I've long been one to complain about the sad state of affairs in the entertainment industry these days. You don't want to get me started, so let's just say that their assessment of digital media is completely out of touch with the reality in the minds of consumers.

When iTunes started selling digital media, I was excited. It was a good step forward. Like when you're standing knee deep in a pool of sewage and you start wading for shore (I'm sure you've been there too). But I refused to ever shop there for a few reasons, namely that I don't use iTunes (no Linux version), I don't own an iPod (Sandisk Sansa) and I absolutely refuse to buy DRM music. Those are all killer features and frankly I can get by without new music. Mostly I listen to podcasts anyway (the local NPR affiliate is lame).

Given that background, you can see why I was excited to hear that Amazon.com had finally launched their mp3 music store. That was one heck of an intro just to tell you that I'm fired up about spending money, but it has been a long time in coming. I've always told myself that if I had an accessible way to purchase DRM-free music online, I would.

So I did. It worked exactly as advertised. There was a little confusion about the downloader software they encourage you to use (and require you to use for album purchases). I tried forcing it to run in Wine, which didn't work and just caused headaches. Their FAQ claims they're working on a Linux version, so hang out for that. In the mean time you're stuck with just single track downloads. Still, not too bad.

As for the music itself, it's a true blue mp3 file. It's tagged perfectly (something you won't typically find on p2p and an endless source of irritation for me). It's encoded at 256kbps and sounds great. I'm completely satisfied with my purchase and would get another in a heart beat, if I could find it.

And that there is the rub. It took me quite a while to find a track to buy. It's only $0.99, but still I didn't want to waste a buck. I searched for Michael Bublé, U2, Pearl Jam, Donny Osmond in Joseph, TMBG, René Aubry, and a bunch more that I can't remember. None of them were available. There is a lot of music, but until all the labels (indie and RIAA alike) can get on-board, it'll be somewhat less useful to me. In the end, if you're curious, I purchased All Along The Watchtower by Jimi Hendrix. Classic, man. Classic.

Here's to the end of DRM. Hip hip, hooray!

The question came up today about relative speeds of scp, tar and rsync (the latter two using ssh as a transport mechanism). While anecdotes and rumors are great for defining security policy (think TSA), I wanted some more concrete numbers so I ran a test.

I set up a script to copy a directory 5 times from my laptop to a server on the same subnet. I routinely pull 3MB/s from that server (over wifi), so bandwidth wasn't an issue. I used /var/lib/dpkg as my source directory. It weighed in a 57MB and contained 6896 files. Because rsync will compare changes between source and destination, I made sure to nuke the directory off the server after every run.

Method:            scp  rsync+ssh   tar+ssh
Average Time:  269.75s      33.6s    24.43s
Bandwidth (mbps): 1.69      13.57     18.66

The results are what I expected, at least as far as scp is concerned. It does not do well with large numbers of small files. It copied each file over completely before it started with the next one. Tar of course put the whole thing together and then shipped it off. Rsync read all the files first, then compared them to the server and then shipped them all in one go. Apparently there were some significant I/O savings to be had that way.

One other important item of note is that scp did not handle symlinks the way tar and rsync did. It dereferenced the symlink and copied the contents of that link rather than copying the link itself. That was a problem because I had picked some self-referential directories before I settled on /var/lib/dpkg.

For your reference, here are the commands I ran to test:

for i in 1 2 3 4 5; do time scp -qrp /var/lib/dpkg [server]:/tmp; ssh [server] rm -fr /tmp/dpkg; done
for i in 1 2 3 4 5; do time rsync -ae ssh /var/lib/dpkg [server]:/tmp; ssh [server] rm -fr /tmp/dpkg; done
for i in 1 2 3 4 5; do time tar -cf - /var/lib/dpkg |ssh [server] tar -C /tmp -xf - ; ssh [server] rm -fr /tmp/dpkg; done

We have some mail servers which occasionally get way behind on their mail queue. I wanted a good way to see the size of the queue in real time, without having to log into the web interface of the machine (it's a proprietary device). So I wrote this script which not only prints out the current value of the SNMP OID, but also tracks the value so you can see if it's increasing and if so, by how much. It could easily be adapted to any numeric SNMP variable.

watch-snmp.pl

Steve Jobs' essay on DRM has stirred up quite the hornet's nest of controversy. That's a good thing really. Far too many decisions about DRM are made in smoke-filled back rooms by corporate executives.

Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy.

He's absolutely right. If you know even the littlest bit about cryptography and if you think about it for just a few minutes, it's obvious that DRM is broken from the get go. You can't give somebody the secret and the key and expect the secret to stay that way for long. It's a no-brainer.

That's not what I'm here to critique. Seems that Fred "I'm high on crack" Amoroso, CEO of Macrovision, posted a response to Steve Jobs. You may remember Macrovision as the screwball way to prevent copying of VHS tapes. It works by changing one of the timing tracks such that other VCRs get confused, but TVs don't. It's actually quite easy to fix with a $30 signal cleaner.

Macrovision has a vested interest in DRM systems. That's their business. So it's no surprise they came out swinging at a call for DRM to be axed from the planet. Let's address his four main points:

DRM is broader than just music
While your thoughts are seemingly directed solely to the music industry, the fact is that DRM also has a broad impact across many different forms of content and across many media devices. Therefore, the discussion should not be limited to just music. It is critical that as all forms of content move from physical to electronic there is an opportunity for DRM to be an important enabler across all content, including movies, games and software, as well as music.

