevent people from modifying the library to let them use other people's keys? What would stop people from pirating the keys at easily as the music?

  • Fight the Man! (Score:3, Funny)

    by grub ( 11606 ) <slashdot@grub.net> on Thursday April 03, 2003 @05:42PM (#5655923) Homepage Journal

    Open Source DRM is an obvious ploy by the Illuminati to spread "acceptible" DRM to the resistant open source community. Once they have us eating out of their palms their world domination plan will advance another great step forward.

    Where's my tin foil hat?

  • Uh oh... (Score:5, Funny)

    by Zathrus ( 232140 ) on Thursday April 03, 2003 @05:43PM (#5655929) Homepage
    I can already see thousands of rabid open source fanatics imitating Gollum over this...

    "It isss OGG, so it isss good! Yes!"

    "Nooo! DRM! Hateful it is!"

    etc.
  • by limiting other people's freedom and trying to create an artificial scarcity in one of the very few areas of our lives where we live in a world of plenty.

    And on top of that they try to create good emotions for their products by basing it on other people's work and calling it "open source". The only catch is that you have to pay them to distribute binaries?! WTF? Neither openssl nor ogg nor vorbis require this, why do they?

    This smells very bad to me.
    • I am sorry if our page is not that clear, but all OGG-S work is released under the GPL. If YOU would like to release a binary-only version of OGG-S (that contains zero Xiph code and 100% SideSpace code) then all we ask is you pay us a one-time charge of $50.

      I hope that is not unreasonable, and you understand this cost only subsidizes our development tools and web hosting.

      Plus, we will give 10% of your purchase to the EFF to help protect everyone's digital rights online.

      • Re:another thinly veiled attempt to make money (Score:5, Insightful)

        by Emmettfish ( 573105 ) on Thursday April 03, 2003 @06:09PM (#5656157) Homepage
        Plus, we will give 10% of your purchase to the EFF to help protect everyone's digital rights online.

        Why not give the ten percent to the Xiph.Org Foundation? After all, we make the codec that makes your product remotely valuable.

        While you're at it, why don't you choose a name for your DRM scheme that isn't so closely identifiable with one of our trademarks?

        Emmett Plant
        CEO, Xiph.Org Foundation [xiph.org]

        • Re:another thinly veiled attempt to make money (Score:5, Informative)

          by sidespace ( 652582 ) <sales@sidespace.com> on Thursday April 03, 2003 @06:59PM (#5656551) Homepage
          Emmett,
          I agree that 10% of our proceeds should go to Xiph.org; tonight I will update the web page so that 10% of a purchase will go to Xiph.org as well as the EFF. The reason this change was not done sooner was because at the time OGG-S started, Xiph was not a non-profit organization (charging for the fixed point decoder).
          Also, if you believe the name of OGG-S could cause any consumer confusion please feel free to email me at rsage@sidespace.com and I will work on changing our site accordingly. Since OGG-S has been mentioned on the Vorbis mailing lists in the past, I had assumed this name would not cause any confusion.

          Sincerely,

          Ryan @ SideSpace

          • Re:another thinly veiled attempt to make money (Score:4, Interesting)

            by Emmettfish ( 573105 ) on Thursday April 03, 2003 @07:11PM (#5656625) Homepage
            I agree that 10% of our proceeds should go to Xiph.org; tonight I will update the web page so that 10% of a purchase will go to Xiph.org as well as the EFF. The reason this change was not done sooner was because at the time OGG-S started, Xiph was not a non-profit organization (charging for the fixed point decoder).

            Sounds great, thanks!

            Also, if you believe the name of OGG-S could cause any consumer confusion please feel free to email me at rsage@sidespace.com and I will work on changing our site accordingly. Since OGG-S has been mentioned on the Vorbis mailing lists in the past, I had assumed this name would not cause any confusion.

            The fact that someone would package Ogg Vorbis with DRM was inevitable (and welcome, as is any derivative work based on our stuff); The only issue I have with this implementation (as I'm unaware of the technical aspects of it as yet) is that it uses the name 'Ogg.'

            That being said, I would very much appreciate it if the name of this product were changed. I'd rather avoid confusion sooner rather than later. After all, 'Ogg Vorbis' was only a project codename, and was never expected to take off. :)

            Emmett Plant
            CEO, Xiph.Org Foundation [xiph.org]

    • Comment removed based on user account deletion
    • I think that their commercial license is only required if you would like to distribute binaries under a non-FSF license. Distribution of binaries under the GPL looks ok. Users would, of course, be able to request your source, modify it so that they can defeat the DRM, and republish your media to their heart's content.

      Until TCPA arrives, GPLed DRM technology serves no purpose.
      • A look at the source doesn't mean that you can simply defeat the encryption. Just like you can't r00t someone's ssh server by looking at the source of their version of OpenSSH.

        Of course you could trojanize the source and try to get a limp version of the binaries to proliferate, but the chances of that working are very close to zero. If I were a publisher I'd test whether the encoding and DRM encryption worked before I were to sell my media to the world.
  • Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?
    • If you look at the bottom, they have a line saying that they are in no way affiliated with Xiph.org
    • As mentioned on the OGG-S homepage, we are completely independant of Ogg Vorbis and Xiph.org.

      This was done because we (and I am sure others) believe that DRM should be an add-on option that content providers or users can choose; not something that is forced upon consumers.

    • Right at the bottom of the page: "Please note that OGG-S is neither affiliated with nor endorsed by Xiph.org or Ogg Vorbis."

      It's funny how these folks claim to care for people's fair-use rights (see the FAQ on their site). Protect fair use rights by establishing obstacles to fair use? Riiight.

    • Re:Independent and Unsanctioned? (Score:5, Informative)

      by Emmettfish ( 573105 ) on Thursday April 03, 2003 @06:14PM (#5656197) Homepage
      Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?

      I assure you that SideSpace is in no way, shape or form affiliated with the Xiph.Org Foundation, who make Ogg Vorbis and other royalty-free multimedia codecs.

      Emmett Plant
      CEO, Xiph.Org Foundation [xiph.org]

  • but doubtful. It would seem to me that any DRM where the source is available would be easily hacked. Maybe I'm wrong.
  • What is to keep me from going into the source and changing:

    if(hasRights) {
    decryptMusic;
    }

    to:

    if(true) {
    decryptMusic;
    }

    • Re:How can they make this work? (Score:5, Interesting)

      by sqlrob ( 173498 ) on Thursday April 03, 2003 @05:47PM (#5655981)
      Because the code is probably something closer to:

      DecryptMusic(Key);

      Can't do squat without the key.

      However, preventing you from changing it to
      DecryptMusicAndSaveAsMP3(Key);

      is a lot harder, if not impossible. Of course, it does guarantee at least one sale to get that key. Not enough to make it worth it though.

    • sshhhhhh.... if you keep quiet nobody will notice...
  • ... now DRM will be good, now there is open implementations of it?

  • Vaseline (Score:5, Insightful)

    by Sanity ( 1431 ) on Thursday April 03, 2003 @05:47PM (#5655979) Homepage Journal
    While normally any Open Source software is a good thing, this project is little more than the vaseline that will make it that bit easier for big media to screw us just as they will screw users of non-Open Source software.

    The only way to prevent this is for users to boycott Digital Restrictions Management technologies. As such, anything which makes it easier for DRM technologies to integrate with any software is a bad thing.

    This project may comply to the letter of Open Source, but it entirely contradicts the spirit of open technology.

    • Re:Vaseline (Score:4, Insightful)

      by gmuslera ( 3436 ) on Thursday April 03, 2003 @05:55PM (#5656057) Homepage Journal
      Open Technology is about giving you rights away only if you wish to do so, not forcing you to lose your rights.

      LGPL contradicts the spirit of open technology also? After all, you with an open source library could make propietary programs.

      I think that this could be possitive. It could make open source access more information, to have more things that can be used with it, not less.

      • Re:Vaseline (Score:3, Interesting)

        by Sanity ( 1431 )
        I think that this could be positive. It could make open source access more information, to have more things that can be used with it, not less.
        Open technology is about having the right to control the property that you own. DRM is technology that, regardless of whether you paid for it, is designed to prevent you from controlling the technology that you own.

  • I thought... (Score:4, Insightful)

    by mikeophile ( 647318 ) on Thursday April 03, 2003 @05:49PM (#5655996)
    part of the appeal of Ogg was because it didn't have DRM?

  • RTFA! (Score:2, Redundant)

    by OrangeHairMan ( 560161 )
    According to the linked page,

    Please note that OGG-S is neither affiliated with nor endorsed by Xiph.org or Ogg Vorbis.

    Don't expect this to become anything big any time soon.

    Orange

  • Open Source DRM - isn't that like the ultimate digital oxymoron?

  • Coming Soon! (Score:4, Funny)

    by aengblom ( 123492 ) on Thursday April 03, 2003 @05:53PM (#5656037) Homepage
    Do it yourself rape!

    Breaking your leg for dummies!

    <really fast>Only $29.95</reallyfast>
  • If OGG-S is open source, how can the encryption be secure?

    If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released.

    Know the truth: There is no such thing as a remote trusted computer. Encryption has nothing to with DRM.

  • Question about GNU... (Score:5, Insightful)

    by BaronAaron ( 658646 ) on Thursday April 03, 2003 @05:58PM (#5656072)
    From the FAQ:
    "If OGG-S is open source, how can the encryption be secure?

    If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."

    OK....
    Under GNU, do you have to release any private encryption keys you may have used with the code?

    Encryption keys would seem to fall under content/data and not code. It is my understanding of the GNU license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.

    I don't see how they can force people, under the GNU, to release any private keys.

    Someone please explain.

    I don't see how they can
    • First, you would have to disclose the encryption engine in use. They say stuff about the keys to spread FUD and sell commercial copies. Of course they don't fall under the GPL umbrella.
    • I think they mean "private key generation method" or possibly "public-key cryptosystem" there... I don't think they're talking about the actual private key data. Just IMHO, of course...
    • People may want to hardcode the keys, or obfuscate the code that reads the keys, so that others cannot find the key easily. If you had the GPL version, I could request the code, look for the spot that reads the key, and grab the key to get around your control.

    • Re:Question about GNU... (Score:3, Interesting)

      by Hobbex ( 41473 )
      You are confusing secure with "secure".

      The first is the actual meaning of the word, as in protecting computers and communicating parties from attack by malicious parties. By all accounts, open source software is at least as good as proprietary software at that (or maybe at worst as bad...).

      The second, is the media industry "lets highjack a term that has a positive conotation" doublespake meaning of "secure". That is about making sure that users are not in control of their own computers, so that somebody e

  • There isn't a way (Score:3, Interesting)

    by Sloppy ( 14984 ) on Thursday April 03, 2003 @06:00PM (#5656091) Homepage Journal
    Either the user has final say over how his computer operates, or he doesn't. If it's open, then the restrictions are merely "advisory" since the user has the power to ultimately decide how the computer behaves. If the restrictions are somehow enforced, then the the user must not really have full power over the computer's behavior.

    It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.

    Upon analysis, this will either be shown to not really work, or it will turn out to just be "mostly" open, but with at least one opaque component.

    • Re:There isn't a way (Score:3, Insightful)

      by BabyDave ( 575083 )
      Another impossibility in DRM:
      • I buy some CDs. I then rip these to MP3s and burn them onto a CD-R.
      • Scenario A: I use this CD in my CD/MP3 player, or on my computer at work, or whatever. This is allowed under fair use.
      • Scenario B: I give this CD to my friend, and he copies the files onto his PC, or listens to the MP3s while I'm listening to the original CD somewhere else. This is copyright violation, and is illegal.

      The only difference between these two scenarios is the physical location of the CD. This

      • BabyDave wrote, "I give this CD to my friend, and he copies the files onto his PC, or listens to the MP3s while I'm listening to the original CD somewhere else. This is copyright violation, and is illegal."

        False. This is allowed under Fair Use. Making a copy for a friend is allowed, publication isn't. If you're not sure which it is, it's probably publication, but don't just give up hard-won rights for sheer laziness!

    • It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.

      This was the very comment I was going to post -- logically, an Digital Rights Manglement module is a symbolic language [that assumes the end user cannot be trusted]. So how do you open source that language -- thus letting the [supposedly untrustworthy] end user alter it at their whim -- while guaranteeing that it still does Digital Rights Manglement?

      You can't. The w

  • This could be good. (Score:5, Insightful)

    by freality ( 324306 ) on Thursday April 03, 2003 @06:02PM (#5656105) Homepage Journal
    DRM isn't bad. Big Media/MS is bad. If DRM becomes mandated, it will be better to have an open-source implementation than not. This will reduce the plausibility of the likely MS argument that since there is no DRM on linux or mac, these systems should be excluded outright from certification.

    It's like an arms race. If everyone's got it, nobody is at a disadvantage. "Keep your friends close, but keep your enemies closer." The same is true of TIA, btw.
    • Digital Restrictions Management most certainly is bad, regardless of whether Big Media/MS pushes it or not. Saying that "oh, Windows 2005 Palladium will have DRM, we've got to beat them to it with our own open source version!" is the wrong kind of approach. Some technologies we *don't* want in our operating systems, believe it or not. Most free software advocates are vehemently opposed to the idea of DRM, and I for one will never install an operating system with such a "feature."

  • Open Source DRM? (Score:2, Insightful)

    by SatanicPuppy ( 611928 )
    Isn't that like OpenSource Windows?

    So let me get this straight:

    This is a project that is part of a free intellectual property movement which is designed to protect intellectual property from being used by people who have not liscensed it?

    What the hell?

    Okay, so it's going to be released under a liscense which allows anyone to modify, copy, and distribute the source, as long as they DO distribute the source. And the point of it is to make it impossible for someone to modify, copy, or distrubute the source
    • It lets people release information without releasing it. Well, ok. But why should I want it?

      Having DRM might well be useful. Being required to use it probably isn't. But I don't have any problem with people being able to exchange data securely. I just have a problem with their requiring that I participate. If people want to make IP act like bricks and mortar, then they will find their IP is quickly made obsolete. But that's OK with me.

      I don't buy copy protected software, except games, anymore. Onc

  • short sighted (Score:3, Interesting)

    by stratjakt ( 596332 ) on Thursday April 03, 2003 @06:03PM (#5656113) Journal
    You are all so quick to want to outlaw a technology because it has an application you dont like. But if someone else feels the same about a tech you do like, you all get up in arms over it.

    How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?

    Now, how many think DRM should never be implemented, because it can be used to restrict what you can do with a CD you bought?

    To me its the same issue. Technologies arent inherently evil, it's the uses they're put to.

    DRM technology with SSL strength security has some good uses.

    A content producer can have all his stuff locked tight with DRM while it's still in production, or use it on the screener films he sends to reviewers. If it isnt for sale yet, you have no right to any of it. It's merely protecting a trade secret.

    It can also be used to verify the authenticity of footages, lets say the doctored photo in Time magazine yesterday.

    It could be used to prove that the footage you see on TV is what was filmed by the digicam.

    It can be used in court to prove that the security footage from the 7-11 hasnt been altered in any way.

    It can be used to keep your nephew from stumbling across your pr0n collections.

    It already exists anyways. Noone stops anyone from streaming a netradio over an SSL tunnel, or archiving their files with a password.

    In short, preventing consumers from excersizing legitimate rights to use something they own is bad. DRM is not 'bad', DRM is a technology.
    • Dumb argument.

      DRM is a technology people use. It isn't bad.

      DRM is a technology preventing the use of other technology (and that is it's sole purpose). => DRM is bad.

      So either I'm making a mistake here or there is no way to make your argument stick ( logics first semester if you can prove something to be right and wrong with a certain set of assumptions, the argument cannot be used (under a "complete" set of assumptions this cannot happen) )

      Now, as others pointed out, DRM itself is a logical impossibi

    • Re:short sighted (Score:3, Interesting)

      by cpt kangarooski ( 3773 )
      Who wants to outlaw it?

      I'd NEVER suggest outlawing it. People should feel free to encrypt content as an aspect of their right of free speech.

      HOWEVER, I will fight tirelessly to DISCOURAGE it. For example, we could revoke the copyright of any work that the author et al released in an encrypted format.

      And we can refuse to legislate that people cannot break the protection; in fact we can offer them bounties for doing so, much as there is public financing of other sorts of information gathering such as diggi

  • Open Source, but not free source. (Score:3, Insightful)

    by mikeophile ( 647318 ) on Thursday April 03, 2003 @06:07PM (#5656145)
    Did anyone notice that it costs $50 to get the source code along with permission to modify and redistribute?

    From the site:

    Purchase of this product enables you to modify OGG-S decryption or encryption code and release your binary modifications to your users.

    • Of course, they screwed up the wording of that sentence. They are releasing the code under two licenses. One is the GPL, and you don't have to pay them for that license. The other license is a commercial license, which allows you to release a binary, with modifications, without the requirement of having to provide the source, and costs 50USD. So they should add something like "without having to provide the source" to the end of that sentence.
  • April Fools was two days ago guys...
  • While I am not likely to use DRM anytime soon, I think that this project goes a long way towards legitimizing open source in the commercial industry, where until now many might have seen open source as completely opposite to conventional business wisdom.

    Hopefully, this will be the impetus necessary to make Linux relevant on the home desktop front, as content providers will be able to deploy their music and video without having qualms about the ease with which their material could be distributed ad infinit

  • What does "OGG-S" Stand for? (Score:3, Funny)

    by Euphonious Coward ( 189818 ) on Thursday April 03, 2003 @06:26PM (#5656286)
    What is this "OGG-S" supposed to stand for? ("Ogg" itself, of course, isn't an acronym.) If I may hazard some guesses:
    • "Ogg's Goodies Gavel-Slammed"
    • "Ogg Gets Gonads-Suckage"
    • "Oggs Get Gut-Sliced"
    But of course you can do better.

  • Open Source and DRM are fundamentally incompatible (Score:5, Insightful)

    by Omega Hacker ( 6676 ) <omegaNO@SPAMomegacs.net> on Thursday April 03, 2003 @06:26PM (#5656287)
    I worked for a startup that was researching DRM heavily (I was doing streaming-media stuff, others were doing DRM, and the company rightly failed promptly), and have done a lot of thinking about the issues.

    Basically, OSS and DRM are mathematically incompatible. The purpose of DRM is to keep the user from being able to make a copy of the media in question. In order to do that, it must use encryption keys to hide the 'plaintext', and carefully control those keys. This is the core of what DRM is.

    In order to plug the equivalent of the 'analog hole', all existing DRM implementations are binary-only, and carefully control and conceal the data path between the encrypted data and the finaly output hardware, so that it's 'impossible' for the user to get the plaintext.

    As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.

    More important than that even is the fact that open-source licenses guarantee that you can redistribute your modifications. It will be a grand total of about 2.37 hours between initial release of the software and someone releasing a version that will export the plaintext. Guess how popular the original release will be?

    No, I think the results of this little experiment will be mixed good and bad:

    Good: it will prove that DRM is mathematically impossible

    Bad: it will 'prove' that the industry *must* use binary-only distributions of such software in order to make it work

    It remains to be seen which of these will take effect first.

    • Even binary-only implementations are vulnerable. Binary code may be hard to understand, but it's still understandable. Open source DRM is similar to the current implementation of Windows Media DRM in that it's software only, which means it may be broken by discovering the decryption key and algorithm. Only something like TCPA would make this very difficult.
    • Ah, but you can have open source DRM, and Fair Use rights too, if you bend the definition of what constitutes software and what constitutes data.

      First, while software released under a free license, like the GPL, has to be redistributed under specified terms, the data such software processes does not (in general -- there are a few exceptions where output of a GPL program contains GPL code, thus restricting redistribution of compilation of that code without the rest of the source -- which usually comprises

    • So, this is exactly the same problem with OpenSSH, and how anyone can decrypt a SSH session because the source is open... erm oh wait, it's not that easy. Just to throw in a phrase well all hate, but is applicalbe here... Please think OUTSIDE the box.
    • As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.

      The whole point of encrypting with known algorithms is that it is very hard to decrypt without the keys. I think you must have used a very weak algorithm. You don't release the keys anywhere, they must be hidden away as best you can. Of c

  • Maybee... (Score:3, Insightful)

    by lspd ( 566786 ) on Thursday April 03, 2003 @06:27PM (#5656300) Journal
    As bad as DRM sounds, maybee it's a blessing in disguise. No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products. When it's a choice between $200 for Office XP or $0 for OpenOffice rather than $0 for pirated Office 2K or $0 OpenOffice...if nothing else, the pricetag drives home the point that you need to at least TRY the alternatives.

    Maybee the same will be true for music...that once every commercial song comes with a pricetag, listeners will finally begin to see Creative Commons/Open Audio License/Public Domain music as a better value. Once the audience is there, musicians will surely follow.

    • We have to stop perpetuating this myth (Score:4, Insightful)

      by freeweed ( 309734 ) on Thursday April 03, 2003 @08:23PM (#5657192)
      No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products.

      Ok, so it's mostly Microsoft who spreads this one, but even some Slashdot users fall for it.

      You think product activation stopped XP piracy one iota? Think again. Cracked copies were floating around before it even hit retail shelves. Service pack 1, you say? Once again, within days of that debacle, a workaround even my parents can handle was available.

      People get their warezed XP the same way they got their warezed 2000, ME, 98, etc. Kazaa and its ilk are making it even easier.

      Know who product activation hurts? Not pirates, that's for sure. It hurts those of us who do anything more than install XP once, on one system, ever. Want to mirror your desktop's contents onto your laptop? Sorry. Have to re-install Windows? Sorry. Bought a new computer? Sorry. If you're lucky, you're only forced to upload some data to Microsoft. No internet? Hope you don't mind sitting on hold for a while. Past what Microsoft considers an acceptable amount of re-installs? Oh well, hope you have another $300.

      The University I attend gets free copies of Windows and Visual Studio for its CS students. I can get as many license keys as I want without paying. But, I still have to deal with Microsoft's insane activation scheme if I want to use XP. Instead, I just use 2000. One CD, and *I* get to choose how I use it.

      Know what most students are doing, to get around the hassle of activating XP so many times? That's right, downloading the cracked version. Guess what they're going to do once they're out of school and want the latest version of Windows?

  • Anyone care to bet (Score:2, Interesting)

    by leviramsey ( 248057 )

    ...that the open source DRM solution will quickly prove to be the best, most effective implementation of DRM?

  • Great, open source DRM! At last!

    My big issue with M$'s DRM solutions is the fact that they are closed source. This means that I can't check what happens to my personal information or whether the system contains any hidden "features" that I don't like.

    Open source DRM enables digital publishing for profit AND the user gets the peace of mind that there is NO SPYWARE or other fishy stuff going on in the background.
  • Open source digital rights management? What?! It's not still April 1st, is it?
  • The Internet Streaming Media Alliance [www.isma.tv] has released a spec for DRM that is vendor-neutral and involves no royalties.

    Not truly open source, but perhaps better than Windows of Real DRM,
  • Both Linux (proprietary modules tainting the kernel) and GCC (the GNAT frontend can check for source code license violations) already include DRM. But these DRM systems are advisory, and not compulsory.

    I think an advisory DRM system, combined with micropayment would be a nice thing, especially for free software. For example, your mail user agent could ask, "You are about to send this song to a friend. The artists suggest you donate them $0.50. Do you agree?". Too far-fetched? Maybe. But it's much mo

Slashdot Top Deals

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Close