×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Kindle Touch Gets World's Simplest Jailbreak

Soulskill posted about 3 years ago | from the music-to-amazon's-ears-i'm-sure dept.

Books 161

Nate the greatest writes "Can you play an MP3 file? Then you can jailbreak the new Kindle Touch. A new hack was posted this morning that roots the Kindle Touch/K5 and opens the way for future hacks. The hacker also reveals that the K5 runs on HTML5, which should make it a lot easier to come up with new apps. Epub, anyone?"

Sorry! There are no comments related to the filter you selected.

World's simplest? (5, Informative)

subreality (157447) | about 3 years ago | (#38329444)

By what metric?

For the user, rooting the iPhone was pretty easy with jailbreakme.com. Go there, click the button.

Or do you mean easy for the developer? On HTC phones you basically say "Jailbreak please" and it says "OK."

Re:World's simplest? (0)

Anonymous Coward | about 3 years ago | (#38329602)

On HTC phones you basically say "Jailbreak please" and it says "OK."

In the ghetto you basically say "nigga, please!" and it says "true dat".

at Goldman Sachs you say (0, Offtopic)

decora (1710862) | about 3 years ago | (#38330262)

"i enjoy prostitutes and cocaine" and it says "i enjoy being treasury secretary"

Re:World's simplest? (5, Funny)

Anonymous Coward | about 3 years ago | (#38329616)

It has the shortest name.

"Jail ... break .. me ... dot ... com ... this is really complicated."

"MP3 ?? ooh snazzy"

Re:World's simplest? (-1, Troll)

Anonymous Coward | about 3 years ago | (#38329810)

By what metric?

Metric? Metric!!? METRIC!!!???
Look, you God damned commie, we use "miles" and "libraries of congress" 'round here...

Re:World's simplest? (1)

Anonymous Coward | about 3 years ago | (#38331382)

No.

Measurement of length is in width of hair,
Surface area is in football fields,
Volume is in swimming pools and
amount of information is in libraries of congress.

Re:World's simplest? (3, Interesting)

ClintJCL (264898) | about 3 years ago | (#38330176)

That assumes you know jailbreakme is the right site with the right kind of jailbrake. I spent about 3-5 hours trying to figure out how to jailbrake my iPhone (given to me; I'd never buy one) and having gone through several different jailbrake methods before I got one that worked right. And I'm not somebody who doesn't know how to do things. I ultimately had to pop in an IRC channel and speak to actual people. There was a site - jailbrakematrix - which helped explain which jailbrakes work for which versions. Mine was a 2G/iPhone Original. And the jailbrake only worked with the latest firmware, which I had to update.

So uh, yeah. Playing an mp3 is easier than that.

Re:World's simplest? (5, Funny)

Anonymous Coward | about 3 years ago | (#38330242)

Maybe if you knew how to spell it you wouldn't have had to waste hours.

Re:World's simplest? (3, Informative)

Atzanteol (99067) | about 3 years ago | (#38330282)

http://unrevoked.com/ [unrevoked.com]

Plug in phone. Run app. Make tea. Really the last part was the difficult step.

Re:World's simplest? (-1)

Anonymous Coward | about 3 years ago | (#38330388)

Have you looked at the source? Just open that mp3 in a text editor. It's just a short shell script. The part after "TIT2" is an ID3 tag with some html that loads the script. The rest is junk. I've never written a crack for anything, and my eyes usually glaze over when someone tries to explain them to me, but this one is really mindnumbingly simple. Execute random shell code from a sound file? I can't believe Amazon is shipping this crap.

Re:World's simplest? (4, Insightful)

History's Coming To (1059484) | about 3 years ago | (#38330456)

It seems to be part of a trend towards relatively obvious and open DRM. Lock out your everyday users, but set the DRM at a level where you tend to get good amateur developers crawling all over it and doing some free R&D for you. Hell, even Microsoft are up to it with the Kinect.

Re:World's simplest? (5, Interesting)

sound+vision (884283) | about 3 years ago | (#38330992)

There's no way they did this intentionally. The execution of arbitrary scripts from an MP3 file has far-ranging implications for normal users. Someone's going to end up using this exploit to write malware. If that becomes widespread, you'll get "Kindles get viruses" into the mind of the consumer. They did not want this bug/security flaw. Coincidentally, it's a "happy accident" for people who want to jailbreak their devices (which are a miniscule minority with no impact on Amazon's bottom line). But there's no reason why Amazon would want this type of vulnerability in their device.

Re:World's simplest? (4, Insightful)

Pharmboy (216950) | about 3 years ago | (#38330714)

I can't believe Amazon is shipping this crap.

So, a system that is designed to be 100% Amazon supported for everyone who wants it to be, but is designed intentionally to be easy to jailbreak for those that don't, is automatically crap? This is idiotic. The fact that it is easy to jailbreak isn't a bug, IT IS A FEATURE.

I own a Kindle Fire, and it kicks ass. I don't expect to jailbreak it for now, as that wouldn't help me do anything that I can't already do, except maybe install an ssh client. But it is great that Amazon is keeping it easy to jailbreak, ON PURPOSE, so when I do, I can quickly and easily. I hope they sell millions of them.

