PDA

View Full Version : How would Slim do DRM?



mkozlows
2006-02-09, 19:58
Over in the Pandora thread, one of the Slim Devicers says:


It's a SqueezeNetwork-only feature because the interface to Pandora is proprietary. SN allows us to write closed-source plugins that can take advantage of things that wouldn't be possible in the open source server.

Which gets me wondering: If the Squeezebox ever does get the ability to support DRM, how would it happen? It can't be through SqueezeNetwork, obviously, because the DRMed stuff isn't there; and just as obviously, it can't be through the open source part of SlimServer.

So would Slim put out closed-source plugins for the DRM-streaming part of SlimServer? Put out an entirely closed-source version of Squeezebox just for DRM purposes (I assume Slim owns all the copyrights on SlimServer, so can release non-open-source versions if they ever feel like it)? Enable the Squeezebox to operate with non-SlimServer servers like WMC?

shvejk
2006-02-09, 20:38
Here is my guess:

1) DRM support in SB firmware ( more likely than #2 )

2) SlimServer calls DRM API ( like Quicktime API ). Requires proprietary
piece of software to be setup on the pc.


On 2/9/06, mkozlows <mkozlows.22ztmb (AT) no-mx (DOT) forums.slimdevices.com> wrote:

If the Squeezebox ever does get the ability
to support DRM, how would it happen?

kdf
2006-02-09, 20:51
On 9-Feb-06, at 6:58 PM, mkozlows wrote:
>
> Which gets me wondering: If the Squeezebox ever does get the ability
> to support DRM, how would it happen?

I'll stick with what it says in the roadmap: "whatever it takes"
In this latest case, its a SqueezeNetwork plugin. I expect other cases
may be similar, others different.
-k

fairyliquidizer
2006-02-10, 05:12
A little off topic but...

DRM could be done in an Open Source model. The problem is that most DRM models involve closed source licence agreements. So the combination of having to occlude methods and the viral nature of the GPL mean that the commercial DRM schemes (i.e. the big ones) are unlikely to ever feature in the open source Slimserver.

Is Slimserver GPL2 or some other open source licence?

As for the SN solution, I would imagine it would be similar to the process used for AirTunes.

funkstar
2006-02-10, 05:26
I'll stick with what it says in the roadmap: "whatever it takes"
In this latest case, its a SqueezeNetwork plugin. I expect other cases
may be similar, others different.
-k
That just what i was going to find and quote. PlayForSure could concevably by handled in the SBs firmware, especially because it already handles native WMA playback. This would also be an advantage for licensing, as the stream that is being send to the SB would have the DRM entact and only the audio out (digital or analogue) is non DRM.

I have my doubts that we will see the ability to play iTunes purchased music playable (without hacks or work arounds), certainaly not in the near future anyway. Apple just aren't going to let anyone do that. Not unless the general public wake up to the limitations of DRM audio, or there is an anti trust or class action suit against Apple (and probably the whole industry).

just my 0.02 :)

Millwood
2006-02-10, 07:17
As I understand the GPL, a GPL program can load and run a non-GPL program as long as it is packaged seperately.

The SlimServer is certainly loading and using Windows DLL's, for example.

So a DRM add on would not, IMHO, violate GPL.

radish
2006-02-10, 08:34
As I understand the GPL, a GPL program can load and run a non-GPL program as long as it is packaged seperately.

The SlimServer is certainly loading and using Windows DLL's, for example.

So a DRM add on would not, IMHO, violate GPL.

Indeed - a GPL app can link to anything it likes, it's the other way around that's more tricky.

Fred
2006-02-10, 09:17
A little off topic but...

DRM could be done in an Open Source model. The problem is that most DRM models involve closed source licence agreements. So the combination of having to occlude methods and the viral nature of the GPL mean that the commercial DRM schemes (i.e. the big ones) are unlikely to ever feature in the open source Slimserver.

The financial motivation of DRM vendors is an issue, but this is not the main one IMHO. Technically of course you are right, it could be done.

But DRM is different in that it needs to grant access in what is essentially a hostile environment (the user's home). In PGP or even banking applications, you are unlikely to want third parties to access the secret, so you as a user are part of the security. Not so in DRM. You don't care if someone "steals" digital music you bought since you still have it after the "theft". I don't see how an open source solution could provide the least bit of assurance it can protect a key it has to know to do its job...

