Sep 28, 2008

Walmart drops DRM... and your music files too

As announced about a year ago, Walmart's music store is shifting to 100% DRM-free files, which in itself is a Good Thing. So would be support for Firefox BTW, but that's not my point :)

Problem is, how do you manage DRMized songs if the DRM server is gone? Well, you don't (original post on BoingBoing):

From: Walmart Music Team
Date: Fri, Sep 26, 2008 at 7:42 PM
Subject: Important Information About Your Digital Music Purchases

Important Information About Your Digital Music Purchases
We hope you are enjoying the increased music quality/bitrate and the improved
usability of Walmart's MP3 music downloads. We began offering MP3s in August 2007
and have offered only DRM (digital rights management) -free MP3s since February
2008. As the final stage of our transition to a full DRM-free MP3 download store,
Walmart will be shutting down our digital rights management system that supports
protected songs and albums purchased from our site.

If you have purchased protected WMA music files from our site prior to Feb 2008,
we strongly recommend that you back up your songs by burning them to a recordable
audio CD. By backing up your songs, you will be able to access them from any
personal computer. This change does not impact songs or albums purchased after
Feb 2008, as those are DRM-free.

Beginning October 9, we will no longer be able to assist with digital rights
management issues for protected WMA files purchased from If you do
not back up your files before this date, you will no longer be able to transfer
your songs to other computers or access your songs after changing or reinstalling
your operating system or in the event of a system crash. Your music and video
collections will still play on the originally authorized computer.

Thank you for using for music downloads. We are working hard to make
our store better than ever and easier to use.

Walmart Music Team

Kudos to Walmart for (a) getting rid of DRM *and* WMA, (b) trying to help out their customers, (c) demonstrating why real-life DRM is cumbersome, inefficient and just plain evil.

Next time someone praises DRM, show them this email!

Sep 26, 2008

European Parliament Votes Against P2P "Three Strikes" Law

According to Digital Media Wire, the European Parliament approved on September 24 the following amendment to the so-called Telecom Package :

"no restriction may be imposed on the rights and freedoms of end-users, notably in accordance with
Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and
information, without a prior ruling by
the judicial authorities, except where dictated by force
majeure or
by the requirements of preserving network integrity and security, and subject to national
provisions of criminal law imposed for reasons of
public policy, public security or public morality."
Which, AFAIU, means that your ISP is not allowed - and cannot be forced - to revoke your Internet access without a court order. God knows the EU has voted stupid stuff over the years, but not this time. Well done.

Could the French government please take note?

Sep 23, 2008

LinkedIn Q&A: Hi everybody, could anyone explain me how High-Speed TCP works and what are the differences between HS-TCP and TCP standard?

Congestion control is much more aggressive in HS-TCP (RFC 3649, experimental) than in TCP.

Whenever congestion occurs on an HS-TCP connection, the window size is not halved like it would be with TCP: it is only reduced by a small amount and then increased again quickly.

This allows HS-TCP to deliver more stable and more consistent throughput on very high speed links.

Primordial - Empire Falls (live in Dublin, 2008)

A cold wind is blowing
Through the graves it is blowing
And it bears a poisoned tongue
And the foul breath of deceit

I am my fathers son
And his deeds
Cannot be undone... be undone

You trade in his blood
Writing your history
In the sacrifices of the dead

Where is the fighting man?
Am I he?
You would trade every truth
For hollow victories

Every empire will fall
Every monument crumble
Forgotten men who watch the centuries

Whose silent words
Rise up in betrayal
We will rise up in betrayal

Where is the fighting man?
Am I he?
You would trade every truth
For hollow victories

Every empire falls
And the earth to ashes turn
The lands of my birth
Shall be my tomb

These are the lands, the lands of my birth
Soon to be ruins, the ruins of my past
And when the sky should fall
The earth to ashes turn
Then you know they shall be my tomb

Where is the fighting man?
I am he
You would trade every truth
For hollow victories

VirtualBox 2.0.2 released

I've been using VirtualBox for a while now and I LOVE it.

Running OpenSolaris, CentOS, Windows XP (and Ubuntu) simultaneously on my laptop is a sight to behold. It's hard to believe that PC couldn't handle Vista on its own...

Installation is a breeze. Highly recommended!

Sep 22, 2008

slotMusic: another doomed physical format

According to the Los Angeles Times, "the four major record labels plan to start selling their music on mini flash memory cards that can be loaded into some mobile phones, digital music players and car stereos". The product is called slotMusic and is basically is a 1Gb microSD card, preloaded with a full music album in high-quality MP3.

I understand the need for experimentation (and SanDisk's efforts to move away from commodity markets) but how could this even be remotely successful? Is there anything more awkward than MicroSD? How many times do you think you can insert a MicroSD card in your device before the connector breaks? How long would it take for you or me to lose such a tiny item? And even if I bought 10 of them, where would I store them? Not to mention all issues linked to physical distribution : limited catalog, unsold items, etc.

