taint.org: Justin Mason’s Weblog

• Dabble DB : looks like a web-based version of good old Filemaker
  (tags: dabble-db databases web db spreadsheets analytics groupware)

• retrocomputing hackers reminisce about the 1541 diskette drive : skip to the comment thread, it’s fantastic. I used to know lots of this stuff (via Donncha)
  (tags: via:donncha commodore-64 hacks 1541 disks copy-protection drm hardware hacking history retro c64)

• MPLC racketeering Irish playschools : the ‘Motion Picture Licensing Company’ sent a letter to 2,500 Irish playschools, demanding a fee of EUR3 per child to cover license fees for the kids watching DVDs. However, it seems they themselves hadn’t registered as required by law, so were acting illegally in issuing demands… oh the irony
  (tags: mplc racketeering law ireland dvds movies mpaa licensing copyright legal children kindergarten playschools)

• Komplett’s new Dublin pick-up point is open : routing around the Irish couriers and An Post’s brokenness by allowing customers to pick up their items directly. a shame this is necessary
  (tags: an-post delivery couriers dublin ireland komplett components pc hardware)

Tags: 1541, an-post, analytics, c64, children, commodore-64, components, copy-protection, copyright, couriers, dabble-db, databases, db, delivery, disks, drm, dublin, dvds, groupware, hacking, hacks, hardware, history, ireland, kindergarten, komplett, law, legal, licensing, movies, mpaa, mplc, pc, playschools, racketeering, retro, spreadsheets, via:donncha, web

I haven’t paid a whole lot of attention to the BBC’s “iPlayer” project, since, as a non-UK resident, I’m not allowed to use it anyway. But this interview at Groklaw with Mark Taylor, President of the UK Open Source Consortium, was really quite eye-opening. Here’s some choice snippets.

On the management team’s Microsoft links:

The iPlayer is not what it claimed to be, it is built top-to-bottom on a Microsoft-only stack. The BBC management team who are responsible for the iPlayer are a checklist of senior employees from Microsoft who were involved with Windows Media. A gentleman called Erik Huggers who’s responsible for the iPlayer project in the BBC, his immediately previous job was director at Microsoft for Europe, Middle East & Africa responsible for Windows Media. He presided over the division of Windows Media when it was the subject of the European Commission’s antitrust case. He was the senior director responsible. He’s now shown up responsible for the iPlayer project.

On their attempts to bullshit the BBC Trust on the cross-platform issue:

In the consultations that the BBC Trust made, there were 10,000 responses from the public. And the overwhelming majority of them, over 80% — which is an unheard-of figure in these kind of things — said, we don’t like the platform. We don’t like it being single-platform. So it’s a big issue. And the BBC Trust said to us, “Why the vehemence? Why have people reacted this way?” And I explained the ‘Auntie’ analogy. It’s people don’t expect that from the BBC. It’s got this huge history of integrity, doing the right thing, standing up to bullies. (laughter) They’ve done this for a very long time. And people find that it’s surprising. And they said, “Yeah, but,” you know, the BBC guys said, “Well, trust us. This is going to be cross-platform.” And we said, “Well, how? It’s completely single-platform.” They say that, but we haven’t been able to find anyone who’s been able to explain how they’re going to achieve that at the moment, even though they’re entirely locked into one single platform.

(aside: MS did this at one point with Internet Explorer — remember, there was some mystery team in Germany that supposedly had IE ported to Solaris, hence it therefore qualified as ‘cross-platform’.)

On the architecture of the product:

Q: it’s a Verisign Kontiki architecture, it’s peer-to-peer, and in fact one of the more worrying aspects is that you have no control over your node. It loads at boot time under Windows, the BBC can use as much of your bandwidth as they please (laughter), in fact I think OFCOM … made some kind of estimate as to how many hundreds of millions of pounds that would cost everyone [...]. There is a hidden directory called “My Deliveries” which pre-caches large preview files, it phones home to the Microsoft DRM servers of course, it logs all the iPlayer activity and errors with identifiers in an unencrypted file. Now, does this assessment agree with what you’ve looked at?

Mark Taylor: Yes.

Q: What are the privacy implications for an implementation like this?

Mark Taylor: Well, just briefly going back to the assessment thing, yes it does log precisely RSS and stuff like that and more importantly, anyone technically informed who’s had a look at it — even more importantly, the user’s assessment as well and — frankly horrified if you go and spend some time in the BBC iPlayer forums, it’s eye-opening to see the sheer horror of the users, some of them technically not — you know, relatively early-stage users — but when it gets explained to them by some of the longer-using users of it, it’s concentrated misery. (laughter)

[...]

it’s a remarkable thing with them as well, there’s a lot of pain going on in the user forums, and some of the main technical support questions in there are “how do I remove Kontiki from my computer?” See, it’s not just while iPlayer is running that Kontiki is going, it’s booted up. When the machine boots up, it runs in the background, and it’s eating people’s bandwidth all the time. (laughter) In the UK we still have massive amounts of people who’ve got bandwidth capping from their ISPs and we’ve got poor users on the online forums saying, “Well, my internet connection has just finished, my ISP tells me I’ve used up all of my bandwidth.”

