Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Firefox Will Handle DRM In HTML

Soulskill posted about 5 months ago | from the backed-into-a-corner dept.

Firefox 361

An anonymous reader writes "Last year the W3C approved the inclusion of DRM in future HTML revisions. It's called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, it had the support of several major browser makers, and now Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, 'This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. ... From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. ... Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.'"

cancel ×

361 comments

Sorry! There are no comments related to the filter you selected.

Not relevant (-1)

Anonymous Coward | about 5 months ago | (#47001655)

what's relevant is how Chrome will handle DRM.

Re:Not relevant (4, Funny)

interkin3tic (1469267) | about 5 months ago | (#47001715)

Given the recent update, I suspect the answer will be the same for both.

(I feel like this joke is nerdy even by slashdot standards.)

Re:Not relevant (4, Insightful)

Jeremiah Cornelius (137) | about 5 months ago | (#47001927)

Drop the browser. It's no longer a question if web standards are fucked, and that your arse is what's offered for the fucking.

Gopher over TOR.

Re:Not relevant (0)

Anonymous Coward | about 5 months ago | (#47002125)

Not relevant (-1)

Anonymous Coward | about 5 months ago | (#47001667)

What's relevant is how Apple will handle DRM.

Isn't hard drive access desirable? (3, Interesting)

CRCulver (715279) | about 5 months ago | (#47001685)

In our implementation, the CDM will have no access to the user's hard drive or the network

As with all DRM schemes, it's only a matter of time before this is broken. However, to save the decrypted content to the hard drive, one has to, well, have access to the hard drive. Does Firefox's architecture actually get in the way of users eventually pirating the content? Might have to switch browsers if that's the case.

Re:Isn't hard drive access desirable? (0)

Anonymous Coward | about 5 months ago | (#47001779)

If a person can HTTP Get a resource they will

Then they'll host it with DRM stripped on pages stuffed with advertising to make the cash money

Casual users get a slower web experience and content still has it's copyright infringed. Law abiding citizens and content creators lose again.

Re:Isn't hard drive access desirable? (0, Troll)

Anonymous Coward | about 5 months ago | (#47001823)

Does Firefox's architecture actually get in the way of users eventually pirating the content? Might have to switch browsers if that's the case.

Yeah, cause it's really important that a browser protect your right to--in your words--pirate content.

Re:Isn't hard drive access desirable? (5, Insightful)

Microlith (54737) | about 5 months ago | (#47002043)

It's important that a browser protect me and my rights on my system, not the business model of other DRM-happy corporations.

Re:Isn't hard drive access desirable? (0)

Anonymous Coward | about 5 months ago | (#47002373)

They are. That's why they are only permitting the DRM module the bare minimum it requires to do it's job. Thus protecting your system from unauthorised access by the DRM module.

This may not do anything to facilitate your access to do what you please with the DRM'd content, but that really is an issue you should be taking up with the content provider. If you don't like it, just avoid all DRM'd content.

Re:Isn't hard drive access desirable? (4, Insightful)

Microlith (54737) | about 5 months ago | (#47002021)

Does Firefox's architecture actually get in the way of users eventually pirating the content?

I doubt it, but it's likely that the CDM will attempt to check the Firefox binary and assert that the one loading it is signed by Mozilla and refuse to operate otherwise.

It's the CDM's job to fight off attack attempts against itself, not Firefox's. All Firefox will do is attempt to isolate the (undoubtedly security hole riddled) CDM and protect the end user from it - but given the closed source nature of the CDM this may not be possible.

Re:Isn't hard drive access desirable? (1)

Anonymous Coward | about 5 months ago | (#47002055)

I doubt it, but it's likely that the CDM will attempt to check the Firefox binary and assert that the one loading it is signed by Mozilla and refuse to operate otherwise.

Just LD_PRELOAD a shim, then. The binary can be signed all they want...

Re:Isn't hard drive access desirable? (4, Insightful)

wagnerrp (1305589) | about 5 months ago | (#47002287)

How are you going to check the binary if you've explicitly isolated the CDM from any access to the system? Either you allow the CDM direct access to the OS so it can perform the check on its own, or you can provide an interface that can be trivially spoofed. If the CDM access the OS directly, aside from the security implications that causes, now your open source OS can attack it in the same exact manner, returning whatever information the CDM wants to see, rather than the reality.

The simple truth is that you cannot have open source anything anywhere within the code chain from the point the content exits the CDM to the point the content is sent along with wire to your display device. If you are breached anywhere, then your system is insecure, and if your system is insecure, your content will be stolen and freely distributed on the internet. All you've prevented with all this DRM is the typical honest customer from being able to flexibly access the content in the manner they chose. The typical honest customer needs to be taught this, that DRM has nothing to do with stopping piracy, and everything to do with artificially restricting their abilities. Education is the key to fighting all forms of oppression.

