Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Encryption Security

DVD Situation Takes New Turn 555

Several readers wrote in to let us know that the maintainer of css-auth has announced the end of his involvement with CSS, while the DeCSS person has removed the source from his website. The source has been removed at the behest of lawyers representing "the film industry".
This discussion has been archived. No new comments can be posted.

DVD Situation Takes New Turn

Comments Filter:
  • by taniwha ( 70410 ) on Tuesday November 09, 1999 @09:00AM (#1548531) Homepage Journal
    Locking the door after the horse has bolted is always a bad idea .... it just makes the other users of the stable angry.

    Leaving the key under the mat is also a bad idea

    Letting amateurs implement crypto doesn't work so well either

    But the worst mistake is to alienate a whole bunch of smart people who understand locks by selling them horses but not letting them ride them

    In the future if you are basing a business on the use of large secret numbers you had better use really big ones .... and maybe not leave them around where people can find them

  • Yet another geek bullied by lawyers... Luckily many people got down copies of the source when the ruckus started so that it'll live on... Reminds me of ultraHLE... Maybe somebody should fly an airplane over lots of major cities and airdrop CD's with the code on them to all the geeks of the world =:-) Hmm... Seriously though, does anybody know of a good country with no laws or at least no extradition treaty to host this site? Maybe Cuba? Russia? Hmm....
  • Lawyers, I suppose, justify their fees by the number of 'cease-and-desists' they issue. I can think of no other reason for this; there's no point whatsoever in trying to force stuff off the internet.
    Of course, if they spammed every internet user with their little threats, they might get as much as 10% of the existing copies off the net. But banned code is like the hydra; cut off one head and two more sitez appear.
    Now that it's underground, will we have to refer to it as CZZ?
  • The damage has been done, it can't be stopped, and now the film industry is trying to save face. End of story.

    Now I just wish I had the money for a few 30 gig drives...
  • They'd hire these guys to work on a new DVD encryption solution. Or even if that's impossible at this point, they'll find some way to make their skills useful to the industry instead of chasing their asses in court.
  • Would any of our foreign friends be willing to host a mirror? Perhaps it's time to move the CSS part of the DVD project outside the US. It would still be legal to write code for viewing DVDs that just had a big hole for a "black-box" CSS decryption part, right?

    And besides, what does the NSA care about CSS? If it's just the "entertainment industry" & pals, then there's no real danger.
  • Any chance of a generous /.er posting a URL that points to the DeCSS source?

  • No lawyers justify their fees by being quite effective in getting individuals to cease and desist. A company of medium means can hire a lawyer to harass a chain of people around an individuals effort to the point where the individual must either go into great debt or quit. Something needs to be done about this before it shuts down large sections of the open source movement. Maybe we need a IP rights version of the ACLU? I'd contribute to it.
  • Is start pushing vendors (say, Linux vendors) and users (especially those of us who own DVD players) to publically come out and say "I would rather be able to play a DVD on a Linux system".

    Point out to these people that many of us will buy *more* DVD's if we can use them on our Linux boxes.

    Follow the money; if we make the "win condition" be to use an open standard and encourage people to write DVD players, we'll see the DVD industry admit that, maybe, not all users are pirates.

    You, too, can contribute: Decapitate one person a week who pirates software or art. ;)
  • Hey, comeon people! Like they always say on the X-Files, "the source is out there!" ... They can't stop development on decss, there are too many people who have either the key or the code! We shall prevail, and the tyranny that is shass crumble beneath the power of the nerds!
  • The film industry has more to fear from NOT openly embracing Open Source than from it.

    Some of the biggest costs in the film industry come from:

    1. Distribution
    2. Piracy prevention
    3. Advertising & promotion
    4. High-quality special effects

    If you embrace an open source ideology, distribution costs are reduced. Why? Because the technology required to mass-produce is being developed far faster by far more people than otherwise possible.

    The same is true for piracy prevention. There are far more cryptologists working on and testing Open Source crypto tech than there are in the entire film industry. Result - the film industry can't afford to produce anti-piracy measures that can hope to survive, using proprietary methods. But, if they used an Open Source approach, they'd have protection from pirates comparable to the best protection the US Government can throw at it's most secret information.

    Advertising and promotion - which is cooler, a mug with a badly-drawn picture of a character on it, for one movie, or several lines in a CREDITS file in every movie distribution that company makes? Now, which is cheaper, for the company?

    Special effects - BMRT blows Renderman away, for the simple reason Renderman doesn't ray-trace. It only simulates. Partly because it's very expensive on the computer to apply raytracing and radiosity to every frame, in high quality. Open Source the frame data, and collaboratively render the CGI. You will end up with infinitely cooler graphics than ANY organisation (with the exception of MS) could EVER pay for out of it's own pockets, and at practically zero monetary cost.

    The film industry is destroying itself, in it's efforts to protect itself, through it's choice of protection. Isolation NEVER, EVER works to protect, in the long term.

  • by .pentai. ( 37595 ) on Tuesday November 09, 1999 @09:10AM (#1548547) Homepage
    Yes, have him remove the source from his webpage, this will fix everything. After all, it's well known that source code can't simply be downloaded like other files, and can't be copied endlessly throughout the net, or else we'd be in REAL trouble...oh wait, it can.

    Anyways, I don't see the trouble, DVD will come to linux/freebsd/beos/whatever else in time as it becomes increasingly popular...though it still kinda pisses me off that those trying to help get crucified by the lawyers (so to speak) over it.
  • Please post a link to a mirror if anyone knows of any.
  • Would any of our foreign friends be willing to host a mirror? Perhaps it's time to move the CSS part of the DVD project outside the US. It would still be legal to write code for viewing DVDs that just had a big hole for a "black-box" CSS decryption part, right?

    Unfortunately, no. Unless the laws have been changed very recently, the US's crypto export laws explicitly forbid software which even has hooks for easy addition of cryptographic code.

    That said, CSS hardly qualifies as "strong encryption" anyway, so it'd be legal no matter how you slice it. The real issue here is that these people wrote code (using legal techniques, from what I understand) that uncovered a trade secret that the industry didn't want uncovered (it's legal because they never patented it) and now the industry is scrambling to reclaim their trade secret and stop the damage from being done. However, they're too late.

    "Software is like sex- the best is for free"
    -Linus Torvalds
  • by nstrug ( 1741 ) on Tuesday November 09, 1999 @09:13AM (#1548553) Homepage
    IANAL but my partner and mother are...

    Derek was told that he was in violation of the Copyright, Designs & Patents Act 1988, Sections 296(1) and (2). These sections read:

    (1) This section applies where copies of a copyright work are issued to the public, by or with the licence of the copyright owner, in an electronic form which is copy-protected.

    (2) The person issuing the copies to the public has the same rights against a person who, knowing or having reason to believe that it will be used to make infringing copies-

    (a) makes, imports, sells or lets for hire, offers or exposes for sale or hire, or advertises for sale or hire, any device or means specifically designed or adapted to circumvent the form of copy-protection employed, or

    (b) publishes information intended to enable or assist persons to circumvent that form of copy-protection,

    as a copyright owner has in respect of an infringement of copyright.

    [(2A) Where the copies being issued to the public as mentioned in subsection (1) are copies of a computer program, subsection (2) applies as if for the words "or advertises for sale or hire" there were substituted "advertises for sale or hire or possesses in the course of a business.]

    Clearly, the DVD consortium would try to demonstrate breach of copyright under clause 2(b) as Derek has published information intended to enable or assist persons to circumvent that form of copy-protection. The fact that we are NOT using this information to actually copy DVDs is IRRELEVENT, simply publishing the information is, under this statute, equivalent to infringement of copyright.

    In my opinion Derek would be found liable by the court as this statute stands. Derek is a scapegoat - the DVD consortium have not gone after others who have worked on cracking CSS because they reside in coutries that do not have such a law on the books. Unfortunately, the UK parliament passed this law (no doubt after considerable lobbying by industry groups) and Derek is a UK resident so they went after him.

    EVEN if the DVD Consortium was on shaky legal grounds, the cost in time and money of fighting a copyright infringement case is astronomical and I think most people in Derek's position would have done the same thing.

    There is no point in arguing over whether reverse engineering is legal, whether this is a breach of free speech; as the statute stands, publishing details on how to circumvent copyright prevention is itself an infringement of copyright, pure and simple.


  • If someone will kindly post a URL to the CSS source (which I foolishly failed to grab when this all started going down), I will publicly mirror it on a decently fast connection, and see how long it takes the lawyers to get on my tail.

    If you want to email me privately rather than post here, send mail to
  • by Anonymous Coward
    It shouldn't really shock or surprise anyone that the movie industry is trying to stop deCSS. The industry is trying to cover its butt for not making the DVD format very secure in the first place.

