Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×


To hack or not to hack.... (2)

CorpDecker (213022) | more than 13 years ago | (#777749)

That is the question. Whether tis nobler to help the powers that be begin relasing digital media, or to let them think they have a secure system and then hack it to hell once they've adopted it.

Re:To hack or not to hack.... (1)

Anonymous Coward | more than 13 years ago | (#777835)

I say hack and then release the results after they release the tech. Then say you were just operating within the guidlines of the contest so your copyright access method is approved by the RIAA and therefore totally legal, because it's their copywrite and they told people to hack it :-)

I wish I had a $100k to spend... (1)

dada21 (163177) | more than 13 years ago | (#777839)

I'd offer $100k to the first hacker who can hack the SDMI encryption. Then I can advertise worldwide that it IS hackable, but no, I'm not interested in showing the public my "free speech" work of art I have hanging on the wall in my bedroom, A.K.A. "the code that cracked SDMI"

When I first saw this "challenge".... (1)

motardo (74082) | more than 13 years ago | (#777844)

I couldn't believe it, and I hoped that any true hacker wouldn't even touch it. I won't touch it.


give it away now (2)

Cephas Keken (224723) | more than 13 years ago | (#777847)

This bothers me, while realisticly they are just trying to build an effectivly watermarked audio sceme, I am torn between the ability of someone to prevent "theft" of there material, and my right to have an audio format that is playable on anything I own.

I'd hack this if I could (1)

drnomad (99183) | more than 13 years ago | (#777849)

But you know, if this is adopted, these guys will make more than $16M per year, so I'd publish it after the adoption of the technology, and the whole industry taking part in the deal, such that we get another DVD-case.

Why bother "boycotting"? (5)

FascDot Killed My Pr (24021) | more than 13 years ago | (#777853)

Microsoft put Win2k on the net and we all gleefully pounded on it (for the short periods it was up). Then they released. Is it any good? No.

Same with SDMI--they don't want to improve the product, they want to prove it uncrackable. If no breaks it, that will be evidence (to a person versed in using fallacies in place of logic) that SDMI will Make Money Fast For Artists. This gives them credibility and power.

Here's my recommendation: Hack it, but good. Hack it so good it can't be fixed. For instance, connect your soundcard "out" to your "in" and record--there's no getting around that. Alternatively you could hack it so good they have to go back to the drawing board for a year or two--giving MP3 (and Ogg Vorbis!) time to spread even further. If you haven't broken the rules (why are there rules in a hacking contest?) collect the $10k. If you have broken the rules, just post the results to lower their credibility.
Linux MAPI Server!

patition.. (1)

moronic1 (162493) | more than 13 years ago | (#777858)

this should be a patition sent out to each and every member

intrinsically flawed contest (4)

mr.ska (208224) | more than 13 years ago | (#777870)

As much as I hope nobody even so much as tries this, I just know there will be some 733t cr4ck3rz out there that won't be able to resist the money and the ego of the whole thing. Sad.

What's worse, they're shooting themselves in the foot. The "contest" (hereafter referred to as "The Sham") runs from Sept. 15 until Oct. 7th. Why that window? Do you REALLY think that if someone is dedicated to cracking whateverthehell it is they're proposing, they'll give up after 3 weeks? Hell no - they'll pick away at it month by month until it's split wide open. Three weeks isn't going to do them a damn bit of good, IMNSHO.

There is an effective response (5)

0xdeadbeef (28836) | more than 13 years ago | (#777874)

Find a demonstratable flaw in their system, but refuse to reveal how it works until the RIAA donates $10 million to the Electronic Frontier Foundation. The publicity it would generate for the issues at stake would be worth far more than the actual money.

Who do they think they are? (2)

dido (9125) | more than 13 years ago | (#777877)

Hacker challenge is it? Well, ever since the fiasco with DeCSS, will us hackers listen to the SDMI, which is nothing but the RIAA's DVD-CCA? Of course not. There was no need to call for such a boycott. I don't think even the hungriest hacker, whether true open sourcer or black hat script kiddie, would even think of touching that offer with a ten-meter cattle prod. We've all seen what happened with DeCSS. Now these corporate SOB's have got the gall to ask us for our help? I say screw em.

Don't kiss (or hack) and tell.... (2)

Ost99 (101831) | more than 13 years ago | (#777880)

I have an idea!
Let's raise money to a fund, and pay more to those how are willing to keep their findings to themselves (or even better, publish them after the challenge is over, and the shit is in use?)


Principles (1)

Pete Bevin (291) | more than 13 years ago | (#777884)

"It is easier to fight for one's principles than to live up to them."
--Alfred Adler

Re:To hack or not to hack.... (1)

Cephas Keken (224723) | more than 13 years ago | (#777886)

I think if we let them have their cake, (a tested "secure" digital audio format), we might just get to eat ours, (them leaving mp3 alone and struggling to get the new format adopted)

Better late than never... (1)

kunsan (189020) | more than 13 years ago | (#777888)

I submitted this on Monday (2000-09-11 14:03:52 SDMI offers $10,000 challenge to hackers (articles,music) (rejected)), and I must admit I was shocked that it was found unworthy... but I am glad to see this is getting some attention... I find it rather cunning that SDMI would tempt hackers with $10K to help improve a technology that most ( I know its a generalization, but I believe it to be true) hackers would find offending, crack the technology, then release the crack publicly. Hopefully the boycott will work, but I have my doubts cuz 10 Large is a lot of dough!!!

