The Next Step In Online Music

I’ve been thinking about a post that I made a few days ago that linked to an article discussing the economics of Napster-To-Go versus iTunes. The conclusions from this article focused on the losses of the music industry as a result of P2P sharing.

This morning I read this USAToday article which describes how many big players are giving away MP3 players, Blackberries, and PDAs in exchange for some purchase (e.g. buy a round-trip ticket on United and get a BlackBerry). Of course, the string here is that you have to subscribe to some service contract for some period of time, where they make up the money.

That brings me to what the next evolution in online music. Much like we get cell-phones for a very low price in exchange for a 2 year service agreement, the next step is that we will be able to get music players with the same sort of deal. It makes perfect sense to me as the music industry begins to embrace digital music subscriptions. And why not? Imagine getting an iPod for free in exchange for a 2 year, $30/month subscription to iTunes. That would be $720 paid over time, but you get all the music you can drink in that period. The music dies when the subscription dies, but since the service provider can keep it forever for me, why do I care? I can get the music whenever I want. With extension for multiple players (e.g. family plans) I end up with an unlimited, on-demand music library, which is probably my ideal.

So what’s wrong with the existing Napster model? To much money up front. I have to buy a music player for $300 to get to use it. If the music player is part of the subscription, then just like a cell phone, I’ll throw it away when my 2 year service agreement is up. After all, that’s sort of what’s happening with MP3 players anyway. I’ve had 2 disk-based units now (an Archos and an iPod) over the span of about 4 or so years. They break, they become old tech, I want a new one. What a perfect scheme. If Apple’s on the ball, that’s what will happen next, but I’m betting that Napster or some other service provider will jump on this first.

SHA-1 Broken

Bruce Schneier reports on his blog that SHA-1 has been broken as described in a paper by Chinese researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Federal Information Processing Standard 180 (FIPS-180) describes SHA-1 in the following way:

Explanation: This Standard specifies a Secure Hash Algorithm, SHA-1, for computing a condensed representation of a message or a data file. When a message of any length

The SHA-1 is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. Any change to a message in transit will, with very high probability, result in a different message digest, and the signature will fail to verify. SHA-1 is a technical revision of SHA (FIPS 180). A circular left shift operation has been added to the specifications in section 7, line b, page 9 of FIPS 180 and its equivalent in section 8, line c, page 10 of FIPS 180. This revision improves the security provided by this standard. The SHA-1 is based on principles similar to those used by Professor Ronald L. Rivest of MIT when designing the MD4 message digest algorithm (“The MD4 Message Digest Algorithm,” Advances in Cryptology – CRYPTO ’90 Proceedings, Springer-Verlag, 1991, pp. 303-311), and is closely modelled after that algorithm.

The general conclusion of this paper is that collisions can be found after 2^69 hash operations, instead of the brute force 2^80. A collision is where two given messages are found to produce the same result. This effectively means that 2^11 fewer operations are required to produce a collision. Computationally, this means that if it took a week to compute 2^69 hash operations before a collision, it would have taken 2048 weeks to compute 2^80 hash operations before, which is about 39 years. That’s a pretty significant reduction in the amount of time necessary to break a hash. Now it still takes a long time to compute a hash and 2^69 of them is a huge amount, but as Moore’s law continues to give us faster processors, a 2^11 reduction in operations is very, very important. It effectively renders SHA-1 useless for the long-term, and maybe even for the short term.

The False Mathematics of the RIAA (An Analysis of P2P Losses)

If you are interested in the P2P music sharing debate, I encourage you to read Barry Ritholtz’s post on the subject. In a nutshell, Ritholtz suggests that by authorizing Napster To Go and Rhapsody subscription services, the maximum loss that the industry can claim per person is a mere $1000 per decade. He makes many other points that I’ve made on this blog for years — the musicians make their money from concerts not CDs, that much of the music downloaded would never have been purchased anyway, etc. It’s worth the read.

Some Pictures from Ft. Lauderdale

The family recently took a small vacation to the Ft. Lauderdale area. I shot the following pictures in the Everglades at Sawgrass Recreational Park. These images were all shot at ISO 100 in Program mode on my Canon Digital Rebel. I used my usual Sigma 24-135 lens to do the work.

This first image was taken before boarding the airboat. It worked out to be 1/320 at f7.1. The meta-data says that the focal length was 108mm. I never really looked at that number too hard, but it’s interesting that it notes it.

ftlaud-3 (43k image)

This next image of an alligator catching some rays was also at 1/320s and f7.1, but a maximum zoom of 135mm.

ftlaud-3 (43k image)

This final image was taken at 1/30s at f3.5 with a focal length of 42mm. My hands must not have been shaking that much when the shutter fired.

ftlaud-3 (43k image)

As always, the originals for each of these images are available if you e-mail me.