iminplaya writes with a link to an excellent article at Ars Technica, extracting from it a few choice nuggets: "The bad dream of DRM continues. Yahoo e-mailed its Yahoo! Music Store customers yesterday, telling them it will be closing for good — and the company will take its DRM license key servers offline on September 30, 2008. Sure, it's bad news and yet another example of the sheer lobotomized brain-deadness that has characterized music DRM, but the reaction of most music fans will be: 'Yahoo had an online music store?'... DRM makes things harder for legal users; it creates hassles that illegal users won't deal with; it (often) prevents cross-platform compatibility and movement between devices. In what possible world was that a good strategy for building up the nascent digital download market? The only possible rationales could be 1) to control piracy (which, obviously, it has had no effect on, thanks to the CD and the fact that most DRM is broken) or 2) to nickel-and-dime consumers into accepting a new pay-for-use regime that sees moving tracks from CD to computer to MP3 player as a 'privilege' to be monetized."

snydeq writes "InfoWorld's Tom Yager takes a closer look at Apple's iPhone SDK confidentiality agreement, which restricts developers from discussing the SDK or exchanging ideas with others, thereby leaving no room for forums, newsgroups, open source projects, tutorials, magazine articles, users' groups, or books. But because anyone is free to obtain the iPhone SDK by signing up for it, Apple is essentially branding publicly available information as confidential. This 'puzzling contradiction' is the 'antithesis of the developer-friendly Apple Developer Connection' on which the iPhone SDK program is based, Yager contends. 'You'll see arguments from armchair legal analysts that the iPhone developer Agreements won't stand up in court — but those analysts certainly won't stand up in court on your behalf.' Anyone planning to launch an iPhone forum or open source project should have 'a lawyer draft your request for exemption, and make sure that the Apple staffer granting it personally commits to status as authorized to approve exceptions to the iPhone Registered Developer and iPhone SDK Agreements,' Yager warns."

PoliTech notes in a journal entry that "Vista is the gift that just keeps on giving." "Speaking during SanDisk's second-quarter earnings conference call, Chairman and [CEO] Eli Harari said that Windows Vista will present a special challenge for solid state drive makers. 'As soon as you get into Vista applications in notebook and desktop, you start running into very demanding applications because Vista is not optimized for flash memory solid state disk,' he said... 'The next generation controllers need to basically compensate for Vista shortfalls,' he said. 'Unfortunately, (SSDs) performance in the Vista environment falls short of what the market really needs and that is why we need to develop the next generation, which we'll start sampling end of this year, early next year.' Harari said this challenge alone is putting SanDisk behind schedule. "We have very good internal controller technology... That said, I'd say that we are now behind because we did not fully understand, frankly, the limitations in the Vista environment.'"

An anonymous reader writes "Reverse engineering expert Halver Flake has recently mused on Dan Kaminsky's DNS vulnerability. Apparently his musings were close enough to the mark to cause one of the Matasano team, who apparently already knew of the attack, to publish the details on the Matasano blog in a post entitled 'Reliable DNS Forgery in 2008.' The blog post has since been pulled, but evidence of it exists on Google and elsewhere. It appears only a matter of time now before the full details leak." Reader Time out contributes a link to coverage on ZDNet as well.

PainMeds writes "iPhone Atlas is reporting that the first jailbreak for the iPhone 3G has been released, and includes the popular Cydia community installer for distributing free games and applications. Since Apple's SDK was released, web sites have criticized Apple for the restrictions placed on both what developers could write and what APIs they were allowed to use. Others have noted the SDK's incompatibility with the GPL. The Cydia installer has provided a distribution channel for both open source software and software that would otherwise be impossible to build using the restricted SDK. A few applications are already out, including MobileTerminal and NES.app, a Nintendo game console emulator. In just over a week, open development is finally here for the iPhone 3G!"

