Slashdot Log In
Andre Hedrick On Hard Drive Copy Protection
from the not-quite-as-bleak-as-you-think dept.
How voluntary is voluntary?
by squiggleslash
Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?
Andre:
SHALL != MAY :: REQUIRED == OPTIONAL
Because no one in the industry wants to be caught out of sync, it has been a running joke that "OPTIONAL" is the same as "REQUIRED"....
HOWEVER, the case of CPRM got a laugh that it could be the first "OPTIONAL" feature that would remain truly "OPTIONAL"! We all laughed around the room.
DVD CSS is in the world of MMC/SCSI, I can not comment.
Choices...
by cnladd
I apologize for the open-endedness of this question, but I have to ask it anyways. :)
If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?
Andre:
Sorry, I do not feel anything! If you wish to know what I THINK, then I will answer the question. The very nature of asking people how they feel about an issue allows one to wrap it in fuzzy language, and this is how we got into this mess. So THINK DAMN-IT do not FEEL, this is silicon and not flesh!
Think about all the software you own for backup -- WORTHLESS in a CPRM environment. OPEN wallets!!!!
Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?
GOOD MORNING!!!!
How to defeat it?
by sulli
If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?
Andre:
Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.
After creating my proposal, it was deemed too complex to use, thus the only way I would withdraw it was to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary.
Thus it appears that I have agreed to drop the no longer needed enable/disable CPRM feature set, because ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support!
Thus we may have finally won the removal of CPRM from your HARD DRIVE!!
WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO!!!!!!!
Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!
Better solution?
by RareHeintz
The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such efforts are doomed - smart people solve legal problems with lawyers, and technical problems with technology, and know the difference.
My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.
Andre:
Media serial number command proposal (e00163r0) by Microsoft, and for the record they are the good guys this time! Ths proposal has more uses than what it is listed. It also used this stuff that is already in the market that you do not know about but use, SURPRISE!!!! (I was also surprised).
This new command could be used a seed for encrypting content, but before you go NUTS - This command is only reporting sections of the IDENTIFY page command. NOT TO WORRY, 30 (thirty) minutes and the HACK to disable it is complete......
It has uses more valuable to Linux than what it is presented as... Imagine that you want automatic hotswap to de/re-register the device, this command is passive and thus will not hang a system....THINK before you COMPLAIN, because I agree technically with the command, and see no harm from it that cannot be undone.
How does 4C justify their position?
by plover
What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?
Andre:
Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.
(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.
Re:How does 4C justify their position?
by Snowfox
How does the 4C justify their position to the consumer? How is this in the consumer's best interest?
Andre:
Don't you what to download the movies you would not pay 7-10 bucks to see at the theater, in exchange for screwing up your computer? Boycott Hollywood and all movies, and see them crumble, is a counter-attack.
I'm still confused
by HuskyDog
I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?
Andre:
BINGO! Give that DOG a DOOLY from the FAIR! (GOOD MORNING!!!!, again)
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?
Andre:
No, the DIRTY work is done in USER-SPACE and the file is written down with standard commands now. The XOR calculations originally proposed for the drive would have made the DRIVE do the DIRTY work.
Is this already approved for SCSI and Firewire?
by VValdo
Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)
First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?
Andre:
It is my impression that the game is over there, but join T10 and raise HELL!
What can we do to help you?
by rho
This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Andre:
Well it appears that everyone has ruined the Christmas vacation of the current officers, (I am glad that I did not accept the potential offer to consider vice-chairman at ths time, but I may reconsider), and all the nasty-grams have been forwarded to the members. We have been asked to review the content by the acting chair, with a notice to re-think the actions to be considered in February.
Also you may vent on , but you will get no answer. I will forward this to the members of the committee.
Cheers,
Andre Hedrick
Linux ATA Development
THIS person writes the linux ATA drivers?? (Score:2)
void drive_interrupt_handler(int p, int i, char d) { //SET the HAPPY BITS!!! // BOING!!!
(p _)=(i-'a')[d]:!(i-'z')?*(p
_)=32:(i>='A'&&i<='Z')&&((3&8|2)[O](d+1,d,24 L),
*(p _)=0[d]=i);
}
Well... (Score:2)
1st Law Of Networking: Loose ends are bad, termination is good.