Retail price is expected to be "comparable to CDs". About $12-$15, then. A blank 1Gb MicroSD card costs about $3.50, an 8 Gb USB key about $25. Sideloading still wins, sorry.

Don't BestBuy and Walmart remember the UMD fiasco? slotMusic is next.

Sep 21, 2008

Dirac: new video compression format from the BBC

Dirac 1.0.0 has just been released. It is an advanced royalty-free video compression format designed for a wide range of uses, from delivering low-resolution web content to broadcasting HD and beyond, to near-lossless studio editing.

Dirac is developed by the BBC R&D and is open source, with support from major media players such as VLC and gstreamer.

Specs and downloads are available at

Sep 19, 2008

New Metallica album rocks... but which one rocks harder?

After listening to "Death Magnetic" a few times, I feared my hearing had finally been shot by too many concerts, as I felt that several tracks exhibited clipping and distortion. This post explains it all. Something is wrong with the mix or the mastering, which are too hot and too compressed. This has been widely reported on Metallica boards across the web and an online petition asking for a proper re-release has even been launched!

Funny enough, the Guitar Hero 3 version - which I couldn't resist buying - offers a much improved sound. In a matter of hours, the GH3 songs have been ripped in lossless format and uploaded on BitTorrent trackers... And we have come full circle again: THE INTERNET CANNOT BE DEFEATED.

Food for thought on distribution channels, digital bundles, price points, quality expectations, etc.

Sep 17, 2008

Vivendi predicts resurgence in music industry

According to the Financial Times, Vivendi's CEO is "predicting a return to growth in the industry as new ways of making money from legal digital downloading come to fruition". I can't imagine he would tell anyone otherwise, of course :) Still, this contrasts with the utter despair that has been commonplace in the music industry in the last few years.

Universal Music is the industry leader and they ARE innovating left and right. Should their efforts become tangible soon, they would certainly convince the rest of the music industry to follow and fully embrace the digital transformation.

Losers do face oblivion, "the skull on a pikestaff as a warning to others about how not to deal with the internet”.

Sep 15, 2008

Isilon release OneFS 5.0

Isilon announced today the release of OneFS 5.0.

The major addition is support for symmetrical multi-processing (SMP), which will finally enable all CPU cores on cluster nodes. Can't wait to test it :)

Update 17/09: Isilon also announced a new accelerator node (CPU and cache only, no storage) supporting 10 Gigabit Ethernet.

New DRM attempt from the movie industry

Can this save the movie industry? I seriously doubt it.

This kind of DRM utopia could have been envisioned 15 years ago (buy once, play anywhere, etc). But now? Come on, the industry couldn't even agree on BluRay vs. HD-DVD : how could they hope to standardize something as technically and politically complex as a DRM system?

Device manufacturers will drag their feet... because they don't have to follow: P2P, sideloading, etc helps them sell, thank you very much.

And whatever this system will be, it will be hacked in a matter of weeks.

Let me ask you a question: would you pirate water or electricity? No. Why? Because it's easier and safer to use the system provided by the utility company. And because whatever price they charge is acceptable to you (even if you don't really track it on a daily basis). Plus, you don't have to worry if water will fit in this brand of cup or if electricity will power this brand of coffee machine. It just works.

I believe that all digital content should follow this path.

Just my two cents, of course.

PS: Spore is another recent example that DRM (Sony's SecuROM in this case) is strongly rejected by consumers and doesn't protect anything.

Sep 13, 2008

New Metallica album available in Guitar Hero 3

Powered up my PS3 this morning, headed for the Playstation online store and yup, there it was: the new Metallica album available for download as a GH3 add-on.

Not sure I'm ready to pay 17,99€ for this, but anyway that's very innovative marketing from Metallica - extending what Nine Inch Nails did a few months ago.
  • Pre-sale of CD/digital bundles in different editions (regular, deluxe, collector)
  • Simultaneous release of CD, digital and game versions,
  • Multiple GH3 versions of the same track to let gamers play all solos,
  • And let's not forget, which has been providing for a while EVERY live show in soundboard quality and lossless format, as well as free downloads of selected archive shows.

Certainly a sign of things to come and, if needed, yet another proof that digital distribution is creating a lot of new opportunities for bands AND fans. I would love to get sales figures for the different distribution channels...

And yes, the album ROCKS. Enough to make me forgive the last twelve years of absolute non-sense? Hmmm, maybe :)

"The day that never comes"

SpringSource event in Paris

SpringSource recently opened a French office, which is organizing a one-day event on November 13. More info (in French) on

This looks promising. I'll try to make it!

LinkedIn Q&A : Who came up with the word Middleware? Was it Oracle? IBM? Or was it someone else?

