Re: My Tunes

1

Ogged, the guy who wrote that piece for the Register is a troll of some standing. For what it's worth, waxy.org links to a parsing of the numbers which notes that they aren't seasonally adjusted.


Posted by: snarkout | Link to this comment | 12-12-06 2:16 PM
horizontal rule
2

CDs are a pain in my keester

How is this possible?


Posted by: Cryptic Ned | Link to this comment | 12-12-06 2:18 PM
horizontal rule
3

Also, are you familiar with eMusic? They sell MP3s without DRM on a k-dollars-gets-you-n-tracks-per-month basis.


Posted by: snarkout | Link to this comment | 12-12-06 2:19 PM
horizontal rule
4

I dunno man -- what do you do when your burn a (DRM'ed version of the) CD for a friend, and then that friend shares the music with others online? But the RIAA comes knocking on your door?

Anyway, this is all moot. Watermarking is a dead letter. This is something that I believe, but I also believe I could be wrong.


Posted by: arthegall | Link to this comment | 12-12-06 2:20 PM
horizontal rule
5

CDs are a pain in my keester

How is this possible?

omg, you probably still fax documents.


Posted by: sam k | Link to this comment | 12-12-06 2:21 PM
horizontal rule
6

what do you do when your burn a (DRM'ed version of the) CD for a friend, and then that friend shares the music with others online?

Well, exactly. This is what the RIAA wants to discourage, right? At the very least, you'd share music with far fewer people. That seems fair.


Posted by: ogged | Link to this comment | 12-12-06 2:23 PM
horizontal rule
7

Since the geeks hijacked a fun thread, I suggest all y'all retalliate here.


Posted by: Becks | Link to this comment | 12-12-06 2:24 PM
horizontal rule
8

I rip all my CDs (to ogg, natch, but maybe when I get that sweet octillion-terabyte storage up I'll switch to flac) immediately, so the only pain is storing them.

eMusic is pretty sweet.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 2:24 PM
horizontal rule
9

4: iTunes does somehow tie the purchase to a particular user, but burning the music to a CD and then ripping it back onto one's computer (even using iTunes to do so) apparently erases this association.


Posted by: sam k | Link to this comment | 12-12-06 2:25 PM
horizontal rule
10

9: but then you take an already too lossy file, and further degrade it. Much better to buy a CD and rip it; better quality all round. Not much good if you only want one track, I guess.


Posted by: soubzriquet | Link to this comment | 12-12-06 2:27 PM
horizontal rule
11

Why not, instead of limiting the uses of a file, encode each file with a code that identifies the purchaser? This would be pretty simple, right? It's like signing a file with your public key, no?

Sure. But how are you going to prevent people from removing the signature? And even if you did, people would be insane to buy music from your store; any scheme where buying music exposes you to more potential legal liability than 'stealing' it is doomed.


Posted by: neil | Link to this comment | 12-12-06 2:28 PM
horizontal rule
12

Ripping is a pain, all the more if you have to download, burn, then rip.

You know, Ben, I was ripping everything to ogg for a while, but finally decided that mp3 sounded a tiny bit better at a similar file size.


Posted by: ogged | Link to this comment | 12-12-06 2:28 PM
horizontal rule
13

people would be insane to buy music from your store

I don't think so, because then I could play it on an ipod, or on a non-apple player, or on any old computer, or burn it to CD or convert it to some other format when I change any of my equipment, etc. Things I can't necessarily do with non-watermarked, DRMed files.


Posted by: ogged | Link to this comment | 12-12-06 2:30 PM
horizontal rule
14

7 -- still bitter about the loss of the Ygglz-likes-to-beat-up-old-people thread? (That was only a loss to people who don't enjoy making jokes about the word "curry")

Or is this something else?


Posted by: arthegall | Link to this comment | 12-12-06 2:31 PM
horizontal rule
15

10, Eh, I was only mentioning that for arthegall's edification.