Re:World's simplest? (5, Insightful)

gnapster (1401889) | about 3 years ago | (#38331008)

Why the deuce is this rated higher than its parent?

I can't believe Amazon is shipping this crap.

So, a system that is designed to be 100% Amazon supported for everyone who wants it to be, but is designed intentionally to be easy to jailbreak for those that don't, is automatically crap? This is idiotic. The fact that it is easy to jailbreak isn't a bug, IT IS A FEATURE.

The reason the GP called it crap is that now I have to worry about MP3s running arbitrary code on my tablet. Not only can they execute code, but they can gain root access and then execute code! Until I know more about the security of this device, it is making me very nervous. I want jailbreaking to be easy, but I don't want it to be effected by the same kind of action that I use every day for non-jailbreaking activities.

Re:World's simplest? (1)

SomePgmr (2021234) | about 3 years ago | (#38331636)

Jailbreaking the fire was really quick and easy, and allowed me to run the tablet like a regular android device. The greatest benefit of which is not having to deal with the annoying amazon launcher. Personal preference, I know.

Since cm7 is largely working for the fire and ICS is in progress, that'll be pretty important soon. Just not yet. :)

Re:World's simplest? (0)

thegarbz (1787294) | about 3 years ago | (#38330670)

By what metric?

Did you read TFA? The metric is all metrics. What this does is jailbreak your device by doing something your device is designed to do, i.e. play mp3s. That's it.

It's not a case of go to a website and follow these instructions however short it may be, it's a case of "here play this".

It's quite neat that the exploit is hidden in an ID3 tag.

Re:World's simplest? (0)

Anonymous Coward | about 3 years ago | (#38331060)

"Did you read TFA?"

Yes, he is a ninja, able to read an entire article and write a thought-out critical reply while still managing to be first post.

Re:World's simplest? (4, Insightful)

ceoyoyo (59147) | about 3 years ago | (#38331638)

"Here, go to this website" is pretty simple. Simpler than "here, download this mp3 and play it."

Both are bad. Neither visiting a website nor playing an mp3 should be able to root your device. I'm all for making jailbreaking easy, but it should absolutely require a wired connection to the device.

Re:World's simplest? (3, Insightful)

subreality (157447) | about 3 years ago | (#38331784)

Yes, I actually did RTFA.

jailbreakme.com isn't "follow these instructions". If you go there on an iPhone it gives you a big friendly button labelled "Jailbreak Me". You click it. Done.

Yes, I know the Kindle one is really easy too, but the bar for "World's Simplest" is one click. That's a tough act to beat. :)

On the N900 there is no jail (2)

dbIII (701233) | about 3 years ago | (#38331442)

I think there should be more devices like that where you don't have to go through hoops to make changes to your own devices.

Doubleplusgood! (4, Interesting)

PopeAlien (164869) | about 3 years ago | (#38329470)

Could this hack be used to protect your ebook purchases so they can't be revoked after the fact 1984 style?

Re:Doubleplusgood! (1)

durrr (1316311) | about 3 years ago | (#38329502)

I find it moderately unlikely that amazon would start revoking your/mine ebooks.
If you however absolutely need your books free then it shouldn't be all that hard to use the kindle-for-pc version and OCR software to pull them out of the proprietary format. See it as a coding challenge.

Re:Doubleplusgood! (0)

Anonymous Coward | about 3 years ago | (#38329524)

They have already pulled a book at least once. There are also already programs out there to strip DRM without OCR or other silliness....

Re:Doubleplusgood! (2, Insightful)

Anonymous Coward | about 3 years ago | (#38329582)

True, but they had legally good grounds for doing so, and really bent over backwards to make it right. I don't like the idea that they can do it at all, but I don't see how they really did anything morally wrong.

http://news.softpedia.com/news/Amazon-Makes-Amends-for-039-1984-039-Incident-120948.shtml

If they removed paid for copies and refused to return the money, you'd have an excellent argument. But they didn't, so I'm not sure what the big deal is now.

Re:Doubleplusgood! (5, Insightful)

causality (777677) | about 3 years ago | (#38329700)

True, but they had legally good grounds for doing so, and really bent over backwards to make it right. I don't like the idea that they can do it at all, but I don't see how they really did anything morally wrong.

What's morally wrong is they didn't even attempt to obtain consent. The entire notion of a marketplace is based on a willing buyer and a willing seller doing business without coercion of any kind. The initial sale of the book was done in this consentual, voluntary fashion. The revocation of the book and refunds etc. were done against the will of many customers. It was not a voluntary transaction.

If you don't want to sell something of yours to me, I don't have the right to simply take it against your will and leave you the money. If I did that but you didn't want to sell it then I just coerced you into a sale. I am certain you have some possession you are unwilling to part with and would be outraged if someone did this to you. Others feel the same way about other things they purchase.

That they sold a book they didn't have the right to sell is their problem, to be resolved between them and the rightsholder. It's not like Amazon is struggling to financially survive and couldn't have possibly worked out some kind of royalty. To make that your customers' problem is a shitty way to do business. A good business looks after their customers better than that and cleans up its own messes without involving unwilling third parties. Even if the only reason they do it is selfish, to avoid losing sales from pissed off former customers.

