decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Blogs, Customers & Sony's Rootkit
Saturday, November 12 2005 @ 04:19 AM EST

So Sony has decided to stop planting rootkits on its customers' computers. For the time being.

That's a start. . . .

Might that be because they are being sued? You think? They don't promise never to do it again:

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology," it said in a statement. . . .

"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," Sony BMG added. . . .

Sony BMG said it stands by content protection technology "as an important tool to protect our intellectual property rights and those of our artists."

Ah, corporateese. Where do they find people willing to express themselves like that? And where do you go to learn how to do it? Words crafted to hide your true meaning.

They thought we'd never notice or even know what a rootkit is, I gather. Sony's president of Global Digital Business, Thomas Hesse, said that "most people, I think, don't even know what a rootkit is, so why should they care about it?" But one blogger did notice and he told the rest of us, and we do care.

You see, Sony and the entire Entertainment Industry Gang have been calling their customers pirates and criminals and making pious declarations about their IP rights for so long that those same customers are not inclined to cut Sony any breaks when they do something allegedly criminal which violates their customers' rights.

[UPDATE: There is now an allegation of possible copyright violation, in that LGPL code may have been used in the rootkit, without Sony abiding by the terms of that license. ]

Huh? Customers have rights too? You can fairly smell that question in the Sony air. They so don't get it. "Ease of customer use" isn't the problem, guys. The problem is ethics. The lack thereof, not to put too fine a point on it. If you wish to sell us rootkits, you need to spell it out honestly. Sony, under pressure, now provides uninstall directions, but states that if you follow them, you can no longer play the CD you bought. Oh. Say. Do you at least get your money back?

But let's not get sidetracked into thinking this is only about Sony. Sony is just a symptom. The problem is old-think companies totally wigged out by what technology suddenly lets people do, companies unwilling to morph their business model to take advantage of opportunities the new tech presents. Instead, they snuff it out the second it raises its head above the surface of the ground. They are clinging to their old ways with white knuckles. Not even iTunes' success penetrates their noggins. They just can't get it that most people will pay for music, as long as they can get it in the form factor they want and can share at least on a small scale with friends and family and as long as the terms and price are half-way fair. We'd settle for that, but what we'd really like is if you'd get into the 21st century, let technology bloom, and figure out how to make money from P2P. Could you get on that?

But no. They prefer to criminalize normal human behavior -- wasn't it your Mommy who taught you to share? -- and prevent any use of the new technology if it conflicts with their old business model. We all have to stay frozen in the '90s, so they can continue to make money in the manner to which they are accustomed. They intuit that customers are getting the shaft, so they have suspicious ideas about their customers and plan all their business strategies to outwit the worst person on the planet. As a Christian Science Monitor headline succinctly put it, "Sony aims at pirates - and hits users ".

But you see, they think we are all pirates. Sony is absolutely not unique in that attitude, nor is the problem only in the music industry. Apple has just applied for a patent for "tamper resistant code" -- the very title is wildly offensive -- and if you put that thought together with Sony's system for what they call "sterile burning," well, you have seen the future these paranoid loons would like to arrange for us.

The real problem is corporations that have lost touch with their customers. They seem to have no concept of user rights, no understanding that messing with a customer's computer is wrong. If they want to damage our computers and hobble our CDs, it's in a righteous cause, in their lopsided thinking. Remember Orrin Hatch suggesting destroying computers owned by copyright infringers? Well, Sony preemptively did it, in their subtle way, but to everyone. They are wigged out, I'm telling you. And like all wigged out people, they are stuck in their own version of "reality", thinking emotionally, and only of themselves.

But the ironic part is this: this DRM won't stop infringement. All it does is annoy customers that wouldn't infringe in the first place. It won't in any way interfere with determined infringers, as the Christian Science Monitor article points out:

As it turns out, the way the antipiracy software is designed makes it easy to defeat. Just hold down the "shift" key when you insert a CD to play it.

"The reality is that this isn't going to stop any kind of so-called piracy," says [EFF's Jason] Schultz. "All this technology does is inhibit you from making the same kind of personal, fair-use music you've always made. The real pirates are going to easily circumvent this technology. The bootleggers won't even blink."

Now, the mainstream media didn't discover and tell us about this rootkit. It was a solitary blogger. Just go to Google and search News for "Sony DRM rootkit" and then choose to view the results by date, and you'll see what I mean. Of course, everyone is all over this story now. But had we relied just on the mainstream media, we might never have found out about the rootkit. It was a blogger who first noticed the rootkit. His site doesn't even show up on the Google results list, intriguingly enough, except that everyone refers to it. Presumably he'll be showing up now. BoingBoing gave the story legs when Cory Doctorow wrote about it, and then Slashdot and Charlie Demerjian at The Inquirer. But it was one man who blogged about his experience that got the ball rolling. And he changed the world.

Those pesky bloggers. There are now 20 million bloggers. Why can't they mind their own business? I'll tell you why. Because we buy those trapdoor CDs, if our consciousness is not sufficiently raised, as they used to say, and so we are Sony's customers. Well. Not me personally. I gave up on the music industry some time ago. I'll buy from them again when they figure out that they are cutting off their nose to spite their face. I don't like to be treated like a criminal when I'm not one. Call me quirky.

Customers of Sony have a stake in what Sony does. And they blog. It's that simple. Now do you understand why people read blogs instead of just the mainstream media? If we relied on them, no one would have told us about the rootkit. At least, no one did. So we rely on each other.

Dana Blankenhorn captures the issue:

The assumption is a lack of ethics by all. Sony is treating all its customers like criminals, and acting in a criminal manner in response. . . .

It's one thing for large institutions to be on guard against consumers or employees, to take precautions against theft. It's quite another for them to take the law into their own hands, or to take on the characters of a police state in response, to assume by their actions that everyone is a thief.

Can you imagine what Sony would say if they caught an individual doing exactly, exactly, what they did? They'd be citing computer abuse laws like scripture. "Off with their heads," would be their song. I know. Sony'd say that they did it to their *own* property, so it's different than if a hacker did it. Um. No. Our computers are *our* property. So are the CDs after we buy them. Get it? Ever hear of fair use? That is part of the law too, you know. Or did you forget that part? I have an idea: let's all abide by the law.

So several class action lawsuits are in the works. The first, to my knowledge, is the one in California [PDF]. A patent lawyer started collecting all the details on his blog and now he has set up a dedicated blog just for Sony and the DRM story. A company is in real trouble when a lawyer sets up a website dedicated to its misbehavior. Solutions began to appear to help victims detect the rootkit and remove it. Sony finally did the same, grudgingly offering a "service pack":

"This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.'"