Shoul dbe easy in theory (2)

Frums (112820) | more than 13 years ago | (#777890)

Unless they are going to create new drivers, copying this is as easy as running it in a sandbox and intercepting the input to the sound card drivers. While this by itself is not easy (talk to the wonderful creators of WINE for making a good windows sandbox) it is quite possible. I mention WINE in particular because if they are making new formats we all know perfectly well that the only player they will release will be for Windows. Actually, on that thought, WINE might be the best place to build this.

In theory they would have to alter the sound to leave a permanent mark. If that is the case it is merely a task of identifying the mark and playing with SoundForge.

Anyway. I personally am against a boycott. The honor system for payment is not sufficient (despite Stephen King's wishes), and moving to a new media is a good thing. Help them out. Besides, I am personally rather curious at whether or not they can pull it off.

The more I think about it, the curiouser I get (3)

FascDot Killed My Pr (24021) | more than 13 years ago | (#777892)

Just how is SDMI supposed to work? I understand (somewhat) digital watermarking, but how does that apply? It's not like I have to break the encryption or anything (like forging someone's signature)--I just have to remove it (like erasing the signature). Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't affect the sound but will destroy any watermark.
Linux MAPI Server!

The usage of phrases and frames. (2)

Glowing Fish (155236) | more than 13 years ago | (#777893)

The first site could actually pass as the site of a real .org

But once you see fancy graphics in frames, as well as the phrase "shape the future", the corporate bullshit detector should go into screaming overload.

on second thought (1)

Cephas Keken (224723) | more than 13 years ago | (#777902)

I really think this whole thing is just a big ploy to be able to buy and hide any code for breaking sdmi, NOT a way to further secure the format. They simply want to buy the code, my bet is, you have to sign a contract saying that this code is theirs and you cannot under any circustances give the code away or sell it (yea right) to anyone else. Welcome to Your Code or Your Life, the game show where we will kill you if you don't give us your code!!

Re:Why bother "boycotting"? (3)

Anonymous Coward | more than 13 years ago | (#777906)

The challenge says you can collect UP TO $10,000, not necessarily that you will be paid $10k for success. Winning $1 still qualifies as "up to $10,000." Why sink to the level of the recording industry? If you crack their encryption for greed, they're going to screw you, and we all will suffer. KEEP UP THE BOYCOTT.

Re:There is an effective response (2)

Glowing Fish (155236) | more than 13 years ago | (#777909)

Bribing\blackmailing the RIAA to donate money to the EFF wouldn't exactly be a great moral victory.

Ultimately, I don't think that this matters. (2)

Mindwarp (15738) | more than 13 years ago | (#777912)

You know, there are a number of arguments that have already been stated against this hacking contest, and I am sure more arguments that will be stated against it in the future.

Personally, I don't think that any of this actually matters. I don't really care whether the RIAA gains industry credibility for the SDMI - if recording companies want to use it then more power to them. I also don't care if the current SDMI implementations are 'proven' to be un-crackable during the artificially restricted cracking period of three weeks - the only thing that this will cause is more trumpet-blowing by the RIAA.

The beautiful thing about the 'net and the hacker community is that I can guarantee at least a 1000:1 ratio of 'smart, motivated hackers' to 'mediocre corporate software engineers' on this one. Whatever the RIAA end up thrusting upon the industry and the unsuspecting public, it'll end up being cracked within the month. End of story.

Let them waste cash developing this white-elephant of a protection mechanism. Whatever they spend here won't be available for them to pay lawyers with :)


Prize money isn't guaranteed (5)

Tet (2721) | more than 13 years ago | (#777914)

Apart from anything else, I'm very wary of the wording in the open letter:
If you can remove the watermark or defeat the other technology on our proposed copyright protection system, you
may earn up to $10,000.

So it looks like they trick people into checking their security for them, and then don't have to give them the cash anyway. Personally, I'd like to see someone remove the watermark and not tell them how it was done. Sure, they'd be forfeiting the possible prize money, but they'd also be delaying the introduction of SDMI. Like Don Marti, I don't copy music from others. And yes, protecting my fair use copying is worth more than $10K to me anyway.

Re:There is an effective response (1)

MrNixon (28945) | more than 13 years ago | (#777918)

Isn't that a bit of blackmail?

Assuming, of course, there is a demontstratable flaw.

Re:Who do they think they are? (1)

Torin_1 (230123) | more than 13 years ago | (#777920)

DVD-CCA has nothing to do with the RIAA, has a lot more to do with the MPAA.

Does it really matter? (4)

Spudley (171066) | more than 13 years ago | (#777935)

The issue with this software, as I understand it, is similar to the issue with DVD - ie, you can have the files, but you have to play them with the "approved" software.

Now from where I'm sitting, that means that breaking the encryption really isn't of much relevance; the issue is of making player-software available cross platform. This could be done by cracking the encryption, but lets face it: it's a whole lot easier just to reverse-engineer the player-software that is released, which is exactly what was done for DVDs.

Okay, so the powers that be don't especially like that tactic either, but in truth it's better for them too.

Re:give it away now (4)

AndyS (655) | more than 13 years ago | (#777939)

Well, simple watermarking is a fantastic idea. It means that people aren't going to be doing a napster and share music with everyone and his dog, but they're going to be able to lend music to their friends etc. And, assuming it doesn't change the music itself, it shouldn't affect fair use rights. The only problem I have with this (seemingly) rosy picture is that I'ld be amazed if their watermarks were very a) hard to find and b) robust. If they're not robust, then diddling a bit with the sound could destroy them. If they are easy to detect then they can be stripped out.

and thirdly (1)

Cephas Keken (224723) | more than 13 years ago | (#777941)

if you don't have to sign an agreement that basicly is morally equivelent to an NDA, I will be VERY suprised. If you do download whatever file they give to be hacked, be prepared to be REALLY fucking sued if you release code publicly that breaks there watermark.

