Andre Hedrick On Hard Drive Copy Protection 143
How voluntary is voluntary?
by squiggleslash
Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?
Andre:
SHALL != MAY :: REQUIRED == OPTIONAL
Because no one in the industry wants to be caught out of sync, it has been a running joke that "OPTIONAL" is the same as "REQUIRED"....
HOWEVER, the case of CPRM got a laugh that it could be the first "OPTIONAL" feature that would remain truly "OPTIONAL"! We all laughed around the room.
DVD CSS is in the world of MMC/SCSI, I can not comment.
Choices...
by cnladd
I apologize for the open-endedness of this question, but I have to ask it anyways. :)
If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?
Andre:
Sorry, I do not feel anything! If you wish to know what I THINK, then I will answer the question. The very nature of asking people how they feel about an issue allows one to wrap it in fuzzy language, and this is how we got into this mess. So THINK DAMN-IT do not FEEL, this is silicon and not flesh!
Think about all the software you own for backup -- WORTHLESS in a CPRM environment. OPEN wallets!!!!
Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?
GOOD MORNING!!!!
How to defeat it?
by sulli
If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?
Andre:
Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.
After creating my proposal, it was deemed too complex to use, thus the only way I would withdraw it was to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary.
Thus it appears that I have agreed to drop the no longer needed enable/disable CPRM feature set, because ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support!
Thus we may have finally won the removal of CPRM from your HARD DRIVE!!
WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO!!!!!!!
Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!
Better solution?
by RareHeintz
The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such efforts are doomed - smart people solve legal problems with lawyers, and technical problems with technology, and know the difference.
My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.
Andre:
Media serial number command proposal (e00163r0) by Microsoft, and for the record they are the good guys this time! Ths proposal has more uses than what it is listed. It also used this stuff that is already in the market that you do not know about but use, SURPRISE!!!! (I was also surprised).
This new command could be used a seed for encrypting content, but before you go NUTS - This command is only reporting sections of the IDENTIFY page command. NOT TO WORRY, 30 (thirty) minutes and the HACK to disable it is complete......
It has uses more valuable to Linux than what it is presented as... Imagine that you want automatic hotswap to de/re-register the device, this command is passive and thus will not hang a system....THINK before you COMPLAIN, because I agree technically with the command, and see no harm from it that cannot be undone.
How does 4C justify their position?
by plover
What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?
Andre:
Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.
(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.
Re:How does 4C justify their position?
by Snowfox
How does the 4C justify their position to the consumer? How is this in the consumer's best interest?
Andre:
Don't you what to download the movies you would not pay 7-10 bucks to see at the theater, in exchange for screwing up your computer? Boycott Hollywood and all movies, and see them crumble, is a counter-attack.
I'm still confused
by HuskyDog
I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?
Andre:
BINGO! Give that DOG a DOOLY from the FAIR! (GOOD MORNING!!!!, again)
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?
Andre:
No, the DIRTY work is done in USER-SPACE and the file is written down with standard commands now. The XOR calculations originally proposed for the drive would have made the DRIVE do the DIRTY work.
Is this already approved for SCSI and Firewire?
by VValdo
Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)
First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?
Andre:
It is my impression that the game is over there, but join T10 and raise HELL!
What can we do to help you?
by rho
This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Andre:
Well it appears that everyone has ruined the Christmas vacation of the current officers, (I am glad that I did not accept the potential offer to consider vice-chairman at ths time, but I may reconsider), and all the nasty-grams have been forwarded to the members. We have been asked to review the content by the acting chair, with a notice to re-think the actions to be considered in February.
Also you may vent on , but you will get no answer. I will forward this to the members of the committee.
Cheers,
Andre Hedrick
Linux ATA Development
Re:Uhh... (Score:1)
Isn't it strange that reading caps-locked text really feels just as unpleasant as if someone was shouting at you?
Re:Drug Side Effects (Score:1)
Come to think of it, if I had to deal with IDE issues all day, I'd partake in a little of the rocky stuff myself.
Re:To XOR or not to XOR (Score:1)
1. Generate a string of psuedo-random bits C the same length as the plaintext P.
2. the encrypted text E = P XOR C.