Digital media, no matter what it is, will benefit from unimpeded access. Could the TiVo have been created if the broadcast flag had been implemented? Would id Software have become the video game powerhouse it is if Barney Doom hadn't been created? Would Microsoft Office ever have been used if it hadn't been so easy to copy? DRM systems limit what can be done to only whatever the original creator thought of. Ain't nobody smart enough to think of every possible way to use something. Does it always work out well? Of course not. But that doesn't mean that DRM systems would guarantee success either.

DRM increases not decreases consumer value
I believe that most piracy occurs because the technology available today has not yet been widely deployed to make DRM-protected legitimate content as easily accessible and convenient as unprotected illegitimate content is to consumers. The solution is to accelerate the deployment of convenient DRM-protected distribution channels—not to abandon them. Without a reasonable, consistent and transparent DRM we will only delay consumers in receiving premium content in the home, in the way they want it. For example, DRM is uniquely suitable for metering usage rights, so that consumers who don't want to own content, such as a movie, can "rent" it. Similarly, consumers who want to consume content on only a single device can pay less than those who want to use it across all of their entertainment areas – vacation homes, cars, different devices and remotely. Abandoning DRM now will unnecessarily doom all consumers to a "one size fits all" situation that will increase costs for many of them.

DRM increases consumer value?!? Hang on, I need to wipe the milk off my screen. That's a riot. Consumers don't care about jumping through hoops. They don't want to be bothered with the fact that they can't hook their DVD player into their VCR because of the Macrovision encoding (been there). They want to be able to make copies of movies to take on their iPod or to let the kids put their peanut buttery fingers all over (done that). Just make it work and I will buy your content. That's really what it boils down to. Every thing a company does to make it harder to acquire content makes me that much more likely to turn to illegal distribution means. How is that a win for anybody?

DRM will increase electronic distribution
Well maintained and reasonably implemented DRM will increase the electronic distribution of content, not decrease it. In this sense, DRM is an important ingredient in the overall success of the emerging digital world and especially cannot be overlooked for content creators and owners in the video industry. Quite simply, if the owners of high-value video entertainment are asked to enter, or stay in a digital world that is free of DRM, without protection for their content, then there will be no reason for them to enter, or to stay if they've already entered. The risk will be too great.

The perceived risk will be too great for some. But what they really fear isn't that people will copy their content. That's a given whether there is DRM or not. What they are scared of is that somebody will out-think them. That they won't be able to keep up with the competition. Well, sorry buddy. Lead, follow or get out of the way. What will truly increase electronic distribution is giving content creators the ability to directly distribute their own content. That revolution has already come and it's not going to stop. For the vast majority of these artists, the real danger is obscurity. DRM only assures them of that.

DRM needs to be interoperable and open
I agree with you that there are difficult challenges associated with maintaining the controls of an interoperable DRM system, but it should not stop the industry from pursuing it as a goal. Truly interoperable DRM will hasten the shift to the electronic distribution of content and make it easier for consumers to manage and share content in the home – and it will enable it in an open environment where their content is portable across a number of devices, not held hostage to just one company's products. DRM supporting open environments will benefit consumer electronics manufacturers by encouraging and enabling them to create ever more innovative and sophisticated devices for consumers that play late running premium content from a number of sources.

So let me follow the logic through here to the next step. If an excessively restrictive DRM scheme is harmful, and a more interoperable system is better, doesn't it follow that a completely open system would be the best? It seems obvious to me. And doesn't it defy logic that a system built around keeping secrets could actually be "open"? The more open it becomes, the less DRM can be applied. You can't have your cake and eat it too.

Over the last few years I have seen the winds of change begin to shift in opposition to DRM. I expect that within 5 years we will see the effective disappearance of DRM, replaced with open content formats. And the world will be better for it. Until then, you can count me out of any DRM scheme which is not already broken. But wait, isn't that all of them?

Back in April I started an informal spam research project to see if the conventional wisdom is true, namely that when you put your email address on a website it collects spam. Basically I littered my site with a email addresses and then kept watch to see when messages were delivered. Today I removed them from the site and would like to share my results so far.

Here are the email addresses I used, where I placed them and how many messages they received:

• st1 - plain text in an html comment, at /blog - received 29
• st2 - href=mailto in an html comment, at /blog - received 17
• st3 - href=mailto in plain sight, at /blog - received 23
• st4 - plain text in an html comment, at /gallery - received 8
• st5 - href=mailto in an html comment, at /gallery - received 8
• st6 - href=mailto in plain sight, at /gallery - received 7

• Total messages: 92
• First hit: 2006-05-05 04:21:39
• First hit address: st2
• Unique hosts: 38
• Hosts sending only a single message: 22
• Most messages from a single host: 8
• Hosts listed in Spamhaus SBL-XBL: 25
• Messages blocked by SBL-XBL: 37
• Separate attacks: 18
• Attacks with delays between messages: 6
• Number of countries: 19
• Most common countries: China (5), South Korea (6), U.S. (5)

The next step is to see how long I continue to receive messages at these addresses. I suspect it'll continue for at least 2 months. We'll see.

Finally, I came up with a clever way to trace back when these messages get skimmed off the server. Instead of a static address (st1, st2, etc.), I wrote up a simple little bit of php code to generate a unique email address of the form stT<date>T<ip address>. The things I'm most curious to find out are 1) how long spammers continue to use a certain address, 2) how widely the skimmed addresses are shared and 3) how far from the crawler the email address wanders. I'll let you know.