AACS Revision Cracked A Week Before Release

stevedcc writes "Ars Technica is running a story about next week's release of AACS, which is intended to fix the currently compromised version. The only problem is, the patched version has already been cracked. From the article: 'AACS LA's attempts to stifle dissemination of AACS keys and prevent hackers from compromising new keys are obviously meeting with extremely limited success. The hacker collective continues to adapt to AACS revisions and is demonstrating a capacity to assimilate new volume keys at a rate which truly reveals the futility of resistance. If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'"

waste of time

[ILuvRamen]

If they put this much effort into making crappy movies not suck instead, they'd save a lot more money than trying to control every customer's lives

Re:waste of time

[luckingfame]

There was a great quote by Robe Zombie about those anti-piracy commercials in the movie theatres that were running for a bit. "I'm sitting in the movie theatre, what more do you want?!?"

Re:waste of time

[Rob T Firefly]

The best response ever to that ad comparing piracy to theft, beginning with "You wouldn't steal a car..." is posted here. [b3ta.com]

Re:

[HTH NE1]

The best response ever to that ad comparing piracy to theft, beginning with "You wouldn't steal a car..." is posted here [b3ta.com].

Mmm, OK for a one-liner. I prefer to be a bit more creative [slashdot.org].

Re:waste of time

[Dogtanian]

There was a great quote by Robe Zombie

Is that like a zombie that eats dressing gowns and kimonos?

Re:waste of time

[l_bratch]

The most confusing thing about the anti-piracy ads in cinemas (in the UK at least) is that they say something like:

"Don't watch pirated films - you'll lose the big screen image quality, and the incredible sound, and your view won't be spoiled by the person that goes to the toilet in front"

Whilst saying that last bit, they show a clip from a dodgy in-cinema cam job where somebody stands up in front of the camera.

What they fail to realise is that people do that in the cinema!

Are they for or against piracy, then?

[SanityInAnarchy]

In the actual cinema, someone's going to get up and go to the bathroom, whereas in actual pirated movies, they aren't.

In fact, isn't that why we have the DMCA and DRM? Because they're so fucking terrified of a perfect 1:1 copy (DVD ISOs)?

Re:waste of time

[TheRaven64]

In my local cinema, the sound quality is pretty poor (stereo only on most screens, and some muppet has done strange things to the equaliser that heavily emphasise the bass), and the image is slightly blurred and full of little flickers where dust has got into the film.

A DVD and a home projector and surround sound system give much better video and audio quality, don't have adverts, and can be paused when you want to get up and go to the toilet in the middle. For the price of two of you going to the cinema, you can buy a DVD and renting is even cheaper.

The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD. If they did simultaneous releases, then I would expect to see piracy fall a lot. Mind you, I'd also expect to see most cinemas go out of business...

Re:waste of time

[TheWoozle]

What DVDs have *you* bought lately? Mine have all come with 10 freakin' minutes of advertisements at the front that can't be skipped!

Re:

[Lumpy]

If you have a older DVD player that is decent quality.

Press upon insertion of the disc and it has identified it.

Stop-Stop-Play

the movie should start and bypass all the crap. Newer dvd players disabled this feature as well as most Disney DVD's as they play tricks when they make the discs.

Better yet, get AnyDVD and rip the movie to a recordable and store away the expensive DVD origional.

that way you have benefits of being a violent felon!

Re:waste of time

[Grishnakh]

You can always buy higher-quality DVDs on Ebay from sellers in Malaysia. These DVDs are better than the store-bought versions since they don't have commercials, and can play on any region player.

Unobtainium should be free

[HTH NE1]

The only still-extant reason for downloading is that it takes so long for films to get from the cinema to DVD.

No, there are other reasons. One is that the movie is out of print in all regions, unavailable for rent, rare enough that no one is selling it used, and so encumbered with conflicting publication rights that it will never again be republished unless it manages to survive its interminable copyrigh++.

Re:

[jridley]

I could, except that I wouldn't have any sense of suspense if for some reason I was forced to watch the superbowl live.

I have no problem watching movies months after release. I'm not sure why it's so hard to avoid spoilers. Hell, I look up on usenet at hit movies that were released in the last year or two and the titles aren't even familiar, I have to go to IMDB to see what the heck they're about. I certainly don't know what happened in them.