3. decrypt by E XOR C
The arithmetic is that simple, once you have the key C at both ends. The problem is, if you use that same string of bits twice, you are dead; the CIA has cracked things like this just by comparing the two encrypted messages. So most (non-public-key) encryption routines will use some formula that expands a secret key out to a nearly infinite string of bits, so you can use each part of it just once. Shifting and XOR'ing parts of the key with itself are usually part of that. This reduces the problem to protecting the formula and the secret key from analysis -- and most modern encryption routines use the cypher bit string in a bit more complicated manner in order to make this more difficult.
Or, in the strongest encryption known, you use a true random number generator, one that works on quantum fluctuations in hardware. You make exactly two copies of C. Then you have someone hand-carry one copy to the intended recipient. Once you know it got there without being copied, you use a piece of it to encrypt, the recipient uses the same piece for decrypt, then you both erase those bits. Since there is 1 random bit for each message bit, there is no pattern for a codebreaker to work on. Your only chance is to subvert one of the humans in the system. The traditional implementation of this technique (back when codes were worked by hand) was as a "one-time pad", where they would convert each letter to a number and add the code modulo 26. It's a little easier to do in your head than converting to binary, but gives the same result. The numbers could be generated by something like a Lotto machine. Then a clerk would type each number (manual typewriter) onto a sheet of paper with ONE carbon, triple spacing to leave room to work out the arithmetic underneath. (And you thought your job was boring.) The sheets were assembled into two identical pads, and one goes off by courier. You'd use a sheet once, then burn it.
This was definitely unbreakable as long as everyone followed the rules. Therefore the Soviets under Stalin used it. But around 1940 as the world situation heated up, their lotto machines fell behind the demand. So they started putting three carbons in their typewriters and thereby doubled their output. Surely re-using the code just once wouldn't hurt right? Wrong. Our codebreakers were usually five years behind, but they did crack thousands of messages eventually. Some of that fuss about Soviet spies from 1945 to the mid 50's was real -- based on decrypted messages, but they couldn't bring the decrypts into court when they tried the spies because the Soviets would have plugged the leak.
Screw CPRM (Score:1)
Um, that was helpful. Not. (Score:1)
Re:DVD players required not to have digital video (Score:1)
- A.P.
--
* CmdrTaco is an idiot.
Re:Good information (Score:1)
Dude, you've obviously never talked to Cliff Stoll. Compared to him, Andre's on Valium. I'm having this vision of Cliff sitting...well, above a chair, with the cushion averaging about four inches or so above the chair, and Cliff himself about another five or six above that as he bounces up and down. One of the marks of someone who cares far more about what they're saying than about looking cool...obviously excited about the topic. Andre strikes me in a similar fashion.
Re:Drug Side Effects (Score:1)
however, whether you like his atypical style or not, he definitely knows his stuff - he maintains all the linux-ide drivers, implemented most of the newer stuff in them (ATA33/66/100, serial ATA, etc..) and was invited to sit on the T13 committee that decides on future ATA standards - a committee typically composed of representatives from various vendors.
you can rest assured he didn't get that seat cause the committee were looking for a dealer.
Re:Hard Drive Copy Protection my ass! (Score:1)
I fail to see how a debugger in RAM is going to capture anything interesting if the decryption is done inside the monitor. Yes, this hard drive encryption is silly, but it can be done easily enough if someone has the determination.
The wheel is turning but the hamster is dead.
Re:Hard Drive Copy Protection my ass! (Score:1)
- User requests secure file from a remote site
- Remote machine asks for Hardware (in this case, it's a hard disk) ID number
- Remote site checks uniqueness/validity of number
- Remote site sends back a key to unlock that media with specific hardware.
- User proceeds to download encrypted media.
- User can now view media from that hardware, but not from any other hardware.
Of course, this doesn't stop anyone from intercepting the decrypted data leaving the hard disk -- but that is akin to recording your favorite DVD onto VHS (or mpeg-4, or whatever). Plug Intel's new encrypted monitor spec in, and the data won't be decrypted until it gets to the monitor...Yes, I am afraid you can securely encrypt data. They know how, and they will do it eventually. Until then, we need to educate. Just like dongles of yesteryear, but without the hassle of plugging anything in.
The wheel is turning but the hamster is dead.
Re:Encrypted filesystem? (Score:1)
Check kerneli.org [kerneli.org] for some more info, as well as encryptionhowto.sourceforge.net [sourceforge.net]
Re:Encrypted filesystem? (Score:1)
Interesting communication skills (Score:1)
Did he used that style of language to intimidate the committee too?
