Linked by Kroc Camen on Sun 5th Dec 2010 21:13 UTC
Google Google have agreed, for a yet-announced sum, to acquire Widevine, a DRM technology provider used widely in web-streaming and set-top solutions like netflix, LOVEFiLM and the DISH network. via Engadget
Order by: Score:
I donder what this means?
by cmost on Sun 5th Dec 2010 22:50 UTC
cmost
Member since:
2006-07-16

Does this mean that we might finally see stuff like Netflix 'Play Instantly' on Linux? It'd be about time. I looks like flying monkeys might overtake Manhattan before Microsoft releases a Linux Silverlight port. Moonlight is a lost cause with that regard. I'll be watching this!

Reply Score: 3

RE: I donder what this means?
by Kroc on Sun 5th Dec 2010 23:02 UTC in reply to "I donder what this means?"
Kroc Member since:
2005-11-10

Android and Chrome OS are Linux, and I expect a number of set-top boxes are Linux under the hood too. It's really up to Google how easily they want to enable this DRM outside of official circles. Even if it's a binary blog, as long as it has the relevant interfaces, I'm sure a hacker could whip up a wrapper. On the other hand, Google are making Chrome browser for Linux, so it would be odd for that to exclude the same featureset as the Windows / Mac version.

Reply Score: 1

RE[2]: I donder what this means?
by Lennie on Mon 6th Dec 2010 00:49 UTC in reply to "RE: I donder what this means?"
Lennie Member since:
2007-09-22

Yes, many set-top boxes are Linux based, also many HD-TVs which will get Webapps and what not buildin (for example look at the Boxee Box also Linux based). Also the WebOS-based phones from Palm. Also, most use WebKit 'browser'-engine. Many different versions and capabilities, but all the same basic engine nonetheless.

Concerning this step by Google I'm not sure if this is a good or bad thing, I guess we'll have to see.

The question is, if Google will provide this DRM-blob for many platforms and browsers or even open source it like WebM.

Currently some are Silverlight and others are flash or some specific plugin (rare ?) and if we can get rid of that with just a normal video-tag. That would be really cool. But how something like that would received by Mozilla I don't know.

I wonder what Netflix will eventually do, if they've already build everything else in HTML5:

http://techblog.netflix.com/2010/12/why-we-choose-html5-for-user.ht...
http://blog.us.playstation.com/2010/10/14/netflixps3/

My guess is, they will start with content for Google TV and start from their.

Reply Score: 2

RE[3]: I donder what this means?
by Lennie on Mon 6th Dec 2010 01:15 UTC in reply to "RE[2]: I donder what this means?"
Lennie Member since:
2007-09-22

I should add, Webkit should not become the new IE-only-like-world.

Reply Score: 3

RE[4]: I donder what this means?
by pgeorgi on Mon 6th Dec 2010 11:49 UTC in reply to "RE[3]: I donder what this means?"
pgeorgi Member since:
2010-02-18

I should add, Webkit should not become the new IE-only-like-world.

That's like POSIX vs. Linux:
POSIX was single standard, multiple implementations. That model was dropped by most UNIX vendors (ie. POSIX implementers) when they moved to Linux: The implementation is the standard.


HTML vs. webkit is the same: Do you want a single (multivendor) standard, or a single (multivendor) implementation?

Reply Score: 1

google_ninja Member since:
2006-02-05

I think it was amazing if webkit was the only engine, especially since there are multiple vendors using it.

Reply Score: 1

Valhalla Member since:
2006-01-24


The question is, if Google will provide this DRM-blob for many platforms and browsers or even open source it like WebM.

Yes, this strikes me as the logical conclusion made from this aquisition. However I seriously doubt the would open source this DRM mechanism since DRM by it's very nature depends on obcsurity, likely it will be as you said, a binary blob that's available on all major platforms. Still, they would be able to offer DRM together with WebM across all platforms which would allow commercial content providers the possibility to switch to WEBM/vp8 from flash/h264 if they so wish and avoid the licencing costs for h264.

Reply Score: 3

anda_skoa Member since:
2005-07-07

...DRM by it's very nature depends on obcsurity...