    It won't work.

    Now that it is public knowledge that CSS has been broken, even if deCSS never puts back up the source, other people will pick up where deCSS left off. It is only a matter of time before we can see whatever DVDs we want.

    The discovery of DVD keys (and how to break them) won't hurt the movie industry in the long run. Projects like deCSS now face a similar situation as what the MP3 music format faces- MP3 will hurt music, says RIAA, so they try to discourage it. MP3 has not hurt music sales, no matter how much RIAA tries to say it has. The same argument was used for regular VCRs, blank audio tapes, etc.

    The arguments did not work then, and they certainly won't stop us here.

  • If the CSS/DVD community had a mature, fully working product, I'd agree with the "locking the barn door..." sentiments, but it's not. What the DVD people and their lawyers are doing is trying to scare off any serious developers from working on CSS. And it's working. Simple fact: most people who would be interested in developing and using FREE (beer and speech) DVD players don't have the money to fight the teams of lawyers that are being sicced on them. The same thing happened with the 8Hz MP3 decoder. The corporations that are making the money off of digital media don't WANT to go to court. As long as the legal status of DVD/MP3 is the least bit murky, they have the advantage. Once they get into court, they either win or lose BIG.
  • A tarball of the entire DVD tree from LiVid, as of 6th November, was posted over on by Bruce Perens, I believe. The tarball includes the whole of DeCSS as of that time, in it.
  • by nstrug ( 1741 ) on Tuesday November 09, 1999 @09:19AM (#1548563) Homepage
    Derek Fawcus, the author of css-auth lives in the UK and Jon Johansen, who had DeCSS on his site, lives in Norway. Both had lawyers set on them. Both have taken their sites down.


  • CMU, at the behest of the RIAA just reprimanded students for using the microsoft network to distribute mp3s and other software. They did this because they aren't a common carrier of information and could be sued by the RIAA. Here we see another man, using what can only be described as trade secrets to create an unliscenced DVD player over the internet.

    Why do we pretend, sometimes, to care about IP at all, when by our actions we decry it as a thing of any value to society? Why do we feel so moved by this guy risking his neck against the Movie industry when thousands of penniless college students are doing the same against the music industry?

    What is the internet? If a library can loan out books to anyone who wants them at any time, then why aren't library books on the internet, as well as tapes and cds that are at all libraries; even movies and newspapers are in libraries. If all that information IS ALREADY FREE AT THE NEAREST LIBRARY, then is the internet going to be, in the near future, simply a big shared *free* library?At some libraries I went to, some software was available for borrowing.

    Okay, I'm done ranting now. Flame away.

    -Benjamin Shniper
  • I think there's a copy on Bruce Peren's Technocrat []. I'm too lazy to find the exact URL, but it should be somewhere on this [] URL.

  • I will have nothing to do with work on CSS. If there is any work that I may be considered to have ownership of, I give up all rights to that work.

    Yeah, he got raped by room 101. They grabbed him, tore him apart, and dumped his pieces back into the sewer. It's a shame, we need to support him as best we can. Primarily by distributing the source code as far as we can.

  • So the motion picture industry is threatening geeks now. Surprise, surprise.

    Let's see here; Between 1/2" mag tape, cassettes, VCRs, CD-R(W), MP3s, and now hacking DVDs, the entire entertainment industry must be on the verge of bankruptcy! The poor execs!!!

    Oh, wait a minute--they're _not_ broke? Now howinthehell did THAT happen?

    The industry knows full well that VCRs, despite the problems of piracy, have made more money for them than anything else ever has. They also know that, like with CDs (mostly) replacing records, they'll be able to jack up the price of DVDs and make a _larger_ profit. There is no question of them losing money to pirates on this glitch.

    So why are they threatening programmers? Three reasons:

    1) Because they can. (power)
    2) Because they want to. (greed and powerlust)
    3) Because they do. (force of habit)

    Both music and movie industries have consistently taken the myopic view of technology, and have ended up hurting themselves every time. It's clear that they won't learn any better. However, it's really starting to piss me off, and I'll be making a point of illegally copying movies when I can, the same way that the industry convinced me to copy CDs of major artists. (indies and the like always get my money--they need it!)

    The sadist in me is rubbing his hands together with glee--they'll hurt themselves more this time than they have yet.
  • by mwa ( 26272 ) on Tuesday November 09, 1999 @09:29AM (#1548585)
    I think there are archived posts by Derek that clearly indicate the goal of this project was to allow the playing of DVD's. His intent can be demonstrated as such, not to "enable and assist" circumvention. Intent is clearly stated as being primary to the offense.

    None-the-less, I wouldn't mess with the lawyers either. It's one thing to work on open source software. It's another thing entirely to back your work up with your life savings and criminal record.

  • by altair1 ( 71744 ) on Tuesday November 09, 1999 @09:34AM (#1548594) []

    There is a list of other mirrors there as well. Well there will be as soon as people start mirroring it :).

  • by FreeUser ( 11483 ) on Tuesday November 09, 1999 @09:35AM (#1548600)
    Let me make myself crystal clear to any "Film Industry" types or representatives lurking here. I just purchased 4 DVDs over the weekend, with the expectation of being able to view them under Linux in the near future (I do not run Windows anymore, at all), and so that I could help in debugging the (until now) forthcoming Linux and drivers and software.

    You have chosen to make that difficult, if not impossible. As a result, you will find me purchasing no further DVDs, at all, forever, until such a time as I am able to view them using the platform of my choice in an open and free manner. If you were to check my financial records over the last several years, you would find I have spent thousands of dollars on Laser Disks. Future thousands for DVD releases could also have been yours.

    Not anymore.

    Not only will I not be purchasing any further DVDs until I can view them under Linux, I won't be purchasing any further movies of any kind, on any medium, from you folks. I am going to rediscover the library as a form of entertainment, and do my best to insure that no further dollars pass from my wallet to yours, either at the video store, video rental store, cable box, or even at the theater.

    It is my hope that others will feel, and do, likewise.

    In the meantime, perhaps you should reflect upon your own strategies, and consider the following carefully.
    • This action is not aimed at commercial pirates, but individuals. Pirates can already mass produce DVDs of their own:
      • Without css decryption, using the analog out, redigitizing, and mastering the non-encrypted result. Loss of quality: minimal.
      • Running Microsoft Windows and any one of several widely and freely available Windows utilities for ripping DVDs.
      • By placing a video camera (digital or otherwise) in front of the screen, digitizing the results, and pressing the DVD.

    • The folks working on the css decryption and Linux DVD stuff are trying to make a product they have paid for work with Linux. The law clearly allows this, even if they do not have the same deep pockets to defend themselves with that the film industry does to make their lives difficult.
    • Those of us wanting to watch DVD under Linux do not, for the most part, have any interest in pirating DVDs. While I am sure there are exceptions, the vast majority of pirates already have such tools available under Windows (see above). By alienating Linux and FreeBSD users you people in the film industry have alienated some of the most technically savvy folks in the world -- the very demographic group most likely to embrace an emerging technology such as DVD, and a by and large well paid group with lots of disposable income to spend on your product. Nice shooting, Tex.
  • by ABadDog ( 28370 ) on Tuesday November 09, 1999 @09:39AM (#1548607) Homepage
    It appears many people on /. are advocating the wrong approach to dealing with this, namely spreading the code far and wide. This is doomed to fail, because we're being driven underground, and prevented from engaging in perfectly legal activity...the reverse engineering of CSS for the purposes of compatibility. Spreading the code around in the absence of someone willing to take responsibility for maintaining it is not going to help in producing a Linux/OpenSource DVD player. Running underground is acting like the pirates they want to paint us as.

    I can understand Jon and Derek's position. When the laywer hounds of hell are after you and you're in the hotseat, it's perfectly natural to turn and run. Is there a larger organization (with deeper pockets and/or staff lawyers) that'd be willing to take a stand with Jon and/or Derek to fight for their rights? Perhaps we could get the FSF or the EFF interested. Probably the EFF more so than the FSF, but still do we wish to give up our rights simply because we're unwilling to fight for them?
  • Record stores, both little and the big chain store, have sold import records and CDs for ages. Records and CDs have no encryption and no region coding. No one complains about this. Why is this all of a sudden a problem when it comes to movies? I PAID for the import DVD I bought, right? There will never be a local distributor for the imports I buy. Why shouldn't I be able to watch it? This has NOTHING TO DO WITH PIRACY (as the movie industry would like us to all think). Someone answer me that?

    I PAID for the bleeping movie. Get the fscking lawyers out of my player! They're jamming up the mechanism! :)

  • 1) From what I've gathered there are two things going on here, once is the Linux dvd project that distributed software that could play dvd movies if a user had the original DVD disc (That's Derek in the UK right?) The other is these guys in Norway who distributed code that's clearly for cracking. Why are both of these groupd getting picked on, it seems to me only one was trying to pirate content.

