President of RIAA Says Sony-BMG Did Nothing Wrong 631
Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" It seems that the latest spin is to portray the Sony rootkit as no more of an issue than a software coding error that unintentionally creates a security hole. Will they get away with it among the non-technical public?" Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!
Fantasyland! (Score:1, Interesting)
Hey Hemos! What color is the sky on your planet? Think about it for a minute. Do you truly believe that this minor incident with Sony-BMG will have any significant effect, even with Sony let alone any other label? I guarantee you that Sony_BMG is already scrambling to get the "latest generation" DRMed CDs on the shelves before Christmas. You must live in Fantasyland.
Big Surprise?[ - Radio now] (Score:5, Interesting)
In other news, cows give milk.
Anyone interested in local radio coverage of this story, CJME.com is about to do a show on the Sony rootkit, you can listen live at 10:05AM CST, and again in the evening for a rebroadcast. Sorry, no podcast is made.
If... (Score:3, Interesting)
However, I doubt that Sony would have clearly indicated the presence of the rootkit. How do you even begin to clearly indicate the presence of something that most people don't even understand? I haven't been following the case, though, so I can't say anything more about it.
Re:Thank goodness for Konqueror (Score:5, Interesting)
punish RIAA (Score:1, Interesting)
An I am such a sissy that I post this AC
Sauce for the Gander (Score:3, Interesting)
I truly, deeply, and sincerely hope all his personal computer systems are rooted by all the DRM flavors out their simultaneously. Then he can live with what he claims is not a problem at all for the rest of us.
Re:Markets always trump cartels eventually (Score:5, Interesting)
I see a big reason for "major" labels, actually. I look at it as a co-op of bands that distribute the cost of production and marketing across hundreds of "talented" bands.
My problem is with the anti-freedom maneuvers of the labels. They corrupted radio rights, they helped destroy copyright, they subsidized the DMCA and they fostered anti-speech creations like Tipper's parental warning label and other bad ideas. I have no problem with stupid business tactics, it is when the law protects it that I'll call foul.
Re:Commercial rootkit? (Score:5, Interesting)
I have loaded the Sony DRM sigs but have gotten hits from other products. I am wondering if this is a false alert or another company using this root kit for DRM
000 : 50 4F 53 54 20 68 74 74 70 3A 2F 2F 77 77 77 2E POST http://www./ [www.]
010 : 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 2F 4D 50 photoshow.net/MP
020 : 53 4E 41 70 70 53 65 72 76 65 72 2F 73 65 72 76 SNAppServer/serv
030 : 69 63 65 73 2F 6C 6F 67 67 69 6E 67 20 48 54 54 ices/logging HTT
040 : 50 2F 31 2E 30 0D 0A 41 63 63 65 70 74 3A 20 61 P/1.0..Accept: a
050 : 70 70 6C 69 63 61 74 69 6F 6E 2F 2A 2C 20 61 75 pplication/*, au
060 : 64 69 6F 2F 2A 2C 20 69 6D 61 67 65 2F 2A 2C 20 dio/*, image/*,
070 : 6D 65 73 73 61 67 65 2F 2A 2C 20 6D 6F 64 65 6C message/*, model
080 : 2F 2A 2C 20 6D 75 6C 74 69 70 61 72 74 2F 2A 2C
090 : 20 74 65 78 74 2F 2A 2C 20 76 69 64 65 6F 2F 2A text/*, video/*
0a0 : 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20
0b0 : 74 65 78 74 2F 70 6C 61 69 6E 0D 0A 55 73 65 72 text/plain..User
0c0 : 2D 41 67 65 6E 74 3A 20 53 65 63 75 72 65 4E 65 -Agent: SecureNe
0d0 : 74 20 58 74 72 61 0D 0A 48 6F 73 74 3A 20 77 77 t Xtra..Host: ww
0e0 : 77 2E 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 0D w.photoshow.net.