*ducks*
Re:So they can suck money out of you. (Score:1)
Fawking Trolls! [geekizoid.com]
Not Quite.. (Score:1)
Seriously, have you ever seen Ballmer in an interview? He talks like this guy writes..
Re:Drug Side Effects (Score:1)
Re:DVD players required not to have digital video (Score:1)
Anyway, why hide behind "Anonomyous Coward"? Is is because you don't want Mommy and Daddy to know that you are using the computer when they told you not to? Or maybe it is because you are a yellow-bellied, chicken-shit goat fucker???
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
Re:DVD players required not to have digital video (Score:1)
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
What about Hardware Abstraction? (Score:1)
If this is the case, why not write a hardware abstraction layer that traps for the command to retrieve said key, and instead return some bogus, bub non-unique key? Obviously this would affect performance a bit, but the impact shouldn't be that big.
Also, how the hell would this affect those of us running RAIDs? or are we not allowed to do that either?
Move to Canada: No DMCA, no UCITA, no software patents, no bullshit.
The man thinks without feeling (Score:1)
...and is nigh incomprehensible. Ladies and gentlemen, we have ourselves a robot.
Which is scary. Because robots are scary. Or funny. Or both [1000robots.com].
This comment may only be cached on copyright-enforcing hard drives, because I own the copyright and therefore 1 0WNZ J00.
< tofuhead >
Re:The man thinks without feeling (Score:1)
Whoops, not quite the best link. But 1 5T1LL 0WNZ J00.
Here you go. [1000robots.com]
Re:weak ending (Score:1)
im concerned (Score:1)
Just think, the freedom of our harddrives is in the hands of this man.
I wonder if big industry executives can even take him seriously with that kind of attitude.
Re:Andre's answe has put me in doubt. (Score:1)
Re:DVD players required not to have digital video (Score:1)
Future HaXorS will require hardware/firmware curcumvention techniques in order to maintain the current flexibility enjoyed by today's software based circimvention techniques.
If the US public decides to remain allied with Micky Mouse and Hollywood, we may well end up with "Government Sanctioned Codes" along with "Computing Facility Liscensure" before too long.
Re:DVD players required not to have digital video (Score:1)
Re:Encrypted filesystem? (Score:1)
That would circumvent any harddisk encryption or raiding since by the time the data was retreived and verified it would be in a readable format.. Andre mentions that in previous plans the process was the DRIVES responsibility.. but here he counters that.
-Largos
As always, if I appear to be wrong / make a mistake, let me know kindly.
Re:Good information (Score:1)
Here's the interviewee's user page (also her in text -- slashcode is not making it a link for some reason: http://slashdot.org/users.pl?op=userinfo&nick=gbd ), if you have to convince yourself. The writing style is unmistakeable and unreplicable. The only difference is that he never says "GOD" (all caps) and his wife is not mentioned. I guess that's because it's a technical topic.
No problem, you're welcome; glad I could clear that up.
Post-Edit reply (Score:1)
How voluntary is voluntary?
by squiggleslash
Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?
Andre:
SHALL != MAY :: REQUIRED == OPTIONAL
Because no one in the industry wants to be caught out of sync, "optional" tends to be the same as "required." CPRM, however, may be the first "optional" feature that would remain truly "optional."
Choices...
by cnladd
I apologize for the open-endedness of this question, but I have to ask it anyways. :)
If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?
Andre:
The software you keep as "backup" would become worthless.
How to defeat it?
by sulli
If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?
Andre:
Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.
After creating my proposal, it was deemed too complex to use,but I reefused to withdraw it unless we were to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary. Thus ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support.
This may in the end mean we have finally won the removal of CPRM from hard drives. This is good. However, it looks like removable ATA is still going to be bound to CPRM rules. This includes Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "media" and not fixed.
Better solution?
by RareHeintz
The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such
efforts are doomed - smart people solve legal problems with lawyers, and technical
problems with technology, and know the difference.
My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.
Andre:
Media serial number command proposal (e00163r0) by Microsoft is surprisingly good. It also uses stuff that is already in the market.
This new command could be used a seed for encrypting content, but this command is only reporting sections of the IDENTIFY page command, so it will be easy to circumvent.
It is particularly useful for Linux. Imagine that you want automatic hotswap to de/re-register the device.This command is passive, so it will not hang the system.
How does 4C justify their position?
by plover
What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?
Andre:
Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.
(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.