What makes open source DRM impossible is the inherent inability of an open source solution to fullfill the financial objectives of those selling the music.

My 2 cents

Fred

pfarrell
2006-02-10, 11:52
Fred wrote:
> Technically of course you are right, it could be done.

The licensing can clearly be done, But I'm not sure
that the needs can be met.


> But DRM is different in that it needs to grant access in what is
> essentially a hostile environment (the user's home). In PGP or even
> banking applications, you are unlikely to want third parties to access
> the secret,

In all modern cryptography, the fundamental concern starts with
the assumption that the parties want to transfer data securely.
The code to do this is published and well known, the security
relies upon the secret (usually called a key). Anything else
is called SBO, Security By Obscurity, and is considered trivial
to break.

The infamous deCSS DVD hack relied upon bad practices for the
key management used to decrypt the DVD.

Proper key management is hard.

> You don't care if someone "steals" digital music you bought since you
> still have it after the "theft".

This is usually called the "Playboy in the frat house" model.
The publisher usually wants only one 'house' to read the magazine,
but clearly in a frat house, the copy of Playboy can get passed
around, depriving the publisher of income. But it is not
a major problem, as the subscription fee is only part of the
business model, the advertisers pay the rest and usually the
majority. So all the frat brothers see the ads, and everyone
is happy.

It is harder for digital goods. Copy protection is hopeless.
See Superdistribution. Objects as Property on the Electronic Frontier.
by Brad Cox. Addison Wesley Publishing Company ISBN: 0-201-50208-9
for a more rational approach.

If there is no advertising revenue stream to back up the subscription,
it is very hard to make it all work.

> I don't see how an open source
> solution could provide the least bit of assurance it can protect a key
> it has to know to do its job...

Another rule of serious security is that if the bad guy
has access to the physical device, it is next to impossible
to provide security. If the 'key' is kept on a computer hard drive/disk
then once you pull the drive out of the box, you can apply exhaustive
search techniques. These are trivial unless:
1) the key is strongly encrypted using some other key
2) the key is kept in hardware that is resistant to
replay attacks.

Clearly approach #1 just replaces the music playing key problem with
another key finding problem. No real change. Most users
use really wimpy passwords. See
http://www.pfarrell.com/technotes/lamepasswords.html
or
http://www.cert.org/advisories/CA-2003-08.html

And while approach #2 seems ideal, the DVD player manufacturers
did it badly, leading to the deCSS crack. Doing it
properly is hard. The Intel P3 had a hardware processor ID,
which would have helped, but that feature caused an uproar
and was dropped.

So if you have a security system, where only one of the parties
wants to transfer data securely, and the other wants to cheat,
it is a really hard problem. Open source and licensing issues
are really not the hard part. Its the lust in your heart.


--
Pat
http://www.pfarrell.com/music/slimserver/slimsoftware.html

Michaelwagner
2006-02-10, 19:30
Pat:

Isn't Slimserver kinda like the playboy in the frat house?

I'm playing some music on the slim when my buddy comes to visit. He says "hey, what is that, I like it". I look at the display (or he does), and say "it's the new Madonna (or Springstein, or whatever) album". (advertising).

He says "neat, I gotta go pick that up for my house". (sale)

So why don't the record companies like it?

pfarrell
2006-02-10, 19:52
Michaelwagner wrote:
> Isn't Slimserver kinda like the playboy in the frat house?

SlimNetwork, and most radio stations, yes, I would agree.

SlimServer is my collection of CDs that I paid dearly for.


> I'm playing some music on the slim when my buddy comes to visit. He
> says "hey, what is that, I like it". I look at the display (or he
> does), and say "it's the new Madonna (or Springstein, or whatever)
> album". (advertising).
> He says "neat, I gotta go pick that up for my house". (sale)
> So why don't the record companies like it?

That was what we tried to tell them.

Our idea was to play your music (unlocked by your physical CD)
anywhere you were. Then we'd do things like notice that you
had five Madonna CDs and send you an ad saying "hey, Mike,
there is a new Madonna CD being released next week, click
here and buy it, and we'll have it sent to your house as soon
as it is released, and we'll unlock it for you so you can listen
to it right away." Seemed to is that this would increase CD sales.

