Try VLC (VideoLan Client). Plays pretty much anything you can throw at it.

Even DVDs with libdvdcss2. Available on pretty much every OS out there.

Linux, Mac OS, Windows

www.videolan.org

Many's the time I've used the activity window to grab something I want to watch offline. Very useful feature - and as you said, a timely reminder that stuf on the net is pretty much public. Having said that, though, if you want to pinch the music it'd be pretty much as easy to grab a torrent.

Works well for YouTube / Google Video as well - you can install Perian into QuickTime (if you're on OS X), and play those FLV files straight out of QT player.

I tried this "hack", and it's prompting me for a user name and password when I attempt to open the MP3.

They fixed that bug pretty quick!

Interesting but surely just firing up your favourite audio recording software (Audacity get my vote) and clicking the Record button does this just as well without all that hoop-jumping or the having to admit to being sad enough to own a Mac. It certainly works here.

... it only downloads the mp3s at 96kbps 22khz, so although slightly useful, isn't amazing.

There's several Firefox extensions that can be used to do this. TamperData will let you see what's going on (and change it if you're so minded:-)

Relying on 'security by obscurity' isn't particularly effective.

If you're on OS X, http://www.rubicode.com/Software/RCDefaultApp/ should do what you need with respect to opening things when you click on them.

The story in general, though, old news!

How you can even remotely consider this to be Apple's fault is beyond me. Or is that firsrt paragraph just to stir things up a bit?

When you paste the .mp3 URL into a new browser address bar, hold the ALT key and press ENTER and it will download the mp3 to the Desktop where it will open in iTunes if double-clicked.

PS, no password problems at my end.

I haven't played with it yet -- but Firefox's DOM inspector, or similar, ought to be able to show you the same information -- I know it worked on certain *ahem* "special interest" video sites which used "hidden" links.

> It's also worth noting that it's MySpace that has left the door open here

Oh please, what a bunch of nonsense. The door is open because people want you to listen to their music and so they upload it to the site. "I heard music on myspace!" shocka!

If they 'closed the door', you wouldn't be able to hear any music. They could 'close the door' on videos, images and text too, but you might find the www a little bland.

There are a myriad different ways of getting at this mp3 data - and all without having to enter a URL to try and download another copy . Although if you'd wanted to know the url without safari or its 'feature', that would just add even more methods. It's the way http works, after all, urls aren't secrets.

There are no ways at all, using software alone, of genuinely stopping you from getting it [I'm guessing from the article that if Steve Jobs / Bill Gates haven't added a feature or if they grey out a box then the mindset is 'you can't do that on a computer'' ?

This is one of the things "trusted computing" hopes to block - users getting access to the very data that's downloaded to their computer and, for something like sound data, played on it. But to block it needs crypto from the firmware up and an encrypted network stream [and software without bugs too, as the homebrew on PSPs and linux on the original Xbox demonstrates]

It also seems to be one of the things that strengthens the stereotype of a Mac user. Someone completely divorced from how the internet and his computer work. Such that he sees knowing a URL [and a url for data you've already downloaded at that] as some 'open door'. "whoa, I've hacked myspace with safari, I can enter a URL (that's a really technical thing that's usually hidden) into a browser! Go Steve! Go Mac! Ooh, I best write about this glaring security issue, but it's not the Macs fault, ok."

I said myriad ways but I didn't mention one? Ok, 2 simple ones that require no effort to do or to understand : (a) Firefox [if not other browsers] actually caches this, supposedly difficult to track, file. You might need to re-read your 'Mac file manager allows users to rename cache files. It's worth noting the 'open door' here is still myspace not the Mac rename function (which I note Windows has copied. The swines!)' security shocka story though.

(b) Audacity [if not other recording programs] will record it while you're listening [for another example it'll happily record 128kbps / 1p mp3 streams from sites that employ all manner of so-called 'DRM' if you pay 70-odd times more for a copy of the track]

But as I said, plenty of others.

It's also worth noting that, like youtube, that if you like the music, then quality probably isn't good enough to make it worth 'copying' [assuming you can break (c) by downloading something with the same url that 5 minutes earlier you downloaded with the author's blessing] Nor would you really have any need to distribute the files yourself since myspace does that.

So, as someone said, the real data is better found elsewhere [whether you choose to pay for it or not] and you already have this data anyway.

To the people working in the DRM industry:

"Kids, you tried your best and you failed miserably. The lesson is never try." - Homer Simpson

http://www.theregister.co.uk/2007/08/22/simpsons_quotations/

... and do it on any platform

for putting up this signpost so sites can start finding ways to kill it... *grrr*

Also, as it was said, this is nothing of a hack, if is simply finding a file that is there in the first place, but obscured. *seesh*

@MahatmaCoat: Crawl back into your cubicle and reinstall your OS, will you?

Its quicker and easier getting them from good old fashioned p2p :P

I've been doing this for years! The activity viewer is a really handy debugging tool, so you can see exactly what the browser is requesting, and the response from the server.

Anyone who suggests I've used it to download "protected" content is a filthy liar. :-|

If you play ANY tune from MySpace - Opera automatically downloads the file into your cache as an MP3 at a low bitrate and then it's yours for the taking.

By default your Opera cache is at

C:\Documents and Settings\Neo\Application Data\Opera\Opera\profile\cache4

Except obviously change "Neo" for whatever your computer/login name is ;)

Have been listening to music like this for around the last six months without using Burp or other assorted tools *vbg*

I found this article by using Opera's quick search by pressing / and typed iphon to find an article related to the unlocking of the iPhone...

How very annoying.

Firebug has made this possible in Firefox for as long as I've been using it (in the Net tab). Apparently...

Michael explains the situation perfectly.

It is no 'bug' or 'hole'.

Bottom line, if it gets to your computer, you can save it, whatever it is. Even if you are not technical enough to save the original mp3 or stream, you can still do the equivalent of 'taping off the radio'.

Incidently, an easy way to save things which do actually stream (rtsp/rtp/pnm things like realaudio, and some windows media), use the "dumpstream" option on "mplayer"

That saves the stream in it's native format without you ending up with a large wav to re-encode (as you would with an audacity 'save all you listen to') - it also means you can save/listen to multiple streams at a time without the saved copy being a resultant mix!

Surely it's equally cumbersome to fire up stinkin' Safari as Burp?

How does this simplify? And for those poor saps with Windoze, or those blessed with *nix?

open your temp internet files,

sort by date last accessed,

find a song you want on myspace & add it to your own profile,

now view your own profile, and listen to the song.

Got back to the temp files window, hit f5, and there is your mp3...

has a silly obfuscated name, but one quick copy & rename later and you have your file

not really rocket science, and taking mp3s of myspace is definitely not confined to safari, or osx.

"If they 'closed the door', you wouldn't be able to hear any music."

MySpace music promises uploaders control over access to their music, and I think it's fair to assume that most people assume that they're using some sort of streaming tech to do so.

Real Media and Microsoft's streaming formats are now almost universally available and although trivial to hack, they do at least attempt to block recordings.

MySpace are putting MP3s up for download without making this clear to users, many of whom explicitly choose *not* to have downloads available (see the greyed-out "download" link in most players).

MySpace has skimped on the technology, failing to pay for appropriate measures. They should be more open and properly inform the artists who use their sites. After all, they're the ones who bring people to the site.

thanks this was very useful. i got a track i had wanted for over a year!

Personally I prefer to plug my opensolaris wristwatch into a promiscuous hub and packet dump the traffic as the other box streams it off myspace. I use a perl script to mark up the datagrams into xml then use this nifty safari plugin to filter out the ones belonging to the mp3, before reassembling the stream by hand using a set of emacs macros I wrote (in vi).

I don't actually listen to the audio, as doing it this way I feel I have a much deeper appreciation of the contents.

P.S. I hope you can supply me with an IP row-ter for my token-ring/ethernet lan config-yuration?

that does an awful lot of very very useful things, is FireBug, which can definitely be used for this purpose.

"Oh please, what a bunch of nonsense. The door is open because people want you to listen to their music and so they upload it to the site."

Proper streaming software would be reading the file from a directory outside of the Web server's "sandbox." If that were the case, no URL would give you a direct link to the mp3 file; the Web server would not be able to access the MP3. It would have to rely on an external application to generate the stream.

MySpace has apparently chosen to use the "cehap and cheerful" instead of the "free open source software that's secure" route.

www.myspacegrab.com. If you're dyslexic, you may end up reserving a spot in a car park someplace instead.

@Niall @Morely.

You simply cannot do what you describe on todays [typical] sound hardware.

Whatever crud you try to dream up for a "proper stream" [which makes no sense anyway, except as a higher protocol. Internet means you'll have a TCP or UDP socket, whether it's a "file" or a "stream" or "http" or "rtsp" doesn't really matter]

It's just data arriving on one piece of hardware - "network card" and then sent [perhaps after some processing] to a piece of hardware called a "soundcard".

Whatever pissing about you do to that data, it won't make a blind bit of difference to someone getting the data.

Why? Because without a soundcard that accepts encrypted data [c/w drm stuff to limit usage], end users can get the data that's sent to the soundcard - in, as I said, a myriad number of ways.

Ergo if they can hear it, they can get it. That's it. End of story. Nothing you put before the soundcard matters, except perhaps the claims you [or myspace] make for it. Of course, if it's straightforward mp3 data over http, you can get that data too as the article discusses.

http://www.getmiro.com/

This is rather annoying to me. I put my music on MySpaz for people to hear, before I let them be accessed by the public (Free or to pay downloads).

96kbps though is rather crap, so I doubt it will kick off much

Just go to http://www.myspacegrab.com/ and you can download any song you want.