I have news for Sony. Any time the computer owner loses control of his or her computer, their security has been compromised. Sony's clumsy damage control only made the situation worse. Then the class action lawyers showed up in force, leaving comments on blogs, looking for Sony victims willing to sign on. EFF put up a list of affected CDs and are interested in hearing about members who were victims of the rootkit, for a possible class action lawsuit. In addition to the California class action litigation, other firms are investigating a possible consumer class action against Sony Music Entertainment Corp. for selling CDs encoded with the XCP2, without disclosing XCP2's nature or effects on its users' computers. The firms are trying to locate people who 1) bought a compact disc released after March 2005 and 2) played or attempted to play it on a Windows computer.

In Italy, ALCEI (Association for Freedom in Electronic Interactive Communications -- the Italian equivalent of EFF) filed a complaint on November 4th with the Commander in Chief of the Fraud Contrast Group of the Financial Police in Italy (Guarda di Finanza), which they describe in a press release:

On November 4th 2005 ALCEI asked the Financial Police to identify the authors of the software, and those who made the willful decision of distributing it in a hidden form, and also to detect if other organizations commited similar abuses. This is the preliminary phase of an action which means to penally prosecute anybody who, in Sony BMG Entertainement, has committed such illegal acts in Italy, those who helped in committing such crimes – and anybody else who performed similar actions.

No wonder companies are beside themselves, wondering what to do about blogs. It's such a drag for them that there aren't clueless customers anywhere any more. Presumably, Sony would like to be able to plant rootkits on our computers and get away with it. Corporations prefer clueless customers, I guess, but the Internet is wiping out cluelessness.

Now, what's a corporate entity to do in the face of bloggers everywhere, telling the world all about every stupid, greedy, or even malicious thing the company does? Let's agree that retaliatory dirty tricks might tend to get you indicted and should be avoided. The bright light of the Internet makes that hazardous to your reputation anyway, and that's your problem to begin with. Instead, you might like to read a chapter of a book called International Corporate Governance, available online, and there is one chapter [PDF] called "New technology issues for corporate governance: internet message boards," by Jonathan Carson and James Felton. It's chapter 13.

It talks about how companies can handle online chatter, without breaking the law or adopting dirty tricks, specifically chatter on Yahoo! message boards, with specific examples of success and failure in handling criticism of a company. What I learned from the book is that companies need to engage with their customers, including bloggers. And I also learned that posters on Enron's Yahoo! message board blew the whistle on Enron two years before the famous memo from Sherron Watson to Ken Lay showed up in the mainstream media. The HealthSouth story surfaced there first too. Two years is a long time.

Here's just one segment from the chapter:

Enron investors were left in the dark by Enron's executives and middle-managers, their law firm Vinson & Elkins, and their auditor Arthur Andersen. Also implicated were the sell- side analysts at JP Morgan Chase, Salomon Brothers, Credit Suisse First Boston, Boston USA, Bank of America, Merrill Lynch and Lehman Brothers who may have had access to inside information (before Regulation Fair Disclosure took effect in October 2000).

Individuals in all of these key roles failed to blow the whistle. However, the one place that investors could have received indications about the mounting crisis was Enron's Yahoo! stock board. Posters to that forum, some of them company insiders, began warning of Enron's financial dealings at least two years before Ms Watkins' famous memo. In June 1999 'Bearene' wrote:

Do not confuse the multitude of Enron 'entities' as companies in the sense that each is an actual business. Many (or most) are utilized to 1) segregate discrete lines of businesses; 2) for manage- ment reporting purposes; 3) tax planning vehicles. I am sure this is not very different than any other large corporation. Enron's core businesses can still be counted on one (or two) hands.

While this post did not provide investors with a 'smoking gun' detailing Enron's usage of special-purpose entities to hide debt, it at least gave investors a topic for further research. In March 2000 'arthur86plz' gave a more specific warning: 'Dig deep behind the Enron financials and you'll see a growing mountain of off-balance sheet debt which will eventually swallow this company. There's a reason they layer so many subsidiaries and affiliates. Be careful.'

In April 2001, four months before Sherron Watkins' internal memo, when Enron was still selling in the high US$50s, 'Enron is a scam' wrote:

It will soon be revealed that Enron is nothing more than a house of cards that will implode before anyone realizes what happened. Enron has been cooking the books with smoke and mirrors. The Enron executives have been operating an elaborate con scheme that has fooled even the most sophisticated analysts. When the truth is uncovered, those analysts and ENE investors will feel like a raped school girl. The first sign of trouble will be an earnings shortfall followed by more warn- ings. Criminal charges will be brought against ENE executives for their misdeeds. Class action lawsuits will complete the demise of ENE. Get out now while you can.

I found the epilogue interesting because it mentions HealthSouth's then-CEO Richard Scrushy's attempt to sue a Yahoo! poster back in 1999, and how it backfired when she demanded that HealthSouth turn over its financial records she claimed would validate her comments on Yahoo!, truth being a defense to defamation allegations. HealthSouth's legal troubles first were publicly talked about on Yahoo!

Other allegations of financial fraud at HealthSouth poured forth in 2003, and amongst these came the real silver bullet. A cover story in The Wall Street Journal broke the news of a former HealthSouth junior-level accountant and his attempts at blowing the whistle on the company. When complaints to his ex-supervisors and to HealthSouth's auditor Ernst & Young led nowhere, Michael Vines took his information to Yahoo!'s HealthSouth board in February 2003: "What I know about the accounting at HRC will be the blow that will bring HRC to its knees", he wrote: "if discovered by the right people [this] will bring change to the accounting department at HRC if not the entire company".

The following month, the Securities and Exchange Commission filed a civil lawsuit claiming that HealthSouth had overstated earn- ings by US$1.4 billion since 1999. HealthSouth's stock crashed by 90 per cent. In April 2003, HealthSouth fired Scrushy and began searching for a new auditor.

Here's a 1999 Wall St. Journal article on Mr. Scrushy's legal efforts to shut his critics up, covering it most favorably. Bruce Fischman was Mr. Scrushy's attorney. The funny thing is, not only were all the watchdogs completely silent about HealthSouth, so was the mainstream media, according to this Forbes article from 2003, after the scandal broke:

For nearly all of Scrushy's tenure, press reports about the company were almost universally positive. In 1995, for instance, in the wake of one in a series of HealthSouth merger offers, Bloomberg News reported that then-U.S. House Speaker Newt Gingrich (R-Ga.) wanted Scrushy in Congress, and Alabama businessmen wanted him to run for governor. It quoted William Harnish, president of Forstmann Leff Associates, a money management firm with a large holding in Healthsouth, who said, "There may not be another person who has come so far and accomplished so much in corporate America." . . .

A rare, and odd, exception to the universal cheers came in 1999 when HealthSouth and Scrushy sued a rare critic for libel. Those critics were anonymous posters on Yahoo! Finance bulletin boards.

Scrushy was painted as the victim of irresponsible rumors. "Here I am, the CEO of a multibillion-dollar company, and I'm having to answer about what some weirdo has said on a message board," Scrushy lamented to The Wall Street Journal.

But at the time, Scrushy rarely had to answer to anyone else. It may have been that Scrushy went to such lengths to track down the Internet chatters because he feared any investigation by more legitimate-sounding sources would expose that their charges contained some truth, as one former HealthSouth employee, Kimberly Landry, said at the time.

