iTunes DRM Hole Closed

FrYGuY101 writes "As recently covered on Slashdot, there was a hole in iTunes which allowed music to be acquired from the iTunes Music Store without Apple's DRM applied. Well, Apple has just released an update which closes this exploit."

Stops the RIAA...

[datadriven]

from filling one of Apple's holes.

Re:Stops the RIAA...

[mfh]

Apple holes are usually caused by worms, right?

Impressive

[Quasar1999]

I like how they handled that... no horrible punishments, no wagging their finger at the community... just fix the hole, force the update (for obvious legal reasons), and carry on loving your customers... I like...

Too bad napster to go couldn't be so accomodating... :P

Re:Impressive

[Anonymous Coward]

Only because it was pretty damn embarrassing and very difficult to pursue legally.

Re:Impressive

[GigsVT]

loving your customers

By forcing DRM onto them?

Re:Impressive

[2starr]

If you allow anyone to do anything with the music, the record industry won't allow songs to be sold digitally or would require higher fees to make up for the losses. I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me. So, yes... they were looking out for me when they made that move.

Re:Impressive

[ElleyKitten]

Except, everyone already can do anything with music. Almost every song you could want you can find through pirating, and when you pirate you don't have to deal with DRM, you can get the music in any format you want and it will play in any player you want. The goal when selling music digitally is not to attempt to make sure your customers don't pirate, but to make sure that what they're paying for is better than what they don't pay for.

Re:Impressive

[NEW22]

The sad thing to me is relationship your are willing to put yourself in, in relation to the music industry. I mean, if you buy a CD you could rip it to any format very easily. Going through iTunes may save money in buying singles, but you get the music in a locked up format with mediocre quality (compared to CD), and the format doesn't even work on a lot of portable music players (such as my iRiver iHP-120). It would actually be easier for me to illegally download new music right now, if I wanted to actually use it the way I want. So, you put yourself into this appeasement relationship with the music industry that is basically limiting us and screwing us over for very flakey reasons. It's like "Daddy said we could get digital music if we are all good until Friday!".

To hell with that kind of attitude. They can either lose money, or they can give us what we want. Its their choice. CDs are an open format you can use anywhere. Why is it so absurd or wrong or ridiculous to expect the same in downloading music over the internet?

Re:Impressive

[Sanity]

I love getting my music digitally, so I would prefer that a few bad DVD John-like people not ruin it for me.

Yeah, those evil programmers hurting those poor multinational record labels by writing software that allows us to exercise our fair use rights under copyright law.

Your bend over and take it attitude makes me sick.

Re:Impressive

[Hamhock]

His point isn't that he loves DRM, it's that the record companies can pull support for online downloads altogether if they want, thus removing the very conveinent resource that iTMS is. Everytime DVD-John (or someone like him) releases something like this it makes the record companies nervous, and presumably less willing to deal with an online service as open as Apples is (if you think it's not that open, you're wrong, it could be a lot more locked down then it is, and it may get to that point if these 'hacks' keep coming). Record companies ARE evil, but that's irrellevant in the context of iTMS. iTMS is beholden to the record companies. Messing up iTMS as some sort of philisophical 'fuck you' to the record companies only hurts the end user and Apple, not the record companies.

Re:Impressive

[Sanity]

Its the "bend over and take it" approach, no matter how you look at it. The record companies can't pull support for online downloads, those will happen with or without their say-so. All they can do is pull support for legal online downloads, and this can only hurt them in the end.

iTMS is one of a small number of ways that people can conveniently obtain music and pay for it. If the record companies refuse to support it, then all they will do is drive people back to sources of music where they aren't compensated at all.

In short, Apple is in a strong enough negociating position to distribute music that respects their customer's fair use rights. They deserve criticism for not fighting harder on behalf of their customers.

Re:MOD PARENT UP!

[Sanity]

It's so plain and simple. You can pirate all the music you want (just make sure you cover your tracks). But don't assume that piracy is your natural given right.

Fair use is my right, and it isn't piracy. You should really learn the difference if you are going to try to participate in these discussions.

Parent is insightful? The mods are on crack!

[Frodo Crockett]

I would prefer that a few bad DVD John-like people not ruin it for me.

WTF? Last time I checked, all Jon (there's no 'h' in his name) wants to do is watch dvds and listen to music purchased via iTunes on his Linux box. What Jon has done is indeed illegal in some countries (more extreme /. members would call them corporate states), but I don't think that any honest person can say it's unethical.