Re:Isn't hard drive access desirable? (1)

Microlith (54737) | about 5 months ago | (#47002613)

Either you allow the CDM direct access to the OS so it can perform the check on its own, or you can provide an interface that can be trivially spoofed.

This is where I doubt that they can actually sandbox it. The CDM needs OS access so it can try and leverage nonsense like Windows' Protected Media Path. I'm not sure what they intend to do with the sandbox, realistically.

I still doubt that Firefox will, or can, do anything to protect the CDM.

Re:Isn't hard drive access desirable? (5, Interesting)

Ash Vince (602485) | about 5 months ago | (#47002119)

As with all DRM schemes, it's only a matter of time before this is broken.

DRM being crackable is not actually that important, what matters is how difficult it is for the average user. You only have to make it slightly tricky or add some slight perceived risk to downloading pirated stuff and they will choose to pay for it instead. For most people with a bit of cash the hassle factor of DRM is what keeps them on the straight and narrow, for the people without cash who cares, they probably would not have paid for it anyway.

Some people who pirate lots of stuff eventually grow into big paid consumers of stuff when they get a bit money, but when they do they often end up forgetting about their strict stance on DRM and just sign up with Netflix or Lovefilm or whatever based on how convenient it is for them. Who cares about keeping a copy of the latest crap to come out of content permanently, just give us lots of stuff to watch on demand and most of the time as consumers those of us with money are happy.

Does Firefox's architecture actually get in the way of users eventually pirating the content?

It's not really the job of browser vendors to make sure you can be a freeloading shithead is it? Their job is to make a product that as many people find useful as possible and that means a certain amount of mass appeal. Refusing to support this part of the standard would have robbed Firefox of more users than they will lose by supporting it.

The reality is that people who view piracy as some sort of moral duty and right like you do are in the minority, that is why most of the public quite happily go along with more stringent copyright laws being drafted by the politicians they elect. That means that creating a browser that will be unusable for certain sites that want to protect their content will just drive users away.

BTW, I actually also think DRM is a joke and a complete waste of space and that more companies should trust us to buy their content if we like it. I spend a fortune on services like netflix and cable TV. I also think though that people who refuse to pay should do without, pure and simple. Anything other than that is freeloading off those of us who pay.

Re:Isn't hard drive access desirable? (3, Interesting)

CRCulver (715279) | about 5 months ago | (#47002343)

The reality is that people who view piracy as some sort of moral duty and right like you do are in the minority, that is why most of the public quite happily go along with more stringent copyright laws being drafted by the politicians they elect.

Come visit us in Eastern Europe sometime. Furthermore, even in more affluent countries, it seems to me that an enormous proportion of the youth are getting their music from YouTube, not from buying CDs or purchasing legal downloads. You can find nearly any album from any era on there. Yes, Google might send a little bit of advertising revenue to whoever complains, but most of those songs were uploaded by a third party, not the copyright holders or artists.

Re:Isn't hard drive access desirable? (-1, Flamebait)

BitZtream (692029) | about 5 months ago | (#47002607)

Not a whole lot of people want to 'come visit' people who think theft is their moral duty.

Do you realize how stupid you sound? I know you don't, but for fucks sake think about what you're saying:

You don't like the way someone else wants to share their toys, so instead of doing the right thing, you're just going to take their toys and do what you want regardless of how the owners of said toys feel.

That makes you one selfish asshole in every way. I don't agree with a lot of software companies and media companies either, but that doesn't mean I can just do what ever the hell I want with their stuff nor does it mean you can.

I don't like the way you share your car, your money and your home, so I'm just going to come take it from you and do what I want with it as I see fit, how awesome is that? Its my moral duty to show assholes like you exactly what you are saying when you say the things you say.

Re:Isn't hard drive access desirable? (1)

Microlith (54737) | about 5 months ago | (#47002643)

It's not really the job of browser vendors to make sure you can be a freeloading shithead is it?

It's not really the browser's job to defend other processes from your assault, now is it? We'd call that malware in any other context.

Anything other than that is freeloading off those of us who pay.

No offense, but the industries in question are making money hand over fist. No real loss is occurring.

Re:Isn't hard drive access desirable? (5, Insightful)

Blue Stone (582566) | about 5 months ago | (#47002211)

>Does Firefox's architecture actually get in the way of users eventually pirating the content? Might have to switch browsers if that's the case.

Remember, DRM doesn't just stop 'piracy', it stops fair use of copyright content too.

Re: Isn't hard drive access desirable? (1)

Redbehrend (3654433) | about 5 months ago | (#47002325)

DRM isn't the problem is how overboard the companies go with the DRM. Like it was stated already companies want hardware info, hard drive info and probably even webcam images. I feel a simple effective user friendly DRM is fine, anything more than that will start a new war on the Internet. Hurting them and the user more than its helping anyone. Remember when ads didn't try to take over your computer?

