Archive for November, 2005

The Sony DRM Fiasco: What You Need To Know

Sunday, November 27th, 2005

Disc

Sony BMG recently implemented a copy-protection scheme on some of its music CDs that has the tech community up in arms and has even managed to make the popular press. Here’s what you need to know about it.

The music CDs play without problem on standard CD players, but require special software to play on a computer. When you insert the disc into your CD drive, you get a license agreement. After clicking on the “Agree” button, DRM software is installed from the CD allowing you to play the music. So far, so good. Maybe a bit annoying, but not newsworthy.

The problem is that, on Windows systems, Sony utilizes a rootkit to help prevent people from disabling the DRM software. A rootkit is a set of programs and tools that enables a (typically malicious) program to hide its presence on a system. This fact was discovered by Mark Russinovich when he ran his Rootkit Revealer program and got an unexpected positive. (By the way, if you’ve never checked out the SysInternals web site, I heartily recommend it. They have some useful freeware utilities that you can’t find anywhere else.)

Mark posted the discovery on his blog, and it didn’t take very long for the tech community to go ballistic. They called it an infection, a trojan, spyware, etc. But the real problem was that the Sony rootkit hides “any file, directory, registry key, or process whose name begins with ‘$sys$’”. It was thus theoretically possible for malicious hackers, upon gaining access to a system, to utilize the rootkit for their own purposes. And it wasn’t long before that theoretical possibility became a reality.

Sony slowly began to realize they had a problem. First they gave difficult and convoluted instructions on how to remove the rootkit. After complaints from the tech community, they came up with a better method. As publicity mounted, Sony finally decided to recall the copy-protected CDs. Then the lawsuits began. The EFF filed a class-action lawsuit, and the state of Texas filed a civil lawsuit claiming the DRM software violated its spyware laws. Finally, as the tech community dug further into the DRM software, they discovered that Sony had illegally copied some LGPL-licensed software.

This was an expensive public-relations fiasco for Sony. The funniest part is that it’s possible to circumvent the copy protection using a piece of tape, holding the Shift key while the CD is loading, or disabling autoplay. (Note that the tape method is old news—it seems that sometimes they never learn.)

So that’s the whole thing in a nutshell. Here are some links with more details:

http://www.tgdaily.com/…

http://www.schneier.com/…

Take Cover! The Death Star Has Entered Our Solar System

Sunday, November 27th, 2005

Darth Vader

This is just too unreal…

http://blogs.starwars.com/…

Holographic Storage Is a Year Away

Saturday, November 26th, 2005

Sounds promising, but time will tell.

http://www.newscientist.com/…

Colored Soap Bubbles and Disappearing Ink

Monday, November 21st, 2005

ZubblesThis is the somewhat long but interesting story of one man’s quest to create colored soap bubbles. The thing that makes it significant is that disappearing ink was developed as part of the process. Once the ink was created, they realized it could be used for many other applications. Expect to see it popping up in various products over the next few years.

http://www.popsci.com/…

Open Source Directory

Monday, November 21st, 2005

Linux

Years after I shelled out money for Adobe Acrobat, I found out there are several open-source, freeware programs that create PDF files. I could have saved my money if I’d known. It’s always been difficult for me to find a good freeware program to do what I want, and I tend to end up paying for software. I knew that SourceForge was a good place to look, but I felt like I was blindly groping in the dark. Well now that has come to an end. Wikipedia—a wonderful site if you’re not familiar with it—has a categorized list of all known open-source software, most (if not all) of which is freeware.

http://en.wikipedia.org/…

MS Office Viewers

Sunday, November 20th, 2005

Microsoft

Microsoft has free programs that allow you to view/print Office documents. I use StarOffice, but found that every once in a while it had problems with PowerPoint presentations—so this is just the thing I need. While I’m on the topic, OpenOffice is another good choice for the discerning user who doesn’t want to spend hundreds of dollars on a productivity suite.