I'm sure it's not legally wrong since they almost definitely had the multiple pages of fine-print legalese in some kind of EULA to legally cover their asses. So no surprise the state isn't intervening here. The idea here is that coming up with a clever legal way to coerce someone into a bargain is still morally wrong. It makes some people not want to do business with you.

I don't understand this trend of making apologetics for large organizations. At all. It's as though they have to murder kittens or something before some of you will say "hey, that doesn't look right to me!". To make your problem into your customers' problem when the customers did nothing wrong (while you did) is simply unethical.

Re:Doubleplusgood! (-1)

Anonymous Coward | about 3 years ago | (#38329856)

I hate to say things like this but you're a fuckwit.

Re:Doubleplusgood! (0)

Anonymous Coward | about 3 years ago | (#38330086)

You're not even good at this trolling thing.

Take some lessons then come back and try again:
* http://www.urban75.com/Mag/troll.html
* http://guide2trolling.tripod.com/
* http://www.angelfire.com/space/usenet/

Re:Doubleplusgood! (5, Insightful)

causality (777677) | about 3 years ago | (#38330118)

I hate to say things like this but you're a fuckwit.

You hate to say such things because it's a sorry excuse for having your own point of view. I'd hate to be that way myself; that's why I'm not. I don't know if it's some kind of jealousy or what, but I see lots of posts like this written by people who clearly could not articulate their own position and why they believe it's better.

It reminds me of a post I made some weeks back about Mohandas Gandhi. I misremembered how the man's name was spelled and I wrote it as "Ghandi". So what does some useless little AC come along and do? He points this out and calls me a liar, saying obviously I never read the man's autobiography as I had said. This appeals to the bitchy base nature of a lot of people so he even got modded up. Of course, he didn't dispute anything I said about Gandhi's life, beliefs, or impact on the world. That would have required substance, something he obviously lacked. It would have also required me being wrong about the important part of the post and he knew I wasn't. His entire contribution was "you made a spelling error, therefore you're wrong and I'm right!" I guess to him that represented some kind of conquest or victory.

You're just like him.

It's that desperate need of nothing-human-beings to look down their nose at something and judge it less worthy than themselves. No power to uplift and edify, only to try to degrade in order to relieve the pain of their wretched, stressful, purposeless existence. Little do they understand it makes it worse. Enjoy your perverse, imaginary sense of superiority, if you can. I can see how my love of reason makes me an unusually tempting target. Meanwhile, my works speak for themselves and are open to constructive discourse.

Personally, I couldn't stand being like you. It would burden me with the kind of inner conflict I very much love being free from. That's why I bother to write this -- certainly not for you, as that would be pearls before swine. It's for people who see this going on everywhere and struggle with self-doubt, who might appreciate knowing they really are seeing it correctly.

Re:Doubleplusgood! (-1)

Anonymous Coward | about 3 years ago | (#38330204)

You responded to a troll, with a long, pompous, self-righteous rant.
 
I thought the first post was preachy and a little misguided, but I didn't think you were a fuckwit.
 
Now I do. You're a fuckwit.

Re:Doubleplusgood! (1)

causality (777677) | about 3 years ago | (#38330268)

You responded to a troll, with a long, pompous, self-righteous rant. I thought the first post was preachy and a little misguided, but I didn't think you were a fuckwit. Now I do. You're a fuckwit.

It doesn't work twice in the same thread :-)

Re:Doubleplusgood! (-1, Flamebait)

mandelbr0t (1015855) | about 3 years ago | (#38330622)

Wow, for the guy who thinks that in response to being offended, that one should suck it up and move on [slashdot.org] , you are not very good at it.

I have to agree with the AC on this one: a pompous, self-righteous fuckwit. Try taking your own advice and grow a pair.

Re:Doubleplusgood! (4, Insightful)

causality (777677) | about 3 years ago | (#38331702)

Wow, for the guy who thinks that in response to being offended, that one should suck it up and move on [slashdot.org] , you are not very good at it.

I have to agree with the AC on this one: a pompous, self-righteous fuckwit. Try taking your own advice and grow a pair.

I did take my own advice. I argued why I think there's something wrong with that.

Those who cannot grow a pair? You know what they do? They look to the site admin, or a government agent, or some other authority figure to censor whatever it is they don't like. Is that what I did? No. I countered bad speech with more speech, not with censorship.

You fail to comprehend the point. Not because it is beyond your comprehension; it isn't. You fail because that way and only that way do you get to bitch about something and feel "right" even if only for the interval between that time and my setting you straight.

If by "pompous and self-righteous" you mean "I'll tell the truth and I won't make any apologies for it" then yes, that I am. What you want is for someone to kiss your ass and say things delicately to suit your tastes, to mince words and be diplomatic to avoid your ire. What you want is a people-pleaser who cares about your approval. Sorry, but fuck you, I won't play that game. Go ahead and hate me just as much as you like. Call me some more names if that fulfills your puerile needs. That's what is called having a pair. Not kow-towing to hyperemotional sensitives such as yourself who must make everything personal.