Re:give it away now (2)

radja (58949) | more than 13 years ago | (#777942)

here in the netherlands making a a copy for home-use is a right, by law. if industry uses technology to make copying impossible, they are infringing MY rights. Since I am not a lawyer, I did not make this up myself.


Under construction (1)

bigbird (40392) | more than 13 years ago | (#777946)

The site is under construction. Please check back after September 15, 2000 for further information

Today is September 15, but there isn't any more details on the site. Is this challenge really happening?

What to do about it? (2)

HedsSpaz (143961) | more than 13 years ago | (#777947)

Ok, I think it's fairly obvious how the bulk of the community feels about this idiocy. The important question though, is what are we going to do about?

I wonder if maybe we couldn't find some way to get this onto national television and let the world know what these idiots are doing. The reason why RIAA, MPAA, and other big industry conglomerates have been able to get away with things like CSS and potentially SDMI, is because the public at large doesn't know what it means, and if they do know what it is, they may not neccesarily know why they should care.

Somehow we need to get this into national press and make people aware of the potential damage these various technologies could do.

Re:Why bother "boycotting"? (2)

PhilHibbs (4537) | more than 13 years ago | (#777948)

For instance, connect your soundcard "out" to your "in" and record--there's no getting around that
I think they're planning an inaudible watermark that the recording device can still detect. SDMI-aware sound cards would refuse to record watermarked audio.

Re:The more I think about it, the curiouser I get (3)

Anonymous Coward | more than 13 years ago | (#777950)

> Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't
> affect the sound but will destroy any watermark.

No, that isn't going to work.

The watermark is a particular set of frequencies, repeated at particular times. It doesn't have to be audible. It certainly won't be removable by just twiddling bits--- anything that doesn't affect the sound won't affect it.

It's possible to use cryptography to hide the watermark, even if you reveal the algorithim for creating it. Any random set of sounds could be a watermark, but only if you know the correct key will you know what the watermark means.

Correctly implemented, there is no way to detect or remove it. However, from what I've read, the SDMI idiots appear to be rather clueless. They want the watermark detection to be built into every player, so that it will refuse to play even analog copies of watermarked material. Of course, this means that all you have to do is reverse engineer one of the millions of players they will be selling, and you know exactly how to find the watermark-- and how to remove it.

The Rules... (1)

Brazilian Geek (25299) | more than 13 years ago | (#777964)

The first rule of cracking the SDMI is you do not crack the SDMI. The second rule of cracking the SDMI is that you DO NOT crack the SDMI.

Come on people, some 1337 k1dd13 (actually a MS hacker) WILL crack the SDMI and when he goes to collect he'll have to sign an agreement to not publish his work. The SDMI collective will have the work (probably patent it so they can sue anyone that reverse engineers it) and the guy will have to keep quiet about it - that's how things happen now a days!

Re:Why bother "boycotting"? (2)

FascDot Killed My Pr (24021) | more than 13 years ago | (#777967)

If it's inaudible, how is my "mic" port going to detect it in order to refuse?
Linux MAPI Server!

Re:Shoul dbe easy in theory (1)

Mike Quin (15827) | more than 13 years ago | (#777969)

Unless they are going to create new drivers, copying this is as easy as running it in a sandbox and intercepting the input to the sound card drivers.

Two words SoundBlaster Live [] Just play the stream through one of those (or any other card with a digital mixer, and you get a carbon copy anyway

$10K (1)

danderson (157560) | more than 13 years ago | (#777971)

For any of you thinking about trying to crack SMDI, keep in mind that by removing the watermark, you are guaranteed squat. The page says "you may earn up to $10,000" (emphasis mine).

The $10,000 figure is just there to draw attention to the sham. I don't think they are legally required to give _any_ money away.

They probably will, but only fo rthe PR value of it. It probably won't go to the first person to crack it, or the person who had the best crack, but the person they like best.

Just something to think about.

2ez... (1) (213219) | more than 13 years ago | (#777974)

Convert to analog and re-dititze. All encryption and watermarking gone!

Why they need hackers (1)

Brighten (93641) | more than 13 years ago | (#777976)

I guess they can't hack it themselves. Look what you get when you click on one of the unmarked buttons:

  • Instructions:

    Review your chosen company name, slogan, and button names (Note: Your choices can be edited later using our online Website Manager tool). If you would like to make changes now, click the Previous button above.

    Upon purchasing, you will be able to add your own text and images into each page of this website using the Website Manager. Best of all, the Website Manager requires no technical knowledge. Adding your information to this website is as easy as typing an e-mail.


Copyrights, privacy rights (1)

C0VERTl (154321) | more than 13 years ago | (#777979)

Businesses need copyrights to protect their property and profits. Internet users need privacy rights clarified and enforced to protect their property and personal rights.
By Design, the Internet is inherently flawed. How can a Law created and enforced in one country, be enforced in another? If we allow laws to cross international borders, then would we be liable for Islamic laws that prohibit alcohol, women, and hacking text?
If ISPs and Webhost censor their servers, then users will go to gnutella, freenet, or any other peer-to-peer NOS.
I suppose like the war on drugs, it will begin with a educational program at the elementry schools "Say no to peer-to-peer networking.."

This kinda seems pointless in the first place... (2)

Vorro (124142) | more than 13 years ago | (#777987)

...seeing as virtually ever single form of encryption ever made has been defeated.

It doesn't matter how hard you work to encrypt something, a way to decode it will very likely be found.

Sure, there are exceptions. For example, during WWII, the US forces code was never cracked by the germans or the japanese. Why? Because even if they DID crack the code, all of the people who were responsible for sending and recieving the encrypted messages were using Navajo in the messages.