Re:Isn't hard drive access desirable? (1)

petermgreen (876956) | about 5 months ago | (#47002329)

I'd say the opposite

If the plugin is running in a tight sandbox it should be easy to modify the sandbox to send the video to somewhere other than the screen without the plugin having any way to detect that this is going on.

Of course this way you will have to re-encode so there will be a performance and quality cost but it should be easilly doable and work for any website that uses this drm infrastructure.

And if you do want to hack the plugin itself (to avoid re-encoding) I can't imagine it will be too hard to poke a hole in the sandbox as well.

Re:Isn't hard drive access desirable? (1)

DreamMaster (175517) | about 5 months ago | (#47002519)

That's what I don't understand about this whole DRM-in-the-browsers thing. It's all well and good to have the data sent as an encrypted stream, but when it hits the browser, even if it the decryption is run in a sandbox, as per TFA, eventually it needs to render the data on the browser window. And since since the browser source is open, what's to stop someone very easily building their own executable with extra code to intercept video and sound output and saving it as a video file? As far as I can see, in-browser DRM doesn't seem to make all that much difference as to whether people could steal content.

Re:Isn't hard drive access desirable? (2)

MozeeToby (1163751) | about 5 months ago | (#47002575)

Even if you had the most 100% rock solid DRM, mathematically proven to be unbreakable and cryptographically secured, you cannot stop pirated content. If absolutely nothing else, people will use screen capture software and grab it that way. If things really go to shit and there's watchdog software on every PC preventing screen capture from happening while DRM content is playing, they'll pipe it over to a separate PC and capture it there. If you manage to block that they'll take apart a monitor and grab the data stream from the internals of the monitor itself. If you somehow find a way to block that, they'll point a camera at the damned things and capture it that way. The analog hole cannot be plugged and once it's broken and posted the DRM is effectively broken for everyone.

What a fscking disaster (0)

Anonymous Coward | about 5 months ago | (#47001693)

Current number of websites using EME is 0.

Re:What a joyous success (2)

mwvdlee (775178) | about 5 months ago | (#47001789)

Current number of websites using EME is 0.

Re:What a fscking disaster (2)

ArcadeMan (2766669) | about 5 months ago | (#47001825)

Current number of websites using MEME is over 9000.

Re:What a fscking disaster (-1)

Anonymous Coward | about 5 months ago | (#47001939)

Current # of websites using your mom is over 1 million.

Re:What a fscking disaster (1)

robmv (855035) | about 5 months ago | (#47002487)

Youtube uses EME for 1080p streams, no EME and you only get 720p or lower

SubjectsInCommentsAreStupid (4, Insightful)

lesincompetent (2836253) | about 5 months ago | (#47001701)

THIS is a good reason to oust a Mozilla CEO.

Re:SubjectsInCommentsAreStupid (4, Funny)

Mateo_LeFou (859634) | about 5 months ago | (#47001729)

This, or inventing javascript. Ick.

Re:SubjectsInCommentsAreStupid (1)

bi$hop (878253) | about 5 months ago | (#47002307)

THIS is a good reason to oust a Mozilla CEO.

Amen. For the first time in my life I actually wish I had mod points so I could mod this up.

Re:SubjectsInCommentsAreStupid (4, Insightful)

marcello_dl (667940) | about 5 months ago | (#47002387)

Exactly, this is a bad move no matter what. Because FF should have let third parties write a plugin and waited until it was inevitable before including it, if ever. With this move they threw their weight IN SUPPORT of it, from a practical point of view. Because now people will say: see this scheme is supported by all major vendors, let's go for it.

That it's a w3c standard, it is not relevant. In fact "we implement only the sane things out of w3c" would have been a marketing bullet point. No, not now: when remote wipings of DRM protected stuff start happening.

Brilliant. Perfect way to kill market share! (1)

redheaddebater (2785243) | about 5 months ago | (#47001727)

And... now I'm actively looking for a new casual browser.

Re:Brilliant. Perfect way to kill market share! (3, Insightful)

Arker (91948) | about 5 months ago | (#47001799)

PaleMoon is a Firefox fork that appears to be doing very well. I dont know for sure, but I suspect they will correctly sort this into the unwanted features bucket and skip it.

Re:Brilliant. Perfect way to kill market share! (1)

redheaddebater (2785243) | about 5 months ago | (#47001847)

PaleMoon looks like an interesting competitor - and I get to keep my favorite extensions. I'll keep my eye on it. Thank you for the info!

Re:Brilliant. Perfect way to kill market share! (0)

Anonymous Coward | about 5 months ago | (#47001995)

PaleMoon looks like an interesting competitor - and I get to keep my favorite extensions. I'll keep my eye on it. Thank you for the info!

