Digital Restrictions Management

2006-07-26

Normally, when you have a piece of media, you can do whatever you want with it except for make copies and distribute them as per copyright law. You can make copies for archival and backup purposes. You can time-shift so you can watch something later than when it was first made available and format-shift so you can listen to an audio CD from a portable MP3 player. You can have a book electronically read if you are visually impaired. All of this falls under fair use. Digital Restrictions Management (DRM) adds extra restrictions to this. Sometimes it is called "Digital Rights Management", but this is a misnomer because it has nothing to do with your rights. Instead, it declares that all of these actions are not rights, but privileges and tries to take them away. To make matters worse, in the United States of America, a law was passed to enforce DRM called the Digital Millenium Copyright Act (DMCA).

There are many instances of DRM in our lives currently. DVDs contain region codes that prevent people from playing discs from other regions. This means that your DVD player can arbitrarily decide not to play a disc despite that you have legally purchased it. DVDs also contain the Content Scramble System (CSS), which attempts to obfuscate the contents of the disc. Some audio CDs contain extra programs that make the computer read gibberish instead of the data from the disc making it unplayable which prevents it from easily being copied to a portable MP3 player. Books that use the Adobe eBook format can prevent you from using "read aloud" and other accessibility funtions.

So, what's wrong with DRM?

1. There is a common misconception that DRM is based on encryption. This is due to how it employs various encryption algorithms and similar algorithms. Just because something can be used for encryption doesn't mean that that is what it is always used for. In encryption, there are 2 parties that want to securely communicate and an outside party that wants to have access to the message. The 2 parties have keys not available to the outsiders which they use to encrypt the message so that even if the outsider reads it, it will not be intelligible. The problem in DRM is in the who is talking to who. When you obtain a piece of media, you want to have access to it to play it. So, the party sending the message is the media company and the party receiving the message is you. This would be fine if they encrypted the media using your public key. However, they try to make the receiving party the media player (such as a DVD player). The problem with this is that you own and control the media player. Thus, the party is already compromised and you can extract its key if necessary. In a sense, they are giving you the key in hopes that you don't use it. This makes the message ultimately always readable to the outside party (you). Thus, it is merely obfuscation no matter what protocols are used. That is, the basic goal of securing the message is completely impossible because you have the device with the key, algorithms, and any other necessary pieces in it. So, a perfect DRM scheme is impossible and is intrinsically flawed.
2. That you are the outside party in this scheme, this means that your devices are trying to keep secrets from you. Personally, I find this disturbing.
3. DRM makes the devices decide what you can and cannot do. Machines, like anything else are not infallible. Furthermore, they have no concept of the law of whichever country the device might be in nor would they even know which country they are in. The device also wouldn't know if you had the appropriate license to do whatever you are trying to do. This means that the device cannot accurately know what you should be allowed to do in the first place. For example, Microsoft has a program called Windows Genuine Advantage. So far, it has shown itself to be inaccurate by accusing many people of having obtained Microsoft's software illegally.
4. DRM makes fair use of media difficult. It makes making backups and transferring to different formats harder. Interestingly, despite commonly being called copy protection, it does nothing about making straight copies. Making copies already requires technical skill above what many people have. People who seek to make copies illegally often do have the resources and skill to make the copies. Thus, legal use is hindered and illegal use is almost unaffected.
5. The most direct problem with DRM is that the files can be taken away at any point without notifying you. Because everything is obfuscated, if anything happens to your player's key, all of your media can be left unreadable. For example, Apple uses FairPlay to obfuscate media purchased from its online store. Everything you buy is tied to that key. If they wanted to, they could issue an update to their media player that deletes the key and refuses to import a key from anywhere else. Now all of your media from that store is gone. In fact, some online stores are based on the premise that everything you buy from them stops working as soon as your subscription runs out because it will refuse to remind the player of the key. This makes it essential that you remove any DRM from your media while you still have the key available.
6. Having all of these restrictions typically severely limits what can be used to play the media. Often the company has its own media player and that is the only one that you can use. Contrast this to using a standard format, such as MP3, which will work in just about anything. So, if I already have a media player that I like and am accustomed to, I would have to try to get another media player to work. This is often nontrivial.

One of the reasons I am so strongly opposed to DRM is because I had to deal with a particularly virulent form of it. The worst of it would most appropriately be called vigilante software. Specifically, my friend's fianceé got a Sony CD with XCP. When inserted, this CD installs a rootkit and a driver filter of the CD drive. The rootkit hides the presence of the filter. The filter makes everything you read from the CD gibberish. Of course, if Microsoft Windows had proper security measures, it would not be possible for an infected disc to install either of these. To remove it, I had to delete all of the drivers for the CD drive and then reinstall it. Installing corrupted device driver filters is malicious. An audio CD shouldn't install anything at all.