    2) What does DeCSS have to do with users who just want to play their disks in their computers? Does making a player cause CSS to be defeated?

    3) I'm all for free information here, but there seems to be a lot of people whining about some guys who knew damn well their work would be used to rip off content.

    Anyone have any answers?

  • They don't call 'em the west coast mafia for nothing.
  • I hope they don't, but it would be interesting if the "movie industry" went after the author of DeCSS for damages. Jon Johansen is 15 years old and lives in Norway, where such suits are almost unheard of. Since the newspapers in Norway are rather boring it should get front page exposure..

    Ah well, one can always hope they aren't that stupid.

  • by taniwha ( 70410 ) on Tuesday November 09, 1999 @09:45AM (#1548625) Homepage Journal
    In my opinion Derek would be found liable by the court as this statute stands. Derek is a scapegoat - the DVD consortium have not gone after others who have worked on cracking CSS because they reside in coutries that do not have such a law on the books. Unfortunately, the UK parliament passed this law (no doubt after considerable lobbying by industry groups) and Derek is a UK resident so they went after him.

    EVEN if the DVD Consortium was on shaky legal grounds, the cost in time and money of fighting a copyright infringement case is astronomical and I think most people in Derek's position would have done the same thing.

    I agree - and I think that this also points to how we get around this .... bend, don't break .... there are lot more of us than them (the lawyers) what should happen now is that someone else should pick up the torch, move the sources under CVS elsewhere and continue work on linux DVD .... don't make a big deal about it .... but also realise that eventually the lawyers will come after you, when they do you raise a stick, then bow out gracefully and pass the torch ...

  • The main difference in their eyes is that it's almost more of an emergent technology and medium. They want to control it steadily and slowly so that all people from here on out have to pay to use them with different taxes and encoders and various schemes. They just think that people who use linux are bad. Maybe this is perhaps because for the oversimplified reason that if I use a free OS then it makes me a cheap scate. Many people involved in making upper level policy devisions are usually not the type of people who can make strong intellectual arguments for or against a certain topic. It seems that free time activities are now more important than work. I would think that the increasing desire for measures like these are actions made by people who hate their current line of work and want to do something that they are perhaps better suited for. Their thought is why should an artist's life be hard and fraught with suffering. Now I know this is probably a really bad argument when such artists usually make several million dollars per picture enough to make them completely comfortable for the rest of their lives but it is an argument that is frequently used.
  • Traffic tickets. If you want to get out of something, find a lawyer that is willing to listen. Let them know you want to fight it as it is a matter of principle --all the way if necessary.

    I did just this back when I was a bit wild with sports cars. 5 speeding tickets in one year in Kansas City. The law there only allows one ticket to be "reduced" to a parking ticket in one year (if you have lawyer!) To make a long story short, I got out of all of them with a total cost of $1055. The largest 90/55 was dismissed, while others were reduced to parking tickets.

    I grew up since then (haven't been pulled over for a traffic violation after I sold the car.) If you want to fight something, you have to have an interest and ask for help. The legal system works both ways. Use it.
  • This is not the way to stop people from copying DVD's. If I wanted to copy a DvD I would need a DvD writer that costs like $4000 and then I would need blanks that cost more then the DvD movie would cost. That makes it not worth the money to copy the DVD because even if I try to sell them (not that I would) I would have to charge more for the copy then I paid for it. And what person would pay more for the copy then the original. Then you might have some people that would like to make a back up of the DVD and then store the original in a safe place incase the copy was to get scratched but it would still cost less for them to just buy the movie twice. One way they could prevent this, is if your dvd movie will not play because it's been scratched then you can send it back and get a replacement for free or very cheap. Another is to always keep the price of dvd's cheaper then DvD blanks.
  • by Otto ( 17870 ) on Tuesday November 09, 1999 @09:53AM (#1548640) Homepage Journal
    1) Why are both of these groupd getting picked on, it seems to me only one was trying to pirate content.
    2) What does DeCSS have to do with users who just want to play their disks in their computers? Does making a player cause CSS to be defeated?

    You can't play an encrypted disk without decrypting it. It's just that simple.

    A DVD player (software) works a bit like this:
    Pass decryption code to DVD drive
    DVD Drive accepts it, starts streaming out decrypted MPEG data.
    Player decodes said data, displays it.

    A DVD Pirate works a bit like this:
    Pass decryption code to DVD Drive
    DVD Drive accepts it, starts streaming out decrypted MPEG data.
    Pirate takes data, writes it to hard drive.

    So you see that the process is really the same, it just depends on where you want to put the final data. (This is a bit simplified from reality..)

    3) I'm all for free information here, but there seems to be a lot of people whining about some guys who knew damn well their work would be used to rip off content.

    The downside is that you couldn't do this much any other way. The DVD consortium isn't giving out any more decryption codes, therefore nobody else gets to write a DVD player without paying through the nose for it. Naturally, those free spirits out there think this is BS, so they just worked around it.

    The gist of the whole thing: They wanted to protect DVD security through secrecy. That's always a bad move. The DVD encryption was broken, plain and simple.

    Not expecting anyone to steal the horse when the lock on the barn was all rusted is just stupid. :-)

  • I'm as much of a free software proponent as anyone, but your claims are ludicrous. Free software works because people write software that benefits them. Crypto stuff like GPG and Apache-SSL have been written because the authors can use them to keep their own data safe and secure. No one- except the MPAA- has gigabytes worth of data that need to be encrypted in this way. Sure- open source it- see if a single soul helps out. Ditto distribution- none of us have gigs worth of data that need to be distributed in ways that either aren't already available or would be helped by this project. Ditto for graphics- why should I help MGM or Disney render their graphics? The technology is already there- let them buy huge farms of servers to do it themselves.
    I guess my point is that open source is not a cure-all. It works for Linux and Apache because there are large communities who code because they want to "scratch their itch" and help the community. There is no personal itch here, and there is no community to assist. So- no chance for open source to help.
    P.S. Of course, there is a huge community of people who would love to play DVDs... and plenty of coders who can "scratch the itch" by cracking the encryption. Thus, CSS. ("CSS is dead... long live CSS!")
  • From what I understand there's no copyright on css, it's simply a trade secret so you can't sue for copyright infringement just because the author wrote DeCSS (this is one of those guns don't kill people people kill people screwed up things). Yeah I suppose someone could use this technology to copy a dvd but the prices of rewritable dvd media tends to be higher than the cost of the original movie and the dvd recorders are even higher so there's no way you could make enough of a profit off selling dvd movies to pay off the proce of the recorder.

    I applaud creative labs for taking the initative and releasing source code for the dxr2 cards, this is the first smart thing anyone in the industry has done. Rather than get everyone angry and start a media field day the recording industry should just make dvd an open standard, they'd get alot more respect that way.

    So what will happen to dvd now?
    Will it go the way of betamax as a new standard comes in the door? You can't just ignore everyone who's bought a dvd player. It's not as if now all of a sudden dvd is insecure, we're talking about 8 gig disks here it's not as if you can open a geocities account and start trading them over the net.

    Bottom line is that the recording industry can make alot more money by selling dvd products to those that have been without (ie linux and other "alternative" oses) and I think as soon as they relaize that they've got the choice between suing one person and making abit of money allowing it to pass and making them alot of money they'll choose to let it pass.

    (Supposing it does pass this leaves the dorr open for alot of interesting legal arguments based on it though.)
    - MbM
  • Under US law there is no such thing as
    "Intellectual Property"

    Its COpywrite law that you mean. IP is a term
    invented by lawyers of big companies to make
    it sound like they have more rights than they do.

    anyone looking for further comment on the subject
    should check out
  • by Anonymous Coward on Tuesday November 09, 1999 @10:12AM (#1548676)
    Added a binary as well...

    source [] binary [] Mind moderating this up one or two so it shows in thread lists for people with higher thresholds :)

  • Well for one, you own nothing aside from the right to view the movie in your home. It's encoded on the shiny little disk you purchased, but so far as your rights go, it's the same as goes for commercial software.

    While i don't understand why the movie industry insists on this, I do understand that it's their right to determine proper usage, because they paid for it's creation and hence, it's their property.

    If you don't like their terms, you can.

    1 - Use that Windows partition for something.
    2 - Buy a regular DVD Player.
    3 - Boycott DVD and stick with the inferior, yet more open VHS.

    That's probably not what you want to hear, but, you know, lifes not always fair. Perhaps this'll cause a "GNUMS" (GNU Movie Studio) to spring to life? Doubt it!


    Moderators: I'm only stating it the way i see it. Please don't relegate me to troll-dom because of that.
  • It seems to me that a "Clash of the Titans" is in order.