It's really quite simple. If you buy something, you can do whatever the hell you want with it, so long as your actions don't harm anyone. Don't give me that "indirect harm" bullshit, either. I'd give you ground if we were talking about releasing the plans for building an antimatter bomb, but not for something so inconsequential as circumventing DRM and copy protection.

Re:Impressive

[Frank T. Lofaro Jr.]

I would prefer that a few bad DVD John-like people not ruin it for me

DVD John and other people who write software that allows people fair use are bad people? Are you nuts or just a fascist?

Re:This was "insightful"?

[geoffspear]

Look, if you want to listen to indy crap I won't judge your taste in music, but only as long as you don't judge the 99% of the population who likes some music owned by the major labels.

If your beloved indy artists were any good, most of them would sell out to the major labels in a second.

Re:Impressive

[jbarr]

loving your customers

By forcing DRM onto them?

They are simply "enforcing" a standing policy, not "forcing" DRM. And it is a policy that their customers have already agreed to. Plain and simple, if you don't want DRM, don't use their service.

Re:Impressive

[0x461FAB0BD7D2]

I think they've realized that DVD Jon is pretty much untouchable. He walks a fine line, but hasn't yet crossed it.

It's not out of the goodness of their heart, but more because lawsuits are pretty damn expensive.

Imagine..

[khrtt]

..how ass-like they would look suing DVD Jon... again!

Besides, I really don't think there was anything illegal in his hack this time. Even with the U.S. DMCA included into consideration.

Re:Imagine..

[sh00z]

Sort of. He could only have violated the TOS if he had agreed to them through the iTunes EULA. Since this program wasn't using iTunes, the Terms of Service weren't invoked.

Re:Imagine..

[Marran Gray]

I'm not speaking strictly from firsthand analysis, but it doesn't look like the hymn developers are violating the ToS. hymn is a tool that performs certain operations on standard data objects (mp4 atoms). Actually using it on music files you bought from iTMS is a ToS violation... by the user. You can maybe make arguments about the "intended purpose" of hymn, but that's a much more complicated issue.

Incidentally, as much as I dislike DRM and will probably never buy any DRM'd music (it just feels unclean),

Re:Impressive

[ray-auch]

Note that (per previous news stories, and probably on /. too) the update they are now forcing has more limits on what you can do with the music.

See eg. here [theregister.co.uk].

Note the comments about no one being forced to upgrade... well, not any more.

Re:Impressive

[cyngus]

Yet it remains the most consumer-friendly DRM around. Let's also remember that Apple itself could probably care less what you do with your music, but it has to reach some common ground with the record companies.

Re:Impressive

[swv3752]

No compromises are acceptable. It is people like you that accept the encroachment that will mean we rent everything.

And, yes I do not use Itunes, not just because it is not available on my chosen OS.

Re:Impressive

[Jah-Wren Ryel]

You sir, are a very reasonable fellow.

"The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore all progress depends on the unreasonable man."
-- George Bernard Shaw

Re:Impressive

[Life2Short]

But Apple was already tightening the screws. The 4.7 version of iTunes prevents DVD Jon's hack from working. It's been out for months now. In addition, with version 4.7.1 Apple "fixed" the program so that instead of sharing my iTunes with 5 people simultaneously over the network at a time, I am limited to 5 people per day. Apple was in the process of tightening the screws already. I don't think these actions invalidate your position, but I just think it's difficult to separate cause and effect here.

Re:Impressive

[Satan Gave Me a Taco]

That's what he is you know, a fucking asshole ...The very simple and easy to live with rules that Apple laid out are just too much for some people ...All the crying people do about the big bad evil DRM screwing up the world and the "1984" type predictions are going to come true but it'll end up happening because the assholes among us will turn their noses up at every reasonable compromise along the way ...it will be in a sense our own fault.

It's wrong to assert that "assholes among us" are the source of the problem. The labels are the ones imposing restrictive DRM. When a person or a entity acts in a reactionary manner, it is their own fault, not the fault of the thing they are reacting to.

If you don't like the rules at iTMS then go buy your music elsewhere and quit screwing with the way the rest of us buy it)

I don't buy at ITMS. I buy CDs, so I can rip to whatever format I want, with no DRM. But I support people like DVD John who are proving that DRM doesn't work. The record labels will have to change their business model to work with human behavior. What you propose is us changing our behavior to work with their business model. I couldn't disagree more.

Classical Music

[jbolden]

I suspect without the marketing and promotional work of the major labels the rock world would become more like the classical world. Mentally people would become much more aware of the contributions of composers / writers and not just those of performers. In rock Jerry Leiber & Mike Stoller (Love potion #9, Yakety Yak, Poison Ivy, Hound Dog) are about the only song writers where their fame has surpased the performers that made their works hits.