Re:Doubleplusgood! (0)

Anonymous Coward | about 3 years ago | (#38331798)

It's that desperate need of nothing-human-beings to look down their nose at something and judge it less worthy than themselves. No power to uplift and edify, only to try to degrade in order to relieve the pain of their wretched, stressful, purposeless existence.

You understand a significant part of the causes of their behavior, why then anger and hate, instead of empathy and a constructive project to help them, most certainly helping yourself on the (long) way?

I tried to get to you about a year and a half ago, but I suppose my sexual references put you off and you stopped replying. However, I'm asking again today: do you want to discuss the current society, its future, and the existence in general, with reflection, reasoning, and analysis, with me?

You can contact me using one of my temporary email address: deleted_email_KsJQa@ymail.com [mailto]

Re:Doubleplusgood! (1)

roman_mir (125474) | about 3 years ago | (#38330046)

say thanks for the government creating and enforcing copyright (and patent) law, which is what allows the monopolists to maintain their monopolies.

Re:Doubleplusgood! (1)

fafaforza (248976) | about 3 years ago | (#38330064)

I'd like to see the argument you put up when a stolen car you buy gets taken away from you. Two consenting adults, right?

As said already, this was ONE frigging book in the existence of their ebook store, and people got full refunds to purchase the very same book, word from word, from a source that was legally able to sell it.

You decry the apologists. But quite the contrary, I think you just want to find fault in anything a "big evil corporation" does.

Re:Doubleplusgood! (5, Interesting)

causality (777677) | about 3 years ago | (#38330352)

I'd like to see the argument you put up when a stolen car you buy gets taken away from you. Two consenting adults, right?

That scenario involves a quite unwilling third party. That's exactly the problem I have with Amazon's action -- the issue was between Amazon and the rightsholder. They chose to involve unwilling third parties (their own customers at that). You are only reinforcing my point here.

That isn't two consenting adults. That's two consenting adults, one of which is using fraud, and a third adult who's very much not consenting. It's a big difference.

As said already, this was ONE frigging book in the existence of their ebook store, and people got full refunds to purchase the very same book, word from word, from a source that was legally able to sell it.

That's a most amicable way to handle it. I appreciate you highlighting the goodwill that Amazon showed once the situation happened. That part is easy to underappreciate and was worth a reminder.

I still don't find it acceptable to make this your customers' problem. You didn't do your homework and vet the product you offered for sale, that's your fault, you get to sort it out on your own. There are records of how many copies were sold, so you remit payments to the actual rightsholder plus some negotiated fee for accidentally infringing on their copyright and you're done. To put it another way, if this happened with a physical paper book would you support them breaking into your home to take it back as long as they leave an envelope with the money on your kitchen table? After all, on page 37 of the EULA you clearly gave them that right...

Why is this so acceptable in the digital world? If it's intellectual _property_ let's treat it like property. If it's zeroes and ones, let's treat it like zeroes and ones. This is a desire to have one's cake and eat it too. It's not reasonable.

To make a more minor point ... instead of going through a refund process and all the transactions that involves... why not just overwrite the book on the device and replace it with the legal copy? Customers might not even notice it happened. Why inconvenience them if you're going to have such remote capabilities at all?

You decry the apologists. But quite the contrary, I think you just want to find fault in anything a "big evil corporation" does.

When they do things the hard way for no good reason, and cause problems that could have been prevented, then the fault is there whether I find it or not.

Re:Doubleplusgood! (4, Insightful)

Culture20 (968837) | about 3 years ago | (#38329850)

True, but they had legally good grounds for doing so

&@$^ their "legally good" grounds. If Star Trek Replicators ever become a reality, I don't want Amazon using a team of transporter technicians to dematerialize stuff from my house that was replicated with the wrong copyright license. They shouldn't have the *ability* to do this because it is likely to be abused (again).

Re:Doubleplusgood! (1)

fafaforza (248976) | about 3 years ago | (#38330090)

Perhaps you should consider the fact that with the digital sales of books, mistakes are much more easily made. With printed books, it is a more arduous process and therefore likely harder for a simple mistake to take place, like poor editing, scanning, and spelling that you find in ebooks, and possibly like incorrectly uploading a 300kb ebook to the online store, whereas making the physical counterpart would involve a lot more bureaucracy and time between making the decision and the book showing up on shelves.

Re:Doubleplusgood! (2)

hedwards (940851) | about 3 years ago | (#38329996)

No, they didn't have legally good grounds for doing it. They sold copies they weren't authorized to sell then took them back to avoid paying a big fine. It doesn't matter whether they returned the money or not, sales are an inherently no backsies situation.

I'm not sure this is fundamentally any different from them coming over and demanding that I give back any other item I got from them in exchange for my money back.

Re:Doubleplusgood! (1)

fafaforza (248976) | about 3 years ago | (#38330116)

So you'd be against, for example, a vehicle recall? After all, that's the vehicle you bought. The dealing between you and the car company is over. And I'm sure you'd mention the warranty, but that likely only covers things that break. You bought that car with that faulty battery from the getgo. That's the vehicle you inspected and bought. Your problem now, no backsies.

