Sony rootkit used open source

Sony-BMG is beginning to remind me of Jimmy Breslin's The Gang Who Couldn't Shoot Straight.

If there was something they could do wrong in trying to "protect" their CDs from copying, they did it. They used a virus without telling consumers. The virus was hard to find, tougher to remove, and it kept people from doing common things like copying music to an iPod. Microsoft called it a security risk. Even the Department of Homeland Security wagged its finger.

Now it seems the company that wrote the XCP rootkit, First4Internet, used some open source code in the mix, specifically code from LAME, an MP3 encoder. Matti Nikki, a Finnish programmer known to friends as Muzzy, writes that the code used to circumvent Apple's DRM system, to keep users from putting the music on their iPods, may also violate the DMCA. " The party just keeps on going," he writes.

Indeed.

My question for the group is, given what we know now, how can Sony get out ahead of this firestorm? Before I saw the open source angle here I called for the firing of CEO Howard Stringer (above), the first non-Japanese to ever run the company. But at this point I wonder if even that would help.

The pack of lawyers the industry once set on users is about to tear into one of its own, and the rest of us can only stand and watch in horrified fascination.