The net effect would be the more pure music market would

Re:Impressive

[Darren Winsper]

Define "reasonable compromise." Strangely enough, what may be reasonable to you is not reasonable to me. I have enough computers that I would actually hit the limit of the number of computers I could have my music on under the iTunes limits.

Tell me, what's the reason for restricting iTunes' streaming capabilities? It used to be five simultaneous users, now it's 5 per day. w00t.

The reason people won't accept these so-called "reasonable compromises" is because there is no such thing as a reasonable compromise with DRM. By accepting DRM you're saying it's OK for the RIAA to re-define how you listen to your music on a whim. It's not reasonable at all.

Re:Impressive

[Frank T. Lofaro Jr.]

We turn up our noses at every reasonable compromise along the way?

Such as a 14 year + possible 14 year extension term of copyright, fair use, no DRM and no DMCA?

Oh wait, WE were fine with that, it was the content industries and their lackeys which turned up THEIR noses at that "reasonable" (*) compromise between private rights and the public good.

(*) Now that the marginal cost of copying is almost nil, and people can produce and distribute content very cheaply (or in the case of P2P, one's content can sp

Re:Impressive

[AlexTheBeast]

Napster did the same thing actually. If you remember the "winamp/napster free music hack" [tech-recipes.com], napster quietly stopped that hole. They have also closed the virtuosa [tech-recipes.com] hole without press nor fanfare.

Napster closed those holes efficently and quietly.

No surprise

[NerdHead]

When holes like this one open, it's only a matter of time before they close.

Rant:
This is no big surprise. Our favorite music is owned and operated by an industry
who cares more about money than music. The artists who write and play this music
have sold their souls to this industry. Until the artists wise up and use the
Internet to distribute their music on their own terms, this cat and mouse game will continue. It's not going away soon since many artists do it for the money anyway.

Re:No surprise

[Anonymous Coward]

You forgot to mention The Man. The concept of The Man is essential to all sixties-flavored artistic-integrity rants.

Peace.

Re:No surprise

[Golias]

Our favorite music is owned and operated by an industry who cares more about money than music.

I write software for a living, and guess what? I care about money more than software.

You are welcome to work at whatever craft you do for free all you like, but professional musicians (and yes, professional music sales executives) have a right to charge for their work by whatever means they consider to best suit them.

The artists who write and play this music have sold their souls to this industry.

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers. There's no way schmucks like you are ever going to hear my music unless I "sell my soul" to the record industry, because I don't have hundreds of thousands of dollars to spend on marketing and promotion.

g/marketing and promotion/s//payola/

Re:No surprise

[KiloByte]

Do I need to point you at an opportunity for free promotion?

Re:No surprise

[tepples]

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers.

What if the label's affiliated music publisher instead sent you a cease-and-desist letter, claiming that "every (crappy) song [you] ever wrote" is an infringing copy of one of its own songs? Hey, it could happen [slashdot.org].

You'd be screwed too

[jocknerd]

If you think that you would be signing a big fat contract with the music label, you're just as dumb as most of the artists out there. What you would be signing is a loan. You would be at the record labels mercy. Believe me, you are better off now. At least you don't owe the music labels anything.

It's not that simple

[metamatic]

...the truth is that the "loan" for studio time comes out of your future cut of the profits, and if none exist you simply walk away.

Sure, if you don't mind your musical career being over.

See, the big labels put in an exclusivity clause. Sure, you can "simply walk away", but you can't then release music commercially, even as part of another band, until you've paid them back what you owe and they've given you permission to record for someone else, or the duration of the contract you signed has expired.

And that's not the worst of it. It's not necessarily you who gets to decide whether to "simply walk away"; the record label can decide that it's not going to bother releasing anything you record, but you're still under contract and can't record for anyone else.

I know a couple of musicians who got fucked that way. They signed with a major label (Polygram). After a couple of singles, the label decided the musicians hadn't been profitable enough, so nothing more would be released. However, they couldn't go back to their indie label, because they were under contract for the next 8 years. So, that was the end of their musical career as artists; they worked as producers for a while, then found jobs outside the music industry.

I guess if all you care about is making money, and you don't mind your musical career ending totally if you fail to make big bucks, then a major label contract would seem like an OK deal.