0f0 : 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A
100 : 20 31 36 33 0D 0A 50 72 6F 78 79 2D 43 6F 6E 6E 163..Proxy-Conn
110 : 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 ection: Keep-Ali
120 : 76 65 0D 0A 50 72 61 67 6D 61 3A 20 6E 6F 2D 63 ve..Pragma: no-c
130 : 61 63 68 65 0D 0A 0D 0A 3C 3F 78 6D 6C 20 76 65 ache..........
190 : 3C 69 6E 73 74 61 6C 6C 49 64 3E 35 66 37 35 30 5f750
1a0 : 34 66 36 33 61 66 38 37 38 35 61 39 32 63 36 33 4f63af8785a92c63
1b0 : 63 62 64 38 30 61 38 66 63 63 66 3C 2F 69 6E 73 cbd80a8fccf
1d0 : 3C 2F 73 65 72 76 69 63 65 3E 0D 0D 0A
For the non-technical: (Score:5, Interesting)
Now, if only the non-technical people could see this....
Justification still stupid (Score:3, Interesting)
This is another of the RIAA's great stabs at PR by pouring gasoline on a fire.
Makes you wonder of any of their people went to business school.
SonySuit.com - Strike back in Small Claims Court (Score:5, Interesting)
On the civil side, you don't have to wait for the class action lawsuits against Sony BMG Music Entertainment and First 4 Internet to wind their way through the courts -- you can sue on your own in Small Claims Court. For a useful guide to get you started, visit SonySuit.com [sonysuit.com].
Real fallout might be MS and Anti-virus Cos (Score:2, Interesting)
Need a new distribution method (Score:2, Interesting)
Cost of entry for a new band would be minimal, just upload your song(s) and convince a DJ to check it out and rate it. Which isn't that hard, most of them are pretty sick of hearing the same old crap 15 times a day. This already happens with tapes but tapes aren't easy to distribute, whereas with this, distribution is automatic (as long as the DJ liked it and others check out the particular DJ's new song list).
Re:Thank goodness for Konqueror (Score:3, Interesting)
zone "spammers.com" in { type master; file "devnull.master"; };
zone "phishers.net" in { type master; file "devnull.master"; };
Then create a zonefile "devnull.master" with records like this:
* IN A 127.0.0.1
@ IN MX 5 127.0.0.1
and none of your users will see any web traffic or be able to "unsubscribe" from them ever again...
All well and good... (Score:3, Interesting)
RIAA and their PR (Score:4, Interesting)
Re:Markets always trump cartels eventually (Score:2, Interesting)
Re:Responsible? (Score:3, Interesting)
No, what Sony has done is much worse than copyright infringment; it's very nearly terrorism!
Re:Markets always trump cartels eventually (Score:3, Interesting)
No, really. With the media consolidation what's to stop Sony, Capitol, etc. from buying up the radio stations? No payola necessary. The "DJ" (well. teleprompter reader really) will play the queued music from the satellite feed and announce them with a smile, or not keep his job. No payoffs required once the media consolidation process is complete.
There will still be an independent station here and there, but how much would you want to bet that the RIAA and Artist Rights Enforcement Corporation won't raise the licensing fees to air major labels' material once the consolidation of mainstream stations is complete?
software installs WITHOUT EULA agreement (Score:3, Interesting)
I'm really hoping that lawsuits brought up with this stuff brings the whole "I can put anything I want into an EULA and it's binding" mantra we hear from certain software and content providers.
SCO says, HEY! LOOK AT ME! pleeeease?!!! (Score:5, Interesting)
A high-placed source at Sony BMG has emailed me with some interesting information about the ongoing rootkit DRM fiasco. My source says,
Re:Markets always trump cartels eventually (Score:5, Interesting)
for your parent's argument about major labels having a place... big bands do sign bad contracts all the time. why? advertising. they know they can get somewhere. think about that one. the beatles had a terrible contract, but they made more money afterwards when they did their own thing with apple records. a lot of the bigger bands today make their money through other means, not record sales. record sales means popularity, nothing more, nothing less. the more popular they are, the more poeple go to their concerts (where almost all the revenue goes to to the band). so far, the record labels haven't been able to touch concert revenue (don't you think they would've loved a chunk of the change bands like phish and the grateful dead made from touring alone?). the big label gets them advertisements, that's all (although phish and the dead became popular through word of mouth, the label just got them new fans).
