Karaoke Forums

And just what does that have to do with buying it and using it for the purpose for which it was intended???

_________________
Electro-Voice Evolve 50... Taking Sound To The Next Level.

Alan,

I am just pointing out (for chartbusters benefit) that this is a highly unsecure system. I'm glad you think compuhost is great.

Well, pirates will be happy, 11,000 perfectly ripped chartbusters tunes.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

I like the Media Pro HD concept. Biggest drawback to me would be that you only have one vendor label, ie, chartbuster. If no one hacks it, then maybe in a year or two we can have something similiar with multi music labels. The everyone would have a professional music base at their fingers.

Hopefully this thing will be hard to crack. Yes, all software can be hacked, but for one thing they're serializing the song when you unlock it. Part of that serial # could be a code for which credit number you used to unlock the song. Therefore a chartbuster auditor could see that same code come up on different songs. And/or Compuhost could audit your unlocked files for repeated codes.

If I were trying to protect this hd, I would store the credit info in a fake song file on the hd. Or even in the extended file information area. Which would defeat all of the virtual machine scenarios. This also allows you to move the HD to a new computer and yet I would still know your lifetime number of credits purchased and redeemed.

Believe me, Chartbuster has put a lot of thought into protecting this thing. And if you want other vendors, or multi-vendors, to follow their lead, then you can only hope that it doesn't get cracked for a very long time.

It will be cracked. Physical access to the authentication server is considered the worst security practice imaginable.

As far as writing in odd area of the hard drive, this would require direct access to the hardware (which windows itself prevents through several layers of security in the HAL (hardware abstraction layer)

Now if they had created their own hard disk controller, and created their own software driver, they could have that, but nothing on the site indicates this. It's just a normal usb hard drive, nothing special about it.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

well, thank you for pi$$ing in my wheaties.
is there any delivery method that would NOT be torn to shreads?

_________________
Paradigm Karaoke, The New Standard.......Shift Happens

Yeah, because someone can take a hammer to your servers, or walk off with a hard drive. I don't think it has to do with cracking encryption keys.



The extended file description is so readily accessible, that it's unlikely they would use such an option.

But one encrypted byte in an mp3 file could easily keep up with your credits information, including lifetime purchases and lifetime redemptions. And not even be noticed when the song was played. If the credit info is not stored on the hd, then you're going to lose credits if you have a computer failure and have to move to a new machine.

Nope, has nothing to do with that. Giving someone physical access to your auth server means you give them access to your private key. ESPECIALLY if all auth takes place offline. I'll save you the lecture on how private/public keypair encryption works.

If the thing can decrypt stuff offline, that key is in compuhost, guaranteed.

And yes, in this case they can walk off with the hard drive, it's already in their hands.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

Yah, online delivery with private keys stored on secured servers.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

The more I think about this thing, the more I think I understand what it is they're doing. It's so backwards.

Normally in public/private keypair encryption, the keypair is generated. I think the best analogy to how it works (although this is REALLY simplifying it, but hey I'm on karaoke-forum right?) is think of public/private keypairs as two guys having 1/2 a password.

The client (you) and the server both have 1/2 a public password. These are put together and then compared to a private key through a hash and if things match up, then auth is given.

Think of it this way.

Your public key = 2.5
Servers public key = 2.5
Servers private key = 5

All of these should add up to 10 right? But if either public key is off, numbers don't add up and the remote, secured server with the private key says "nuh uh, none for you"

(again, for the more technically inclined, remember, I'm just really boiling this down to simple simple simple simple terms)

In the Media Pro HD model, the tokens act like a public key. The private key is stored in compuhost. While the keys are a one time use and unique to each file, they're still vulnerable to save state type attacks, since the key has no idea that it's on a virtual host.

Hackers have gone beyond imagination to get private keys. They've done stuff like scrape the ceramic off ram chips, shoved them under an electron microscope, to actually read the state of each register of ram. Our current computers store everything in on/off. You can physically look at flash ram, and read that private key. Easier, you can read the ram registers if you virtualize the host.

Considering the public key that Invicton provides you (in the form of tokens/credits) works for any of the files, I think it's safe to say every file has been encrypted with the same public/private keypairs. Every single file does not have its own unique keypair, they all share the same one.