    We, as individual developers and users of Linux have essentially all we need at this point to view DVDs on our PCs. While it may be illegal to do so in nations where there exist (unjust, IMHFO) laws against disabling copy protection, I believe this is not a deterrent to any individual hoping to enjoy a DVD in the privacy of his/her home. The code is indeed in a primitive state, but a nice little GUI app could easily be built at this point and distributed anonymously to the world, giving Joe/Jane linux a nice little RPM that allows them to watch The Matrix without having to break out gcc.

    It seems that those who have something to lose now are the distributors of Linux like RedHat and Debian. If they are unable to include a DVD player in their distros, then this gives Windows/MacOS/Etc. a (small?) competetive advantage for attracting users (home users, especially). It seems that it would be in the best interest of RedHat, Caldera, SuSe, Debian, Corel, Winlinux (haha) to come together and either fight the necessary legal battle or to chip in to pay whatever extortion fees are necessary to the DVD consortium for a player key. I doubt the consortium would agree to the latter. Personally, I prefer the former as it will (I hope) defend the freedom of all of us. Too bad the defense of freedom is so fscking expensive.

    Will these companies step up to the plate? Or is Linux going to be faced with sticking to its hobbyist/enthusiast roots WRT this issue?
  • programs...

    Not to insult you, but this being such a commodity right now I'm sure someone somewhere may be playing cruel tricks with the file.

    Still, it's a shame this had to happen.

  • (2) The person issuing the copies to the public has the same rights against a person who, knowing or having reason to believe that it will be used to make infringing copies-
    (a) makes, imports, sells or lets for hire, offers or exposes for sale or hire, or advertises for sale or hire, any device or means specifically designed or adapted to circumvent the form of copy-protection employed, or

    (b) publishes information intended to enable or assist persons to circumvent that form of copy-protection, as a copyright owner has in respect of an infringement of copyright.

    It's not that they did it. It's that they distributed it. Apparently you missed this post. []

    I apologize fot not making my statements clear enough for you.

    "You want to kiss the sky? Better learn how to kneel." - U2
    "It was like trying to herd cats..." - Robert A. Heinlein
  • We need some law hackers.

    Hey, it's easy enough to check U.S. Federal law. Just go to [] and look it up. Particularly relevant section is Title 17:

    a) Violations Regarding Circumvention of Technological Measures.
    - (1)(A) No person shall circumvent a technological measure that
    effectively controls access to a work protected under this title.
    The prohibition contained in the preceding sentence shall take
    effect at the end of the 2-year period beginning on the date of the
    enactment of this chapter.
    (B) The prohibition contained in subparagraph (A) shall not apply
    to persons who are users of a copyrighted work which is in a
    particular class of works, if such persons are, or are likely to be
    in the succeeding 3-year period, adversely affected by virtue of
    such prohibition in their ability to make noninfringing uses of
    that particular class of works under this title, as determined
    under subparagraph (C).

    subparagraph (C) explains that it is the Librarian of Congress who is supposed to review cases where prohibition (A) may cause difficulties to people who have non-infringing reasons to circumvent an anti-piracy scheme.
  • So you're saying, free and open software can be
    helped if people who create controversial programs
    will take their name off of it, and letting the
    codes go anonymously? Of course!

    Egos don't seem to allow this, EVER.

    The guy with the DVD code couldn't just let
    out the code as ''?

    He wouldn't run the risk of litigation, to say the least!!

    BUT NO. Had to sign his real name, and as a consequence, he has to take the files off his computer.
  • Derek Fawcus was threatened under UK copyright law, Jon was contacted by a Norwegian firm (Simonsen & Musaus) who I assume threatened him with Norwegian copyright law. Where was there a mention of US law.


  • Well for one, you own nothing aside from the right to view the movie in your home. It's encoded on the shiny little disk you purchased, but so far as your rights go, it's the same as goes for commercial software.

    I agree... more or less. What they're really saying is that you own the right to view it in your own home using one of the pre-approved viewing methods. I still chafe at the idea that if I choose to view it in a manner different from what "they" envisioned, then I am committing a crime.

    Most of this boils down to what they're trying to prevent, which is illegal copying*. Exposing flaws in encryption methods aids and abets those who would violate copyright laws. But who should be punished?

    If Consumer Reports exposes the fact that you can pop the lock on a Yugo by hitting the right rear quarter panel with your palm, are they suddenly liable for auto theft?

    Or, take the gun control argument. Do you go after the gun makers, or the people who use the guns to murder people? Some might argue this differently from the "Yugo" example above.

    Arguments can probably be made either way, that either the "enabler" or the "perpetrator" should be punished. Or both. :/ In this case, the right thing seems to be to go after the people responsible for the action which causes direct harm to the industry - the pirates. Not the guys who show how the scheme works.

    *unless they also want to get rich from licensing fees for DVD players....

  • by Anonymous Coward on Tuesday November 09, 1999 @10:33AM (#1548723)
    Any Mac people here? Well, for those who don't know, every file on the Mac has a number of attribure bits associated with it. One of them was called the "No Copy" flag. If set, the OS and copy programs are supposed to respect it and not allow the file to be copied. No one paid any attention to it. Not the copy programs nor even Apple's own OS. It was widely ignored, thus eventually acquiring the name 'bozo bit'.

    Meet region coding and CSS crypto. DVD's version of the bozo bit. Well, like it or not, legal or not, moral or not, (it no longer matters), the code to break CSS and region coding is 'out there'. It cannot all be recalled. Ever. The genie is out of the bottle. Trying harder to contain distribution will only encourage others to spread it further, deliberately, from nations out of your jurisdiction yet as easily reachable by anyone, anywhere on the earth as if if were on a floppy next door. The DVD consortium has failed to keep its trade secret. And since they took NO ACTION TO PROTECT their protection scheme such as patenting it, they have little justification to go after hackers for breaking it. They do have a case against Xing since Xing signed an NDA to keep DVD crypto info secure and did not. But there's no basis for a suit against anyone else on this matter. That's a risk that comes with keeping trade secrets. The DVD consortium took a risk and lost. Life's a bitch ain't it? Eventually lawyers will give up their futile pursuits and regions/CSS will be viewed the same way we all regard the 'bozo bit' on HFS and the 'allow copy' flag on audio CDs today. Namely, no one will care because movie companies will still be making lots of money just like the music industry still is today. How could the latter happen? CDs have no crypto, no region coding, CDR burners can be had for under $200, CDR media is at 89cents and falling. The music industry should be horribly dead by now as a result. Guess what? It isn't. Neither will the movie makers be. This is much ado about nothing.

  • If this was sent to the French dvdutils site it can be safely ignored. Sometimes, the arrogance law firms really not astounds me. Not only do they try and scare someone off with a law that doesn't even apply outside of the US, but they don't even have the common courteousy to translate the cease and disist letter into French!


  • The point is the same. If someone buys an import DVD, and they have "right to view the movie in your home", then who the hell is anyone to say "you have the right, but only on an approved (by us) DVD player". Does it really say on the DVD itself "you have the right to view this movie ONLY on an approved DVD player."?

    So, if I have the right to view the DVD, then don't I also have the right to view it using Linux software, if I want?

    The point is, as always, they are hurting the people who legitamately own DVDs and doing virtually nothing to stop the real pirates. Remember copy protection on software? Look up the codes in the manual? It only hurt the consumers...the pirated versions were easier to use.

    So here we go again...consumers paying all this extra money for useless copy protection that only makes it more enticing to buy pirated DVD's so you don't have to put up with the BS.

  • 4 - Crack the region coding, the Macrovision coding, and the CSS encryption, make dozens of free copies, and give them away to homeless people, 'cuz them m*****f*****s are rich, arrogant b******s and they're fun to f***k over, and they so richly deserve it.

    they've been forcing me to buy mass quantities of astroglide over the years, and i'm going to laugh my ass off when the shoe's on the other foot.
  • by Booker ( 6173 ) on Tuesday November 09, 1999 @10:43AM (#1548734) Homepage
    Dave and I hashed this out via email, but here it is anyway. :)

    I think that the law makes the act of circumvention, in and of itself, regardless of intent, illegal:

    b) publishes information intended to enable or assist persons to circumvent that form of copy-protection

    To me, the code clearly circumvents the copy protection algorithm. I'm not saying it's a good law... No matter the intent, it seems that the code is illegal in the U.K.
  • And wanting to play a movie that I bought on my computer IS a fair use. How could you say that it is not fair use.

    It took reverse engineering to make my OS "compatible" with DVD's.

    AMD reverse engineers INTEL to make INTEL software run on AMD.
    Wine reverse engineers Windows to make Windows software run on Wine.
    Linux reverse engineers DVD to make DVD software run on Linux.