Re:

[Loconut1389]

Not to mention the teens making out behind you, the other teen on her cell phone in front and two seats over, the texan with the big hat in front of you and the screaming baby in the rear, the either freezing or burning hot temperature of the place, etc etc..

There's very little reason to go to the cinema anymore- it's not a group experience like it once was, you don't talk with people afterwards, in fact if you're lucky you only have to ask someone to shut up once. Home stereos can sound pretty great, and d

Re:waste of time

[Kelbear]

These anti-piracy ads are just ads for piracy. You go into the movie theater after paying to see it legally, to end up watching an ad talking to you about watching movies for free without fat smelly bastards sitting next to you and talking on his cellphone while noisy little punks kick your seat and throw popcorn from behind you at the kid in front of you getting his giggles off of shining a laser pointer on the screen.

These ads do not work as intended.

Re:

[Dunbal]

They might as well be preaching to the choir; these people paid to see a shitty movie

      Actually some people pay to see the movie, then download it to add to their collection. Shame on me, for not forking out an additional $25 for the DVD.

Re:waste of time

[Drooling Iguana]

Unfortunately, movies tend to be projected in the normal visible spectrum, and I don't think the screens they use reflect X-rays, so even if you had X-ray vision it wouldn't help you to see the movie.

Re:waste of time

[geoff lane]

Hey! I like watching a 5 minute diatribe accusing me of being a criminal. I love the way that they don't allow you to skip or FF through the little moral tale. I don't care that I have to wait to see the movie I paid $40 to "own"... every single time from now until doomsday.

It's suggested that this single annoyance drives ordinary people to learn how to rip dvds and in the process eliminate the wonderful story about drug dealing pirates; I couldn't possibly comment.
 

Re:

[Anonymous Coward]

WTF?

Re:

[Loconut1389]

You've seen the videos haven't you?

"YOU WOULDN'T STEAL A CAR
YOU WOULDN'T STEAL A HANDBAG
YOU WOULDN'T STEAL A TELEVISION
YOU WOULDN'T STEAL A DVD"

I was just saying that when you 'steal' a movie by downloading it, you're not taking a copy away from someone- like when you steal a car or a handbag or a television, or anything tangible for that matter.

I also was saying that if you do pirate the movie, when you go to watch it and see the little video, its already too late for it to make a difference and wouldn't a

utter fuckpuppets

[PurPaBOO]

And then the utter fuckpuppets go on to say: "Buying pirated DVDs is stealing." This really gets my goat. Buying pirated DVDs is buying pirated DVDs. Stealing pirated DVDs would be stealing. Cnuts.

Re:

[badspyro]

hell, half of the time, i get movies off the net just to skip that crap...

It's okay...

[Daychilde]

...I'm sure someone will solve the problem by writing more laws.

That's always the solution, isn't it?

(oy.)

Re:

[TheRealMindChild]

Right. We should get right to the root of it. Let's make it illegal to copy anything digitally. It's brilliant. I mean, what could go wrong???????????????????//

Re:It's okay...

[digitrev]

I'm going to attempt an analogy. This may be horribly flawed, but there is some logic here.

The current downloading of copyrighted files is akin to drinking during prohibition. The laws were on the books making drinking (sharing copyrighted files) illegal. However, that didn't stop people from drinking, and in fact simply forced the alcohol industry underground, where it was taken over by organized crime. The temperance movement (RIAA / MPAA) did their best to keep the laws on the books forcing what they thought was a horrible thing to become illegal. However in doing this, they made criminals out of everyday folk who blatantly disregarded the less than sensible laws. Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

My point is that attempting to create or uphold laws that no one respects is futile. They can't and won't be able to prosecute every uploader of files, and eventually, the laws on the books will match the reality of what goes on in day to day life.

Or more succinctly....

[mutube]

Any law that makes a criminal out of the majority is a bad law by definition.

But I liked your analogy too.

Re:It's okay...

[Maxo-Texas]

And now, the legal prices of booze are so low that there is no reason to make illegal booze.

There is a lot of reason to copy a $20 movie ($35... $70 in some cases). There is absolutely no reason to copy a $5.50 movie.

The movie company makes a lot less profit- but they still make a profit and anyone who pirates their movie is so clearly desperate for cash that the movie company isn't losing a dime on them.

Re:It's okay...

[Grishnakh]

Why not?