Re:No surprise

[Zeneris]

Only trouble is the label is only giving an advance (i.e. a loan) so in reality you will probably only see a tiny return or even be in debt, even after any nominal royalies, because so much gets sucked up as "expenses"! Wise up, even top 10 artists can be poor!

Re:No surprise

[Golias]

Wise up, even top 10 artists can be poor!

iTunes current top 10 downloads:

1. Cry Baby / Piece of My Heart
Melissa Etheridge & Joss Stone
2. Switch
Will Smith
3. Since U Been Gone
Kelly Clarkson
4. Boulevard of Broken Dreams
Green Day
5. Rich Girl
Gwen Stefani & Eve
6. Mr. Brightside
The Killers
7. Candy Shop
50 Cent
8. One, Two Step
Ciara featuring Missy Elliot
9. Obsession (No Es Amor)
Frankie J & Baby Bash
10. Caught Up
Usher

Which of these "artists" are poor? Will Smith? Gwen Stefani? Usher?

Won't somebody do something to help these poor starving artists out of their current plight!?

Re:No surprise

[Short Circuit]

The best music and software tends to be funded by culture, not money.

Re:No surprise

[Registered Coward v2]

The best music and software tends to be funded by culture, not money.

So I guess that leaves Mozart and Handel out of the best category.

Sure, there're artists who never make money and produce great art, but there's alot that's driven by money and recognition that's great as well.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Totally missing Scott McCloud's point

[rjung2k]

"It's a fine line that has been hotly debated since the days of Socrates, but there is an important qualitative difference between those who do things that are ultimately "functional" (i.e. produce a product which in some way furthers the aims of survival and reproduction) and those things which are "artistic" (i.e. things which do not further survival or reproduction). It has been argued by some (like Scott McCloud) that the moment one bleeds into the other (i.e. the money starts mattering more than the ar

Re:No surprise

[pixelpusher220]

As a fellow Software Developer here's some thoughts for you:

Once upon a time before music could be recorded at all, musicians made a pretty decent living *performing*. Now that the internet is taking away the bastions of distribution of *recorded* music, maybe artists will go back to what worked before, playing LIVE!

I work in gov't contracting, we write specialized code for a specific use. In that sense it's *LIVE* programming, I'm not building something to resell to other people, I get paid for my t

Re:No surprise

[webbroberts]

If you really care about making money, then you definitely want to avoid the industry contract.

Steve Albini published an excellent rundown of how the industry screws signed bands [negativland.com]. In summary:

The Balance Sheet: This is how much each player got paid at the end of the game.

Record company: $ 710,000
Producer: $ 90,000
Manager: $ 51,000
Studio: $ 52,500
Previous label: $ 50,000
Agent: $ 7,500
Lawyer: $ 12,000
Band member net income each: $ 4,031.25

Re:No surprise

[cens0r]

Actually that isn't true. Big Black and Negativland where on indie labels and were self recorded and produced. Steve also still will record ANY indie band who will pay is fee and as long as you truly are indie the fee is very manageable. Whoa is the band who comes to him after signing to a major label though, that fee will sky rocket.

Re:No surprise

[smcdow]

As the leader of a small-time garage band, I would LOVE to have a label come along and "exploit" us with a five-year, multi-million dollar record contract, even if it meant seeing every (crappy) song I ever wrote locked down by eeeeeevil DRM layers.

You have no idea what you're talking about. I know bands (I live in Austin, of course I know bands) that have not only didn't make money on their contracts, but ended up in debt to their record companies. The record companies charge their "expenses" to the band. Bands get a "statement" every month showing all the details and transactions, and the band has to arrange to repay any negative balances on the statement. The record company can use this to blackmail the band -- like not releasing an album and locking down the masters so that the band couldn't release the album under any circumstances. It's all legal because, well, the band signed the contract.

Word to the wise: If you do get a record contract, and your AR guy shows up one day to "take you out to lunch", just simply decline. Otherwise, you'll be the one paying for lunch, 'cause they'll just charge the band for a lunch "expense". It'll show up on your next "statement". Especially if you were signed by a major label. True story.

Re:No surprise

[Unknown Lamer]

I bet you're lying about being in a band. If you were in a band, you'd know very well that bands make next to no money from albums. The real money is in touring and selling shirts. CDs are just a way of promoting your band so that your fans will come and see you live.

I bet you've never heard of my band [zombiemetal.com] but we made a couple hundred bucks on a short little two week tour last year playing in people's garages...You don't need thousands of dollars in marketing to make your music heard. You need to be good. Tha

Re:No surprise

[RaisinBread]

There's no way schmucks like you are ever going to hear my music unless I "sell my soul" to the record industry, because I don't have hundreds of thousands of dollars to spend on marketing and promotion.