Ariastis writes "UbiSoft has long been against No-CD patches. Referring to them on their forums would get you warned or banned. But now, they have just officially released a patch for Rainbow 6: Vegas 2, which, when opened in a hex editor, can easily be identified as coming from the RELOADED scene group, not from UbiSoft programmers. A picture of hex analysis is shown in the story. See? Piracy isn't that bad! It saves you from having to code fixes for your own games! (Watch the drama on the Ubi Forums before it gets scrubbed clean.)"

trainman writes "With the release of Firefox 3, those who have been using self-signed certificates for SSL now face a huge issue — the big, scary warning FF3 issues which is very unintuitive for non-technical users. It seems Firefox is pushing more websites in to the monopolistic arms of companies such as Verisign. For smaller, especially non-profit groups, which will never have issues with domain typo scammers, this adds an extra and difficult-to-swallow cost. Does a service such as this need the same level of scrutiny and cost since all that is being done is verifying domain and certificate match? This extra hand holding adds a tremendous cost and allows monopolistic companies such as Verisign to thrive. Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?"

ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."

I Don't Believe in Imaginary Property writes "Malware writers have been obfuscating their JavaScript exploit code for a long time now and SANS is reporting that they've come up with some new tricks. While early obfuscations were easy enough to undo by changing eval() to alert(), they soon shifted to clever use of arguments.callee() in a simple cipher to block it. Worse, now they're using document.referrer, document.location, and location.href to make site-specific versions, too. But SANS managed to stop all that with an 8-line patch to SpiderMonkey that prints out any arguments to eval() before executing them. It seems that malware writers still haven't internalized the lesson of DRM — if my computer can access something in plaintext, I can too."

cliffski raises some questions about the need for game developers to have some amount of data from the users who play their games. He says, "PC Games connecting to a central server to send information (outside of MMOs) have gotten a (deserved) bad reputation in recent years. The huge outcry about Mass Effect and Spore are evidence enough of that. But in gamers' hurry to prevent intrusive DRM systems and dubious privacy-breaking data harvesting, are we throwing out the good with the bad?" Clearly, some aspects of games could be improved by having a better knowledge of average PC specs or knowing which parts of the games are more entertaining to the users. Input from customers helps to improve almost any product, as indicated by the usage of countless surveys and focus groups. But where do we draw the line between being inquisitive and being intrusive? What can game developers do to prove that the collection techniques or the data themselves wouldn't be abused?

dch24 was one of many who noted that the iPhone 2.0 software has already been unlocked writes "If you were wondering how I was doing push email tests on iPhone OS 2.0 and Vodafone UK, this is the reason why. The code wizard commandos at the iPhone Dev Team have been working on this non-stop since the early days of beta testing. In fact, I had iPhone OS 2.0 running on my iPhone since last week. That was version 5A345, two below 5A347, but identical in functionality." Still no word on an iPhone 3G crack.

RCTrucker7 writes with a link to a Maximum PC story, which begins: "Details of Dell's surreptitious collusion with RIAA (Record Industry Association of America) have emerged. Apparently, the computer manufacturer disabled the Stereo Mix/Mono Mix/Wave Out sound recording function on certain notebooks to assuage RIAA. The hardware functionality is being disabled without any prior notice and one blogger has even alleged that he was asked by Dell's customer support staff to [shell] out $99 if he desired the stereo mix option. Gateway and Pac Bell are the other two manufacturers to have bowed to RIAA at the expense of their customers' satisfaction and disabled stereo mix without warning." (There are some workarounds posted in the comments of the linked article.)

christ, jesus H writes "PC gaming may not be dying, but it is in a state of flux. We're seeing developers and publishers blaming piracy for all the ills of PC gaming, but attempts to rein in pirates with the help of DRM only annoys and mobilizes the legitimate customers of your games. The solution? According to David Perry of Shiny Games, PC games are going to be free." (And if anyone has a favorite replacement term for "piracy," in the context of electronic copyright violation, please suggest it below.)

andrewsavikas writes "Starting in July, O'Reilly Media will pilot select books as DRM-free ebook bundles (PDF, EPUB, and Kindle-compatible Mobipocket) priced at or below the cover price of the book. David Pogue comments on the pilot in the wake of his own recent dustup about ebooks and piracy, covered previously on Slashdot."