Mr. Scrushy was ultimately found not guilty, after blaming the accounting fraud on the CFO. [UPDATE 2: Mr. Scrushy was indicted in October 2005 on racketeering charges and again on Dec. 12, 2005, charging him with paying off the Alabama Governor for a seat on the state health regulatory board and for wielding improper influence over the board. UPDATE 3: June 28, 2007 - Mr. Scrushy was sentenced to serve nearly 7 years in prison, was fined $150,000 and ordered to pay restitution of $267,000 to be paid to United Way of Central Alabama.] The jurors believed he was not personally involved:

"This shows that when you go after a CEO, they can put forth the best possible presumption of innocence, and there are times that defense will work," said Joshua Newberg, an associate professor of law and business ethics at the Robert H. Smith School of Business at the University of Maryland. "You don't get to be a CEO without understanding the ability to charm.". . .

HealthSouth jurors seemed more willing to accept that there was reasonable doubt about Scrushy's involvement.

Newsweek's article, "The Alpha Bloggers", lists some other stories that bloggers broke before the traditional media.

What we have here is a new and unmediated link in the information food chain. . . . All you need to start your own Weblog is the software—which is low-cost, or free, and very easy to use—and something to say. Out of the inchoate chatter of the Web, the sharpest voices simply emerge. . . . people, by a combination of writing skills, unyielding curiosity, canny instinct and lots of sweat equity, rise up from total obscurity to join the big dogs in the community. . . . Most are isolated, and there are about 100,000 that have 20 or more "inbound" links (that means that a blogger has identified an item on someone else's Weblog and set up a one-click pathway for a reader to move directly to that item on the other author's site). But about 10,000 people have more than 100 inbounds. Now we're getting into the realm of the alphas.

On a good day, the article said, alphas would have 20,000 visitors. Not to boast, but Groklaw has that many visitors for each article, and we have more than 3,500 sites linking to us. So I guess Groklaw is Uber Alpha.

: )

My point is just this: a lot of people read blogs. Millions of people. Why? Because they trust the folks whose blogs they choose to read. And millions of people like to write blogs too. Corporations may not like blogs, but all they are is customers providing you vital feedback. Had Sony listened to a word their customers have been saying, they wouldn't be in this mess.

And blogs are not going away. After tracing the Sony story, my question is, would you want them to?


  


Blogs, Customers & Sony's Rootkit | 378 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections Here, Please
Authored by: ankylosaurus on Saturday, November 12 2005 @ 04:28 AM EST
EOM.

---
The Dinosaur with a Club at the End of its Tail

[ Reply to This | # ]

OT Here
Authored by: ankylosaurus on Saturday, November 12 2005 @ 04:30 AM EST
Please remember to post clickable links using the example on the comments entry
page - and post in HTML mode.

---
The Dinosaur with a Club at the End of its Tail

[ Reply to This | # ]

Possible IP violation in the rootkit
Authored by: Anonymous on Saturday, November 12 2005 @ 05:00 AM EST
Word has it that, ironically enough, the rootkit itself might violate IP-rights
by including LGPL'ed code from the LAME project.

[ Reply to This | # ]

Lame encoder
Authored by: Anonymous on Saturday, November 12 2005 @ 05:05 AM EST
Can anyone tell me if this is accurate? If true this puts a whole new spin on Sony's view of IP protection.

[ Reply to This | # ]

Finiding smoking gun on the message boards
Authored by: Anonymous on Saturday, November 12 2005 @ 05:14 AM EST
It is true that sometimes you can find some really scoop-like material on the message boards, blogs, mailing list, etc. However, what is not mentioned here is that every single message board is full of this stuff, regardless of whether it's true or not.

It is very easy to come back after the fact, dig through the historical postings and then find someone predicting what's going to happen. It's like going back and reading what some prophet said and applying these things on that happened later. There's so much material to choose from that it's actually surprising if one didn't find any matching statements.

An example close to home, do you remember the SCO troll ont he Yahoo boards? The guy who constantly said that SCO was just about to reveal some evidence that would turn the case around? Did we do the right think when we didn't believe him? Definitely. Was he an insider? I doubt it.

The message boards and blogs are obviously interesting sources of information, but they should be taken with a healthy dose of salt. I think people are more intelligent than I thought because they seem to be doing just that.

[ Reply to This | # ]

You are very optimistic
Authored by: Chris Lingard on Saturday, November 12 2005 @ 05:42 AM EST

You are being optimistic. The big companies have a dream, and that dream is of a controlled and paying customer base. Everything will be a service, and everything will cost money.

That is why they hate bloggs. The have their paid journalists writing their bland news items. Superficial stuff that gets us to buy the latest consumer fad; your family must have this, everyone else has it. No need for skills, no need for education. You want to be a professional reporter, can you cut and paste, and read the company handouts, no need to check facts; it must be true if the company says so.

You want to listen to music, then click on the button and listen; the selection will be recorded at the download site; so that all your preferences are known. It will be so simple that everybody can use it. There will be no need for CDs, or local copies, or hard discs on your computer. Your electronic house will become a grotesque prison, where the electronic warders record every fact about you.

Football, (soccer), is already on the way; get 100 million Chinese to pay a small fee to watch Manchester United. Television is well on the way of being dumbed down by the sponsors. Have you read an interesting article in a paper recently? And the technical stuff is worst; terrible mistakes in the facts, showing that most paid reporters do not have a clue about what they are writing about.

[ Reply to This | # ]

Can't play the CD after removing the DRM?
Authored by: Anonymous on Saturday, November 12 2005 @ 05:42 AM EST
From the article: "Sony, under pressure, now provides uninstall directions,
but states that if you follow them, you can no longer play the CD you
bought."

Surely this can't be true. If I can play the CD before installing the DRM by
disabling autoplay, surely I must be able to play it after removing the DRM.

Most likely they mean you can't play the DRM'd tracks they supply on the data
part of the CD and are trying to imply that the whole CD becomes unavailable.
That means they still have not taken the hint and are still trying to mislead
their customers. Either that or they really mean it and the uninstaller leaves
something behind that still blocks access to the CD.

[ Reply to This | # ]

Microsoft 90% to blame
Authored by: Nick_UK on Saturday, November 12 2005 @ 05:45 AM EST
As I posted on /. (and got marked down as a troll, for
some reason), I blame Microsoft a lot for this issue.

Microsoft have a design of an OS that is deliberately
engineered to be obscure for the users, with hidden files,
hidden system calls, and the most nebulous idea of all -
the registry (what DO all those entries do?).

Remember the hack someone found that by changing one
registry key you could 'switch' on a NT4 client to become
a full blown NT4 server? Administrator couldn't change
this key, as it was 'watched' by a system super user
thread that changed it back again unless you used the hack
some clever person knocked up. This is one instance -
what else goes on?

Now Sony (and who else I wonder?) are starting to use the
deliberately designed obscuration techniques MS engineered
to hide stuff from their users.