Give me five bucks and I'll post some of your tunes on a web site. I think there is a market full of people who are tired of CD block-buying and DRM dodging, who take music for face value.

If you build it they will come

Laugh if you want, but little independent bands can go far, especially if they already

Re:No surprise

[Gid1]

BTW has anyone ever considered themselves a 'programming artist'?

Yeah. Donald Knuth [stanford.edu], Professor Emeritus of The Art of Computer Programming at Stanford University.

Re:No surprise

[Golias]

BTW has anyone ever considered themselves a 'programming artist'?

Yeah. Donald Knuth [stanford.edu], Professor Emeritus of The Art of Computer Programming at Stanford University.

Heh. I would love a Bachelor of Arts in Computer Programming to go with my Bachelor of Science in Music. :)

(Dupe posting because mods who didn't get the joke are a little too quick on the "Off topic" trigger today.)

Re:No surprise

[aug24]

Actually my best friend's father is an excellent independent singer songwriter See here [harveyandrews.com], so you're definitely right that it can be done, but it's only feasable if you dare take it up as a full time career with all the risk. He gigs full time (to packed audiences, he's really good), to keep his sales up.

But to make real money, or do it without the risk, it's the cartel or nothing.

Justin.

Re:No surprise

[Golias]

That was merely a light-hearted joke, followed by an honest question, not flamebait... but since there are some moderators out there acting like asses, I will fight fire with fire. I've got Karma to burn. Re-posting my currently -1 comment at 2. Mod me down, and I'll just do it again:

I imagine you could make 30-50,000 a year between sales of your music and merchandise and show tickets, if you had a decent content delivery system and you kept putting out good music the money would keep flowing in.. Just so you know i am also an indie rocker, and no, i wouldnt sign a contract with the RIAA...there ARE better ways, if youa are good and love the music you CAN make a living without being a whore.

Yeah, but then I would have to put the effort into making good music. I just want to force feed the crap I'm making now into the public conscious, become wealthy, and act like a total ass for the rest of my life.

So, do you make 30-50K per year as an indie artist, or are you just "imagining" that you can?

Re:No surprise

[lamz]

Of course corporations care more about money than music -- they are businesses. Now, they probably care more about music than say, General Motors, which cares more about cars, but ultimately cares more about money than cars.

I make web applications for a living, and enjoy my work, but the day they stop paying me is the day I stop making their web applications!

Even the guy playing guitar on the corner has a hat out...

Re:No surprise

[Ubergrendle]

From a mid-90s interview with Neil Young on Canada's Much Music...

Pop-tart interviewer: "How do you feel about the commercialisation of rock music? How do you feel when a Bob Dylan song is used to sell cars?"
Young: "I hold no illusions. We lost. Long ago."
interviewer:"Did you sell out?"
Young:"Well, I'm here on your show..."

Forces upgrade

[danbond_98]

Which of course requires that everyone upgrade their itunes to version 4.7. Apparently you can still use PyMusique to preview tracks, just not buy them.

just try upgrading on dialup

[RMH101]

how big is an itunes install these days? 20MB? seems like every couple of months i'm getting forced to upgrade: and guess what: it doesn't usually mean i'm getting *more* features...

Re:Forces upgrade

[danbond_98]

Yes, but ITMS will accept version 4.7 upwards. The problem was that previously earlier clients had been able to connect, however it was with them that the loophole existed. I suspect it won't be too long before someone modifies PyMusique to trick ITMS into believing it's itunes, but still.

Who exactly...

[PyWiz]

...is going to patch their system so they _can't_ get music without Apple's DRM? Why would a user knowingly restrict his capabilities to avoid copy protection?

Re:Who exactly...

[crimguy]

Good question. Unfortunately, Apple will require the upgrade for continued use of the iTMS.

What did Apple "just release"?

[DavidLeblond]

iTunes 4.7 has been out for a year now. Apple didn't "just release" anything, they just made it so their servers required you to have 4.7.

Is it a fix or a patch?

[bigtallmofo]

From the original story:

He explains that his program works by bypassing iTunes which adds the DRM itself at the end of the transfer.

I don't think it would be trivial to change the time that they add the DRM. So, is this a true fix that won't be broken again quickly? Or is this just a small patch that changes something just significant enough to break the Pymusique application?

Re:Is it a fix or a patch?