    No difference.
  • At least Derek's looks, from armchair-law point
    of view, to be possibly enforceable against him.
    Not know UK law in detail, or -any- precedents
    that set scope, who knows for sure.

    If they went after someone in the US where we
    actually -have- a right of free speech and don't
    have (that I know of) laws against distributing
    information that enables the circumvention of
    copy protection... well, here, at least, we could
    defend against this kind of charge. I think.

  • I'll say it again. The Internet makes control of digital media IMPOSSIBLE. Until the record/movie/entertainment companies realize this and embrace it, we will continue to see walls of Lawyers trying to hold back an invisible tide.

    (thnx for the link BTW)
  • No, the idiots who wrote this law are dicks. You are shooting the messenger, when it should be the lawyers you have in your sights (just kidding, folks -- I think).

    If the interpretation of 2b given before is correct (which I kind of doubt, given that it appears to be at odds with the intent of the law as described in 2a), then a new era of frivolous lawsuits is at hand. If I write a program which, say, allows one to use a filesystem on a hard disk (let's say I call it, oh, I dunno, mke2fs), to which one might one day write, say, pirated mp3s, then, according to the interpretation some are putting forth, I can be held liable for writing something which could facilitate piracy, even though my intent was otherwise. dd might be a better example, since it writes raw blocks irrespective of most digital copy protection schemes. Nevertheless, this kind of legislation -- if indeed intended as described before -- could well result in everything from mke2fs to dd to cp being illegal, because somewhere, someone might use it to circumvent copy protection and pirate something. Hell, writing an operating system could be illegal, as it certainly facilitates the operation of any software designed to run under it, including that which might be used to circumvent copy protection schemes. Never mind the Linus never intended Linux to be used for such, the fact that someone, somewhere, can misuse it for such neferious purposes makes him guilty by association! Sue Linus, sue Linus. Oh wait, then there's gcc, which was used to compile the evil software. Sue the FSF! Sue the FSF!

    Absurd. I doubt any of this would hold up in court, but then again, IANAL and, given the illogic of our justice system to date, who knows?
  • This is in reply to the first 5 people who've posted...

    The movie industry isn't forcing you to buy or use windows. You can purchase a DVD player for your TV and bypass the whole computer thing. It is a convienence that player-back software exists. It's made it to the Mac and Wintel so far, and will probably not come to Linux anytime soon.

    For one, there's a huge installed base of both machines and OS's.

    For two, there's no way of gauging the Linux installed base. Yeah, there have been so many downloads and so many purchases, but how many people use it on a daily basis, compared to the other two groups?

    For three, all the mainstream press talks about Linux's use in the server arena. Servers don't need to play DVD movies. So, why would the movie industry want to create a player for a server?

    Also for three, there players available for Solaris, *BSD, Openserver, Unixware, Netware, BeOS, Irix, AIX, or HP-UX? I'm guessing not. And for them to create a *nix port solely to serve this market would be a huge waste of resources given the potential returns.

    (Still stuck on 3...) Rather than just running ahead and writing that program, was this brought up in a more political sense, such as letter-writing, email, phone calls, etc? I doubt it was, to any extent, maybe one or two here or there. Maybe some programmers could have done the movie-watching community a favor by signing a NDA, and created binaries for the said platforms, with the industries okay. Was that tried?

    Four, you can do whatever you want with the disc itself. Burn it. Use it as a frisbee. microwave it. It's the IP on the disk (the movie) that you need to show some restraint about... :)

    Now for five. DVD playback probably will take longer to make it to Linux than it would have before. Why? Because of this. More and more, I notice around here (not singling anyone out, so don't get down on me too hard) a mentality of "I don't want to pay for something if I can get the same thign for free" or "Who cares about intellectual property".

    Those attitudes are not condusive to getting the industries okay on releasing spec's (and liablility for implementing a playback mechanism) for DVD. They can easily view those two statements as saying, "I'd rather watch a free pirated movie than acually buying the DVD, especially if they're the same exact movie... I'll even copy it for all my friends, too."

    You really have to watch yourself when stepping around the giants of any industry... you may not realize that you've stepped on their toes until it's much too late.

    All done for now.
  • actually, i don't think that your Consumer Reports example is the same idea as your gun makers example.

    Any way you try to dance around it, guns are for hurting. and don't start saying that you use them for target shooting. bulls**t....use a pellet gun or something. same idea, but you can't kill people with it too.

    Anyway...back to the topic at hand. If DVDs were designed with the intent to kill humans, then i think that copying DVDs would be bad.

    Since DVDs are not actually designed to kill humans, then i think they should only be going after the pirates, and not the people who expose the flaws in their so-called security methods.

    This is just like your consumer reports example, and not like the gun example.

    "The value of a man resides in what he gives,
    and not in what he is capable of receiving."

  • You quote the relevant law as stating:
    publishes information
    intended to enable or assist
    and then you state
    Derek's overall intent in releasing the information (enabling playing of DVDs on linux) is irrelevent.
    Methinks you contradict yourself. Comments?
  • by Booker ( 6173 ) on Tuesday November 09, 1999 @11:39AM (#1548786) Homepage
    Well, that's why I put the gun example in there. :)

    People will interpret similar scenarios differently depending on where their passions lie. You can argue that guns are for target practice, and you can argue that the CSS code was for viewing. Other people with other passions (anti-gun control or pro-profits) will argue that you are wrong.

    (I agree that the gun example might be a bit overboard since we're talking about human _lives_ in that case, but I bet the DVD consortium ranks the importance of their profits almost as high as a human life or two...)
  • After looking at this thread, it struck me that it is sort of ironic that this move by the motion picture industry (trying to intimidate people to get rid of the DeCSS code) has actually caused the code to be mirrored to more FTP sites and will probably lead to more people being curious about the code and looking at (and potentially working on) it.

  • by Effugas ( 2378 ) on Tuesday November 09, 1999 @11:40AM (#1548789) Homepage
    Bear with me a second:

    CSS does nothing to prevent the outright copy of a disc. The keys survive copying procedures just fine.

    CSS does, however, prevent interoperability with non-approved hardware.

    Since reverse engineering for purposes of interoperability is a common and legal practice, and since interoperability could not be achieved outside of a procedure that rendered the colluding cartel's enforcement mechanisms ineffective, the breaking of the CSS encryption scheme is not necessarily a violation of copy protection law.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research

  • by Ektanoor ( 9949 ) on Tuesday November 09, 1999 @11:43AM (#1548794) Journal
    Past: First let me note. Pirates had already solved their problems with DVD. I have seen several pirated DVDs in the last monthes. So it is stupid to consider that this program has given some breakout in this field.

    Present: The fact that such program is probably breaking the law gives several serious doubts. First there is a problem that reverse engineering is defended by the law of several countries, in cases when there are compatibility problems or needs to integrate new third-party features. Law only goes against such crack tools when authors suffer "significant material damage". Real one, well counted bucks. Not the abstract problem of how "dangerous" can be deCSS.

    Future: DVD will end the same way CD ended. When CDs started, such guys as Sony claimed it to be a blow against piracy. As we see now piracy got a Hell of money exactly due to CDs. The fact is that DVDs, just as CDs, are a mean to spread information openly and massively. It is a practical nonsense to try to restrict the distribution of such stuff by means meant to be individual and private.

    However the problem does not end just here. Right now the producers of information for mass consumption entered a field that may overturn our values of today. Those same supposedely defended by our dear capitalism.
    You buy a DVD. Do you possess it? Or are you renting it for a "one time fee"? And what are your rights on having a rented piece of information? Can you borrow it, sell it? Can you manipulate it? Can you destroy it?
    I don't want to go in details here. But if anyone analyses the problem DVDs and other media present today, then one will note that we are facing not a problem of "capitalist" ownership. In fact what we are facing is an attempt to feudalise the ownership of media. You have no right to own information. You cannot use it above a restricted set of permissions. You become an servant (hostage) of the information lords.
  • There are far more cryptologists working on and testing Open Source crypto tech than there are in the entire film industry

    That may be true, but it's not relevent to the case on hand. Yes, Open Source, with its many eyes, will often make better crypto algorithims but it's not the algorithim that's relevent here, it's the encryption keys.

    What use is a file encrpyted with 3DES if the keys are supplied in the open with it? It's irrelevent how strong the encrpytion is that you use, if you have the keys. Remember that the DVD player by necessity, must have all the information required to decrypt the data. That includes the necessary keys, and thus, if it's open source, all the keys are viewable, and the encryption worthless.

    It's about the only situation where open source can never work.

  • 'm a little confused as to where copyright violations end in your view.


    It's not his view, it's the legal fact. If you distribute a tool that is designed to circumvent copy protection then you are liable. Crappy law? Maybe. But it's the law, if you're in the UK you have to follow it, or change it.