Re:Doubleplusgood! (3, Informative)

sixsixtysix (1110135) | about 3 years ago | (#38330326)

in your situation, if there was a recall, the car seller would just come and take your vehicle, and leave a check and any personal items, whenever/wherever they wanted to. parent is saying that, once sold, the car seller should contact the buyers and let them know, and IF they wanted to, they can bring back the car with the faulty battery. you know, because of ownership and all.

Re:Doubleplusgood! (2)

fafaforza (248976) | about 3 years ago | (#38330472)

But that's the thing people forget. You don't own the eBook you buy. You buy what's effectively a license. You can't lend it (the 2 week lending thing is a joke), you can't resell it, you can't donate it to a library or thrift store. If you have a problem with that, then stick with paper books.

Re:Doubleplusgood! (0)

Anonymous Coward | about 3 years ago | (#38330364)

The contract would likely have been for a vehicle up to quality standards and insured through designated objective analysts. The fault of the bad battery would be fraud, selling someone an item that was not contractually agreed to, and the fault of the flaw would be the responsibility of the the one who caused the mislabelling of the battery as 'certified, functional battery for vehicle x'. That person or agency would hold some accountability for recompense to the contractual party that they dealt with, such as the assembler of the vehicle. If there is a lie in a contract, then the contract is based on incorrect information, and is not true as stated, making it false. "I am purchasing x, under the conditions that it has y, and that y will satisfy me without complaint." "I received x, not containing y, therefore I my contract, if taken as stated, infers that I am unsatisfied. My dissatisfaction has a logical precedent, and the contract was dependent upon the conditions that were logically sound and achievable, eliminating the possibility of an impossible contract." The sale and money exchange part are not the whole contract. The actual declared purchase are also, obviously, a major part of it.

-Ronnie
l o r i n o s 1 0 @ ***.com

Re:Doubleplusgood! (1)

MLCT (1148749) | about 3 years ago | (#38330394)

So you'd be against, for example, a vehicle recall?

A vehicle recall is voluntary - ultimately you don't have to take it back if you don't want to. What Amazon did was the equivalent of turning up at your house and using their own set of keys to get in to and drive away your car because it had a fault - all without telling you until they had left.

Re:Doubleplusgood! (1)

hedwards (940851) | about 3 years ago | (#38330608)

Recalls are not generally mandatory even if the defect is potentially extremely dangerous. Plus, you don't give them back the car typically you drive it to a dealership and they provide the service. Good dealers will often even loan you a car while you're waiting for yours to get out of the shop.

Additionally, they're not obligated to take the car back except under very specific cases and the terms will indicate that they won't buy it back for the same price they sold it for and even then it's treated as a new sale subject to haggling.

Re:Doubleplusgood! (1)

damiangerous (218679) | about 3 years ago | (#38330278)

Really? If someone steals your car and sells it to an innocent third party, you would be fine with never getting your car back because "sales are an inherently no backsies situation"?

Re:Doubleplusgood! (1)

hedwards (940851) | about 3 years ago | (#38330580)

That's a completely different situation. You're talking about somebody that's guilty of receiving stolen merchandise and having to look the other way over the issue of the title. Versus buying from a generally reputable place of business that's selling a digital copy.

Yeah, that's totally the same thing. The latter could be remedied simply by Amazon paying the owner for the rights and the former is a felony.

Re:Doubleplusgood! (1)

damiangerous (218679) | about 3 years ago | (#38330638)

It's not "completely different". It's not identical, no, but it's similar. You were the one speaking in absolutes. There are plenty of situations where a sale does in fact have "backsies". Replace car with "Playstation 3" or any other consumer product without a title trail. The point is that someone was damaged by Amazon's actions and Amazon had the ability to correct the situation because it was a digital sale. Paying compensation is generally second best to remedying the actual damage,

Re:Doubleplusgood! (1)

Shalian (512701) | about 3 years ago | (#38329536)

Really? How about http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html when they did in the past? Is it still unlikely?

Re:Doubleplusgood! (4, Insightful)

Hotweed Music (2017854) | about 3 years ago | (#38329592)

They were hosting illegal content. I know it's nice to get outraged about (especially because of the books banned), but you're picking a fight.

Re:Doubleplusgood! (0)

fafaforza (248976) | about 3 years ago | (#38329688)

Come on, you can't deny a person's right to scream outrage and cite "1984". That's what all the cool kids do these days, after all.

Re:Doubleplusgood! (3, Insightful)

Anonymous Coward | about 3 years ago | (#38329804)

On this you are wrong. Why is it all of a sudden "ok" when it is digital content? If they were selling physical books they could still have had no right to sell them, but they would not have had any means (nor would they have tried) to track down who had the illegal book and repossess it. Now, just because these books were digital, why is it OK? I posit that it is NOT OK. As more and more of "our" content goes digital - what makes it OK for folks to remotely decide we can't have it anymore?

Re:Doubleplusgood! (2)

thePowerOfGrayskull (905905) | about 3 years ago | (#38329666)

Because surely nobody knew what ggp was talking about without the link.

Here's another spin: Out of hundreds of thosuands of titles sold, they only had to pull on and it was over two years ago. Based pn past performance I would say that it"s pretty unlikely indeed. I just can't say it's impossible, because clearly it is. (Also worth noting: purchasers got their money back. Without even having to fight or ask.)