[siriuskase]

It appears that they ask the application to identify itself and if it isn't iTunes 4.7, it won't download. Sort of reminds me of those websites that checked to make sure you were running IE. That led to other browsers acquiring the ability to misidentify themselves. If that's so, it'll only take a week.

Now what we need is for Slashdot to verify that the user isn't someone who's going to run off and tell Apple.

Re:Is it a fix or a patch?

[cbrocious]

What they do is encrypt the file with the rijndael cipher before-hand. The key is given to you in the XML from the store when you purchase it, and the IV is the first 16 bytes of the file that results.

Believe it or not, Apple's DRM doesn't bother me

[Anita Coney]

Considering you can burn Apple's song on CD and get rid of the DRM, who cares.

What I'd love is a way to download songs from Apple in a non-lossy format! If DVD Jon could do that, I'd give him a lifetime of gratitude!

Re:Believe it or not, Apple's DRM doesn't bother m

[cloak42]

The problem with this, though, is that the songs are already low quality (128Kbps, even though the AAC compression is pretty decent; I have a hard time hearing any artifacts in them). If you burn them, then re-rip them, you're compressing the audio even further, creating a lower-quality version of the song than you already had.

The thing I liked about pyMusique was that it would download the song and just not attach the DRM to it, therefore not requiring the file to be re-encoded. Even JHymn requires a re

Re:Believe it or not, Apple's DRM doesn't bother m

[lamz]

Are you sure about JHymn? I don't think it re-encodes.

Re:Believe it or not, Apple's DRM doesn't bother m

[swb]

The problem with this, though, is that the songs are already low quality (128Kbps, even though the AAC compression is pretty decent; I have a hard time hearing any artifacts in them). If you burn them, then re-rip them, you're compressing the audio even further, creating a lower-quality version of the song than you already had.

You're not making the lossy original lossier, though. I can't think of too many (any?) audio transcode applications that don't essentially decode the original format into what amo

Re:Believe it or not, Apple's DRM doesn't bother m

[salimma]

If you re-encode to the same format using the same encoder, the loss is probably minimal. If you re-encode to, say, MP3 or Ogg Vorbis, which quite probably have different ideas about which data should be thrown out, you're more than likely to start hearing defects much sooner.

Re:Believe it or not, Apple's DRM doesn't bother m

[Golias]

I'm with you. I would cheerfully pay an extra ten cents (or so) per song and put up with the longer download times if I had the option to get iTMS stuff encoded with either FLAC or the "Apple Lossless Format."

In fact, I'm going to send an e-mail to the iTMS sales support folks saying exactly that, and I suggest you do the same.

Re:Believe it or not, Apple's DRM doesn't bother m

[mccalli]

What I'd love is a way to download songs from Apple in a non-lossy format!

What I'd like to see is iTunes to have a 'compress when copying to portable' option, and then have Apple sell lossless.

I don't mind wasting the gigs for lossless on my desktop, but I would object to wasting them on my 1st generation 5Gig iPod. Allowing this option would let me store the master copies at home, but still carry a fair amount of them around portably.

Cheers,
Ian

Re:Believe it or not, Apple's DRM doesn't bother m

[k_187]

There's already an option for that for the ipod shuffle. I'd imagine that there's some way to either enable it for other ipods, or bug apple enough that they'll add it for other ipods like they did with the shuffle music and other options for the 4th gen ipods.

FLAC support would be even better

[swb]

I'd prefer to see FLAC support in iTunes. I know its probably not something they'd support on the iPod, but a lot of live sets are offered in FLAC format and it'd be great to be able to import the FLAC files directly into iTunes and only convert them to MP3/AAC if I wanted them playable on the iPod.

So then..

[TheVampire]

..someone just releases a patch to PyMusique so that it looks like version 4.7 of ITunes to Apple's servers...
and the endless game continues....

Re:Wouldn't that be crossing the line?

[Anonymous Coward]

Misrepresenting software to get around the DRM could be interesting legally. (Yes, I know browsers can do this -- but not to avoid DRM.)

Want a hole fixed? Publish to Slashdot!

[unsung]

Seems that Slashdot has become the standard bug-report mechanism across numerous OS's and companies.

Apple bias.

[northcat]

It didn't plug a "hole". It modified things so that PyMusique won't work anymore. Like they did with Real.

Re:Apple bias.

[mmkkbb]

It's not quite what they did with Real. This update was already out there, but iTMS did not require it. The only change appears to be server-side.

It plugs the hole, but unfortunately...

[Weaselmancer]

...it requires you place a wad of chewing gum in the headphone jack.