To summarize, DRM:

1. Is conceptually flawed
2. Can be outright malicious
3. Prevents many forms of legitimate use
4. Hurts legal use while barely affecting illegal use
5. Makes the device have control over what you do with your media
6. Typically restricts you to a particular media player

Time inconsistencies

2006-06-18

Months are not a unit of time, but for some reason people treat them as if they are. How many seconds are in a month? Months used to be related to the lunar cycle, but they have been padded out since then and no longer seem to correspond to anything. The months are different lengths, and despite being sequential only some have simple numerical names. To make matters worse, the names are 2 less than the index of that month because 2 additional months were inserted. For example, with November nov=9, but it is the 11th month.

Timezones are also unnecessary. The concept of a numerical value of time is useful for coordination. Timezones make coordination over boundaries more difficult. You must remember to convert between the timezones. Having times roughly correspond to the time of day is a good idea because it allows you to make a quick estimate of what time it is by just looking towards the sun. However, devising a whole system where different places will say that it is different times is useless. It is just as easy to say that the sun rises at 5 o'clock as it is to say that it rises at 11 o'clock. Each area would quickly get used to this schedule. It is not the time that varies between areas, but when the sun appears to rise and set.

Months are not the only thing that come in strange quantities. How many seconds are in a minute? Thanks to leap seconds, some minutes have 61 seconds, while most others have 60 seconds. A minute should be a fixed amount of time. Its length should not vary depending on when it is.

Autodetecting webpages

2006-06-17

The web has gotten increasing complex. Some pages now require Macromedia Flash, a PDF viewer, or a specific media player. While this can certainly be a nice addition to a page, often these pages try to use bizarre and convoluted JavaScript to determine which version of each program you have. What's even worse is that usually the conclusion reached by the JavaScript is incorrect. It will decide that you are incapable of viewing PDFs when you have 3 separate PDF viewers installed. It will decide that you can't view a movie dispite that, if it would just give you the movie file, you could.

I find it funny that people have made grease monkey scripts and browser extensions just to make the direct links easier to get to to get around this problem.

There is a much simpler and more effective approach. Instead of having all of this autodetection code, just put a simple link. If they have the plugin, it will automatically handle the file. If they don't they can download it to try it after installing the appropriate software or to give it to a friend so they can try it. Without direct links, you have to dig through a bunch of JavaScript or use a network analyzer or modified browser to find where the link actually goes to. Please just put a directly link and it will work if they have the appropriate software installed.

Note that this also covers site that claim to only work with a particular browser. Instead of only displaying that message, have the webpage as normal below. It very well might work dispite what the server thinks of its user-agent string. If it doesn't work, the user can see that warning message and have a hint as to what went wrong.

Unnecessary dependencies in webpages

2006-06-17

Many pages make use of JavaScript and Macromedia Flash, but it is not necessary to the function of the page. Not everyone has these installed or even can install them. If these are not available the page should continue to work. This is what is called "graceful degredation".

For example, if cookies aren't available, you can put the session identifier into the URL as a parameter. If you use Flash for navigation, you should also provide regular HTML links for navigation.

If you are going to require some extra feature, please be sure to mark it clearly on your page so when it doesn't work, the visitor can see a hint as to why. Also, you should ask yourself if you really do need that feature.

As a side note, I find it useful to test my webpages in the web browser Links. It lacks most of these features and you can see whether the page still works or not. Also, try using the W3C's validator to make sure that you webpage is syntactically correct.

Chicago street names

2006-10-29

Chicago's streets form a large grid. Every location has an X and a Y coordinate. Places are named by a number followed by a street name. For example, the Illinois Institute of Technology has a building at 3241 South Federal Street. Each increment of 100 is a block. This means that it is to the south of the origin in block 32. However, is this to the west or east? How are you supposed to find a place if you only know 1 coordinate? Some fiddling with Google Maps, and I can figure out that it is 100 west of the origin. So, this means that the location could more usefully be represented as (100 west, 3241 south). With this, as long as you were oriented, you could find it just by following the numbers on the buildings.

While the trivial street names do give you the other coordinate, the mapping is not obvious. Nor, is this mapping explicitly listed anywhere I can easily find. (Does anyone know where to find such a listing?) So, many people in Chicago memorize the coordinates of the streets that they commonly come across. This still does not make addresses useful, because given a new address, they will not know usually the coordinate for the street's name. Also, for the smaller streets, many people do not know their names, even if they are just a few blocks away from it. (I found this out the hard way when asking several people for directions looking for a friend's house.) So, I do not believe that many people even know most of the mapping.

Thus, the street names are not useful. Just calling them the number of the block that they are on would make navigation considerably simpler and remove an unnecessary level of indirection. It would alleviate the need to memorize an arbitrary mapping. It would make it that you would easily know where you are and the coordinates for where you were going.