Firefox gets closed-source DRM [LWN.net]

Firefox gets closed-source DRM

Posted May 15, 2014 15:40 UTC (Thu) by palmer_eldritch (guest, #95160) [Link] (7 responses)

> Ok, you need to do it. But who says it should be nice and easy?
I guess the reason why they won't make it a pain in the ass is because: "Chrome does it nice and easy so if the average Joe can't do it nice and easy, he'll just use chrome instead".
At least, I think we can count on adobe to make something buggy enough that it will still be painful to use despite mozilla's efforts to make it as painless as possible.

Firefox gets closed-source DRM

Posted May 15, 2014 17:33 UTC (Thu) by roc (subscriber, #30627) [Link] (6 responses)

Right. There is no way Mozilla can make DRM more difficult to use in Firefox than "use Chrome instead".

Firefox gets closed-source DRM

Posted May 16, 2014 11:40 UTC (Fri) by krake (guest, #55996) [Link] (5 responses)

Are you saying that the next victim will be the certificate exception handling due it being more diffcult to pass than what other browser are doing?

Firefox gets closed-source DRM

Posted May 16, 2014 23:28 UTC (Fri) by roc (subscriber, #30627) [Link] (4 responses)

Yes, that is an issue. We can make it a little more difficult than other browsers since there is a small switching cost, but not much more difficult. Users can and will switch browsers to view pages we block; denying that reality would be wishful thinking and unhelpful.

However, we can and do coordinate with other popular browsers on this sort of thing. When everyone agrees, implicitly or explicitly, to make it more difficult over similar timeframes, we can make the situation better.

Firefox gets closed-source DRM

Posted May 17, 2014 8:04 UTC (Sat) by krake (guest, #55996) [Link] (3 responses)

> Users can and will switch browsers to view pages we block; denying that reality would be wishful thinking and unhelpful.

Right, but you seem to be under the impression that nothing in Firefox itself is of value to its users, that they would not only switch for the pages that do not work but for good.

In my case it is Firefox that it sometimes switch to so I can't really tell if it has any selling points or what they are, but there must be something, doens't it?

Firefox gets closed-source DRM

Posted May 18, 2014 6:01 UTC (Sun) by roc (subscriber, #30627) [Link] (2 responses)

A switch for a page that doesn't work won't always lead to a permanent switch but it will certainly push in that direction.

Firefox gets closed-source DRM

Posted May 18, 2014 7:13 UTC (Sun) by krake (guest, #55996) [Link]

Well, in this case it would only be one or two fixed sites, no?

Wouldn't the familiar behavior, potential customizations, tons of bookmarks, etc. be way stronger incentices to stay with the current browser than to switch to just for one or two sites that basically don't do anything else than show a video fullscreen?

I have my doubts that any user, lest a significant portion of the Firefox userbase, has subscriptions to more than a handful of video streaming sites.

Most users won't even have the availability to subscribe to that many.

Firefox gets closed-source DRM

Posted May 19, 2014 7:38 UTC (Mon) by Arker (guest, #14205) [Link]

"A switch for a page that doesn't work won't always lead to a permanent switch but it will certainly push in that direction."

No, you are wrong, it was usually is a push in the opposite direction.

Firefox earned its following for being safer, more secure. LOTS of firefox users are used to the idea that occasionally they have to use another less secure browser for a badly designed website. I have NEVER seen anyone switch to the other browser full time because of this.

I have however seen at least a dozen switch because "firefox updated and now I have something else, help!"

The first few times that happened I went through and did my best to repair all the damage, shuffling through about:config, searching for and installing and testing various extensions, just to try to fix something that worked fine for this person for years before. Then there's another "upgrade." Then another, and another. And eventually I said I am sorry I cant keep doing this. And THAT is when the regular joe user gives up on Firefox and switches to IE or Chrome or Safari full time.

Firefox gets closed-source DRM

Posted May 15, 2014 18:52 UTC (Thu) by khim (subscriber, #9252) [Link]

Every DRM site should cause user pain in the ass. This will really helps to get that idea to every user: drm === 'no, i don't want to do it again'.

Most users will just interpret it as “Firefox == pain; better to finally choose between Chrome and MS IE”. They don't know and they don't want to know what the DRM is but they will know that it does not hurt Chrome, MS IE, Safari or even Opera, but that does hurt Firefox for some reason. Apparently Firefox guys are just don't know what they are doing if they are the only ones who could not make experience painless.