And news flash: they hated as much as the purchasers did if not more - really bad pr when they're trying to build a business around how safe and reliable it is to make electronic manuscript purchases. You think there wasn't some serious internal policy changes to ensure that chances of it happenin g again areas close to zero as possible?

It would be nice to live in a world where amazons didn't have to protect the interests of publishers as well as customers. But it's a long road from here to there.

Re:Doubleplusgood! (2)

causality (777677) | about 3 years ago | (#38330222)

And news flash: they hated as much as the purchasers did if not more - really bad pr when they're trying to build a business around how safe and reliable it is to make electronic manuscript purchases. You think there wasn't some serious internal policy changes to ensure that chances of it happenin g again areas close to zero as possible?

How to make it absolutely zero: don't build devices with this kind of remote-deletion functionality. When negotiating with publishers, tell them up-front that any such option is off the table, that you (the business) will settle any copyright disputes with them, without dreaming of making this your customers' problem. It's not like Amazon doesn't have the resources. Imagine the great PR they could have had if they positioned themselves as protecting their customers from such errors.

I'm just not impressed with how painful and tedious it was for them to try avoiding the use of an option that doesn't belong there in the first place. They deserved the bad PR. If telling the truth is bad PR, that's not the messenger's fault.

Re:Doubleplusgood! (4, Informative)

subreality (157447) | about 3 years ago | (#38329604)

When the GP said "1984 style", they were referring to the fact that Amazon actually revoked some copies of 1984 in a flash of brilliant irony.

Re:Doubleplusgood! (1)

Professr3 (670356) | about 3 years ago | (#38329990)

...it shouldn't be all that hard to use the kindle-for-pc version and OCR software to pull them out of the proprietary format...

Actually, that sounds kinda hard to me :P

Re:Doubleplusgood! (2)

similar_name (1164087) | about 3 years ago | (#38330814)

I find it moderately unlikely that amazon would start revoking your/mine ebooks.

They pulled/deleted 1984 [pocket-lint.com]

Re:Doubleplusgood! (1)

artor3 (1344997) | about 3 years ago | (#38329764)

First of all, it is highly unlikely that Amazon would ever make that mistake again. But if you're really worried, and not just pandering for karma, then simply copy the ebooks to your computer via USB. Ta-da! You've got a back up. For bonus points, use Calibre to break the (trivial) DRM and convert to your file format of choice.

Re:Doubleplusgood! (0)

Anonymous Coward | about 3 years ago | (#38329864)

I don't know how no one has noticed this, but the Kindle DRM was cracked a long time ago. You need the file on you're computer to do it, which means using the Kindle Desktop app, once its done the file is DRM free and in my experience converts very well to any other e-book format you might want (am I really the only one reading amazon purchased books on a Kobo?)

Re:Doubleplusgood! (1)

Osty (16825) | about 3 years ago | (#38331222)

Could this hack be used to protect your ebook purchases so they can't be revoked after the fact 1984 style?

You don't need a jailbreak for that. You just need to remove DRM on the books you purchase. This is easy to do (hint: Apprentice Alf is your friend, and Google knows about him ...), and combined with a tool like Calibre [calibre-ebook.com] you don't have to worry about losing any of your ebooks ever again.

Re:Doubleplusgood! (1)

caseih (160668) | about 3 years ago | (#38331640)

Backing up your kindle purchases and storing them in a way that Amazon cannot control is easy I've been told, and doesn't depend on any particular Kindle.

XSS (3, Interesting)

Anonymous Coward | about 3 years ago | (#38329564)

So the Kindle was jailbroken by a XSS vulnerability?
That's cool

Re:XSS (4, Insightful)

hey! (33014) | about 3 years ago | (#38329776)

Pretty much. The hack was simply embedding javascript in an MP3 id3 tag.

While I'm in favor of jail breaking devices, this does NOT make me want to rush out and buy a Kindle Touch (although I was considering it before), because it reveals a flaw in the the device's basic use. Short of restricting myself to Amazon content, I'd have to check every file I use on it for malware.

Re:XSS (1)

athe!st (1782368) | about 3 years ago | (#38330324)

Jailhouse rock.mp3

Garden Picnic (4, Insightful)

mugnyte (203225) | about 3 years ago | (#38329576)

The walled gardens are full of splendor, as we pay the entrance fee for a reason. Bringing your own picnic, despite the guards, will never be prevented.

Revenge of the open source? (0)

Anonymous Coward | about 3 years ago | (#38329626)

More and more, companies are using open source code in their locked down devices. Sure, you can have the code (maybe), but what good is it if the device is locked down tighter than a nun's pussy?

But, what if open source programmers intentionally leave backdoors in their software? The Amazons, tivos, and motorolas may lock the front door, but the back door will be more open than the goatse man's asshole!

Re:Revenge of the open source? (0)

Anonymous Coward | about 3 years ago | (#38330010)

That's why you do a code review before launching a multimillion dollar sales campaign.

Explanation (It's quite clever) (5, Informative)

mshenrick (1874438) | about 3 years ago | (#38329650)

for the lazy, the title just contains HTML code to create a button, which runs DD to the MP3 (minus the title tag) to a script, as the author tag is the script source, which is then executed. If you open the properties of the MP3 (OS X's 'get info' works, or you could cat it) the source is pretty well commented

What's with the epub comment? (0)

Anonymous Coward | about 3 years ago | (#38329690)

My wife's un-modded Kindle reads her non-Amazon epubs just fine. Or are Slashdotters still a bit behind the times when it comes to their views on Amazon and non-DRM formats?

Re:What's with the epub comment? (1)

zegota (1105649) | about 3 years ago | (#38329736)

Absolutely they are. I use Calibre, and I have absolutely no trouble reading whatever I want.

Re:What's with the epub comment? (1)

fafaforza (248976) | about 3 years ago | (#38330154)

Meh, calibre is fine, but it's so bloated, and resource hungry, and every week, there is a new version that requires you downloading the whole frigging 25-30mb binary. I try to avoid it, personally.

Re:What's with the epub comment? (1)

Blue Stone (582566) | about 3 years ago | (#38331478)

Just don't update it unless there's a real need. Most of the updates are irrelevant. Turn off the auto-update option, and it tells you there's an update in the lower right, but it lets you ignore it. Once in a while check the change log and see it's worth the bother of updating.

But you're right about bloated. I'm not short of Ram these days, but Calibre seems unnecessarily weighty.

Re:What's with the epub comment? (1)

ceoyoyo (59147) | about 3 years ago | (#38331664)

It does do rather a lot of conversions. 20 to 30 MB isn't that much. It also takes up a lot of memory, but it's written in Java, isn't it?

Re:What's with the epub comment? (1)

Blue Stone (582566) | about 3 years ago | (#38331804)

Calibre is written in Python.

Re:What's with the epub comment? (1)

wygit (696674) | about 3 years ago | (#38329802)

Kindles read the epub format? Really? I haven't been able to find a reference to that on Amazon or anywhere else.

Re:What's with the epub comment? (1)

Guspaz (556486) | about 3 years ago | (#38329892)

If it's not DRM encrypted, there's software like Calibre that will convert between all the different formats. DRM-free eBook formats haven't been an issue for years, I don't know why everybody is so obsessed with ePub on the kindle. As the OP, I've been reading non-Amazon DRM-free ePubs for ages.

There are a lot of stuff that's annoying about the kindle, the format support is not one of them. Not being able to set my own screensaver image on my non-advertising kindle is a bigger annoyance to me.

Re:What's with the epub comment? (1)

fafaforza (248976) | about 3 years ago | (#38330174)

So it can read ePubs, as long as you convert them to Amazon's format? That's not quite reading ePubs.

Re:What's with the epub comment? (1)

Em Adespoton (792954) | about 3 years ago | (#38330400)

It reads ePubs, including the ones Amazon has wrapped in their own proprietary DRM. The key here is that the actual reader reads the ePub format... the DRM code unwraps the ePubs so the reader can read it. If you serve it an ePub without the DRM, it'll still read it.

Kind of like saying iTunes plays AAC audio. Some of it may be FairPlay-wrapped, but it's still the AAC audio that's being played.

Re:What's with the epub comment? (1)

damiangerous (218679) | about 3 years ago | (#38331046)

The Kindle does not support the ePub format. Amazon does not sell ePubs and has never wrapped one in their own DRM.

Re:What's with the epub comment? (1)

shutdown -p now (807394) | about 3 years ago | (#38330392)

Actually, format support is still annoying, because it means that you can't just download ePubs using Kindle's built-in web browser and immediately start reading them, as you can with Mobi files - you need a PC to convert them.

Re:What's with the epub comment? (1)

damiangerous (218679) | about 3 years ago | (#38331058)

My wife's un-modded Kindle reads her non-Amazon epubs just fine.

No it doesn't.

I would think that this was a major problem. (5, Insightful)

geekprime (969454) | about 3 years ago | (#38329716)

It dosen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

It seems like the fact that everyone "knows" that mp3's are safe and can not give you a virus is not at all true for this device.

Re:I would think that this was a major problem. (5, Insightful)

izomiac (815208) | about 3 years ago | (#38330008)

It disturbs me that Amazon would include a javascript command to execute arbitrary native code as root, and doesn't sanitize input. An ID3 tag should not be rendered, especially not with javascript, and especially not in the privileged mode the GUI is given. Making any one of those mistakes is amateurish and indicates that whoever designed this system knows absolutely nothing about security. Beyond that, obviously that person/team was given the autonomy to do this without any kind of oversight, so the device is surely riddled with such defects!

IMHO, most likely some web developer came up with that idea and is unused to even considering security issues. While you can write a GUI in DHTML and its ilk, it's not necessarily a good idea. When they ran into the easily predicted performance issues, this was their solution. Suddenly, they're no longer playing in the sandbox, but apparently they weren't quite cognizant of the implications.

Re:I would think that this was a major problem. (0)

Anonymous Coward | about 3 years ago | (#38330300)

You used IMHO in two successive paragraphs.
 
I don't think you're very humble.
 
Oh, and you pompously misused the word, "ilk".