The RIAA said we had an "illegal collection"

They may have gotten smarter, we offered to do a store
much like iTunes ended up being, we just had it in 2000
rather than 2005.

I'm not a lawyer, I did the crypto and server code.
I sure didn't understand them at all.


--
Pat
http://www.pfarrell.com/music/slimserver/slimsoftware.html

rudholm
2006-02-10, 23:02
That sounds like my.mp3.com. It's absolutely ridiculous. You try to add value to an organization's product by making it more useful *and* you drive sales directly and they sue you?

Completely wrongheaded, it's just amazing how badly RIAA constituents understand their market. They understand it so badly that now they're outright suing their customers.

I worked for PolyGram for some years back in the days when it was owned by Philips and I can tell you from painful firsthand experience that these record companies really are run by out-of-touch technophobic dinosaurs who have not clue one how to sell to today's market and who have their jobs thanks only to nepotism, history, and old-boy-networks. Remember, these are the same men who thought *every* new recording technology would destroy their business (8-Track, Compact Cassettes, DATs, home videotapes, etc, etc) when in fact, history shows that each of these *drove* sales. The fact is that when you give people more ways to enjoy music, they buy more, period.

One thing that really struck me about Slimdevices was its obvious understanding of its market. They open-sourced the server, they encourage software emulators, they encourage hacking. This would have scared the s*** out of less clever companies. Allow tuning in of arbitrary internet radio streams? Allow access to music servers outside the local LAN? Allow emulators? Most companies would think this is all maddness, they'd assume the emulator would kill their sales. Well, surprise, people download the open source server, play with the emulator, think "wow, this is pretty cool" and end up buying a bunch of boxes and getting their friends to buy them too.

A lot of network music devices do things like not supporting a router, so you can only see servers on your LAN. Some only allow you to tune in net radio stations that have made deals with the device manufacturer. I guess they think this will enhance revenue. One has to wonder where these Marketing folks went to school. What university is handing out MBAs, quite apparently simply for the asking?

I think Slimdevices gets their customers so well because they basically are their customers.

Sorry, didn't mean for this to be a rant, but I guess I have some feelings about all this...

Michaelwagner
2006-02-11, 07:19
I think Slimdevices gets their customers so well because they basically are their customers.
What a great ad:

Hi I'm Sean. I'm not just the CEO of Slim Devices ... I'm also a customer.

Fred
2006-02-11, 07:29
Isn't Slimserver kinda like the playboy in the frat house?

Sure. Except the playboy is not a physical object. A physical object cannot be shared by a lot of people at the same time. A physical object becomes worn as it is used.
Also, you're considering a frat house with some millions of "brothers".


I'm playing some music on the slim when my buddy comes to visit. He says "hey, what is that, I like it". I look at the display (or he does), and say "it's the new Madonna (or Springstein, or whatever) album". (advertising).

He says "neat, I gotta go pick that up for my house". (sale)

I don't know about your buddies, but most of mine would say: "neat, I gotta go pick that up for my house. Can you put this on a CD for me?". (theft)

This is the risk that record companies see. They may not be the smartest marketing or technology cookies, but there is no denying my alternate scenario is a very common and likely one. Just got a friend on the phone that said "I just got this DVD recorder so now I can copy DVDs. Will you lend yours to me so I can copy them?". Didn't that or something along the same lines happen to you?

In my book, record companies have a natural reaction to a very real risk, and all they are trying to do is to mitigate it. Now we can discuss how smart they are in mitigating it, and how likely it is that they are alienating their customers in doing so. We can also discuss about alternate ways of financing music creation, which would eliminate record companies (f.e. most art is financed from taxes).

They dealt with Apple because Apple is a major brand name (lotsa sales) that fully controls the delivery chain (from source to customer ears) (medium risk). Balance between perceptions of revenue versus risk. Other proposal failed probably because they did not provide (or failed to convince they could) the same mix.


it's just amazing how badly RIAA constituents understand their market. [...] One thing that really struck me about Slimdevices was its obvious understanding of its market.

It may not be what you meant, but I am not sure the market of Slim Devices and RIAA constituents is the same. It seems to me the former is a subset of the latter. Slim Devices customers are technology-aware people with USD 500+ (considering you need amp, speakers and PC) to spend on a "gadget" for playing music. The market of RIAA constituents is much larger, pretty much any user of music.