I am sure this is the tip of the iceberg.

Nick

[ Reply to This | # ]

So _now_ Russinovich is a hero?
Authored by: Anonymous on Saturday, November 12 2005 @ 05:50 AM EST
Its might interesting how you change your tune PJ.

Last time Russinovichs name came up on Groklaw you were badmouthing him. Now he
is the hero of the blogging world?

http://www.groklaw.net/article.php?story=2004070213453564

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: Steve Martin on Saturday, November 12 2005 @ 06:55 AM EST

A company is in real trouble when a lawyer sets up a website dedicated to its misbehavior.

Or a paralegal ... ;)

---
"When I say something, I put my name next to it." -- Isaac Jaffee, "Sports Night"

[ Reply to This | # ]

Those "uninstall directions" are unethical
Authored by: ak on Saturday, November 12 2005 @ 07:08 AM EST
Mark Russinovich correctly writes this on his Blog:
The uninstall process Sony has put in place is on par with mainstream spyware and adware

[ Reply to This | # ]

Illiad has picked this up. :-)
Authored by: rsmith on Saturday, November 12 2005 @ 07:13 AM EST

See this comic.

---
Intellectual Property is an oxymoron.

[ Reply to This | # ]

Yahoo stock boards
Authored by: Anonymous on Saturday, November 12 2005 @ 07:25 AM EST
...Enron's Yahoo! stock board. Posters to that forum, some of them company insiders, began warning of Enron's financial dealings at least two years before...

Yes, but you can find exactly the same kind of warning on several hundred other Yahoo stock boards. In at least 95% of these cases, there is nothing unethical about corporate management. It's easy to throw mud, but often very hard to know whether the allegations are rubbish or well-founded.

To paraphrase Herb Caen - Every clod has opinions; getting the facts takes work.

[ Reply to This | # ]

I do not understand why Sony took the risk
Authored by: Anonymous on Saturday, November 12 2005 @ 07:28 AM EST
I do not understand why Sony took the risk.

Just imagine that the mechanisms in Sony´s DRM protetection approach had really
gone unnoticed for a long time, and a significant number of CDs had been
circulated.

Now enter SP3 for WinXP, or Windows Vista.

It is difficult enough to write any non-trivial application that does not break
on an OS update.

How could Sony´s programmers be confident that their secret hack, probably
relying on some incompletly documented and unsupported mechanism inside Windows,
would not wreak major havoc on the next update of the OS 90% of their customers
use ?

Just imagine the legal cost and PR disaster if WinXP/SP[n], automatically
updated overnight on 50 million customers PCs, and in some parts not beta-tested
on a great scale because it is supposed to patch a major security hole MS does
not want to draw premature attention to, is messed up beyond repair as soon as a
Sony CD is inserted ?

I can only speculate that this scheme was never intended to be used on a large
scale, but was just a trial balloon with a couple of 100.000 copies to be sold
to "Alpha Testers", just to see how it works out and what the reaction
would be.

If this is true, then there must be more trials running out there (and according
to the INQUIRER, there already is a MAC variant, too, albeit not of the
"boot sector virus"-variety).

I do not play Audio CDs on my computer, so I just take a comfy seat on the sofa,
soda and Popcorn ready, to see what comes up next.

After all, these guys aren´t labeled the "entertainment industry" for
nothing ...



[ Reply to This | # ]

NEWS and TRUST
Authored by: laitcg on Saturday, November 12 2005 @ 07:53 AM EST
"Because they trust the folks whose blogs they choose to read."
I don't think you can say it much clearer than that.

[ Reply to This | # ]

Did Sony violate the DMCA?
Authored by: rao on Saturday, November 12 2005 @ 08:14 AM EST

Does installing a rootkit involve bypassing some security mechanism on a Windows PC? If it did not then the inference would be that MS provides no security against rootkits. Could that possibly be true?

[ Reply to This | # ]

Sonymusic.com's Privacy Policy
Authored by: Steve Martin on Saturday, November 12 2005 @ 08:15 AM EST

From the Sony Music Web site's Privacy Policy:

"We try to keep the information we collect from you as current as possible, and we take steps to maintain the security of your personal information and to prevent unauthorized access to it by those who do not have a legitimate need for it."

One thought sprang to mind as I read this: just who in the entire world does Sony think has a "legitimate need" for my personal information?? Isn't that my decision?

I'm in the marked for a high-def TV this winter, and had already eliminated Sony models due to my experience with their reliability. This whole fracas just confirms my decision.

---
"When I say something, I put my name next to it." -- Isaac Jaffee, "Sports Night"

[ Reply to This | # ]

Shame that Sony did not invoke the DMCA
Authored by: Bas Burger on Saturday, November 12 2005 @ 08:40 AM EST
to get the people digging out their rootkit on it's knees.
It would have been a perfect blatant example of corporations misusing common
laws and lawmakers helping them in their persuit.

Shame...

Bas.


---
DIRECTUS ELATUS PERTINAX

[ Reply to This | # ]

Fair Use?
Authored by: Anonymous on Saturday, November 12 2005 @ 09:15 AM EST
The article says that fair use is part of the law. Can you expand on that?
What falls under fair use and what does not? I don't think I've ever heard
details about that.

BFMartin

[ Reply to This | # ]

LAME connection
Authored by: pfusco on Saturday, November 12 2005 @ 09:16 AM EST
Personally, Im waiting for The LAME Project to file suit for copywrite infringment over this.

paraphrase

"We will continue to protect our Intellectual Property Rights".

Too bad Sony has no respect for the IP rights of others given they way they hijacked LAME code.

---
only the soul matters in the end

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: Stumbles on Saturday, November 12 2005 @ 09:18 AM EST
Among all the things that bothers me about the attitude of
corporations in media as pointed out by PJ. There is one thing I do
not think is right, even if "fair warning" is given.

I sense that some how, if the CD is identified with this nefarious
code that it is acceptable. I hope that I am wrong. Under no
conditions should any company be allowed to install rootkits on my
machine, no matter what kind of fair warning is issued.

---
You can tune a piano but you can't tune a fish.

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: BobDowling on Saturday, November 12 2005 @ 09:19 AM EST

Why is there this emphasis on civil procedings? Surely Sony have committed a criminal act.

In the UK the Computer Misuse Act (1990) would seem to apply. Specifically the Unaut horised modification of computer material section would seem to apply. To excise the relevant section from the act:

3.(1) A person is guilty of an offence if—
(a) he does any act which causes an unauthorised modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge.

The following two paragraphs define the modification and requisite intent statements.

I can't see how Sony doesn't fall foul of this Act.

[ Reply to This | # ]

Adecco Sucks and other related temp-agency woes
Authored by: Ben Hildred on Saturday, November 12 2005 @ 09:25 AM EST
I recently applied to work for Adecco, a temp-agency. Included in the
application packet in addition to the usual (exploitive) background check
permession, were a couple of whompers: A nondisclosure agreement, and a
employment contract with a antideflemation clause.