I agree with the rest of your comment but this part is not entirely accurate.

While it is of course true that current DRM schemes deploy obscurity as one of their "technologies", this is not an inherent necessity.

DRM is an umbrella of different goals and depending which goals one wants to achieve, obscurity might or might not be necessary.

One of the usual goals is to distribute content in a way that ensures that the designated recipient is the only one getting it.

This part has been solved for decades, no obscurity required, as a technique called cryptography. It allows two sides of a content exchange to authenticate each other and transfer any communication in a way that it cannot be (withing reasonable time) interpreted by any third party.

This goal is usually the one brought forward when DRM is sold as feature or requirement, however none (to my knowledge) of currently existing DRM schemes implements this correctly enought to count as secure so they need the extra layer of obscurity to at least reach an acceptable level of security.

Just like with any other form of crypthography, a fully open specification and implementation is achievable, unless one of the other goals of DRM prohibits that.

The most common goal prohibiting an open specification and/or implementation is control of participation.

Meaning that the entities involved with a certain DRM scheme do not want anyone else to be able to provide any part of the delivery chain.

This ensures that content distribution is either controlled by a few or "unprotected".

That is by far the most major concern of traditional content providers (high threshold entry for new competitors) and also the reason why DRM is almost exclusively discussed in terms of "piracy" or similar, e.g. focusing on the consumer side.

Reply Score: 2

Valhalla Member since:
2006-01-24

"...DRM by it's very nature depends on obcsurity...


I agree with the rest of your comment but this part is not entirely accurate.

One of the usual goals is to distribute content in a way that ensures that the designated recipient is the only one getting it.

This part has been solved for decades, no obscurity required, as a technique called cryptography. It allows two sides of a content exchange to authenticate each other and transfer any communication in a way that it cannot be (withing reasonable time) interpreted by any third party.
"
True, but that is not the case here, since the binary blob will hold the decryption key(s), and it will be obscured so that the recipicent can only access the media through said binary blob.

If they were to open source the DRM you would see the decryption key(s) (or more likely the mechanism to generate them from incoming data) and then the providers would not be able to control the access to the media since any programmer could write a program to decrypt the data.

Unlike the case you described DRM is not really there to stop anyone from sniffing out data between A and B, it's there to make sure that B can only access the data from A at A's leisure.

Reply Score: 2

anda_skoa Member since:
2005-07-07


True, but that is not the case here, since the binary blob will hold the decryption key(s), and it will be obscured so that the recipicent can only access the media through said binary blob.


Yes, I know. I probably wasn't clear enough on that, sorry.

What I was trying to say is that securing data flow is a well understood concept and does not require the algorithms or implementations to be unknown to any third party.
The security lies in the knowledge of the key shared between the two involved communication partners.

By embedding the key into the implementation they artificially force it to become unsharable.

Which, as I tried to point out, is the whole purpose of the idea of DRM. Protecting the content, which is usually what they claim to be after, can be done with open specification and implementation as proven by decades of research and praktical use.


If they were to open source the DRM you would see the decryption key(s) (or more likely the mechanism to generate them from incoming data) and then the providers would not be able to control the access to the media since any programmer could write a program to decrypt the data.

There is no harm in third parties being able to implement decryption because, as we have established, the confidentiality of the data is provided by the key.

Secure Key exchange is also a well established concept in computer based crypthography, I am not suggesting they put up all their keys for download.

Whether or not a service provider accepts a key or exchanges a key with any given recipient at any given time is orthogonal to the use of the key as long as it is cleared for access.


Unlike the case you described DRM is not really there to stop anyone from sniffing out data between A and B, it's there to make sure that B can only access the data from A at A's leisure.


Yes and no.

What I attempted to point out is that in contrast to the usual explainations why somebody deploys DRM and what they are actually after.

The given reason is usually something like "making sure the content is only consumed according to given licence", while it is actually "making sure nobody but themselved can participate in the delivery chain".

The latter requires to keep internal knowledge secret, the former only requires to establish the eligibility of the recipient for the given time period.

And widely deployed cryptography uses that every single day, without requiring security by obscurity.

To sum that up:
- DRM for the stated reasons of content owners can be done without obscurity

- the fact that this is not done and quite often dismissed as impossible clearly shows that some unstated reason is at stake (it could be a different one than the one I mentioned above, though)

Reply Score: 2

RE[4]: I donder what this means?
by lemur2 on Tue 7th Dec 2010 04:51 UTC in reply to "RE[3]: I donder what this means?"
lemur2 Member since:
2007-02-17

" The question is, if Google will provide this DRM-blob for many platforms and browsers or even open source it like WebM.
Yes, this strikes me as the logical conclusion made from this aquisition. However I seriously doubt the would open source this DRM mechanism since DRM by it's very nature depends on obcsurity, likely it will be as you said, a binary blob that's available on all major platforms. Still, they would be able to offer DRM together with WebM across all platforms which would allow commercial content providers the possibility to switch to WEBM/vp8 from flash/h264 if they so wish and avoid the licencing costs for h264. "

Although WebM is open source from Google, it is distributed under a BSD-style license. Unlike the GPL license, one is not required to provide source code for derived works.

Therefore, DRM-encumbered closed-source versions of WebM are possible.

Indeed, when WebM was announced, Adobe promised a version of their Flash player that could handle either H.264 or WebM. Such a version of Flash could indeed handle DRM-encumbered Flash/WebM.

So, apart from the current choices of HTML5/WebM or Flash/h264, there are also choices of HTML5/h264 (Apple's solution for having no Flash on iDevices), HTML5/WebM with DRM, or Flash/WebM with or without DRM.

The latter choices are possible, but are not yet available.

Reply Score: 2

jabbotts Member since:
2007-09-06

My first post was going to be "so, does this mean they'll make it easy for Netflix to accept a *nix native client?"

I see that idea has already been considered.

Specific to Netflix; the choice to lack *nix support remains theirs. Tivo is a Linux based box as is the Wii (I think) and the PS3 is definitely a Linux based underside; all have Netflix players readily available.

It's never been a technological problem. They had DRM'd netflix stuff on *nix devices long ago. It's simply a political choice not to make a native player for the unblessed non-embedded distributions.

Now, my understanding is that Netflix uses Silverlight DRM and front end coding. They've had a ton of developers offering to help implement the DRM within Moonlight for general use across distributions. Either netflix continues to ignore that there are any paying customers not using Windows or Microsoft has blessed the DRM on specific embedded *nix builds but won't allow it for general consumption. I'll let the conspiracy folk decide which.

If the DRM netflix is using is what Google just purchased then it would be very interesting indeed if they relicensed it. Heck, it could become one of the most effective DRM frameworks if the security nerds are allowed to dig into it and submit improvements.

Reply Score: 3

anda_skoa Member since:
2005-07-07

Now, my understanding is that Netflix uses Silverlight DRM and front end coding. They've had a ton of developers offering to help implement the DRM within Moonlight for general use across distributions. Either netflix continues to ignore that there are any paying customers not using Windows or Microsoft has blessed the DRM on specific embedded *nix builds but won't allow it for general consumption. I'll let the conspiracy folk decide which.


No need for conspiracy theories for that one:
http://www.mono-project.com/Moonlight/SecurityStatus#Digital_Rights...

Microsoft will not licence PlayReady related IP to anyone working on a PC like environment, thus making their own Silverlight the only PC (including Mac AFAIK) recipient for PlayReady content.

Now, we could come up with some conspiracy theories why they decided to do that. Not that we would need any guessing.

Reply Score: 3

Lennie Member since:
2007-09-22

The playstation CAN run Linux, but I don't think it does with the 'default install'. The Wii isn't either as far as I know.

Reply Score: 2

Interesting Theory
by RichterKuato on Sun 5th Dec 2010 23:30 UTC
RichterKuato
Member since:
2010-05-14

I have a similar theory. I think Google might make a plugin for their DRM technology and bundle it with Chrome and start using it on their Youtube Store and TV Shows. In order to reduce their dependence on Flash for the same thing.

So when they inevitably roll out their HTML5 version of Youtube they wouldn't be without all the licensed content they've been providing.

But it could just be that Widevine has a relationship with Big Content and Google wants in on that. (So they won't be blocked by them)

Edited 2010-12-05 23:31 UTC

Reply Score: 2

I stopped caring
by Zifre on Mon 6th Dec 2010 01:24 UTC
Zifre
Member since:
2009-10-04

I used to make a big deal about DRM, but honestly, I stopped caring quite a while ago.

I decided to just boycott all non-easily circumventable DRM (e.g. all but DVDs). And I found that I didn't miss anything. 90% of big content is junk, and the rest is still really just not worth the time.

Maybe some people are different, but if I have half an hour of free time, there are plenty of things that I can do that I will enjoy a heck of a lot more than watching a TV show. For example: ride a bike, read a book, study a foreign language, go for a run, talk to people, write a poem, sleep ;) , or play a game. I found that I am not bored or unhappy nearly as much as I was before.

I guess this might seem to be a bit of an overreaction to something as simple as one company buying another, but I just think that people in general spend way too much time passively absorbing popular entertainment, and not enough time doing the things that actually make them happy. It's not like watching TV shows is something that we have to do, like work or school.

Reply Score: 8

RE: I stopped caring
by Hypnos on Mon 6th Dec 2010 02:03 UTC in reply to "I stopped caring"
Hypnos Member since:
2008-11-19

I agree with you wholeheartedly -- except House, that's thoughtful entertainment.

That's is the problem: even you practice a balanced, healthful, enlightening lifestyle, TV is such a ubiquitous medium you're missing out on something good. If there's another show like Cosmos, I'd like my (hypothetical) kids to see it and then go to school and talk about it with their friends.

Reply Score: 2

RE: I stopped caring
by oinet on Tue 7th Dec 2010 19:47 UTC in reply to "I stopped caring"
oinet Member since:
2010-03-23

It's not like watching TV shows is something that we have to do, like work or school.


I really HAVE TO watch "The Walking Dead", even though the season is all over... ;)

Reply Score: 1

LOL. Secure Delivery.
by UltraZelda64 on Mon 6th Dec 2010 13:57 UTC
UltraZelda64
Member since:
2006-12-05

Imagine "secure delivery" in the form of traditional mail services. It would probably be something like, you get the envelope out of the mailbox and take it inside. Then when you open it, it blows up in your face. Boom! Secure delivery! Now you are dead and the information is destroyed--so no one knows any top-secret information.

Seriously... f*** DRM. Google loses even more respect in my eyes for this, but I really kind of seen it coming. It's quickly getting to the point that I want a different search engine, but the other major alternative is Microso--er, Bing. I have yet to hear of one as good as Google/Bing and when I do, it will only be a matter of time before their interests start conflicting with mine, then yet another engine will be needed. An annoying cycle.

Reply Score: 2

jabbotts Member since:
2007-09-06

DRM itself is not good or evil; it just is. The problem is how many choose to implement a DRM framework.

I wouldn't call Google evil for buying a DRM framework. Let's wait and see what they do with it. Maybe what they do will actually gain you some respect for them similar to releasing WebM relicensed.

Of course, if they do use the new purchase to limit end user rights then I'm right with you and the pitchforks.

Reply Score: 4

Kroc Member since:
2005-11-10

"if they do use the new purchase to limit end user rights then I'm right with you and the pitchforks."

I’ve not known a DRM scheme that opens rights that weren’t there before by default. Isn’t the purpose of DRM to limit end user rights? What else will Google do with DRM, _other_ than limit rights? It boils down to how rude they are going to be about implementing it. They could shun desktop Linux and cause a ruckus, or embrace it and please Linux users by making Netflix and the like available.

Reply Score: 1

jabbotts Member since:
2007-09-06

If Google relicensed the source, we may end up with a well designed DRM scheme not limited to a particular OS. As much as I hate the purpose of DRM, I'm more restricted by not having the framework in place to access content. Maybe this could grow to be a competitor the big content recognizes; those "digital copies" that all the BR/DVD bundles now include would be great accept for the current DRM not supporting my OS.

DRM limiting what I can do within fair-use sucks. Lack of support for DRM limiting any use sucks more.

Reply Score: 2

UltraZelda64 Member since:
2006-12-05

DRM limiting what I can do within fair-use sucks.

Yes it does.

Lack of support for DRM limiting any use sucks more.

True again, but I'll take a file without DRM or no file at all over a file scrambled with it. That includes illegal versions over DRMed garbage.

I honestly don't care if there is some "open", cross-platform DRM solution... I still won't touch it with a ten foot pole. Besides, that would probably be unlikely if not impossible, because if it's open it could probably be defeated easily. Not that it's not already, you know, easy enough for someone who wants to strip or bypass DRM to accomplish this task with all the closed options that exist today...

Reply Score: 2

jabbotts Member since:
2007-09-06

You suggest that the only outcome of open source DRM would be "defeated easily"? DRM is an end user hostile implementation of encryption. Encryption is not considered strong without transparency and peer review; "should be secure with everything known except the key" or "the enemy knows the system" for a shortened re-wording.

Given how FOSS has tackled past encryption (SSH, Truecrypt..), there is potential to deliver a well designed cross platform DRM framework which does not rely on obscurity of the mechanism.

Reply Score: 2

lemur2 Member since:
2007-02-17

Given how FOSS has tackled past encryption (SSH, Truecrypt..), there is potential to deliver a well designed cross platform DRM framework which does not rely on obscurity of the mechanism.


The decryption step is not necessarily the problem. In order to actually see the video on a client system, at some point there must be an un-encrypted version of the data stream present on the end user's system. This is the output of decryption, if you will.

If that point of a plaintext data stream is within the control of a binary blob, then the end user might still be prohibited from snooping and saving a copy of it. This probably requires co-operation of the OS.

If the plaintext stream is only present on the video card itself, it might feasibly be kept from access by the end user, but this would probably require a closed-source driver for the video card.

Linux distributions are beginning to ship with open source video card drivers.

It would presumably be possible to write an open source decryption algorithm for DRM video, but such an effort would necessarily result in the plaintext video data stream being visible at some point to the open source code. The content owners don't want that to happen.

When the content owners mention "Digital Rights Management", after all, they actually mean that their rights are protected, and that your rights as the end user are "managed" (read restricted). As someone else said, DRM is an end-user-hostile implementation of encryption.

FOSS software, OTOH, is all about protecting your rights as the end user / machine owner.

There is a fundamental disconnect here.

Edited 2010-12-07 05:10 UTC

Reply Score: 2

jabbotts Member since:
2007-09-06

My comment was in reply to this particular thought from UBZ:

"
Besides, that would probably be unlikely if not impossible, because if it's open it could probably be defeated easily. Not that it's not already, you know, easy enough for someone who wants to strip or bypass DRM to accomplish this task with all the closed options that exist today...
"

Suggesting that because the mechanism (source coded method) is "open", it must therefore be defeated easily. My thought is that because the DRM mechanism would be open source, it would stand a chance to mature into a very solid DRM framework.

With your point I agree though because it addresses the inherent weakness of all DRM; it runs on the user's system and at some point must present cleartext.

Music; stereo out to stereo line in; done.
Video; tap the video cable if pre-hdmi; done.
DVD; wrap the viewer display in a sniffer; done.

In the same way, I don't think a closed source video driver would be required; again, it's about a mechanism that remains secure even though the source is readily available. If the system relies on obscurity like a closed binary blob then it may as well be a ROT13 module.

I do get the political angle. FOSS is about enabling the end user. When I have to reboot to Windows or leave my machine to fetch the Apple; I'm not feeling very enabled. When I can get the video file on one of those "blessed" platforms but still can't copy it to my NAS to feed the TV; I'm not feeling very enabled. When Netflix can't support a client for general purpose *nix because Microsoft refuses to license it's DRM to the "unblessed".. I'm not feeling very enabled.

I'm also very curious to see what kind of DRM framework comes out of FOSS and Cryptography development values. It's the security nerd in me; OpenSSH is pretty solid because of the development method.

Doesn't the Linux kernel use DRM for code signing? That kind of demonstrates that it's about how it's used more than being evil in and of itself.

(And me suggesting the use of DRM let along improved and effective DRM.. now that's just all kinds of world turned up side down. Maybe it's having kids not yet old enough for the "content creation rights" talk.)

Reply Score: 2

UltraZelda64 Member since:
2006-12-05

DRM itself is not good or evil; it just is.

DRM is DRM. I view it a firmly in the "evil" territory. Yeah, some things are neither good or evil, but sorry--DRM is NOT one of those things. It is practically never used for "good" reasons (from the perspective of the user, the recipient of audio/video/document in question). Only for corporate greed and control by mega entertainment corporations (which already have too much control to begin with).

Also, it's not just the DRM thing that is pissing me off. It's also their love of collecting data, which can be used for tracking Google search users. And the fact that Google themselves have stated that they would have no qualms about giving such data to, say, the government if they asked for it. By now it's obvious who Google is trying to please.... advertisers, media companies, themselves (obviously), governments, etc. Everyone but their general users.

Not to mention that it's just dumb; yeah, give the user the key to unlock the file, but forbid them from finding the key or unlocking it without *THEIR* direct permission and on the devices and operating systems that THEY say you can. Oh, after being forced to use *THEIR software to watch/listen/view the file. That is not neutral; it is evil. Plain and simple.

Reply Score: 3

At the risk of being slaughtered on here
by Lunitik on Mon 6th Dec 2010 17:27 UTC
Lunitik
Member since:
2005-08-07

Why do people hate DRM so much? The originators of the material have a RIGHT to control how their content is distributed. The only genuine reason to complain is because it makes it harder to steal content, hardly a valid reason to be angry. Instead of complaining, people ought to work closer to ensure DRM is available on all platforms as currently most Linux distros don't ship anything for accessing this material legally.

That being said, I don't think DRM should require any license in and of itself. It should only be used to ensure people have paid fair price for other material. That way, open source projects could still empower their users to not be left behind in content.

Reply Score: 1

phoenix Member since:
2005-07-11

Why do people hate DRM so much? The originators of the material have a RIGHT to control how their content is distributed.


How it is distributed, sure. But they have no right to control how I use that content once it is distributed to me. I am perfectly within my Fair Use rights to make a backup copy, transcode it to play on my portable device, burn it to a DVD to watch on the TV, etc.

Where DRM fails is that all the vendors try to control how I use the content once I have it in my possession. And by making it illegal for me to exercise my Fair Use rights (via the DMCA).

The only genuine reason to complain is because it makes it harder to steal content, hardly a valid reason to be angry.


No, DRM makes it harder for legitimate customers to do legitimate things with their legitimately purchased content.

Buy a Disney movie on DVD but want to rip it to your media server so that you can watch it on any PC/HTPC/TV in your house? Sorry, their DRM won't let you. Want to make a backup copy so that your 6-year old doesn't scratch up the original? Sorry, that's illegal under the DMCA. Want to do anything with your legally purchased copy? Too bad, not allowed.

It's now easier to do a Google search, download a torrent, and use that, then to use the legally purchased DVD/Blu-Ray. And when that happens, DRM has lost all meaning or purpose.

Reply Score: 3

0brad0 Member since:
2007-05-05

Why do people hate DRM so much? The originators of the material have a RIGHT to control how their content is distributed. The only genuine reason to complain is because it makes it harder to steal content, hardly a valid reason to be angry. Instead of complaining, people ought to work closer to ensure DRM is available on all platforms as currently most Linux distros don't ship anything for accessing this material legally.


I go and buy a BluRay disc.... I don't run Windows... I can't play a disc I just purchased. FAIL. So I'll steal the ripped content. The content creators created this retarded situation. Oh well. Fuck them.

BTW, I might consider DRM if it was completely open source otherwise its not coming anywhere near my system.

Reply Score: 1