Firefox gets closed-source DRM

Posted May 14, 2014 19:05 UTC (Wed) by riccieri (guest, #94794)
In reply to: Firefox gets closed-source DRM by alonz
Parent article: Firefox gets closed-source DRM

In the comments, someone said:

>The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.

I'm not sure how that works, but it seems like they've got it covered.

I do wonder how that prevents OS or kernel-level code to get access to the content, though. I assume that the content needs to be handed off to the kernel at some point.

Virtual sandbox?

Posted May 14, 2014 19:17 UTC (Wed) by Max.Hyre (subscriber, #1054) [Link] (12 responses)

Would it be possible to run the trusted sandbox on a virtual machine, from which one could examine the sandbox contents without detection by the DRM code?

Will that be the red pill, or the blue one?

Virtual sandbox?

Posted May 14, 2014 19:19 UTC (Wed) by gerv (guest, #3376) [Link] (11 responses)

DRM is partly tech, partly law.

The most likely consequence of pointing out flaws in DRM schemes is not the DRM-requirers saying "You know, you're right, we should just abandon this", it's them saying "Well, here's a new set of requirements" - which would be harder for Mozilla to meet and worse for user privacy and control.

Let the reader understand.

Virtual sandbox?

Posted May 14, 2014 21:10 UTC (Wed) by ballombe (subscriber, #9523) [Link] (1 responses)

So you are admitting this is just smoke and mirror.
Interesting.

Virtual sandbox?

Posted May 14, 2014 21:16 UTC (Wed) by gerv (guest, #3376) [Link]

No, that's not what I said.

Virtual sandbox?

Posted May 14, 2014 23:18 UTC (Wed) by Karellen (subscriber, #67644) [Link] (2 responses)

See also Ian Hickson's insightful post "The purpose of DRM is to give content providers leverage against creators of playback devices."[0]

[0] https://plus.google.com/app/basic/stream/z13qtnxhuojytbjb...

Virtual sandbox?

Posted May 14, 2014 23:19 UTC (Wed) by Karellen (subscriber, #67644) [Link] (1 responses)

Doh! Now I've just seen that Krake already posted this link below, a good few hours before me.

Virtual sandbox?

Posted May 15, 2014 10:24 UTC (Thu) by krake (guest, #55996) [Link]

Can't hurt to have it more than once.
It is one of the best, if not the best, piece of writing on the nature and goals of DRM

Thanks for explaining

Posted May 15, 2014 6:47 UTC (Thu) by oldtomas (guest, #72579) [Link] (5 responses)

> The most likely consequence of pointing out flaws in DRM schemes [...] it's them saying "Well, here's a new set of requirements" - which would be harder [...] to meet and worse for user privacy and control.

So we know what to do. Keep patiently and insistently at it until this whole disgusting mess breaks down under its own weight.

Hey! The emperor is naked!

Or as Ballombe points out in this thread -- it's all smoke and mirrors after all (although gerv is careful to point out that (s)he didn't say that :-)

Don't give up, folks! Poke holes in DRM!

Thanks for explaining

Posted May 15, 2014 17:07 UTC (Thu) by roc (subscriber, #30627) [Link] (4 responses)

This approach is counter-productive. The more people talk about the limitations of existing DRM schemes, the more pressure there will be to replace them with something even more user-unfriendly.

The idea that the system will "break down under its own weight" is, unfortunately, wishful thinking.

Thanks for explaining

Posted May 16, 2014 6:48 UTC (Fri) by oldtomas (guest, #72579) [Link] (3 responses)

Note: I assume your intentions to be good, and I commend your work done on free software. Thanks for that.

But I strongly disagree on this point. The only viable solution is (IMHO, of course) strong political counter-pressure. And every bit which makes the life of gullets more miserable is a help at this point.

Because what "content industry" wants is docile and willing gullets.

I know, this sounds harsh. It took me a while to reach this conclusion.

Thanks for explaining

Posted May 16, 2014 22:41 UTC (Fri) by roc (subscriber, #30627) [Link] (2 responses)

When I say "user-unfriendly" I don't just mean more difficult to use, I mean more privacy-invasive, more surveillance-friendly, and more completely taking control of devices away from their users. I'm not confident that going further down that path is the right way to ultimately make things better.