Q: It uses up their quota, but they can’t throttle it, they can’t reduce it –

Mark Taylor: No, they can’t throttle it. [...] It’s malware as well as spyware.

And to top this off, there’s a (frankly insane) budget of UKP 130,000,000 to build this — that’s $266,000,000 — for something that could be built better by just hiring the guys behind UKNova and simply negotiating with the rights-holders directly.

Holy crap. Talk about a technical disaster masquerading as a solution to a business problem…

Tags: bbc, bbc-trust, beeb, drm, iplayer, linux, microsoft, open-source, pain

Here’s an excellent quote from the OpenGeoData weblog, really worth reproducing:

”We think the natural tendency is for producers to worry too much about protecting their intellectual property. The important thing is to maximise the value of your intellectual property, not to protect it for the sake of protection. If you lose a little of your property when you sell it or rent it, that’s just a cost of doing business, along with depreciation, inventory losses, and obsolescence.” — Information Rules, Carl Shapiro and Hal Varian, page 97.

Words to live by!

Tags: carl-shapiro, drm, hal-varian, intellectual-property, ip, open-culture, open-source, property

So, Google have invented their own DRM, apparently. I’m keen to find out more details; Techdirt and Plasticbag.org are so far the only places I can find in the blogosphere to discuss it in any detail.

One tidbit worth noting from the LA Times coverage:

The Google copy-protection software also imposes a big restriction: The CBS shows, NBA games and other material protected by the software can be watched only on a computer that’s connected to the Internet.

“I think it’s going to be a problem,” said Li, the Forrester analyst, adding that Google executives told her they were trying to fix it.

That’s interesting. In my opinion, given that quote, I’ll bet Google’s DRM is something similar to the copy-protection systems used for many games since about id’s Quake 3 and Valve’s Half-Life; an online “key server” which validates codes, tracks player IDs, and who’s viewing what, “live”, as the video is cued up and played.

Some more info on the Half-Life WON authentication system can be found in this GamaSutra article; subscription required — try viewing this google-cache version with Javascript off if you don’t have a sub. That’s historical now, of course, since that WON system has been replaced by a new auth protocol as part of Valve’s ‘Steam’ system.

The key factor is the network, separating the dangerous, untrustworthy user machine from the trusted key server. Since the online key server can act as a platform for trusted, known-insubvertable code to run, along with the video server, both being under Google’s control, it’s actually possible to build reasonably solid DRM on this model. That’s as opposed to the usual case, where a reasonably determined teenager can break it in a week of school-nights. ;)

Anyway, that’s speculation. It remains to be seen if they’ve come up with something along the lines of WON authentication — and if it’s still easily subvertable or not.

Update: Aristotle Pagaltzis has a pretty good point in the comments:

Watching video, unlike playing a multiplayer game, is not an activity that inherently requires connecting to a server. Playing a multiplayer game, OTOH, inherently is.

So cracking a multiplayer game’s key check is fruitless, because then you can’t play online anymore, which was the whole point of the game in the first place. In contrast, a video player with a cracked key check still fulfills its purpose just fine.

I think he’s right. That’s a key point, demonstrating how WON authentication still can’t help — media playback, as a task, is itself fundamentally crackable.

Tags: authentication, dont-be-evil, drm, google, google-drm, half-life, tv, video, won

On saturday, I spent a little time trying to work out how to give Steve Jobs my money; more accurately, I wanted to get some way to buy music from the iTunes Music Store from my Linux desktop, and this isn’t as easy as it really should be, because the official iTMS is a mess of proprietary Mac- and Windows-only DRM-laden badness.

Here’s a quick walkthrough of how this went:

• install iTunes in my VMWare Windows install
• sign up for iTMS, and give Apple all my personal info, including super-s3kr1t card verification codes, eek
• buy a song
• find the DRM’d file in the filesystem; it’s an .m4p file, and xine doesn’t seem to like it
• do some googling for ‘iTunes DRM remove linux’; that leads to Jon Lech Johansen’s JusteTune
• download and run JusteTune installer
• get obscure hexadecimal error code dialog. hmm! what could that mean?
• download and run .NET runtime, link on JusteTune page
• rerun JusteTune — it works this time
• select Account -> Authorize, enter login info
• drag and drop file — it’s decrypted!

So, that yields a decrypted AAC file, which I can play on Linux using xine. That’s the hard part done!

However, I want to play my purchases in JuK, the very nice iTunes-style music player app for KDE.

While the gstreamer audio framework supports playback of AAC files with the gstreamer0.8-faad package (’sudo apt-get install gstreamer0.8-faad’), JuK itself can’t find the file or read its metadata, so it doesn’t show up in the music collection as playable. I don’t want to go hacking code from CVS into my desktop’s music player — possibly the most essential app on the desktop — so transcoding them to MP3 seems to be the best option.

Somebody’s already been here before, though — that’s one of the benefits of being a late adopter! Here’s a script to convert .m4a files to .mp3 using the ‘faad’ tool (’sudo apt-get install faad’).