Considering what crap Firefox 29 is and that I'm so tired of having to resort to kludges to keep my favorite theme and extensions I'll definitely take a look at PaleMoon now.

Re:Brilliant. Perfect way to kill market share! (0)

Anonymous Coward | about 5 months ago | (#47002097)

Firefox 29 was a huge UX improvement. You may want to use a browser that looks like Windows 95, but that's not sustainable in the long run.

Re:Brilliant. Perfect way to kill market share! (0)

Anonymous Coward | about 5 months ago | (#47002201)

Firefox 29 was a huge UX improvement.

How?

The only differences I've noticed is that they made the tabs almost impossible to distinguish, because Flat Is Cool!, and they appear to have moved the back and forward buttons.

Pointless changes for pointless reasons, as far as I can see.

Re:Brilliant. Perfect way to kill market share! (4, Insightful)

Arker (91948) | about 5 months ago | (#47002281)

Obviously you are correct. A UI which exposes control interfaces to the user is bad. The future is to expose control interfaces ONLY to remote ad agencies, and keep the dirty users in their place.

Re:Brilliant. Perfect way to kill market share! (-1, Troll)

Anonymous Coward | about 5 months ago | (#47001989)

Here comes Arker the faggot with the tt tags. He'll tell you that it's your web browser settings rendering his posts that way. Why? Because he's a useless little troll that wants his posts to appear in monospaced font so that he stands out. No different than a flamboyant fag dressed in pants with no but cheeks and a gimp mask on.

Re:Brilliant. Perfect way to kill market share! (0, Informative)

Anonymous Coward | about 5 months ago | (#47002107)

Fuck your font.

Re:Brilliant. Perfect way to kill market share! (0)

Anonymous Coward | about 5 months ago | (#47001883)

Which will you choose? Firefox (or one of its derivatives), which lets you disable this feature entirely, or one of the commercial browsers who are pushing the feature without a care to what you think?

I have it on good authority that... (-1)

Anonymous Coward | about 5 months ago | (#47001737)

...they will handle it by hunting down anyone who personally donated to an anti-gay platform and ostracizing them before kicking them the fuck out of the company.

Thanks for NOTHING (0)

Anonymous Coward | about 5 months ago | (#47001747)

"It's only a little bit evil"

Ayn Rand Quote Time (2, Interesting)

bmajik (96670) | about 5 months ago | (#47001875)

Oh look. Here's a whole _page_ of Ayn Rand quotes about compromise

In any compromise between good and evil, it is only evil that can profit

or...

Contrary to the fanatical belief of its advocates, compromise [on basic principles] does not satisfy, but dissatisfies everybody; it does not lead to general fulfillment, but to general frustration; those who try to be all things to all men, end up by not being anything to anyone. And more: the partial victory of an unjust claim, encourages the claimant to try further; the partial defeat of a just claim, discourages and paralyzes the victim.

http://aynrandlexicon.com/lexi... [aynrandlexicon.com]

Many folks have a go at the idea that they can somehow tame evil or compromise with it without being tainted too much. I'm not sure this has ever really worked out.

There is a lot to like about the Richard Stallmans of the world. They are clear about the what and the why, and they stick to their guns.

Re:Ayn Rand Quote Time (1, Troll)

Jeff Flanagan (2981883) | about 5 months ago | (#47001961)

You don't think quoting a crank is insightful or useful in any way, do you?

Seriously, why would you want to quote someone as foolish and hypocritical as Ayn Rand?

Re:Ayn Rand Quote Time (5, Funny)

Anonymous Coward | about 5 months ago | (#47002099)

You don't think quoting a crank is insightful or useful in any way, do you?

 

No, but I just did so anyway.

Re:Ayn Rand Quote Time (0)

Anonymous Coward | about 5 months ago | (#47002257)

Even a broken clock is right two times a day. If you have something to contribute why those specific quotes are foolish or hypocritical then do that, instead of making baseless ad hominem attacks.

Re:Ayn Rand Quote Time (0)

Anonymous Coward | about 5 months ago | (#47002407)

If someone asks you the time and you point to a broken clock, the burden is on you to say why anyone should listen to your opinion on the time, given that your clock is broken.

If you say "Hey! How do you know it isn't one of the two times a day the clock is right???" you are either an idiot or a huckster.

Re:Ayn Rand Quote Time (2, Insightful)

bmajik (96670) | about 5 months ago | (#47002301)

Obviously, because I think she's neither foolish nor hypocritical.

There's a class of people who respond to Ayn Rand with ad hominem. Which is funny -- She wrote a lot of pages -- more than I care to read in one sitting. In all that, somewhere, you'd think there's be fertile soil for a response more intellectually stimulating than, "she's a crank".

