Feeds

Gilmore, Hedrick differ on anti-CPRM gameplan

How to unfirewall the Napster firewall

  • alert
  • submit to reddit

High performance access to file storage

Opinions are diverging on how to fight CPRM, the stealth copy control mechanism that promises to "firewall Napster at your PC", in the words of a Sony executive.

IBM withdrew its proposal to the T.13 hard drive standards committee last week, and Phoenix's generic proposal was introduced and rejected. It's on the agenda for the next T.13 ATA committee meeting in April.

Yesterday, EFF co-founder John Gilmore, whose call to arms did much to galvanise users against CPRM on hard drives issued his analysis of the Phoenix proposal.

Gilmore wants members of the public to join the T.13 standards committee. And while acknowledging that the Phoenix proposal is innocuous ("there is nothing controversial in this new proposal - there is nothing in at all,") it may be a Trojan Horse for "secret" standards, he writes.

But Linux ATA driver guru and T.13 committee member Andre Hedrick, who has watched CPRM for several months, strongly disagrees.

His concern is to ensure that CPRM doesn't go underground, he says, into the nether world of undocumented "Vendor Unique" commands used by manufacturers, which are far more difficult to identify and that could criminalise attempts to break it. He wants it above ground, identified, and where folks can see it.

You didn't ask for it, but here it is anyway

Regardless of what T.13 decides to ratify, CPRM could yet be commonplace in hard disks in the future, implemented through the back door of "Vendor Unique" commands, Hedrick argues. And the task of finding out where CPRM is coming from would permanently impair the performance of non-CPRM operating systems. Like a Smash the Hippo Game, only with an infinite number of Hippos.

And he adds, there's really nothing to stop vendors doing this. Much of what your hard drive can really do is not considered or ratified by T.13. This ain't the Supreme Court: it only sets down lowest common denominator interoperability standards. The rest is a free for all.

Hedrick's issued his own "suggestion" to the T.13 mailing list, promising to give away a command parser that bounces unknown new commands, so obliging a CPRM-vigilant OS to track and reject all such command sets. His threat poses a dilemma for drive manufacturers which may be inclined to sneak CPRM in through the back door: they'll effectively lose the Linux market. Hedrick's parser will include trap-doors for vendors who try to circumvent known command sets, too.

Gilmore

Gilmore argues that a cabal of drive vendors want to include copy control specifications in the ATA spec, but are sneaking it in through the back door:

"If a market-dominating group of disk drive makers; computer companies like IBM, Intel, Toshiba, and Hitachi; and movie and record companies all want to go off into a smoke-filled room and define their own set of exclusionary copy-protection specs, they need to pretend they're meeting to define a standard in an accredited standards organization like T13. This proposal is their smoke-screen."

" It's just a scam to give the T13 committee "plausible deniability" so they can vote for CPRM. Well, now the secret is out and it doesn't look so plausible anymore. If they really wanted to support arbitrary "generic" functionality, they should design something that would handle more than a single custom function per disk drive."

Hedrick

Hedrick argues that the unknown command sets not ratified by T.13 could be the real Trojan Horse, and he wants to find a way to find and stop them:-

"I will share and give away a command-parser model that will allow any HOST OS to reject commands that it does not know how to match the data-phase returns. Remember that the SPEC are the rules how to talk to devices as we have all been told, but the HOST has every right and duty to restrict the execution of unknown commands. Additionally, should attempts be made to bypass this method of access filter, then we add complete taskfile register parsers and finally content tracking of all commands that return memory info that is outside of the registered and found user-space LBA's."

In addition, he says, the proposal would allow Linux programmers to use existing "Vendor Unique" commands.

Firewalling the firewall

Hedrick and Gilmore appear to agree on almost everything: they both strenuously object to CPRM, and they both want to allow programmers and users of free software operating systems maximum control over such restrictive technologies. That's a pretty basic philosophical unity.

There's a crucial difference, though. Gilmore's logic is based on the faith that public pressure will bounce CPRM out of a standards committee for good. Hedrick holds a perhaps more cynical view - he knows the terrain inside out - that the committee itself can't make or break CPRM. And so he's plotting a doomsday scenario, where CPRM has snuck into drives, and Linux programmers and users need some ammunition with which to fight it. Again, that's a complementary, not an adversarial view.

From where we sit, though, these guys need each other, and they need to get talking. ®

For all our CPRM stories, and a handy FAQ too click here.

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.