It has become unfortuanatley common for employers (exspecialy temp agencys) to
include blanket imunity for third parties for purposes of background checks.
That is if you are denied employment or fired becouse a company doing a
bacground check falsley reports that you have undesirable events in your
background, you can not sue your (prospective) employer or the agency performing
the background check. I call foul!

Adecco sinks to new levels with it's anti deflemation clause. Critisism of a
company is something that is and should be protected by the first ammendment.
For a company to rotunely seek to limit cryticism of its self leads me to wonder
what real blunders they are trying to hide, and furthermore for a company to
rotunely attempt to restrict the constitutanal and legal fredoms of its employes
is most foul.

Unlike some I do not belive that nondiscloshure agrements are inherently evil,
this one comes fairly close on just a breif reading. It uses the phrase
"including but not limited to" to define confidential information, and
then procedes to list aproximatly twenty comon types of information which would
be included. This cryticisim does not pertain to HIPPA which is included
elsewhere in the contract. My question is what HIPPA or other confidential
information would a forklift opperator need? Three strikes and you are out!

There remains one way for these concerns to be swept aside: Negoation, however
Adecco has a policy requiring signing unaltered documents for employment. I
would reather do day labor.

---
It's not chicken soup for the soul; it's more like peanut butter for the mind.
-- The Famous Brett Watson

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: blacklight on Saturday, November 12 2005 @ 09:53 AM EST
Sony is in trouble: Sony will have to argue in Federal Court that a vendor's
right to prevent his copyrighted property from being pirated trumps a buyer's
right not have his property, in this case his or her computer, vandalized.


---
Know your enemies well, because that's the only way you are going to defeat
them. And know your friends even better, just in case they become your enemies.

[ Reply to This | # ]

I think I have to disagree. ( politely )
Authored by: Anonymous on Saturday, November 12 2005 @ 10:23 AM EST
"Because they trust the folks whose blogs they choose to read."

I read your blog but I do not trust you. I have seen how you operate, but that
does not stop your blog being useful to me.

Maat

[ Reply to This | # ]

corporateese
Authored by: Anonymous on Saturday, November 12 2005 @ 11:59 AM EST
"Ah, corporateese. Where do they find people willing to express themselves like that?"

PJ, here is where they get their staff, courtesy of 'Tank'

he re

an d here et sequens

Tufty

[ Reply to This | # ]

MicroEconomics 101
Authored by: Anonymous on Saturday, November 12 2005 @ 12:09 PM EST
The first rule is that you give the customer what they want. What the customer
wants in this case, is to be able to enjoy the content that they like, when they
have time, and on the platform of their choice.

The problem is that the publishing industries have excercised absolute control
over creative content for so long that they actually believe that what the
customer wants, is what they decide the customer wants.

The crux of the matter is that technology is enabling the customer to get what
they want. The publishers can; fight it, and die, accept it, and survive, or
embrace it and dominate the market. How long until Apple is the gatekeeper to
publisher's profits?

-- Alma

[ Reply to This | # ]

Wildly Offensive?
Authored by: Anonymous on Saturday, November 12 2005 @ 12:27 PM EST
Apple has just applied for a patent for "tamper resistant code" -- the very title is wildly offensive

I dont see why tamper resistant code is wildly offensive. Software patents have their problems, but whats the problem with tamper resistant code? I assume we are talking about object code and not source code (doesn't make much sense to me to talk about tamper resistant source code, although its a sad fact that all too many large projects are so poorly put together that they'll resist most attempts to tamper with their source code by blowing up at the slightest change with obscure race conditions and unexpected logic flows that are totally opaque :). BTAIM, tamper resistant object code isnt such a bad thing, stack smashers and buffer overflows would be hobbled if the object code couldn't be tampered with, amongst other benefits. Obviously if the point is to ensure your DRM code is difficult to break by making it harder to put in break points, NOPs, etc by monitoring the integrity of your code as it runs and to disable execution when debuggers are detected thats a less beneficial use of tamper resistant code - but its hardly new and has been used by security and banking software, virus writers and dongle driver writers for many years. It just doesn't seem offensive to me.

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: Anonymous on Saturday, November 12 2005 @ 12:51 PM EST
As of Thursday (link goes to Yahoo article), Sopho s (link goes to Sophos' article) has detected a trojan that utilizes the hiding mechanism that Sony implemented in their rootkit. And, of course, this is just the tip of the iceberg. I wouldn't be surprised if "better" virii / trojans are released in the near future. So, that has me wondering. If someone's computer gets hosed up enough by a virus or trojan that uses Sony's rootkit as an entry point, can Sony be held liable for damages at all?

[ Reply to This | # ]

Corporateese
Authored by: Anonymous on Saturday, November 12 2005 @ 12:55 PM EST
Ah, corporateese. Where do they find people willing to express themselves like that? And where do you go to learn how to do it? Words crafted to hide your true meaning.

I believe that there is an answer to this question but I am as unable to give the answer as PJ herself. My question is: do such words actually hide the truth? Is anyone actually taken in by them in the sense of accepting them as being the true answer to the question? Or do they, like me, look at the corporateese and think: what does this actually mean?

I ask myself what would happen if I substituted a word with the opposite meaning - does Constitutional Club mean that it is distinguishing itself from other, unconstitutional, clubs? Or does a High Class Butcher want to avoid confusion with those that advertise themselves as Low Class?

When I see an advertisment showing a young lady with long flowing blonde hair in the passenger seat of an open top sports car, I remind myself of the purpose of the advertisement, which is, to make the car manufacturer think that he is going to sell more cars by making his customers think that they are going to attract a female of said description into the passenger seat - thereby causing the advertising company to get more business (which is the real purpose of the advertisment).

I ask myself: are the words euphemisms to avoid actually having to use embarrassing words, for instance, I am sorry but your dog ran out in front of me and I could not stop in time (Google for: humourous insurance claim quotations). Alternatively, are the words just space fillers; is it any less informative if I substitute blah blah blah? Hint: the words actually used may be completely relevant to the topic but, if they do not add information, they are blah blah blah.

So lets look at the real thing:

"As a precautionary measure [could mean precaution against, getting sued, losing business, or unwanted pregnancy; most likely to mean precaution against all the nasty things people are saying about us] Sony BMG is temporarily [could mean any length of time, but probably means until all the this nasty business blows over] suspending the manufacture [but we will continue to sell all those we have already made] of CDs containing XCP technology [technology is used here as a euphemism for excrement]," it said in a statement. . . .

"We also intend to re-examine [intend to desparately seek a way out of this mess] all aspects of our content protection initiative [however you look at it, this cess-pit is of our own digging and was done without reference to any industry standards regarding good practise] to be sure that it continues [hoping for better luck next time] to meet our goals of security and ease of consumer use," Sony BMG added. . . .

Sony BMG said it stands by content protection technology "as an important tool [a method of enabling us to invoke the DMCA] to protect our intellectual property rights and those of our artists [those of our artists means: those that they have signed away].