    Basically to view a DVD you have to decrypt it. Decrypting is defeating the copy protection. Defeating the copy protection is illegal in the UK if your methods could knowingly be used to pirate the object in question.

    I'm not here to argue whether this is a good law or not, just trying to clear this up.


  • There can be no doubt that this is the most awful, repressive, undemocratic law one could possibly imagine (and yes, I do realize the scope of that statement). I get bouts of serious vertigo just by the thought that this sort of shit goes on in a society that then turns the other way and claims that it is free.

    At which point is self censorship manditory anyways? Is ok to think about the problem, but not to talk about ones thoughts, or maybe they shouldn't have thought about it in the first place? Maybe we should state that more clearly, how about something like:

    "The large copororation who abuses its legal monopoly over the permutations of one and zeros to which it lays claim has the absolute right to legally attack and extract, for what they are worth, large sums of money from anybody thinking about, or considered intelligent enough to be a threat if thinking about, getting around their faulty, futile, schemes for preventing those particular permutations from appearing elsewhere in the universe."

    The gist of the law is that you are not ALLOWED to outsmart people, no matter how stupid they are. By this the DVD people could have used a ROT13 encoding and then attacked any Linux player that had "cracked" that. So I guess instead of protecting the weak from the strong, we are now protecting the stupid from the smart. And using violence to enforce it. What a great day for our society.

    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • I suspect what Nick has written is exactly what Derek's lawyers told him in the UK -- back down, and quick.

    But what would happen to somebody in the similar position in the US, eg as regards either (a) publishing the analysis of CSS, (b) writing the code, (c) hosting the CVS server, (d) co-ordinating the overall effort, or (e) including player in a linux distro ?

    The relevant law appears to be 17 USC ch.12 sec.1201, but unfortunately this is not currently up on the Cornell LII site.

    Section 1201 is set to be amended by HR 2281, the Digital Millennium Copyright Act []. I'm not sure what the current status of this act is, and whether or not it has or will be signed into law by the president. The key relevant provision under the new law would appear to be (a)(2):

    (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--

    `(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

    `(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

    `(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

    and section (b)(1), in which 'controls access' is relaced with 'protects a right of a copyright owner'

    Some questions:

    • What does 'provide technology' mean ? Does software code count as technology ? What about technical descriptions of CSS ?

    • Do people still have a first amendment right to discuss CSS and write not-for-profit de-CSS code ? According to subsection (c)(4) below:
      `(4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products.

    • Does a commercial ISP who allows such code to be published on their server trafficking in a service ? Or do they count as a free press ?

    • Does a linux distro which includes a DVD player allowing a disc to be viewed on screen circumvent a technological measure that effectively controls access to a work protected under this title (ignoring any patent issues) ? Would it make any difference if the code was binary only ?

    • And finally, haven't these lawyers ever heard of writing laws for easy maintenance and reliability ?? The control flow in (a)(1) has to be worse than anything I've seen in a Perl program! But I wonder, do you think we could get the Librarian of Congress to declare an exception under (a)(1), regarding the current poor availability for use of copyright works under Linux, to allow the situation to be improved ?
  • But mke2fs does not defeat anyone's copy protection, from what I've read css-auth does. This is where it differs from the plethora of examples being cited in this thread. His software actually defeats the copy protection.

  • by jms ( 11418 ) on Tuesday November 09, 1999 @12:10PM (#1548825)
    I believe that the prohibition on circumventing copy protection will eventually be found unconstitutional.

    However, there appears to be a lot of confusion as to what legal ground we are standing on, and I'd like to start a discussion to shake that out. What legal principles make the creation, distribution, and use of DVD decryption programs legal, and under what circumstances.

    Some ideas from a non-lawyer (meself):

    First off, programs such as DeCSS and livid cannot be created or distributed for the purpose of unauthorized duplication of copyrighted works. Regardless of what you think about copyright law, and freedom, no court is ever going to sign off on the use of DVD decryption programs for this purpose; it's a counterproductive and losing argument.

    However, there are certain legal uses of copyrighted material which become impossible without the utilization of DVD decryption programs.

    Let's try this:

    DVD decryption and viewing programs are created and distributed to facilitate legal, fair use of copyrighted material, and for the private, legal display of copyrighted material.


    Section 107 of the United States Copyright Code specifically recognizes the right to extract sections of copyrighted materials for such purposes as criticism, comment, and news reporting.

    DVD decryption programs are, by definition, the only method available to the public of accessing a true, accurate, undegraded copy of copyrighted material distributed in the DVD format, for the purposes of legal manipulation of this material for protected free speech activity, including fair use.

    In addition, Section 108 of the U.S. Copyright code permits libraries and archives to reproduce copyrighted works in their entirety, for certain purposes. DVD decryption programs are the only method of making a true and accurate copy of such material for this legal purpose.

    These rights are recognized in the Digital Millennium Copyright Act, which contains the following language, with regards to the unauthorized circumvention of copy protection:

    OTHER RIGHTS, ETC., NOT AFFECTED: Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.

    Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products.

    Therefore, the creation, distribution, and use of DVD decryption software for these legal purposes should, in theory, still be legal.


    The legal owner of a physical copy of a copyrighted work has the right to view their copy.
    DVD decryption programs are distributed for the purpose of legal, private viewing of DVD programming.


    Section 117 of copyright law:

    ... it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:

    (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine, and that it used in no other manner, or

    (2) that such new copy or adaptation is for archival purposes only and that such archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.

    The contents of a DVD disk consist entirely of computer instructions and data, and therefore should be considered as a computer program for this purpose.

    In short, the acquisition and use of a DVD decryption tool is the sole existing method for persons to exercise their rights under copyright law to make a legal backup copy of their DVD software, and to exercise their right to use it in certain computer environments.

  • Actually, it can. :) Precicely -because- you can't open source the keys.

    You can't use conventional keys to secure a DVD, precicely because people will want to write Open Source drivers for OS' like Linux, FreeBSD, OpenBSD, etc.

    Instead, you need the collective intelligence of the Open Source community to devise -other- protection schemes. And precicely because that's a challange, it's bound to attract interest and testing. Something the DVD system clearly never got.

  • It's also illegal (in the UK) to circumvent copy protection no matter what sort of clean room development you've done. That's what is happening to Derek.

  • Ah, but it does facilitate the circumvention of copy protection, by providing a place where the pirated data may reside. Worse, the compiler (gcc) and the underlying OS (Linux or FreeBSD) actually enables the software which circumvents the copy protection to run!

    The interpretation of the law which excludes intent from consideration opens a pandora's box of absurd consequences. As another person noted, every DVD player on the market circumvents copy protection (they have to, in oder to playback the DVDs), so any advertisment for a DVD drive would violate this law as interpreted. Any compiler, operating system, library (e.g. glibc), filesystem, linker, or any other piece of software even remotely assisting in bypassing any copy protection of any kind, would also run afoul of this law (as interpreted before), as they are (1) facilitating the bypassing of copy protection and (2) have been published, either as source code or executable binary.
  • Then the measure is unconstitutional. Fair use is a constitutional issue, and has been interpreted by the courts. Congress has no right to assign the power to issue a binding interpretation of constitutional matters to the Librarian of Congress.

  • I get it now.

    The part I was missing is that it doesn't matter how the software works it's decryption of the video is still in violation of the UK law. Damn shame. Did css-auth need a valid dvd to work?

  • (Still stuck on 3...) Rather than just running ahead and writing that program, was this brought up in a more political sense, such as letter-writing, email, phone calls, etc? I doubt it was, to any extent, maybe one or two here or there. Maybe some programmers could have done the movie-watching community a favor by signing a NDA, and created binaries for the said platforms, with the industries okay. Was that tried?

    It's not just signing an NDA - it's big bucks. In the many thousands of dollars (See [] - $5k for the specs, $10k for the license, I think) For your average linux hacker, official access to the specs isn't possible, and it would disallow source distribution. Now, I'm not saying that if you can't afford it, that you should steal it. I don't know the legalities involved with reverse engineering the format, but I don't think that it constitutes theft. Distributing copyrighted works clearly does, but deciphering an algorithm is a bit more murky.

    I think that most people involved in this debate are not arguing that we should abolish intellectual property. Most people agree that the movies are copyrighted works, and should be protected as such. Most people also fail to see how reverse-engineering the format so that legally acquired DVDs can be watched on the platform of choice is a criminal act.

  • Here in the US we have a _written_ promise of free speech. Our Constitution claims that everyone else has it as well, so you can't say that the UKers don't.

    Anyhow, is anyone in the US interested in posting this encryption program on the web? I'm in the US, but I don't really want to spend a few years in jail for exporting munitions.

    But we do have free speech, really. Just as long as you don't speak in a way that disturbs politics as usual.