Fault her for whatever reasons you've faulted her, but to me, nobody has more constancy and conviction in their writing in favor of doing the right things for the right reasons. The importance of principle is central to everything she ever wrote.

The Mozilla conversation is about principle vs. pragmatism, and I think her quotes on the topic are highly relevant.

Re:Ayn Rand Quote Time (1)

BitZtream (692029) | about 5 months ago | (#47002657)

you'd think there's be fertile soil for a response more intellectually stimulating than, "she's a crank".

You'd think that people who think she's neither foolish nor hypocritical would realize how wrong they are when they realize that in all that writing ... the only response needed is 'she's a crank'.

Though I prefer the word quack to describe her and what she spewed.

Re:Ayn Rand Quote Time (1)

chefmonkey (140671) | about 5 months ago | (#47002039)

There is a lot to like about the Richard Stallmans of the world. They are clear about the what and the why, and they stick to their guns.

And that's why Gnu Hurd is a viable desktop alternative to Windows and OS X, and is so influential in what happens in operating systems at large.

Without the snark: if you have no measurable market share, you don't have any measurable market influence. If people can watch Netflix on Chrome, IE, and Safari, but not on Firefox, what do you think happens? How much impact can Mozilla have if Firefox becomes the Gnu Hurd of the browser world?

Re:Ayn Rand Quote Time (3, Insightful)

bmajik (96670) | about 5 months ago | (#47002245)

The Hurd isn't a viable alternative because it isn't needed.

Stallman had a vision of a completely free as in speech computer system. When he started, that meant, OS, tools, and application software.

It was a radical strawman against the beginnings of an industry of for-profit software with intellectual property laws.

It turns out that Stallman and his friends created the programmable editor, the compiler suite, the tool chain, the user-space unix tooling..

and them some Finnish guy and his friends came along and made the OS kernel.

The point is that now, not only is there a free OS and development tool chain -- more successful than Stallman could have ever managed -- there is an entire philosophy around free-as-in-speech software.

Stallman has been more influential on how we think about an use computer software than arguably just about anyone. I would at least put him in the same room as a Woz or a Bill Gates.

The market share of Hurd is the wrong metric. The fact that my company -- Microsoft -- is releasing more and more of our stuff as free-as-in-speech software -- that's the metric.

Let's objectively look at what Stallman started.

Let's use this metric: how many Fortune 100 companies have capitulated to _your_ philosophical demands?

Re:Ayn Rand Quote Time (1)

chefmonkey (140671) | about 5 months ago | (#47002467)

That's utter revisionist claptrap.

Stallman's uncompromising stance is pretty evident in the GPL, which is a relatively minor player when compared against more permissive licenses (MIT, Apache, BSD, and -- relevant to the conversation at hand -- MPL). These licenses, by allowing in the "little bit of evil" that is represented by allowing their use in commercial contexts, have been significantly more successful than GPL and similar viral attempts.

You can try to hold him out as a cheerleader in this arena, but in terms of "meeting his philosophical demands," how much of the stuff that Microsoft has released is under viral licenses like GPL?

RMS lost this battle, and it's completely because he won't take compromise of any kind. If the only two options were "closed source or GPL," then the open source movement would have died decades ago. The more compromising stance of organizations of MIT, Berkeley, Apache, and Mozilla -- and the myriad software projects that followed their lead -- is what changed the landscape.

Where's the progressive outrage machine when we ne (4, Insightful)

Lord Kano (13027) | about 5 months ago | (#47001763)

Mozilla just ousted their chair over something that screws over far fewer people than this.

LK

Re:Where's the progressive outrage machine when we (4, Informative)

Microlith (54737) | about 5 months ago | (#47002565)

Mozilla did not "oust" him. He stepped down after the wider community spoke up. This is being forced by a bunch of DRM happy corps (MS, Apple, Google) and their media industry buddies (Netflix, MPAA, et. al.)

Stupid, stupid, stupid. (1)

jnelson4765 (845296) | about 5 months ago | (#47001777)

You can either have open source or DRM - anything where the end user has control of the software can be broken, period. Trying to keep people from messing with your DRM is a losing battle, anyway - there are always more bored hackers that will break whatever scheme you come up with.

Beyond that, why would you bother with a browser-specific technology? It's yet another thing that looks shiny in the 'features' column but no one will ever use, because the market share is too low to justify it. Oh, and Microsoft and Apple will implement it differently, and Google won't bother. So, pissing off open source folks to implement a 'feature' that nobody will actually use?

Meh.

Re:Stupid, stupid, stupid. (1)

jader3rd (2222716) | about 5 months ago | (#47002005)

Beyond that, why would you bother with a browser-specific technology?

Given that not all browsers are able to implement the same set of features, nearly every feature is browser-specific.