But since computers don't speak Navajo, but in ones and zeroes, such a thing is not possible.

And more importantly, I'm missing the point of this encryption. As i've got a very strong feeling that CD's aren't going to just disappear in at least the next 20 years, you can't encrypt the CD tracks without making all of the older CD players obsolete.

Of course, I could be horribly wrong. I'm pretty damn good at that sometimes.

A wise man speaks because he has something to say.
A foolish man speaks because he has to say something.

Re:The more I think about it, the curiouser I get (2)

Spankophile (78098) | more than 13 years ago | (#777990)

The idea of a watermark is that even if the file changes slightly, or randomly, the watermark will be left intact enough that it will be recognizable (with a high probability).

(Ie. To mangle the file enough to remove the watermark traces, you would have to destroy the file.)

Re:Prize money isn't guaranteed (2)

mr.ska (208224) | more than 13 years ago | (#777992)

Notice they don't say that you have to reveal your methods to claim whatever money they MIGHT give you, you just have to crack it. So crack it, then hold out until they give you as much as you demand, if not more.

After that, open-source the crack and watch the whole damned thing fall to pieces.

let's hack it! (1)

superdk (184900) | more than 13 years ago | (#777994)

hey, i think that everyone should attemt to hack this thing, but instead of telling the industry people, we'll just share the process on our top secret, hacker-internet-underground.

you all know about that right?

Re:Why bother "boycotting"? (1)

Groundskeepr (188287) | more than 13 years ago | (#777996)

Unless you have a sound card in your ear, you hear things differently than your computer does. Have you ever seen computer screens shown by television cameras? Conflicting scan patterns on the computer screen and the television system produce bands on all the computer screens. I think an "audio watermark" is supposed to work on some similar principle.

Did they pay for their art? (1)

ProfitElijah (144514) | more than 13 years ago | (#777999)

I wonder if they paid Stockbyte (new window) [] or whoever for their stock photography? That would really put an interesting spin on things, if their own website was using stolen graphics.

Re:This kinda seems pointless in the first place.. (1)

radja (58949) | more than 13 years ago | (#778001)

ofcourse the fact that remarkably few germans, italians and japanese people (0, to be exact) spoke navajo helped quite a bit too.

Anyone check out the site (1)

pauldy (100083) | more than 13 years ago | (#778003) this is a link off the page can you say cookie cutter. We know how they can afford it now they sure didn't spend it on the website.

conversion to analog (2)

sammy baby (14909) | more than 13 years ago | (#778004)

For instance, connect your soundcard "out" to your "in" and record--there's no getting around that.

I've heard that referred to as "audiojacking". Frankly, I don't see this as a credible solution to the problem: transmitting the signal over an 1/8 inch stereo cable represents conversion to an analog signal, with concomitant signal degredation.

Granted, you only have to do this once to get it into a different audio format. Granted, the signal degredation on that one pass is liable to be pretty minor, espeically given good connections and a short, high-quality cable. But I'm an anal bastard and it bugs me. So there. :)

I tried to crack it and couldn't. (1)

MortimerK (22530) | more than 13 years ago | (#778008)

Where's my money?

("Obs"|"se")curity? (1)

Spankophile (78098) | more than 13 years ago | (#778009)

Will SDMI be an open standard? Will compression/decompression/signing algorithms be public?

No? - then don't think of this as supporting the RIAA. Don't think of this as undermining MP3s, or Ogg.

This is another chance to prove that obscurity does not lead to security.

This is what we wanted, right? (3)

dirk (87083) | more than 13 years ago | (#778011)

As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do. They are trying to make music available online, and to make it secure. They simply cannot release the music in an unsecure format. The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing). So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.

Stooopid... (1)

dskoll (99328) | more than 13 years ago | (#778017)

ANY scheme like this can be trivially cracked. You just need two sound cards.

Play the "secure" format and run an analog cable from one sound card's output to the other sound card's input, re-digitize and conver to MP3.

The analog transfer will probably introduce enough noise to destroy most watermarking schemes. One analog transfer won't appreciably degrade the music quality, and once you have it in MP3 format, you can make digital copies to your heart's content.

The SDMI proponents are idiotic if they think they can prevent hacking.

Cracking not hacking (2)

ronfar (52216) | more than 13 years ago | (#778019)

You know in cryptographic slang, when you forcibly decrypt code, they call it cracking not hacking (or at least the did when I was a lad.)

Therefore, this is a cracking contest, not a hacking contest.

Whether or not it could be cracked in a contest wouldn't prove whether it could be cracked in real life (indeed, I believe that there is no such thing as an uncrackable cipher) but I'm glad people are boycotting this. The reason I'm glad is because it is a public show of contempt for the content industry, and I'm glad it's getting a lot of press.

Many Reasons To Boycott (2)

Luminous (192747) | more than 13 years ago | (#778020)

The collective manhours spent breaking down the security of SDMI and the information gained by these attempts, including any flaws that come up, is essentially what Open Source Projects are about. But seeing this isn't an Open Source project, it looks like the industry is looking for a) free consulting that would normally cost them a significant chunk of dough or b) cheap publicity.

Salon's article [] on this clearly implies this is a big ol' PR stunt.

And what did SDMI think of [Don Marti's] response? Salon's calls to SDMI's press office went unreturned. But Marti says that he also e-mailed his open letter to the webmaster of -- and guess what? It bounced.

What the cracking community needs to do is to be very vocal on it's non-participation in this 'event' instead of silently ignoring it. Anyone up for

Re:There is an effective response (1)

0xdeadbeef (28836) | more than 13 years ago | (#778021)

Blackmail? It is simply an exchange of money for services. Why should you let them set the price?