Re:How does 4C justify their position?
by Snowfox
How does the 4C justify their position to the consumer? How is this in the consumer's best interest?
Andre:
[reply omitted as -1, offtopic]
I'm still confused
by HuskyDog
I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?
Andre:
Exactly right.
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?
Andre:
No, now the work is done in user-space and the file is written with standard commands. Originally the drive would have done the work.
Is this already approved for SCSI and Firewire?
by VValdo
Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)
First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?
Andre:
It is my impression that the game is over there, but if you're concerned, consider joining T10 [t10.org].
What can we do to help you?
by rho
This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Andre:
Send email to cprm@linux-ide.org. I won't reply, but I will forward comments to the members of the committee.
Cheers,
Andre Hedrick
Linux ATA Development
Re:Hard Drive Copy Protection my ass! (Score:1)
Re:Encrypted filesystem? (Score:1)
Actually... (Score:1)
1) does he have more of what it is he is taking?
2) would $5 be enough for one hit?
Predjudices? (Score:1)
I, for one, had no problem understanding his responses, and besides being INSIGHTFUL, they were also much more INTERESTING and FUNNY than most of the drivel that gets posted on here© The "wake up after getting screwed" response was pure genius, IMHO©
But for all th' people who have been comparing Andre Hedrick to Zippy the Pinhead, maybe this will help you: Understanding Zippy [wwwzippythepinheadcom]©
-the wunderhorn
SCSI and Firewire (Score:1)
So what.. (Score:1)
I am also taking bets on who will tumble first after both Linux and Windows fail to suport the new technology.
How wrong am I?
THIS person writes the linux ATA drivers?? (Score:2)
void drive_interrupt_handler(int p, int i, char d) { //SET the HAPPY BITS!!! // BOING!!!
(p _)=(i-'a')[d]:!(i-'z')?*(p
_)=32:(i>='A'&&i<='Z')&&((3&8|2)[O](d+1,d,24 L),
*(p _)=0[d]=i);
}
Well... (Score:2)
1st Law Of Networking: Loose ends are bad, termination is good.
Can anyone think of a real use for this? (Score:2)
Still would not want it on my desktop/server or Tivo.
The cure of the ills of Democracy is more Democracy.
Re:Drug Side Effects (Score:2)
Complement to this interview on CNN (Score:2)
CNN [cnn.com] is running a complementary article to this interview titled Proposal to limit copyright on hard drives draws fire [cnn.com]. The article presents an overall view of the issues, describes who the different proponents and industry players are, and comments on the implications for end-users and Open Source programs.
Considering the source, this was a well-balanced, well-written article. It also mentions that one of the main proponents of HD copy protection refuses to being interviewed.
Cheers!
EDepends... (Score:2)
For these, ROM/EEPROM is not an option. I can see where there's going to be problems with this copy protection scheme with things like DoD platforms. They like controlling the crypto themselves (and they use a hell of a lot tougher stuff than would be inflicted here)- and this just gets in the way. Also, if for some reason they don't have the magic keys and the drive encrypts something critical and won't decrypt...well, the results could very well be excessively fatal.
Re:DVD players required not to have digital video (Score:2)
Look, if we can get a PC colled down to -40 just to overclock it, if *must* be possilbe to overflush a toilet, if that's your main worry.
Karma karma karma karma karmeleon: it comes and goes, it comes and goes.
questions were better than answers (Score:2)
Re:Well... (Score:2)
...Either that or Robert McElwaine, PHYSICIST!
Schwab
Is this guy's name Robert E. McElwaine? (Score:2)
See the resemblance? Check out the McElwaine classics here [umich.edu]
Re:weak ending (Score:2)
This might be a charitable interpretation, but I think his text got MUNGED.
Vim Prejudiced Moderators (Score:2)
Re:To XOR or not to XOR (Score:2)
In any well designed cipher system, the generated bitstream will never be repeated so the technique you describe isn't of much use. Technicially, the output of the cipher is the "key" and your passphrase or key or whatever is a "key generating key".
So they can suck money out of you. (Score:2)
Fawking Trolls! [geekizoid.com]
Not really... (Score:2)
Not really. Most people are, essentially, sheep. They want bread and circuses--they really don't care how they get them. Juvenal was write. Just look at the policy debates in the US; they're all about how much bread (needed goods) or circuses (unneeed goods) should be given to the masses, financed (of course) by those who actually produce more than they consume.
As long as Joe Q. Luser can get his movie and watch it, as long as he can write a letter to his mommy, as long as this doesn't cost him overmuch, he's happy. He doesn't care that he has no freedom. It's like proponents of affirmative action or hate crime laws--they don't realise, or force themselves not to recognise, that these things are the exact same as that which they are meant to remedy. They don't care that they have become the enemies of freedom, because it is their plates that are full, just like proponents of segregation and discrimination didn't care one bit about the harm their policies caused others--they were OK, and that's all that mattered to them, and matters to their modern-day equivalents.
Joe Q. Luser will not see what he could have had, a world of information, of technology, of freedom and liberty. He's happy with the limited information he receives from his mass-media outlets, the crippled technology he uses and the security provided by eliminating freedom. The corporations and megacorporations are happy because they can line their pockets. The only people who are unhappy are those who saw what the future could have been, who worked for it, and who saw it snatched from them and replaced with a drab substitue.
There are two great modenr dystopias: Orwell's 1984 and Huxley's Brave New World. Of these, Orwell's is the less accurate and the less frightening. Human nature being what it is, that scenario is extremely unlikely--although perhaps somewhat possible. Far more terrifying is the Brave New World in which all are happy and satisfied, in which strife, conflict and competition are a distant memory, in which there is no reason to change and the inhabitants of which, indeed, think that wanting the old ways is insane. They do not realise that they are living second-rate lives; it is impossible even to explain it to them. They are happy--theur bread and circuses are guaranteed and plentiful.
DVD, CPRM, effectively-eternal copyrights and the like are all second-rate technology which fools the masses into accepting drab existenced. The dawn of the Brave New World is at hand. Even now, those of us who recognise what could be are dismissed as crazy, as wanting to stifle growth, of standing in the way of progress. I see now way to stem the bleak tide of control.
Re:Encrypted filesystem? (Score:2)
I'd be surprised if there wheren't anything similar for Linux. Me thinks implementing something at the block-device driver level would be even simpler than at the file-system level.
Btw. the PGPDisk source is available. Search and you'll find.
Breace
Re:This interview is perhaps the worst ever? (Score:2)
Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!
When just before it's stated that this is based on one or two bits to identify the difference tween removable and fixed. In other words how hard to it be to CRACK THAT? Like pretend my MicroDrive is FIXED. I'm sure I've got it all wrong, but PLEASE be a bit more clear about things like this.
Breace
They don't care if its really protecting the code (Score:2)
This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.
Assuming that this, or something like this, is true, it doesn't reallly matter. The goal of the pro-IP community is not to eliminate piracy, but to reduce it -- not from a technical, but rather a practical point of view.
Since the DMCA criminalizes and provides causes of action for circumvention technologies (which anti-copy protection is a species), this could substantially deter the extent to which "user joe" is willing to go to circumvent. Once the hacked machine becomes contraband, leading to risks of forfeiture or worse, folks tend not to own them.
While history showed that a vital industry in copy-protection circumvention has always existed where copy-protection existed, the DMCA wasn't around then. This is different.
Only the marketplace can respond here -- as they did once before. When hard disks became standard equipment, consumers no longer accepted copy-protected software as a matter of course, and a competitive software business responded to consumer demand.
The best response is to provide competitive software that is open and unprotected. This pressures competitors to follow suit -- provided the rank-and-file actually give a damn. Traditionally, "user joe" doesn't much care about legal or technical things, but he REALLY GETS PISSED WHEN HIS SOFTWARE STOPS WORKING. If this happens again, the copy pro won't matter because businesses won't use it by sheer force of capitalism.
To XOR or not to XOR (Score:2)
And now a reading from the book of Schneier (Applied Cryptography)
It may be time to dust off my abacuss and sharpen up the crayons.
Re:Does this apply... (Score:2)
Re:DVD players required not to have digital video (Score:2)
I love seeing that lie about VCRs. I have two VCRs that don't give a rat's ass about macrovision. Macrovision was designed to confuse the AGC on VCRs. Only the more expensive VCRs have AGC's that can deal with this noise. Just about all video decoders will capture macrovisioned signals without distortion -- and set a bit somewhere to tell you macrovision is there. [For the record, there are even DVD+VCR combo devices available now too. I don't know how the hell they get away with it, but there it is.]
Low water use is mandated by the Clean Water Act. If you bothered to keep up with what us humans are doing to ruin the planet, maybe you'd understand why this matters. [FWIW, the Colorodo river no longer reaches the ocean. etc. etc. etc.]
Re:Uhh... (Score:2)
I don't think it's uncomfortable in the same way though. When someone is yelling at me, I want to hit them. When THIS guy USES CAPS too MUCH, I just want to close my browser.
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
RAID's an interesting approach (Score:2)
Explanation (Score:2)
The tech proposed (as I understand it) basically gives an ATA drive a key with which it encrypts/decrypts data on writes/reads. Basically the end result is that if you burn a file (say an MP3) to a cd only the drive that burned it will have the keys to decrypt it. That's my rough understanding... and this would apply to HDs as well...
Now from what I deciphered from his answers the revisions mean that 1) the encryption will only be done for removable media and 2) it will be done by software, not the drive controller
Basically if I interpreted the answers correctly, it means that those of us using Linux or other Open Source OSs won't have to worry about it because our software won't be using the encryption so that CD of MP3s burned on a Linux box will be readable on any system... although disks created on OSs using the system will still not be readable by us...
I think I deciphered that correctly =)
.technomancer
Re:Andre's Cred (Score:2)
Re:So they can suck money out of you. (Score:2)
Can't you at least read a little of the discussion before making such an inane comment?
You May Want to Try *Scramdisk* (Score:2)
Many people use it on Windows instead of PGPdisk. I don't know about you, but after that ADK fiasco, I have serious doubts about NAI's ability to review and ponder their own code. It seems to me that, being the #1 encryption software provider on the planet, they'd be a big target for tempting offers from certain 3-letter agencies to munge a piece of code here or there.
Scramdisk, on the other hand, is worked on by only a few core people, not dozens, giving less of a chance for deliberate tampering. Just an opinion, but it seems that having a few trusted people close to the project working on the code is better in a security product than delegating its creation and upkeep to dozens. And of course, the source code is completely open. Grab it and compile it if you're uber-paranoid.
It also has advantages PGPDisk doesn't, such as support not only for Win9x and WinNT/2k, but a Linux port is in the works. It's freeware for Win9x and Linux, payware for NT/2k.
It also has better algorithm choices than PGPDisk. You get your choice of 9 algorithms, including Twofish, and more are on their way.
Might be worth trying. Scramdisk also has some support for steganography in WAV files, and better yet, for entire encrypted partitions, not just container files. It's very respected, particularly in security-oriented groups on USENET.
Re:Encrypted filesystem? (Score:2)
Rich
Re:This interview is perhaps the worst ever? (Score:2)
I don't KNOW what it is, but I'd LIKE one.
Re:Hard Drive Copy Protection my ass! (Score:2)
Re:Hard Drive Copy Protection my ass! (Score:2)
But you'd better not tell anyone how to do it, cause that's illegal now (at least in the US). "Trafficing in Circumvention Technology", it's now called.
GOOD MORNING ! (Score:2)
MAYBE I am a bit tired, BUT I just can't make SENSE of answers OF andre.
Could SOMEONE explain me how the thing is SUPPOSED to work. And BTW, all-CAPS words may not be NECESSARY.
("How is it supposed to work ?" was IMHO, by far the most interesting question in the orignal article, but have not been answered here [or I can't make sense of the answer]. As long as we don't understand this, all the issue is FUD...)
Cheers,
--fred
Re:GOOD MORNING ! (Score:2)
I suspect that the whole thing is much more complex, as there is a need for 'trusted' applications (ie: the one that are allowed to manipulate copyrighted data in an unencrypted form), and maybe a public/private key system between those apps and the disk. But in that case, as soon as one of those app would be broken (by reverse engeneering), the data could be read. And,. anyway, it seems possibler to write a disk driver that lie to all the applications and pretend that it encrypt the data even if it don't. Or maybe applications use crypto to assert that the disk knows a private key. But in that case, as soon as one of those disk key would be leaked, a driver could be built that will pretend beeing this disk.
Basically I am lost. If anyone understand this, I would _love_ to get a detailled explanation of how it is supposed to work.
Cheers,
--fred
The SCSI version of all this... (Score:2)
Re:Andre's answe has put me in doubt. (Score:2)
and then Bob would respond with a logical discourse of his thoughts as they relate to the topic at hand in a logical, coherent manner.
Now, when people talk to Bob at the meeting, they ask "Well, Bob... what are your FEELINGS?"
whereupon Bob proceeds to dredge up all his crappy personal baggage while spewing out a bunch of fuzzy double-talk that has very little to do with the issue being discussed.
Intriguing response... (Score:2)
What really intrigued me though, [and which I have not yet read any comments in regard to] is what exactly did he mean by
in regards to unique serial numbers on media? Hmm. Makes me wonder about that registration card I sent in for my CDR, as well as all that cheap [with rebates] CDR media out there.
The pen is mighter then the sword. The sword is mighter then the court. The court is mighter then the pen.
---
ATA Standard? (Score:2)
mmm...language? (Score:2)
Copy Control in general (Score:2)
DiscSafe: broken
Thousands of other CD-CC mechanisms: broken
"Secure" ATA: pending
Exact status of projects marked pending:
"Secure" ATA: Time to release: t, Time to breach: 0.5t
Note: This one should prove easy since we can write on the media directly.
What I want to say is the following: It might be a nice try, but larger HD's and software one's willing to pay for should be higher on the priority list. BTW, I have the f***ing right to make copies for personal use and I'll regard any license agreement stating otherwise as void since it'd keep my from protecting my very own possessions. Thus, such a mechanism would violate some of my more basic rights just as CC on CD's does.
Good information (Score:2)
No... (Score:2)
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
Re:Encrypted filesystem? (Score:2)
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
Re: Enforcement on Open Source platforms (Score:2)
Enforcement on Open Source platforms
by TWX_
How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition
types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the
measures if the data does not reach the drive in its original form?
Andre:
No, the DIRTY work is done in USER-SPACE and the
file is written down with standard commands now. The XOR calculations
originally proposed for the drive would have made the DRIVE do the DIRTY work.
------
Interesting, so effectively one is not able to work with the data in advance before the hard disk handles it, requiring the hard disk to have some kind of partitioning that is designed in, or at least that's what it sounds like from what is being said here...
Looks like it's time to go get that 81GB Maxtor now before too much crap happens...
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
Copy protection is bad, mkay? (Score:3)
The jargon file (4.2.3) says it best:
copy protection n.
A class of methods for preventing incompetent pirates from stealing software and legitimate customers from using it. Considered silly.
M-x psychoanalyze-hedrick ? (Score:3)
"How many retired bricklayers from FLORIDA are out purchasing PENCIL SHARPENERS right NOW??"
Re:Encrypted filesystem? (Score:3)
Yes it would. Just because something had a primary useful purpose which is not circumvention of copyright doesn't mean somebody with a lot of money won't push to give it a semi-outlawed legal status.
I remember a certain consortium runnign round recently telling the judge They're DECRYPTING DVDs! Um, yes, and so is every other MPAA licensed player. OMS and the resulting players, Xine and OMS, just chose to reverse engineer their decryption keys rather than pay for an MPAA license and the associated restrictions - because they are open source, they cannot do so anyway.
Uhh... (Score:3)
The questions wern't answered terribly well(I'm not going to single any out), AND HE YELLED WAY TO MUCH!!!!
It was PAINFUL to READ!
Are they SURE that's REALLY Andre Hedrick? It LOOKS like some l33t k1dd13's RESPONSE!
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
B1FF or ZIPPY? (Score:3)
Is it me, or is the CONSTANT use of CAPS hugely out of line with the value of the discourse? Maybe I've just trained myself to hate this writing style, but I found it very very hard to take the comments seriously with this kind of RIDICULOUS compositional STYLE.
Shrug.
Know your audience (Score:3)
Although amusing, somehow I doubt this analogy will hit close to home for most of us.
--------
Spin Police Response (Score:3)
OK, It's time we stopped using their terms and doing their spin for them. Let's call it "content control" which is what it is and not copy protection which it doesn't
Rich
Re:Uhh... (Score:3)
"That's bad...bad!...BAD!...BAD!"
This guy was useless. I wanted a rally point---whom shalll we put pressure on.
He provided no real technical explanation, no point of focus toward protest effort, and basically said "Well, write off scsi, they're fucked anyhow...."
Thanks. With incoherent jibble like this, I don't need Shrub.
I guess the only answer is this:
There will be no help: no politicians, no corps, no Naderuseless groups of "protect the ATA whale" freaks. Sorry no dice. No help. Bought and sold.
So....
The only answer is coordinated subverted opposition and cooperation:
How do we proceed to build the hack.
