handyfloss

Hoy me ha dado el punto y se me ha ocurrido mandar esta carta a la dirección de feedback de la página web de Bebe. No sé si esa dirección servirá para contactar con ella, o solo tiene como fin comentar aspectos de la página web. Igual Bebe acaba leyendo el mensaje en este blog antes que por aquel medio :^)

Vaya por delante mi respeto por la artista, y mi aprecio a su música. Sé que la situación que describo ocurre con muchos artistas y muchos CDs, pero… a mí me pasó con ella.

Este mensaje no es sobre la página web en sí, sino para Bebe, porque es la única manera que he encontrado de contactar con ella. Yo estaría muy agradecido de que llegara a ella, y estoy seguro de que ella también valorará la información que contiene.

Estimada Bebe,

No sé si estás al corriente de las protecciones anticopia con las que se comercializa tu CD, pero yo, lamentablemente, sí.

Te comento cómo consumo yo la música: me voy a la tienda, me compro el CD, lo meto en el ordenador de mi casa, lo paso a MP3, saco el CD, lo guardo en su caja, y ya NUNCA MÁS lo saco. Siempre escucho de la copia del disco duro, a través de los altavoces del ordenador (frente al que trabajo todo el día).

Por motivos obvios, esta estrategia es imposible con tu CD, el cual compré, y tengo muerto de risa en una balda. Como yo quiero escuchar tu música, recurrí a pedirle un CD pirata a un amigo, del cual pude sacar los MP3 sin problemas.

Ahora bien, ¿no es irónico que no pueda escuchar la música que compré, pero sí la que NO compré? En las circunstancias mencionadas, ¿crees que me siento incentivado para comprar tu siguiente CD, cuando me veré obligado a hacer la misma jugada? ¿Con qué cara puedo criticar la “piratería”, si gracias a ella puedo escuchar el CD que a través de su compra legal no pude disfrutar como yo quería? Mi “recta moral” me puede llevar a comprar tu segundo CD, aún sabiendo que me será inservible, simplemente para compensarte económicamente… pero estaremos de acuerdo en que eso requiere un huevo de “recta moral”.

Puede que pienses que un sistema anticopia impide, o dificulta, el tráfico ilegal de grabaciones de tu CD, pero esto no es así. En cuanto UNA sola persona rompa la protección (este proceso suele durar, como mucho, horas tras la salida al mercado del CD), esta la pondrá en internet y ya está, así de fácil. La persona que me pasó la copia pirata, ni sabía que tu disco tuviera protección anticopia. La protección solo molesta a las personas como yo, que nos hemos comprado el disco legalmente, y no recurrimos a métodos ilegales, a menos que se nos fuerce a ello.

Por eso, en bien tanto de tus seguidores, como tuyo propio, porque venderás más, te invito a elimiar cualquier sistema anticopia de tus subsiguientes discos, que espero con impaciencia, para comprarlos si no incluyen tecnologías lesivas para mis intereses como consumidor.

Writing the previous post lead me to read this Wikipedia article about the Sony DRM rootkit fiasco last year. Read it, because it is very interesting.

Among other things, I’ll quote the following (boldface emphasis mine):

Sony BMG released a software utility to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers, but this removal utility was soon analyzed by Russinovich again in his blog article “More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home”, and revealed as only exacerbating the privacy and security concerns. In fact, the Sony BMG program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition, this program was reported to install additional software that cannot be uninstalled.

So, the “solution” Sony gave to its screaming customers was worse than the problem they had previously caused!

Now, read what the Wikipedia article recomends to eliminate the risk of abuse from Sony (and others):

The XCP software can be prevented from installing in several ways. First of all, a user can refuse to purchase such copy-protected CDs, perhaps downloading the music from a digital music distributor. Second, it is possible to disable autorun so that the software will not run automatically (this can be done, temporarily, by holding the SHIFT key while inserting the CD). Putting a piece of tape on the outside of the CD will also prevent the DRM from running. An alternative is to use an operating system which the software does not automatically install itself on, such as Linux or Mac OS X, or running Windows under a restricted account instead of an administrator account, in which case the installation program will not have the sufficient rights to install the rootkit.

Quite remarkable is, also, the fact that the DRM scheme Sony wanted to force-feed into its customers, with the alleged objective of preventing copyright infringements, did actually breach a previous copyright, more precisely, a LGPL license (that of LAME MP3 encoding library). That is, they were stepping on the toes of some Open Source material: THEY, the defenders of artist and creator rights, were attacking US, the thugs that want a free-for-all right-smashing steal-fest of all kinds of materials!

Amazing the human boldness is. Truly amazing.

The McAfee anti-virus company Senior Vice President of Global Threats at McAfee, Stuart McClure (the more impressive a title, the less impressive the job) poured a bit of poison through his mouth, and ascribed the increase of rootkit attacks (into Windows systems, I suppose. But remember there are Linux rootkits. Linux is immune to virus, not to other attacks, including rootkits, intrusion via weak passwords, DoS attacks, annoying pop-ups and java scripts in web pages, etc.) to the Open Software movement (article at NetworkWorld.com here).

Now, this comes from a company that failed to properly handle the Sony rootkit threat, even though they had many customers calling for help. Mmmm, I see, rootkits are only a menace if they don’t come from huge corporations eager to squeeze our money out of us.

The link this cretin uses to blame the FLOSS movement is twofold: the first one is a post hoc, ergo propter hoc (sorry, I’m a pedant bastard). He implies that both FLOSS and rootkits are rising, and thus the latter is caused by the former. In related news, he also [could have] said that the global warming is caused by the decrease in the number of pirates, because there is a definite correlation between the two over the last 200 years (see it here).

His second link from rootkits to FLOSS is the web page rootkit.com. This web page is allegedly malicious, and helps people (crackers) create baneful (sorry, I woke up with a Merriam-Webster mood today) malware (as the page name, ehem, implies).

Now, I have a couple of objections to that reasoning. The first, and most obvious one, is that one can not blame the whole FLOSS community for some rogue members. The second is that… are those guys at rootkit.com rogue at all?

I did visit the web page, and the first article one stumbles upon right now is:

Ad-Aware is a poorly written anti-spyware program from Lavasoft. Running it gives you a false sense of safeness. There can be done numerous attacks against this software. I’ll show some of the problems and attacks in this write-up. Here’s just a summary of the most visible problems I’ve run into.
[…]

So, on one hand, it seems to be (and is) giving info to exploit holes in that program, but, most importantly it is pointing out those holes, PUBLICLY. If those dummies at Lavasoft cared about their clients and the quality of their product, they’d only need to read rootkit.com to find out what errors it has, and presumably hints on how to fix them.

One can only wonder how a publicly announced exploit can be of malicious use at all. Indeed, if the rootkit the cracker creates is Open Source, it becomes trivial to eradicate it. The rootkits that actually scare me are the ones that don’t get announced!

Remember that security through obscurity is a Bad Thing(TM). The security problem of the example above (Ad-Aware) is to be found in its bugs, not in the airing of them. The publification is a way to solution.

As Linus Torvalds says: “many eyes make all bugs shallow”.