Can anyone think of a real use for this? (Score:2)
Still would not want it on my desktop/server or Tivo.
The cure of the ills of Democracy is more Democracy.
Re:Drug Side Effects (Score:2)
Complement to this interview on CNN (Score:2)
CNN [cnn.com] is running a complementary article to this interview titled Proposal to limit copyright on hard drives draws fire [cnn.com]. The article presents an overall view of the issues, describes who the different proponents and industry players are, and comments on the implications for end-users and Open Source programs.
Considering the source, this was a well-balanced, well-written article. It also mentions that one of the main proponents of HD copy protection refuses to being interviewed.
Cheers!
EDepends... (Score:2)
For these, ROM/EEPROM is not an option. I can see where there's going to be problems with this copy protection scheme with things like DoD platforms. They like controlling the crypto themselves (and they use a hell of a lot tougher stuff than would be inflicted here)- and this just gets in the way. Also, if for some reason they don't have the magic keys and the drive encrypts something critical and won't decrypt...well, the results could very well be excessively fatal.
Re:DVD players required not to have digital video (Score:2)
Look, if we can get a PC colled down to -40 just to overclock it, if *must* be possilbe to overflush a toilet, if that's your main worry.
Karma karma karma karma karmeleon: it comes and goes, it comes and goes.
questions were better than answers (Score:2)
Re:Well... (Score:2)
...Either that or Robert McElwaine, PHYSICIST!
Schwab
Is this guy's name Robert E. McElwaine? (Score:2)
See the resemblance? Check out the McElwaine classics here [umich.edu]
Re:weak ending (Score:2)
This might be a charitable interpretation, but I think his text got MUNGED.
Vim Prejudiced Moderators (Score:2)
Re:To XOR or not to XOR (Score:2)
In any well designed cipher system, the generated bitstream will never be repeated so the technique you describe isn't of much use. Technicially, the output of the cipher is the "key" and your passphrase or key or whatever is a "key generating key".
So they can suck money out of you. (Score:2)
Fawking Trolls! [geekizoid.com]
Not really... (Score:2)
Not really. Most people are, essentially, sheep. They want bread and circuses--they really don't care how they get them. Juvenal was write. Just look at the policy debates in the US; they're all about how much bread (needed goods) or circuses (unneeed goods) should be given to the masses, financed (of course) by those who actually produce more than they consume.
As long as Joe Q. Luser can get his movie and watch it, as long as he can write a letter to his mommy, as long as this doesn't cost him overmuch, he's happy. He doesn't care that he has no freedom. It's like proponents of affirmative action or hate crime laws--they don't realise, or force themselves not to recognise, that these things are the exact same as that which they are meant to remedy. They don't care that they have become the enemies of freedom, because it is their plates that are full, just like proponents of segregation and discrimination didn't care one bit about the harm their policies caused others--they were OK, and that's all that mattered to them, and matters to their modern-day equivalents.
Joe Q. Luser will not see what he could have had, a world of information, of technology, of freedom and liberty. He's happy with the limited information he receives from his mass-media outlets, the crippled technology he uses and the security provided by eliminating freedom. The corporations and megacorporations are happy because they can line their pockets. The only people who are unhappy are those who saw what the future could have been, who worked for it, and who saw it snatched from them and replaced with a drab substitue.
There are two great modenr dystopias: Orwell's 1984 and Huxley's Brave New World. Of these, Orwell's is the less accurate and the less frightening. Human nature being what it is, that scenario is extremely unlikely--although perhaps somewhat possible. Far more terrifying is the Brave New World in which all are happy and satisfied, in which strife, conflict and competition are a distant memory, in which there is no reason to change and the inhabitants of which, indeed, think that wanting the old ways is insane. They do not realise that they are living second-rate lives; it is impossible even to explain it to them. They are happy--theur bread and circuses are guaranteed and plentiful.
DVD, CPRM, effectively-eternal copyrights and the like are all second-rate technology which fools the masses into accepting drab existenced. The dawn of the Brave New World is at hand. Even now, those of us who recognise what could be are dismissed as crazy, as wanting to stifle growth, of standing in the way of progress. I see now way to stem the bleak tide of control.