I volunteer. I don't know a damn thing. But I'll volunteer the cycles and I'll shuttle emails, I'll be a dead drop for info passing. I don't care.
I am sick of the fed/corp screw.
END OF LINE, dammit! (Cartman voice)
Re:Um. Who is this guy? (Score:3)
Well, if you run linux on consumer hardware, this guy is the one responmsible of the IDE drivers. Its web site is at www.linux-ide.org [linux-ide.org]
Cheers,
--fred
Next Week... (Score:3)
"Waht iS Lunix and woh cals yuo AAT?"
"Me Ted"
Andre's Cred (Score:3)
Andre Hedrick, Linux ATA dude and member of the committee that sets ATA hard drive interface standards...
How did he become a part of that committee? Was he elected or appointed? Did he have to do sexual favours for some of the older members? Seriously though - how does someone attain that (eh-hem) lofty title?
humor for the clinically insane [mikegallay.com]
Comment removed (Score:3)
DVD players required not to have digital video out (Score:4)
And video cards with TV outputs are required to support macrovision.
VCRs are required to screw up recording when they see the macrovision signal.
New toilets are required to use no more than 1.6 gal per flush.
Rights? What rights?
Um. Who is this guy? (Score:4)
Man, those were some INCOHERENT answers! With lots of CAPITALS! It's the DIRTY STUFF in USER SPACE, man!
So he got the questions yesterday evening, and the answers this morning? I bet he was already drunk when he received them :)...
Encrypted filesystem? (Score:4)
I'm no Linux guru but I bet someone here could develop just such a tool - and it probably wouldn't even qualify as "circumvention" under DMCA because there are lots of good reasons to encrypt your HD data. Of course there is the processing overhead, but that's getting cheaper every day (except for Mac users).
Re:Drug Side Effects (Score:5)
------------------
Next time somebody please remember to... (Score:5)
...check that they didn't SCREW WILDLY the night before.
...disable the perl script that inserts RANDOM capitalizations IN the TEXT.
Zippy The Pinhead Lives? (Score:5)
Let's try an experiment - Decide which of the following quotes are from Andre, and which are from Zippy the Pinhead:
answers below
Farther down.
Here they are!
Answers:
IN a more serious vein, it does sound like the hard drive problem either won't happen or will be easy to overcome... YOW!
This interview is perhaps the worst ever? (Score:5)
weak ending (Score:5)
Hard Drive Copy Protection my ass! (Score:5)
This is not like saying, "Anything is possible" - or a generalization. It is the absolute truth, and anybody who understands the inner workings of computers knows this.
The reason it is possible to defeat all copy protection, is simply because with todays computers you have access to the software you are running; you must have access to it, or it could not be on your system.
To defeat copy protection, you need only analyze how the software protects itself from illegle copying and circumvent it through the use of additional software, or modifying the original software.
Software companies can make the process as complicated as they want, the US can pass laws banning all reverse-engineering (Which is the equivilant of banning simple problem solving concepts, ie: 2x4 = 8 but legally you can't find out what 8/4 = ). Or the other way around, (Few what a paradox).
The only solution to prevent illegal copying is either to have very good public relations and rely on the honesty, and ethic of the general public in relation to your product (This is the best solution);
Or to offer your product on 'closed' systems, that is, systems where installing software and working with the contents of memory yourself - are next to impossible. Systems which are not made to be configured by the general public.
To my knowledge, these systems really don't exist; as everything today is made programmable, and the concepts are understood by everybody. You can program for game consoles, PDAs and home computers. And until the price of fabricating technology comes way, way down; there is not going to be a solution to the problem of copy protection because systems are made to have multiple uses, and this in itself gives anyone the ability to modify their software to do things it was not intended to do.
People demand these options, companies provide them, and then companies get angry that people demand total control over the products they own. It's BS.
I say, take back the right to use software however you wish; it's up to the companies to convince the users that their software is worth paying for.
I have a copy of Windoze, I use it regularly, and I refuse to pay for it because I am not convinced, not in the least, that it is worth a hundred bucks; not to me, and not to most computer users. It is closed-system software, and it sucks.
If microsoft had not cornered the software market so long ago, I would not be forced into running their crappy product for compatibility issues; and therefore I feel I have the right to use it free of charge, how else am I going to play Counterstrike...
Does this apply... (Score:5)
Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?
Inquiring minds want to know...