Why do people still make their own furniture with woodworking tools instead of just buying furniture from K-mart?

Why do people build their own computers from components, instead of just buying a computer from Dell?

Why do people install their own tile instead of just hiring a contractor?

Why do people write their own software instead of just buying it from Microsoft, or hiring a consultant to do it for them?

Why do people brew their own beer, instead of just buying a Coor's? (Moreover, why is this legal and distilling your own whiskey illegal?)

If a country values freedom, it shouldn't restrict what people do in their own homes as long as non-consenting people aren't affected.

Re:

[Archangel Michael]

My God Man! You sound like stark raving LIBERTARIAN.

.
.
.

Welcome!

Re:It's okay...

[Opportunist]

What's even worse is that if you criminalize people, they start to ignore the law. The sentiment being, if I already broke one law, what's another?

Look back to prohibition times and see just how violent they were.

Re:It's okay...

[jez9999]

Had anyone tried to enforce the, dare I say it, stupid laws in place, they would have ended up with millions behind bars.

Like those arrested for possessing cannabis?

Re:It's okay...

[Odin's Raven]

I'm going to attempt an analogy. This may be horribly flawed [...]

A Slashdot thread without a flawed analogy is like a frozen fishstick without a train conductor.

Re:

[72beetle]

What's happening with the RIAA/MPAA is more like someone is making booze that people want but they don't like paying for the bottle, so they're stealing drinks right off the keg.

Yeah, no. Stealing a drink off the keg means one less drink in the keg. Not the case with duplication. You fail.

More laws: coming right up...

[CustomDesigned]

Jail time a comin' [com.com], courtesy Gonzales.

It's always "Question This," "Challenge That" -

[toby]

Damn you long-haired smellies! Why can't you get with the program and just passively CONSUME!

Corporate Hypocrisy- It's In The Game!

[Dogtanian]

Damn you long-haired smellies! Why can't you get with the program and just passively CONSUME!

EA did it! They told me to "Challenge Everything"!

To which they replied, "Foolish boy, that was just a vapid and insincere corporate slogan designed to sound vaguely cool to wannabe-rebellious (and utterly conformist) 13-year-olds..."

My mistake.

Re:Corporate Hypocrisy- It's In The Game!

[drinkypoo]

My mistake.

Yeah, I thought that was a pretty reasonable response, until Apple told me to think different. Now I can't go back to thinking the old way! I think my mind is broken.

Re:

[MollyB]

Yeah, we oughta go back to the Riverdale [wikipedia.org] Malt Shoppe and pay a quarter for three selections like 'Murrica's s'posed to be. We should've been happy with those shiny Juke Boxes...

Extremely Limited Success?

[locokamil]

You mean "failure"?

Remember, kids: It's not torture, it's "enhanced interrogation techniques".

Re:

[Opportunist]

You're so negative. How about some positive vibes?

After all, the mafiaa is currently just facing declining growth in their sales.

Re:

[Intron]

Netcraft confirms it, the movie industry is ...

Oh wait, Spiderman 3 [boxofficemojo.com] seems to have done over $150M on it's opening weekend. Perhaps I won't start crying for them yet.

Re:

[Jesus_666]

The problem is that Spider-Man 3 is a computer-generated extravaganza. B-Movies don't fit into that category. The fact that most computer-generated extravaganzas have scripts and acting better suited for B- or Z-movies doesn't mean that they aren't hellishly expensive computer-generated extravaganzas.

Seriously, they could make a computer-generated extravaganza about a magical turd hopping around Cleveland and people would pay to see it just because it's a computer-generated extravaganza with an advertisin

Re:Extremely Limited Success?

[Opportunist]

Problem with those eye candy movies is the same it is with the eye candy games: They'll never become classics. In 10 years, nobody will care 'bout the eye candy and will just see the crap around it.

Re:

[dattaway]

Its too early to pull out. We must stand united and continue the course, otherwise freedom will win.

Hex or GTFO

[aichpvee]

The article is missing the key, who's got it? I need to start a protest on digg!

Re:Hex or GTFO

[kebes]

That would actually be interesting. Digg ended the last uproar by saying "okay, we give up, go ahead and post it"... but by then the key had been posted to so many sites (largely in protest) that no one cared anymore. Even the AACS team must have realized that it was futile to now suppress the code. I'm sure they sent out plenty of other legal threats, but basically the code had been widely distributed.