Re:Encrypted filesystem? (Score:2)
I'd be surprised if there wheren't anything similar for Linux. Me thinks implementing something at the block-device driver level would be even simpler than at the file-system level.
Btw. the PGPDisk source is available. Search and you'll find.
Breace
Re:This interview is perhaps the worst ever? (Score:2)
Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!
When just before it's stated that this is based on one or two bits to identify the difference tween removable and fixed. In other words how hard to it be to CRACK THAT? Like pretend my MicroDrive is FIXED. I'm sure I've got it all wrong, but PLEASE be a bit more clear about things like this.
Breace
They don't care if its really protecting the code (Score:2)
This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.
Assuming that this, or something like this, is true, it doesn't reallly matter. The goal of the pro-IP community is not to eliminate piracy, but to reduce it -- not from a technical, but rather a practical point of view.
Since the DMCA criminalizes and provides causes of action for circumvention technologies (which anti-copy protection is a species), this could substantially deter the extent to which "user joe" is willing to go to circumvent. Once the hacked machine becomes contraband, leading to risks of forfeiture or worse, folks tend not to own them.
While history showed that a vital industry in copy-protection circumvention has always existed where copy-protection existed, the DMCA wasn't around then. This is different.
Only the marketplace can respond here -- as they did once before. When hard disks became standard equipment, consumers no longer accepted copy-protected software as a matter of course, and a competitive software business responded to consumer demand.
The best response is to provide competitive software that is open and unprotected. This pressures competitors to follow suit -- provided the rank-and-file actually give a damn. Traditionally, "user joe" doesn't much care about legal or technical things, but he REALLY GETS PISSED WHEN HIS SOFTWARE STOPS WORKING. If this happens again, the copy pro won't matter because businesses won't use it by sheer force of capitalism.
To XOR or not to XOR (Score:2)
And now a reading from the book of Schneier (Applied Cryptography)
It may be time to dust off my abacuss and sharpen up the crayons.
Re:Does this apply... (Score:2)
Re:DVD players required not to have digital video (Score:2)
I love seeing that lie about VCRs. I have two VCRs that don't give a rat's ass about macrovision. Macrovision was designed to confuse the AGC on VCRs. Only the more expensive VCRs have AGC's that can deal with this noise. Just about all video decoders will capture macrovisioned signals without distortion -- and set a bit somewhere to tell you macrovision is there. [For the record, there are even DVD+VCR combo devices available now too. I don't know how the hell they get away with it, but there it is.]
Low water use is mandated by the Clean Water Act. If you bothered to keep up with what us humans are doing to ruin the planet, maybe you'd understand why this matters. [FWIW, the Colorodo river no longer reaches the ocean. etc. etc. etc.]
Re:Uhh... (Score:2)
I don't think it's uncomfortable in the same way though. When someone is yelling at me, I want to hit them. When THIS guy USES CAPS too MUCH, I just want to close my browser.
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
RAID's an interesting approach (Score:2)
Explanation (Score:2)
The tech proposed (as I understand it) basically gives an ATA drive a key with which it encrypts/decrypts data on writes/reads. Basically the end result is that if you burn a file (say an MP3) to a cd only the drive that burned it will have the keys to decrypt it. That's my rough understanding... and this would apply to HDs as well...
Now from what I deciphered from his answers the revisions mean that 1) the encryption will only be done for removable media and 2) it will be done by software, not the drive controller
Basically if I interpreted the answers correctly, it means that those of us using Linux or other Open Source OSs won't have to worry about it because our software won't be using the encryption so that CD of MP3s burned on a Linux box will be readable on any system... although disks created on OSs using the system will still not be readable by us...
I think I deciphered that correctly =)
.technomancer
Re:Andre's Cred (Score:2)
Re:So they can suck money out of you. (Score:2)
Can't you at least read a little of the discussion before making such an inane comment?
You May Want to Try *Scramdisk* (Score:2)
Many people use it on Windows instead of PGPdisk. I don't know about you, but after that ADK fiasco, I have serious doubts about NAI's ability to review and ponder their own code. It seems to me that, being the #1 encryption software provider on the planet, they'd be a big target for tempting offers from certain 3-letter agencies to munge a piece of code here or there.
Scramdisk, on the other hand, is worked on by only a few core people, not dozens, giving less of a chance for deliberate tampering. Just an opinion, but it seems that having a few trusted people close to the project working on the code is better in a security product than delegating its creation and upkeep to dozens. And of course, the source code is completely open. Grab it and compile it if you're uber-paranoid.
It also has advantages PGPDisk doesn't, such as support not only for Win9x and WinNT/2k, but a Linux port is in the works. It's freeware for Win9x and Linux, payware for NT/2k.
It also has better algorithm choices than PGPDisk. You get your choice of 9 algorithms, including Twofish, and more are on their way.
Might be worth trying. Scramdisk also has some support for steganography in WAV files, and better yet, for entire encrypted partitions, not just container files. It's very respected, particularly in security-oriented groups on USENET.
Re:Encrypted filesystem? (Score:2)
Rich
Copy protection is bad, mkay? (Score:3)
The jargon file (4.2.3) says it best:
copy protection n.
A class of methods for preventing incompetent pirates from stealing software and legitimate customers from using it. Considered silly.
M-x psychoanalyze-hedrick ? (Score:3)
"How many retired bricklayers from FLORIDA are out purchasing PENCIL SHARPENERS right NOW??"
Re:Encrypted filesystem? (Score:3)
Yes it would. Just because something had a primary useful purpose which is not circumvention of copyright doesn't mean somebody with a lot of money won't push to give it a semi-outlawed legal status.
I remember a certain consortium runnign round recently telling the judge They're DECRYPTING DVDs! Um, yes, and so is every other MPAA licensed player. OMS and the resulting players, Xine and OMS, just chose to reverse engineer their decryption keys rather than pay for an MPAA license and the associated restrictions - because they are open source, they cannot do so anyway.
Uhh... (Score:3)
The questions wern't answered terribly well(I'm not going to single any out), AND HE YELLED WAY TO MUCH!!!!
It was PAINFUL to READ!
Are they SURE that's REALLY Andre Hedrick? It LOOKS like some l33t k1dd13's RESPONSE!
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
B1FF or ZIPPY? (Score:3)
Is it me, or is the CONSTANT use of CAPS hugely out of line with the value of the discourse? Maybe I've just trained myself to hate this writing style, but I found it very very hard to take the comments seriously with this kind of RIDICULOUS compositional STYLE.
Shrug.
Know your audience (Score:3)
Although amusing, somehow I doubt this analogy will hit close to home for most of us.
--------
Spin Police Response (Score:3)
OK, It's time we stopped using their terms and doing their spin for them. Let's call it "content control" which is what it is and not copy protection which it doesn't
Rich
Re:Uhh... (Score:3)
"That's bad...bad!...BAD!...BAD!"
This guy was useless. I wanted a rally point---whom shalll we put pressure on.
He provided no real technical explanation, no point of focus toward protest effort, and basically said "Well, write off scsi, they're fucked anyhow...."
Thanks. With incoherent jibble like this, I don't need Shrub.
I guess the only answer is this:
There will be no help: no politicians, no corps, no Naderuseless groups of "protect the ATA whale" freaks. Sorry no dice. No help. Bought and sold.
So....
The only answer is coordinated subverted opposition and cooperation:
How do we proceed to build the hack.
I volunteer. I don't know a damn thing. But I'll volunteer the cycles and I'll shuttle emails, I'll be a dead drop for info passing. I don't care.
I am sick of the fed/corp screw.
END OF LINE, dammit! (Cartman voice)
Re:Um. Who is this guy? (Score:3)
Well, if you run linux on consumer hardware, this guy is the one responmsible of the IDE drivers. Its web site is at www.linux-ide.org [linux-ide.org]
Cheers,
--fred
Next Week... (Score:3)
"Waht iS Lunix and woh cals yuo AAT?"
"Me Ted"
Andre's Cred (Score:3)
Andre Hedrick, Linux ATA dude and member of the committee that sets ATA hard drive interface standards...