Re:This kinda seems pointless in the first place.. (1)

PigleT (28894) | more than 13 years ago | (#778023)

Just a point there: there's no such thing as "uncrackable", evidence notwithstanding. All you can say is that a given crypted text will take more than a feasible cost (time, money, computational power) to decrypt. Sooner or later someone would've thought "oh yeah, that's Navajo" but it's no longer worth knowing, really.

Just like when I left the last job; I made sure that recovering ~/.ssh/ from both my HD and NFS drives would cost them more than would be sensible; short of destroying the HD altogether (not a wise move), I just copied enough things over the files before the final unlink() call as to garble it all. Not that they'd even *want* to recover anything of mine anyway...
.|` Clouds cross the black moonlight,

Old Technology (1)

petithory (178252) | more than 13 years ago | (#778024)

The fact of the matter is that they will end up developing some stupid format which only works on microsoft OS's, and is more throuble than it is worth to break. What they can not do is stop producing CD's for people that want to play music in their car or those old diskman floating around.... they can't change the CD format. what they also can't do is stop someone from hooking the output from their stereo into the input of their sound card. they'll try out-lawing mp3 encoders, but they will always be out there.

My $.025431 cents (round to nearest penny) (1)

Chaos Monkey (213268) | more than 13 years ago | (#778025)

Let's see...
They create a framework that protects against cracking (ha! but we all know better).
They create this framework from the work of crackers, competing to win *up to* (note what the article says!) $10,000, with no mention of any second or third prize winners (or, perhaps, $10,000 gets split up amongst the top competitors?)
*Should* the upcoming laws in the EU [] allow software to be patented, they, of course, are going to patent it every way possible.
I say (kudos to Beastie Boys!)...
Crack it like this
Crack it like that
Crack it with a whiffle-ball bat!
Leave that sucka bruised, battered, bleeding, and feeling like a sex-crime victim! But, of course, don't disclose any information to them. Crack it so badly that before they even *release* their framework, the hackers have already put together (based on the info given to 'em by the crackers) bios flashes, software, the whole nine-yards (read: prior art) that allow the enabling-disabling of the SDMI encryption system.

Of course, then again, I may just be talking out of my ass. Probably the later.

wait a freekin minute! (1)

superdk (184900) | more than 13 years ago | (#778026)

watermark or no watermark, i have a possible answer.

there are quite a few new sounds cards comming out with digital (S/PDIF for example) outputs as well as digital inputs. if i play this music and my output is digital then i can also RECORD it digitally through a similar input. digital to digital will have no generation loss and the watermark has nothing to do with it. basicly it's just piping digital output to a digital recording device.

Blackmail is such a dirty word... (2)

Greyfox (87712) | more than 13 years ago | (#778027)

We prefer "Negative Economic Incentive."

There is always a demonstrable flaw.

okay, i'm in (2)

theonetruekeebler (60888) | more than 13 years ago | (#778028)

I hereby promise I will not submit any code or algorithms to the contest. And I swear, it's not because I don't know what the hell I'm doing. I'm boycotting, dammit!


Re:Why bother "boycotting"? (2)

interiot (50685) | more than 13 years ago | (#778029)

AFAIK, DMCA only covers devices that effectively control access to a copyrighted work. In other words, if there were 10 million ways to get around the access control before it was ever released, then I don't think it's effectively controlling access and can't be covered by the DMCA.

Also, I believe macrovision messes with the data that never gets displayed on the screen? (see here [] ) Watermarks are are embedded in the low bits of the audio/picture data itself, rather than using an unused part of the data stream that was never intended to be presented to the user.

Why Boycott (5)

Veteran (203989) | more than 13 years ago | (#778033)

The best reason not to attempt to crack the protection scheme is that it tells these people WHO YOU ARE.

That is the real reason for the 'hacking contest'. Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier - so is the real purpose of this contest to allow the music industry to collect information on who is interested in trying to crack their copy protection scheme. Anything you do in this 'contest' may be used against you in a court of law at a later time and date.

If it is a matter of credibility... (1)

lfourrier (209630) | more than 13 years ago | (#778035)

the simple fact that a boycott is publicized in the "hacher community" with its "strange philosophical principles" must be taken into account by the corporate sponsors of the system. Some hackers boycott the challenge, peoples who develop computer systems worth of millions of dollars in closed source world, doesn't mean they are going to boycott the hacking.

They are just boycotting the fact they are invited to be a "proof" of the fiability of the watermarking scheme.

And as long as the rules are not publicized, there is no problem wanting to hack with a watermark-remover under GPL, whose copyright is to the author, let him (or her) take the money, and publicize the method of removal.

Publish quickly the result in Europe, software patents are still, perhaps for a few month, illegal here.

It remind me of the macrovision protection, where the legal protection against "analogic hackers" is based on the fact that macrovision owns the patents on the easy ways to remove the protection, thus permitting to prevent construction and distribution of macrovision remover.

So, if you hack (no problem), publish your results in such a way that the hacking is unpatentable.

Re:give it away now (2)

Kaa (21510) | more than 13 years ago | (#778037)

Well, simple watermarking is a fantastic idea. It means that people aren't going to be doing a napster and share music with everyone and his dog, but they're going to be able to lend music to their friends etc.

I see. So the watermark will distinguish between your "real friends" and "everyone and his dog". Sounds like a highly useful piece of software -- imagine, it can tell who your friends are!

In any case, watermarking is not access control, it is tracking. Finding a watermarked file on Napster the RIAA will be able to tell that it was ripped from that specific CD. So what? If you are paranoid, buy your CDs for cash.

Watermarking can be used for access control, too, but then you need special players which understand things like generation control. Thankfully we (in the PC world) are not there yet.