During this work, I came across Jon Lech Johansen’s latest masterwork — SharpMusique, a fully operational native Linux interface to the iTMS. Building on Ubuntu Hoary was a simple matter of tar xvfz, configure, make, sudo make install, and it works great — and automatically de-DRMs the files on the fly as it downloads them! Now that’s the way to enjoy the iTMS on Linux, at least until Apple’s engineers break it again.

Update, May 2006: Apple’s engineers broke it. Thanks Wilfredo ;)

End result: a brand new, complete, high-quality copy of Dengue Fever’s new album, Escape From Dragon House. Previously I’d only had a couple of tracks off this, so I’m now a happy camper, music-wise.

BTW, I was also considering trying out the new Yahoo! Music Store, but it too uses fascist DRM tricks and is platform-limited, and I’m not sure how breakable it is. On top of that, the prospect of not being able to try it out before handing over credit-card details put me off. As far as I can see, I can’t even look up the albums offered before subscribing. All combined, I’ll stick with iTMS for now.

Tags: apple, drm, internet, itunes, linux, software

This is pathetic. As noted in the link-blog a couple of days ago (as well as everywhere else), TiVo’s new DRM features have been spotted ‘in the wild’, protecting the valuable Intellectual Property that is Family Guy and Simpsons reruns.

The icing on the cake is that TiVo have come up with a hilarious hand-wavy explanation — apparently it was line noise. Marc Hedlund of O’Reilly and Cory Doctorow are having none of it, and rightly so; as a bonus, Cory asked a group of DRM experts, who ‘burst into positive howls of disbelief’ that line noise could corrupt the DRM bits and the corresponding checksums to match.

From my angle, though, there’s another noteworthy factor:

“During the test process, we came across people who had false positives because of noisy analog signals. We actually delayed development (of the new TiVo software) to address those false positives.” (– Jim Denney, director of product marketing for TiVo)

Interesting use of the term ‘false positive’ there. Sounds more like a good old-fashioned bug if you ask me ;)

Anyway, I’m glad I went for the home-built option. It was pretty obvious that TiVo are in the cross-hairs, and their product is only going to get worse as the DRM industry push harder…

Tags: cory, couple, drm, family, intellectual, line, noise, product, property, tivo

Copyright: Cory Doctorow’s DRM talk presented to MS research yesterday. This is a fantastic introduction to the issues regarding DRM; if you know someone who isn’t convinced that DRM is A Bad Thing, this is the argument they need to read.

OSes: /.: France Considers Open Source. The usual arguments are going on in the comments, but some people still insist that they get better support from MS than from Linux vendors.

What planet are they on? Because it would have been handy for me to live there, on the occasions in the past where I’ve had to develop code on MS platforms, and administer networks of Windows PCs. In my experience, you do not get support from Microsoft. Instead, you do what you do with Linux — go searching on Google, read MSDN, or post in the MSDN forums.

As far as I can see, there’s zero difference between doing that with Windows, and doing exactly the same thing with Red Hat — except in the latter case, you can turn up debug logging through a documented API or switch, use the source and fix it yourself, find the original developers and post a message to their core -dev list, or even ask them personally.

Where’s this amazing support? Maybe the companies I’ve worked for just weren’t paying enough, and therefore weren’t significant blue-chip customers. Or maybe it’s because we weren’t based in the US, and so got support from less-skilled, less high-priority staff in a regional office. But I’ve certainly never experienced the support these advocates claim MS offers, which makes me think it’s FUD as usual.

Tags: copyright, cory, doctorow, drm, linux, msdn, source, support, talk, thing, windows

Tech: … nearly. The Sony Reader EBR-1000EP. 170 pixels-per-inch is a nice resolution, and in general it looks very cool, esp. considering the E-Paper aspects (ie. looks like paper, back-lighting not required, easier to read). However – never mind that it’s only available in Japan so far, even once it becomes available in the US, its pricing structure is moronic:

All three of the Impress Watch articles say it will cost around 40,000 yen - approximately $400 USD. And this is just for the reader, subscribing to the e-book service costs $5-10/month. They do, however, have the option of just purchasing single books for 350 yen, about $3.25.

Dammit — I don’t want e-books and their DRM and lock-in — I just want a HTML viewer like Plucker or iSilo, so I can use Sitescooper!

Also, it’s not yet foldable. Once I can fold up the reader into a little ball in my pocket, then fold it out again into an A4-sized ‘page’, I’ll be a happy man.

Still, getting there — let’s hope they get a clue and kill off that DRM. Otherwise, I can’t see myself buying one, even once the price comes down.

Funny: (in a geeky way): mentioned on LWN — ‘granted, drawing circles w/ GIMP is a bit like finding 2 + 2 by evaluating the integral of 2dx over the range 0..2.’

(jm: worth noting that the same applies for Photoshop, for that matter – in this respect GIMP has emulated Adobe’s ‘you need to buy Illustrator to do that’ attitude. That’s really quite bizarre when you think about it. Wonder if GIMP 2.0 fixes that?)

Tags: aper, drm, ebr, esp, gimp, mind, paper, reader, resolution, sony, tech