But if someone posted a new Digg story, with the code... what would happen? Let's say Digg was the first (or one of the first) to "break" this story. Would Digg bury the story? Or let it stand? Would they begin another proactive campaign of suppressing the information? Or would they stick to their previous (rather belated) show of solidarity with their users? If they were one of the only sites distributing it, they would be (rightly) afraid of an imminent AACS legal threat.

It will be very interesting to see the reactions of the community and the AACS team as more keys are discovered and distributed. (Heck, it may occur that someone posts a bogus key story to Digg, just to mess with them.)

Dear DRM

[Romancer]

Suck it!
.
.
.
.
Seriously. do any of these people see any other future where this "enabling" software isn't hated and despised to the point where we chear that it's been broken and can use our paid for media how we wish?

DRM

[Ckwop]

This is quickly making DRM look less like rights management and more like digital restrictions mockery. Of course, we knew this from the start. Any security strategy that depends on giving the attacker both the key and lock is doomed to fail.

The guys who make this DRM know its flawed but they still get paid when it fails. They must be quietly laughing all the way to the bank. Yet like morons the record labels keep handing money over. It's no wonder CD sales are declining when you're *that* clue-proof.

EMI has the right idea. Shock horror, if you give the customer what they want, they'll pay you for it. I never would have guessed!

Simon

Re:

[TheRaven64]

Only if your primary news source is Slashdot. The mainstream media still refers to DRM as 'copy protection' technology for the most part, when in fact it is usage restriction technology with no impact on copying at all.

Re:

[Mr2001]

Not quite. The encryption on DVDs is a copy protection measure, and so is the encryption on HD-DVD and Blu-Ray discs (AFAIK - I'm not as familiar with their technical details).

People who don't understand how it works usually come back with the response, "But you can just make a bit-for-bit copy!" Well, no, you can't, unless you work in a DVD manufacturing plant. With consumer-grade burners and media, it's impossible to burn a working encrypted disc, because you can't write to the area where the keys are sup

Re:DRM

[Laur]

Not quite. The encryption on DVDs is a copy protection measure (snip). People who don't understand how it works usually come back with the response, "But you can just make a bit-for-bit copy!" Well, no, you can't, unless you work in a DVD manufacturing plant. With consumer-grade burners and media, it's impossible to burn a working encrypted disc, because you can't write to the area where the keys are supposed to be stored;

That means that consumer-grade burners and media are defective, it doesn't mean that CSS is a copy protection technology. This is the same as saying that CDs contained copy protection technology when they were first introduced, since there was no consumer-grade CD media and burners at the time.

the only way to make a working copy of the movie is to decrypt it first.

Or use non-defective media (of which there is no consumer-grade versions, but as you note a professional DVD press will work fine), or just copy the disk to your hard drive, CSS and all. Making a copy of a digital file doesn't mean that you must copy it to the exact same medium type.

Re:

[TheRaven64]

You can make a bit-for-bit copy of DVDs, you just can't burn it to a DVD (unless you buy more expensive DVD-Rs for authoring). I watch most DVDs on my laptop. Because the machine gets very hot with the DVD drive spinning (especially on a lot of newer DVDs with the hole slightly off centre, so it wobbles a lot while spinning), I often rip them first. I make a disk image using Apple's Disk Utility and I can then play them back with Apple's DVD Player.

I can copy the disk completely without interference, u

Re:

[erroneus]

Just to be clear, it's not record labels, it's movie people. (Okay, they are probably the same people, but still... we're talking about movies and [HD-]DVDs, not music and CDs.) So this has nothing to do with declining CD sales, but declining DVD sales... which, to my knowledge, there haven't been any such reports.

C64 one more time

[Anon-Admin]

Sounds like the old days of the C64 boards. It started with 1day warez, soon there were 0day warez, before it was all done there were boards that only accepted -7day warez. That was warez (Cracked software) that were released no later than 7 days before the program was to hit the market!

Give up now and stop waisting money on something that will never work!

Which C64 games had copy protection

[Chuck Chunder]

I don't remember seeing anything like that until I got a PC (and I think the first game I remember that has it was Elite, or Elite+).

Re:

[ip_vjl]

MicroProse's F15 Strike Eagle [wikipedia.org] (combat flight sim) had a system like that.