Isn't this illegal (1)

heazlett (89680) | more than 13 years ago | (#778039)

I thought the the DMCA forbid anyone from circumventing *any* copy-protection scheme...

Defuses the argument that hackers are testing sec. (1)

OverCode@work (196386) | more than 13 years ago | (#778040)

If they make even a cursory attempt at such a contest, they can later claim that they gave crackers a chance to test the security of the protocol already (since crackers often use "security testing" as an excuse for their activities). I think it's a smart move. However, I do hope the RIAA rots in hell.

The problem with SDMI is not that it tries to enforce copy protection - we all know that this "feature" will become a moot point in a matter of days after its initial release. The problem is that it is owned by the RIAA, and therefore they can control the medium ("you can't build a player unless you omit this feature and add this security..."). They can't do that with MP3, and it seems that it's really pissing them off.


Re:Who do they think they are? (1)

NMerriam (15122) | more than 13 years ago | (#778041)

he was saying that this is the RIAA's version of DeCSS...

I'm an investigator. I followed a trail there.
Q.Tell me what the trail was.

Re:intrinsically flawed contest (2)

mrogers (85392) | more than 13 years ago | (#778042)

So they'll release (and hype) the technology under the impression that it's secure, and three months later, when the record companies have poured billions into the technology, somebody will discover a flaw. What a shame.

Re:Under construction (1)

DavidTC (10147) | more than 13 years ago | (#778043)

I point you to the word 'after'. ;)

-David T. C.


The Queen (56621) | more than 13 years ago | (#778044)

later, when the record companies have poured billions into the technology, somebody will discover a flaw

Now, would that be a dedicated employee, in which case we the people will never hear about it, or will it be a hax0r who'll get lots of press and then probably be taken to court by the RIAA?
Don't get me wrong, I agree with the boycott, but I wonder about what will happen when it is released and (inevitably) hacked.

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

Future Effect of contest (1)

Desdinova77 (184164) | more than 13 years ago | (#778045)

Looking at this challange and thinking about the DeCSS case, I wonder how inviting people to 'break' thier code would effect thier ablity to squash the information from coming out into the public. I think it would be intresting to see how the DMCA would apply if someone broke thier system and posted the results publicly. Would the 'no reverse engineering' part still have weight after the company asked publicly for people to do so? Just wondrering how this will play out...

Hacker Invitiation = NO DMCA RIGHTS !! (1)

The Other White Meat (59114) | more than 13 years ago | (#778046)

By making an explicit request that the programming community find weaknesses in the SDMI
protocol, they have relinquished most of their rights under DMCA.

They have granted us explicit permission to reverse-engineer their code, uncover their "Intellectual Property", and release that information to the public.

A few years from now when they try to use DMCA to protect their protocol, they are going to find it offers them no relief.

It is a basic legal principle that you cannot invite someone to enter your house and take what they like, and then turn around and have them charged with trespassing and burglary. The SDMI consortium has given us the keys to their house, and an open invitation to take the good silverware.

I say we take them up on it...


Re:There is an effective response : (3)

pruneau (208454) | more than 13 years ago | (#778047)

Any news from the site : because here it is 09:13, Sept 15 (Us&Canadian eastern time), and nothing worth the trouble is showing on And like someone pointed out, they have a like to their site into their own site that will create an interesting Escher-like "Recursive Frame stack fault" into you Browser.
As for the boycott : they are clearly trying to avoid a DECSS-like failure.
Maybe they have the same level of confidence for their crypto technical than for their www one ?

This shows that DECSS teached some lessons.

But like usual, thos BIG-CORPORATE-FAT--ETC guys understood the teaching the wrong way, because if their "new" system is not cracked it three weeks, it's going to be cracked in four, five... until the sun blows. And even if the crack is declared illegal their will be a part of the world whete someone will sell it, and the bootleging-vox populi will do the rest.

For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.

On the other hand, like every #$$^#@#$ marketing guys, they gave the delays, blissly disregarding the rules of the game. And like usual the requirements seems to be late.

Bu I will advise for the boycott, because their goal is not clear. Apparently they are going to put a bunch of differents technologies under public scrunity. They seemed to learn at that principle of free software : the most testers you have, the better the product. But testing FOR them will be against our interests. Let them test, and if they cannot get people competent enough to point the flaws in their systems, it means they did not deserve that.

This quote sums up the flaw in this plan. (3)

GlitchZ (205899) | more than 13 years ago | (#778048)


Basically they believe that the gaol of these hackers (if they find any) will be for the money or fame. After the three weeks they will give up and go home and never think about it again. However they are just going to end up giving these contestants a taste of flesh and they aren't going to stop. I'm just not that good with words so here are someone else's:

They are fools that think that wealth or women or strong drink or even drugs can buy the most in effort out of the soul of a man. These things offer pale pleasures compared to that which is greatest of them all, that task which demands from him more than his utmost strength, that absorbs him, bone and sinew and brain and hope and fear and dreams -- and still calls for more.

They are fools that think otherwise. No great effort was ever bought. No painting, no music, no poem, no cathedral in stone, no church, no state was ever raised into being for payment of any kind. No parthenon, no Thermopylae was ever built or fought for pay or glory; no Bukhara sacked, or China ground beneath Mongol heel, for loot or power alone. The payment for doing these things was itself the doing of them.

To wield onself -- to use oneself as a tool in one's own hand -- and so to make or break that which no one else can build or ruin -- THAT is the greatest pleasure known to man! To one who has felt the chisel in his hand and set free the angel prisoned in the marble block, or to one who has felt sword in hand and set homeless the soul that a moment before lived in the body of his mortal enemy -- to those both come alike the taste of that rare food spread only for demons or for gods."