http://pchere.blogspot.com/…

Watch Your Metadata

Sunday, November 20th, 2005

Computer Security

Every so often the tech news community lights up about a gaffe related to document metadata. Some years ago Apple was running a fairly successful switch campaign where people gave testimonials about why they switched to a Mac. Microsoft responded with its own anti-switch campaign. The name of the person in the Microsoft testimonial was not given but was included in the document’s metadata. An AP reporter was able to track her down and discovered that, much to Microsoft’s embarrassment, she worked for a PR firm employed by Microsoft. To add further damage, the picture in the testimonial was a fake, taken from stock footage. Microsoft quickly pulled the ad from its site and pretty much abandoned the anti-switch campaign.

More recently, the United Nations prepared a report on the murder of Rafik Hariri, the former Lebanese Prime Minister. Some of the more damaging allegations were removed just prior to the report’s release, but they remained in the document as metadata. These politically-sensitive deleted portions were quickly discovered and publicized, to the UN’s embarrassment.

For most practical purposes, “metadata” refers to hidden information kept by Microsoft Word as part of a saved *.doc file. The most common type of metadata is information on the people who created/edited the document. Just pull up a Word document and go to File | Properties. You should be able to quickly find the name and company of the author. This is the type of metadata that caught Microsoft.

The UN situation was a bit different. They had enabled Word’s abililty to track revisions, because the document was being edited by multiple people. The author forgot to accept the changes, thus making the original draft and the full revision history available to those “in the know.”

Anyone in a business or professional environment needs to be aware of document metadata—the potential for damage is just too high. The following are some ways to properly deal with metadata:

  • Use the Office add-in provided by Microsoft, or (recommended) purchase a commercial “scrubber”. There is also a free utility, Doc Scrubber™, that works pretty well.
  • Save the file in the RTF format and then convert it to PDF for distribution. (You should be doing this anyway—distributing non-draft versions of *.doc files can bite you.) Be aware that Adobe Acrobat also retains some metadata, so just converting to PDF may not be enough.
  • Turning off the “track changes” feature and/or selecting “accept changes” are not sufficient to remove your metadata.

Additional/Reference Links:

Windows Vista Performance Requirements

Saturday, November 19th, 2005

Microsoft

Microsoft has been touting Windows Vista (previously known as longhorn) as a significant change in how we use computers. But at what cost? If you want to take full advantage of what Vista has to offer, the preliminary system requirements include a 2.4GHz processor with 512MB of RAM. I think I’ll just continue muddling along on WinXP with my 600MHz Pentium III.

http://arstechnica.com/…

Password Generator

Saturday, November 19th, 2005

Computer Security

Need a good, random password? Steve Gibson has created a password generator that does the trick. His site, www.grc.com is a good resource for the computer user interested in privacy and security. It’s also the home of the free ShieldsUp! utility, which scans common TCP ports on your computer to see if they’re open to attacks (or just visible).

https://www.grc.com/…

Mousepad Couch

Saturday, November 19th, 2005

This couch is made entirely from stacks of unused mousepads. Actually looks sort of comfy although I’m not sure the armrests would hold up against any sort of horizontal pressure.

http://www.rit.edu/…

History’s Worst Software Bugs

Tuesday, November 8th, 2005

Wired News has a list of the the 10 worst software bugs of all time (obviously they never saw any of my code):

http://www.wired.com/…

The Ultimate Star Trek DVD Collection

Monday, November 7th, 2005

Movies

Do you feel like you’re getting behind in your collection of Star Trek movies/series, or maybe you haven’t even started? Well fear not—now is your chance to have it all. The Ultimate Star Trek Collection consists of a whopping 212 DVD discs, and it costs a mere $2500 (shipping is free). It comprises all 5 of the Star Trek series as well as the special editions of all 10 movies. According to the reviewer, the only things it doesn’t include are the animated series, Trekkies, and Trekkies 2.

http://www.amazon.com/…