They crafted it into part of the gameplay in that you had to enter your "secret code" as part of receiving your mission.

Re:

[Minwee]

Elite, at least on the C64, used something called 'Lenslok'. It involved placing a magic plastic lens up against the screen and then using that to an image of two letters which you needed to enter in order to continue running the game.

The more traditional "Read your manual" check wasn't used until later releases of the Elite series.

Re:C64 one more time

[badboy_tw2002]

True story: When I was a younger lad I got around that by taking my friends manual to the xerox machine at the library and for a couple bucks had the whole thing cracked. Much later on in life I ended up working for the same company I stole the game from. I took my boss out to lunch one day (he was the original programmer on the game in question), and as he offered payment I said "No no, its alright. I figure this ought to cover the royalties of the game I prirated :)" Guilt free am I!

Bravo..

[modi123]

I just gave my dual 21" dell lcds a mountain dew bath after reading "damned-time-traveling-pirates dept". I salute you editors - you have given me my happy thought. Now quickly, fly! Second star to the right and straight on until morning!

Time Bandits?

[H0p313ss]

Deliberate reference or a happy accident? I need to dig up a copy of this for the kids.

http://www.imdb.com/title/tt0081633/ [imdb.com]

AACS?

[PineGreen]

That's the dumbest fucking idea I've heard since I've been at Microsoft.

Re:AACS?

[JensenDied]

Normally this would be the perfect place for a "You must be new there," comment.

Does anybody else...

[u-bend]

...feel like this will be one of those anthropological head-scratchers to historians in 50-100 years? DRM? What an odd culture they had there....

Re:Does anybody else...

[spun]

Yes, exactly, they will think our outmoded techniques were so quaint. Their Reality Rights Management chips installed in every human at birth will simply prevent you from experiencing anything without paying someone for the privilege.

Re:

[Anonymous Coward]

Charles Stross had a great dig at this in his novel [i]Glasshouse[/i]:

'We know why the dark age happened,' Fiore continues. 'Our ancestors allowed their storage and processing architecture to proliferate uncontrollably, and they tended to throw away old technologies instead of virtualizing them. For reasons of commercial advantage, some of their largest entities deliberately created incompatible information formats and locked up huge quantities of useful material in them, so that when new architectures repl

Re:Does anybody else...

[WilliamSChips]

More likely the other way around: the people who actually care about the art will let anybody experience it, while the people who only care for money will charge unnecessary costs.

The same collective?

[i_like_spam]

Is this the same collective responsible for releasing Spiderman 3 on the streets of Shanghai a week before the release of the movie?

Let's see how the fight is stocked.

[Opportunist]

On one end, a business conglomerate with procedures to heed and to follow, with people working for money, getting paid whether or not their implementation works, as long as it is to specs.

On the other end, a bunch of people with no marketing, no PR, no quarter reports to heed and the goal to remove that crap, and whose only "payment" is to get the content the way they want it.

Which one do you think adapts faster and more efficiently?

The ever heard of cost vs benefit?

[SSCGWLB]

How is this economical for these companies? It should be simple:

ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit)

ProfitB = $MEDIA_INCOME - piracy loss

I would bet that ProfitB is significantly larger then ProfitA.

Take into account

[geekoid]

that they have been over inflating the value* of IP for years to the creators of this type of content. So they wuiold ahve to go to them and say they were wrong...or blame the canumers. Which is another way of blaming the market, but they can't do that wothout admitting 'defeat' Or more accuratly, that DRM can not stop the people stamping bit by bit copies and selling them by the thousands. WHich is where there significant copyright inringement loss is.

*I do believe it has value, but not nearly what the med

Re:

[Thanster]

Slight adjustment to your formula: ProfitA = $MEDIA_INCOME - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit) - piracy loss ProfitB = $MEDIA_INCOME - piracy loss Kinda makes it clearer :-)

Re:The ever heard of cost vs benefit?

[rossz]

I corrected your formula:

ProfitA = $MEDIA_INCOME - piracy loss - DRM R&D - DRM content - lawsuits - alienated customers - recalls (i.e. rootkit)

ProfitB = $MEDIA_INCOME - piracy loss

Ten years from now, kids will be reading

[zappepcs]

about the great Consumer Revolt of 2007 in history classes.

The list of revolt-ish type actions lately is getting quite long. I think the Internet is really starting to make its true value known.

Companies who want to force DRM on the consumers are simply terrified that they have no product and must force consumers to pay for distribution. The sad part is that they are wasting so much time, money, effort, and lobbying to try to stop what they never could before, and have no hope of stopping in the future; the sneaker-net is still alive and apparently doing very well with 500GB USB drives selling for less than 2 seasons of the Sopranos.

Digg, AACS, XM radio, and all that came before it. Oh, also that deal with the King and feet, the actress having sex on the beach... who knows how many more it will take ....

Re:Ten years from now, kids will be reading

[danbert8]

Sad, I read this whole comment and the only thing I'll remember is "actress having sex on the beach".

Re:

[shish]

Even sadder, I skipped the comment, and then went back to it to find out what the "actress having sex on the beach" phrase was talking about :(

Life imprisonment for attempted piracy, anyone?

[mercuriciodide]

"If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'" DRM won't be called into question. The real question to those with power and their minions is: what's the best punishment for offenders? Is it life imprisonment, the "solution" for such things as hacking the main page of a corporate website or committing "attempted piracy"?

DRM is stupid, give up!

[Bullfish]

As long as the people in basements world wide outnumber the security programmers 10000 to 1 (if not more), such codes etc will be broken. Doesn't matter if they are software only, or embedded into chips etc, someone will find a way around it.

Activity time!

[Rob T Firefly]

I think it would be fun to generate a big text file listing every possible string of 16 hex digits. We could post and mirror it everywhere, and pre-emptively cause another uproar when yet another of them turns out to be the new AACS key.

Re:Activity time!

[vidarh]

16 hex digits is 8 bytes. Good luck trying to post 2^64 16 byte sequences anywhere in your lifetime.

Re:Activity time!

[cfulmer]

Funny. I just did it. Of course, my file is compressed -- the decompression program takes FOREVER, but it's pretty easy to tell it to skip to the Nth entry.

Re:

[Anonymous Coward]

Ill Start
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  Lameness filter encountered.

Re:

[Ksevio]

with 18,446,744,073,709,551,616 numbers and we'll say 8 Bytes per number, that would be a 128 Exabyte file - not the most reasonable file to host all over the place

Re:

[Ant P.]

But where are you going to find a mirror willing to host a file 2^132 bytes in size?

Re:

[spaceyhackerlady]

But where are you going to find a mirror willing to host a file 2^132 bytes in size?

Don't. Use a broadcast distribution like BitTorrent. Individuals broadcast portions of the keyspace, and others pick up the pieces they want.

Yeah, I know it's stupid and useless. But then so is AACS.

...laura

Re:

[LehiNephi]

Ummm....first of all, it's 32 hex digits, or 16 bytes.

Secondly, that would make a total of 2^128 different numbers, each 16 bytes long. So 16 * 2^128 = 5.44 * 10^39 bytes, or 5.1 * 10^30 GB. Good luck finding a hard drive with that capacity, let alone a web server with the bandwidth to transmit it.

more like "calls DRM, period, into question."

[swschrad]

you have folks designing a roadblock into the process of decoding media, that doesn't always work, that is not supported on any of the minority OS... and they wonder why other folks keep cracking it?

you think maybe somebody out there in MogulLand would look at the swirling Warez underground, and for once think maybe, "geez, the free market says we are bumbling goons?"

apparently it only happens in Britain, where somebody at Electric Music Industries Ltd. woke up sober and straight one morning...

Re:more like "calls DRM, period, into question."

[Minwee]

"Somebody at Electric Music Industries Ltd. woke up sober and straight one morning..."

After having gone to bed the night before drunken and bi-curious?

I have a truly marvellous key of this revision

[sectionboy]

... which this internet is too narrow to contain.

Problem with the people who enforce the DRM

[LittleBigScript]

They are not just up against a determined people. They are up against SMART, determined people. These are the kind of people who will circumvent a problem before circle a petition.

The AACS LA is really fighting a losing battle on this one. The question I have to ask is where and when are they going to cut their losses.

AACS is done

[Jugalator]

I don't think hackers are always going to publically tell which software they found vulnerable, or if they went for the hardware, or exactly what. But it's quite clear they now understand where to look for the keys, so just changing them won't help anymore. And when you know the protection structure, I think this system is now pretty much as busted as the DVD protection became. GG

Re:AACS is done

[Sique]

Normally a good security system should still work if its structure is known to the world. Cf. Bruce Schneier on "security by obscurity".