My mother belongs to the RIAA market but not the Slim Devices market. The only reason she would ever buy a Squeezebox would be because of me, and then she would not care about the fact it is Open Source (case in point, it's not listed as a Product Feature on Amazon). She has, however, be exposed to CD copies (gifts from friends).

My point is that RIAA is trying to prevent the mass from copying music. At some level, I am sure they understand that in doing so, they may anger a subset of the market that understands the whole issue a lot better. But then, what is worst (somewhat random numbers): loosing the 50'000 or so Squeezebox customers or half of the 10 million other customers ?

Nothing is black or white. Everything is grey, and the shade of grey changes depending on the side of the pond you happen to sit on.

Fred

iar
2006-02-11, 07:38
or there is an anti trust or class action suit against Apple

coincidentaly i just read this a few minutes ago ...
"Northern California Judge Gives Green Light to Monopolization Suit Against Apple"
http://www.ehomeupgrade.com/entry/2095/northern_california_judge

Michaelwagner
2006-02-11, 07:55
Also, you're considering a frat house with some millions of "brothers".
Well, I'm talking about my own collection and in my house. I'm popular but I'm not *that* popular.


I don't know about your buddies, but most of mine would say: "neat, I gotta go pick that up for my house. Can you put this on a CD for me?".

My buddies sometimes say that. I say no.

There is an exception - I occasionally make copies of my music for my girlfriend that I live with. I believe this is governed by fair use, since she could have taken the original to play in her car (over my dead body, but that's another story).


Nothing is black or white.
Except for the Squeezebox 3 :-)

Christian Pernegger
2006-02-11, 08:13
> > He says "neat, I gotta go pick that up for my house". (sale)
>
> I don't know about your buddies, but most of mine would say: "neat, I
> gotta go pick that up for my house. Can you put this on a CD for me?".
> (theft)

Thank god the US lobbyists in Brussels haven't managed to outlaw that
here yet. Even in the US it's copyright infringement not theft, I
believe.

> In my book, record companies have a natural reaction to a very real
> risk,

I agree, but the risk isn't a few people (or even half the internet)
reproducing their product at cost. The risk is becoming extinct as the
need for a middle man dimnishes in music sales.
When all playback hardware requires signed media - what's to stop them
from not giving the keys to independent artists.

In the same vein, services like Rhapsody or the Yahoo Music one are
great in theory -- access to an enormous and possibly diverse music
catalog at low cost. It's just, as soon as a majority of people are
using such services, their control over music distribution becomes
absolute. Every artist will be forced to be on one of those, and be
bled for it dearly.
Competition might in theory solve this, but not as long as there is a
cartel of music "owners" like the RIAA who can dictate almost any
terms.

DRM does not solve the "piracy problem". That's fine with the big
labels because the problem they want solved is the "0-cost
distribution problem". If that migitates unwanted copying on the side,
all the better.

> They dealt with Apple because Apple [...] fully controls the delivery chain
> (from source to customer ears)

Exactly.

C.

Michaelwagner
2006-02-11, 08:41
I think one possible outcome is that the internet, with it's larger fanout, will in the music world allow more direct contact between musicians and listeners, cutting out labels.

Already in manufacturing we see similar things happening. Dells distribution model is manufacturer to consumer. In my field of metal stamping, there used to be entire infrastructures that would try to match up manufacturers of a certain process with customers that needed that process. Sales Agents. Trade Directories. There seems to still be a role for a few of these, but for the most part, these are dying. Now most of my customers come directly to my web site and contact me directly.

I think, ultimately, this is what the labels (and by extension RIAA) are really worried about.

But it's like trying to stop a steamroller.

stinkingpig
2006-02-11, 09:52
....
> This is the risk that record companies see. They may not be the
> smartest marketing or technology cookies, but there is no denying my
> alternate scenario is a very common and likely one. Just got a friend
> on the phone that said "I just got this DVD recorder so now I can copy
> DVDs. Will you lend yours to me so I can copy them?". Didn't that or
> something along the same lines happen to you?
>
> In my book, record companies have a natural reaction to a very real
> risk, and all they are trying to do is to mitigate it. Now we can
> discuss how smart they are in mitigating it, and how likely it is that
> they are alienating their customers in doing so. We can also discuss
> about alternate ways of financing music creation, which would eliminate
> record companies (f.e. most art is financed from taxes).
....