Not really closed

[Anonymous Coward]

Of course the only change that Apple has made is to require iTunes 4.7 as the client. How long before someone figures out how to make PyMusique look like iTunes 4.7?

And as long as they are sending un-DRMd songs down to the client they are suceptible to man in the middle attacks (a proxy server which watches for iTMS traffic and saves the song streams to another file), or to someone directly pulling data out of the iTunes app (though the second would arguably violate the DMCA).

Re:Not really closed

[biglig2]

Perhaps Apple only transmit un-DRMed material when they detect an old client version?

Or perhaps the 4.7 client is able to sign the connection in some way so ITMS know it is a real copy of iTunes

Exploit?

[Anonymous Coward]

How was being able to PURCHASE something in a form that the user actually wanted an exploit? A bug that would allow someone to gain access to Apple's servers, or to steal information, or - for that matter - to steal songs without paying - all of those would be exploits.

Re:Exploit?

[Secret Agent 99]

How was being able to PURCHASE something in a form that the user actually wanted an exploit?

How is circumventing the seller's terms and obtaining the goods in a form not intended for sale not an exploit?

Here's an idea: go to a restaurant with your favorite mug. Walk into the kitchen, ladle some soup into your mug. On your way out, leave the price of a bowl of soup on the counter. See what happens.

Shift

[trueguru]

Maybe you just hold the shift key down when you download

so hymn no longer works then...

[mzs]

I wonder how happy all the Hymn and J-Hymn users out there are about what DVD Jon did. By releasing PyMusique, he got Apple to force everyone to use 4.7 iTunes if they want to use the iTMS. I believe that 4.7 broke Hymn and unless that has been addressed, now people will no longer be able to remove the DRM from music that they purchased from the iTMS.

What happened was fine, nothing to get your knickers into a knot about. When you buy music with DRM you are agreeing to use it according to the terms set forth. One of those terms is that you agree to how the terms may change in the future. That is why I do not buy music with DRM, the fact that what I can do with that music can change at any time.

It is too bad that the Apple DRM happens to be one of the least onerous and DVD Jon gave Apple a reason to make people move to slightly more restrictive terms with 4.7, but still just the fact that Apple can modify what you can and cannot do with the music from the iTMS is an immediate turn-off for me.

Re:so hymn no longer works then...

[the_2nd_coming]

jHymn addresses that. what Hymn did not do was remove the uid atom and some other atom that when iTunes saw them, it would not play the song. removing the atoms makes iTunes blissfully unaware.

Re:so hymn no longer works then...

[ndvaughan]

I just upgraded to iTunes 4.7.1 (after Apple released their "fix"), bought and downloaded a two tracks, and used j-hymn 0.7.5 to convert them. It worked flawlessly.

So this is what we come to

[CastrTroy]

So, the music executives have forced DRM on Apple and so they have to provide it in their files. But they aren't really doing anything. Basically the DRM is to prevent files from being just put on Kazaa and spread around the world. Yet, the DRM doesn't really stop this. There's still the burn and re-rip strategy which is quite effective, as well as the "buy a CD method" which is also effective for getting files onto the internet. The only thing this does stop is file which the person has purchased being accidentally leaked on the internet by some hard-drive scanning P2P program. Anybody who still wants to distribute their purchased music can still do so. All it stops is people who don't want to share their purchased music from sharing it unintentionally.

Re:So this is what we come to

[dant]

So, the music executives have forced DRM on Apple and so they have to provide it in their files.

Please stop perpetuating this myth. Apple have publicly stated [eff.org] that they would continue to use DRM even if the music labels didn't ask them to.

FairPlay is about stifling competition as much or more as it is about protecting copyrights.

Good for them

[CheeseTroll]

For so long, one of the more legit arguments for downloading music via p2p was that music publishers gave customers no other options other than to purchase an entire, overpriced CD when all a person wanted was one or two songs. Now we have a multitude of options for buying music pretty damn inexpensively online with a very reasonable implementation of DRM, and some people still want to jump through hoops to cheat the system? For god's sakes, write your own music if you're that cheap!

You guys don't own the music you are buying

[Anonymous Coward]

You are (and always have) bought a license to use a copy, and the rights you have on how you can use that copy are limited.

You do not have, for example, distribution rights.
You cannot buy a copy of a movie or song and then broadcast it. That requires a different type of license.

You do, however, have your fair use rights, which, I agree, are being eroded and trampled upon. Sure, we can just burn to CD and then rip the MP3s back to get rid of Apple's DRM, but using any technique to bypass DRM or copy protection is a Federal Offense (tm) via the DMCA.

