
Illegal Prime Number? (2001) - ColinWright
http://fatphil.org/maths/illegal1.html
======
skrebbel
Some context for people younger than me: This was a Big Thing On The Internet
back in 2000. It was lovely, and it was where I discovered how a bunch of
motivated nerds on the internet could make a dent.

So anyway, the thing was DVDs were pretty new, and DVDs had "region
protection". Cutting corners, this means that data on DVDs could be encrypted
with different keys depending on which continent you were on, to allow
complicated per-country movie distribution models. You could change the
"region" on your DVD player or computer, but only 3 times or so. Of course
people could also make unencrypted DVDs, but movie makers didn't do that.
Internally the encryption scheme was called CSS, chosen by people who I assume
didn't code websites much.

Now, the DVD consortium people (backed by the film industry and hardware
vendors) released DVD playing software for Windows and Mac, but not for Linux.
This made Linux enthusiasts sad, who couldn't play DVDs on their computers.
You have to remember, this was before the Pirate Bay, broadband, and Netflix.
People really wanted to be able to buy/rent these DVDs and play them, this was
not a hypothetical wish. It was the only way to get high quality movies in the
house.

Then it became clear that the DVD people really weren't going to ship a DVD
driver thing for Linux, not even closed source, not even when we all asked
really nicely. I'm not 100% sure whether there were no DVD drivers at all on
Linux, or simply that they only could play unencrypted DVDs, but you can see
where this is going: the Linux people wanted to be able to play real DVDs, the
ones they'd buy or rent in town, the vendors wouldn't do the effort, so the
Linux folks did it themselves. This was common, especially then, when most
hardware vendors couldn't care less about Linux.

So they cracked the CSS encryption.

I mean, _of course_ they cracked it. This was not the warez people, this was
the FOSS people. They had a computer with a perfectly good DVD drive and they
wanted to watch movies on it. You can't stop these folks.

The MPAA, however, did not like this. They realized that it would just be a
matter of time before people would port this code to OSes that have more usage
than a rounding error on their bottom lines. So they did what the MPAA does
best: hunt witches. At least one guy, a Norwegian 16-year old, got prosecuted
by the state, and it all got messy very fast.

Meanwhile, the angry nerd mob that is the internet didn't sit still. They soon
realized that the big Linux DVD player software wasn't the issue, the only
issue was that little library called DeCSS which cracked the encryption. Soon,
people started hosting DeCSS on their websites, in objection to the MPAA's
witch hunt. It wasn't that big, after all.

MPAA then started sending aggressive takedown notices and even lawsuits to
ISPs and hosting providers who had customers who hosted DeCSS. Some customers
got in trouble, some providers had a spine. It was bad, but this sparked 2
wonderful developments:

First, someone wrote a Perl script called DeCSS that removes cascading style
sheets from HTML files. Nobody had a use for it, but _lots_ of people hosted
it on their sites. The MPAA sent takedown notices to those as well, and this
was much easier for providers to say no to. After all, it was as harmless as
any program good get and let's be honest, it was aptly named.

Second, the one of first serious internet sizecoding competitions got kicked
off, because smaller code is easier to distribute in nifty ways. People
remixed each other's work until the core DeCSS algorithm was only a single
line of code. Gzipped, there was nearly nothing left. The article this thread
is about assumes that you're aware of that (all the geeks were at the time)
and starts from there with the insight that there's probably a prime number
that includes this code and is, therefore, illegal.

People also put this minified DeCSS code in all kinds of wonderful places. One
of the best hacks I recall is that you could make the DVD consortium's DNS
servers host DeCSS. Because DNS servers cache data from other DNS servers, you
could make a TXT record on your domain with DeCSS in it, then look it up via
the DVDCCA nameserver, and it would keep a copy. But there were many ways:
[http://decss.zoy.org/](http://decss.zoy.org/)

This was all straight from memory. I probably got some details wrong and I
probably missed many great anecdotes. But this was a beautiful piece of
collaborative civil disobedience and to my knowledge it was the nail in the
coffin of region-protected DVDs.

~~~
bad_alloc
Thank you for this writeup, this was before my time on the internet.

> People remixed each other's work until the core DeCSS algorithm was only a
> single line of code. Gzipped, there was nearly nothing left

What was the actual number? Can you post it here?

~~~
snarfy
I recall a version that was an ascii string that you could save as a file with
a .zip extension and it would unzip into the source.

~~~
roman_savchuk
And I remember someone was selling t-shirts with that string!

~~~
rconti
I had the RSA "this shirt is a munition" t-shirt that was technically illegal
to take outside of the United States due to export controls.

Though, it wasn't 1/100th as ugly as this block of graffiti spam.

[http://www.cypherspace.org/adam/uk-
shirt.html](http://www.cypherspace.org/adam/uk-shirt.html)

------
ColinWright
And its follow-up:

[http://fatphil.org/maths/illegal2.html](http://fatphil.org/maths/illegal2.html)

------
s-c-h
pi, e, √2 are thought to be normal [0], which would make them Disjunctive
sequences [1]. This means that every finite string appears as a substring in
them, including for example all Shakespeare works, and the ADN of every person
[2].

In particular they contain this illegal prime number, and the gzipped and non-
gzipped versions of this program in every programming language possible.

Does that mean that they may become illegal someday if they are proven to be
normal?

[0]
[https://en.wikipedia.org/wiki/Normal_number](https://en.wikipedia.org/wiki/Normal_number)

[1]
[https://en.wikipedia.org/wiki/Disjunctive_sequence](https://en.wikipedia.org/wiki/Disjunctive_sequence)

[2]
[http://sprott.physics.wisc.edu/pickover/pimatrix.html](http://sprott.physics.wisc.edu/pickover/pimatrix.html)

(edited to add links)

~~~
wz1000
> πfs is a revolutionary new file system that, instead of wasting space
> storing your data on your hard drive, stores your data in π!

[https://github.com/philipl/pifs](https://github.com/philipl/pifs)

~~~
s-c-h
Thanks for the reference. Even the github issues are fun to read. In
particular this one is relevant here: PiFS installs large volumes of
objectionable content and copyright violations
([https://github.com/philipl/pifs/issues/2](https://github.com/philipl/pifs/issues/2))

------
iotscale
An illegal prime reminds me of the article "What Colour are your bits?" from
Matthew Skala
[http://ansuz.sooke.bc.ca/entry/23](http://ansuz.sooke.bc.ca/entry/23)

------
sb8244
I didn't understand what made this illegal from the article, but
[http://primes.utm.edu/glossary/page.php?sort=Illegal](http://primes.utm.edu/glossary/page.php?sort=Illegal)
covers it in more detail. Very interesting.

------
_Nat_
tl;dr- Programming code serialized to binary seems like a Base-2 number to
them, so they were looking for "illegal" C scripts that would be prime when
read as a Base-2 number.

They give the example of a C script that breaks an old DRM crypto scheme.

It seems kinda silly since primes have a fairly regular distribution, so all
they need to do is:

1\. Pick any program they want to be "prime".

2\. Serialize it and check if it's prime. If so, done; if not prime, continue.

3\. Perform some minor code modification that doesn't change the script's
functionality, e.g. tweaking a variable name or the content of a comment.

4\. Return to Step (2), looping until a prime representation has been found.

~~~
dmurray
Step 2 (checking if huge numbers are prime) is a hard problem.

Additionally, the author wanted to find a prime that encoded the program that
was also notable for some other reason (to give people a legitimate pretext to
host it). He decided to try to make it one of the largest primes ever
discovered, and it was, though it no longer is.

~~~
xucheng
FYI, prime number test can be done in determining polynomial time (instead of
NP). So it is not a hard problem.

------
ikeboy
Interesting that the prime pages link is dead, and they didn't include the
prime number on their own site.

~~~
cokernel
The link may be dead, but the site still exists. Here's the 1401-digit prime:

[https://primes.utm.edu/curios/page.php?number_id=953](https://primes.utm.edu/curios/page.php?number_id=953)

------
huy-nguyen
A very interesting number. The first time I learned about it was through this
Youtube video [https://youtu.be/LnEyjwdoj7g](https://youtu.be/LnEyjwdoj7g).

------
kleiba
See also related Wikipedia article:
[https://en.wikipedia.org/wiki/Illegal_prime](https://en.wikipedia.org/wiki/Illegal_prime)

------
627467
So, has the law changed? What's its impact today?

~~~
DanBC
DMCA (and similar in other countries) is still in force. It's still enforced,
but selectively.

The UK has an approach which is almost sensible, but ends up being stupid. IP
holders have rights to protection from illegal copying, and that's why law
about circumvention of technological measure was introduced. Consumers also
have rights to make copies in some situations, and those rights need to be
protected. So consumers can ask the rights-holders for an exception, and can
then go to the secretary of state if the IP holder declines to provide an
exception.

[https://www.gov.uk/government/publications/technological-
pro...](https://www.gov.uk/government/publications/technological-protection-
measures-tpms-complaints-process)

[https://www.gov.uk/government/uploads/system/uploads/attachm...](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/448277/Guidance_on_the_Technological_Protection_Measures_TMPs_Complaints_Proces....pdf)