I personally use iTunes and share ogged's concerns, but, as I don't move or share music often, I get by.

Reasons to prefer iTunes to CDs:
1) It's cheaper
2) It's now


Posted by: sam k | Link to this comment | 12-12-06 2:32 PM
horizontal rule
16

Ripping is a pain, all the more if you have to download, burn, then rip.

I just use an old version of ripoff, slightly hacked up to better suit my needs and extend customizability (though those things have probably been taken care of in more recent versions, despite that the project's moribund), and, if freedb has incorrect/no data, this handy-dandy script, which does the wrong thing in one rarely-occurent circumstance but is otherwise pretty useful.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 2:34 PM
horizontal rule
17

(That was only a loss to people who don't enjoy making jokes about the word "curry")

And who cares about THEM?


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 2:37 PM
horizontal rule
18

Yeah, I use Audiograbber, which is just fine for what I need. Still a pain.


Posted by: ogged | Link to this comment | 12-12-06 2:38 PM
horizontal rule
19

15 -- I know that burning-then-ripping CDs erases the DRM info... the CD format was designed in pre-DRM-consideration days, and it's a known hole in the scheme as it stands. The parenthesized clause in (4) was meant to suggest a possible future in which the CD format has been replaced by something that does encode DRM info, and everyone has had their arms twisted enough to buy hardware that respects those flags, etc etc.


Posted by: arthegall | Link to this comment | 12-12-06 2:40 PM
horizontal rule
20

w-lfs-n has never been known to lose an argument.


Posted by: arthegall | Link to this comment | 12-12-06 2:41 PM
horizontal rule
21

Lois, my great grandmother's name, has not made the top 1000 since 1983. I predict that it will make it into the top 5 the exact year that I am ready to use it.


Posted by: sam k | Link to this comment | 12-12-06 2:41 PM
horizontal rule
22

I ban myself for 21.


Posted by: sam k | Link to this comment | 12-12-06 2:42 PM
horizontal rule
23

I dunno ogged, I think "Sign up for our service -- it's better because we can sue you" wouldn't go over that well.


Posted by: neil | Link to this comment | 12-12-06 2:45 PM
horizontal rule
24

20: This is untrue.


Posted by: apostropher | Link to this comment | 12-12-06 2:45 PM
horizontal rule
25

Impose a Noncommercial Use Levy to Allow Free Peer-to-Peer File Sharing

I'm also open to slight variations on this, but it's at least correct in outline.


Posted by: washerdreyer | Link to this comment | 12-12-06 2:47 PM
horizontal rule
26

w-lfs-n has never been known to lose an argument.

You mean, "w-lfs-n never knows when he's lost an argument."


Posted by: ogged | Link to this comment | 12-12-06 2:55 PM
horizontal rule
27

26 -- It could hardly be called currying then, could it?


Posted by: arthegall | Link to this comment | 12-12-06 2:56 PM
horizontal rule
28

It's like neil said: signing a file but otherwise not restricting it with DRM won't help, because if you have the signature you can un-sign it -- which would be necessary to play it, anyway. You could stick other tokens in there, but it seems likely that they'd be able to be stripped out. If you want protection you have to restrict how the file is played rather than just how it's stored — the longer the path between the protective measure and speaker, the easier it is to extract a perfect digital copy and redistribute it without fingerprints. Obviously DRM currently can't prevent this from happening, but your system would make it easier.

Plus there are some practical concerns: signing all those files would require a ton more CPU power from vendors like iTunes. Loading your digital signature onto all of your music-playing devices would be a huge pain in the ass (imagine entering a key through a car stereo interface). And the industry would probably still insist on restricting the number of devices that could be assigned to one key in order to prevent groups of people from purchasing music collectively.


Posted by: tom | Link to this comment | 12-12-06 3:00 PM
horizontal rule
29

Your system would potentially be good for discouraging casual piracy. But I'd hate to be the kid who gave a copy of a Britney Spears track to one friend, only to have it then become the canonical pirated copy on the internet.


Posted by: tom | Link to this comment | 12-12-06 3:02 PM
horizontal rule
30

which would be necessary to play it, anyway

Wait, why?


Posted by: ogged | Link to this comment | 12-12-06 3:02 PM
horizontal rule
31

Maybe there isn't any good DRM system, and the solution is to just do what eMusic (an excellent service) does. Somehow I doubt that this would have much impact on the amount and quality of music that is released.


Posted by: Matt F | Link to this comment | 12-12-06 3:07 PM
horizontal rule
32

in addition to eMusic there is also Magnatune which sells unencumbered mp3s at $5 for and album (and 50% of profits going to artists). They don't have well known artists, but some of the stuff on there is very good.

They seem to use the guilt trip method: "we actually share profits with artists, and don't use DRM, please buy from us. Pretty please?" I should note that I have successfully been guilted.


Posted by: MaxPolun | Link to this comment | 12-12-06 3:09 PM
horizontal rule
33

I assumed you meant signed in the cryptographic sense -- that the whole file's encrypted with a private key then distributed by an individual with a known public key. You can verify the file's origin by successfully decrypting it.

But I guess you meant this more from a normal public key perspective, where users would give iTunes their public key and get an encrypted file. Same deal: once they decrypt it, they can go nuts and grab the perfect digital audio.

If you're saying that only part of the file is signed, then what's to stop someone from grabbing the unencrypted part and dropping it into an unprotected version of the file format?


Posted by: tom | Link to this comment | 12-12-06 3:13 PM
horizontal rule
34

Somebody in D.C. offered me a free 50 song download card for eMusic but I turned it down because I don't use it. If only I remembered who it was, I could tell Matt F.

My one chance to play matchmaker and I blow it!


Posted by: Becks | Link to this comment | 12-12-06 3:14 PM
horizontal rule
35

Ah! It was Spencer.


Posted by: Becks | Link to this comment | 12-12-06 3:15 PM
horizontal rule
36

Tom, I don't think ogged meant that the signing would encrypt it. The song would still play, it would just be marked as a "stolen" file, for later prosecution. The only way that would work is to have it actually incorporated into the file, rather than being tagged on (if that makes any sense), but I'm not sure if that's something real.


Posted by: Matt F | Link to this comment | 12-12-06 3:16 PM
horizontal rule
37

Leo and at least one other prominent free jazz/improv/etc label (not, alas, Hat Hut & relatives) sells mp3s, flacs, and oggs direct from their website. Atavistic used to, too, I think, but now I see that they're one emusic.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 3:17 PM
horizontal rule
38

Apparently Becks is matching me up with Spencer. Interesting.


Posted by: Matt F | Link to this comment | 12-12-06 3:17 PM
horizontal rule
39

Also: I would certainly appreciate such a card.


Posted by: Matt F | Link to this comment | 12-12-06 3:18 PM
horizontal rule
40

36: right, that's what I was thinking. You can play and share it any old way you like, but it would have your name on (in) it.


Posted by: ogged | Link to this comment | 12-12-06 3:25 PM
horizontal rule
41

How would your name be incorporated into the file? Noise in the signal? A fancy compression algorithm that incorporates random strings into the result without degradation to sound quality?


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 3:28 PM
horizontal rule
42

41: it would have to watermark, yes. So it is both going to degrade the signal and can be defeated fairly easily. More robust will give more degradation.

I'm fairly convinced there isn't a good DRM system possible, let alone plausible.


Posted by: soubzriquet | Link to this comment | 12-12-06 3:30 PM
horizontal rule
43

36: You can stick things into files and then not program iTunes to get at them, but you really can't prevent someone from reading or changing any particular part of a file -- a hex editor will always let you have your way with it.

So you have to make the file unplayable if it's marked incorrectly or not at all. There are two ways to do that: put code into the thing that plays it that checks the mark against a central database of marks periodically or whenever you want to play it. It's hard to force people to use your player, though, and this requires a net connection. The alternative is to encrypt the music in a way that's based on the mark.


Posted by: tom | Link to this comment | 12-12-06 3:35 PM
horizontal rule
44

It's hard to force people to use your player, though

Hasn't Apple done more or less exactly that? As far as I know I can't play their aac or m4a or whatever the hell they're called files with audacious.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 3:37 PM
horizontal rule
45

I posted 43 before seeing the steganographic approaches suggested by Ben and soubrizquet. That might work okay (and would certainly be neat), but it'd probably be pretty easy to strip out.


Posted by: tom | Link to this comment | 12-12-06 3:37 PM
horizontal rule
46

Hasn't Apple done more or less exactly that? As far as I know I can't play their aac or m4a or whatever the hell they're called files with audacious.

AAC isn't an Apple format. It's pretty much the same as mp3, in that you need to pay to license it for a player, but anyone can do that. I'm pretty sure the reason it isn't as widely supported is just that it's newer.


Posted by: Matt F | Link to this comment | 12-12-06 3:43 PM
horizontal rule
47

44: Well, sort of, since the encryption approach implies specialized players, too -- its advantage is that it forces people to use your player. AAC can be unencrypted too. Apple encrypts it, though. In practice the force-everyone-to-use-your-player approach is unworkable without adding encryption, too. Realplayer might be a counterexample, though -- I'm not sure.

And AAC isn't an Apple-only format, it's true. But it exists in both encrypted and unencrypted flavors. Apple uses the former.


Posted by: tom | Link to this comment | 12-12-06 3:44 PM
horizontal rule
48

Apple encrypts it

Just in the iTunes music store though, right? It's not encrypted if you rip a CD through iTunes.


Posted by: Matt F | Link to this comment | 12-12-06 3:46 PM
horizontal rule
49

48: this is true.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 3:48 PM
horizontal rule
50

Put this in your geek pipes and smoke it:

www.ohmibod.com/overview.html


Posted by: Sir Kraab | Link to this comment | 12-12-06 3:50 PM
horizontal rule
51

Obviously the Faust/Tony Conrad collab would be perfect with that.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 3:58 PM
horizontal rule
52

related


Posted by: tom | Link to this comment | 12-12-06 4:00 PM
horizontal rule
53

Ok, maybe I'm dense. Can someone explain to me: here in the little GPG-Shell app that's running on my system, I have separate options to Encrypt a file and to Sign a file. If I sign a file, then you know it's mine, right? It's not trivial to remove my signature without changing the file itself, is it? I was thinking that when you buy a song, it would be "signed" in roughly this way, such that you can do whatever you want with it, but it would be identifiable as yours. I'm missing something, right?


Posted by: ogged | Link to this comment | 12-12-06 4:04 PM
horizontal rule
54

I think they're parallel operations, and the difference is just whether you use your public or private key. If you encrypt a file with your private key, then anyone can decrypt it with your public key, and since they used your public key, they know it's yours. If you encrypt something with your public key, anyone could decrypt it with your private key—but of course your private key is private.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 4:07 PM
horizontal rule
55

But is "signing" the same as "encrypting?" I thought not.


Posted by: ogged | Link to this comment | 12-12-06 4:11 PM
horizontal rule
56

If I'm right, then signing = encrypting with private key.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 4:14 PM
horizontal rule
57

Ben's right. Signing is encryption with the private key instead of the public.

I believe you can do this by encrypting the whole file or, more frequently, just a part of it. In those latter cases where only part of the file is signed (a hash of the rest of it, maybe) the player will generally let you use the unencrypted portion whether or not the signature's verified -- it just spits out a warning if the sig can't be verified.