    -Billy (hmph)
  • Alas, it was a UK law being used against a UK citizen in (AFAIK) the UK...

    The Y2K bug we let sneak up on us (despite warnings here and elsewhere when the law was passed) is that something very similar takes effect in just under two months here in the US, I believe. With any luck maybe we can get a good css-auth library put together and exported to a friendly place before then, then just write great apps that link against that library for css authentication and decryption.

    IANAL ... can anyone else confirm that these draconian restrictions kick in Jan 1?
  • OK. So. Lemme try to phrase this properly without rehashing 100's of other comment posts...

    Truthfully, this legal action affects this community in a much more personnel way than it does the rest of the world. Everyone else already has their DVD players (settop and otherwise), and are happy with them. The ones that are upset are those who want one for Linux, and this segment is definitely the minority of DVD users.

    There are hundreds of legally licensed companies who provide DVD equipment/software. As such, there is not a monopoly on the resources needed to use DVD's. The consummer benefits from healthy competition, in lower costs and research into new technology.

    Now, a minority is upset because they could not have it Their Way. In the efforts to get What We Want, the dvd security system has been cracked, and the media is now open to pirating. This could negatively effect the DVD system.

    Is this not also greed?

    If the situation in question *prevented* this minority from receiving the benefits of DVD technology I would agree with you. But it does not.

    The horse may be out of the barn, but in this case the law does try to protect the 100's of providers of DVD technology who have invested time and money to produce technology to benefit their customers.

    "You want to kiss the sky? Better learn how to kneel." - U2
    "It was like trying to herd cats..." - Robert A. Heinlein
  • by Effugas ( 2378 ) on Tuesday November 09, 1999 @01:04PM (#1548869) Homepage
    I think you are making some sort of confusion. If your statement about CSS preventing interoperability, then CSS is illegal. CSS can be interpreted as a mean to spread a monopoly in a given market segment

    Hurm. Yes, that's very interesting.

    Suppose for a moment that car manufacturers designed a new standard for gasoline pumps that required a special set of grooves to line up in order for the gas to cleanly flow.

    Sure, they could dress it up as environmentalism, or as an attempt to prevent gasoline not deemed quality enough for the engine to burn, but the bottom line is that it would be an attempt to control who could sell gas, who could receive gas, and how much everything would cost for all parties involved.

    Money is not necessarily power, but power invariably forms wealth.

    Now, suppose I analyze the groove design on the pumps and create an adapter for any old pump to fit my car. Am I now violating the industry's right to prevent me from purchasing gasoline they don't want me to? From where could Detroit gather this power?

    Standard Oil would have killed for something like this.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
  • Yes, when you're in college you have no legal rights. Even with the free legal counsel most colleges give, it would be no contest to the kind of money the film industry can through at the best lawyers. Why is it that people with big bucks and mega lawyers aren't the ones cracking computer codes?
  • > DVD playback probably will take longer to make it to Linux than it would have before. Why? Because of this.

    "Because of this" there *will* be a linux player. You went on and on about why the industry would never want to port to linux, and yet you still think the industry has to give us the player.

    I'm still waiting for 3Com to offer a linux Desktop. Not that I need theres... I've got one!

    Here's an analogy: a kid asks his father for some money, and his father says no. So the kid goes and gets a job that the father doesn't like. So now his father REALLY won't give him any money. So what?

    The whole point is that (whether you like it or not) some people felt a desire to have a linux-based DVD player . Industry ignored them for all the reasons you mentioned, and now we will not only have a linux-based player, but one that can also be used for piracy...
  • Well, the moneys a moot point. Surely, if enough users wrote in, Redhat could use some of it's billion dollar net worth to aquire all the needed licenses and programmers in order to create a binary that allowed the playback of DVD movies on Linux.

    As for the movie industry dictating what platform you can play back on. I think they can. They can say that they want to feel reasonably sure that the products that play their movies do just that and nothing else. It would be concievable for them to be especially opposed to open-source playback software, for the reason once that's completed, it'd probably be trivial to redirect it's output from the TV to the hard drive...

    By charging $5K / $10Kfor the specs (which is really pocketchange to most companies that would want to pursue this) they can feel assured that Joe Cracker wouldn't spend the $5000 and then post them on the internet.

    In all honesty, if all you want to do is WATCH THE MOVIE WHILE RUNNING LINUX, why would it matter if it was a freely obtainable, freely distributable binary as opposed to an opensource one that was allowing the viewing of the movie? That'd probably appease a lot of people out there, and everybody (except RMS) wins...

    It's only really a library everyone needs, isn't it? And once it's done, there's no real point to enhancing it, because it's not going to make more frames in the movie or anything like that... And other people could write their own interfaces and controllers.

    I vote we ask Redhat for the financial help. They've got the clout to do it.
  • there is a growing list of mirrors here [], and I even put up a mirror here [].

    I'm living.... somewhere (not in the US) but the server is in the US. What will they do? This is starting to become civil disobedience me thinks.

  • 100's of providers of DVD technology who have invested time and money to produce technology to benefit their customers.

    I don't see how their encryption "benefits consumers". The ONLY way you could argue that is it was *because* of the encryption that we ever got DVDs. This is a poor argument because, well, that's a really poor reason to do something. If they wanted to "benefit consumers" they would have widely distributed cheap content that consumers could then use to benefit each other.

    Sorry but IP and copyright don't benefit consumers, they benefit corporations. The time and money was invested to benefit the company which is their purpose. Please don't tell me they are protecting me "for my own good".

  • Band together a lot of people and present that thesis to Oracle, IBM, Sun, Sybase, Informix, Corel, Netscape/AOL and the legions of others who have ported their products to Linux. If you get enough support, they might abide by your wishes and stop releasing their software for Linux. Wouldn't that be swell?

    You could even make a list of everything else you'd like to see available for Linux and write a letter on behalf of your "foundation" encouraging those companies (such as Apple with QuickTime) not to even consider porting their Software to Linux, because that's just bad (for some unknown reason).

    Come on... We live (or at least I do) in the real world. Companies need to have proprietary advantages in order to compete and differentiate themselves. If so and so doesn't want you to know how their spellchecker runs so fast, that's their business.
  • Find me 25 users for me who'll watch DVD's on VAX's and I'll consider myself without a clue.
  • Oh, and i need to add, that these 25 VAX users who want to watch DVD on their systems have to have no other means avaiable (no x86 systems laying around) to do so.

    This isn't a necessity we're talking about like food or water. This is simply recreation/entertainment...
  • This is one of the wonderful way in which the internet community is influencing society.. I would be currious to hear projection for how much intrest the movie industry generated in this program just by threatening legal action. It is hard to gague how much intrest there was in DeCSS before this news came out, but my suspicion is that the movie industry just creaded a much bigger monster then they had to deal with before.

    Now, we should realize that DLing the software today dose not necissarily impact future piracy, but it dose a) increase people's awarness of the software for when they eventually want to copy a movie and b) may attract addiotnal codders.

    I think this could be a really interesting studdy.. Email interview the developers of software like DeCSS, the Game simulators, etc. and try to determin how many of them would have gotten into it in the first place and how many go into it because of soemthing like this. Maybe this could be expanded from developers to people who run the sites. I suspect it will be hard to get good statistical sampels regardless of which groups you use, but it would still be a very interesting studdy.. and it might strike fear into the hearts of some of the corperate badies too. Anyone have personal stories to post?

  • by Zooks! ( 56613 ) on Tuesday November 09, 1999 @02:37PM (#1548938)
    The movie industry isn't forcing you to buy or use windows. You can purchase a DVD player for your TV and bypass the whole computer thing.

    So they aren't forcing us to buy Windows but they are forcing us to buy extra hardware (a TV DVD player)? This is basically saying the same thing.

    Unless there is something that is patented in the DVD playback process then there is nothing that should stop anybody from making a player if they can figure out how to do it. Just because all the current players are closed-source and industry controlled has no bearing on the creation of a reverse engineered open-source player.

    This is analogous to the commercially available Playstation emulators. Is Sony mad about that? Sure they are. Does it matter? Heck no. And the list goes on! The PC you're typing on is as cheap as it is because of the revolution that Compaq started when it reverse engineered IBM PC's.

    All of your arguments assume that we are required to ask the great and mighty movie studios if they will please allow us to make a nice little closed source player for our equipment. Yet, there is no such requirement.

    I do agree that folks should not copy videos illegally. However, the ideas of "don't copy" and "play where I want to" are mutally exclusive. Just because "play where I want to" allows copying and copying is bad, does not imply that "play where I want to" is also bad.
  • If someone created an infected zipfile...

    For example, say someone created a program that to all casual glances looked and acted like a zip file, but when executed actually does not run the normal zip program, but it's own?

    Prolly not a problem under Linux/Unix tools...