The first use of the word "middleware" seems to be at the 1968 Nato Software Engineering Conference. Hard to believe, isn't it?

LinkedIn Q&A : What is the difference between the ISO/IEC 2700x series of standards with the ISO/IEC 13335 series of standards?

ISO 27001 is a high-level standard specifying that an organization should use a risk assessment and risk management methodology. No actual methodology is described, but either one of ISO 13335, NIST SP800-30 or CERT OCTAVE can be used.

LinkedIn Q&A : What is you favorite set of security RSS feeds ?

Here's my list:

The last two are mostly useless, but every once in a while...

LinkedIn Q&A : Do you have any experience with TCP->HTTP tunneling with reDuh?

yes, this is bad. Another example that firewalls can be circumvented, especially by internal users.

Similar tools :
- httptunnel
- iodine (tunneling over DNS)
- ptunnel (tunneling over ICMP)

What happens if you combine this with encryption/steganography? How do you detect and thwart these attacks? Is deep packet inspection up to the task? Fascinating "research" subject :)

LinkedIn Q&A : What are your favorite books on Hacking, Cracking, Social Engineering?

Personal favorites:

  • Hacking: The Art of Exploitation, 2nd Edition (2008) - ISBN 1593271441
  • Security Warrior (2004) - dated, but a good overview - ISBN 0596005458
  • Defcon presentations (Defcon 16 just took place)
  • Hakin9 magazine
  • RSS feeds : Packet Storm, Security Focus, etc.
  • search for "hacking videos" in Google :)

LinkedIn Q&A : What are convenient and secure ways to identify a person on line immediately for a financial institution without using a token?

"convenient" and "secure" don't usually go hand in hand :)

Like many people, I can access my bank account information using a secure web connection (https) and a login/password combination. This provides some security, but not solid authentication : if my password is stolen, anyone could access my account without actually being me :)

Using multi-factor authentication (secret code/password + token/smartcard + biometrics) is much more secure, but raises many issues (cost, complexity, standardization, user acceptance, etc). Let's hope that it won't take a disaster for awareness to grow. Stolen credit card numbers are bad enough. Can you imagine massive criminal access to online bank accounts and records? OMG.

Here are some recommendations from the US Federal institutions to financial institutions.

LinkedIn Q&A : Pricing and provider of Video Streaming?

If you're looking for "raw" delivery to end-users on an international scale, then content delivery networks are probably your best choice : the big names are Akamai, Limelight, CDNetworks, Level3, ... I work for none of them, BTW.

If you're looking for additional services beyond storage and delivery, you could also look at content delivery platforms / content management systems. These typically work in ASP / SaaS mode.

Or you could build it internally, but it does get scary real quick :)

Storage & bandwidth requirements will vary a lot, depending on factors such as:
- number of assets in your catalog (obviously)
- number of video formats (mp4, wma, etc) and their parameters (resolution, audio & video bitrate)
- traffic profile : simultaneous number of connections, geographical coverage (peak hours are not the same everywhere !), etc.
- business requirements : SLA, disaster recovery, etc.

LinkedIn Q&A : Has anyone set up an amnesty to collect in all non encrypted USB sticks/thumb drives within an organization?

As always, you need to do your best to educate users, come up with incentives : larger capacity drives, goodies, fun event, etc. But in the end, control mechanisms must be in place as well !

If your security requirements are THAT high, you could prevent unauthorized USB devices from mounting. At the very least, you should be able to alert the SysAdmin team... Implementation obviously depends on your environment (Unix or Windows ? Maybe both ?). If that sound too harsh, periodic scans of your internal network could help catch offenders.

As far as drives go, I would stay away from costly proprietary hardware solutions and use commodity drives with Truecrypt... but that's just me :)

One last thing: encrypted thumb drives do not protect against OS/applications caching & revealing confidential information.

LinkedIn Q&A : Who knows server-side software for movie fileformat transformation on ASP webserver?

I assume you need offline encoding (not on-the-fly encoding).

ffmpeg is open-source and indeed the best all-round choice, but be prepared to spend some time experimenting with command-line options, especially if you need to convert to mp4 :)

If you also need to support video formats for mobile phones, I would suggest Vidiator's Xenon encoder. It's a commercial tool.

I'm not sure what your volumes are, but if you need firepower, then you may be interested in the Ripcode appliance. Pricey, but very nice...

LinkedIn Q&A : How does one set up a video server to RECEIVE video streams from a set of specific webcams ?

One way to do this would be to configure each cam-connected PC as a streaming server. You could then connect from a central location to each server, and view/record the corresponding stream.

I would recommend VLC, an open-source media player which can also act as a streaming server. VLC is very widely used and available on virtually every platform. You'll find links appropriate links below.

If you need a commercial solution, Microsoft's Media Encoder will probably work too...