There's an incorrect assumption here, which is very common when discussing
software or media theft:

"every copy of the product represents a lost sale."

In actuality, every copy represents a marketing opportunity, in which the
recipient discovers something that they didn't have before.

--
Jack Coates At Monkeynoodle Dot Org: It's A Scientific Venture!
"I spent all me tin with the ladies drinking gin, so across the Western
ocean I must wander" - traditional

Fred
2006-02-11, 13:20
"every copy of the product represents a lost sale."

In actuality, every copy represents a marketing opportunity, in which the
recipient discovers something that they didn't have before.

Agreed, to a point. Now there are numerous copies which do not lead to discovery, but the reverse. For some articles like CDs, the label or music company is not generally what drives future sales, the artist is.

This effext is probably better understood as the fact many copies would not have been bought in the first place. Gratuity leads to exagerated consumption. This is true.

The shareware preview or free lite version or even Microsoft's Internet Explorer strategy are effective marketing tools. But giving away the products in the hope that people will be reasonable and buy it once discovered, or buy the other/next thing (which will also be available for free) is not, IMHO.

Fred

stinkingpig
2006-02-11, 22:06
>
> stinkingpig Wrote:
>> "every copy of the product represents a lost sale."
>>
>> In actuality, every copy represents a marketing opportunity, in which
>> the
>> recipient discovers something that they didn't have before.
>
> Agreed, to a point. Now there are numerous copies which do not lead to
> discovery, but the reverse. For some articles like CDs, the label or
> music company is not generally what drives future sales, the artist
> is.
>
> This effext is probably better understood as the fact many copies would
> not have been bought in the first place. Gratuity leads to exagerated
> consumption. This is true.
>
> The shareware preview or free lite version or even Microsoft's Internet
> Explorer strategy are effective marketing tools. But giving away the
> products in the hope that people will be reasonable and buy it once
> discovered, or buy the other/next thing (which will also be available
> for free) is not, IMHO.

I disagree. Example: several years ago I was given MP3s of the Pogues'
albums "If I Should Fall From Grace With God" and "Rum, Sodomy, & The
Lash". I listened to them a little bit, but over time I listened to them
more and more, then began to seek out other Pogues albums. I then bought
used CDs of both albums and "Red Roses for Me" so that I could re-rip at
higher quality. A year later I sold those back to the used record store
and bought new remastered CDs so that I could get high quality still and
some bonus tracks.

I fail to see how the initial copyright infringement hurt the jolly folks
at Warner. Similar stories apply to most of the other music I've copied or
given to friends; if it's any good, it gets bought. If it's catchy for a
week or two but doesn't stand up to repeated listening, it gets deleted.
No harm, no foul.

The fact that they're trying to shut down mashup artists and samplers
clarifies the real goal of DRM and the DMCA, which is what others in this
thread have pointed out -- controlling the new music marketplace the same
way that they controlled the old one. A mashup does zero damage to sales
of the two or three tracks that get merged; if it has any measurable
effect it all, it would probably be a positive effect. But if it isn't
recorded in an RIAA-controlled studio and sold through an RIAA-approved
outlet, it must be stopped? Craziness.

--
Jack Coates At Monkeynoodle Dot Org: It's A Scientific Venture!
"I spent all me tin with the ladies drinking gin, so across the Western
ocean I must wander" - traditional

pfarrell
2006-02-11, 22:13
Jack Coates wrote:
> The fact that they're trying to shut down mashup artists and samplers
> clarifies the real goal of DRM and the DMCA, which is what others in this
> thread have pointed out -- controlling the new music marketplace the same
> way that they controlled the old one.

Except it is not about control, it is about money.
Maybe control leads to money.

Payola is getting back in the news. Old story, same
players, same goal: get airplay on radio, get sales.

> But if it isn't recorded in an RIAA-controlled studio

I'm not sure there are such things as RIAA controlled
studios. The RIAA is about labels. The studio owners
and recording engineers are getting hosed these days
as are many of the artists and all of the fans.

If you want to buy a professional, well equipped
recording studio, there are many for sale at prices
only a fraction of the cost of the gear.

--
Pat Farrell PRC recording studio
http://www.pfarrell.com/PRC