SubjectsInCommentsAreStupid (0)

Anonymous Coward | about 5 months ago | (#47001797)

Sounds to me like this is just the first step in having a fork/modified version which simply takes this EME, wraps it in a custom sandbox of it's own, uses it as a black-box decryptor, and then saves the content locally.
Worst case, a user might need to *only* use this modified version, unless the unique device ID could be obtained/duplicated.
In addition, I could see this being useful for mobile devices - while rendering the entire video on the CPU is hard if not impossible, using an emulator/binary translator to emulate a sandbox for the EME to run on, and then pipe the decrypted data to the GPU seems doable.
This would work even if your EME was only Windows-specific(using Wine32 and QEMU).
For a non-supported X86 platform? Just use Wine32, no QEMU needed.

-RobbieThe1st

Re:SubjectsInCommentsAreStupid (0)

Anonymous Coward | about 5 months ago | (#47002479)

You know this is illegal, as per the DMCA. Are you sure you want to give Corrections Corporations of America the stock bump?

Personal DRM (5, Interesting)

Anonymous Coward | about 5 months ago | (#47001809)

What we need to do is figure out how to apply DRM to the personal information emanating from our machines. You will then be able to lawfully defend against those who profit from that information. Of course you could work out an arrangement to get a slice of the gross coinage as well ;).

Re:Personal DRM (-1)

Anonymous Coward | about 5 months ago | (#47002209)

It already exists, for the OS its called "LINUX", sometimes also "OPENBSD". For chat applications, its called "OTR". What we need is personal DRM in the Browser, in HTML. It is a very popular and very secure virtual machine. However, this is very hard, not just from a technological perspective, but also from a user interface perspective. How do you separate DRM content from non-DRM content? If you doubt how hard this is, just think of those ads offering a free "security scan" or of "download here" ads on the VLC download page at sf.net (Yes, sf is a sister of /.).
For most users, those who use 12345 as their password, personal DRM will be too complicated.

Re:Personal DRM (2)

ewieling (90662) | about 5 months ago | (#47002393)

Wrap your personal information inside some form of DRM and require acceptance of your EULA before opening it. Sort of a "technical jujitsu", take your opponents strengths and use it against them.

I wish I could do that to the DMV. Within a week of registering my car in FL I started receiving postal junk mail at my new address. I'd love to get involved in a class action lawsuit against them.

"given our vision of a completely open Web" (0)

Anonymous Coward | about 5 months ago | (#47001819)

that we are helping to destroy....

Re:"given our vision of a completely open Web" (1)

gl4ss (559668) | about 5 months ago | (#47002573)

yeah..
anyways, the idea is that closed source plugins would talk directly to signed video drivers.

now, nobody could have an open vision of web where thats feasible.

Pragmatic, makes sense. (0)

Anonymous Coward | about 5 months ago | (#47001833)

So it's a method to run untrusted, potentially hostile code in a jail to minimize the harm it can do to the user and the host system. (In an open source setting you must assume all closed code is hostile)

Can they do this to other plugins too? Like flash?

Re:Pragmatic, makes sense. (1)

CaptSlaq (1491233) | about 5 months ago | (#47001971)

So it's a method to run untrusted, potentially hostile code in a jail to minimize the harm it can do to the user and the host system. (In an open source setting you must assume all closed code is hostile)

Can they do this to other plugins too? Like flash?

All plugins that Firefox uses run in a separate container already. I do not know what the cost of jailing said container would be.

Native Client (1)

tepples (727027) | about 5 months ago | (#47002161)

All plugins that Firefox uses run in a separate container already. I do not know what the cost of jailing said container would be.

Google created Native Client [wikipedia.org] , which includes a statically verifiable subset of x86 instructions that a compiler can target, which makes a userspace jail straightforward to implement. Mozilla has no interest in implementing any of the Native Client stack [theregister.co.uk] . Instead, it wants people to compile C to JavaScript using Emscripten and then run that JavaScript in an optimizing virtual machine.

Re:Native Client (0)

Anonymous Coward | about 5 months ago | (#47002465)

Wrong. Firefox already sandboxes JS, so it's less painful to just compile things to JS than it is to create a whole new virtual machine to run Google's latest pet technology. NaCl is unnecessary for sandboxing, or much of anything. All it truly offers is a performance advantage, and even that's vanishing with asm.js.

Re:Native Client (1)

tepples (727027) | about 5 months ago | (#47002535)

Native Client is intended to allow native code to be sandboxed in the same way that the code to which JavaScript compiles is sandboxed.

Re:Native Client (0)

Anonymous Coward | about 5 months ago | (#47002633)

But that's irrelevant to the discussion. Mozilla already has a sandboxed environment for both JS and for NPAPI. I hardly think they need to implement NaCl for this, or anything really.

FFFFFFUUUUU (1)

GameboyRMH (1153867) | about 5 months ago | (#47001843)

As I said before, this is an ideological loss for no practical gain. Now that we've lost, let's release browser plugins to break the shit out of EME, forcing DRM back into shitty proprietary browser extensions that have to be installed one user at a time!

Will there be a way to explicitly get rid of it? (0)

Anonymous Coward | about 5 months ago | (#47001845)

I don't even want to risk loading a DRM'ed bit from a website.

(but given that FF even ditched the "turn off Javascript" UI I'm less-than-enthusiastic).

Oh boy, here we go. (0)

Anonymous Coward | about 5 months ago | (#47001863)

Cue the idiots who aren't happy with Mozilla letting them wholly disable it, and would rather Firefox die a slow death with the bulk of users as long as it fondles their testicles for a little while longer.

Not One Step Back (1)

Rhymoid (3568547) | about 5 months ago | (#47001905)

Of course, it's useful to cooperate and work on standards, but when you put that above your own principles -- in the case of Mozilla, that should be "an open and accessible internet [mozilla.org] " -- you're essentially dead.

If W3C institutes a bad standard, you don't have to follow them. Instead, Mozilla should've told them that they're not following suit, or even that this is the last drop and W3C can go fuck itself, and find a more creative solution to the problem of financing the internet's infrastructure.

I don't like DRM either (1)

rujasu (3450319) | about 5 months ago | (#47001909)

But this is an open-source browser we're talking about. If we don't want DRM, we can make a build of it without the DRM piece.

Companies will use DRM schemes whether they're supported by browsers or not. I don't entirely agree with Firefox deciding to implement EME, but it doesn't actually matter all that much.

Re:I don't like DRM either (1)

chefmonkey (140671) | about 5 months ago | (#47002075)

But this is an open-source browser we're talking about. If we don't want DRM, we can make a build of it without the DRM piece.

Or, even better, when it asks you if you want to turn the DRM feature on, click "no." No compiler needed.

Re:I don't like DRM either (5, Insightful)

Anonymous Coward | about 5 months ago | (#47002115)

But this is an open-source browser we're talking about. If we don't want DRM, we can make a build of it without the DRM piece.

Being open-source has nothing to do with this. The number of people who will use a fork is essentially zero when compared to Firefox's total userbase.

The problem is that Mozilla has thrown away the power that comes from being able to speak for hundreds of millions of users out of fear of losing some of those users. That's a path to irrelevancy, they've traded the vision that made them popular in the first place for the hope of maintaining marketshare. It is a total MBA move, as if Mozilla should be driven by profits instead of advocacy.

Similar to Google's "Do No Evil" (0)

Anonymous Coward | about 5 months ago | (#47001931)

This will only open the doors for them to be steamrolled by the money makers. Anyone who is head of the pack in anything is eventually overcome by their need for survival when big money comes along and throws its weight in the arena.

Open Source Browser (3, Insightful)

Drethon (1445051) | about 5 months ago | (#47001959)

How long before someone codes a module to bypass the DRM handling?

Making bug reporting illegal?! (4, Interesting)

Anonymous Coward | about 5 months ago | (#47001967)

From Cory Doctorow's article today [theguardian.com] ...

...the Adobe module is not only closed source, it is also protected by controversial global laws that threaten security researchers who publish information about its security flaws.

These laws â" the US Digital Millennium Copyright Act, the European EUCD, Canadaâ(TM)s C-11 and so on â" prohibit revealing information that can be used to weaken DRM, and previous security researchers who disclosed information about vulnerabilities in DRM have been threatened and prosecuted.

This created a chilling effect on the publication of vulnerabilities in DRM, even where these put users at risk from hackers. For example, when word got out that Sony BMG had infected millions of computers with an illegal rootkit to stop (legal) audio CD ripping, security researchers stepped forward to disclose that theyâ(TM)d known about the rootkit but had been afraid to say anything about it.

This gap between discovery and disclosure allowed the Sony rootkit to become a global pandemic that infected hundreds of thousands of US military and government networks. Virus writers used the Sony rootkit to cloak their own software and attack vulnerable systems.

The inclusion of Adobeâ(TM)s DRM in Firefox means that Mozilla will be putting millions of its users in a position where they are running code whose bugs are illegal to report.

IceWease (0)

Anonymous Coward | about 5 months ago | (#47001981)

IceWease....instead of the fox...

Re:IceWease (1)

kthreadd (1558445) | about 5 months ago | (#47002139)

Not to mention GnuZilla [gnu.org] .

Re:IceWease (1)

kthreadd (1558445) | about 5 months ago | (#47002561)

Hmm, looks like it's not updated anymore so probably not ideal.

dumb (3, Interesting)

Charliemopps (1157495) | about 5 months ago | (#47001985)

Rather that deal with it in such a complex way, they should just do what linux did for years with MP3s. Popup box "This is an MP3, we can install the thing you need to listen to it, but it's not open source. Do you want it? Yes/No" Simple as that. Let users chose. I don't see how this is any different.

Then they can let their plugin community quietly subvert the entire mechanism, just like they have everything else, and the industry will abandon it.

Re:dumb (0)

Anonymous Coward | about 5 months ago | (#47002449)

They are doing EXACTLY that.

"As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent."

Finally no more plugins (1)

Anonymous Coward | about 5 months ago | (#47002009)

They left the best part of the article out: with the move to EME we finally can get away from those lousy insecure plugins from Adobe. All thanks to our new CDM from Adobe! ... Oh wait. n/m.

Lying with the dogs (0)

Anonymous Coward | about 5 months ago | (#47002035)

When you lie down with the dogs, you get up with fleas.

(Interestingly the captcha is scratchy)

Re:Lying with the dogs (0)

Anonymous Coward | about 5 months ago | (#47002435)

>When you lie down with the dogs, you get up with fleas

When you fly down with logs, you debt up with geese.

More software casualties coming your way (0)

Anonymous Coward | about 5 months ago | (#47002181)

Retarded UI/UX designers who have nothing better to do and want to justify their superfluous existence via 'innovation'.

Happened with those Linux desktop environments, happened with Ubuntu Unity, happened with Windows 8, happened with Firefox 29.

Up next... Winamp?

http://www.winamp.com/

"WE ARE WORKING HARD TO REENERGIZE WINAMP!", so it says. I predict incoming bullshit.

When you let marketing hipsters call the shots in a tech company and steer it into the direction they wish to go, bad things happen.

system test (0)

Anonymous Coward | about 5 months ago | (#47002255)

testing, please ignore (and / or mod down as you please)

So this is what happens when Brendan Eich leaves (2)

RR (64484) | about 5 months ago | (#47002261)

Brendan Eich may have had some opinions that people don't like, but at least he stuck to his morals. Now that he's gone, the new CTO, this Andreas Gal, seems more likely to compromise. DRM is evil, but Dr. Gal thinks he's clever, and is trying to wrap it in an open-source sandbox. Let the exploits come.

Oh well, now I do have an actual reason to boycott Firefox.

Fine for me. (1)

Psicopatico (1005433) | about 5 months ago | (#47002273)

Fine for me.

But relase this stuff as an extension.
An "Official Extension" written directly by Mozilla, properly advertised and recommended and all that, if you wish. But make an extension.

Then watch the % of users using it (and laugh, but that's IMHO).

Gotta love the Ministry of Truth over at Mozilla (0)

Anonymous Coward | about 5 months ago | (#47002295)

Look at them spin it as though DRM is a good thing.

DRM is a disease. There should be zero tolerance for it.

This is why Steam and various consoles love to release half-baked games and then ask you to cough up more money for DLCs.

This is why some games need you to have an always-on Internet connection, and you cannot play a game through LAN.

Windows Genuine Advantage. StarForce, Cinavia... I can go on and on.

How you have fallen, Mozilla. I can't wait to see your demise.

Just the tip (0)

Anonymous Coward | about 5 months ago | (#47002367)

This is a difficult and uncomfortable step for us given our vision of a completely rape-free ass, but it also gives us the opportunity to actually shape the massive dong and be an advocate for our users and their rights in this debate.

Is it time to fork HTML, one version for the corporations, one for human beings?

if browser mfgs. do this (1)

Greg L. Huddleston (3647953) | about 5 months ago | (#47002389)

if/when browser mfgs. do this -- I will simply keep switching browsers. Plain and simple. When they all do this I will write my own //GH

Translation: (1)

wile_e8 (958263) | about 5 months ago | (#47002427)

Mozilla would have preferred to see the content industry move away from locking content to a specific device (so called node-locking), and worked to provide alternatives.

Instead, this approach has now been enshrined in the W3C EME specification. With Google and Microsoft shipping W3C EME and content providers moving over their content from plugins to W3C EME Firefox users are at risk of not being able to access DRM restricted content (e.g. Netflix, Amazon Video, Hulu), which can make up more than 30% of the downstream traffic in North America.

Translation: We don't like this, but if we boycott it we are going to lose users to browsers run by companies more concerned about keeping media companies happy so they can keep licensing content.

Oops (1)

wile_e8 (958263) | about 5 months ago | (#47002539)

Or I could have just kept reading to the next line where they say pretty much the same thing.

Re:Translation: (1)

93 Escort Wagon (326346) | about 5 months ago | (#47002605)

Although until they start supporting h.264 and h.265, isn't this whole discussion a bit premature?

Shape (1)

Fly Ricky - The Wine (590782) | about 5 months ago | (#47002521)

They can shape the DRM space by refusing to accommodate it. Anything else is de facto acceptance of it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?