Easy to decipher but it must take some sort of twisted mind to create the stuff initially. Why does someone get paid for this while I remain (since Friday) an unemployed geek and groklawian?

Alan(UK)

[ Reply to This | # ]

stop planting rootkits
Authored by: Anonymous on Saturday, November 12 2005 @ 01:02 PM EST
As far as I understand
"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology," it said in a statement...
could mean that they do not manufacture the discs, but as soon as nobody will be looking, they'll manufacture them again, as before. In between I've not seen that they will manufacture CDs with the same titles but without malware and they did not ask their distributors to stop selling them.

If I'm right, I don't call that "stopping planting rootkits" but "stopping temporarily manufacturing rootkits".

Just my 2¢

Loïc

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: Anonymous on Saturday, November 12 2005 @ 01:15 PM EST
I imagine that installing rootkits would be a criminal act in several countries.
And what happens if a government employee inserts a Sony CD into a computer
"at the office"? Who is responsible the compromise of the government
machine in that case?

[ Reply to This | # ]

NEW early lessons in life.
Authored by: J.F. on Saturday, November 12 2005 @ 01:57 PM EST
"They prefer to criminalize normal human behavior -- wasn't it your Mommy
who taught you to share?"



I can see it now...

"TOMMY! Did you share your toys with Bobby?!"

"Yes."

"Well, we'll see how you feel about sharing after five years in the
juvenile detention center!"

Goons drag off Tommy.

"As for YOU, Bobby, we're going to take all your toys and allowance and
treats for the next TEN YEARS for playing with a toy that wasn't yours!"

[ Reply to This | # ]

Thanks, Sony
Authored by: sward on Saturday, November 12 2005 @ 02:36 PM EST
We owe Sony/BMG a vote of thanks for stepping so plainly over the line into
unethical (and probably illegal) behavior in this fiasco. The small firestorm
this stirred up will serve two useful purposes:

1) It will serve as an object lesson to discourage other record (and movie, and
software) companies from following the same path. Unfortunately, on past
behavior, most of them won't be able to take the hint.

2) It will ensure that new "content protection" measures (on all
media, but especially on Sony's) attract more scrutiny from customers, privacy
advocates, security researchers, and (hopefully) the mainstream press. Throwing
daylight upon the problem is the best response to these cockroaches.

If this case had been more in the grey areas, it would not be attracting nearly
as much attention and outrage.

[ Reply to This | # ]

  • Thanks, Sony - Authored by: Anonymous on Saturday, November 12 2005 @ 05:34 PM EST
  • Thanks, Sony - Authored by: nuthead on Sunday, November 13 2005 @ 11:30 AM EST
Blogs, Customers & Sony's Rootkit
Authored by: Anonymous on Saturday, November 12 2005 @ 03:06 PM EST
Thomas Hesse, said that "most people, I think, don't even know what a
rootkit is, so why should they care about it?" But one blogger did notice
and he told the rest of us, and we do care.
Citizens of Nagasaki didn't know anything about Nuclear Kits either but believe
me they did care or would have cared.

[ Reply to This | # ]

How do you become a successful small company?
Authored by: Anonymous on Saturday, November 12 2005 @ 04:09 PM EST
  1. Start off as a successful large company
  2. Do something dumb that annoys a lot of customers
  3. When they complain, brazen it out and explain they don't understand
  4. Fail to apologize, fail to learn
  5. Lose the dumb managers when revenues vanish, taking bonuses with them
  6. Take a few years learning to make customers happy
  7. Profit!

[ Reply to This | # ]

The bigger dimension in DRM to be thought about ...
Authored by: AJWinterer on Saturday, November 12 2005 @ 04:36 PM EST
After reading this article I took some minutes to think a
bit more about the effects of DRM. The "Sony rootkit
scandal" is only one short term aspect of DRM, the
proverbial peak of the iceberg. But on a longer time scale
there are other hazards for us consumers!

Everyone who is younger than about 25 years takes it for
granted that music is delivered on a CD. The ones among us
who are older know that music once came on black vinyl
discs (singles and later long play) or even on shellac
discs (the hard and brittle predecessors of the vinyl
discs). With the good old record player it is no problem
the play all the old discs that have been produced 30, 40,
50 or even more years in the past. Just put the the
"medium" on the turntable and start the player and you can
listen to the music, listen to history of art!

With the CD this kind of cultural heritage works just a
fine as long as the CD is no DRM crippled CD. You can take
any CD from 1980 and play them on any CD drive (your high
class stero in the living room, your desktop computer,
your car stereo, your notebook or whatever you have as a
CD player). All you need to do is put the CD into the
player and it plays. It does not mattern how old the CD is
and how new the player.

It does not matter what kind of OS (operating system, for
non-computer folks) and version of OS you use. You just
need to insert the CD to get the music played. This is the
way the media were designed to be in the first place.
Standards had been defined to guarantee this kind of
interoperability.

Therefore it made sense to invest into (audio) media. If
you bought your favourite music, it was there to last for
a lifetime, even for your heirs. You could play these
media even after decades, introduce your children to what
you liked.

All this changed with DRM media (DRM crippled audio CDs,
but also the new HD-DVDs, Blue Ray Discs, HDMI ...). As
long as you have the "key" to the medium, that is the
software or hardware player, you will be able to listen to
the music or watch the movies. But what happens if you do
no longer have this "key" (be it a special hardware or
software) after some years? Look at how fast the industry
changes the "standards" now!

You get a little taste of this if you have a brand new car
stereo which has a CD player that does not play some of
the DRM audio CDs. This happens because some manufacturers
of car stereos use computer (notebook) drives for price or
size advantages. These "CD-ROM" drives do not play all
types of crippled DRM CDs.

So, let us assume that you are a "good customer" as the
entertainment industry defines it and you buy a lot of DRM
audio/video media now. What will happen to you in a few
years after the hardware and software changed to new
versions/standards? The "key" to your DRM media no longer
fits the "lock" in the DRM media! You will not be able to
listen to your music or watch your movie because there are
no long term standards for DRM!

The consumers (your!) investments are destroyed by the
entertainment industry!

Or to put it into plain words: The entertainment industry
forcibly takes away the assets you bought with your money!

Have you ever heard the entertainment industry spelling
out a guarantee that you will be able to play your DRM
media in 30 or 50 years?!?! Our children will have the DRM
media with the cultural heritage of our days in their
hands but they will not be able to witness the music or
movies we liked in our days because the content is no
longer accessible then as it is locked into DRM methods
that no longer work for them.

The conclusion in my opinion is:
DRM is the "digital alzheimer", destroying all the
recordings by making them unuseable. Our time will be the
dark ages of the future, because no one will be able to
access the contents on the DRM media from our days.

To be fair I'd like to point out that I did not invent the
term "digital alzheimer". But I thought it to be
appropriate here.


---
Never trust a smiling cat.

[ Reply to This | # ]

Lost Sales Are The Music Companys' Fault
Authored by: Prototrm on Saturday, November 12 2005 @ 04:57 PM EST
The music companies claim their lost sales are due to piracy. Well, yes and no,
but bottom-line is it's their fault, not ours.

Simply put, somewhere back in the 1980's, the music companies saw that their
demographics were getting older, and they wanted a younger audience, so they
started pushing both new and established pop acts aside in favor of Rap,
Hip-Hop, etc., largely abandoning the Baby Boomer generation. The goal seemed
reasonable: create a new generation of music that annoyed the Baby Boomers, and
thus would attract a younger crowd of rebels. Hey, it worked in the 50's with
Rock & Roll, didn't it?

Only one problem with that: kids don't buy music. When my friends and I were
kids, we taped it off the radio, and borrowed record albums from each other to
tape record, and so forth. Why? We didn't have the money to buy them. Then, when
we did have money, we didn't want to blow it all on music so we went to
second-hand record shops, or dug through the 99 cent bin at Sam Goody's or
Sears. The only people who bought lots of new records were older, and they often
had different taste in music than we did.

Today's kids are no different from ourselves at that age, it's just that their
source of music is different from ours. But *this* time, the record companies
have gone out of their way to severely reduce the number of music acts that
appeal to the *paying customers*

Oh, they also eliminated the cheap singles market when they eliminated the 45RPM
record. Nobody's going to buy a ton of singles casettes, or overpriced
mini-CD's, not like we did when we grabbed a dozen singles (with a second song
on side 2, I might add) of our favorite songs. We didn't do it often (and when
we did, we shared).

Having said that, I still have my collection of over 1200 vinyl record albums in
my garage, left over from my years as a dedicated music customer. When CD's came
out, I tried to replace each of those albums with the CD (I still can't find
them all), and now have a sizable collection of those as well.

It's been 6 years since I've bought a CD (and that was a Japanese import of an
old recording by the group America -- LOL), not because I can't afford it, but
because I don't like any of the music enough to do so. The companies don't want
me as a customer, it seems. Instead, they want the people who *don't buy
anything in the first place*! Don't get me wrong, there are exceptions. Lots of
kids buy music. But if you build your business depending on that age bracket,
you're going to go broke sooner or later.

1. Take gun
2. Aim at big toe
3. Pull trigger
4. Complain that your foot hurts
5. Sue the nearest 12-year-old for Pain and Suffering.

Give me a break, guys!

[ Reply to This | # ]

Blogs, Customers & Sony's Rootkit
Authored by: LarryVance on Saturday, November 12 2005 @ 05:45 PM EST
Ah, corporateese. Where do they find people willing to express themselves like that? And where do you go to learn how to do it? Words crafted to hide your true meaning.

A law firm and LAW SCHOOL!

---
http://allstateinsurancesucks.com/

[ Reply to This | # ]

Amazing what they don't say...
Authored by: Anonymous on Saturday, November 12 2005 @ 05:47 PM EST
"We also intend to re-examine all aspects of our content protection
initiative to be sure that it continues to meet our goals of security and ease
of consumer use," Sony BMG added."

So it meets "OUR" goals, but no mention of "the law",
"ethical considerations" etc...

"Sony BMG said it stands by content protection technology "as an
important tool to protect our intellectual property rights and those of our
artists."

No mention of the rights of the consumer, and judging by some of the reponses
already out from artists, they weren't asked about it at all.

[ Reply to This | # ]

    Blogs, Customers & Sony's Rootkit
    Authored by: Anonymous on Saturday, November 12 2005 @ 06:55 PM EST
    I seem to recall that there's some issues w/ a "shield"
    law coverage of bloggers-- which means, in some ways,
    that those who want to "manage the message" (because they
    have the money for the presses, which means they have an
    interest in maintaining their cashflow and "interests")
    would like bloggers to go away.

    The problem w/ the "freedom of the press" is that many
    want that to only be for those with the money to *HAVE* a
    press.

    I suspect that one of the main problems the mainstream
    media have is that they get dragged into stories a
    publisher might not like to see exposed because it would
    impact the publisher's friends or their own income
    directly.

    Sadly, there have been enough stories where a publisher
    can't cope with their own "conflict of interest" and will
    want a story to fade away.

    (sighs)

    [ Reply to This | # ]

    New Act for SONY?
    Authored by: Fogey on Saturday, November 12 2005 @ 07:26 PM EST
    I wasn't going to do this, but I just can't help myself. This whole kerfuffle
    made me get a mental picture of a bunch of record company executives, dressed up
    like the Village People, loudly singing:

    *to the tune of YMCA*

    Fat Cat, are your CD sales down?
    I said, Fat Cat, that's no reason to frown.
    I said, Fat Cat, turn your profits around!
    There's no need to be unhappy.

    Fat Cat, there's this thing you can get.
    I said, Fat Cat, it is called a "root kit."
    If you use it, then I'm sure you will find
    A brand new business paradigm.

    *THUMP*THUMP*THUMP*THUMP*THUMP*

    Make 'em pay with the D-M-C-A!
    Make 'em pay with the D-M-C-A!

    It has every cool trick for you to employ.
    You get total control of your customers' toys...

    Make 'em pay with the D-M-C-A!
    Make 'em pay with the D-M-C-A!

    Once the Trojan is in, (and that's easy to do,)
    You can do any-thing you want to...

    This is NOT a pretty picture!

    ---
    Old age and treachery ALWAYS
    beats Youth and enthusiasm!

    [ Reply to This | # ]

    Blogs, Customers & Sony's Rootkit
    Authored by: Anonymous on Saturday, November 12 2005 @ 07:35 PM EST
    "most people, I think, don't even know what a rootkit is"

    With all the coverage this story has received, I bet a lot more people now know
    what a rootkit is.

    [ Reply to This | # ]

    Its about time Sony got a taste of the draconian IP laws that big companies always want
    Authored by: Anonymous on Saturday, November 12 2005 @ 07:38 PM EST

    If you read the link provided its blatantly obvious that Sony used the Lame
    encoder without following its license restrictions.

    I believe that in America you can sue for up to $150,000 for EACH copyright
    violation.

    How many infected CDs have Sony sold?

    The copyright holder for Lame should CASH IN. IF I WAS HIM I WOULD TAKE THIS
    OPPORTUNITY TO EXTRACT A COUPLE OF MILLION FROM SONY!

    I'm sure he could find a lawyer willing to take on the case purely on taking a %
    of the settlement / judgement. The evidence is undeniable.... Lame strings
    within the executable.

    If I went to the effort of writing the Lame encoder, I would NOT waste my
    realistic chance to collect a million dollars.

    It would teach Sony a lesson and in future they may think twice about proposing
    draconian IP laws.


    [ Reply to This | # ]

    It didn't take long...
    Authored by: DaveJakeman on Saturday, November 12 2005 @ 08:53 PM EST

    ...for my prediction to come true.

    ---
    Should one hear an accusation, first look to see how it might be levelled at the accuser.

