The Flowing Candy Bees

I put this here just in case someone is Googling for it:

There is a simple way to upload music files from an iPod back to your Mac, and it doesn’t require any special utilities or software. You don’t need to download any utilities or install anything or pay for shareware. Just run a command from the Terminal.

Apple tries to discourage you from uploading songs from an iPod. Presumably they do this to placate record companies, who think you must be a criminal if you want to move data against the arrows. Not so: I had to restore music to my computer that was on my iPod, music from my own CDs that I purchased and ripped legitimately. These things happen.

Here are the two “security measures” they use to stop you from pulling music off an iPod:

1. Uploading simply isn’t implemented as a feature in iTunes.
2. The music files are on a hidden directory on the iPod drive, so you won’t see a folder in the user interface.

That’s it. We call this “speedbump DRM”: easily defeated, but it trips people up. It can be surprisingly effective. People are stopped from doing something, and often assume that it simply can’t be done. This is more effective than you might think, even in our modern age of Google and Wikipedia. Many people don’t even think to search for a remedy, because speedbump DRM is an act of misdirection. It fakes tough security, it fakes impossibility.

Anyway, here’s the remedy:

First make sure your iPod is enabled for disk use, and it is plugged in with the iPod icon on the desktop. Next, launch the Terminal (in Applications/Utilities) and run these commands:


$ cd; mkdir tunes
$ find /Volumes/MYiPOD/iPod_Control/Music -name "????.???" -exec cp {} ~/tunes \;


That second command should be all on one line. Replace MYiPOD with the actual name of your iPod. If you’re uncertain about the path to your iPod, just drag the iPod icon from the Desktop into your Terminal window. The pathname should appear. Or, begin the command “find /Volumes/” and hit the tab key.

Now, go to the tunes folder in your home directory, select all the music files, and drag them into iTunes. They should be imported and returned to their original state, complete with all track information.

Note, some of these files may be .m4p files. An “m4p” file is a protected AAC file, the kind you get when you buy music from the iTunes store. You can upload these from the iPod, but you can’t play them in iTunes without authenticating as the file’s owner. ITunes is happy to load them into your playlist, as long as you can provide the password when you want to play them.

So how do you “unprotect” an m4p file? Well, you log in as the rightful owner. M4p files are encrypted using AES, with the key stored in an encrypted block; you get the key for that block from Apple, when you provide the correct password for the iTunes account. That key will be stored in your computer and on your iPod, so they can play the music. If you have that key on your computer, JHymn may help you convert the m4p file to an m4a (unprotected) file.

If on the other hand you are trying to unprotect someone else’s m4p file, none of this will help you.

I rarely watch movies, but this weekend I rented two: The Bourne Identity (great) and 15 Minutes (godawful, tho DeNiro is always worth watching.) Both of them had scratches and froze halfway through. 15 minutes locked up the DVD player at 45 minutes. This happens fairly often with rental DVDs, and now it happened with both rentals.

So I ask the obvious dumb question: is DVD quality actually worse than VHS quality?

Sure you have a far clearer picture, when it works; but you also have movies that catastrophically halt right in the middle. Even if not, the non-catastrophic failures in a DVD are very visible and distracting: VHS errors look like broadband static; DVD errors look like block artifacts, stuttering, freezing and dropped frames. VHS tapes gracefully degrade: DVDs go into the cinematic equivalent of cardiac arrest.

This is a huge difference when you consider the suspension of disbelief required to watch any movie. VHS noise is usually the type of distortion you can unconsciously correct unless it is very severe. DVD errors abruptly snap you out of it, even small ones, and ruin the whole experience.

Real-world quality is a matter of both the severity of the errors and how often they happen. It takes a lot of abuse to make VHS noise substantially distracting. Over the entire lifetime of VHS I remember two movies that were unplayable due to crappy quality. One was an in-flight movie. And I saw a lot more movies back then, before grad-student guilt made me reluctant to see or read anything recreational when I still had textbooks to go through.

In contrast, I have seen a lot of skippy DVDs. Sometimes it isn’t the DVD at all, but the player overheating or failing to keep up with the far more complex task of decoding DVD video. More than once I have seen the extended edition of Lord of the Rings completely exhaust a DVD player—but I assume that the march of technology will fix this.

So on average, I have to say VHS is better quality, at least for rental movies. DVD is a clearer picture in the error-free case, but so far the average quality has been much worse.

UCLA recently got hacked, exposing a whopping 800,000 identities of current and former students, staff and faculty. This includes SSNs and birth dates, and the intruder was apparently searching for SSNs.

It is worth comparing this to the AOL breach, both in terms of the actual harm and the possible level of public outrage.

First, the security side: the exposed UCLA data is obviously more substantial, more useful for fraud and identity theft. The AOL search data was very personal, but contained few SSNs and other security-sensitive pieces of information. Furthermore, the UCLA data wasn’t leaked by mistake but exposed by a direct attack; someone wanted in for whatever reason. I would say that the UCLA leak provides more substantial harm.

On the outrage side, there are different factors to consider. Which is more scandalous, the AOL leak or the UCLA leak? Will it anger or scare or bother people? Here’s a head-to-head comparison on some major “outrage factors”:

• Lots of people go to college. One outrage factor is the possibility that the disaster could happen to me next. There are two sub-factors: one, the perceived risk, and two, my ability to empathize with disaster victims and understand the scope of the disaster—easier if I am in the same situation.
• AOL’s public image, before the disaster, makes it a better candidate for public outrage than a university. AOL is an overcat, a big fat media conglomerate, with a history of bad PR online (there is an alt.aol-sucks, for example, which is one of the first “hyphen-sucks” groups on Usenet.)
• The AOL data was genuinely leaked, and people have already copied it, and sifted through it.
  It matters if the disaster can be concretely framed, if we know for sure that it has happened.

  There is a complementary outrage factor caused by uncertainty, for example the dreadful thought that a food additive might put you at risk for cancer, and you don’t know. But to outrage people, you need at least enough certainty to be aware that a disaster has occurred.

• The press could extract personal stories from the AOL data. This brings home the human side of the leak, and the concrete nature of what just happened.
• The UCLA data, while sensitive, is not embarrassing personal information. I bet a lot of people would rather expose their birthdates than their search history.

So we have a few “outrage factors” here: one, how real/concrete/visible the disaster is; two, how visceral our reaction is to the leak; three, how much we can empathize, or imagine that it could happen to us tomorrow. Also, we have PR matters such as the company’s reputation and the general newsworthiness and coverage of the disaster.

All in all, I suspect that AOL will beat UCLA in the outrage department, even though the UCLA leak is a more substantial security disaster. Note that I have been saying “substantial” rather than “large.” Which is a bigger privacy invasion, someone stealing your bank account number or someone peeping in your window at night? You can’t answer this question so easily, but we can at least quantify the harm caused in the bank account case. That’s what I mean by “substantial” — it can lead to substantial harm in terms of fraud.

I saw this at a craft show here in Binghamton:

Actually, I saw the right-handed version. The potter made a left-handed version for me. Your non-dominant (right) hand slides into the half-twisted handle, so you can stir with your left. You have to imagine someone standing to the left of it.

Of course, I bought it because it is topologically nonorientable, like a Möbius strip:

The bowl is made Diane Lia, a local potter. Some of her other work is sold at La Taza on South Washington.