How did he become a part of that committee? Was he elected or appointed? Did he have to do sexual favours for some of the older members? Seriously though - how does someone attain that (eh-hem) lofty title?
humor for the clinically insane [mikegallay.com]
Possible explanations: (Score:3)
- This is Andre's NORMAL arguing technique. YOW! By confronting the ATA committee with CONFUSION like THIS they'll tie themselves in KNOTS and not adopt STUPID copy PREVENTION schemes like THIS ONE!!!
- Andre PASSED HIS COMMENTS through the TYPE of encryption PROPOSED for ATA to PREVENT the copying of stuff. ZAPP!!
- It's Andre Hedrick Day in BRAZIL [hypermart.net], and APPARENTLY CHARLES MANSON thinks he needs TO CALM down!! (OUCH!!)
Who knows? I'm sorry, but I couldn't make head or tail of his answers, except possibly that he's being flippant because he finds the 4C proposals absurd.--
DVD players required not to have digital video out (Score:4)
And video cards with TV outputs are required to support macrovision.
VCRs are required to screw up recording when they see the macrovision signal.
New toilets are required to use no more than 1.6 gal per flush.
Rights? What rights?
Um. Who is this guy? (Score:4)
Man, those were some INCOHERENT answers! With lots of CAPITALS! It's the DIRTY STUFF in USER SPACE, man!
So he got the questions yesterday evening, and the answers this morning? I bet he was already drunk when he received them :)...
Encrypted filesystem? (Score:4)
I'm no Linux guru but I bet someone here could develop just such a tool - and it probably wouldn't even qualify as "circumvention" under DMCA because there are lots of good reasons to encrypt your HD data. Of course there is the processing overhead, but that's getting cheaper every day (except for Mac users).
Re:Drug Side Effects (Score:5)
------------------
Next time somebody please remember to... (Score:5)
...check that they didn't SCREW WILDLY the night before.
...disable the perl script that inserts RANDOM capitalizations IN the TEXT.
Zippy The Pinhead Lives? (Score:5)
Let's try an experiment - Decide which of the following quotes are from Andre, and which are from Zippy the Pinhead:
answers below
Farther down.
Here they are!
Answers:
IN a more serious vein, it does sound like the hard drive problem either won't happen or will be easy to overcome... YOW!
This interview is perhaps the worst ever? (Score:5)
weak ending (Score:5)
Hard Drive Copy Protection my ass! (Score:5)
This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.
The reason it is possible to defeat all copy protection, is simply because with todays computers you have access to the software you are running; you must have access to it, or it could not be on your system.
To defeat copy protection, you need only analyze how the software protects itself from illegle copying and circumvent it through the use of additional software, or modifying the original software.
Software companies can make the process as complicated as they want, the US can pass laws banning all reverse-engineering (Which is the equivilant of banning simple problem solving concepts, ie: 2x4 = 8 but legally you can't find out what 8/4 = ). Or the other way around, (Few what a paradox).
The only solution to prevent illegal copying is either to have very good public relations and rely on the honesty, and ethic of the general public in relation to your product (This is the best solution);
Or to offer your product on 'closed' systems, that is, systems where installing software and working with the contents of memory yourself - are next to impossible. Systems which are not made to be configured by the general public.
To my knowledge, these systems really don't exist; as everything today is made programmable, and the concepts are understood by everybody. You can program for game consoles, PDAs and home computers. And until the price of fabricating technology comes way, way down; there is not going to be a solution to the problem of copy protection because systems are made to have multiple uses, and this in itself gives anyone the ability to modify their software to do things it was not intended to do.
People demand these options, companies provide them, and then companies get angry that people demand total control over the products they own. It's BS.
I say, take back the right to use software however you wish; it's up to the companies to convince the users that their software is worth paying for.
I have a copy of Windoze, I use it regularly, and I refuse to pay for it because I am not convinced, not in the least, that it is worth a hundred bucks; not to me, and not to most computer users. It is closed-system software, and it sucks.
If microsoft had not cornered the software market so long ago, I would not be forced into running their crappy product for compatibility issues; and therefore I feel I have the right to use it free of charge, how else am I going to play Counterstrike...
Does this apply... (Score:5)
Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?
Inquiring minds want to know...