But in this case we have the strange situation that the attacker knows everything: Not only the algorithm, but all the keys. So all there is left is some kind of obfuscation. I remember an article featured here about 10 years ago, where an israelian team proved mathematically, that a software based approach to DRM can't work. I wonder if we could get them as expert witness to tell the court in a DMCA case that a DRM based enforcement of copyrights can't be called "effective" and thus is not protected by the DMCA :)

Re:

[The Master Control P]

Hardware DRM can't work either, for the exact same reason: I have the ciphertext and the algorithm, so all they can do is try and obfuscate the location of the hardware keys. But no matter what, you have to put pre-shared keys somewhere on the chip. Therefore, it is a matter of putting the chip in acid and looking under a scanning electron microscope until you find the right memory area: Game over, MAFIAA loses.

And yes, if I had $50000 to spare, I would buy an SEM in a heartbeat to smite them. Well, that

Cost Functions

[SlashdotOgre]

It amazes me that the movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy. The cost for a system like AACS must have been well into the millions, and I hope they realize that with all DRM systems it takes orders of magnitude less money to bypass them then it does to create them (and once a crack is known, that's all it takes). At the very best, DRM only buys them some time until it is cracked, and at worst is frustrates consumers to the point that they boycott the product. While the number of pirates may increase a bit if all media was DRM free, I don't believe it would be a significant increase from the amount who pirate now. I do believe the amount lost to new piracy would be less than the amount spent developing DRM, and perhaps the increase in sales due to people who only pirate because they hate DRM will off set that even more.

Re:Cost Functions

[Bent Mind]

...movie industry remains convinced that they save more money by developing and implementing DRM than they would lose to piracy.

You're not looking at the problem from the perspective of a corporate accountant. They don't look at developing and implementing DRM and say "look how much we are saving." Rather, they add it into their piracy cost projections and say "look at what piracy is costing us". Then they give those numbers to Congress and ask for stricter laws, harsher punishments, and more protection.

If you're gonna try to get ahead of the curve,

[iceT]

you still need to be faster than the internet. The hacks get around faster than you can follow.

Good luck with that.

Umm...

[fyrwurxx]

I never understood the MPAA/RIAA's approach to curbing piracy and increasing legitimate sales by imposing restrictions on those who pay for content. Think about it: a pirated album or movie comes with zero DRM and thus can be used for any purpose on any player an unlimited number of times. If I pay for that same album and purchase it through iTunes, I can only listen to it on my computer and my iPod. So here's my choice: pay for restricted content or download DRM-free content FOR free. Umm, who in their right mind would elect for the former?

A more proactive approach to curbing piracy would not restrict the rights of the consumer, but expand them. Instead of pouring millions of dollars into encryption schemes that are cracked before they're released, invest that money into innovations like exclusive or pre-release content for paying customers. I might feel better about buying an album online if a) I knew I could use that album any way I want and b) got a little extra in return, like an interview with the band, an exclusive track, preferential treatment for concert tickets, or whatever. I know these exclusive tracks and interviews could just as easily be pirated, but it's the thought that counts. If you (the RIAA/MPAA) respect my right and desire to use my movies and music how I want, I'll be more likely to respect your right to compensation for said goods. Either way, putting digital handcuffs on your paying customers is definitely *not* the right approach.

Re:

[Jesus_666]

Daft Punk did this with Discovery. You got a "membership card" that contained an access code for their "Daft Club" website containing a lot of remixes of songs from the album. Of course they still required you to install some silly Win-only program the purpose of which I never found out (as the files on the site were unprotected MP3s), but it was a nice gesture.

Later they opened the site to everyone, which was much better. But buyers of the album got there first (provided they were Win users and didn't mi

That depends

[Weaselmancer]

...on your definitions of good and evil with respect to DRM.

Here's your answer

[Weaselmancer]

The keys being passed around before the release date shows that current laws aren't strong enough to stop piracy, and therefore successful lobbying for more draconian laws has a higher chance to proceed.

There's your pseudo-tinfoil hat answer. I hope I'm wrong.

Re:

[Opportunist]

"Up yours" came to my mind, but ymmv.