Re:I would think that this was a major problem. (0)

Anonymous Coward | about 3 years ago | (#38330460)

Humility went out of style in the 80s. IMHO is "In my honest opinion," and I'd think 90% of people could tell you so. Also, his use of ilk was fine.

Re:I would think that this was a major problem. (1)

DeathFromSomewhere (940915) | about 3 years ago | (#38330996)

Urban dictionary says you're wrong. [urbandictionary.com]

Re:I would think that this was a major problem. (0)

Anonymous Coward | about 3 years ago | (#38331722)

Wikipedia says the GP is right:
http://en.wikipedia.org/wiki/List_of_acronyms_and_initialisms:_I

IMHO – (i) In My Humble/Honest/Heartfelt Opinion, c.f. IMO.

Re:I would think that this was a major problem. (1)

DeathFromSomewhere (940915) | about 3 years ago | (#38331772)

Except humble is listed first. Cool fail bro.

Re:I would think that this was a major problem. (0)

Anonymous Coward | about 3 years ago | (#38331874)

"IMHO"/ "In My Humble Opinion" is a figure of speech. Like "choke on a bag of dicks", something I'm sure you're asked to do quite often.

Re:I would think that this was a major problem. (1)

Anachragnome (1008495) | about 3 years ago | (#38330100)

I once downloaded some MP3 files (about 4 years ago) and one of the files puzzled me.

I had gotten into the habit of deleting all the metadata (and replacing it with my own in order to standardize all my MP3 files). When I deleted the metadata and replaced it with my own, this certain file went from roughly 25kb in size down to 15kb. Of the 14-15 or so files in that group, only one file acted in this manner. The rest in the group either registered no change or 1kb less in size. I actually downloaded the entire torrent again in order to verify this, but I never did figure out the reason for it. I checked the actual metadata information and nothing seemed amiss (no visible script or anything like that).

Could it have been arbitrary code inserted in the metadata just as we see here, and if so, how was it hidden from view when looking at the metadata via "properties"?
(if you're wondering, the file was a song from CCR's Cosmos Factory--"I Heard It Through The Grapevine"...Yeah, yeah. Pretty fucking funny, now that I think about it. Now, I wonder what the payload was.)

Re:I would think that this was a major problem. (2, Interesting)

Anonymous Coward | about 3 years ago | (#38330446)

You can stick album art in the id3 tag if you want; that could easily be several kb in size. Nowadays people put the cover art in every track: the redundant data isn't half as annoying as trying to manage it separately.

Re:I would think that this was a major problem. (1)

Em Adespoton (792954) | about 3 years ago | (#38330470)

It was likely data stored in the metadata section that wasn't tagged with a standard tag. Reading it out in a text editor/hex editor would show you the culprit, but it wouldn't show up in a standard field. Most likely, it was designed to buffer overflow the parser of some common mp3 player like WinAmp.

Re:I would think that this was a major problem. (1)

maeka (518272) | about 3 years ago | (#38331420)

Most likely you cleared album art (as the poster above mentioned) or your tagger was set to remove padding.

With ID3 tags residing at the start of the file it is common to pad the tags with blank space so that future (longer) edits don't necessitate the rewriting of the entire file. Too Many shitty taggers remove padding by default.

Re:I would think that this was a major problem. (2)

Ethanol-fueled (1125189) | about 3 years ago | (#38330104)

It doesen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

Not really. MP3's have been rooting Windows for years now. Ooh, gotta go. Just downloaded Pamela_Anderson_Naked_jpg.exe .

Re:I would think that this was a major problem. (2)

Em Adespoton (792954) | about 3 years ago | (#38330444)

One of the first exploits for OS X back in the day was actually malware dressed up as an MP3 with the appropriate headers. It took advantage of a flaw in the header reading code of iTunes to buffer overflow and then use the iTunes memory space to escalate privilege.

Of course, the flaw in the library was patched pretty quickly, and nobody's tried it again since, but mp3s have been attack vectors for at least 10 years.

don't browse the web (1)

kervin (64171) | about 3 years ago | (#38330550)

...with your ebook reader.

Not because a browser is included means it's a good idea to do so.

Re:don't browse the web (1)

Nimey (114278) | about 3 years ago | (#38331292)

The newer e-Ink Kindles are limited to only visiting Amazon and Wikipedia, IIRC. Don't have that limitation with the old keyboard versions or the Fire.

Re:don't browse the web (1)

bhaak1 (219906) | about 3 years ago | (#38331508)

Only the versions with the free 3G limit you to Wikipedia and amazon. If you're on WiFi, the browser will render any webpage.

But the browser (an oldish version of webkit) is hardly usable because of color issue (genius programmers thought it was great to blindly map color to grayscale) and the UI. The browser thinks it can act like running on an ipod touch and it feels sluggish and unresponsive and stuttering because of this.

Re:I would think that this was a major problem. (3, Informative)

complete loony (663508) | about 3 years ago | (#38330692)

This isn't a buffer overflow, it's a XSS scripting attack. The mp3's meta data is inserted into a HTML document without cleansing it.

How-to (0)

Anonymous Coward | about 3 years ago | (#38329720)

Here is a comprehensive Step-by-step I found: http://kindlefirejailbreak.net/kindle-touch-root

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?