Music CDs are Data STORAGE (Score:1, Interesting)
That is the inherent problem with their argument. Its apples to oranges. Games install copy protection, but a game is designed to run on the PC.
This is very much like buying a book, a medium which stores the written word and is replayed by your eyes and brain, and the pages are laced with an invisible substance that is absorbed into your skin and prevents you from repeating the story. A computer is an extension of your brain, and illegally installing protection software and hiding it very much like illegally drugging someone to force them to do your bidding.
Comment removed (Score:3, Interesting)
Re:Markets always trump cartels eventually (Score:2, Interesting)
"Consolidate Your Media Library Finally, you can manage all your content - from personal photos and high-definition camcorder video, to downloaded movies and music, to recorded TV shows, to your CD and DVD collection, and more - from the comfort of your couch. With its 200-disc mega-changer, the XL1 Digital Living System(TM) boasts a whopping 1.7TB of CD and DVD disc storage that's easy to access and enjoy with the included remote control or wireless keyboard. It's the player you've been waiting for, and since it's also a PC, you're conveniently connected to the data that will let you keep track of your media and enjoy it to the fullest."
A recent review of this product in a PC World/Mag (one of those) said you could put your entire CD collection in it and set it to rip all your CDs to the hard drive automatically overnight! Except for Sony's own XCP CDs!The ultimate would be.. (Score:2, Interesting)
Re:No regedit required at all... (Score:2, Interesting)
Do markets *always* trump cartels? (Score:3, Interesting)
I suppose the problem is going to be that all cartels fall in time, and in every case the role played by the market is going to be open to debate.
Anyway, I'm curious as to whether you cite any examples.
Re:Unaware? (Score:5, Interesting)
Rootkits are revealed on the network via firewall logs, and I've always tracked them down via this method. I suppose there may be kits that I may not be seeing, but they don't appear to be phoning home.
Remember that you can hide a file from the API, but you can't hide from NTFS itself otherwise you risk getting overwritten.
It's entirely possible that administrative shares get their file list from the disk volume itself and translate the information when it arrives using the clean kernel rather than the potentially infected API on the remote machine.
I'd be interested to know if anyone knows for certain if this is the case?
There's all the difference in the world. (Score:2, Interesting)
Sherman is wrong. There's an enormous difference between a security hole in DRM software and standard software: normally, any software I install on my machine is running with my permission and knowledge, performing a function that I chose and doing it for my benefit. Sony were trying to get their code onto end users' computers without those users understanding exactly what is was doing, and naturally the software functioned entirely for the benefit of Sony and not the users.
Richard Stallman clearly explained the problem and explained all the issues that Sherman doesn't want us to think about in an essay called Can you trust your computer? [gnu.org]. If Stallman had the marketing clout of the RIAA's members and vice versa, I suspect we wouldn't be in this situation today.
Re:Markets always trump cartels eventually (Score:3, Interesting)
Thats simply a shame...I've seen too many bands sign bad deals as well (note: I worked in the industry for several years before deciding to go back to school). The fact of the matter is, contacts in the music industry like any other industry are supposed to represent give and take. When my university decided that some of my research was too valuable and took up their right to offer the 'standard' 50% ownership of viable IPs in return for funding my project (after deducting the cost of the office space, percentages of professors above me's salary and a dozen other deductions that would mean that I'd probably owe someone before I saw a single dime -- and the 'scholarship' they offered was included in this) -- I decided to shop the contract around and when my university balked at that, I took my first grant to a former professor now running the sponsored research program of his new school on the west coast. It was a small grant (under $50k) but it got the point across.
The next time I applied for a grant, I was given MUCH better negotiable terms by my university. Both schools are of the same size and stature, so I never had to woodshed in the 'minors' to get my way.
How does this relate to your local bands? At one point I was a signed musician. I think technically I still am and still in contact with my A&R guy who occasionally asks if I can assist on a project. When I was given the contract, I immediately went to a lawyer -- and not the one they suggested -- but not before I read everything myself and made a lot of notes. Almost all of this was common sense when reading this, and my laywer confirmed that most of my concerns were legitimate. The rest of my band signed their rights away immediately (and the label made it sound as though if I didn't sign at the same time, their contracts would be void). I wrote the songs even though I wasn't the lead man, so I had more at stake and didn't give a fuck about their concerns.
Guess what -- without a protest, most of my concerns were addressed and either ammended or stricken. As taught in High School law, contacts are about give and take and the record companies know this. If a stupid metal head or bimbo pop singer is willing to sign anything that it put in front of him or her, they deserve getting screwed on a bad contract. The labels are giving you a contract with everything they could legally hope to attain and nothing more. You should ask for everything you could legally attain and nothing more -- and then an agreement should be struck between the two. And I have no problem with anyone asking for as much as they can get because only an idiot would do so.
So your local bands forgoing major label representation -- so what? They should have hired an entertainment lawyer and had representation from management (starting off -- these should be two seperate items to make certain that no one is out solely for themselves).
Thats more than I wanted to say about the subject.
Re:Markets always trump cartels eventually (Score:5, Interesting)
Interestingly, though, a growing number of artists, including myself, are choosing to survive as 'independent' as its profit margins are higher, and the artists themselves do not forfeit the copyrights to their songs to the labels. When you pirate music, the copyright you are breaching is not of the artist; the copyright for the recording typically is owned by their label.
More on this (and more) is discussed in a paper I wrote, available here [lunavelis.net].
President of RIAA Says Sony-BMG Did Nothing Wrong (Score:2, Interesting)
As disturbing as everything about this case is, the scarier part is how Marc stumbled across this rootkit. Are there enough genius-level diagnosticians amoung us to find the dozens of rootkits that are better crafted than this F4I junk? Rootkits used by governments to spy on each other, AND US? Who was it that called the internet the greatest boon to covert intelligence gathering since the submarine cables in the North Atlantic?
Mr Russinovich, PLEASE open a trade craft school to teach the best and brightest how to detect and code for removal of these threats. Corporations and governments will pay for their security experts to learn, professors will seek the knowledge to teach others, and AV companies will pay to send programmers to learn how to code removal tools for a lucrative new market, Ignore pleas by our overlords at MS and the Fed. Hopefully the designers of removal tools will not bow to pressure from the lazy spook types, who won't be able to sit back and snoop PCs for much longer before being found out.
Don't forget the songwriters (Score:3, Interesting)
Well, it can mean royalties. And it depends on if you are talking about musicians, performers, or writers. Songwriters get money when their songs do well. Think of the song Torn performed by Natalie Imbruglia. It was a cover song made to fit popular radio. But the original band that did it didn't complain, because they were getting songwriting royalties. (BTW, the original song, of which there are several versions, is much better IMO)
Which is safer? (Score:1, Interesting)
Which is safer?
(1) Buying a legitimate music CD and inserting it into my computer, or,
(2) Downloading the same music in MP3 format from eMule, knowing that each file has 50 different sources, all with the same security signature?
The answer to that question has been irrefutably decided this month.
This is a significant turning point in the history of music distribution.
Public Domain/Radio (Score:3, Interesting)
Only listening to PD stuff doesn't stop me from being afraid of a large corporation like this though, they're bullies and it's apparent that they'll sue anyone, guilty or not. I honestly don't think I could list a single band that is on the top 40, let alone very many current (as in new) bands!