    Dunno, maybe I'm too paranoid

  • Well, that is still better than it dying entirely. At any rate it may become aparent pretty quickly which fork(s) is/are viable. And I don't know how this is much different than MP3 players, of which there are a whole bunch of floating around.

  • For example, say someone created a program that to all casual glances looked and acted like a zip file, but when executed actually does not run the normal zip program, but it's own?

    A .ZIP file is a data file, like any other. As far as the computer is concerned, a .ZIP is the same as a .GIF. If your computer "knows" to run (say) WINZIP.EXE when you open a .ZIP, it doesn't matter what has been done to the .ZIP, WinZip is still going to run.

    Now, if you get a file called IAmAZipFile.EXE, complete with WinZipSFX icon, and you run it without virus scanning it, well... I hope you have backups. :) But that is not a .ZIP file, but rather, an executable.

    It is possible someone could craft an unzip program (like WinZip) that takes some special action under special circumstances, but I have not heard of anyone doing that (yet). (Betcha a dollar that if someone does it, it will be Microsoft. ;)
  • AFAIK, Red Hat doesn't author any code without releasing it... perhaps they could sponsor someone, but that kind of goes against the grain of what they're trying to do.

    They do include some binaris in their applications CD, but I don't think they invested in those products, they just distribute them (demos and the like, for the most part...)
  • 40 bit encryption 56 bit encryption is not a munition by the laws as I understand them, but IANAL.

  • that I bet you typed it on a non-IBM PC. Those only exist because of reverse-engineering.

    Reverse-engineering happens all the time. Now, stop whining about it and leave us to watch our DVDs under Linux.

    - A.P.

    "One World, one Web, one Program" - Microsoft promotional ad

  • Ok, I'll make things clearer for you.

    First, the keys are in the decoder, with CSS, which is frankly stupid. Any half-competent Software Engineer can black-box, and from that obtain every key in the system, encrypted or not. That method is, frankly, laughable. It's equal to hanging the front-door key off the front porch, and encrypting the notice that tells you where it is. Sorry, but once you see the key, the notice becomes irrelevent.

    The most secure system you can use for this is disk fingerprinting, and using the fingerprint as the sole key. Why is this different? Because there is no longer any magic black-box you can feed data into, and monitor the output. The result is that there is no means of deducing the key. Also, as each key is unique to a disk, obtaining one key would be of no value in unlocking other disks.

    But all of this is childishly simple protection, that anyone who has been in computing long enough will recognise.

    CDs and DVDs give good fidelity? *COUGH* 20-bit systems were around before the 16-bit CD format existed. Chopping 4 bits might not sound like much, but it's definitely audible. As for 44.1 KHz - this gives you 2 or 3 data points per sine wave, for high-pitched sounds. Great fidelity, this saw-tooth piccalo!

    Open Source allows you to develop, because it allows for parallel development by experts, not just in one field (such as finance) but in a wide range of fields. You will ALWAYS get a better product by seeing the bigger picture. ALWAYS.

    Lastly, I read Larry Gritz' comments. Yes, ray-tracing produces artifacts, because ray-tracing isn't, in itself, complete. Ray-tracing plus radiosity is vastly superior. However, that isn't going to be 100% perfect, either. But, neither is basic patch rendering. Trivial rendering is fast, consistant and utterly plastic. It's OK, if that's what you want, but I want something better.

    Ray-tracing & radiosity, combined, at 30 frames per second, is a very powerful combination. LG's arguments about artifacts actually diminish at this speed, as anything that doesn't carry over won't be seen, and is therefore irrelevent. (The "Genesis Effect", in Star Trek: Wrath of Khan, used a similar argument. It was relatively low-res, but so fast that you would never be aware of that.)

    Lastly, it might surprise you that the Free Film Project - a project based on my belief that Open Source movies can be viable and as high quality as any commercial product - is doing very successfully at demonstrating that Open Source -IS- a perfectly viable way to make movies.

  • If didn't realize it would get involved in risks like this when it decided to fund /., they didn't do enough research. has always been a vocal supporter of freedom of the press. Personally, I think they're itching for the chance to get into just that sort of fight, especially since they know they will:
    A) Win; and
    B) Get all sorts of useful publicity from it

  • My opinion of BMRT is based, not on blind ignorance, but experience with virtually every free (as in "free speech") and/or zero-cost rendering system out there, and a fair number of commercial ones, too. My degree in Maths and Computing (with Honors) certainly didn't hurt.

    Ok, let's answer a few points here. I'm not inclined to "sexiness", but quality. Ray-tracing is, in itself, not enough, for the reasons you say. It -does- produce artifacts, because it deals with direct reflection only, and typically only a limited number of generations. Accurate rendering requires that the system also support diffuse reflection, and an "unlimited" (read: until you fall below the displayable threshold) number of generations of each.

    BMRT, Radiance, and a number of other systems, support a system known as Radiosity, although Radiance's implementation of this is (according to their own documents) rather unorthodox.

    Once you take into account diffuse reflections, as well as direct, and allow more than 1 or 2 generations, you will find that artifacts are greatly reduced, although the computation time is (necessarily) increased dramatically.

    Then, there are the remaining artifacts to consider. Well, at 30 frames per second, you honestly don't need to consider any that are only present in one or two frames. They simply won't be visible. "Small" artifacts can be dealt with by super-sampling, rather than relying on one-shot methods.

    The bottlenecks in CGI are, in no particular order:

    • Generation of the data
    • Rendering of the data
    • Post-processing of the images

    The generation is trivial. Once you have a basic heirarchical definition file, you can simply specify points and in-between the frames, from there. Anyone familiar with computer graphics knows these techniques, they're bog-standard.

    Rendering is non-trivial. You have to pass the data set to each computer in the render-farm, and specify the window each computer is to calculate. This isn't too bad, if you remember that each window (and each computer) will render at a different rate, which means the components will be returned out of sync. Just make sure everything's labelled, and you're fine.

    The bandwidth isn't horrible, either, precicely BECAUSE of the sync problem. Here, you can turn the problem into a strength. Rendering takes time, but so does passing data. If you can spread the load, over time, by ensuring that no two computers are ever wanting to send or receive data at the same time, there simply isn't a bandwidth issue. A reasonable-speed network should easily support even massively-scaled render farms that don't compete for network time.

    Actually, you can go one stage further. Since you generate frames, by in-betweening, you can simply pass the reference frames to the machines in the render farm, and have them generate the data sets themselves.

    The returning images are likely to be a bigger problem than the data, but even then, it's not too bad. Let's say you use uncompressed TARGA images, to keep things simple, 100 machines, and a total image size of 800 by 600. This means that each machine would need to pass back only 4,800 pixels, or 14,400 bytes. Even over a 14,400 modem, that is only 8 seconds. By staggering each machine by 10 seconds, you guarantee maximum throughput.

    How to get the data back and forth? Well, you -could- use PVM or MPI, but those are really designed more for local area clusters, not widely-distributed ones. They also don't do too well with variable-size clusters, PVM especially. Then, there are various network file systems, such as CODA, NFS, etc. The overheads are silly, for this, though. You -could- use reliable multicast, which would certainly drop the bandwidth requirements dramatically, if you could be sure everyone could receive multicast transmissions. COSM, designed by a former coder, looks VERY nice for this kind of work, though, and is probably what the Free Film Project will use for render farming.

    As a last point, I can't read that jibe on "no idea" without pausing for comment. I probably have a better idea of the bottlenecks, data requirements and bandwidth usage, for heavily distributed projects than those IN CGI production, precicely because I have been involved in raytracing since the days of the 386SX, and networking since the days of the Commodore PET. The maths, I regard as trivial (I saw nothing in the computer graphics courses, at University, which I couldn't have done in my sleep, whilst doing 'O' levels), and computer-generated (rather than human-drawn on a computer) art is something anyone can do, if they have a basic knowledge of linear and non-linear interpolation.

    Personally, much as I respect BMRT, I have little respect for any attitude which depicts the "professional" as innately superior. Nor have I ever. Either a person knows what they're talking about, or they don't. Bits of paper don't impress me. Show me the code, or show me the product, but spare me the platitudes. If I can build radio telescopes at the age of 12, and radionuclide expert systems a few years later, I -think- you can trust that I don't mouth off for the fun of it.

    Naturally, I expect the same attitude - "put up or shut up". That's a part of why I started the Free Film Project. If I think CGI can be farmed out, efficiently, to obtain a high quality of output, I should be able to prove it. And I have every intent of doing exactly that. I -hope-, but don't realistically expect, CGI professionals such as yourself, to accept the results. If the project succeeds, and a proof-of-concept is shown, accept it. Arguing that it's "impossible", once it's been done, is denial bordering on insanity.

With all the fancy scientists in the world, why can't they just once build a nuclear balm?