Thanks for explaining

Posted May 17, 2014 7:13 UTC (Sat) by oldtomas (guest, #72579) [Link]

> When I say "user-unfriendly" I don't just mean more difficult to use [...]

Yep. I got that. But that's exactly the point of our disagreement. To put it pointedly, "let's keep the users just at the edge of their confort zone wrt. their tolerance of surveillance and control" amounts to me to slowly boiling the frogs.

Forcing Big Content to show their ugly fangs (as much as possible) just might be a better long-term strategy.

IOW I am convinced that the ugly RIAA lawsuits and carpet-bombing have done more for freedom than Gnash.

Now if constituents could get off their asses and vote those corrupt politicians who play along with secret trade agreements (TTIP, Trans-Pacific) out of office, that would be it.

Sorry for the political tangent, but the root of the problem *is* political, not technical.

Thanks for explaining

Posted May 19, 2014 7:07 UTC (Mon) by Arker (guest, #14205) [Link]

The more invasive and ugly the DRM the more people will reject it. And ultimately that has to be the end goal. Companies will give it up when users start flatly refusing to buy it, and not one moment before.

It has to get worse before it will get any better.

Firefox gets closed-source DRM

Posted May 14, 2014 19:18 UTC (Wed) by ballombe (subscriber, #9523) [Link] (4 responses)

>The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.

Which is incompatible with the assertion that

"In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results."

and it is disingenuous to call open-source a component that cannot be usefully modified.

Firefox gets closed-source DRM

Posted May 14, 2014 19:24 UTC (Wed) by riccieri (guest, #94794) [Link] (3 responses)

> it is disingenuous to call open-source a component that cannot be usefully modified.

It is still open source in the sense that you can audit it and verify that it does what it says it does (restricting the binary blob from doing anything nasty). With closed source software you can't do that.

Firefox gets closed-source DRM

Posted May 14, 2014 20:38 UTC (Wed) by proski (subscriber, #104) [Link] (2 responses)

The Open Source Definition includes following requirement:

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

The license may allow that, but the technical means would hobble that freedom. And now let's see the rationale:

Rationale: The mere ability to read source isn't enough to support independent peer review and rapid evolutionary selection. For rapid evolution to happen, people need to be able to experiment with and redistribute modifications.

That's not going to happen.

Firefox gets closed-source DRM

Posted May 14, 2014 22:28 UTC (Wed) by KaiRo (subscriber, #1987) [Link] (1 responses)

You are right in that this is walking a line. Note that any code implementing an ABI to different software, accessing pre-defined hardware or even implementing an agreed-to standard to the point is basically walking more or less the same line, as any modification might stop that other part from working, as will modifications to the sandbox that the DRM does not recognize.

Firefox gets closed-source DRM

Posted May 14, 2014 23:11 UTC (Wed) by proski (subscriber, #104) [Link]

Linux kernel implements ABI to different software, accesses pre-defined hardware and even implements agreed-to standards to the point. Yet it's routinely distributed and used in modified form without losing its utility.

Firefox gets closed-source DRM

Posted May 14, 2014 19:59 UTC (Wed) by cesarb (subscriber, #6266) [Link]

> I do wonder how that prevents OS or kernel-level code to get access to the content, though. I assume that the content needs to be handed off to the kernel at some point.

From what I read, the Flash plugin already has some kind of DRM, and the ones who want that CDM already accept Flash's DRM's limitations, including there being no way of preventing the kernel from capturing the frames. So, it's not a problem, or at least it's an accepted one. This CDM/EME thing only replaces the wide attack surface of a potentially buggy closed-source plugin with a much smaller and carefully sandboxed potentially buggy closed-source plugin.

(As an aside: technically, with modern video cards the video player can hand the textures directly to the GPU, without involving the kernel, so the kernel-level code does not actually get access to the video content. But it could easily get access if it wanted; the same is true for the compositor.)

I believe most of the LWN readership can easily see all the holes in this CDM/EME thing, and how it (and the whole idea of DRM itself) can be broken in a million different ways. But a bulletproof solution is not the point; the point is "something as good as the Flash plugin" (for the DRM peddler's definition of "good"). It's great that the Mozilla people are containing the damage by creating a restricted kind of plugin, instead of the current kind which has unrestricted code execution privileges.