Firefox gets closed-source DRM

Posted May 15, 2014 20:12 UTC (Thu) by KaiRo (subscriber, #1987) [Link]

It will be deactivated by default. Enabling will not be annoying but needs to be a conscious decision by the user. It will not "just work" by default without any user interaction.

Firefox gets closed-source DRM

Posted May 15, 2014 21:27 UTC (Thu) by zlynx (guest, #2285) [Link] (9 responses)

Ah. Just like how when someone wants to share files from a USB drive on Fedora the immediate response is "Relabel the USB filesystem and set this SELinux boolean value to True".

No. The response I see those those questions on forums is always "Turn off SELinux."

The response won't be "Turn on the Firefox sandbox." it would be "Download Chrome."

Firefox gets closed-source DRM

Posted May 16, 2014 3:54 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (8 responses)

Uh, what? That's insane. Are those instructions for Fedora 3 or something? I have no problem with vfat drives Just Working with autofs. If they don't work with udisks, file a bug.

Firefox gets closed-source DRM

Posted May 16, 2014 4:07 UTC (Fri) by dlang (guest, #313) [Link] (6 responses)

what do you think the right answer should be?

if you go through and change all the SELinux labels on the SD card, you may break it for other uses, plus it may take a while to go through the entire device (remember how slow they are)

besides, it's not like you should actually trust any labels that are on the files, you don't know what other system may have fiddled with the labels since you mounted them

there is no good SELinux safe thing to do here.

so the general response of "disable SELinux" is about as sane as anything else.

Firefox gets closed-source DRM

Posted May 16, 2014 4:18 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Well, does vfat support xattr? How do you even set labels on such a thing? As for ext* keys, the only ones I've used hold my ssh keys, so it doesn't get shared… Maybe there should be a mount option for SELinux to treat as "untrusted" (e.g., I set noexec on all keys for sanity's sake)

Firefox gets closed-source DRM

Posted May 16, 2014 16:23 UTC (Fri) by raven667 (subscriber, #5198) [Link] (4 responses)

I don't understand, if you create a removable filesystem and set a bunch of permissions, extended attributes, access control lists or whatever then your filesystems is going to have a bunch of permissions, extended attributes and access control lists preventing access to things...what else would you expect? If you move that filesystem to a different machine those user IDs and permissions might be totally inappropriate. This is why often removable media uses a filesystem like FAT which doesn't have permissions, to sidestep this issue entirely, or use mount options like context= and try not to set permissions that don't make sense.

Firefox gets closed-source DRM

Posted May 16, 2014 18:27 UTC (Fri) by dlang (guest, #313) [Link] (3 responses)

I think the issue here is that SELinux doesn't play well with untagged files. It really wants you to tag them (thus the original poster's comment about the "right" answer being to tag all the files)

but that doesn't play well if you want to use the same removable media with multiple systems.

So the answer "disable SELinux" is reasonable, because this is a case that SELinux just doesn't handle well (if I'm wrong about this, please educate me)

Firefox gets closed-source DRM

Posted May 16, 2014 19:05 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (2 responses)

Setting it to permissive mode should be enough.

And really, SELinux needs to handle filesystems without xattr support, so maybe it should treat all removable media as not supporting xattr.

Firefox gets closed-source DRM

Posted May 16, 2014 19:11 UTC (Fri) by raven667 (subscriber, #5198) [Link] (1 responses)

I mentioned the context mount option in my earlier message which seems to have been created for this purpose, a quote from the manpage for mount(8)

Quote:

"A commonly used option for removable media is context="system_u:object_r:removable_t"."

"Even where xattrs are supported, you can save time not having to label every file by assigning the entire disk one security context."

Firefox gets closed-source DRM

Posted May 16, 2014 19:13 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Ah, thanks. Does udisks set this option?

/me adds to autofs scripts.

Firefox gets closed-source DRM

Posted May 16, 2014 21:55 UTC (Fri) by zlynx (guest, #2285) [Link]

Amazing how leaving out a phrase completely changes what I meant.

What I meant to say was something about sharing files from a USB drive via Samba, over the network.

Because of the SELinux policies in effect on Fedora systems Samba is very limited. To share files you have to change boolean settings and/or use a special label.

See some details at http://selinuxproject.org/page/SambaRecipes