We have met the enemy and he is us: Why current DRM is doomed from birth

Despite the best efforts of a lot of intelligent people in the content distribution business, pirates continue to break new DRM schemes. While the debate on whether DRM is a good thing or not is both heated and has been going on for a long time, there is a more fundamental problem with basically all DRM schemes, and it is this problem that allows them to be broken: DRM is based on the principle of encrypting the content to be protected in a way that ensures that only legitimate consumers may access it.


Cryptography is “…the practice and study of techniques for secure communication in the presence of third parties…” (Wikipedia). In common cryptography, there are three parties: A sender, a receiver and an adversary. The two first parties want to exchange a message without the third party. But in DRM, there are only two parties: A content rights owner and a content consumer. The first can be thought of as the sender in the chryptographic world. The rights owner wants to transmit a piece of content to a consumer in a way that ensures that noone but the consumer is able to access the content. The consumer can be thought of as the receiver. They want to access the content. Incidentally, most consumers don’t really care about keeping the content secret from everyone else.

By using cryptography to ensure that the content cannot be shared, the content rights owner must also make sure that the intended receiver can access the content. This means that the consumer must be given the means to decrypt the message. In some DRM schemes, this can be achieved through dedicated hardware, such as the Kindle ebook reader from Amazon, or even early DVD players (before the DRM on DVDs were broken, that is). In other shcemes, it is merely a piece of software, such as iTunes from Apple.

But we’re missing the adversary from the chryptographic world. And the problem is that the content consumer may act as the adversary. In the perfect world, the consumer would respect the rights of the content rights owner, but in reality, the consumer might want to share the content with a close friend (or everyone on the internet). This is what DRM is intented to prevent, but it is in this scenario that the critical flaw of DRM is revealed: The adversary is now the consumer, and consequently knows how to decrypt the message. And while this is certainly a flaw in the protocol, it is there by design.

Breaking DRM

Even in situations where a direct digital copy of the content isn’t immediately available, everyone (born before 2000) would still be able to make a copy of a piece of DRM-protected music throug the use of a casette tape recorder. This copy will not have the same digital quality as the source, and some would argue that the DRM isn’t really broken, as a perfect copy hasn’t been made, but the fact remains that the content sought to be copy-protected has been copied.

But even if we only consider perfect digital copies to be a breach of DRM, there is still a giant problem. Cryptography for the sake of keeping something secret relies on a shared secret between the sender and the receiver, which should be unavailable to the adversary. The moment the adversary obtains this shared secret, the message can no longer be considered secret either. Which means that the only task left for a pirate is to extract the shared secret, write a utility that can decrypt the content and save it in decrypted form, and the DRM scheme is oficially broken.

So the battle between DRM makers and pirates is really a matter of making it hard to extract the shared secret, but since it must still be possible for legitimate consumers to access the content, the DRM makers are severely limited in this endeavor.

The battle is lost in advance for software-based DRM, as the means of decrypting is readily available to the pirate. For hardware-based DRM, it is a bit harder for the pirate, but since there are a lot of people dedicated to break DRM, it is usually only a matter of time, and the fundamental problem remains that the content must be accessible by the consumer.

Online DRM

So far, the only approach to DRM that seems to be invulnerable is schemes based on the consumer being online while accessing the content, which will allow the content rights owner to tightly control access in real time. This has been implemented for computer games, but have other flaws. The content rights owners now force the consumer to be online in order to access the content. If transferred to music, this would mean that it would be impossible to load the music on a portable music player for a hiking trip to an area without internet coverage, which most hikers would probably not like. And even worse: It means that the content will become unavailable if the server that controls access should ever become offline for any reason.

Whether this is a problem depends entirely on the terms of the agreement between the rights owner and the consumer. As we currently understand a purchase, this is entirely unacceptable, but changes to property law and new kinds of rights transfer may change that. That is a task for the future, but right now, DRM, as we know it, is broken.


Learning LaTeX will ruin your career in IT

This may be a rather shocking statement to make, and to be fair maybe a bit melodramatic. However, there is still some truth to it.

Let me get the assumptions out of the way: You are

  • Attending college with a scientific major, most likely Comp. Sci.
  • Expecting to get a job doing IT-work (e.g. not in academia).

In this case, save yourself the future agony, and stay away from LaTeX. It might seem like a good idea at the time. Hell, it might even seem like a great idea. But it isn’t!.

The sad truth is, that while you may get nicely formatted papers during your college years, and may have the chance to impress a nice-looking literature major, you will be utterly doomed once you enter the real world outside the walls of academia.

Continue reading

Ubuntu 10.4 on Lenovo X61t: Success

Despite my earlier misconceptions about the whole upgrade procedure, it seems that it went really well. I used the following procedure

  1. Make a full backup of my home dir. This includes all hidden (dotted) files
  2. Reinstall from live-cd (With new partitions, the old ones were ext-3)
  3. Copy back documents and other important files, like ssh keys
  4. Install a minimum of programs in order to feel comfortable
  5. Make the tablet work agan
  6. Make rotation work

Making the tablet and stylus work

This was a real pain, as the configuration method has been changed again. In order to configure the stylus, we now have to edit files in


specifically the  10-wacom.conf file. The good news is that the familiar syntax from xorg.conf is back, and even more so, it seems to be staying.

For more information about the configuration, look at thinkwiki.org. The page is about trackpoint configuration, something you would want to do anyway, but the section about xorg.conf.d is the one that gives a hint about the process.

My specific configuration needs were:

"TPCButton" "on"
"Button2" "3"
"Button3" "3"

in order to prevent the stylus from sending clicks when the tip isn’t touching the screen and map the single button to a left-click.

Rotation support

The tablet can be made to rotate automatically when the screen is swiveled. In order to do this, I needed to fetch the sources from the tablet-screen-rotation-support branch of the Tabuntu project.

In order to compile the source on my pristine system I had to install


And when compilation and installation was done (as per the INSTALL file), I had to manually create the acpi event listeners. The specific event strings for the swivel events can be found with

sudo acpi_listen

And for both events, you need to run


With that done, all that remains is to bind the rotate button to the


program that was also installed. Fortunately, this can be done with the gnome keyboard shortcuts manager.

…It even looks like compiz behaves well when rotating the screen 🙂

All in all the most satisfying clean upgrade I’ve done in years

More about window managers

As a response to my last post, it seems that I have found a way to save just a
few more of my desktop pixels, specifically by removing the title bar of my

The Ubuntu Netbook Remix is a collection of packages that, together, creates a
desktop environment more suitable for small screens. These packages can,
however, be used out of their intended context to make the title bar

Specifically, by installing the packages window-picker-applet and
maximus, I can get the characteristic maximized windows without title
bar, as well as the title bar in my gnome panel.

maximus is a small program that forces windows to be maximized and (I
guess) removes their title bar in the process. window-picker-applet is
the gnome panel applet that shows the open windows as icons, as well as the
title of the current focused program.

For those interested, the application launcher that replaces the usual desktop
is provided by the package netbook-launcher, and the whole remix can
be installed with the package ubuntu-netbook-remix.

A small note on the launcher: It competes with nautilus in drawing the desktop, so
anyone looking to use this (I don’t use it) will want to prevent nautilus from
drawing the desktop by setting /apps/nautilus/preferences/show_desktop to false in their
gnome configuration, either using gconf-editor or one of the command-line tools.

On Window Managers and File System Browsers

My main work pc is a Lenovo X61 tablet running Ubuntu 9.10 (right now…).
This poses some restrictions on my choice of desktop environment. First of
all, I don’t want to spend too much of my 12.1″ screen on cruft.
Furthermore, as the system isn’t the fastest in the world, I need to be a bit
careful about how i spend my clock cycles and ram.
Finally, the computer being a tablet laptop, I tend to rotate the screen often.

The result is that I want a fast, light-weight window manager that can handle changes
in desktop dimensions dynamically, and I’ve tried a few, but I always return to
the Gnome desktop environment, but with the old Metacity window manager instead
of the new, fancy, Compiz-fusion.

I was using fluxbox for a while, and generally liked it. Configuring it wasn’t
too hard, but it took a while getting used to. However, it had trouble coping
with a rotating screen, and had to be restarted to cope with a change in
desktop dimensions. Not too much of a problem, though, as fluxbox supports
restarting without restarting X, which means that the running applications are
kept running.

Recently, I tried e17, and that too appealed to me. Configuration was even
easier than fluxbox, and it looks great. However, it kept crashing on me. This
might be because I was experimenting with a lot of modules, but it looked like
e17 really wanted me to use composition, which is a no-go due to hardware

File System Browser

But the thing that really keeps me coming back to Gnome is Nautilus, the file
system browser. And yes, I know I can use Nautilus with both Fluxbox and e17,
but there are a caveat to that. Nautilus has a preference for drawing a desktop
background and desktop icons on the desktop, which clashes somewhat with
the general consensus among alternative window managers that the main menu
should be accessed by a click on the desktop.

And yes, I know I can just run Nautilus with the --no-desktop
parameter, but it isn’t the same. I want Nautilus to draw the desktop
icons. So far, it has done the best job of it, compared to other solutions,
like the EFM module in e17 or custom icon applications for Fluxbox.

Some of the things I think Nautilus does better than EFM or Thunar (the
alternative window manager file browser of choice), is the context menu for
files. It presents the options I might want. All of them. And it allows me to
edit Samba shares right there in the GUI.

Some might call this (GUI) blasphemy, especially used in a Linux context, but
there is a reason for its popularity. It is easy! If I want to browse file
shares, doing it in a gui is a lot easer than digging around in command line
tools. Similar, if I want to set up a folder for sharing, clicking a few times
is easier than editing /etc/samba/smb.conf and restarting samba
manually. It is not that I don’t know how to mount a share on the command line,
it’s just not worth it.


So, in the end, I must accept that I cannot have fancy graphics on my laptop
due to hardware restrictions, and that I’m just too much in love with Nautilus
to replace it with Thunar.
BUT! If I should ever get around to run linux on a desktop computer, I would
love to experiment with especially Enlightenment again, as it shows a lot of
promise, perhaps configuring it so I could easily access Nautilus without it
capturing the desktop. Right now, however, I stick to my Gnome setup.