snydeq writes "InfoWorld's Tom Yager offers insight on how digital TV is rapidly heading toward the kind of lockdown that entertainment and broadcast lobbies desire for the Internet. Standards such as HDMI and HDCP are acting in concert to strip your equipment of its functionality, displaying 'incompatibility' messages when plugged into older HDMI-enabled devices, shutting down analog outputs when active, and requiring balky handshake credentials that force many consumers to reboot their TVs to recover permission to watch them. Even broadcast flagging, which has been overturned by the Court of Appeals, is still on the de-facto table, as the entertainment lobby retains the power to bully technology companies into baking broadcast flagging into their wares. Sure, digital TV has far fewer points of origin than the Internet and is therefore easier to control, but, as Yager writes, 'Internet rights restrictions come through your telecommunications equipment' — and it is likely through that equipment that the entertainment and broadcast lobbies will chip away at your rights on the Web."

An anonymous reader writes "There was some discussion last month about the proposed DRM for Mass Effect and Spore that required the game to phone home every ten days. They backed down from that, but have left in that a user is only allowed 3 activations per license key. A license key is burned up when the O/S is reinstalled, when certain hardware is upgraded (EA refuses to disclose specifics of what), and possibly when a new user is set up in Windows. Only in its first month, some users are already locked out of their games from trying troubleshooting techniques to get the game running."

Slashdot contributor Bennett Haselton has written in with a tale of media rippers and corporate giants "In 2001 RealNetworks sued and blocked Streambox from distributing the Ripper, a program that let users rip and save RealAudio and RealVideo streams even if the stream contained a proprietary "do not copy" flag. Then one year ago this month, RealNetworks caused a stir by releasing a beta of RealPlayer 11 that similarly let the user record and save streams from sites like YouTube and Pandora. YouTube rippers and the like had existed before, but this was the first time a major company had included a stream ripper in its media player. And while RealPlayer 11 didn't explicitly ignore any copy protection flags, the release still provoked legal rumblings: in a Variety article by Scott Kirsner, an anonymous network exec said accused RealNetworks of 'aiding and abetting piracy' and said that they would 'more likely than not' take action against RealNetworks. But now that the feature has stayed in RealPlayer for a year, its real impact will be not on piracy but on the perceived legitimacy of ripping programs. The corporate behemoth, raked over the coals in the past for privacy violations and nuisance-ware, strikes a blow for free-culture hackers." The rest of Bennett's essay is available by following that magical link right below these words.

shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."

Bruce Perens writes "Ari Jaaski of Nokia is concerned that the Linux developers need to learn to live with DRM, SIM-locking, and 'IPR'. But they won't. Fortunately, Nokia can do all that it wants with Linux, while being GPL2 and even GPL3-compatible. The key is knowing how to draw bright lines between different parts of the system. That's a legal term, and in this case it means a line between the Free Software and the rest of the system, that is 'bright' in that the two pieces are very well separated, and there is no dispute that one could be a derivative work of the other, or infringes on the other in any way. All of the Free Software goes on one side of that line, and all of the lock-down stuff on the other side." A very interesting read, and a good how-to for any company that is looking to use GPLed code as part of their products, or even just make their products to be hacker-friendly.

Stony Stevenson brings news from Rice University about designing integrated circuits with multiple distinct identities, which could be used in new types of hardware-based DRM, among other things. From the news release: "'With "n-variant" integrated circuits, it is possible to design portable media players that are inherently unique,' said Farinaz Koushanfar, assistant professor of electrical and computer engineering at Rice and principal investigator on the project. 'New methods of digital rights management can be built upon such devices. For example, media files can be made such that they only run on a certain variant and cannot be played by another.' Koushanfar said content providers could also use n-variant chips to sell metered access to software, music or movies because the chips can be programmed to switch from one variant to another at a particular time or after a file has been accessed a certain number of times."