There is only one way to truly secure media in this type of delivery. It's called Quantum bit cryptography. It's not too hard to explain either, but at this point there is no product to support it. It's still being researched by all the tech companies and Universities, and to date no commercial products have been produced.

So with current computer methodoligies, we store things in 1's and 0's (binary) Quantum is a bit different...

Quantum computer reads the location of an electron as it makes its way around the nucleus of an atom. It's an analogue value to infinity. It does this by entangling the atom in photons (light). You cannot simply shave the ceramic off the top of a quantum bit containment vessel without releasing the bit (atom) It'll simply fly off into air, or be contaminated by the zillions of atoms floating around.

Now if you string several quantum bit entanglers together, you have a byte. Not the current, each bit is 1 and 0. It's 0x to 360x, 0y to 360y, and the decimal accuracy of this is to 0.0023523502362362--->infinity. You end up with encryption keys that are 8-bits of 0 to infinity. Crazy right?

You can capture that state of the quantum byte, and use that as the basis for your cryptography, then you're golden. You can send public key "states" which are unique, and based off the infinitely tiny quantum state of the electron spinning around the atom.


Now teacher is tired. Hopefully Professor Moonrider can chime in here, because I got a feeling he understands this stuff as well as I do.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

Well, obviously, "physical access" security does have to something to with people messing with your physical boxes. It may not be what you meant in your op, but that doesn't change the meaning of physical access.



That depends on how well you hide your private key. But once a super hacker breaches your network, they have the same access to finding your private key as if they had physical access to your auth server.



More likely in a file on the hard drive. That way each drive can have a unique key. And you don't put the key in a contiguous string. You can spread that thing out in bits all over the place. And you could have a unique index to those bits also stored in a file on the hard drive. Also scattered. But at some point, yes, you must have some controlling feature common to all of the hard drives for the software to work and therefore, it is vulnerable. But you can make it an extremely difficult process to break.

How many more of these before I get "novice" off my postings?

OK, I'm looking at it from a different perspective; Cost per song comparing CD+G Discs to this new HD delivery system.

We already know that to have the convenience of new songs on-call (so-to-speak) we’re paying $1.50 per in 100-song lots, $1.70 in 50-son lots, and $1.80 in 25-song lots.

My example is based on my preference of purchasing CB’s 50 Top Pop and/or Country for whatever year is current (Vol1 and/or 2). Each volume at its most expensive comes in at $55. Divided by 50 songs that’s $1.10/song; a savings of $0.60/song totaling $50.60. (NOTE: They’re currently on sale in CD+G Disc format at a cost of $0.76/song)

I could further demonstrate that CB’s same combined collection for each year (100 Pop or Country) sells for as little as $80; that’s $0.80/per song. That’s a $0.70/song savings when purchasing their 100-song group of credits at $1.50/song totaling $70.

I know…, I know…, the on-the-fly convenience and total elimination of unwanted songs is the whole idea of this product. And for those who don’t mind the initial expense of the HD, and the added per-song cost for these benefits then by all means press on.

An advantage I see with this at this time is that I don’t have to buy the songs until I actually need them. Except the reality is that I’ve already purchased a group of songs in advance, I just haven’t selected which songs I want yet.

As for me, until the producers can make the per-song price of this new delivery system comparable to that of the CD+G Disc per-song price, I’ll stay with discs.

P.S. In the past 5 years I’ve been purchasing CB’s Top 50 Pop and Country collections, I haven’t experienced much deadwood.

_________________
EveningStar Entertainment & Events
JR & Michele LaPorte
Peoria, AZ

nylla I'm not gonna copy pasta, ok you can have Novice off your tag, at least by me. You have some general understanding...

So you're right about hackers getting access to a private key over the network. We've recently watched Sony be brought to its knees on the playstation network.

They could have done it a lot faster if they had both the auth software and the keys in their possession. They don't have to worry about some admin detecting the intrusion and setting off alarms. They can dwell, dwell, dwell with all the time in the world to figure out whatever cacameme scheme it is with no threat of detection by CB or CH.

Now you can say, "Oh they have all this info on the customer, and they can TRACK THEM BY THEIR CC AND ACCOUNT INFO if it gets released into the wild!" Here's my answer to that..

I go to 7-11, buy a prepaid credit card. I fake my docs, everything. Turn it in, send it to an abandoned or empty house and they have nothing. Phone number? I'll use a throwaway google voice number from some public wifi spot.

(note I'm not saying I would do this, I'm saying this is how someone would not leave a trail, and anyone that wants to say "TOQER DON'T GIVE THE HACKERS IDEAS!" Trust me, they're smarter than most of us and have already played these scenarios and more out in their own minds)

You seem to know enough to know this is not secure, not one bit. They just have to decrypt one hard drive, and since the same key(though unique to each system, they only have to break 1 system) is the same across all files, it's game over man.

Saying that whatever they're doing is good enough, isn't. It's not a hurdle at all. No better than CSS was on DVD, or the new blueray encryption stuff. Anytime you leave your private keys in the hands of the consumer, with no remote authentication, you blew it. Quit defending them. There is no current technology that can prevent these files from being decrypted once it's in the hands of someone that knows how.

Even if you do create custom keys for each system/media that goes out, remember, they just need to crack one. They have all the time in the world to do it without detection too.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

Why must everything get turned into a legal debate. The whole purpose of this thread is about this new ground breaking product and how it can be benificial to us. Instead of discussing it in that sense, some of you had to "hack" this thread and turn the discussion into a debate on how this system can be hacked. Whether it can or can't isn't the issue. Let's get back on track please and leave the technical aspect to CompuHost and Chartbuster. I'm sure they thought this out.

While some of you will continue to debate this (hacking), while you're doing that, I'll be enjoying having access to over 16,000 songs at my disposel whenever I should need them. I'll also be enjoying the money I'll be saving on having to buy the hits of the month discs to keep current. I'll also be enjoying never having to turn away a customer because I don't have a song that they want.

So, go ahead and argue this redundant issue about whether or not this system can be hacked while I enjoy this new technology and all it's benifits.

Thank you.

_________________
Electro-Voice Evolve 50... Taking Sound To The Next Level.

Alan this isn't a legal debate, this is a criticism of a arguably faulty technical implementation.

And while that's nice you have access to 11,000 songs through this, I have access to over 50,000 through tricerasoft(which is a much more secure for the publisher). So if you want to get into a wanker measuring contest, there you go.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

And just by mere fact you mention I was arguing legal is proof you're not really taking the time to read my posts. Thanks.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

Alan,

By your standards, we shouldn't even review the quality of karaoke songs, nor should we review the quality of the manufacturer here. We should just say, "WHAT YOU DO IS AWESOME NO MATTER WHAT!"

We shouldn't critisize CB for trying to keep us locked to CDG discs. Nope, not one ill word shall you speak against them.

Notice, I'm not criticising Zoom, or Sunfly, or any of the folks operating on tricerasoft. Check my new addition to my sig to figure out why.

When CB wises up it will be too late. And maybe it's time I announced something... Hell. Why not.. I'll save it for another thread as to not hijack this one.

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

Alan, The original post asked for pros and cons, not just pros.

Pointing out that it's not secure against illegal activity does not make this a legal argument.

_________________
KNOW THYSELF

You are brilliant earthling, friend will be added.


What happens when this thing gets hacked, in a deluge all the files are flooded out in one huge torrent, and they decide to pull out the support rug from underneath it? What happens when they tell Compuhost, "We're breaking contract, you may no longer sell these "credits"

History has a nasty habit of repeating itself.

(edit, cb never sold on tricera)

_________________
Living my life as Robert Cortese, 162 E. Jackson St, San Jose CA.

It's like the difference between high and low budget toilet paper, it really doesn't matter in the end. -exweedfarmer

Which is smarter? Just sticking to making/selling karaoke, while people all over the world create software FOR FREE that helps you sell it, or trying to compete with them and keeping it a closed loop while you blow your money into an industry (software) that you(the karaoke manu) knows nothing about?
-me

I have nothing against you (toqer) questioning how vulnerable this hard drive is to hacking. What I am questioning is your mentality...

Why would you publicly state in explicit detail, the methods one might go about hacking this device. Where are your brains? If you are so concerned for Chartbuster's and Invicion's sake, why wouldn't you just give them a call and discuss your feelings on the matter. I'm sure they would listen. But to post this on a public forum is sheer stupidy and a blow to all legal KJ's.

KJ's have a hard enough time competing with pirates as it is. You just gave them more ammo by your eloquent desrcription on hacking this drive. Why don't you just do it for them and save them the trouble.

_________________
Electro-Voice Evolve 50... Taking Sound To The Next Level.