-- Gordon R. Dickson, "Soldier Ask Not"

I Propose a new Challenge (5)

nihilogos (87025) | more than 13 years ago | (#778049)

Go to the HackSDMI Website [] . Click on the link to [] , and continue recursively. The person who can get the most cascaded frames before their browser crashes wins.

Before one learns to fly, one must first learn to walk. Before one learns to develop a secure framework for digital music, one must first learn to use the target attribute.

Haha! these guys are funny... (1)

NNKK (218503) | more than 13 years ago | (#778050)

The music industry can kiss my ass, like I'm going to HELP them do something like this. it doesn't matter anyway, anything like this can be worked around with less than $10 in hardware

Similar article downing the challange (2)

Calimus (43046) | more than 13 years ago | (#778051)

Our friendly neighbors over at Salon [] have This [] similar article up in which they even go as far as taking a light hearted jab at slashdot not having anything about the topic matter up by they time of their posting. They also mention something about being opinionated, but thats just their opinion I'm sure.

Has NEone clicked on the buttons below HOME (1)

korny69 (132030) | more than 13 years ago | (#778058)

Kinda curious and clicked on the buttons below the HOME button (on the right). These people do not even desgin their own web work, designing this site through Network Solutions "Web Manager".


Don't boycott, crack it and just don't tell them (1)

eddison_carter (165441) | more than 13 years ago | (#778060)

Why not crack SDMI anyway? Find where its week, wait untill after they started to release SDMI stuff, and then post it somewhere. It'l be too late to make any changes, unless they decide to recall every SDMI player and all protected music. Either way it screws them over.

Re:Why bother "boycotting"? (1)

BinxBolling (121740) | more than 13 years ago | (#778061)

Unless you have a sound card in your ear, you hear things differently than your computer does. Have you ever seen computer screens shown by television cameras? Conflicting scan patterns on the computer screen and the television system produce bands on all the computer screens. I think an "audio watermark" is supposed to work on some similar principle.

Unless your 'input' is simply accepting the digital output stream (and not the analog signal generated by the output), the watermark will probably be lost - if the watermark is inaudible, I can't imagine that it would survive the digital->analog->digital conversion. And if it does survive, you have another option: Fuck with the analog in some way (for example, by adding a known signal to it) that will foul up the watermark-detection, then subtract that known signal back out of the "clean" digital data you recorded.

You're going to see a slight loss in quality just from the D->A->D conversion, and probably also some from imperfections in your analog addition/digital subtraction process. But with good enough equipment, this loss can be made minimal. And you need to do it only once for each piece of music you want to copy: After that, you can make infinite pristine copies of the final, unwatermarked digital product. And if you're part of a large, organized piracy organization (which is who the RIAA really needs to be concerned about), this is quite feasable.

Re:Why bother "boycotting"? (2)

wass (72082) | more than 13 years ago | (#778062)

I think they're planning an inaudible watermark that the recording device can still detect. SDMI-aware sound cards would refuse to record watermarked audio.

I've been bouncing around ideas for awhile now to design my own soundcard, with fully-documented schematics and the like. Just haven't gotten off my lazy arse to do it. But if we ever get to a point where one can only buy SMDI-aware ones, I'll just have to follow through.

I would like to make plans available under some open-source-like license. That is, schematics, etching-masks for the boards, parts lists, building constructions, and fully-documented interfacing manual would be fully and freely available on the web.

I think that schematics cannot be covered under a GPL-like license, but a more BSD-like license would be fine. Depending on how high demand was, boards and parts could be purchased as kits (like PAIA [] does with their audio stuff) and pre-assembled too. Plus, the public availability of the plans would allow any number of fabrication facilities to make boards themselves and ship locally. I think it would be interesting to see how such a project could/would work.

Re:Prize money isn't guaranteed (1)

gi_wrighty (152031) | more than 13 years ago | (#778064)

So are you going to start up and offer $10,001?

Didn't think so.

Slashdot - a place for keyboard warriors.


Re:on second thought (1)

My_Favorite_Anonymou (36494) | more than 13 years ago | (#778065)

What's prevent you from collecting the money, alter the code or method and speard it on usenet anonymously like mad? You get to 1) screw the authority 2) Become a hero in hacker community 3) Make a shitload of money. Besides a Budwiser poster girl, your in heaven.


Can anyone find the SDMI specs? (2)

Paul Crowley (837) | more than 13 years ago | (#778066)

I had a poke at their website, and downloaded their "architectural specification", but it seems that they've made no decisions on what actual algorithms to use. Given that this is so, can anyone work out what the hell they're challenging us to do anyway? The lack of links from the "hacksdmi" website to detailed specs and source code is worse than suspicious: if they expect me to do their securitly analysis for so little they had best at least make it easy for me.

Why not? (2)

levendis (67993) | more than 13 years ago | (#778067)

What's the point of boycotting the contest. S, somewhere, will hack SDMI (mayeb some 15-year old kid in the Netherlands), as part of the contest or just for fun/challenge. Even if SDMI revises the standard, someone will hack that too, and its DeCSS all over again. I say we should *all* try to hack SDMI, and every other fascist copy protection scheme out there. Not just so information can be free, but to show the idiots that come up with these things (and the even bigger idiots that trust them) how futile the effort is. The simple fact is, if I have data on my machine, I can do whatever I want with that data. Period. It may not be legal, it may not be easy, but there is always a way to crack copy protection, and only by continually defeat these schemes can we fight against them.