So all this bitching and whining about how YOU can't do what YOU want with YOUR music is drek. When you go produce your own music, then it's really YOUR music to do with what you want, and you can philanthropically hand it out on a web at your own expense all you want.

But you are buying a license from somebody with this stuff, and that license clearly delineates what rights do and do not come with it. If you don't like it, then don't friggen buy it.

You're like the people who bitch about gas prices going up but keep driving your cars. Or even worse - the people who plan a one-day "drive-out" where NOBODY BUYS GAS! That'll show those evil oil companies! That'll MAKE them listen!

Re:You guys don't own the music you are buying

[lantenon]

I don't mean this as a troll, it's an honest questioning of the often-touted belief that what we're buying is a license to use the "information" (ie: listen to the CD):

If I'm buying a license to use it (in this case, the cd), and not actually buying what's on the item itself (the music that's stored on that cd), why can't I take my cracked CD to a CD store, pay a nominal materials fee to cover the cost of re-burning, packing, shipping, etc. this new CD, and have my broken one replaced? I have, after all, a

Re:You guys don't own the music you are buying

[Pofy]

>You guys don't own the music you are buying

That doesn't make any sense. Buying means that you transfer ownership (in compensation for money usually). This is fairly well regulated though (consumer)sale laws. It is in fact a form of contract done in the shop were you exchange money and a product, and as a result, also the ownership is changed (see applicable sales law).

Hence if you buy (or sell) there IS a change of ownership and you own it, or you would not have bought it to start with.

>You are (a

I just don't get it

[Fahrvergnuugen]

Walking into a brick and mortar building and purchasing a good old fashioned CD is still a method for getting music. And it doesn't have a DRM attached to it. So why does everyone insist on attaching a DRM to purchased music files? How are they different than the physical CD? A physical CD takes me less than 3 minutes to either rip into AAC or make a physical copy and pass around to whomever I please. Putting a DRM on things is just like saying, PLEASE, TRY AND HACK ME. Its no different than telling kids that they can't drink until they're 21. If you don't make a big deal out of it, neither will they (look at countries that don't have a drinking age for example). On top of that, we all know that DRM is a useless technology. You give the person an encrypted file AND the keys to open it. Wheres the security? And now for the honer system theory.... If it were made blatantly clear when you purchased a song from the iTMS that YOUR NAME and ACCOUNT NUMBER were embedded into the file (just like a license plate on a car), I would certainly think twice about sharing that file on a P2P network. At the same time I would have an unlocked unrestricted file to do as I please with.

another hole?

[harlows_monkeys]

Isn't there still a big, exploitable hole? The hole was that iTMS actually provides music without DRM, and iTunes adds the DRM after the download. The original exploit was to use a client other than iTunes to download, and that client did not add the DRM. This fix is to require the use of iTunes.

So what happens if you download with iTunes, but are running a packet sniffer to grab all the data? Couldn't you then look at those packets and get the unencrypted music from them?

Is DVD Jon ruining it for the rest of us?

[razmaspaz]

I'm wondering what the reactionary response to this will be.

In high school (a long long time ago) a friend of mine got a -3 on a question on a test. The girl sitting next to him got a -1 on the same question with a near identical response. He complained and the situation was resolved by giving the girl a -3 instead of a -1.

My point, instead of raising awareness of the stupidity of the law and making it better for the rest of us...will DVD Jon just ruin it for us? Will his escapade just serve to make DMCA laws worse? Will the RIAA use this to show that DMCA laws are not tough enough?

Re:First pizzle

[jersey_emt]

Well you all knew it was going to happen sooner or later. I'm surprised it didn't happen sooner than this.

Re:Record-to-CD format hole?

[Sleepy]

When you re-rip, you recompress (unless you rip only to WAV and never create MP3's).

The method you outline will inject some distortion into the file, much as you would get if you tooka JPEG file and re-compressed it again.

Re:Don't noun your verbs

[mlyle]

Ah; someone wants to be pedantic based on their little dictionary. I'm sorry to say that, when it comes to a dictionary, size matters.

From the OED (rekeyed by hand for definitions only):

exploit. sb. Forms: (...) The etymological sense is thus 'something unfolded, brought out, or put forth'; the action of unfolding or developing.

1. Advantage, progress, speed, success, furtherance. Const. of to make exploit: to make speed, to meet with success.

2. The endeavour to gain advantage or mastery over (a pers

Re:Rip to a virtual CD?

[Knobby]

There are a number of utilities (for example Audio Hijack) that allow you to do this on the Mac.