But presumably the record companies wouldn't want to leave that avenue open, since it'd mean you could just randomly scramble the signature and then redistribute the file without fear of getting caught. Making the player require a signature wouldn't work -- it'd be easily beaten. They'd have to encrypt the file's payload, too.


Posted by: tom | Link to this comment | 12-12-06 4:20 PM
horizontal rule
58

a) I am so delighted to discover that OGG is a file format. And even more charmed that Ogged used it but stopped.

b) 42 -- I wonder if its possible to mathematically prove that in a world where people want to be able to move their files around on all devices they use AND make mix tapes for friends there's no good way to mix DRM with keeping people happy. . ..


Posted by: Saheli | Link to this comment | 12-12-06 4:22 PM
horizontal rule
59

Well, shit.


Posted by: ogged | Link to this comment | 12-12-06 4:22 PM
horizontal rule
60

A question from a some one with few tech smarts:

emusic was mentioned above. That site trades in mp3 files. How does one get an i-pod to play such files?


Posted by: Keith G | Link to this comment | 12-12-06 4:46 PM
horizontal rule
61

One needn't do anything special at all to get an iPod to play mp3s, other than put the mp3s on the iPod.


Posted by: ben w-lfs-n | Link to this comment | 12-12-06 5:10 PM
horizontal rule
62

56,57: no, signing and encrypting are different operations. They can use the same crypto system though.

When you sign something with a public-private key cryptosystem, it stays in plaintext, but the associated signature works only (roughly speaking) with that file. So you sign with your private key, and people test with your public key. If anyone changes the message, the signature doesn't match anymore. So signing is a way of establishing identity and/or detecting and protecting against modifying things.

Encryption, on the other hand, uses the same two keys but renders the output encrypted so that you can't decrypt it without a key.


Posted by: soubzriquet | Link to this comment | 12-12-06 5:22 PM
horizontal rule
63

57 is particularly misleading. You never encrypt with your own public key for any operation. Other people might, but you never do.


Posted by: soubzriquet | Link to this comment | 12-12-06 5:24 PM
horizontal rule
64

Sorry, you're right, I screwed that up. In my mind signing is "like encrypting, except backward". But the backward part is whose key you use, not which type of key you use.

But I think the rest of my 57 is correct. The record companies couldn't rely on signing because you can't force users to ignore unsigned files, or prevent them from removing signatures from unencrypted files.


Posted by: tom | Link to this comment | 12-12-06 5:40 PM
horizontal rule
65

60 - What 61 said. In particular, you import them into iTunes and then use iTunes to load them onto the iPod. (There are other ways but none that someone asking this question would care about.) MP3 files don't need anything done to them to work on your iPod, they just have to get onto the device.


Posted by: snarkout | Link to this comment | 12-12-06 6:04 PM
horizontal rule
66

64: Yeah, that part doesn't work for record companies, I agree.


Posted by: soubzriquet | Link to this comment | 12-12-06 6:52 PM
horizontal rule
67

bah. I'm being pedantic. I ban myself (more successfully this time)


Posted by: soubzriquet | Link to this comment | 12-12-06 7:25 PM
horizontal rule
68

Nah, you're just correcting those of us who slip into being pedantic without actually being clear on what we're talking about. Bans all around!


Posted by: tom | Link to this comment | 12-12-06 7:42 PM
horizontal rule
69

Banns all around!


Posted by: I'm engaged | Link to this comment | 12-12-06 8:09 PM
horizontal rule
70

Then, if that file shows up on some file sharing service, prosecute.

Prosecute for what? Couldn't I just claim that someone broke into my house and downloaded all my music, or that someone was parked near my house with a WiFi receiver while I was transmitting that song to a wireless-enabled stereo? I don't see how you can show that I did anything wrong.

It also seems to me that a good defense lawyer with a little technical coaching would have no problem establishing "reasonable doubt" about the trustworthiness of a digital watermark.


Posted by: Bob Munck | Link to this comment | 12-12-06 9:05 PM
horizontal rule
71

70: Can't defendants in cases brought by the RIAA make similar claims about open wifi access points right now? I've heard this defense suggested on Slashdot an awful lot, but I haven't read about anyone actually using it. I suppose it may just be the cost of litigation that has prevented anyone from taking this particular gamble. But I suspect there are other reasons — I kind of doubt a court would go for it (maybe the lawyers can chime in). We're talking about a civil proceeding, after all. Possible worlds carry even less weight than usual.


Posted by: tom | Link to this comment | 12-12-06 11:16 PM
horizontal rule
72

I haven't read about anyone actually using it

I have! Just a few weeks ago. The RIAA dropped the charges. I'll do a quick google.


Posted by: ogged | Link to this comment | 12-12-06 11:20 PM
horizontal rule
73

Can't find the one I saw, but there's this and in the midst of a long and detailed post, there's this:

****

In Priority Records v. Candy Chan, a Michigan case, the RIAA initially refused to withdraw the case against a mother who clearly had not herself engaged in file sharing, but then changed its mind and did discontinue the case when faced with the mother's motion for summary judgment and attorneys fees.

A scenario similar to that in Priority v. Candy Chan occurred in Capitol v. Foster, in Oklahoma, where the RIAA withdrew only when faced with the mother's motion for summary judgment and attorneys fees. The judge let the RIAA drop its case, but held that the 'voluntary' withdrawal did not make the RIAA immune from legal fees, and indicated that he may award the mother her attorneys fees. Ms. Foster has made a motion for attorneys fees, and was supported in her motion by an amicus curiae brief submitted by the American Civil Liberties Union, the Electronic Frontier Foundation, the American Association of Law Libraries, Public Citizen, and the ACLU Foundation of Oklahoma. In their brief the 'friends of the court' told the judge that "the RIAA has wrought havoc in the lives of many innocent Americans" and that an award of attorneys fees is necessary to deter such conduct in the future. Meanwhile the RIAA has asked the judge not to accept the amicus brief.

In another Oklahoma City case, Warner v. Stubbs, the defendant -- represented by the same lawyer who represented Debbie Foster -- filed an answer and counterclaim saying that the RIAA's tactics amounted to extortion. The very next day the RIAA moved to withdraw its case.

In Virgin Records v. Tammie Marson, a California case, the RIAA voluntarily dismissed its case when confronted with the impossibility of determining who used defendant's computer.

A Georgia case, Atlantic v. Zuleta, in which defendant had a wireless router, the IP address was connected to a wireless router, and the defendant's roommate's first name was the same as the screen name, the case was discontinued "without prejudice".

Elektra v. Wilke, in Chicago, was withdrawn after Mr. Wilke made a summary judgment motion. See Summary Judgment below.


Posted by: ogged | Link to this comment | 12-12-06 11:32 PM
horizontal rule
74

Sure, you can use the fact that you have an open access point as a defense against the RIAA... at which point you get sued by your broadband provider, because providing an open access point is a violation of your Terms of Service.


Posted by: Josh | Link to this comment | 12-12-06 11:32 PM
horizontal rule
75

you get sued by your broadband provider, because providing an open access point is a violation of your Terms of Service

Has this ever happened to a home user?


Posted by: ogged | Link to this comment | 12-12-06 11:37 PM
horizontal rule
76

That anyone's actually gotten sued? Not that I could find in a cursory Google check. People have gotten nastygrams from their broadband providers, though, and there's at least one case of Time Warner suing an apartment complex.


Posted by: Josh | Link to this comment | 12-12-06 11:43 PM
horizontal rule
77

not all broadband providers sue their customers as a first resort. speakeasy actually encourages the sharing of bandwidth, if their customer chooses to do so.


Posted by: paul | Link to this comment | 12-13-06 10:08 PM
horizontal rule