Re:Better late than never... (3)

Luminous (192747) | more than 13 years ago | (#778068)

10K is a large amount, but how much money would the RIAA have to pay real programmers and security technicians come in and take apart SDMI? I assure you, it would cost a lot more than 10K. What is going on here is an attempt to gain publicity (see, the hacker community can't break it, it is good) or if it is broken they reap the benefits that would have cost them a lot.

It is far better to take SDMI, not find the holes, let them institute it, and then flood the market with the methodology to crack it, forcing them to scrap the entire project and walk away with egg on thier faces.

Re:This is what we wanted, right? (2)

Kaa (21510) | more than 13 years ago | (#778069)

They simply cannot release the music in an unsecure format.

And why not? It worked pretty well so far. An audio CD is completely unsecured digital music and CD sales are going up every year.

If you want music available for download (legally), there is no other way.

You mean you can't think of any other way. Why should the world be limited by your imagination?


Re:There is an effective response (2)

Non-Newtonian Fluid (16797) | more than 13 years ago | (#778070)

That's a silly name for a cat.... ;)

Re:Don't boycott, crack it and just don't tell the (1)

DavidTC (10147) | more than 13 years ago | (#778071)

I thought we were already planning on doing that? :)

-David T. C.

Re:To hack or not to hack.... (1)

Desco (46185) | more than 13 years ago | (#778072)

In other words, they want the very people who they're trying to protect against to DO THEIR DIRTY WORK!? Hahahahaha!!!

A NOTE TO ANY SELF-RESPECTING PROGRAMMER THINKING OF DOING THIS FOR THE $10k: You do realize that the winner of this "contest" is really only going to get $3k-$4k thanks to taxes?

Re:intrinsically flawed contest (1)

deefer (82630) | more than 13 years ago | (#778073)

they'll pick away at it month by month until it's split wide open.

Actually, is this allowed under DMCA? You're circumventing their encryption, and reverse engineering. When does that clause come into play? Is that why the window is only 3 weeks? And after the contest is over, it's not going to give them much credibility in court, is it? "He kept trying 2 days after the contest is over, and then broke our protection wide open. Lock up this evil, evil hacker, your honour!!!

That aside, the cash they're offering is peanuts. 10K is about UK£7000; I know people that can earn that in a month. I would imagine a truly good hacker will be able to pull down at least that amount, which basically means the competition will only have kiddie programmers having a go.

Strong data typing is for those with weak minds.

Why stop with SDMI? (1)

QAbyss (233184) | more than 13 years ago | (#778074)

Why should the boycott stop with this stupid little hacking challenge? Why not boycott any music affiliated with RIAA? Sure, your old music will begin to get boring... but it would give you some time to find new groups.

I think if we're really going to take a stand it has to be something like this. RIAA isn't loosing money now cuz of mp3s, but if they keep up all the stuff they're doing then maybe we can make them.

Re:give it away now (2)

Jerf (17166) | more than 13 years ago | (#778075)

I agree with your 'rosy picture' :-) in theory.

In theory, there's no reason to worry about all this content control stuff, because in theory the companies shouldn't abuse it when they have it, like trying to make us pay for each time we play something and strictly forbidding the transfer of the music to other devices, let alone people. In theory, we can still have fair use and lending right.

Unfortunately, it is abundantly clear that the music companies cannot be trusted in that way, at least right now. (Maybe we can train them.)

You're right, the technology isn't evil, but it grants power to evil people.

#include cracking_contest_rant.h (2)

_|()|\| (159991) | more than 13 years ago | (#778076)

You know, there are a number of arguments that have already been stated against this hacking contest

Bruce Schneier made a pretty good argument argument against cracking contests, in general, in one of his Cryto-Grams [] . In particular, he notes that "Contest prizes are rarely good incentives.... Taken at a conservative $125 an hour for a competent cryptanalyst, a $10K prize pays for two weeks of work." The contest runs three weeks, and you only get paid if you win. Of course, the contest isn't targeted at "competent cryptanalysts," but isn't that a point worth making?

If you're looking for more ammo for a Slashdot post ridiculing a cracking contest (did I say that out loud?), Bruce links to commentary by Gene Spafford in Electronic CIPHER [] .

Re:Under construction (1)

Eponymous, Showered (73818) | more than 13 years ago | (#778077)

Indeed, today is September 15. Therefore, today is not after September 15 (time zones notwithstanding).

Re:Prize money isn't guaranteed (5)

CaseyB (1105) | more than 13 years ago | (#778088)

Guaranteed or not, it's peanuts if you do get it.

How much time of a professional crypto expert's time would that buy in the real world? A week if they're feeling charitable.

The people behind the SDMI collective spend $10K on lunch. The prize money is more an insult to the value of cryptographic analysis than anything.

Boycott the GPL, too (1)

um... Lucas (13147) | more than 13 years ago | (#778089)

It's all about copyrights... Linux Journal wants people to respect the GPL presumably, but since they don't agree to the terms that labels distribute their music under, they are opposed to helping create a format that causes more compliance to the label's and artists copyrights. It's all about respect, and it's a give and take sort of thing. Maybe if Linux Journal would aid them, you'd see Linux players for SMDI on the horizon... Because like it or not,thats' the direction that the industry is going in, and a bunch of linux users isn't going to stop them.

Re:Prize money isn't guaranteed (3)

interiot (50685) | more than 13 years ago | (#778090)

Oh come on, with such a sparse site, the only thing you can comment on is what the did say, not what they didn't say.

Notice they don't say what copy-protection/watermark methods there are to crack? Or what exactly a successful crack consists of?

It looks like the site requires a major update before the contest can start, and I imagine the legal details will be spelled out more thoroughly at that time. (If ever... the site was built on imagecafe and has dangling links to default pages and has a problem with its frames. It looks as if the only people who worked on it was the PR team.)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account