    [ Reply to This | # ]

    RIAA & MPAA + root kit
    Authored by: Anonymous on Saturday, November 12 2005 @ 08:55 PM EST
    I am not a lawyer and know little of law except what I
    read on Groklaw.

    I seem to recall it being mentioned here that if some was
    suing someone else over an action and the person doing the
    suing had unclean hands that the case became mote.

    With soney installing root kit doesn't mean that Sony has
    unclean hands on RIAA and MPAA issues so wouldn that mean
    that some very interesting results should be expected from
    suits these organizations have filed?

    [ Reply to This | # ]

    Next week could be much worse for Sony.
    Authored by: Anonymous on Saturday, November 12 2005 @ 09:50 PM EST

    The DRM fiasco has been the subject of much tech discussion since the beginning of November.

    It feels like old hat.

    The mainstream media only began to pick up on it last week, but on Thursday, Friday and this weekend I haven't seen the story count on Googles front page go below 500.

    All the regional newspapers have covered the story and the radio. I heard today a local station asking their listeners to contact them if they'd had any problems with their computer since playing a Sony DRMd CD.

    It's already apparent from the web that some individuals and some corporate networks have had problems they can now attribute to Sony DRM.

    Wait until the bulk of humanity checks out the cause of their mysterious BSOD's over the next week.

    Brian S.

    [ Reply to This | # ]

    Microsoft: Et tu, brute? or, the Pot and the Kettle
    Authored by: Anonymous on Saturday, November 12 2005 @ 10:24 PM EST

    Microsoft has solemnly (if not unctiously) announced that THEIR antispyware program will start removing the Sony Rootkit: See http://www.eweek.com/article2/0,1895,1886122,00.asp . I don't know how to read this. Theory #:1 Microsoft has been looking to get even with Sony for not licensing Microsoft DRM--and for fighting so hard for the anti-computer DRM in the new "non-CD optical disk formats," and this is their chance to fire a warning shot into the bridge of the good ship "Sony IP (International Pirate) Queen". And this was their chance. Theory #2: Monkey-boy has been hurling chairs all over the Microsoft boardrooms constantly since this powder keg exploded. "Curs'em for a scurvy dog, may davy jones have their liver and giblets. And curs'ee for an impotent luzer if I don't blast their sails to kingdom come and halfway back! Y'see, maties, jis' when we war gitting folks all used to this DRM pirate-tax on every bottom on the seven sees, doin' it right subtle-like, that incompentate bandit comes along and tries it right out in the open! Now every navvy in his right mind is going to be gunnin' for ALL IPs, and do you think, maties, do you think for a moment that they'll avast after the Sony laddies dance the high dance on the dockyard scaffold? Curs'em for idjits, I say, and curs'em for crossing Bigeye Gates, and curs'em for humiliatin' the Bald Balmer, and curs'em for hijackin' cargoes that be ours by rights, and curs'em for idjits again!" I do not know that these two theories are mutually exclusive. But Microsoft never produced a product I couldn't live better and happier without, and I used to buy Sony products willingly. (And I'll miss them: they had a world-class classical music catalog. But I'll do without. Self-respect with freedom is worth something.) So this isn't pot calling kettle black. This is MS as Sauron: angry because someone else is offering his wannabe-wraiths cheaper rings of power.

    [ Reply to This | # ]

    Blogs, Customers & Sony's Rootkit
    Authored by: Jhimbo on Sunday, November 13 2005 @ 03:02 AM EST
    I am very disappointed by Sony's actions. I own some Sony equipment, which has worked well, and provided me with a lot of pleasure. In the light of this controversy, I shall think very carefully before buying any more of their products.

    My opinion is that their behaviour in this shows a lack of respect for their customers that is highlighted by some of the language in the "End User Licence Agreement" apparently distributed with their CDs, language that I find distasteful and unneccessarily restrictive.

    --
    Jhimbo

    [ Reply to This | # ]

    Proving GPL in court
    Authored by: Anonymous on Sunday, November 13 2005 @ 06:23 PM EST
    [UPDATE: There is now an allegation of possible copyright violation, in that LGPL code may have been used in the rootkit, without Sony abiding by the terms of that license. ]

    Now wouldn't it be grand if we used Sony to prove validity of (L)GPL in court? Two birds with one stone: lots of money for the project in question and getting rid of lame (pun inteded :-) arguments from DW ;-)

    [ Reply to This | # ]

    It's not a rootkit
    Authored by: Anonymous on Sunday, November 13 2005 @ 07:04 PM EST
    It's an Administratorkit. There is no root in Windows.

    [ Reply to This | # ]

    Lame tables, but no code.
    Authored by: lamare on Monday, November 14 2005 @ 08:29 AM EST
    Muzzy published some more details on de DRM stuff on his site:

    http://hack.fi/~muzzy/sony-drm/

    Amongst others, there's a link to a further analysis:

    http://www.the-interweb.com/serendipity/index.php?/archives/51-Is-Sony-in-violat
    ion-of-the-LGPL.html

    It turns out a whole lotta data from LAME can be found in the DRM executable
    "go.exe":

    http://the-interweb.com/bdump/misc/tables.txt

    I would say that proves that the lame library has indeed been linked with the
    "go.exe" library.

    What's really remarkable is that all these tables can be found in the
    executable, but none of them seems to be used by any code and so far, also no
    lame code has been found.

    This can mean two things:

    1. The code is there, but for one reason or another it has not been found. This
    could happen for example if the binary code compared came from a compiler that
    produced different code.

    2. The code is really not there. That would mean they *accidently* linked with
    the lame library, without ever using it!

    That would also raise some interesting questions. Because, after all, the tables
    *are* there and they originate from LGPLed sources. Would that be enough?

    Could Sony be forced to open up their code because they used LGPLed tables in
    their code?

    [ Reply to This | # ]

    Blogs, Customers & Sony's Rootkit
    Authored by: Anonymous on Monday, November 14 2005 @ 08:31 AM EST
    I wonder how many music thieves Sony just created with this fiasco.

    I hope they face an endless pile of lawsuits and go out of business.

    they need to made an example of -

    why isn't senator hatch speaking out on this? where is he?
    is sony going to come up on capital hill. come on government where are you when
    your citizens need you.
    I guess you are just finally responding to new orleans.

    But keep those baseball steroid hearings going. That's what we all need because
    we all have kids that can play major league baseball.

    [ Reply to This | # ]

    Blogs, Customers & Sony's Rootkit
    Authored by: Yossarian on Monday, November 14 2005 @ 04:30 PM EST
    > There is now an allegation of possible copyright
    >violation, in that LGPL code may have been used in the
    >rootkit, without Sony abiding by the terms of that license.

    It seems like Sony had to burn the copyrights law
    in order to save it...

    [ Reply to This | # ]

    our goals of security and ease of consumer use
    Authored by: GLJason on Monday, November 14 2005 @ 05:51 PM EST
    LOL, that is about the funniest thing I've seen in a while. I wouldn't think
    "ease of consumer use" was even on their list...

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )