User: Password:
|
|
Subscribe / Log in / New account

Firefox gets closed-source DRM

Andreas Gal describes why and how Mozilla will be implementing the W3C Encrypted Media Extension in Firefox. "Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content. As a result we have decided to implement the W3C EME specification in our products, starting with Firefox for Desktop. This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate." This implementation will include a closed-source "content decryption module" supplied by Adobe. It will be interesting to see whether distributions will be able to strip this stuff out and still use the "Firefox" name.
(Log in to post comments)

*facepalm*

Posted May 14, 2014 17:52 UTC (Wed) by DrMcCoy (guest, #86699) [Link]

Just when I thought Mozilla couldn't disappoint me more...

*facepalm*

Posted May 14, 2014 18:10 UTC (Wed) by gerv (subscriber, #3376) [Link]

What would you have done instead? Would you have gone for the "continue to lose market share" option?

*facepalm*

Posted May 14, 2014 18:25 UTC (Wed) by coriordan (guest, #7544) [Link]

DRM'd content hasn't become an everyday part of websites. If Firefox doesn't support it, web sites requiring DRM won't work for a lot of people, so web sites would be less likely to impose DRM.

Now really isn't the time to give up. Hope Firefox changes this decision.

*facepalm*

Posted May 14, 2014 18:39 UTC (Wed) by gerv (subscriber, #3376) [Link]

DRMed content now works for pretty much everyone via either Flash, Silverlight, EME or apps. As Flash and Silverlight die, EME takes over. "Use Chrome" is easy for site owners to say and easy for users to do.

Websites don't have a choice about imposing DRM if they want to offer Hollywood content. And they do. And users want to see it. Whether Firefox supports EME or not will, we believe, have almost no effect on the studios' requirements for DRM.

*facepalm*

Posted May 15, 2014 15:44 UTC (Thu) by shmerl (guest, #65921) [Link]

Websites don't need to offer Hollywood content. Kick that garbage out if it brings in DRM sickness.

*facepalm*

Posted May 15, 2014 16:35 UTC (Thu) by roc (subscriber, #30627) [Link]

How exactly do you propose to compel Netflix to stop offering movies on the Web to Chrome, IE and Safari users?

*facepalm*

Posted May 18, 2014 21:58 UTC (Sun) by Arker (guest, #14205) [Link]

"How exactly do you propose to compel Netflix to stop offering movies on the Web to Chrome, IE and Safari users"

Why would he need to do that? Why would I care what junk google wants to load Chrome up with? I dont use Chrome.

*facepalm*

Posted May 20, 2014 2:00 UTC (Tue) by mauvaisours (guest, #6130) [Link]

"Why would he need to do that? Why would I care what junk google wants to load Chrome up with? I dont use Chrome."

Because the whole world does not revolve around your navel. Users WANT to see Netflix content. And if enough users drop FF for Chrome, why would google continue to provide financing for a browser only 5% of the people uses ? And when google financing of the Moz foundation drops, how long will FF be maintained ? Devs still have to eat you know...


*facepalm*

Posted May 20, 2014 17:16 UTC (Tue) by dmadsen (guest, #14859) [Link]

Please reconcile your comments:
1) "Because the whole world does not revolve around your navel."
2) "Devs still have to eat you know...". To me, this implies that you're saying the world should revolve around devs' navels. Are you really saying that?

3) Or are you saying that FF should revolve around Hollywood's navel? If so, perhaps Hollywood should contribute to development...?

*facepalm*

Posted May 14, 2014 18:39 UTC (Wed) by higuita (guest, #32245) [Link]

The problem is that there is already sites that require DRM, the ONLY use for silverlight is the DRM, and many people have to install it (even in linux via the moonlight project)

Flash is dying, silverlight is dead, except in the DRM field, where both are alive. The objective is to stop supporting those plugins and at least take some control back to the browser.

I too don't like DRM, i will try to use any of it, but i can understand the mozilla decision. Not having any DRM would put all the power on the other browsers and if DRM success, mozilla would be forced to implement features build by 3 major content suppliers. This way it can put some hard limits on what DRM can do before is too late.

*facepalm*

Posted May 14, 2014 23:29 UTC (Wed) by moltonel (subscriber, #45207) [Link]

I'm not sure how replacing the closed adobe flash plugin by a closed Adobe EME plugin gives much control back to the browser.

I guess an EME plugin has less features and therefore a smaller attack surface, but that's the only good thing I can think about it. Flash may be on everbody's tokill list, but it's a known quantity, it still has wider support than EME, and even has some open implementations.

I'd rather avoid DRM content. But when DRM is the only option, I don't mind using flash for it.

*facepalm*

Posted May 15, 2014 8:33 UTC (Thu) by gerv (subscriber, #3376) [Link]

The new plugin can be sandboxed.

The open implementations of Flash are a red herring in this case, because they don't support DRM. If you are viewing DRMed content now, you will be using a (the) closed-source Flash player. So the new arrangements are no worse for you.

*facepalm*

Posted May 15, 2014 11:16 UTC (Thu) by gidoca (subscriber, #62438) [Link]

Flash is sandboxed in recent versions of Chrome, I'm sure Firefox could do that too.

*facepalm*

Posted May 15, 2014 12:10 UTC (Thu) by KaiRo (subscriber, #1987) [Link]

Flash is only sandboxed to a degree, even in Chrome. It still has full network access and it has disk access, and it has video hardware access, and from a few things I heard so far, the Chrome sandbox is quite leaky due to all the things they need to open to keep Flash working (and not just because of the design of PPAPI, which lets Flash directly access the innards of Chrome). The problem is that Flash is a huge, multi-purpose plugin that does tons of different things all over the computer, DRM being only a tiny piece of it.
What Mozilla is trying to do is getting rid of that huge multi-purpose proprietary thing that is hard to secure and replace it with a small for-one-purpose-only (that needs to have a nice ring for unix-lovers, right?) well-sandboxed-by-design module, so that this CDM module isolates the proprietary functionality better.

*facepalm*

Posted May 16, 2014 21:20 UTC (Fri) by kripkenstein (guest, #43281) [Link]

Not necessarily. Chrome sandboxes Flash through a partnership that includes source code, and a lot of engineering went into modifying Flash for sandboxing. A lot of effort and money went into that, and it would be up to Adobe to decide if it even wants to work with Mozilla on this.

*facepalm*

Posted May 14, 2014 22:13 UTC (Wed) by Lennie (guest, #49641) [Link]

I think a reason Mozilla and W3C/Sir Tim Berners-Lee want to allow DRM on the web is something else:

The web was doing really well to support lots of cross-platform applications. It made the desktop a lot less relevant. Now they see people use more and more apps on mobile devices instead of building HTML5-based content (although a lot of apps are build with HTML5 technologies too).

To compete with these platforms these organizations want to make sure the open web can compete in every way, including playing DRM-controlled content.

Google with ChromeOS is one of the big backers of this "WebDRM", they want to stream Netflix from HTML5. Netflix are big users of HTML5, so they want it too. So these are the people that are pushing it in W3C. Netflix uses a system based around Microsoft Silverlight. So I'm pretty sure Microsoft is also involved somehow.

*facepalm*

Posted May 15, 2014 11:43 UTC (Thu) by ewan (subscriber, #5533) [Link]

"make sure the open web can compete in every way, including playing DRM"

That's not the open web any more then, that's the closed web. Both the W3C and Mozilla seem to have lost sight of what they are (or were) trying to acheive - not to build a web, or to build a web browser, but to build openness.

If the 'open web' can only be accessed through user-hostile, closed propriety tools, it doesn't do that. It's possible that this is not a fight that can be won, but it certainly won't be if everyone involved just admits defeat.

*facepalm*

Posted May 15, 2014 17:02 UTC (Thu) by gerv (subscriber, #3376) [Link]

I agree that DRM is not part of the open web. Mozilla has not lost sight of what we are trying to build. We just haven't yet managed to find a way of producing a web browser people will want to use long term without a way of viewing the Hollywood movies that all the other browsers can view.

*facepalm*

Posted May 18, 2014 22:09 UTC (Sun) by Arker (guest, #14205) [Link]

The crowd that left Firefox because they want Hollywood movies and the like never really wanted Firefox to begin with. They are happy with their new adware-driven browser and are not coming back no matter what you do.

The people that actually liked Firefox have mostly left at this point too, because in the process of trying futilely to please the first group, you keep breaking the things we care about.

At this point why would anyone use Firefox other than inertia? People that just want to watch their Netflix are happy with Chrome or IE and have no need or desire to change. And people that care about the open web are likely to be using Gecko still, but not via Firefox. Not anymore.

*facepalm*

Posted May 19, 2014 17:50 UTC (Mon) by gerv (subscriber, #3376) [Link]

With respect and trying to be polite, you overestimate your own importance :-) We have 450 million users, and most of them are ordinary people. I'm fairly sure a lot of them watch Hollywood or equivalent movies.

*facepalm*

Posted May 20, 2014 21:06 UTC (Tue) by Arker (guest, #14205) [Link]

And I provide technical support for a significant number of them. You might be able to serve them better if you wiped that smirk off your face and considered the possibility that YOU do not have a clue how they used FF or why they quit using it, something I happen to know.

*facepalm*

Posted May 15, 2014 5:55 UTC (Thu) by b7j0c (guest, #27559) [Link]

"market share" is the crux of the issue here

as long as mozilla prioritizes market share as their chief goal (which they appear to be doing), none of its "ideals" matter

indeed, at least we can say google, apple and microsoft are the honest parties here - they aren't purporting to be sentinels of freedom, they are plainly in it for the money so you know where you stand with them.

mozilla on the other hand merely uses ideological rhetoric as long as it is convenient.

i'm really starting to wonder why mozilla exists. it isn't for a "free" internet...they've already caved twice on key issues (non-free web video codecs and now DRM). but they aren't in it for the money either, because they continue to subsist on google's money. they're basically a corporation without a business model.

if they were actually pursuing a free web, they wouldn't care about market share, they would realize that being a viable alternative that is fully free is more important than trying to compete with corporations at their own game.

can anyone tell me authoritatively and without qualification, why mozilla exists?

*facepalm*

Posted May 15, 2014 6:36 UTC (Thu) by dlang (subscriber, #313) [Link]

mozilla does not make market share their Chief goal

but they do have a very important goal of remaining relevant. to remain relevant they need to have a respectable market share.

If market share was their primary goal, they would be trying to eliminate rival browsers, including forks, instead they happily co-exist.

An Open Internet requires that they have competition

there are some FSF-pure linux distros out there, but they have less influence on the direction of Linux and computing than Slackware or Gentoo do.

*facepalm*

Posted May 15, 2014 8:36 UTC (Thu) by gerv (subscriber, #3376) [Link]

"mozilla on the other hand merely uses ideological rhetoric as long as it is convenient."

So it's not permitted to have principles unless you win every single battle you fight?

We didn't win on H.264, although the deal with Cisco to drive the cost of support to $0 means we could at least live to fight another day. And we haven't yet found a way to win on DRM. Making a DRM-free web is not within our power at the moment. Our choice is not between “DRM on the web” and “no DRM on the web”, it’s between “allow users to watch DRMed videos” and “prevent users from watching DRMed videos”. And we think the latter is a long-term losing strategy, not just for the fight on DRM (if Firefox didn’t exist, would our chances of a DRM-free web be greater?), but for all the other things Mozilla is working for.

*facepalm*

Posted May 15, 2014 10:17 UTC (Thu) by krake (subscriber, #55996) [Link]

> So it's not permitted to have principles unless you win every single battle you fight?

It guess it is more like "If you surrender your principles because holding on to them could be unpopular, they weren't principles in the first place"

Standing to ones principles is easy when they are popular, it only becomes a matter of principle if they aren't.

*facepalm*

Posted May 15, 2014 12:23 UTC (Thu) by gerv (subscriber, #3376) [Link]

We bled on the H.264 issue for ages, while Google broke their promise to remove it from Chrome, and another company broke their promise to add it to their ubiquitous plugin. We managed to get a not-too-terrible result in that case, and lived to fight another day. But please don't accuse us of surrendering our principles as soon as holding them becomes unpopular. We're building an entire mobile operating system, at enormous expense, precisely because we think our principles matter in the mobile space. If we didn't care about those principles, why would we be doing that? No-one tries to compete with the Android juggernaut for fun.

*facepalm*

Posted May 15, 2014 12:43 UTC (Thu) by krake (subscriber, #55996) [Link]

I am sorry, but this is how the situation looks like and this is how even the official communication is phrased.

That the fear of losing popularity made Mozilla agree to something which they know goes against what they claimed to be their principles.

It makes those principles look like nice bonus goals, which are strifed for as long as doing so doesn't interfer with the primary goal: market share.

*facepalm*

Posted May 15, 2014 13:31 UTC (Thu) by raven667 (subscriber, #5198) [Link]

I think their explanation means that it's more correct to say that their principals are not a suicide pact, they are not going to ride their principals nihilistically into non-existance. Without market share they no longer have an advertising deal with Google and their principals are irrelevant to the marketplace, they have no influence without a substantial userbase.

*facepalm*

Posted May 15, 2014 16:21 UTC (Thu) by b7j0c (guest, #27559) [Link]

having ideals would not have to form a "suicide pact" if mozilla did not otherwise try to act like a silicon valley big co...the posh offices, the perks...swap the logos and you would think you were in the offices of linkedin or google

except those companies have a business model, not an idealogical model, so they can afford their perks without hypocrisy

in the end my guess is that the mozilla experiment will fail - the notion of dressing up a nominal nonprofit like a successful valley .com just isn't tenable. go look at the offices of the fsf, or debian (does debian even have an "office"?) this is what the reality of a nonprofit with ideals really is...it ain't glamorous...and it seems mozilla really is in it for the glamor

*facepalm*

Posted May 15, 2014 17:05 UTC (Thu) by gerv (subscriber, #3376) [Link]

There is nothing wrong or hypocritical with offering competitive pay and conditions. Some people have to choose between getting a job which is paid competitively for their skills, and getting a job where they get to do what they love in line with their principles. We don't think Mozilla employees should have to pick only one of those two things.

And if we did make them pick one, we would have less world-class talent on our side. And that would be very bad.

*facepalm*

Posted May 15, 2014 16:48 UTC (Thu) by roc (subscriber, #30627) [Link]

We believe that pursuing this DRM path conflicts with our principles *locally* but is optimal for our principles *globally*.

We are working for the open Web in lots of different ways --- for example, improving Web standards and developing and deploying free video codecs. Our influence in those areas is dependent on Firefox market share. If we choose to take a hard line against DRM we believe we will lose market share, damaging our ability to make progress applying our principles to Web standards and video codec and lots of other areas.

In the limit, allowing Mozilla to slide into irrelevance, destroying our ability to pursue our mission in any area, all for the sake of taking a hard-line stand on DRM which won't actually stop anyone from using DRM since they'll be using another browser, would be a gross *violation* of our principles.

*facepalm*

Posted May 15, 2014 17:08 UTC (Thu) by krake (subscriber, #55996) [Link]

Well, lets hope you are right.

I don't see how you will succeed in improving any of those areas now that you have established that will concede to whatever the other big vendors agree on after a bit of dragging your feet.

In the worst case the only thing you will be able to improve on are things that the major vendors have no interest in.

*facepalm*

Posted May 15, 2014 22:03 UTC (Thu) by roc (subscriber, #30627) [Link]

The situation isn't that bad. The big vendors don't always act in concert. Google does PNaCl/Pepper, which is their own proprietary thing and bad for the Web (we believe), but other vendors don't want to do it so we won't be dragged into it. OTOH if we thought it was good for the Web we could do it, and then it's much more likely Microsoft/Apple would be forced into it, so there's our influence.

It's true that when the entire industry is against us, as in DRM, it's hard for us to win the battle.

*facepalm*

Posted May 15, 2014 17:11 UTC (Thu) by b7j0c (guest, #27559) [Link]

such wordsmithing...

by implicitly deriding your previous stance as a "hard line" you are already well on your way to using language to isolate and marginalize your critics. oh well, guess i'm a hardliner, i'll learn to live with the stigma

mozilla is just a corporation without a viable business model

at this point there really is absolutely nothing to recommend firefox over chrome. i put many relatives on the path of using firefox years ago and think i did a good thing...at this point i'll be left to asking them what logo they think is prettier

*facepalm*

Posted May 15, 2014 22:00 UTC (Thu) by roc (subscriber, #30627) [Link]

Our previous stance wasn't a particularly "hard line". We've always allowed DRM to be supported on the Web in Firefox via NPAPI plugins.

I apologize for sounding pejorative. To me, "hard line" isn't a pejorative term. I'm happy to take a hard line on lots of things.

I think there's a big difference between Chrome leading the way into DRM and us being forced into it.

*facepalm*

Posted May 16, 2014 10:55 UTC (Fri) by krake (subscriber, #55996) [Link]

> mozilla is just a corporation without a viable business model

It just got more viable.

Next to their current contract with Google they now have a contract with Adobe.

Being the life safer of Adobe's DRM business will surely not go uncompensated.

Lets see if Mozilla can put that money to good use somehow.

*facepalm*

Posted May 15, 2014 16:15 UTC (Thu) by b7j0c (guest, #27559) [Link]

they aren't "principles" if you toss them the moment it looks like they could cause you to lose a popularity contest

you cannot be simultaneously fully idealistic and pragmatic

if mozilla wants to prioritize pragmatic goals, it should be honest about its use of lofty rhetoric as a marketing tool

*facepalm*

Posted May 15, 2014 18:55 UTC (Thu) by gmaxwell (guest, #30048) [Link]

One person's principle is often another person's pragmatism-operating-at-a-longer-timescale. I don't think that portraying these things as being in conflict is always accurate. When you talk about principles and think about why you hold them, they usually derive from reasoning along the lines 'abiding by these rules, in the face of uncertainty or in the fullness of time, is expected to result a world that maximizes well being relative to the alternatives'. There is nothing more pragmatic in the long run then following some well justified principles.

I see two substantive but fairly subjective questions at the heart of the the difference of opinion here:

What is the level of harm to the web by supporting a sandboxed CDM in Firefox? Those who support this move appear to consider it to be smaller than those who do not, on the basis of the same (bad elements of the) functionality being near ubiquitously supported on firefox installs in the form of flash, and the existence of the same functionality in other major browsers, the user consent to activate, and the sandbox which is expected to protect the users who use the DRM more than they would be if they used flash or a competing browser.

What is the level of long term market share impact in leaving firefox the only major browser unable to view DRM encumbered content? I think few people would consider it a wise strategy to take a position that immediately lost Firefox 95% of its users— nitche hardline forks can be created by everyone, but for firefox's behavior to shape the market at all it must be widely used. I also think that few people would consider the effort or compromise inherent in this DRM stuff to be worth it if its absence only meant losing 1% of the user-base. Personally, I've never used netflix, don't run flash, etc. It's hard for me to imagine it mattering when I extrapolate from my own usage, but at the the same time I know I'm not typical. In the absence of a perfect crystal ball its hard to say what would happen. The normally pretty-principled people who agree with this path have managed to convince themselves that the impact is large. Perhaps limitations in the sustainability of Mozilla's funding create a bias to optimize more for market-share, improving the sustainability isn't easy itself (see how well the advertising tile stuff has gone over) and there are probably worse biases that could exist than wanting to produce things that lots of people want to use.

Does this decision diminish the principled gap between Firefox and other browsers? I think it does, but what of it? Is it now preferable to use browsers that added CDMs in invisible updates and uses them with no notice or consent?

There has to be a more productive way to address disagreements about these tradeoffs (or even outright bad decisions on Mozilla's part) than to just give up like that.

*facepalm*

Posted May 16, 2014 11:04 UTC (Fri) by krake (subscriber, #55996) [Link]

> on the basis of the same (bad elements of the) functionality being near ubiquitously supported on firefox installs in the form of flash

The difference of course being that Flash is dying and incurs cost and overhead for the publisher (the publishers have made it quite clear that their main interest in EME is to cut the cost of custom solutions).

> I think few people would consider it a wise strategy to take a position that immediately lost Firefox 95% of its users

I think most people were just not aware that 95% of Firefox's users are North American Windows users with a Netflix or Hulu account.

That of course makes the decision a no-brainer

*facepalm*

Posted May 16, 2014 20:17 UTC (Fri) by gmaxwell (guest, #30048) [Link]

> I think most people were just not aware that 95% of Firefox's users are North American Windows users with a Netflix or Hulu account.

Was I really that unclear or??

I wasn't arguing that there is any particular level of impact, but attempting to point out that for some level of impact on each side (e.g. 1% or 95%) where there would be a lot more agreement on coarse of action. The actual level of impact is especially hard to estimate because right now the people who are using firefox who would switch to chrome if this stuff stopped working are being accommodated by Flash which, as you note, is dying— so there is a reasonable argument that even if there is no impact today it will likely increase.

*facepalm*

Posted May 20, 2014 15:25 UTC (Tue) by ceplm (subscriber, #41334) [Link]

No, not all of us want to see Netflix, but some of us want to see:

* http://www.aljazeera.com/watch_now/
* http://www.bbc.com/news/video_and_audio/
* http://www.ceskatelevize.cz/ct24/zive-vysilani/ (that's Czech TV)
* http://rt.com/on-air/ ... actually, no, I don't want to see that, and who wants to see it needs CENSORED
* etc.

*facepalm*

Posted May 19, 2014 6:26 UTC (Mon) by Arker (guest, #14205) [Link]

There's a HUGE pile of differences between EME and Flash. With flash this is an external plugin that the user has to obtain from another source, not part of their supposedly free and open browser. This is important, not just because it imposes some slight extra effort which acts as a minor discouragement and hopefully prevents unnecessary use of flash on occasion, but also because it gives the user a cue, a pointer to the fact that a .swf file is NOT the same thing as a web page. And that if you want to experience the free and open web without a compromised browser you can, you dont install flash at all, or you whitelist it or whatever.

It's a different thing, it's outside the free and open web but still accessible through it, if you install the necessary compromise on your machine. All clear enough that non-technical users can, with a little effort, get a roughly accurate understanding of the situation and make their own choices accordingly.

With EME you have just blurred this to the point none of that will be true anymore. You're officially blessing this thing, in the minds of any innocent non-technical users who trust you, as part of the free and open web.

Mozilla was afraid of losing marketshare, fine. Mozilla needed to ask itself instead why it had marketshare to begin with. It was not because Firefox had the best support for Netflix!

*facepalm*

Posted May 19, 2014 6:38 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

> Mozilla was afraid of losing marketshare, fine. Mozilla needed to ask itself instead why it had marketshare to begin with. It was not because Firefox had the best support for Netflix!
Yes, it was because Firefox had a superior experience compared to IE6 and it was free (unlike Opera).

*facepalm*

Posted May 19, 2014 7:48 UTC (Mon) by dlang (subscriber, #313) [Link]

> With flash this is an external plugin that the user has to obtain from another source, not part of their supposedly free and open browser.

With EME they will still have to get an external plugin from another source. Just the same way they get flash today.

The difference is that the EME plugin will be able to do a lot less than the flash plugin can do.

*facepalm*

Posted May 19, 2014 4:18 UTC (Mon) by Arker (guest, #14205) [Link]

"Making a DRM-free web is not within our power at the moment."

Technically correct - the DRM-free web is not something you or anything else can create, not least because it already exists. WE built it over the decades past. And what is happening is not that you are failing to create something you could not create, what is happening is you are failing to defend something that we already created, but are in danger of losing. You just rolled over and gave up. You can spin that till your voice gives out, no one is buying it.

*facepalm*

Posted May 19, 2014 17:53 UTC (Mon) by gerv (subscriber, #3376) [Link]

"Technically correct - the DRM-free web is not something you or anything else can create, not least because it already exists."

You mean some bits of the web are DRM-free. (If you are asserting the entire web is DRM-free, I think your reality distortion field is too strong for us to continue debating further. You can only do that by defining "web" as excluding all the bits you don't like - "what my net don't catch ain't fish".)

The trouble is, people are interested in the bits of the web that use DRM today (via Flash and Silverlight). Today, Firefox delegates to NPAPI plugins so it can be an all-of-the-web browser. Tomorrow, that solution won't be available. So we have two choices - become a some-of-the-web browser, or find a technical alternative.

non-free web video codecs

Posted May 15, 2014 9:57 UTC (Thu) by Seegras (guest, #20463) [Link]

There are none (well, none that matter). h.264 for instance has a great open source implementation for encoding and decoding.

Unless you're talking about illegal patents on some of those codecs. But that does not make them non-free, it just makes the implementers susceptible to frivolous and meritless lawsuits.

non-free web video codecs

Posted May 15, 2014 16:52 UTC (Thu) by roc (subscriber, #30627) [Link]

I don't like those patents either but until the US Supreme Court decides to nuke software patents from orbit, they can be and in fact are enforced by the courts. A lawsuit isn't "meritless" if it succeeds.

non-free web video codecs

Posted May 15, 2014 18:17 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

Well, legally meritless (I believe the actual terminology used is usually "without merit"). It can still be rationally meritless (which seems to be the intention here).

non-free web video codecs

Posted May 16, 2014 8:18 UTC (Fri) by gerv (subscriber, #3376) [Link]

That's not much comfort when one is successfully sued.

*facepalm*

Posted May 15, 2014 6:56 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

Mozilla's site has not been updated to reflect this overriding concern for market share. The high-minded principles cited should all be struck through with a new slogan "Whatever it takes to drive market share".

Somewhere in a parallel universe Wikimedia is taking the "tough decision" to give their key advertising sponsors for the main product ("The new Coke Encyclopedia by Wikipedia") veto over all editorial decisions. They are rationalising to themselves that without that money from Coca-Cola there's no way to bring the world's knowledge to everyone's screens and so there has to be a compromise. We know better.

*facepalm*

Posted May 15, 2014 8:02 UTC (Thu) by sml (subscriber, #75391) [Link]

This. Exactly. I donate to Wikimedia, and I'd probably donate to Mozilla too if they requested it.
The effectiveness of the Internet as a public resource depends upon interoperability (protocols, data formats, content), innovation and decentralized participation worldwide.
R.I.P. the Mozilla manifesto. I sure hope that this will be implemented as an addon.

*facepalm*

Posted May 15, 2014 8:36 UTC (Thu) by gerv (subscriber, #3376) [Link]

"This. Exactly. I donate to Wikimedia, and I'd probably donate to Mozilla too if they requested it."

We do: http://donate.mozilla.org/ .

*facepalm*

Posted May 15, 2014 11:25 UTC (Thu) by sml (subscriber, #75391) [Link]

I had no idea. Thanks, donation made! :)

*facepalm*

Posted May 15, 2014 17:05 UTC (Thu) by gerv (subscriber, #3376) [Link]

Thank you :-)

*facepalm*

Posted May 15, 2014 8:27 UTC (Thu) by roc (subscriber, #30627) [Link]

Wikipedia is different. It has no realistic competition so Wikimedia have a lot of leeway to make whatever decisions they want. They can't be easily replaced.

OTOH if Firefox can't play Netflix then people can and will switch to another browser very easily. That means no net reduction of DRM usage *and* Mozilla's leverage in every other issue we're fighting for is diminished. That would definitely be a big loss for our mission.

*facepalm*

Posted May 15, 2014 11:48 UTC (Thu) by niner (subscriber, #26151) [Link]

I've read this assumption several times that Mozilla has to retain its market share to be able to achieve its goal of an open web. But is this actually true? Mozilla has already changed the web. And it did so despite having 0 market share at the start.

Back then ActiveX was used everywhere. There were plenty IE-only websites on the net. Webmasters did not care about an "open web", they cared about their websites working in IE. Based on your arguments, Mozilla should have implemented ActiveX support and should have forsaken web standards in favour of IE-compatability. Because after all, it needs market share to gain leverage, doesn't it?

Strangely though, it didn't do those things, yet it still managed to change the web and push it in a much more open direction. It was not market share that brought this victory. It was technical excellence, innovative usability features and good security. Webmasters loved it, because reading some specification, following it and having things just work beats having to use trial and error to get something working hands down. Users loved it because they could trust it and Firefox made using the web faster and easier for them.

*facepalm*

Posted May 15, 2014 12:01 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Please, don't exaggerate. ActiveX had never been popular, it was used mostly for specialized applications like bank clients or internal systems.

And Mozilla (not Firefox!) had ActiveX support at that time, as a module: http://www.iol.ie/~locka/mozilla/plugin.htm

*facepalm*

Posted May 15, 2014 12:26 UTC (Thu) by gerv (subscriber, #3376) [Link]

We did have to implement some IE compatibility things to avoid breaking too many sites. We avoided ActiveX in the core, although there was a plugin. We had to do document.all (in a clever undetectable way), marquee, and perhaps some others.

*facepalm*

Posted May 15, 2014 12:37 UTC (Thu) by khim (subscriber, #9252) [Link]

Mozilla achieved all it's early successes in the five year hiatus between MS IE 6 and MS IE 7 (when Microsoft decided in it's arrogance to conduct Crime #1 of a software development which basically destroyed the whole house of cards). Today Mozilla's competitors are not stupid enough to do the same mistake.

*facepalm*

Posted May 15, 2014 16:33 UTC (Thu) by roc (subscriber, #30627) [Link]

I think that's right. The situation in the IE6 era was really bad in many ways, but Microsoft's IE hiatus (which was only 3 years actually) gave us leeway to make some decisions that we couldn't have afforded to make otherwise.

*facepalm*

Posted May 15, 2014 19:07 UTC (Thu) by khim (subscriber, #9252) [Link]

I think you memory is failing you. MS IE 6 release data: August 27, 2001. MS IE 7 release date: October 18, 2006. It's true that Mozilla spent first two years trying to fix their own mess, but that “lost” time was important, too: in these two years where browser capabilities (MS IE 5/5.5/6 for most users) were severely limited and known they were able to catch up and create more-or-less compatible thing.

*facepalm*

Posted May 15, 2014 22:04 UTC (Thu) by roc (subscriber, #30627) [Link]

IE7 didn't appear out of nowhere. As I remember it (inferring from what employees were doing) Microsoft shut down IE development for 3 years. I guess it might have been 4, but definitely less than 5.

*facepalm*

Posted May 15, 2014 22:06 UTC (Thu) by roc (subscriber, #30627) [Link]

Er, a 1-year lead time for IE7 development would make it 4 years. So, 3-4 years.

*facepalm*

Posted May 15, 2014 13:42 UTC (Thu) by raven667 (subscriber, #5198) [Link]

Mozilla and Firefox still allowed you to run non-Free plugins such as Flash, or Java which is maybe a better analogy. They've worked hard to try and get people away from Flash by helping extend open web technologies to cover the most common use cases.

*facepalm*

Posted May 15, 2014 15:29 UTC (Thu) by krake (subscriber, #55996) [Link]

> It was technical excellence, innovative usability features and good security.

Indeed, but it seems Mozilla lost confidence in their product and in their abilities to keep above the competition, to make a prodcut that users would want to use for its strengths.

But I think they still have it in them to eventuell start competing again, just like Internet Explorer got turned around.

*facepalm*

Posted May 15, 2014 16:01 UTC (Thu) by roc (subscriber, #30627) [Link]

In the IE6 era Firefox started gaining market share rapidly. We gained market share because we had a few good features IE didn't have --- particularly tabs and popup blocking ... and the hiatus in IE development gave us free reign in the market. If we'd stayed stuck at 0 market share we would have had zero impact on Web developers or anything else.

Not implementing ActiveX was a good decision. It didn't much inhibit our market share (and hence influence in other areas), but it probably did discourage Web devs from deploying ActiveX outside intranets. We're doing similar things today, e.g. by refusing to implement PNaCl/Pepper and other non-standard features.

The situation with DRM is totally different. There aren't simple rules that always work; each situation has to be analyzed on its own.

*facepalm*

Posted May 21, 2014 22:22 UTC (Wed) by nix (subscriber, #2304) [Link]

Pedant point: it's "free rein", not "free reign". The term relates to horseriding, not kings. (It is thus a metaphor which has gone thoroughly stale, which adequately explains this eggcorn, I think.)

*facepalm*

Posted May 15, 2014 21:06 UTC (Thu) by flussence (subscriber, #85566) [Link]

OTOH if Firefox can't play Netflix then people can and will switch to another browser very easily.

That's a false dichotomy, and one I'm seeing prominently used as the bogeyman behind this change.

It doesn't match what I'm seeing "in the trenches": people from a wide spectrum of technical ability have little problem switching between multiple browsers (or non-browser programs, or content providers) when one or the other fails to do what they want. It already happens, and nobody seems to mind. They don't immediately abandon or uninstall their day-to-day browser just on account of a website failing to work in it (maybe in part because they've been trained not to trust said website's big "download and run mybrowser.exe to view our shiny!" banner).

I also don't buy the reasoning that Firefox is doing this because it's compelled to give users, developers or website owners what they want in order to survive: Bugzilla is littered with plenty of evidence to the contrary. Here's one example — it's a WebRTC interoperability bug (which I got bitten by recently while searching for open Skype alternatives), marked wontfix with some harsh developer responses. As a web developer myself I've followed the MNG/JNG/APNG/WebP circus for well over 10 years; Mozilla still refuses to back down or compromise on that even though all sides have already lost (except Google, who uses it as a selling point for their "faster browser" since they can optimise both ends of the wire).

The list could go on longer than two examples, but I think it makes the point clear even without mentioning UI experiments.

There's plenty of history to suggest Mozilla is quite capable of saying no to implementing an anti-feature like EME, or at the very least, organising to make it painful for the bad guys to actually use. But in reality the exact opposite is happening — the relative quickness (and uniqueness) of this about-face regarding support for encumbered codecs and DRM over the last few months, and the subtle PR shift that came with it, is concerning.

*facepalm*

Posted May 16, 2014 8:20 UTC (Fri) by gerv (subscriber, #3376) [Link]

It was not particularly quick. It may seem so, because in order to get as good a deal as we've managed from a CDM vendor, we had to be prepared to walk away if the deal wasn't good enough (and I believe we were). And discussing our exact strategy in public would have blown up most of that negotiating leverage.

*facepalm*

Posted May 16, 2014 11:16 UTC (Fri) by krake (subscriber, #55996) [Link]

> There's plenty of history to suggest Mozilla is quite capable of saying no to implementing an anti-feature like EME, or at the very least, organising to make it painful for the bad guys to actually use. But in reality the exact opposite is happening

It is likely that this case is different because there are a lot of wealthy companies that gain a lot through that change and are almost certainly be generous in their rewards.

Adobe, for example, would have no selling point left for their DRM system now that Flash is on the way out. This deal allows them to keep that part of their business alive.

Which will very likely result in a second corporate sponsor for Mozilla (additional to Google), so it is a win-win situation for the two companies.

*facepalm*

Posted May 16, 2014 14:48 UTC (Fri) by tterribe (✭ supporter ✭, #66972) [Link]

> Here's one example — it's a WebRTC interoperability bug (which I got
> bitten by recently while searching for open Skype alternatives), marked
> wontfix with some harsh developer responses.

What you're seeing in that WebRTC bug is someone attempting to rehash an argument they already lost in the rtcweb WG at the IETF (see comments 7 and 9). Our developers were understandably not amused.

This is a classic example of Mozilla pushing for real standards built through an open process instead of "whatever browser X happens to ship". In other words, exactly the kind of good we're able to do because we have market share.

I'm not going to touch the image format debate, because people tend not to respond rationally, but I will say that it is obviously impossible to give everyone what they want all the time. Citing two examples where we have not given someone exactly what they wanted does not imply that there is not some imperative to build a product that people actually want to use in order to have some kind of influence.

*facepalm*

Posted May 19, 2014 6:41 UTC (Mon) by Arker (guest, #14205) [Link]

Everyone I have switched to Firefox over the past decade has had a backup browser that they use for one or two 'special' websites that they must use for some reason but refuse to, well, be websites. Even the most nontechnical can get the concept of 'one browser good, safe to use, other browser very insecure, must use for task x and y but avoid otherwise.' This was never a threat to firefox market share, quite the opposite, it helped regular people become and stay aware of the challenges the free and open web faces.

I have never known anyone to switch away from firefox because a specific site didnt want to work with it no matter how important the site. I have known dozens to switch after I gave up and quit fixing the cascading UI breakage caused by updating it, however.

*facepalm*

Posted May 15, 2014 9:24 UTC (Thu) by jra (subscriber, #55261) [Link]

Why Gervase:

"It profits a man nothing to give his soul for the whole world... but for Wales?"

I'm disgusted and disappointed with Mozilla.

Jeremy.

*facepalm*

Posted May 18, 2014 17:17 UTC (Sun) by Arker (guest, #14205) [Link]

You have to ask yourself why they are losing market share. They gained it by being the browser that was different - designed for the user, to respect the user, to respect our privacy and our control of our own machine.

They have deviated from that greatly. The more they are just like every other browser, the less there is any reason not to just use the other browser instead. I recommended Firefox to friends and families for years, I know I got hundreds of people using it, but I cant do that anymore. I'm not spending hours going through and trying to fix all the damage done every time an "upgrade" gets pushed. It's ridiculous and I know I am not the only person that's had all they can take of it.

*facepalm*

Posted May 19, 2014 3:40 UTC (Mon) by mathstuf (subscriber, #69389) [Link]

So what do/will you recommend instead?

*facepalm*

Posted May 19, 2014 6:44 UTC (Mon) by Arker (guest, #14205) [Link]

PaleMoon is what I am getting used to myself, and will probably start recommending soon.

At the moment I just say I honestly cant recommend any browser, they all suck.

Firefox gets closed-source DRM

Posted May 14, 2014 17:55 UTC (Wed) by krake (subscriber, #55996) [Link]

Interesting move, especially on the part of Adobe.

They are the only major DRM vendor which does neither have their own browser nor their own OS platform, the other three bigs ones (Apple, Google, Microsoft) have both.

Adobe has likely a lot of server licenses to lose and with the demise of Flash no easy way anymore to make their DRM matter in the eyes of content publishers and distributors.

Will be interesting to see if the Mozilla side of the team can come up with a CDM plugin system so that users won't have to juggle multiple browsers just because different content publishers decide on different DRM schemes to license.

Firefox gets closed-source DRM

Posted May 15, 2014 3:03 UTC (Thu) by keeperofdakeys (subscriber, #82635) [Link]

It's years ago now, but there was talk of how Adobe was going to make their Flash programs support a HTML5 target. Since for them, it's more about selling the content creation program, and not the Flash platform itself.

Firefox gets closed-source DRM

Posted May 15, 2014 9:30 UTC (Thu) by _xhr_ (subscriber, #92665) [Link]

I do not know about the others but I already use different browsers. Mostly for security reasons but I also notice that Noscript+ghostery+flash stops working on more and more websites.

Firefox gets closed-source DRM

Posted May 16, 2014 2:29 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

"Stop working" in what ways? They break the site or have exceptions to let sites do nasty things?

Firefox gets closed-source DRM

Posted May 14, 2014 17:59 UTC (Wed) by josh (subscriber, #17465) [Link]

Also see the official Mozilla statement: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-chal...

Firefox gets closed-source DRM

Posted May 14, 2014 18:08 UTC (Wed) by apoelstra (subscriber, #75205) [Link]

From that blog post:
Unfortunately, Mozilla alone cannot change the industry on DRM at this point.
"The industry" will be forced to change because DRM cannot and will not stop people who do not respect imaginary property, it can only inconvenience ordinary users. They cannot keep up this business model of providing inferior products at infinity times the price-point, except by draconian laws. But these laws are increasingly difficult to implement or enforce for technical reasons.

So I can't understand Mozilla's position of "we must board this sinking ship because we can't change its direction". That statement is absurd.

Furthermore, "the industry" has an actual, documented history of installing malicious software on users' computers (e.g. the Sony rootkit scandal). I can't imagine why Mozilla believes it is appropriate to ship binary blobs from these goons and run it on their users' machines. The fears surrounding closed-source blobs are not just speculation in this case. Installing Adobe software on my systems would constitute an actual attack.

Firefox gets closed-source DRM

Posted May 14, 2014 18:11 UTC (Wed) by gerv (subscriber, #3376) [Link]

The industry may eventually realise that DRM is a bad idea. The question is: will a significant (as in, market-moving) number of people still be using Firefox when it finally does?

Your confidence in things changing for the better in the short term is significantly stronger than mine.

Firefox gets closed-source DRM

Posted May 14, 2014 18:28 UTC (Wed) by krake (subscriber, #55996) [Link]

> The question is: will a significant (as in, market-moving) number of people still be using Firefox when it finally does?

Does that matter?
Wouldn't that imply that Mozilla is concerned that their product is only able to hold on to its market share but wouldn't be able to gain it?
That's it advantages over competitors wouldn't be enough to earn a similar portion of the market share they have nowadays?

Firefox gets closed-source DRM

Posted May 15, 2014 7:00 UTC (Thu) by khim (subscriber, #9252) [Link]

Does that matter?

Yes it does. Opera found out that the hard way. Opera was innovative little browser for years, but found out that people ignore it: if site was broken in Opera the most they could achieve is a footnote on said site. Very rarely someone evn tried to fix it. Which meant that eventually even die-hard Opera fans started using other browsers. First in parallel to Opera and then exclusively. Now that Opera no longer exist, instead we have hollow shell of it, Chromium fork with some bells and whistles attached.

Wouldn't that imply that Mozilla is concerned that their product is only able to hold on to its market share but wouldn't be able to gain it?

Mozilla does not “hold” the market share. It's eroding. Slowly but surely. That's the problem. Mozilla just decided to do something before Firefox will repeat the sad story of Opera.

Firefox gets closed-source DRM

Posted May 15, 2014 7:39 UTC (Thu) by krake (subscriber, #55996) [Link]

That confirms my suspicion that they are afraid that Firefox would not have a good standing if it weren't for market inertia.

That it is not the quality of the product or its features or its users' satisfaction that makes it hold the current market share.

That none of its values would enable it to regain lost share.

Which makes Mozilla a hostage of the market: whatever the market decides Mozilla will have to follow.

Firefox gets closed-source DRM

Posted May 15, 2014 8:05 UTC (Thu) by Guhvanoh (subscriber, #4449) [Link]

How wrong you are. Opera is my browser of choice. The only reason why I'm posting this from IE now is that I'm at work. On my machines at home - Linux & Windows XP, my phones and tablet (all Android), Opera is the only browser that works with all the sites I visit. Chrome doesn't on my phones or tablet.

Firefox gets closed-source DRM

Posted May 15, 2014 8:39 UTC (Thu) by gerv (subscriber, #3376) [Link]

How does "1 person uses Opera!" counter any of the things the above poster said? Opera did not manage to keep using its own engine because its market share wasn't big enough to drive website changes. Now it uses someone else's engine, so its voice in web standards is much reduced (which is a loss for the web).

Firefox gets closed-source DRM

Posted May 16, 2014 19:18 UTC (Fri) by Aliasundercover (subscriber, #69009) [Link]

I bought Opera back in the days when they sold it and stuck with it until this past year. It was my favorite and I would only fire up other browsers for sites which failed on Opera. Toward the end that came to be quite a few, not just the airline ticket sites which only worked on IE in the bad old days.

I would stick with a no DRM Firefox much like I stuck with Opera using another browser only for those things needing the blasted DRM. I also tend to ignore Flash unless I really compellingly want to see that content. (My bank requires it. How crazy is that, require the biggest security hole out there for banking?)

I don't represent most users. I think they have fair reason to fear getting ignored over web video.

Firefox gets closed-source DRM

Posted May 19, 2014 6:55 UTC (Mon) by Arker (guest, #14205) [Link]

Opera killed itself in much the same way Mozilla is doing it.

Opera had a fairly small but very loyal *paying* userbase at one point. I know, I was one of them. They produced a very clean, small, fast and incredibly useful browser. And yes, broken web sites showed up as broken in it, at least part of the time. That did not bother Opera users, that was a positive not a negative! It is NOT the browsers job to dress up a broken pig of a failed website, put a little makeup on it, and try to fool me into giving a kiss!

And just like Mozilla, someone with more importance than he merited got it in his head that everyone would want Opera if they 'fixed' that. So they did, they made an Opera just like all the other browsers. And what happened?

People that were happy with other browsers were still happy with other browsers and had no reason to switch. While those of us that had been happy with Opera, were very unhappy, and DID have a reason to switch.

And now Opera is dead. Little lesson in there perhaps.

Firefox gets closed-source DRM

Posted May 14, 2014 18:33 UTC (Wed) by riccieri (guest, #94794) [Link]

Mozilla isn't really "boarding the sinking ship". If the ship sinks, Mozilla just removes the support for it and that's it, it's not like Mozilla now depends on the success of DRM. You're attacking a straw man.

Also, Mozilla won't ship DRM - it will ship an open-source sandbox that implements the API that the DRM module from Adobe expects. Actually downloading and executing the binary DRM module won't be done without user consent, much like it is today with Flash.

Firefox gets closed-source DRM

Posted May 14, 2014 18:50 UTC (Wed) by kjp (subscriber, #39639) [Link]

> who do not respect imaginary property

Is a deed for land imaginary property? Water rights on a river? Futures and options? An IOU? A federal reserve note? US bonds? Mineral rights for phracking? CDO/CDS contracts? Humans seem very good at 'propertizing' things.

Imaginary property

Posted May 14, 2014 19:09 UTC (Wed) by Max.Hyre (guest, #1054) [Link]

Once more, with feeling:
Property is something that, if one person has it, another doesn't.
Art, literature, pharmaceutical formulas, &c. don't fit that pattern, which is why the government has to award special monopolies for them. I admire apoelstra's locution, and will use it henceforth wherever the (at best) ill-informed would use “intellectual property”.

Firefox gets closed-source DRM

Posted May 14, 2014 19:19 UTC (Wed) by apoelstra (subscriber, #75205) [Link]

Most of the things you listed are contracts, which are not themselves property, but they are a record of an agreement between some parties. In effect contracts allow people to extend the legal system to accommodate some specific scenario, within clearly-defined bounds and assuming all parties agree.

Things like fed notes and bonds are illegal to copy because this would amount to forging a contract, i.e. making a claim of a legal agreement when the not all parties agreed. (In the case of counterfeiting, it would be the Federal Reserve who is bound by the "contract" laid out by the fake dollar despite its lack of consent.)

Property laws on the other hand are part of the legal framework which is imposed on all citizens, whether they explicitly consent or not. So there is a difference between "propertizing" IP and "propertizing" a financial instrument. The latter merely needs agreement between the affected parties; the other needs to go through due process to become law.

That's the moral distinction anyway, which is why I'd call copyright/patents/whatever "imaginary property" but not extend the term to financial instruments, even though both are ultimately just paper. I'm aware of the current legal status of IP and hope not to start a long discussion about that because to the best of my knowledge nothing interesting has changed since the last time we had one. :) I'm just saying that it's coherent to disparage IP without throwing out contract law along with it.

(As for land deeds, water rights, etc., the water or land is non-imaginary property, and I'd suggest that the deeds are some convex combination of "actual property" and "contract". I don't think they can be classified sanely as property but I wouldn't call them "imaginary property" either.)

Firefox gets closed-source DRM

Posted May 15, 2014 0:31 UTC (Thu) by wahern (subscriber, #37304) [Link]

People have a habit of obscuring things through abstraction. For the same reason shouldn't lump copyright, patents, and trademark under the umbrella of intellectual property, we shouldn't call a bunch of other random stuff contracts. (And I'm not picking on you: it's a horrible trend in the legal academy.)

Fed notes and bonds are types of negotiable instruments. The law of negotiable instruments predates that of modern property and contract law. Both the law and the history is fascinating, IMO.

The Wikipedia article doesn't due the subject justice: http://en.wikipedia.org/wiki/Negotiable_instrument

I knew a law professor who traveled the world consulting with lawyers and judges in a somewhat vein attempt to prevent customary merchant law from being subsumed by theories of contract law. He was like the Richard Stallman of negotiable instruments.

Firefox gets closed-source DRM

Posted May 15, 2014 8:33 UTC (Thu) by roc (subscriber, #30627) [Link]

You should read the announcement more carefully. We're addressing the "binary blobs" problem head-on by sandboxing the closed-source CDM module so our open-source code dictates exactly what that module can and cannot do to your system.

Everyone I know at Mozilla, *especially* the people working on this DRM stuff, earnestly hopes you're right that DRM will go away. We just don't believe it will happen in the forseeable future. If it does, this all becomes irrelevant since the CDM blob won't ever be activated.

Firefox gets closed-source DRM

Posted May 15, 2014 16:38 UTC (Thu) by lsl (subscriber, #86508) [Link]

> We're addressing the "binary blobs" problem head-on by sandboxing the closed-source CDM module so our open-source code dictates exactly what that module can and cannot do to your system.

Except that "our open-source code" in this case means Mozilla's unaltered code and not the community's. If I touch that code in any way everything stops working (presumably). If I want it to keep working I'd have to enter into negotiations with some proprietary blob vendor. This is the antithesis to the Open Web.

If what you're saying is true and a browser not supporting DRM doesn't stand a chance in the market this pretty much amounts to the end of the Open Web.

Firefox gets closed-source DRM

Posted May 15, 2014 17:00 UTC (Thu) by roc (subscriber, #30627) [Link]

It totally, totally sucks that a full implementation of the Web requires proprietary code. Arguably we already crossed that bridge with H.264 and Flash. In any case, it wasn't Mozilla that created that situation and we're doing our best to mitigate it.

But "the end of the Open Web" is an overstatement. There's a very large world of Web standards and content that has nothing to do with DRM and is unaffected by this.

Firefox gets closed-source DRM

Posted May 15, 2014 18:20 UTC (Thu) by glisse (guest, #44837) [Link]

Will we have HD content on Linux ? Because you know that no sandbox will block user from capturing memory post the CDM module decryption and thus capture the unencrypted stream and do what ever they want with it.

Firefox gets closed-source DRM

Posted May 15, 2014 21:01 UTC (Thu) by josh (subscriber, #17465) [Link]

If the CDM is properly sandboxed, the content won't be any more protected from recording on Windows, either.

Firefox gets closed-source DRM

Posted May 15, 2014 21:53 UTC (Thu) by glisse (guest, #44837) [Link]

I expect on windows there is API like on Android which allow you allocate write only buffer of memory that can be written by privileged code and than composited using the hardware ie only the GPU can read back the memory to composite it.

Firefox gets closed-source DRM

Posted May 15, 2014 22:09 UTC (Thu) by josh (subscriber, #17465) [Link]

Sure, but that can obviously be faked as well. The question is then whether you allow the closed-source CDM to authenticate with the platform's protected audio-video path without completely breaking the sandbox model.

Firefox gets closed-source DRM

Posted May 14, 2014 18:38 UTC (Wed) by krake (subscriber, #55996) [Link]

> Also see the official Mozilla statement

It contains a couple of weird sentences, e.g.

"But video is an important aspect of online life, and a browser that doesn’t enable video would itself be deeply flawed as a consumer product."

I had been under the impression that Firefox is already enabling video.
At least I vaguely remembering watching videos with it.

or

"Firefox users would need to use another browser every time they want to watch a controlled video, and that calls into question the usefulness of Firefox as a product."

Isn't that still the case even with the Adobe DRM?
If the video site is using any other form of DRM, say Google's, wouldn't a Firefox user still have to switch to Chrome?

Firefox gets closed-source DRM

Posted May 14, 2014 18:52 UTC (Wed) by alonz (subscriber, #815) [Link]

> If the video site is using any other form of DRM, say Google's, wouldn't a Firefox user still have to switch to Chrome?

If I recall correctly, W3C EME enables the same video to be accessed using multiple DRM schemes. Mozilla appear to be hoping (not unreasonably) that most high-profile proprietary content sites will employ the Mozilla/Adobe DRM in parallel to any other option they support.

Firefox gets closed-source DRM

Posted May 14, 2014 19:01 UTC (Wed) by krake (subscriber, #55996) [Link]

Obviously a site can license multiple DRM backends, but that is out of control of Mozilla and Adobe.

The quoted sentence in Mozilla's statement implied that having Adobe's DRM would allow Firefox users to stay being Firefox users and still have access to all that "important" content.

As far as I understand the technologies involed it does not.

Firefox gets closed-source DRM

Posted May 14, 2014 19:51 UTC (Wed) by gerv (subscriber, #3376) [Link]

It's not within our control which sites support it and which content is available; that part is up to Adobe. But we hope that we will achieve our goals here. If not, we may have to go with another (perhaps less privacy-preserving) CDM, which would be even sadder.

Firefox gets closed-source DRM

Posted May 14, 2014 20:01 UTC (Wed) by krake (subscriber, #55996) [Link]

Sure.
I am just saying that the official statement is using a rather awkward phrasing since the alliance does not achieve the alledged goal at all.

Firefox users will have to also use other browsers due to the flawed design of EME.

It would have been better to not inclulde this at all, right now it looks like an attempt to fool the uninformed.

Firefox gets closed-source DRM

Posted May 14, 2014 22:15 UTC (Wed) by KaiRo (subscriber, #1987) [Link]

You can rest assured that Mozilla and/or Adobe have been in talks for a while behind closed doors to ensure that a critical mass of those content providers that rely on DRM will work with that system, but unfortunately all those agreements are probably even harder to talk about in public due to the involved parties. I don't think either Mozilla or Adobe would put the efforts into this if they wouldn't know that the important players would be in the boat there.

Not that anyone at Mozilla would be really happy with implementing any form of DRM support, from all I can tell.

Firefox gets closed-source DRM

Posted May 15, 2014 2:25 UTC (Thu) by donbarry (guest, #10485) [Link]

Which simply proves that Mozilla is addicted to cash from Google and the proprietary compromises follow naturally from the interests of Google and other content providers.

The Apache license and "open source" (as opposed to Free/Libre) culture surrounding Mozilla continues to make apologetics for this sort of backhanded support. So long as the major funding for browser development is intrinsically tied to profit interests, it cannot easily be otherwise. The enemy, as always, is the capitalist organization of software development. But it doesn't mean that one has to allow Mozilla to do this without explaining the dangers to the user community. Mozilla, like Android, have each closed their eyes and ears and wailed "lalalala" while promoting their own "app stores" (Firefox extensions) in which little or no consideration is given to the free/libre nature of the code: licenses are not mandatory parts of search results and in fact are hardly ever to be found.

Here we see another historic line in the sand breached -- not by Microsoft, Opera, and Safari, where it is to be expected -- but by Mozilla. Having breached this line, they deserve no deference or respect in participating in future standardization processes, and that is a real shame.

Firefox gets closed-source DRM

Posted May 15, 2014 8:42 UTC (Thu) by gerv (subscriber, #3376) [Link]

What do you mean by "Mozilla breached the line in the sand"? IE, Safari and Chrome all implemented this technology first.

Mozilla mostly uses the MPL (a weak copyleft license), not the Apache license.

You can continue to claim that Google makes all Mozilla's decisions, but it will continue to be a claim without a shred of evidence to back it up. If Google were making these decisions for us, we'd be using their CDM, not Adobe's.

Firefox gets closed-source DRM

Posted May 15, 2014 7:32 UTC (Thu) by krake (subscriber, #55996) [Link]

Don't get me wrong, I am absolutely certain that Adobe has long standing contracts currently served client side via Flash that they were able to extend through that.

I am also confident that they can leverage Mozillas standing to even further their uptake at the publishers' side.

As I said before I am merely critizing the phrasing, since it looks like an attempt to fool the uninformed into believing that this will allow them to continue to use Firefox as their only browser.

The very core principle of EME is compartmentalization, the goal is to make content exclusive to certain parties.

Sure, Mozilla Corp. is a for-profit organisation, but their marketing is usually way above the "fool the sheeple" level.

Firefox gets closed-source DRM

Posted May 15, 2014 10:07 UTC (Thu) by jra (subscriber, #55261) [Link]

gerv wrote:

> "But we hope that we will achieve our goals here."

Your only goal is market share. All else is secondary, and you have now clearly shown will be thrown under the bus if it conflicts with the primary goal.

That couldn't be clearer !

It's obviously in conflict with:

"The Mozilla project is a global community of people who believe that openness, innovation, and opportunity are key to the continued health of the Internet."

How do you do this job ? Is "Market Share" the only reason you get up in the morning ? The only reason to do this increasingly difficult job of spreading the PR message of why betraying your users is a good idea and in their own interests really ?

Firefox gets closed-source DRM

Posted May 15, 2014 12:29 UTC (Thu) by gerv (subscriber, #3376) [Link]

If our only goal was market share, why did we try very hard for years to avoid implementing H.264? Why have we sweated out a deal with Adobe which includes downstream support, Linux support and privacy protection when (I suspect) we could have implemented EME much easier and earlier if we didn't bother about those things?

We still believe that openness, innovation, and opportunity are key to the continued health of the Internet. You are confusing doing something with liking it. No-one at Mozilla is celebrating today, and Mozilla remains opposed to DRM - Mitchell's and Andreas' blog post rehearsed, for the Nth time, why it's not good for users. We had two bad options; we think this one is less bad than the other one.

Firefox gets closed-source DRM

Posted May 15, 2014 16:50 UTC (Thu) by lsl (subscriber, #86508) [Link]

> Why have we sweated out a deal with Adobe which includes downstream support, Linux support and privacy protection when (I suspect) we could have implemented EME much easier and earlier if we didn't bother about those things?

Is Linux really fully supported? AFAIK the existing Adobe DRM implementation doesn't give the same "robustness guarantees" on all platforms. They claim a higher degree of "robustness" for the Windows variant, which IIRC led Amazon (when it still had a Flash-based alternative to Silverlight) to not offer high-definition content to Linux users.

But Andreas' blog said the CDM isn't able to gather any information about its host system, so this stuff can't possibly be a problem, right?

Firefox gets closed-source DRM

Posted May 15, 2014 17:25 UTC (Thu) by donbarry (guest, #10485) [Link]

They can't talk about it, or else they'll be encouraging trafficking.

The effect of this on the corporate culture will be profound.

As Alexander Pope wrote:

"Vice is a monster of so frightful mien
As to be hated needs but to be seen;
Yet seen too oft, familiar with her face,
We first endure, then pity, then embrace.”

Firefox gets closed-source DRM

Posted May 16, 2014 8:00 UTC (Fri) by jra (subscriber, #55261) [Link]

> If our only goal was market share, why did we try very hard for years to
> avoid implementing H.264? Why have we sweated out a deal with Adobe which
> includes downstream support, Linux support and privacy protection when (I
> suspect) we could have implemented EME much easier and earlier if we
> didn't bother about those things?

Yeah, remember when we were *cool*. Yeah, yeah, cool man... We used to be so *cool* didn't we... Remember that ?

But that was then Gervase, this is now.

Now you have demonstrated you have no principle you're not willing to abandon in the name of popularity. None. Doesn't matter what you did in the past. The point of principles is that they are immutable. That's why they are your *principles*.

A blank, looking for validation and approval. Nothing more than that. It's sad really. Reminds me a little of Tony Blair (if you'll forgive the digression in UK politics, as I know both you and I relate to that :-). Tony used to be cool once too. Now look at him. Can't go into a restaurant now without the waiters trying a citizens arrest as a war criminal.

Is that the legacy you want for Mozilla ? Is that the organization you want to give your talents to ? Do you think that's a good use of your time ?

If you want to be an apologist for DRM, I'm pretty sure Netflix would pay you a *lot* better than Mozilla. Or any other proprietary software company.

You've already shown popularity is #1 for you. How about going to work where you can be *really* popular ! You won't have to pretend you have any principles there, life will be so much easier.

Firefox gets closed-source DRM

Posted May 16, 2014 8:25 UTC (Fri) by gerv (subscriber, #3376) [Link]

I don't accept the idea that one is not permitted to have principles if one doesn't win every battle one fights.

Your accusation is simply false. In this particular case (which is the second significant one I know of, the first being H.264) we have had to do something we would rather not do, to avoid an even worse outcome.

Let's say we took your path, and in 3 years time, Firefox on the desktop had a market share of less than 5%, and our influence on the course of the web was negligible. Would you still be there on our backs, deploying the whip and saying "for goodness sake, Mozilla - you seem to be violating your principles all over the place these days; why are you letting these guys push you around"?

The reason we win quite a lot is because we have a decent market share. It's not big enough to win every battle. The idea that we should throw that away in a glorious Charge of the Light Brigade the first time we lose is foolish.

Firefox gets closed-source DRM

Posted May 16, 2014 12:57 UTC (Fri) by jra (subscriber, #55261) [Link]

You can lose battles and still have principles.

What you can't do is violate your principles and claim you're only doing so to keep them clean for next time, when you promise, *truly* promise that next time will be different. We won't cave into pressure next time, really we won't. I know we did this time, but that was *different* you see, it was because we *had* to..

It's sad, just sad. Pathetic and sad. You won't even admit to yourself that implementing DRM is a violation of principles. Remember this ?

"We see DRM in general as profoundly hostile to all three of: users, open source software, and browser vendors who aren’t also DRM vendors.", or now he's gone are you planning to revise history on that ?

The industry that you claim "forced you into this" is laughing at you. "We need to keep our influence for next time" is a sick joke. You don't seem to understand - you don't have any influence left. You've shown you'll shred your morals like a cheap suit if anyone threatens you in any way. What need does anyone have to listen to what you say ? What will you do if they don't ? Capitulate again ?

You have no principles left, only a ferocious desire for market share. Be honest about it, at least to yourself. You can play the PR man out there on the web, but look in the mirror and think, really think, about what you've become, and what you're doing.

You're an apologist for DRM. Is that what you thought you'd be when you were growing up ? Is that what all that education was for ? To learn how to convince people that something you know in your heart is hostile to openness, freedom and decency isn't so bad because it's *you* that's doing it to them ?

What is Firefox and Mozilla for ? Why does it exist ?

Come back to me when you have a better answer than "to be popular".

Firefox gets closed-source DRM

Posted May 16, 2014 13:20 UTC (Fri) by gerv (subscriber, #3376) [Link]

> "We see DRM in general as profoundly hostile to all three of: users, open
> source software, and browser vendors who aren’t also DRM vendors.", or
> now he's gone are you planning to revise history on that?

No, we still agree with that. Why are we doing this? Because we had two bad choices, and this one is least bad. Brendan was involved in our strategy to work out what to do about DRM from the very beginning and, if you check his Twitter stream, you'll see that he agreed that this was necessary.

I'm not an apologist for DRM. An apologist for DRM would be someone saying that DRM is a good thing. I'm not saying that. I don't use Netflix or similar services, because I'm not interested in most of the content they offer. I may well never use the Adobe CDM. But I don't fool myself into thinking I'm typical.

Troubling bundling

Posted May 14, 2014 18:23 UTC (Wed) by proski (subscriber, #104) [Link]

It would be fine to implement DRM like Flash, i.e. as a closed source plugin from a separate vendor. If Mozilla attaches its name to the closed source plugin (i.e. Mozilla EME rather than Adobe EME), it would be troubling for them and could lead to developers leaving the project. Worse yet if the EME functionality is bundled with the executables distributed on the Mozilla website. I would expect that distros would ship a stripped-down version, likely under different names (such as IceWeasel or Distro's Browser).

Also, I think that Mozilla should let other companies provide different implementations of EME, just like it's possible to use one of many free Flash implementations.

Troubling bundling

Posted May 14, 2014 18:37 UTC (Wed) by jag (subscriber, #3766) [Link]

From the article: "[Like] plugins today, the [Content Decryption Module] itself will be distributed by Adobe and will not be included in Firefox."

So while the EME (with reasonable sounding sandbox functionality) will be Mozilla's, the binary CDM/DRM blob will be Adobe's and will need to be downloaded and installed separately (probably prompted when first visiting a site needing it).

Troubling bundling

Posted May 14, 2014 20:19 UTC (Wed) by proski (subscriber, #104) [Link]

Good to know. Thank you!

Firefox gets closed-source DRM

Posted May 14, 2014 18:37 UTC (Wed) by alonz (subscriber, #815) [Link]

Is anyone even bothering to read the linked post?

Mozilla will not be implementing the DRM "Content Decryption Module", nor will they be distributing it. They will implement a specialized sandbox intended to run such CDM's, and Adobe will provide the CDM as a plugin.

I can see distributions deciding to somehow block the option for running EME CDM plugins, but it doesn't seem all that likely to me (for one: there is nothing preventing use of a fully open-source CDM plugin, except that the so-called "content industry" will not embrace it…)

Firefox gets closed-source DRM

Posted May 14, 2014 18:43 UTC (Wed) by coriordan (guest, #7544) [Link]

> there is nothing preventing use of a fully open-source CDM plugin,
> except that the so-called "content industry" will not embrace it

And my recent failures in getting to the moon by jumping don't prove it's impossible, but let's not change the topic by discussing things we are all sensible enough to know are impossible.

Firefox gets closed-source DRM

Posted May 14, 2014 18:44 UTC (Wed) by alonz (subscriber, #815) [Link]

(Yes, I am replying to myself… why not?)

I do worry how Mozilla plan to assure content providers that the browser itself is not modified to record the decrypted content (in particular, how they imagine doing this without breaking their own sandbox model). This is a hard problem, and many solutions are likely to cause issues to rebuilders.

Time will tell, I guess…

Firefox gets closed-source DRM

Posted May 14, 2014 19:02 UTC (Wed) by gerv (subscriber, #3376) [Link]

Current plan: CDM can scrape memory to check sandbox is a sandbox it trusts. Rebuilders can ship our own sandbox binary, or we can work towards deterministic builds so they can build their own, or they can talk to Adobe about having their own trusted by the CDM.

Firefox gets closed-source DRM

Posted May 14, 2014 19:35 UTC (Wed) by ballombe (subscriber, #9523) [Link]

How do you mediate access by the CDM to memory?
Whatever is containing the CDM from reading all the computer memory is also able to point it to a trusted copy of the sandbox (or simply ptrace the sandbox).

Thus, either the sandbox is a joke or the CDM is.

Firefox gets closed-source DRM

Posted May 14, 2014 22:22 UTC (Wed) by KaiRo (subscriber, #1987) [Link]

Well, the CDM can only access the memory of the low-privilege process it is running in, that' one of the main reasons why it's a sandbox in a separate process.

As for how much of a joke the CDM and the whole DRM technologies used today are, psst, don't tell Hollywood about it or they'll think about doing even weirder and worse stuff than they agree to right now. :p
(But really, I mostly see it as a token of "we seriously tried to secure our content" so that the appended legal material will hold in front of the courts...)

Firefox gets closed-source DRM

Posted May 14, 2014 19:05 UTC (Wed) by riccieri (guest, #94794) [Link]

In the comments, someone said:

>The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.

I'm not sure how that works, but it seems like they've got it covered.

I do wonder how that prevents OS or kernel-level code to get access to the content, though. I assume that the content needs to be handed off to the kernel at some point.

Virtual sandbox?

Posted May 14, 2014 19:17 UTC (Wed) by Max.Hyre (guest, #1054) [Link]

Would it be possible to run the trusted sandbox on a virtual machine, from which one could examine the sandbox contents without detection by the DRM code?

Will that be the red pill, or the blue one?

Virtual sandbox?

Posted May 14, 2014 19:19 UTC (Wed) by gerv (subscriber, #3376) [Link]

DRM is partly tech, partly law.

The most likely consequence of pointing out flaws in DRM schemes is not the DRM-requirers saying "You know, you're right, we should just abandon this", it's them saying "Well, here's a new set of requirements" - which would be harder for Mozilla to meet and worse for user privacy and control.

Let the reader understand.

Virtual sandbox?

Posted May 14, 2014 21:10 UTC (Wed) by ballombe (subscriber, #9523) [Link]

So you are admitting this is just smoke and mirror.
Interesting.

Virtual sandbox?

Posted May 14, 2014 21:16 UTC (Wed) by gerv (subscriber, #3376) [Link]

No, that's not what I said.

Virtual sandbox?

Posted May 14, 2014 23:18 UTC (Wed) by Karellen (subscriber, #67644) [Link]

See also Ian Hickson's insightful post "The purpose of DRM is to give content providers leverage against creators of playback devices."[0]

[0] https://plus.google.com/app/basic/stream/z13qtnxhuojytbjb...

Virtual sandbox?

Posted May 14, 2014 23:19 UTC (Wed) by Karellen (subscriber, #67644) [Link]

Doh! Now I've just seen that Krake already posted this link below, a good few hours before me.

Virtual sandbox?

Posted May 15, 2014 10:24 UTC (Thu) by krake (subscriber, #55996) [Link]

Can't hurt to have it more than once.
It is one of the best, if not the best, piece of writing on the nature and goals of DRM

Thanks for explaining

Posted May 15, 2014 6:47 UTC (Thu) by oldtomas (guest, #72579) [Link]

> The most likely consequence of pointing out flaws in DRM schemes [...] it's them saying "Well, here's a new set of requirements" - which would be harder [...] to meet and worse for user privacy and control.

So we know what to do. Keep patiently and insistently at it until this whole disgusting mess breaks down under its own weight.

Hey! The emperor is naked!

Or as Ballombe points out in this thread -- it's all smoke and mirrors after all (although gerv is careful to point out that (s)he didn't say that :-)

Don't give up, folks! Poke holes in DRM!

Thanks for explaining

Posted May 15, 2014 17:07 UTC (Thu) by roc (subscriber, #30627) [Link]

This approach is counter-productive. The more people talk about the limitations of existing DRM schemes, the more pressure there will be to replace them with something even more user-unfriendly.

The idea that the system will "break down under its own weight" is, unfortunately, wishful thinking.

Thanks for explaining

Posted May 16, 2014 6:48 UTC (Fri) by oldtomas (guest, #72579) [Link]

Note: I assume your intentions to be good, and I commend your work done on free software. Thanks for that.

But I strongly disagree on this point. The only viable solution is (IMHO, of course) strong political counter-pressure. And every bit which makes the life of gullets more miserable is a help at this point.

Because what "content industry" wants is docile and willing gullets.

I know, this sounds harsh. It took me a while to reach this conclusion.

Thanks for explaining

Posted May 16, 2014 22:41 UTC (Fri) by roc (subscriber, #30627) [Link]

When I say "user-unfriendly" I don't just mean more difficult to use, I mean more privacy-invasive, more surveillance-friendly, and more completely taking control of devices away from their users. I'm not confident that going further down that path is the right way to ultimately make things better.

Thanks for explaining

Posted May 17, 2014 7:13 UTC (Sat) by oldtomas (guest, #72579) [Link]

> When I say "user-unfriendly" I don't just mean more difficult to use [...]

Yep. I got that. But that's exactly the point of our disagreement. To put it pointedly, "let's keep the users just at the edge of their confort zone wrt. their tolerance of surveillance and control" amounts to me to slowly boiling the frogs.

Forcing Big Content to show their ugly fangs (as much as possible) just might be a better long-term strategy.

IOW I am convinced that the ugly RIAA lawsuits and carpet-bombing have done more for freedom than Gnash.

Now if constituents could get off their asses and vote those corrupt politicians who play along with secret trade agreements (TTIP, Trans-Pacific) out of office, that would be it.

Sorry for the political tangent, but the root of the problem *is* political, not technical.

Thanks for explaining

Posted May 19, 2014 7:07 UTC (Mon) by Arker (guest, #14205) [Link]

The more invasive and ugly the DRM the more people will reject it. And ultimately that has to be the end goal. Companies will give it up when users start flatly refusing to buy it, and not one moment before.

It has to get worse before it will get any better.

Firefox gets closed-source DRM

Posted May 14, 2014 19:18 UTC (Wed) by ballombe (subscriber, #9523) [Link]

>The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.

Which is incompatible with the assertion that

"In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results."

and it is disingenuous to call open-source a component that cannot be usefully modified.

Firefox gets closed-source DRM

Posted May 14, 2014 19:24 UTC (Wed) by riccieri (guest, #94794) [Link]

> it is disingenuous to call open-source a component that cannot be usefully modified.

It is still open source in the sense that you can audit it and verify that it does what it says it does (restricting the binary blob from doing anything nasty). With closed source software you can't do that.

Firefox gets closed-source DRM

Posted May 14, 2014 20:38 UTC (Wed) by proski (subscriber, #104) [Link]

The Open Source Definition includes following requirement:
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
The license may allow that, but the technical means would hobble that freedom. And now let's see the rationale:
Rationale: The mere ability to read source isn't enough to support independent peer review and rapid evolutionary selection. For rapid evolution to happen, people need to be able to experiment with and redistribute modifications.
That's not going to happen.

Firefox gets closed-source DRM

Posted May 14, 2014 22:28 UTC (Wed) by KaiRo (subscriber, #1987) [Link]

You are right in that this is walking a line. Note that any code implementing an ABI to different software, accessing pre-defined hardware or even implementing an agreed-to standard to the point is basically walking more or less the same line, as any modification might stop that other part from working, as will modifications to the sandbox that the DRM does not recognize.

Firefox gets closed-source DRM

Posted May 14, 2014 23:11 UTC (Wed) by proski (subscriber, #104) [Link]

Linux kernel implements ABI to different software, accesses pre-defined hardware and even implements agreed-to standards to the point. Yet it's routinely distributed and used in modified form without losing its utility.

Firefox gets closed-source DRM

Posted May 14, 2014 19:59 UTC (Wed) by cesarb (subscriber, #6266) [Link]

> I do wonder how that prevents OS or kernel-level code to get access to the content, though. I assume that the content needs to be handed off to the kernel at some point.

From what I read, the Flash plugin already has some kind of DRM, and the ones who want that CDM already accept Flash's DRM's limitations, including there being no way of preventing the kernel from capturing the frames. So, it's not a problem, or at least it's an accepted one. This CDM/EME thing only replaces the wide attack surface of a potentially buggy closed-source plugin with a much smaller and carefully sandboxed potentially buggy closed-source plugin.

(As an aside: technically, with modern video cards the video player can hand the textures directly to the GPU, without involving the kernel, so the kernel-level code does not actually get access to the video content. But it could easily get access if it wanted; the same is true for the compositor.)

I believe most of the LWN readership can easily see all the holes in this CDM/EME thing, and how it (and the whole idea of DRM itself) can be broken in a million different ways. But a bulletproof solution is not the point; the point is "something as good as the Flash plugin" (for the DRM peddler's definition of "good"). It's great that the Mozilla people are containing the damage by creating a restricted kind of plugin, instead of the current kind which has unrestricted code execution privileges.

Firefox gets closed-source DRM

Posted May 15, 2014 1:21 UTC (Thu) by dannyobrien (subscriber, #25583) [Link]

Actually, from my understanding in talking to Mozilla, they will be distributing it, and also managing the updating of the CRM. It will be packaged with Firefox, though you will have to enable it on first use. Is there anything in the blog post that contradicts that?

Firefox gets closed-source DRM

Posted May 15, 2014 1:52 UTC (Thu) by nirik (subscriber, #71) [Link]

From https://hacks.mozilla.org/2014/05/reconciling-mozillas-mi...

"As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent."

Firefox gets closed-source DRM

Posted May 15, 2014 8:38 UTC (Thu) by roc (subscriber, #30627) [Link]

Legally speaking, Adobe will be distributing the CDM. Apart from anything else this is important for patent licensing reasons.

The user probably won't be able to tell (or care) who's distributing it.

Firefox gets closed-source DRM

Posted May 15, 2014 15:57 UTC (Thu) by welinder (guest, #4699) [Link]

Hi, roc!

True/False: if one were to run mozilla showing DRM contents under your
replaying debugger, then the generated files could be transferred to
any other machine and still be used to display the same DRM contents?

Firefox gets closed-source DRM

Posted May 15, 2014 17:05 UTC (Thu) by roc (subscriber, #30627) [Link]

I'm pretty sure rr would not be the easiest way to break this kind of DRM.

The robustness of DRM is an interesting topic but as gerv says elsewhere it's not really productive to talk about it. The more people talk about the fragility of existing schemes, the more pressure there will be to replace them with something worse for users.

Firefox gets closed-source DRM

Posted May 16, 2014 11:24 UTC (Fri) by krake (subscriber, #55996) [Link]

> The more people talk about the fragility of existing schemes, the more pressure there will be to replace them with something worse for users.

But wouldn't that be good in the long run?

The more it negatively impacts users the easier it becomes for them to understand that it is bad.

Similar to nobody wanting crypto support because it was inconvenient and then Snowden came along.

Firefox gets closed-source DRM

Posted May 16, 2014 13:00 UTC (Fri) by khim (subscriber, #9252) [Link]

Take a look on iOS “ecosystem”. Apple rules it with iron fist. One can not do anything without Apple's approval. Yet people only pick Android over iPhone because it's cheaper. In countries where iPhone is subsidized (and thus cheap) it's market share is much higher.

Yes, some people refuse to do anything with Apple's devices because they are fatally crippled (you can never “own” them: practically speaking you are renting them, not buying), I'm one of these, but there are so few of us that it does not really matter, we are below statistical error when our numbers are counted.

Story with Snowden is similar: there are huge amount of snake oil salesmens which sell you “painless crypto” which is, in best case, a pointless placebo, but very few picked real painful and unconvenient crypto after Snowden revelations.

Firefox gets closed-source DRM

Posted May 16, 2014 22:44 UTC (Fri) by roc (subscriber, #30627) [Link]

Making things much worse for users in the short term in the hope it provokes a political response is a very risky strategy, and I don't think it would work. A lot of the downside of DRM (invasion of privacy for example) is not very visible to users.

Firefox gets closed-source DRM

Posted May 14, 2014 18:38 UTC (Wed) by weue (guest, #96562) [Link]

DRM on video is physically impossible, since you can just grab the decrypted video as it exits the CDM, or failing that as it travels on the HDMI cable to the monitor.

[there might be HDCP, but Amazon sells several HDMI splitters that "fail" to reapply it on the output, and the algorithm is broken anyway; if HDCP actually worked you could hack the monitor instead or use a calibrated set of HD cameras]

The typical actual effective use of DRM is to create an artificial monopoly on legal content players, since you now need to license the DRM to write one, and this allows the cartel who controls the DRM to leech money from everyone else, and to strangle competition.

In addition, it allows to prevent fair use by users, and thus swindle additional money from them when they want, for instance, to watch content on both their desktop and mobile devices.

Alternatively, it can just trick idiots who are somehow unable to perform a simple search at ThePirateBay into thinking their content cannot be copied.

From the announcement, it's not too clear what is happening here.

Is Google, Microsoft, Adobe or someone else trying to monopolize the video distribution market, imposing their parasitic fees on content producers or browser makers?

Or is this a Netflix plot to fleece users by making them pay several times for the same content?

Or are Hollywood executives really so dumb that they believe this will have an effect on whether their content can be downloaded for free via BitTorrent?

Which of these is the real story?

Firefox gets closed-source DRM

Posted May 14, 2014 18:50 UTC (Wed) by higuita (guest, #32245) [Link]

Every copy protection and DRM can be fooled one way or another... but that don't stop the content builders... they are ready to lose sales just for the fear that someone steals their content (that will happen, no matter what), to the point of creating rootkits and not working solutions.

Only the open/free movements changed a little this, more companies are now more open to release content without DRM... but others only see the "lost money" caused by the piracy and the possible "land grab" of being the number one "content delivery company", that they get blinded about everything else.

Firefox gets closed-source DRM

Posted May 14, 2014 19:10 UTC (Wed) by krake (subscriber, #55996) [Link]

> DRM on video is physically impossible, since you can just grab the decrypted video as it exits the CDM, or failing that as it travels on the HDMI cable to the monitor.

Protecting the content is the official reason, read the excuse to hide the actual reason

> The typical actual effective use of DRM is to create an artificial monopoly on legal content players, since you now need to license the DRM to write one, and this allows the cartel who controls the DRM to leech money from everyone else, and to strangle competition.

Also know as the actual reason.

> Which of these is the real story?

All of them, because that isn't a list of "or"s but of "and"s.

Hollywood doesn't want a situation to arise where anyone can sell and distribute their own creations through the same channels they do.

Netflix and other established players do not want a market where anyone can compete for subscribers.

The plattform vendors do not want a world where anyone can create a fully functional platform.

Ian Hickson has a good write up on this: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2

Firefox gets closed-source DRM

Posted May 14, 2014 21:45 UTC (Wed) by fandingo (subscriber, #67019) [Link]

> In addition, it allows to prevent fair use by users[...]

Fair use is not any sort of right or privilege granted. It is an affirmative defense once infringement is established.

open source

Posted May 14, 2014 19:09 UTC (Wed) by ballombe (subscriber, #9523) [Link]

So according to the specification, the CDM has no access to the world except through an 'open source' sandbox.

But then:
> Adobe and the content industry can audit our sandbox (as it is open source) to assure themselves that we respect the restrictions they are imposing on us and users, which includes the handling of unique identifiers, limiting the output to streaming and preventing users from saving the content. Mozilla will distribute the sandbox alongside Firefox, and we are working on deterministic builds that will allow developers to use a sandbox compiled on their own machine with the CDM as an alternative.

So this seems to imply that actually Adobe can prevent users of the CDM to replace the 'open source' component by another that save the content.

This is a strange use of open source, indeed, when modification are not allowed.

I hope the Mozilla developers will be smart enough to include some DRM-security hole masqueraded as fat-finger. (No reason to give the NSA the monopole of this useful technic).

open source

Posted May 14, 2014 19:36 UTC (Wed) by eternaleye (subscriber, #67051) [Link]

> This is a strange use of open source, indeed, when modification are not allowed.

It's a perfectly normal use of 'open source', although it is arguably not 'free software' - in fact, it's _exactly_ what the 'Tivoisation' clause of the GPL-3 was intended to prevent.

Of course, Firefox is not GPL-3.

open source

Posted May 14, 2014 19:52 UTC (Wed) by LightBit (guest, #88716) [Link]

According to Open Source Initiative this is not open source.

open source

Posted May 14, 2014 20:36 UTC (Wed) by JohnLenz (subscriber, #42089) [Link]

So what's going to happen to security issues in firefox (not the CDM, but firefox itself)? Say mozilla finds a seecurity issue in firefox active in the wild and creates a patch. But now the CDM fails, because when it attempts to verity the sandbox it sees a new sandbox. So mozilla can either release an updated firefox which will piss off all the users where an update to firefox breaks all their video sites, or can delay the security update to firefox until someone at Adobe can update the CDM. Companies like this are not known for their quick response, so mozilla might be forced to leave a vulnerable version of firefox for quite a while.

Or what about what happens when a year from now Adobe says: "We are not going to allow the CDM to run with future versions of firefox unless you put an addvertisement link to Adobe in the upper-left corner." Mozilla is just opening themselves up to future pressure from these companies, once users get used to video being available and will be mad when an update breaks it.

open source

Posted May 14, 2014 22:36 UTC (Wed) by KaiRo (subscriber, #1987) [Link]

The security or other Firefox update issue is another reason why the Adobe CDM is running inside an (open-source) sandbox that runs in a different process than Firefox itself - the main Firefox code can be changed and updated independently of the actual sandbox code/installation and the binary CDM, so the security updates to Firefox are not an issue. The things that is more critical is the sandbox, of course, so it must be kept small in code and well-audited.

open source

Posted May 15, 2014 8:43 UTC (Thu) by roc (subscriber, #30627) [Link]

We haven't worked out all the details yet but the intent is that the CDM does not try to verify the entire browser stack, mainly just the sandbox. If there's a security issue in the sandbox, then we'd probably need to coordinate an update with Adobe.

As for the second paragraph --- preventing that is what contracts and laywers are for.

open source

Posted May 14, 2014 21:51 UTC (Wed) by fandingo (subscriber, #67019) [Link]

> This is a strange use of open source, indeed, when modification are not allowed.

The strangeness only comes from lumping Mozilla and Adobe into one entity. Mozilla is developing an open source CDM, which users are allowed to modify to their heart's content. Adobe is developing a closed-source EME and has decided to only make that work with approved CDMs and approved versions of those CDMs.

Even if Firefox were GPLv3, the anti-tovization clause wouldn't provide any protection because the entity releasing the open source code is not the same one preventing modifications to continue using it's closed-source plugin.

open source

Posted May 15, 2014 8:51 UTC (Thu) by gerv (subscriber, #3376) [Link]

Wrong way round. Adobe is developing a closed-source CDM. Mozilla is developing an open source sandbox, plus an implementation of the EME API in Firefox. The closed-source CDM only works with sandboxes it likes, and the sandbox only works with CDMs it likes.

open source

Posted May 15, 2014 19:59 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

> and the sandbox only works with CDMs it likes

Hmm? It only provides an API. Why would it care about which module it loads that calls those APIs? Is this mentioned somewhere?

open source

Posted May 19, 2014 7:19 UTC (Mon) by Arker (guest, #14205) [Link]

"The strangeness only comes from lumping Mozilla and Adobe into one entity. Mozilla is developing an open source CDM, which users are allowed to modify to their heart's content. Adobe is developing a closed-source EME and has decided to only make that work with approved CDMs and approved versions of those CDMs. "

They are acting as one entity. The only purpose of the CDM is to facilitate the EME. So it's certainly not Free Software and it really sounds like a violation even by the considerably less strict Open Source definition as well.

open source

Posted May 19, 2014 16:12 UTC (Mon) by fandingo (subscriber, #67019) [Link]

No, they aren't. Mozilla distributes the sandbox, and Adobe distributes the closed-source plugin.

open source

Posted May 19, 2014 17:50 UTC (Mon) by lsl (subscriber, #86508) [Link]

What practical difference does that make? Even the Mozilla people seem to acknowledge that this situation is much more due to legal requirements than being a philosophical decision of "we don't ship proprietary software or DRM". Firefox is still going to nag you to download and install that blob.

I'm highly curious to see the actual dialog.

open source

Posted May 19, 2014 18:47 UTC (Mon) by fandingo (subscriber, #67019) [Link]

Do you have the same problem with NSAPI that's been used for ages to allow Flash to work? It's the exact same sort of open source "sandbox" (not really a sandbox but an API plugin).

Firefox will only nag users to install Adobe's CDM if the user visits a site that has content that requires a CDM. That's exactly how it currently behaves with Flash. This situation doesn't strike me as any different than how it currently works, and if it means a more focused, smaller blobs, that seems like a good thing. Not the best thing, but better than now.

open source

Posted May 19, 2014 20:14 UTC (Mon) by lsl (subscriber, #86508) [Link]

EME's sole purpose is to facilitate DRM. That's not the case for NPAPI which has other uses. In fact, on the computer I'm writing this the only NPAPI plugin installed is free software (IcedTea-Web).

Please note that I'm not saying I know better what Mozilla should or shouldn't have done. I don't. But let's be honest here: Mozilla shipping DRM infrastructure amounts to major defeat.

It's obvious that proliferation of EME leads to competitive disadvantages of non-mainstream platforms for which no CDM will be made available. I still have my doubts that even in Mozilla's/Adobe's implementation Linux will be a fully supported (read: can play HD content) platform, to not even mention other, less widely used, operating systems. What about other future user agents developed by teams other than the established few? Now all the major browsers (including Firefox) ship with DRM, giving it the appearance of an universally supported (and accepted) "feature".

The W3C even considering something like EME in its current incarnation is just ridiculous.

open source

Posted May 20, 2014 11:32 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

> The W3C even considering something like EME in its current incarnation is just ridiculous.

Considering? Didn't they already give it a stamp of approval?

open source

Posted May 15, 2014 18:27 UTC (Thu) by glisse (guest, #44837) [Link]

I would love to learn how the sandbox could block capturing the stream on Linux. Damm with a gdb script i could capture it. So please explain how in hell one can believe this to be doable on linux ?

My guess is that linux will never have access to HD content and only low resolution with bad sound will be allowed to be playback on linux.

open source

Posted May 15, 2014 20:24 UTC (Thu) by KaiRo (subscriber, #1987) [Link]

It's up to Adobe and their agreements with the content industry, but AFAIK Mozilla is pushing for having Linux enabled. We'll only be able to tell once we see the actual software and not just the announcements of intention.

open source - platform-agnostic

Posted May 16, 2014 13:17 UTC (Fri) by ndye (guest, #9947) [Link]

It's up to Adobe and their agreements with the content industry, but AFAIK Mozilla is pushing for having Linux enabled. We'll only be able to tell once we see the actual software and not just the announcements of intention.

I thought (part of) the point of the contract was Mozilla forcing platform-agnosticism on Adobe, by every Mozilla implementation of the CDM being trusted (as opposed, possibly, to forks of Mozilla).

What did I miss?

open source - platform-agnostic

Posted May 16, 2014 18:25 UTC (Fri) by KaiRo (subscriber, #1987) [Link]

I don't know the contract, so I can't talk about it, but there's different levels of platform-agnostic. I'm pretty sure it's not agnostic of execjtable formats and processors, but that's just what I think. We'll know more when we see actual code (and binaries).

open source

Posted May 15, 2014 20:01 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

> So this seems to imply that actually Adobe can prevent users of the CDM to replace the 'open source' component by another that save the content.

It reads to me like Adobe can audit the source. They can try to verify the resulting binary at runtime, but that would probably have an unacceptable high false positive rate (though one option is to not care about that I suppose).

Firefox gets closed-source DRM

Posted May 14, 2014 20:49 UTC (Wed) by njwhite (guest, #51848) [Link]

Well that sucks. I see where firefox are coming from, but this seems to me like the perfect time to move to being more hardline. It seems that a lot more people are coming to realise that relying on proprietary software is dangerous, and mozilla should be in a strong position to say "this is developed openly, by a diverse community, here are our values". They do that at the moment, and do it well, but maybe a stronger statement like not implementing EME, and explaining why it's dangerous, would not be as big of a risk as they think.

> While we would much prefer a world and a Web without DRM, our users need it to access the content they want.

"Need" is too strong a word - mozilla could for example recommend the pirate bay and build in a torrent client. I know there are people around who would happily pay money to companies for content, but not at the expense of installing proprietary "management" systems - I am one. DVDs still work, but BluRay is way too much hassle to crack, so the only way of accessing that content safely is bittorrent. Sorry content providers - let me know when I can buy your stuff in a format that isn't thoroughly disrespectful and I'll do so in an instant.

All that said, it does sound like Mozilla are thinking carefully about the least awful way to implement this, and are indeed going to provide a significantly better alternative than anyone else in the space, for which we should be thankful.

Firefox gets closed-source DRM

Posted May 14, 2014 21:32 UTC (Wed) by krake (subscriber, #55996) [Link]

Cory Doctorow has written an insightful article with quite similar points

http://www.theguardian.com/technology/2014/may/14/firefox...

Firefox gets closed-source DRM

Posted May 14, 2014 21:36 UTC (Wed) by pizza (subscriber, #46) [Link]

> "Need" is too strong a word - mozilla could for example recommend the pirate bay and build in a torrent client.

...and promptly be sued out of existence.

Firefox gets closed-source DRM

Posted May 14, 2014 22:41 UTC (Wed) by KaiRo (subscriber, #1987) [Link]

If you look at how many people actually buy BlueRays and/or watch Netflix, I don't see how they "are coming to realise that relying on proprietary software is dangerous". Unfortunately.

I still want them to use Firefox, though, so that we actually reach them with our messages are and able to slowly make them aware of those issues.

Firefox gets closed-source DRM

Posted May 15, 2014 8:46 UTC (Thu) by roc (subscriber, #30627) [Link]

Thanks for the respectful post.

You may in fact be right. It's difficult to predict the future and perhaps a big risk like that would pay off. But it would definitely be a big risk. I hope people --- like Cory Doctorow --- appreciate that it's easy to suggest someone else take a big risk when you've got no skin in the game.

Firefox gets closed-source DRM

Posted May 15, 2014 8:47 UTC (Thu) by roc (subscriber, #30627) [Link]

... and by "skin in the game" I don't mean Mozilla's prosperity, I mean all the open-Web initiatives we're working on that could be fatally compromised if we bet everything on anti-DRM and lose.

Firefox gets closed-source DRM

Posted May 15, 2014 11:57 UTC (Thu) by ewan (subscriber, #5533) [Link]

The problem is that all the open web initiatives are fatally compromised by this move. You might be able to get a web open enough to interoperate between (say) Firefox and Chrome, which is nice, but you've completely undermined any wider openness - only 'authorized' browser makers will be able to produce something that's fully functional on the 'open web'.

Mozilla gets to be in the DRM club, but don't kid yourself that's an open web any more.

Firefox gets closed-source DRM

Posted May 15, 2014 17:15 UTC (Thu) by roc (subscriber, #30627) [Link]

> only 'authorized' browser makers will be able to produce something that's
> fully functional on the 'open web'.

I don't think that's true at all. Our approach is specifically designed so that people can make huge changes to Firefox --- possibly even replace Gecko entirely, for example --- and still use the Adobe CDM. We had to work very hard to ensure that.

I also disagree with "all the open web initiatives are fatally compromised by this move". There are lots of good things happening on the open Web that are totally unaffected by this move.

Having said that, this situation does suck. I wish people could fully implement the Web without integrating a particular CDM sandbox --- and without paying H.264 royalties. But we didn't create those situations and there's nothing Mozilla can do to escape them. We tried.

FSF's statement: criticism, but also constructive ideas

Posted May 14, 2014 23:30 UTC (Wed) by coriordan (guest, #7544) [Link]

FSF's statement on this:

https://fsf.org/news/fsf-condemns-partnership-between-moz...

Interesting ideas, such as asking the well-heeled Mozilla Foundation to put more resources into fighting DRM than it will put into supporting this Adobe DRM module.

And of course FSF's campaign against DRM being in the W3C standard:

https://defectivebydesign.org/no-drm-in-html5

This is why I support FSF. They work on the really important stuff, regardless of how difficult it seems. If we give up every time something seems hard, then the proprietary companies will know that they can get a cheap win whenever they want by puffing up their chests and making the fight look hard.

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 10:33 UTC (Thu) by krake (subscriber, #55996) [Link]

Indeed.
The FSF is an organiation that is known for standing up to its principles even it doing so is sometimes making them unpopular, even if it means outright hostility against them.

Which is why, again and again, they've emerged victorious, so to speak, i.e. saw opposition dwindle and concede that they had been right all along.

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 12:27 UTC (Thu) by khim (subscriber, #9252) [Link]

The FSF is an organiation that is known for standing up to its principles even it doing so is sometimes making them unpopular, even if it means outright hostility against them.

FSF is “absolutely dedicated to their principles” because they it's almost irrelevant today: they can declare anything they want and successfully get away with that because people are just ignoring them anyway.

In rare cases when FSF does a skin in a fight they are ready to compromise, too (open GPLv3, scroll down to Conveying Non-Source Forms, read the part about a “User Product” and weep).

Which is why, again and again, they've emerged victorious, so to speak, i.e. saw opposition dwindle and concede that they had been right all along.

Really? Once upon time FSF was a force to be reconed with: Emacs and especially GCC were their instruments of change they reshaped the whole industries—but that was when FSF was ready to compromise and when it, gasp, even distributed .exe files from their site. Now… they just cry wolf again and again, are ignored (often for years) but eventually (when someone else does the thing they proposed to do for totally unrelated reason) try to appropriate someone's else success when one of their objectives is achieved by conincidence. It started with a silly fight for the GNU/Linux, but now it became an epidemy.

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 13:45 UTC (Thu) by Zack (guest, #37335) [Link]

No.

There is no "because" in that line of reasoning.

As long as they stand for something, and there's one person listening, they're not irrelevant, in spite of your clamouring.

The only way for the FSF to become irrelevant is if they did the opposite of what they said they would do, like mozilla is doing right now.

I hope Mozilla will enjoy their market share, but really, why should I use firefox now? They're just another browser, warm fuzzies of the past notwithstanding.

They need the marketshare to "do good"? What "good" is there left to be done if the things you are doing to gain marketshare is contrary to the reason you exist?

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 17:13 UTC (Thu) by gerv (subscriber, #3376) [Link]

"They need the marketshare to "do good"? What "good" is there left to be done if the things you are doing to gain marketshare is contrary to the reason you exist?"

You really think there's now nothing good that Mozilla could ever do? Forgive me for suggesting that this is hyperbole.

I've already seen one email that a high up person in Mozilla has received about plans to extend DRM to other things. I would not be surprised if all such emails were referred to the response given in the case of Arkell vs. Pressdram.
http://en.wikipedia.org/wiki/Arkell_vs_Pressdram#Litigation

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 15, 2014 18:50 UTC (Thu) by coriordan (guest, #7544) [Link]

Everyone can still do good in the future, but this news deals a blow to people's faith in Mozilla standing firm in the future.

First H264, then a weakened form a net neutrality, and now DRM - and with Adobe. These don't make Mozilla an enemy, but people are disappointed.

Each announcement has a paragraph with a regretful tone, but still presents these compromises as being good for users.

We've heard the bad news, that Mozilla is developing DRM, but can you give us the good news? Are there good fights Mozilla fighting behind the scenes? Surely the weak bargaining position that left Mozilla feeling it was forced to do something has hardened Mozilla's resolve to exterminate DRM - what's Mozilla doing on that front, what action is behind the paragraphs with regretful tones in the announcements?

What about FSF's suggestion for Mozilla to "devot[e] as many of their extensive resources to permanently eliminating DRM as they are now devoting to supporting it"?

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 15, 2014 23:24 UTC (Thu) by roc (subscriber, #30627) [Link]

Some examples of good news:
-- Standardizing and implementing improvements to Javascript to make Web apps better. Other vendors aren't so keen to do this since they have their own proprietary platforms to protect (.NET, Dart, PNaCl, etc).
-- With asm.js etc we're getting games off Flash and onto the Web (e.g. Unity) where they work across platforms without requiring closed-source components.
-- asm.js and other stuff we're doing is keeping developers on Web standards and off the Google-controlled PNaCl/Pepper platform.
-- Given Apple and Microsoft hardly engage at all in Web standards development, if not for Mozilla Google would be improving Web standards all by themselves --- but of course that doesn't really work. In particular because with only a single implementation of a standard its bugs become de facto part of the standard. (E.g. we fixed many broken things in the Web Audio spec.) After Opera dropped out, if Mozilla (or Google) were to drop out, the "two independent implementations" principle would enfeeble Web standards development.
-- Developing and deploying free audio and video codecs (Opus, Daala).
-- Developing new safer language (Rust) and browser engine (Servo) so one day Web security won't depend on millions of lines of C++ code.
-- Developing Shumway, the best open-source Flash replacement.
-- Providing a much more open-source alternative to Android for low-end phones. If nothing else this makes it harder for Google to fully impose their will on OEMs.
-- Pushing privacy features like DNT and Collusion/Lightbeam.
-- Building free geolocation service (Mozilla Location Service).
-- Specification and implementation of WebRTC so we can get people out of closed-source (and closed-network) services like Skype/Hangouts.
-- Investing in open source libraries like Harfbuzz that the entire open source community benefits from.

I haven't even listed anything the Mozilla Foundation is doing.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 2:00 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

> -- Standardizing and implementing improvements to Javascript to make Web apps better. Other vendors aren't so keen to do this since they have their own proprietary platforms to protect (.NET, Dart, PNaCl, etc).
So Mozilla decided to create its own proprietary platform - asm.js. Complete with dysfunctional memory management, threading and graphics.

Thanks a lot.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 2:53 UTC (Fri) by roc (subscriber, #30627) [Link]

I suspect you're trolling, but in case you're not:

asm.js apps run on all major browsers, because their behavior is entirely determined by existing Web standards (JS, WebGL, Web Audio, etc) already implemented by those browsers. That's about as far from "proprietary platform" as you can get. All we did is define a special subset of JS, document that subset, and optimize for it. Other browser vendors are also optimizing their engines for these apps.

You can call it dysfunctional if you like, but it's bringing stuff like Unreal Engine and Unity to run on a fully open source, open standards stack, so it's clear win for Mozilla's principles.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 3:02 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

It does not run well enough for real apps on unmodified browsers. And definitely without threading and smart MM.

So Mozilla just created yet-another-bytecode, and it is about as ugly as it gets.

What's more, WebKit is moving towards using LLVM for JavaScript optimization. So on those platforms asm.js is just unnecessary and stupid layer.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 15:55 UTC (Fri) by raven667 (subscriber, #5198) [Link]

I'm not an expert but what you are saying doesn't make any sense to me. asm.js just defines a subset of real, valid, javascript not another language or bytecode, allowing javascript interpreter makers to make better optimization decisions, you can perform optimization steps which might produce invalid programs if the full javascript language features were being used. Whether those optimizations are performed by LLVM or not seems immaterial, in fact I don't see why an LLVM based optimizer wouldn't have the same constraints as any of the others, it should be able to do a better job on the subset which asm.js defines.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 16:12 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

asm.js is bytecode that just happens to be a valid JavaScript. And so it's super-ugly as a result.

As any other bytecode, it needs a virtual machine/JIT for it. It's just fairly easy to adapt Mozilla's JIT to work with it, but some kind of special treatment is needed nonetheless.

Having JS as an extra layer above LLVM rather than thin PNaCl wrapper is simply stooopid.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 17, 2014 6:15 UTC (Sat) by roc (subscriber, #30627) [Link]

> some kind of special treatment is needed nonetheless.

You keep repeating this, but it's not true. Every valid asm.js program is a valid JS program, and its behavior is the behavior defined in the JS spec, so any compliant JS engine will run it correctly.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 17, 2014 7:01 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Except that all currently existing JS implementations are non-compliant without special fixes (yes, even Mozilla required patches). Mostly because such an abuse of JS stresses too much sanity.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 23:22 UTC (Fri) by roc (subscriber, #30627) [Link]

Your first point is untrue. For example, here's a Unity-based game that works pretty well on Chrome (v36 here): http://beta.unity3d.com/jonas/DT2/

Exposing LLVM bitcode as a bytecode format is a poor technical decision. LLVM was not designed for this role. In particular LLVM bitcode exposes undefined behavior, so if your program accidentally relies on any undefined behaviors, its behavior can change any time Google updates the PNaCl implementation (i.e. every six weeks), as well as varying across CPU architectures. See https://developer.chrome.com/native-client/reference/pnac... for more information. Even more information here:
http://permalink.gmane.org/gmane.comp.compilers.llvm.deve...
The behavior of asm.js code is fully defined by the JS specification, which makes it the better technical solution for a portable code format.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 16, 2014 23:44 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Let's see...

> "Your version of Chrome is to old to run this content. You need at least Chrome 35. Press Ok if you wish to continue anyways."

Nope, doesn't work. And I have the newest version of Chrome. So thanks a lot for proving my point.

> Exposing LLVM bitcode as a bytecode format is a poor technical decision. LLVM was not designed for this role.
And so? PNaCL seems to work fine with only minor modifications and restrictions for LLVM. I managed to hack a Rust-to-PNaCl compiler in a weekend, for example.

And consequently, all the PNaCl undefined behaviors are present in asm.js, except for the stuff with bitshifts (I think).

> The behavior of asm.js code is fully defined by the JS specification, which makes it the better technical solution for a portable code format.
Yeah, except that JS spec was written by poo-flinging monkeys. If LLVM bitcode is simply a bit awkward in places, Asm.JS is just full-blown ugly.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 17, 2014 6:11 UTC (Sat) by roc (subscriber, #30627) [Link]

> Nope, doesn't work. And I have the newest version of Chrome. So thanks a
> lot for proving my point.

I tried it in Chrome dev (36) and it did work. I don't know why it doesn't work in Chrome 34, but I assume it's just a bug that Google fixed after that. They certainly didn't "add support for the asm.js platform" in 35.

> all the PNaCl undefined behaviors are present in asm.js

That is completely wrong. Every single behavior under the "Not Well-Defined" list on Google's page, if present in a C program compiled to asm.js via Emscripten, will produce a JS program which will have the same behavior on any spec-compliant JS engine. For example, an out-of-bounds pointer access in asm.js turns into an array-out-of-bounds exception that must fire in exactly the same way on all JS engines.

asm.js may be ugly, but it's still the technically superior solution.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 17, 2014 7:00 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

> I tried it in Chrome dev (36) and it did work. I don't know why it doesn't work in Chrome 34, but I assume it's just a bug that Google fixed after that. They certainly didn't "add support for the asm.js platform" in 35.
They did just this, in effect. Safari also doesn't work, btw. Abusing corner cases of a spec to make a bytecode out of JS has its consequences.

> That is completely wrong. Every single behavior under the "Not Well-Defined" list on Google's page, if present in a C program compiled to asm.js via Emscripten
So what would: "int a = (unsigned int)2<<32;" do in a C++ code compiled into asm.js?

Right, exactly the same as in PNaCl - you're at the mercy of the C++ compiler.

And as a bytecode, the Google's subset is almost completely deterministic. I.e. a program in PNaCl will work on all supported platforms similarly. If it doesn't then it's a bug.

> For example, an out-of-bounds pointer access in asm.js turns into an array-out-of-bounds exception that must fire in exactly the same way on all JS engines.
There are no pointer checks in asm.js, and you know it perfectly well. It's totally possible to write something like this:

> struct Hello
> {
> char buf[20];
> int some;
> } world = {0};
>
> memset(&world, 11, 22);
> assert(some == 0); //Hmm?

And you'll get a good old undefined behavior in the C/C++ sense. Also dependent on compiler settings, like structure alignment.

> asm.js may be ugly, but it's still the technically superior solution.
No, it's not. For example, it still lacks threading - which CAN NOT be added to asm.js without adding quite a lot of stuff to JS itself.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 18, 2014 6:00 UTC (Sun) by roc (subscriber, #30627) [Link]

> So what would: "int a = (unsigned int)2<<32;" do in a C++ code compiled
> into asm.js?
>
> Right, exactly the same as in PNaCl - you're at the mercy of the C++
> compiler.

Given it's undefined behavior in C++, the C++ compiler can turn it into any JS it wants. But the JS it produces will run the same way on any spec-compliant JS implementation. For example, if the compiler generates the obvious JS code "2 << 32", the JS engine will compute 2, because the JS spec requires the shift count be masked by 0x1F before the shift:
http://www.ecma-international.org/ecma-262/5.1/#sec-11.7.1

> And as a bytecode, the Google's subset is almost completely
> deterministic. I.e. a program in PNaCl will work on all supported
> platforms similarly. If it doesn't then it's a bug.

That's not true in this case. If you read the Google page I quoted, PNaCl does not specify the results of all shifts: "There is still some architecture-specific behavior." They say it's "potentially fixable" but there's no indication they intend to fix it. You could argue "it's a bug" but it's hard to distinguish between implementation bugs and design bugs in PNaCl since it has no fully detailed spec --- one of the reasons why it's an inferior solution.

> There are no pointer checks in asm.js, and you know it perfectly well.
> It's totally possible to write something like this:
>
> struct Hello
> {
> char buf[20];
> int some;
> } world = {0};
>
> memset(&world, 11, 22);
> assert(some == 0); //Hmm?
>
> And you'll get a good old undefined behavior in the C/C++ sense. Also
> dependent on compiler settings, like structure alignment.

The behavior of the C++ code is undefined. The behavior of its JS translation is defined. That matters because it means once you've tested it in one JS VM you'll get the same behavior in other VMs.

The threading stuff is an issue. We're working on it, and I think you'll be surprised by how simple we can make the solution.

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 18, 2014 7:16 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

> They say it's "potentially fixable" but there's no indication they intend to fix it. You could argue "it's a bug" but it's hard to distinguish between implementation bugs and design bugs in PNaCl since it has no fully detailed spec --- one of the reasons why it's an inferior solution.
It's a bug and they're planning to fix this, once a good trade-off can be found. And you might notice that it's almost the only real issue. The rest are more of a kind: 'Your program will crash differently on various platforms if you try to do something stupid'.

> The behavior of the C++ code is undefined. The behavior of its JS translation is defined. That matters because it means once you've tested it in one JS VM you'll get the same behavior in other VMs.
So is PNaCl's behavior.

> The threading stuff is an issue. We're working on it, and I think you'll be surprised by how simple we can make the solution.
Without any modifications to JS? How about interfaces with sound, graphics and DOM?

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 18, 2014 11:43 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

> How about interfaces with sound, graphics and DOM?

Well, we already live in a world where direct access to such things can only (safely) happen from one thread anyways (Qt, GTK, and others I'm sure). Maybe they're working on something like signals and slots which work across threads? Or proxy objects to use in other threads?

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 18, 2014 12:10 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

They'll have to repeat what PNaCl has been doing - create something that is functionally indistinguishable from PPAPI.

After all, PPAPI has only one fatal flaw - http://www.drdobbs.com/windows/a-brief-history-of-windows... I believe, that it describes the current Mozilla perfectly...

Can you tell us about Mozilla's anti-DRM efforts?

Posted May 22, 2014 1:15 UTC (Thu) by foom (subscriber, #14868) [Link]

My most recent favorite example of cross-browser fast asm.js is Python:
https://rfk.id.au/blog/entry/pypy-js-faster-than-cpython/

Note that Chrome and Firefox do behave differently there: Chrome starts out slower, but ends up running the pypy-asmjs code faster than current-firefox.

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 20:16 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

> I've already seen one email that a high up person in Mozilla has received about plans to extend DRM to other things.

One notable example I've seen is the plans for Keurig to implement DRM such that only Keurig-approved K-cups will be brewed. Can you share what the other targets might be?

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 20:59 UTC (Thu) by Zack (guest, #37335) [Link]

>You really think there's now nothing good that Mozilla could ever do?

No, I think it doesn't matter anymore what Mozilla purports to be doing. Right now it's a money-burning organization that sits in between Google and Firefox, paid to wave an "open web" banner around. I might as well save Google the money.

You had *one* job, Mozilla...

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 22:44 UTC (Thu) by dlang (subscriber, #313) [Link]

so since you are dumping anything mozilla, what browser are you going to move to that fit's your requirements better?

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 23:41 UTC (Thu) by Zack (guest, #37335) [Link]

It's not as much about "dumping" Mozilla software, but the loss of trust in Mozilla in their role as steward of an open and unencumbered Internet.

Now, with all vendors being more or less equal, one might as well take up gerv's own suggestion and use Chrome(ium), if only in the hope to send a signal to Google that they might consider to stop spending money on Mozilla so some people will get sacked, and a leaner and meaner Mozilla might do some soul searching about what their real role in the digital world is supposed to be.

FSF's statement: criticism, but also constructive ideas

Posted May 15, 2014 23:50 UTC (Thu) by dlang (subscriber, #313) [Link]

so, to punish Mozilla for resisting and then caving to something that Chrome has been championing, you are going to stop using Mozilla and instead use Chrome in the hope that Mozilla feels bad????

Mozilla never had the power to be the Steward of the Internet. If you are upset at them for compromising that position, then you just never understood their power in the first place.

Firefox gets closed-source DRM

Posted May 14, 2014 23:38 UTC (Wed) by pabs (subscriber, #43278) [Link]

Firefox gets closed-source DRM

Posted May 15, 2014 0:17 UTC (Thu) by pabs (subscriber, #43278) [Link]

Firefox gets closed-source DRM

Posted May 15, 2014 8:53 UTC (Thu) by gerv (subscriber, #3376) [Link]

Firefox gets closed-source DRM

Posted May 15, 2014 12:09 UTC (Thu) by ewan (subscriber, #5533) [Link]

"My honourable friend Bradley Kuhn thinks Mozilla should serve its users by refusing to give them what they want."

No-one wants DRM. At most people feel that they have to put up with it to get what they do want, but that's only the case so long as middleware providers like Mozilla pander to the DRM companies.

In the case of the 'broadcast flag' some years ago we saw really strong statements from Hollywood that 'premium' and HD content absolutely couldn't possibly be broadcast without it. They didn't get it, and promptly carried on broadcasting premium and HD content anyway, because without ultimately being prepared to sell their product to their customers, they've got no business.

Firefox gets closed-source DRM

Posted May 15, 2014 12:35 UTC (Thu) by gerv (subscriber, #3376) [Link]

"No-one wants DRM."

No. But they want Hollywood movies (which is what I was referring to by "what they want"), and they are - in overwhelming majority - willing to accept DRM to get what they want.

The broadcast flag analogy is imperfect because both copyright owners and users have very easy alternatives if we refuse to implement this - it's called "use Chrome".

If you are looking for some of the reasons for why Mozilla is in a bad position here, talk to all of the geeks who thought Chrome was "free enough", and switched to it from Firefox and promoted it to their friends.

Firefox gets closed-source DRM

Posted May 15, 2014 18:22 UTC (Thu) by KaiRo (subscriber, #1987) [Link]

Firefox gets closed-source DRM

Posted May 15, 2014 9:23 UTC (Thu) by arclynx (guest, #19834) [Link]

Why can’t just Mozilla create a new fork of Firefox for the DRM lover people? And ask them to download that version. And while at that, make it proprietary, because Mozilla is not an Open Source company/community anymore.

Firefox gets closed-source DRM

Posted May 15, 2014 15:23 UTC (Thu) by amarao (subscriber, #87073) [Link]

I think that 'plugin' should be deactivated by default, and require user to do something annoying (going to settings, checking box 'enable DRM for current site').

Ok, you need to do it. But who says it should be nice and easy? Every DRM site should cause user pain in the ass. This will really helps to get that idea to every user: drm === 'no, i don't want to do it again'.

Firefox gets closed-source DRM

Posted May 15, 2014 15:40 UTC (Thu) by palmer_eldritch (guest, #95160) [Link]

> Ok, you need to do it. But who says it should be nice and easy?
I guess the reason why they won't make it a pain in the ass is because: "Chrome does it nice and easy so if the average Joe can't do it nice and easy, he'll just use chrome instead".
At least, I think we can count on adobe to make something buggy enough that it will still be painful to use despite mozilla's efforts to make it as painless as possible.

Firefox gets closed-source DRM

Posted May 15, 2014 17:33 UTC (Thu) by roc (subscriber, #30627) [Link]

Right. There is no way Mozilla can make DRM more difficult to use in Firefox than "use Chrome instead".

Firefox gets closed-source DRM

Posted May 16, 2014 11:40 UTC (Fri) by krake (subscriber, #55996) [Link]

Are you saying that the next victim will be the certificate exception handling due it being more diffcult to pass than what other browser are doing?

Firefox gets closed-source DRM

Posted May 16, 2014 23:28 UTC (Fri) by roc (subscriber, #30627) [Link]

Yes, that is an issue. We can make it a little more difficult than other browsers since there is a small switching cost, but not much more difficult. Users can and will switch browsers to view pages we block; denying that reality would be wishful thinking and unhelpful.

However, we can and do coordinate with other popular browsers on this sort of thing. When everyone agrees, implicitly or explicitly, to make it more difficult over similar timeframes, we can make the situation better.

Firefox gets closed-source DRM

Posted May 17, 2014 8:04 UTC (Sat) by krake (subscriber, #55996) [Link]

> Users can and will switch browsers to view pages we block; denying that reality would be wishful thinking and unhelpful.

Right, but you seem to be under the impression that nothing in Firefox itself is of value to its users, that they would not only switch for the pages that do not work but for good.

In my case it is Firefox that it sometimes switch to so I can't really tell if it has any selling points or what they are, but there must be something, doens't it?

Firefox gets closed-source DRM

Posted May 18, 2014 6:01 UTC (Sun) by roc (subscriber, #30627) [Link]

A switch for a page that doesn't work won't always lead to a permanent switch but it will certainly push in that direction.

Firefox gets closed-source DRM

Posted May 18, 2014 7:13 UTC (Sun) by krake (subscriber, #55996) [Link]

Well, in this case it would only be one or two fixed sites, no?

Wouldn't the familiar behavior, potential customizations, tons of bookmarks, etc. be way stronger incentices to stay with the current browser than to switch to just for one or two sites that basically don't do anything else than show a video fullscreen?

I have my doubts that any user, lest a significant portion of the Firefox userbase, has subscriptions to more than a handful of video streaming sites.

Most users won't even have the availability to subscribe to that many.

Firefox gets closed-source DRM

Posted May 19, 2014 7:38 UTC (Mon) by Arker (guest, #14205) [Link]

"A switch for a page that doesn't work won't always lead to a permanent switch but it will certainly push in that direction."

No, you are wrong, it was usually is a push in the opposite direction.

Firefox earned its following for being safer, more secure. LOTS of firefox users are used to the idea that occasionally they have to use another less secure browser for a badly designed website. I have NEVER seen anyone switch to the other browser full time because of this.

I have however seen at least a dozen switch because "firefox updated and now I have something else, help!"

The first few times that happened I went through and did my best to repair all the damage, shuffling through about:config, searching for and installing and testing various extensions, just to try to fix something that worked fine for this person for years before. Then there's another "upgrade." Then another, and another. And eventually I said I am sorry I cant keep doing this. And THAT is when the regular joe user gives up on Firefox and switches to IE or Chrome or Safari full time.

Firefox gets closed-source DRM

Posted May 15, 2014 18:52 UTC (Thu) by khim (subscriber, #9252) [Link]

Every DRM site should cause user pain in the ass. This will really helps to get that idea to every user: drm === 'no, i don't want to do it again'.

Most users will just interpret it as “Firefox == pain; better to finally choose between Chrome and MS IE”. They don't know and they don't want to know what the DRM is but they will know that it does not hurt Chrome, MS IE, Safari or even Opera, but that does hurt Firefox for some reason. Apparently Firefox guys are just don't know what they are doing if they are the only ones who could not make experience painless.

Firefox gets closed-source DRM

Posted May 15, 2014 20:12 UTC (Thu) by KaiRo (subscriber, #1987) [Link]

It will be deactivated by default. Enabling will not be annoying but needs to be a conscious decision by the user. It will not "just work" by default without any user interaction.

Firefox gets closed-source DRM

Posted May 15, 2014 21:27 UTC (Thu) by zlynx (subscriber, #2285) [Link]

Ah. Just like how when someone wants to share files from a USB drive on Fedora the immediate response is "Relabel the USB filesystem and set this SELinux boolean value to True".

No. The response I see those those questions on forums is always "Turn off SELinux."

The response won't be "Turn on the Firefox sandbox." it would be "Download Chrome."

Firefox gets closed-source DRM

Posted May 16, 2014 3:54 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Uh, what? That's insane. Are those instructions for Fedora 3 or something? I have no problem with vfat drives Just Working with autofs. If they don't work with udisks, file a bug.

Firefox gets closed-source DRM

Posted May 16, 2014 4:07 UTC (Fri) by dlang (subscriber, #313) [Link]

what do you think the right answer should be?

if you go through and change all the SELinux labels on the SD card, you may break it for other uses, plus it may take a while to go through the entire device (remember how slow they are)

besides, it's not like you should actually trust any labels that are on the files, you don't know what other system may have fiddled with the labels since you mounted them

there is no good SELinux safe thing to do here.

so the general response of "disable SELinux" is about as sane as anything else.

Firefox gets closed-source DRM

Posted May 16, 2014 4:18 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Well, does vfat support xattr? How do you even set labels on such a thing? As for ext* keys, the only ones I've used hold my ssh keys, so it doesn't get shared… Maybe there should be a mount option for SELinux to treat as "untrusted" (e.g., I set noexec on all keys for sanity's sake)

Firefox gets closed-source DRM

Posted May 16, 2014 16:23 UTC (Fri) by raven667 (subscriber, #5198) [Link]

I don't understand, if you create a removable filesystem and set a bunch of permissions, extended attributes, access control lists or whatever then your filesystems is going to have a bunch of permissions, extended attributes and access control lists preventing access to things...what else would you expect? If you move that filesystem to a different machine those user IDs and permissions might be totally inappropriate. This is why often removable media uses a filesystem like FAT which doesn't have permissions, to sidestep this issue entirely, or use mount options like context= and try not to set permissions that don't make sense.

Firefox gets closed-source DRM

Posted May 16, 2014 18:27 UTC (Fri) by dlang (subscriber, #313) [Link]

I think the issue here is that SELinux doesn't play well with untagged files. It really wants you to tag them (thus the original poster's comment about the "right" answer being to tag all the files)

but that doesn't play well if you want to use the same removable media with multiple systems.

So the answer "disable SELinux" is reasonable, because this is a case that SELinux just doesn't handle well (if I'm wrong about this, please educate me)

Firefox gets closed-source DRM

Posted May 16, 2014 19:05 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Setting it to permissive mode should be enough.

And really, SELinux needs to handle filesystems without xattr support, so maybe it should treat all removable media as not supporting xattr.

Firefox gets closed-source DRM

Posted May 16, 2014 19:11 UTC (Fri) by raven667 (subscriber, #5198) [Link]

I mentioned the context mount option in my earlier message which seems to have been created for this purpose, a quote from the manpage for mount(8)

Quote:

"A commonly used option for removable media is context="system_u:object_r:removable_t"."

"Even where xattrs are supported, you can save time not having to label every file by assigning the entire disk one security context."

Firefox gets closed-source DRM

Posted May 16, 2014 19:13 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Ah, thanks. Does udisks set this option?

/me adds to autofs scripts.

Firefox gets closed-source DRM

Posted May 16, 2014 21:55 UTC (Fri) by zlynx (subscriber, #2285) [Link]

Amazing how leaving out a phrase completely changes what I meant.

What I meant to say was something about sharing files from a USB drive via Samba, over the network.

Because of the SELinux policies in effect on Fedora systems Samba is very limited. To share files you have to change boolean settings and/or use a special label.

See some details at http://selinuxproject.org/page/SambaRecipes


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds