This is known and well understood. Bitcoin's implementation consumes lots of energy.
There have been however lots of developments in the blockchain space, especially as it refers to different proof systems and algorithms. The alt-coins in general, though mostly badly viewed due to the often poor and sleazy behaviours, are a playing ground for exactly this kind of problem.
I won't give specific names because I'm not an advocate for any one in particular, but there are several other coins and implementations that try to do away with the energy consumption and improve scaling. Some have even gotten to the point of eliminating mining and transaction fees altogether (yup, zero fees: transfer value anywhere in the world, instantly, and pay absolutely nothing for doing so).
A quick google search should point you in the right direction if it sounds interesting.
If BTC has any value at all, then all other cryptocurrencies have at least some minimum value solely as a possible redundacy or replacement in case of emergency.
That's not the whole story though, some of these other cryptos also serve as a testbed for new concepts & improvements, differ in particular ways to better suit a specific purpose, target different markets, have different core values or are alltogether alternate technical implementations.
Each one of those nuances adds some deegree of value. As with any stock or other economic asset, their price today is not necessarily reflecting the value it has for practical use today, but rather the possibility that it will become necessary or more dominant in the future.
That's exactly what capital flight is (one of its forms), and what most thrid-world countries try to avoid by these banning practices. They (we) have shitty unstable currencies and broken banking systems that the people have no trust in, so they use their savings to buy USD (hard to do in these countries) or Bitcoin to maintain value. Note that money doesn't even need to leave the country for it to be a form of capital flight; just the fact alone that you're buying foreign currency or Bitcoin in a black market.
I consider this clickbait at this point.
This is the exact same thing that has been said during every single boom in Bitcoin's history.
You may like Bitcoin or not, but the concepts of cryptocurrencies and the technical development that the blockchain represents are here to stay. They are being adopted left and right by the banking sector all around the world.
"... the concepts of cryptocurrencies and the technical development that the blockchain represents are here to stay. They are being adopted left and right by the banking sector all around the world."
Fully agree - I don't agree however with how the most popular (which is the reason they're popular)a and how they are incentivized to transfer wealth unreasonably, wealth transferred weighted to the earlier you're an adopter. It's a global, decentralized Ponzi-like scheme. The banking sector are 'adopting' them as any large institution has a budget to try to understand something. All Fortune 1000 companies have money to play around and they'll need to be prepared for blockchain - however don't confuse that with a vote specifically for Bitcoin or Ethereum's Ether.
Saying cryptocurrencies have technical/economic value and that they are in a bubble of inflated value can both be true.
I've seen it likened to the Dot com bubble. Sure several groundbreaking titans of the Internet were founded during that time. They are valued as major players in the world economy. But there were many more that were inflated and the sector as a whole was inflated.
Now, if you're a savvy enough investor to be able to pick the eventual winners during a bubble, you'll come out great even after the crash. But if not, then you're just gambling. And the house will eventually win.
We're losing the internet day by day, if we haven't done so already.
I've seen people and posts here and there calling for attention on these issues, but imho it's all too subtle. We should start using harsher terminology for what's actually happening. This is flat out CORRUPTION, and I'm not seeing anyone express it as such.
It's probably too late already, and unfortunately, this is merely a reflection on what's happening in the world in the larger geo-political context. Corruption everywhere.
If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
This Web's about to be eaten by DRM and WebAssembly anyway. Pretty soon it'll just be a way to deliver QT apps (or some other framework that runs in WebAssembly and renders to OpenGL or similar) and video. A web where the only thing you'll find when you follow a link is more documents (or a download) and pages can't try to make your computer do a bunch of stuff you don't want it to would be nice to have again, and it's clear now that the system itself has to ban the capabilities that enable all the garbage, or it'll take over.
> If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
I already use noscript, but most people won't like having to hit 'temporarily allow' and reloading the page 1-3 times before most sites will function. Also, sites that lean heavily on trendy frameworks like fucking React often just white-screen because of their extreme reliance on JS. I'm hugely against its adoption for that reason, but I understand that I'm in the minority there.
I dunno, it just seems like common sense at this point. Javascript is a powerful attack vector, like ads. And many people already use adblockers in some capacity, for that kind of reason.
It'll definitely suck as HTML5's various peripheral features become strong and widely-used attack vectors.
I mean, if a site legitimately needs a large amount of dynamic communication back to the server... Fine, whitewall me until I enable your JavaScript. I understand that server-side rendering is basically dead. But it's really frustrating when it's things that could be easily served statically, like blogs.
Hey, I love ASP.NET as much as the next guy. But there's no mistaking the large trend from what used to be entirely server-side rendering (LAMP days) to REST services with JavaScript front-ends.
Ultimately, I think the failure of the open web runs deeper than that. When I visit, for example, a cookbook website, when I view a recipe, the problem isn't just that the site can run arbitrary scripts on my computer. It's also that I have no control over how that recipe displays because so much of that display is in HTML. I can't pull it into a useful format and store it with all my other recipes because it's in HTML. And contrary to its goals, HTML isn't a semantic markup language. I can't automatically convert imperial into metric units, because they aren't represented as measurements at all. I can't configure the display of the recipes for my nearsighted grandmother because that configuration happens when the recipe is rendered from a recipe document into an HTML document. The failure of the open web is that we need JavaScript to reasonably render the various kinds of documents which are being stripped of their metadata so they can be shoehorned into a non-semantic document format.
Removing JavaScript prevents malware and adware vendors from running their programs on our machines, but it doesn't empower users. We can control or data but we still can't analyze data websites give us.
The way forward, I think, is to create more standardized document types and let people build renderers for them. If I go to a cookbook website, I should be able to download recipe documents. If I don't like how my cookbook program renders the recipe, I should be able to download another program can render it. This breaks the power that websites have as the sole entities with the capability to render their documents, and gives the power back to users.
I'll repost a comment by mcphage on why this doesn't work, in general. TL;DR is that common ontologies sound great but don't work in reality, because it leaves no room for value-added services from individual providers. (Recipes would probably be OK, because there's just not a lot of value-add you can really provide. Or, alternatively, I'm just completely ignorant about how value could be added.)
I'm not sure this goal is very practical, even in the toy example you used (being able to swap data sources for weather forecasts).
If you can use a common vocabulary to access multiple APIs, that requires that all APIs implement the same feature set. Which means getting the API sources to agree on the features to implement, and how to describe them, and stop them from adding any features on that the others don't have. But of course, they'll all be motivated to add their own features, to distinguish themselves from their competition.
And once a API consumer is using a feature that other API producers don't support, then the consumer is locked into that producer, and the whole shared vocabulary is for naught. And of course the API consumers will be looking for additional features, because those translate into features that they can offer to their customers.
Basically, this requires API producers to work together to hobble their ability to meet their customers' needs, all to make it easier for their customers to drop them for a competing endpoint. So it looks like a net negative for everybody.
To still allow for competition, you define a base feature set and representation, and then you allow vendor extensions. You need some sort of standards body that can promote vendor extensions to standardized, supported things. And clients can choose to support whatever (or no) vendor extensions that they want to.
However, I agree with you that it's not very practical, but for different reasons: 1) competitors don't necessarily like to cooperate to that level and 2) it will slow down progress a lot, which is a decently good reason for #1. And 3), which I think is the big one:
Companies doing this stuff really don't want standards if they're the first-mover, because standards necessarily enable competition. If I'm an anti-competitive producer (or even just a producer that doesn't mind competition, but wants to maintain a head start long enough to secure a market position), I don't want to start off with a standard: I want to do my own thing, and get people to adopt it, and then I can lock them in, at least temporarily. If someone comes along later and clones my format, that's fine, but they have to do work to figure it out, and I still own the format, so I'm naturally ahead.
> To still allow for competition, you define a base feature set and representation, and then you allow vendor extensions. You need some sort of standards body that can promote vendor extensions to standardized, supported things. And clients can choose to support whatever (or no) vendor extensions that they want to.
Right. The problem is in the first step. The moment a consumer likes a vendor extension and begins relying on it, they are locked in until the standards body gets around to standardizing it. So all this cooperation to pick a standard and maintain it, and consumers still end up locked in because they like certain extensions more than others. And software providers for consumers still have to write individualized support for all the providers to in order to manage all their extensions.
So all these cycles went to building a standard, and where's the actual win? We still have handlers customized to individual providers. We still have consumers choosing to rely on singular providers.
That's just the tradeoff you make. The lock-in is only temporary until the new feature is standardized. If users like the non-standard feature enough to use it and want it in the standard, then it's a good thing. Otherwise you end up with stagnant crap and no innovation.
Yes, this model makes it so content creators actually have to create content or their customers will drop them for a better content creator. That sounds great for users.
I'm not sure why I should care that a few user-hostile rent-seeking entities won't have complete control of the internet anymore.
The API extensions causing vendor lock-in complaint is fairly bogus. Features would be driven by the content renderers, not the content creators. It's that very abdication of power that browsers have given to content creators that the system I'm proposing would avoid.
An interesting choice of example because recipes are one of the best defined and used micro formats on schema.org and used practically by google (which encourages adoption). Writing a generic recipe reader is relatively easy, I've done it although not for your use case. Your point stands though, just not for recipes IMO.
Oh but don't worry! As soon as someone breaks www.cookbooksRus.com's "Encrypted Media Extensions," you or someone totally benevolent will be able to help render ANYONE's www.cookbooksRus.com browser-experience!
Server-protection isn't always a 0-sum game against client-protection, but in this case it totally is.
Sure, and I'm sure the users will step up to fund your legal defense when you go down for violating the DMCA and CFAA and whatever else they can come up with.
Phooey & patooh! Obv the internet population doesn't know what's good for them. Politicians are WAAAAAY smarter than normal people. Everyone knows this.
One must simply route their VPN traffic through Eritrea => Thailand => Russia => Cyprus => China => back to some AWS server in SF & rejoice.
Just make it more expensive to trace you than the value of what you took/broke/F'd-with! Lawyers' fees not necessary!
Respectfully, I see your complaint as conflating or combining several orthogonal issues. Addressing your sight-impaired grandmother's needs is a matter of accessibility; user-centric responsive design considerations relate more to CSS than JS.
Gotta push back against the "create more standardized doc types" bit (wat) -- it sounds like you want more APIs and more user-friendly tools for consuming them, which would be great and is more compatible with reality. SoA and recent shifts toward empowered-client approaches like GraphQL are steps in that direction.
I'm also glad you mentioned "documents" so often, because your ideas relate to a document-centric web. Which is not what we have. Rather it's evolved into an application delivery context.
> Respectfully, I see your complaint as conflating or combining several orthogonal issues. Addressing your sight-impaired grandmother's needs is a matter of accessibility; user-centric responsive design considerations relate more to CSS than JS.
That's exactly what I'm saying. JavaScript isn't the only part of the problem: HTML and CSS are also components of the problem.
Your distinction between applications and documents is an insightful one. Perhaps one way to describe the problem is that HTML and CSS contain elements of "application" rather than "document". If we think of a document as being purely semantic and layout/style as being elements of an application's rendering, then it becomes clear that only a fraction of HTML is actually document-relevant. CSS and the rest of HTML is application.
I think you're too quick to put DRM and WebAssembly in the same bucket. Yes, WebAssembly could lead to a future of closed-source proprietary technology on the web (and in that sense is similar to DRM), but the difference is that WebAssembly offers technical value. WebAssembly is a tradeoff for the public, whereas DRM exists strictly to restrict the public.
I don't really see any new threat from WebAssembly. Isn't the only threat that the same malicious code can run with better performance than JavaScript? As far as I can tell, WebAssembly doesn't provide any additional access to native system features like this DRM spec does.
Indeed, from what I'm reading it looks like most of the usual JS tasks (like DOM manipulation, listening to input, and network requests) still need to happen by your WebAssembly module calling out to normal JS.
I am bitter that XML/XSLT lost in favor of HTML/CSS. It promised a stricter separation of content and formating and would probably have required less javascript to do the crucial functions.
Unfortunately, among the crucial functions nowadays are the silly cosmetics, the parallax scrolling, the animated backgrounds, that allow marketers to pretend to have a website when all they have is formating for zero content. We failed to provide them with this fluff.
Hard to believe in 2017, but as recently as five years ago Google (of all people) published the Caja compiler [1] for sandboxed/statically verified JavaScript subsets, and there was AdSafe aiming for safe JavaScript as well.
I don't know its current status with the committee, but https://github.com/tc39/proposal-frozen-realms proposes something equivalent to Caja for modern JS. It can be a lot simpler now because ES6+ is much closer to what's needed than JS was when Caja was made.
adsafe, and all static lint of ads, was dead from the beginning. If companies serve whatever comes from the ad networks, specially dynamic URLS, there is absolutely no way to enforce anything. You can check, but you can't enforce.
the only sane solution on ads is SafeFrames [1]. Which does not do much, but at least it prevents ads from scrapping the page and stealing your cookies from the main domain you are visiting. That is already a win, considering the mess it is now without it.
Count me in. And count my web server in as well, we'd make sure all pages are compatible.
Your computer belongs to you. I'm ready to escape the cycle of 'oh they own everything because they snuck human rights violations into their software and hardware and nobody stopped them'.
Wait, what? Perhaps you are right, but how do you make the leap from "W3C standardizes DRM" and "the Web is about to be eaten by DRM?"
The Web is used for so many things these days. It is a publishing platform that allows anyone to host their own content to the entire internet, thanks to Web Browsers just loading it. I can see IPFS being an improvement over the Web but besides the web server being a single point of failure, why is a DRM standard specifically going to destroy the Web?
Wordpress is used to power 20% of new sites. My own company is developing an open source platform for communities to run their own social networks (https://qbix.com) so what is this "eating" you speak of?
EDIT: This has been one of my most downvoted comments ever. Can someone explain the rationale? (Is it super obvious that the Web will be killed by DRM that asking the question should be punished?)
DRM and webassembly. The end of openness in both cases—though at least WebAssembly means we eventually won't have to write Javascript anymore, which is nice as far as that goes.
Sure, Javascript uglifiers and frameworks mucking with HTML standards and the DOM had already made "view source" nigh-worthless, and there were DRM'd plugins of course, and browsers had supported some schemes for a while as a de facto standard, but this still feels like a last-straw kind of situation to me.
> My own company is developing an open source platform for communities to run their own social networks (https://qbix.com) so what is this "eating" you speak of?
Sure, it's already the world's premiere delivery mechanism for "apps", advertisements, and mass surveillance software. I know. That's exactly the kind of thing that I don't mind living somewhere, but I'd like it not to be all mixed up in my networked hypertext document reader.
This Web's over. Anyone hosting an After-Web? I could do with a little more Webbing.
[EDIT] Though actually your thing seems fine. I saw "social network" and glossed over the rest. Sorry.
It's not a technical problem. It's a political problem. Those with the means will seek to control the web, no matter what technical solutions are invented to keep it open. Preventing tyrannical control of the web is an endless struggle.
There was a time browser worked for you. Opera up to 12.xx offered a panel letting you configure what JS can/cant do. It even let you configure global/per domain storage quotas and forbid websites from dumping megabytes of garbage on harddrive (Im talking to you ad network trackers/wikipedia). You can check out all of the sweet customization Opera 12.xx provided:
We don't need a new web; just more browsers that respect the user's privacy. There are many ways to achieve this. At gngr[0], we are taking a "safe by default" approach. This is very similar to the NoScript / uMatrix approach, but with one difference: the browser itself is offering this and is hence more water tight. There are no behind-the-scenes requests that a plugin can't block.
> If someone launches a new HTML-based Web with crippled javascript (no network comm access, for one, including ability to trigger links or forms), some small, restricted subset of CSS, and much better built-in dynamic table and form elements, I'm there.
Why not just do this yourself? Fork chromium and start commenting stuff you don't want out. It would likely only take a weekend or two of hacking...
I can't tell if you're being sarcastic or not, but I'll point out anyway that literally every single feature of the current internet is opt-in. Most of the time it's not even difficult to opt-out.
If you really want a separate internet without the "bad parts", you can still use Gopher. There are still sites around, and you won't even get images, which were the first thing to "ruin" the internet, and were the launching point down the slippery slope to DRM video.
On a side note, it's interesting that so many HN readers are against this kind of DRM, but at the same time there's a large group here who are against ad-blockers. Ad-revenue is the main driver motivating companies to shoe-horn this crap into the web. It's not a coincidence that the biggest ad company in the world also makes one of the most popular web browsers and is a huge media distributor.
Do you have any evidence or reason to believe there is actual corruption on the committee (aside from them making a decision you disagree with)?
I suspect I agree with you on DRM but this style of debate, where there is no attempt to argue or explain the issue, and the first line of argument is personal attacks or denigrating anyone with an opposing viewpoint, is depressing. Consider that accusing climate scientists of corruption has also been fairly effective.
For this particular issue, Netflix etc already requires DRM to play in a browser, and the browsers already provide DRM for Netflix etc to use. I would like to understand what the consequences of this decision are, if some of the way this works is standardized. Will this lead to more DRM? Is the only conceivable explanation that the MPAA is slipping the W3C members some bribes?
"In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem"
With so much money involved here, it's quite naive to believe the W3C members are virgins here and did this out love for the web and for the consumers.
And:
"It is clear that the W3C allowing DRM technologies to be developed at the W3C is just a naked ploy for the W3C to get more (paying) member companies to join"[0]
A lot of people think that the battle here is EME versus DRM-free content, but that's not the case. You can still have all the DRM-free content you want, whether that's YouTube videos or iTunes MP3s.
Really, the decision being made is between EME and Adobe Flash. Flash was the one cross-platform way to serve DRMed content before EME. And now that EME is ratified, Adobe, Microsoft, Google and Mozilla can all work together to get rid of Flash, and all the 0-days it has been responsible for, and improve security and battery life for everyone on the Internet. https://blog.chromium.org/2017/07/so-long-and-thanks-for-all...
Of course, we should also work to get rid of DRM -- it gets in the way of legitimate uses, and annoys legitimate users far more than it annoys pirates. But rather than vilifying Google and W3C and expecting them to be our saviors, instead we should be talking to Hollywood and Authors to adopt a DRM-free model just as many top musicians already have.
Disclaimer: I work at YouTube, and this is my personal opinion, not that of my employer.
You don't need to embrace DRM in order to stop using Adobe flash. The multiple browser currently in use for the last few years that don't have adobe flash installed is a rather strong proof of that. you would have an argument if EME came first and then flash had started to decline, but that is a false history. Flash started decline many years ago, and EME was forced onto the standard as an reaction to that.
W3C abandoning consensus (58.4%!) and open standards are biggest change in the organizations history. Its not just about DRM.
Netflix has never existed without DRM. Flash, Winevine or whatever other technology they use, they've always had something. Without it, they would never be allowed to exist by the people who own the content. It's naive to believe they would just stop using DRM magically.
They would find another more hacky, less secure and less user-friendly solution, and everyone would be worse for it.
The chain of events is not that EME has enabled Netflix to exist. Netflix and flash came first, and EME came afterward.
Lets be honest here. The argument being presented is that Netflix might create a new form of DRM without EME. We might get something worse then flash. There might even be a bad argument that Netflix and the content creator will abandon the market and millions in revenue if they can't get DRM.
A bunch of things that could happen, but not things that have happened. Flash have decline in used and Netflix was created in time before EME. To claim that EME was a requisite for those events is a logical impossibility.
> the decision being made is between EME and Adobe Flash
Flash is a mix of dying and dead, mostly the latter. Having to use Flash is a strong economic and practical motivation not to use DRM, and if that wasn't the case there wouldn't be so much pressure to implement something in the browser itself.
That's pretty unlikely. If Flash (and Silverlight) died and browsers didn't have anything built-in, the studios/distributors would just get together and form a company to build a new plugin that does the job. Or worse, we'd have several competing implementations.
Regardless of which of these occurs, you can bet that they wouldn't bother to sandbox the implementations, and we'd end up with the same security issues we had with Flash.
If browser vendors don't want to play ball (NPAPI is dying/dead, PPAPI and NativeClient are Chrome-only, etc.), then forget about in-browser video: they'd just build native apps instead. And maybe that's not a bad outcome for people who want the web to remain pure, but as a practical matter and a person who runs Linux, I like being able to run Netflix on my laptop.
I'm completely flabbergasted that people seem to believe that DRM would somehow magically disappear if the W3C hadn't been willing to discuss EME.
You're looking at this as black and white, when reality doesn't work that way. It being infeasible to completely remove DRM from everything doesn't mean there isn't value in discouraging its use. And that's exactly what economic and practical incentives would do if including DRM meant they lost users.
So, the argument is ... either cede control of your browser to us in a form where it is illegal to examine what we do with it OR we will continue to use a piece of crappy technology that exposes you to security problems.
That sounds less like a technical problem and more like a threat to me. Because neither of those are actually technically necessary, except to support a business model that depends on some form of DRM.
but the converse is also true: if they don't implement EME, then you are welcome to install any third-party attack surface on your PC that you wish.
so why should _I_ have to install the un-auditable attack vector on _my_ machine?
you are well-positioned to understand this issue, so I'm baffled about how you can conclude this should be part of the default software suite in a browser.
> A lot of people think that the battle here is EME versus DRM-free content, but that's not the case.
Yes it is.
Suppose that in order to play DRMed content, the user was required to be staked to the ground and covered in angry fire ants. Nobody would be willing to do that, so people who use DRM would have no customers, so everyone would stop using DRM.
EME is in the opposite direction from this, so it will cause more DRM and less DRM-free content.
Adobe Flash has been slowly dying for years, which is not a problem.
In reality, all that will happen is that users will continue to be forced into using native applications where DRM can be enforced arbitrarily by whatever service they are trying to use.
And then DRMed content will be properly separated off into its miserable DRM slum that everyone hates, the cost of using it will be higher, users will complain more, companies who don't use DRM will capture more of the market, etc.
What "miserable slum", though? Honestly, I find Netflix's Android app an absolute delight to use. Even if I'm sitting on my couch with my laptop, I'll pick up my phone to cast something to the TV before I use my laptop for that purpose.
All in all, average customers (as in, not the majority of the HN crowd) seem perfectly happy with the current experience. Even if they had to install a native app to watch Netflix on their laptop, I doubt that would change their perception much.
That seems to be the false dichotomy. The claim is that EME is justified in order to get rid of the oh-so-evil Adobe Flash. But if using native apps is a satisfactory alternative that can also replace Flash then why do we need to corrupt the web?
Because "corrupting the web" is still going to be a better experience for consumers, and cheaper/easier to implement for producers. If EME didn't make it in, they'd build their own native apps, but they don't want to have to do that if they can help it.
The fun thing about DRM, is that people love to defeat it.
They (the general public AND 3DM, to TorrentFreak, bunch of whiners IMO) said Denuvo was the death of cracking and piracy. 3DM: No games crackable in 2 years time, said the headline.
now the cracking scene, which was mostly dying, has seen some revival.
It has adapted, but it's a slow moving ship.
Now a new generation (or the older generation, who knows, I'm just relaying my own observations)) are taking everything being thrown at them: encryption, virtualization, obfuscation, changing keys each patch, etc and making it look like light work to crack properly.
They make short, short work of it for the amount of complexity involved. So I hope they continue to throw new things at them with Denuvo, to keep them interested.
One group cracks the base game, sometimes someone else grabs all the updates and rolls them into a cracked patch, etc.
It's nice to see some life return to something that was basically dead, made automated.
In January 2016, 3DM reportedly nearly gave up attempting to crack Just Cause 3, which is protected with Denuvo, due to the difficulties associated with the process.[8] They also warned that due to the current trends in encryption technology, in two years' time, the cracking of video games may become impossible.[8][9]
"There's a lot of money involved, therefore there must be foul play."
I personally would much rather have a secure, optimized and clean implementation, rather than hacky plugins and poorly developed solutions that put me at risk and destroy performance.
DRM is also how you get media companies to publish on the web.
Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
This whole process of enabling DRM is web developer's efforts to kiss media-companies ass in order for them to publish their products on the web. Artists and other creatives have the option to publish their works wherever they see fit. It's their creation, not the public's. In fact, there are actual art galleries that won't sell you their works if they don't deem you sufficient enough. How you exhibit their work matters to them. That's their right.
The web needs these media companies more than the media companies need the web.
Anyone that complains about DRM is doing it wrong. You are limiting the web because you are saying you don't want media companies to publish on the web. You are now causing the web to compete against media companies private apps or physical media, which is a losing proposition.
No one gives a shit about freedom. Everyone wants to use rights-managed content online. And the ONLY way to do that is with DRM.
So, yah, I'm not seeing any corruption here. Just acknowledgement of the fact that artists own their works, and web developers need to kiss their ass if they want artists to publish on the web.
> The web needs these media companies more than the media companies need the web
When you hear about the multi-billion dollar fines and the immense amount of resources spent chasing down and punishing pirates, I have a hard time following this argument. I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares or this
> other revenue paths that they're perfectly happy with
> I'd argue that the content owners and media companies need to get on board with providing the most seamless, easy to use, and accessible product for consuming their wares
Right, and that's exactly what EME is. Because DRM-free content is a show-stopper for them right now, but they recognize that DRM is a pain point for customers.
Do us a favor and actually think your cunning plan through for a minute.
Why should content owners post their products for free consumption? What is the incentive for them to do that? How much money do you think they will make?
In case you haven't noticed, the web is losing to apps at every level, from things like Facebook/Instagram/Snapchat to shopping apps. Even newsreaders are being turned into apps. My parents only use the Apple newsreader, for example.
Do normal people even use the web anymore? It seems the web is only used by tech developers.
Requiring a server to playback the media is already the strongest form of DRM possible. If that's not enough they can just make their own native applications that implement all the DRM that they could possibly want. The only disadvantage of a native application is that they are not crossplatform and EME CDMs aren't exactly cross platform either. They are native code that require the module to be ported to the operating system that.
What's the point of the web if it's just another crappy proprietary platform? EME is basically Flash 2.0.
>Such a sad loss for the web..
What loss? Is the only purpose of a software platform to devour everything without any integrity and it's worthless if it fails to adhere to the will of multibillion dollar companies?
That's a gross exaggeration; it's nothing of the sort.
Flash is a generic application framework that gets more or less unfettered access to the network, local machine, and browser state (Chrome's Pepper Flash improved a lot of this, fortunately). EME is a heavily-sandboxed decryption and display engine, and nothing more.
Heavily sandboxed, eh? On most devices that implement EME, the DRM implementations run with privileges exceeding that of any user code, e.g. in the TrustZone environment on most Android devices.
The Microsoft DRM implementation is built into Windows (and made available to Websites via EME) and requires cooperating device drivers or no highres video for you.
Huh? TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.
"Cooperating device drivers" isn't really the right way to look at it. The drivers themselves don't have any code that will refuse to play high-res video. The EME is just able to use the trust chain to validate that the output path hasn't been tampered with.
Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.
> TrustZone doesn't give apps extra privileges, it just isolates code and data so things can't leak out of it into the reach of untrusted programs.
Right, which is why you might want to use it for handling key material or other sensitive things. Except you now have some gigantic DRM blob (the Widevine trustlet is huge compared to most saner ones) running in your "trusted" environment, able to access your actual sensitive data. That privilege should not be given out like candy (and generally isn't, except when DRM is involved).
> "Cooperating device drivers" isn't really the right way to look at it.
At least video vendors used to claim that DRM-related obligations prevent them from publishing specs for and/or open-sourcing those parts of their driver code that deal with video decoding/output.
> Any application can make use of TrustZone and the trusted output path; it's not something special only EME can access.
So, I've just finished writing my trustlet. How do I get it to load on common consumer devices? The ones I have all seem to require that I get it signed by the vendor which doesn't reply to my mails. How should I proceed?
> Media companies couldn't give any less fucks about the web.
This is pure bluster. As if they'd just walk away from one of the highest reach distribution platforms and all the money that comes with it just because they were denied a gaping vulnerability surface that provides no benefit for either them or the consumer. Sure, instead of learning the lesson from Spotify they'll just leave pirating as the #1 accessible and convenient method of getting content.
The media companies are coming to the web, DRM or no DRM, but of course it costs them nothing to bluff and claim they will take their ball and go unless they get all the special treatment they want.
They certainly wouldn't walk away from the web for discovery and advertising, but they can and would easily walk away from it for the last part of distribution: sending you the content bits and having them display on your screen. They don't need the web for that, and they can build a perfectly good experience without it.
>Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
No they can't. Physical media is going under. Newspapers and magazines are folding, music is primarily distributed digitally, even TV stations are treating the web as their primary means of content distribution. Media companies have no other revenue paths that will matter over a decade, much less a century, and most no longer have the money, resources or capabilities to do anything else.
>The web needs these media companies more than the media companies need the web.
The web is nothing but a network of networks. It wouldn't even blink if every big media company went bankrupt and took all of their content with them. The web would be a lot less interesting and a lot less fun, and make a lot less money, but it would still exist, and people would just keep distributing and pirating what they have.
Media companies, meanwhile, have bet their entire future on the web, and are only now realizing that it isn't the gravy train they thought it was.
> Just acknowledgement of the fact that artists own their works, and web developers need to kiss their ass if they want artists to publish on the web.
Whether or not artists own their works is orthogonal to the fact that digital content distribution has rendered their works nearly valueless, and opened a nearly infinite competitive market for similar work.
Rights are irrelevant. Morality is irrelevant. What the artists want or feel entitled to is irrelevant. The cultural significance of the corpus is irrelevant. Effective DRM is technically impossible and if that's what artists are depending on to survive in the digital age, then they will lose.
They can die like the dinosaurs, or adapt to the new order and become birds. But they cannot, ever, ever unstrike the meteor that is the web.
I think you're conflating "the web" with "the internet". Media companies only need the web for discovery; for display they can release native desktop apps, which can even be launched from the web.
I'm not thrilled with DRM in the browser, but at least it's heavily sandboxed, and is way preferable to a series of native apps that get full access to my desktop.
Doesn't matter, because we don't currently live in a world where that's necessary. If Netflix/Hulu/HBO/etc. weren't available through the browser, you better believe they'd install the native apps. Sure, there will still be plenty of (mostly long-tail) DRM-free content available through the browser, but the stuff with mass appeal won't lose much of that appeal just because people need to install an app.
Then let them suffer the loss of revenue from losing all of those potential customers. Content producers who don't use DRM will be happy to take those customers from them, and those will be the content producers who have more money with which to make new content tomorrow.
Native apps on tablets, phones, and set top boxes are the future (present, really) of that, anyway.
Linux users could be a bit more screwed if publishers had to move to Windows/Mac apps if interested in desktop/laptop users, but otherwise it wouldn't be a big impact for the big properties.
What's the difference to a user of opening a Netflix app vs going there in the browser? Basically nothing.
Do we want apps on the web, or in the OS—that's the only question here. Browser vendors are incentivized to provide a path for apps in browser, because otherwise they become less relevant. And so this is the result.
(Personally I'd rather have OS-level native apps anyway. So please, kill DRM in the browser. Browsers are massive resource hogs. Netflix devs would probably be happy too to not have to deal with cross-browser-compatibility shit. The web is a mess already.)
> Linux users could be a bit more screwed if publishers had to move to Windows/Mac apps if interested in desktop/laptop users
There is not any kind of real difference between not having a native app (or whatever WINE patches are needed to run it) and not having some platform-specific EME black box binary.
> What's the difference to a user of opening a Netflix app vs going there in the browser? Basically nothing.
For Netflix? Basically nothing. For the other 99.9% of websites that aren't as big as Netflix? Users balk at installing apps from little known sources, so those websites then won't have DRM.
Linux is a small meaningless edge case for these companies anyway, I just mentioned it because the portability of a plugin is much higher than of a full native app - so if there's any chance it'll be supported, it's in the web-based world.
How many sites will be using this outside of stuff like Netflix/Amazon/PS Vue/Sling and co? Buying someone's DRM solution or building your own only makes sense for high-dollar content?
But again, from my perspective as someone who wants to write code for anything but browsers, anything that moves dev jobs away from the web is good news for me.
> Linux is a small meaningless edge case for these companies anyway, I just mentioned it because the portability of a plugin is much higher than of a full native app - so if there's any chance it'll be supported, it's in the web-based world.
It's already supported both ways. Chrome on Linux can play Netflix, and before that there were third party packages that would install the Netflix app for Windows along with all of the patches necessary to make it run on Linux.
It should obviously also be possible to run the Netflix app for Android on Linux, as demonstrated by the fact that all the phones are doing it.
It doesn't really matter how hard it is to make it work, because for a high value target like Netflix, someone will make it work. And none of that will actually satisfy the free software people regardless, because it's a binary blob either way.
> How many sites will be using this outside of stuff like Netflix/Amazon/PS Vue/Sling and co? Buying someone's DRM solution or building your own only makes sense for high-dollar content?
How many sites used to use Flash?
You have to expect that somebody is going to produce a low dollar cost DRM system (which is correspondingly even more buggy and ineffective) and market it to managers who don't know any better.
> And none of that will actually satisfy the free software people regardless, because it's a binary blob either way.
That's kinda my point. Browser vendors had a no-win which-is-the-lesser evil choice: accept an in-browser binary blob but keep the linkability, etc, of the web, or concede the rest of the already-vastly-shrunken ground of the premium video playback market to off-web blobs.
Thing is, in ten years, it's not going to matter, because long-form premium video on web will be such a vanishingly small niche.
> How many sites used to use Flash?
For DRM instead of for ease of development and portability? Not many, I'd wager.
> That's kinda my point. Browser vendors had a no-win which-is-the-lesser evil choice: accept an in-browser binary blob but keep the linkability, etc, of the web, or concede the rest of the already-vastly-shrunken ground of the premium video playback market to off-web blobs.
> Thing is, in ten years, it's not going to matter, because long-form premium video on web will be such a vanishingly small niche.
But that is the point. Why permanently infect the web and destroy trust in our institutions for the sake of something that it would barely hurt anything to just let go?
Because the number of people who believe this will "permanently infect the web and destroy trust in our institutions" is miniscule and limited to certain tech-savvy internet community bubbles, and browser vendors are also looking at the millions more people who would see Netflix et al ceasing to function on the internet as just another reason to ignore the web as a whole?
My claim is that the alternative isn't "more open" the alternative is "more closed, because the open web has yet another (this time self-inflicted) nail driven through it."
But I do think they're both lost causes, long-term. The open web will likely be increasingly relegated, for most users, to a dangerous place of viruses, malware, and shitty ads compared to their happy little walled gardens.
Not to play more-paranoid-than-you, but if you want to save the web, I think you've got to fix the web, first. DRM is a sideshow.
> Because the number of people who believe this will "permanently infect the web and destroy trust in our institutions" is miniscule and limited to certain tech-savvy internet community bubbles
The "tech-savvy internet community" is the only place the W3C has any relevance. Nobody else has even heard of it. And destroying trust in something important among the only people who actually know what it is, that's a problem.
> and browser vendors are also looking at the millions more people who would see Netflix et al ceasing to function on the internet as just another reason to ignore the web as a whole?
The web isn't the internet and Netflix isn't the web -- it is an app, just like Windows Media Player is an app. The fact that you can also write that app in javascript doesn't change that.
Netflix doesn't work like the web. You can't create a hyperlink to a specific title on Netflix and send it to your friends or post it on Twitter. You can't embed a Netflix video in your own webpage. Just rendering an app in a browser isn't what makes it the web.
> My claim is that the alternative isn't "more open" the alternative is "more closed, because the open web has yet another (this time self-inflicted) nail driven through it."
You can't get more openness by making the open thing more closed. Even if more things then use it, then they're using the closed thing and you've gained nothing -- or lost something because previously-open things on the open web become more closed.
> The open web will likely be increasingly relegated, for most users, to a dangerous place of viruses, malware, and shitty ads compared to their happy little walled gardens.
The web is already a sandbox. Browsers are specifically designed to run potentially malicious code, and are very good at it -- the large majority of vulnerabilities (and super-spammy ads) come from terrible plugins like Flash, or soon the EME black boxes. It seems rather odd to argue that having those things makes the web better.
"Walled garden" means excluding native apps that haven't been sanctioned by the gatekeeper. It's a terrible system that gives too much control to the gatekeepers, but it only makes the web more competitive by comparison because you can still put whatever you want on your own webpage and not have to get it approved by anyone.
What rise of the Mac App Store? The only reason anybody even uses the iOS App Store is that there is no other way to distribute iOS apps.
If it was easy to install mobile apps direct from the author's website as on a desktop, who would voluntarily be paying app stores 30% of their revenue?
> If it was easy to install mobile apps direct from the author's website as on a desktop, who would voluntarily be paying app stores 30% of their revenue?
The developers (unfortunately) don't matter in this scenario. If the users want to install apps from the app store, that's what they'll do. Developers who don't list their app in the app store will increasingly find fewer downloads because their app isn't as discoverable as other, similar apps. I'd be surprised if this isn't already happening.
For your average user, only installing apps through an Apple-vetted install location is actually really great for security, especially considering the sandboxing that goes on. It just sucks that the developer loses out.
Ultimately, as long as the big content companies have content that people want to consume, they will have leverage. They want DRM, they will get DRM, or else they will take their content elsewhere, to alternative platforms that people will then flock to, making the web less relevant.
By my memory the web BECAME relevant before DRM, before streaming video sites, before media companies started pushing their DRM on us. Remember how in the late 90s media companies were ignoring the web? Remember how webmail, web search, and social networking websites were the killer apps that people flocked toward?
Media companies tried to ignore the web because it is the antithesis of their business model. The result was that the media companies became less relevant, because the web is better than cable TV, better than movie theaters, better than physical discs. We could and should have ignored EME and forced media companies to adapt or die, just like all those other outdated industries.
Media companies are not special cupcakes, they are just businesses and like any other business they have to contend with disruptive new technologies. Nobody shed a tear when the film processing industry faded away; nobody suggested that digital cameras should be restricted for Kodak's benefit. Why are we acting like Hollywood deserves such special treatment?
> DRM is also how you get media companies to publish on the web.
Forgive me not really giving a hoot.
> Media companies couldn't give any less fucks about the web. They can go 100 years without
> publishing on the web, since they have other revenue paths that they're perfectly happy with.
Thus explaining their interest in the web, up to and including their push to lock it all down to prop up their outdated business model. If they are happy to stick with other sources of revenue they should do so.
> The web needs these media companies more than the media companies need the web.
Is that so? Funny how the web was already popular before media companies tried to get in on the action.
> You are limiting the web because you are saying you don't want media companies to publish on the web.
That's a strawman. Nobody is saying media companies should not publish on the web. We are saying that the thing that made the web valuable in the first place is openness, to which DRM is antithetical. Media companies are welcome to use the open system that is the web if they want to, and like the rest of us they will have to put up with certain trade-offs -- or at least that was the situation prior to EME.
> Everyone wants to use rights-managed content online.
I seriously doubt that the majority of web users -- billions of people -- care about rights management. The evidence seems to suggest that the overwhelming majority of users could not care less about copyrights, let alone the expansive "rights" that DRM is enforcing. People seem to ignore those "rights" at their convenience; in fact, people seem to seek the entertainment they want without regard to any "rights."
In fact, your beloved media companies also seem to not care terribly much about rights. The rights that copyright confers do not apply solely to copyright owners; included in copyright is the notion of the public domain and of fair use. Those rights are routinely ignored by media companies, through their lawsuits, their takedown notices (dancing baby), and their DRM systems which never include provisions for copyrights expiring and works entering the public domain. So other than yourself I am not sure ANYONE wants "rights-management."
Moreover, people have learned to love an entirely new kind of video entertainment: homemade, amateur videos of cats and other pets; of random people expressing their views; of dashcams in Russia; of idiots doing stupid things; etc. etc. In other words, while media companies were working hard to break the openness of the web, people were embracing that openness to create new forms of entertainment that the media companies could never have created on their own. Oh, yeah, it turns out the websites where those sort of videos are shared are the most popular video streaming services in the world and that more people (in the world generally) are watching videos on those sites than there are people watching cable TV.
So much for the all-important media companies.
> Just acknowledgement of the fact that artists own their works
We have evidence of artists dating back hundreds of thousands of years. Copyright and the notion that ideas and artistic expression can be owned only dates back to the 18th century and was just the final stage of European society adapting to a new communication technology (printing presses). We now have a new communication technology (computer networks) and society is adapting to the new rules and realities of that technology. Some ideas about art and artists rights are going to die, but in their place we will have new ideas and new rights. It is already happening, although in all likelihood none of us will be alive to see what society ultimately settles on.
So basically, the "fact" you are acknowledging barely rises to the level of a footnote in the history of artistic expression, one that is already fading into history as the Internet eats the remaining legacy communication systems. Sorry if that is a hard pill to swallow.
>Media companies couldn't give any less fucks about the web. They can go 100 years without publishing on the web, since they have other revenue paths that they're perfectly happy with.
LOL. With what? Their paper? Their DVDs? Their CDs? Their cable channel subscribers?
There are multiple open source web browsers. You are free to install one without DRM and free to visit websites that don't need that feature. What changes for you just because there is a standard?
> If you can point to one example of a website that implements DRM that otherwise wouldn't have, I'll buy this argument.
The argument that some companies will avoid things their customers hate seems illogical, but you'll believe me if I provide an anecdote?
> On the other side, I can point to many websites that removed Flash/Silverlight/other security nightmare plugins after implementing EME.
Which is irrelevant because it has had a long known solution: Only install terrible plugins in a virtual machine, or if you're paranoid on a separate physical machine (a used PC capable of playing HD video is <$50), and only use that machine for that purpose.
And yes, that is an inconvenience, which is a feature, because DRM should be as inconvenient as possible. So that fewer people will use it.
The argument is that nobody will go out of their way to implement DRM unless they are contractually obliged. As preposterous as your scenario sounds to me, I will grant you the argument if you can find a website that goes through the trouble to do it even though they don't have to. Note that this isn't an "anecdote" but a counterexample that disproves my proposition.
> Which is irrelevant because it has had a long known solution
Your "solution" is not a solution for 99.99% of web users, and it isn't a solution for the remaining .01% who have to deal with botnets created from the other 99.99%.
exactly. which is how it should be: a pain in the ass for your customers if you want them to install drm.
the cost should be born by the company who wants it, not the public.
why is this a bad thing for anybody but a content producer? and if it's not anybody else, then... why do we care? we have already legislated away the right to copy something in return for promoting creation. but the creation is going to happen one way or the other, so we need to go much further than the EFF advocates: we need to scale back copyright drastically.
it would have virtually zero cost to the public, and would not meaningfully affect creative output.
The web browsers already support this API. Where are the ad networks serving DRM ads claiming that blocking ads is illegal? On what basis does blocking ads constitute copyright infringement in order to justify prosecution under DMCA?
The security holes that the standard introduces into my browser.
If I can compile it out, or get a version that someone I trust has compiled with it removed, that only leaves the rest of the web as a botnet attack surface.
That's what changes. Or doesn't improve, depending on how one views the timeline.
> that only leaves the rest of the web as a botnet attack surface.
1. Every new feature added to the web platform increases the attack surface of the browser, so this concern is not unique to EME. In this case, it removed a reason somebody would otherwise install Flash, which has a significantly larger attack surface.
2. All the major web browsers implemented EME before it became a standard, so the standardization of EME does not change anything here.
> DRM will destroy the web, and the web will fight back. We don't like your spyware, your binary blobs, your control, and we will resist.
Your average web user has no idea what those words mean, and all they care about is being able to consume content unimpeded. They can't tell how it's implemented. Your decentralized web is not user friendly, and it will not gain mainstream adoption until it is.
The parent comment is not the first line of argument, it's the continuation of a years-long argument. Even if you completely ignore the history, the first line of argument is found in the article, not the comments. If you would like to understand the fundamentals of this debate, this comment section is not the right place to start. It's very easy to find arguments and proposals from all sides of the issue elsewhere.
No, it's probably not intentional corruption and malice. Just a belief that users are getting more of what they want as passive consumers paying large companies for services, rather than as creators in a peer to peer web. Realistically, they're likely to be right.
I agree that this style of debate is not terribly useful, but I will grant that this issue does stir significant emotion in people who are seeing their baby suffocated to death. However, I am uncertain what you believe is meant by 'actual corruption'? How could abandoning consensus, the normal functioning of the body for decades, and refusing to continue discussion in order to reach a compromise, not be a de-facto corruption of the organization?
Frankly I'm far more interested in which developing or first-world locales, if any, exist where net freedoms like these are protected by the majority, rather than having to be fought for by the minority against a wave of complacency and apathy.
I'm pretty much done with trying to fight the american capitalist ideology which empowers these companies to steamroll over the average consumer happy to give up their own rights and freedoms then left to complain with the extortionist environments that leads to.
I don't think the world can continue on the way it's going without some serious ideological fragmentations in the near future, and the moment some country embraces its "Pirate Party" or creates an "Internet Bill of Rights" establishing the core tenets the EFF and others fight for as the basis of their internet-related litigation - is the moment I know where the sane people all probably went (or would go as time goes on).
Media delivery in 2017 is hardly an extortionary environment. Practically speaking, Americans spend very little of their income on the Audible/Netflix/HBO Gos of the world. Netflix costs $120 a year? Against a median household income of $55,000, that is next to nothing.
If anything, it's the opposite: there's a glut of content available to consume, in nearly every possible genre, at very low price points. There is far, far more good television than any person could reasonably watch, all for a couple thousandths of the typical person's annual wages.
"Extortion" typically refers to using force to unjustly extract money from someone. Without unjust extraction of money, there can be no extortion. I understand that others have concerns about control, and that's totally legitimate, but it's also not what I was responding to.
> average consumer ... complain with the extortionist environments that leads to.
I suppose so, but I wasn't really talking about entities that might be able to control a distribution channel. I was talking about average consumers.
Realistically, the limiting factor in (legally) distributing movies is not the technology, but getting the rights-holders to sell you those rights. This DRM tech does not really change the landscape on that, because a small new entrant already had no shot at making a deal.
That's the wrong question. W3C itself is relatively tiny, and has fairly ordinary (albeit well tuned) software/server infrastructure. Reproducing the legal framework would be more of a pain, but even that could probably be done. But W3C is mostly its member companies, and the're not switching, since the majority of them, including all browsers, were in favor of this. So if all existing specifications continue to reside on W3C's web site, and all new specifications continue to be produced (by member companies) in the same place, there's not meaningful forking possible.
If members are disgruntled, you can fork. That's happened before when there was disagreement about what to do with HTML, and it led to the creation of the WHATWG.
By and large, members this time are supportive. Not all, mind you, but all the large players.
The only party with the capability of "forking" Internet standards as we know them is Google. Because as the majority share of web browser traffic an extremely dominant percentage of web server traffic, Google can define the Internet as it wishes, and everyone else has to follow along or fall behind. This is the same with EME. Standards organizations stay relevant by accepting what Google gives them, they would simply be left behind if they didn't.
(For those who don't know, Widevine, the DRM scheme that is currently best known as compatible with EME, and which taints my Firefox browser so I can watch movies, is owned by Google.) http://www.widevine.com
(Sidebar to the sidebar: Widevine has the least Googley website you've ever seen. Stock photos of a physical padlock, HTML code entirely based on table tags for layout. It's so strange.)
I doubt it. Specifically, I doubt they will, or even want to. That's not really what they do, they are mostly advocates.
As advocates,I'm sad to see them do this. I will still donate to them, but it's unfortunate to see them quit. This means they will no longer have a seat at the table for future discussions.
They still do enough good to be worth donating to, but this was not a very good choice on their part.
"We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM."
which is an active protection of the user against malware.
You should look at how Mozilla implemented EME then. The CDM is sandboxed, in a much stricter sandbox than the rest of the browser even. So no, the CDM potentially being dangerous (for privacy or security) isn't actually that much of an issue.
Of course, someone might at some point claim that the privacy features harm the copyrights protection, at which point choices will have to be made.
History provide ample evidence that Mozilla will make the choice their users ask for (which is, by the way, not necessarily the choice some users will voice the most loudly).
To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
I'm not saying this is a good thing, but "people should just not watch DRMed video" is not an actual answer to the problem at hand.
that's the whole point: if your product is so amazing that your users will do that, then it's great! but those of us who are NOT your customers will be able to exist without the attack surface on our machine.
So you claim that Firefox (and other browsers) should implement malware or a malware interface into their browser so that users don't have a reason to download and install some other malware?
I don't know about the GP. I claim that a form of DRM that Mozilla begrudgingly accepts into Firefox has better odds of not turning out to to be "Sony Rootkit" literal malware than if everybody else is rolling their own.
This battle is lost, let's not lose the war to have our little Alamo moment.
No, I am saying that browser manufacturers should slightly increase their vulnerability surface area (and maybe not at all - I don't know the internals of EME) in order to provide a locked-down feature to users that they would only otherwise get by downloading a native app that has access to their local file system, amongst other valuable things.
It's the same logic that leads to them to support JavaScript.
Assuming the motivating reasoning here is that the overarching goal of the browser vendor should be to protect the user, the question still is what timeframe it is appropriate to consider. If the browser does not implement DRM, the user may download an infected native app to watch Netflix or porn from some far shadier website or whatever, sustaining more harm in the short run; however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root. This will maybe chip away at the addictive convenience of Netflix and co, and so they won't be able to dictate terms to the computing ecosystem as they evidently can right now, benefiting the user in the long run.
The "garbage-piled-up-on-grandpa's-computer bad" isn't an isolated incident, and is a relatable category, as you imply in your usage, because it is a common problem. IE toolbar plugins and "special download managers" have never gone away and likely never will, those sorts of malware will continue to just change shapes. Your grandpa probably just wants to play poker with his buddies and his buddies are on Joe's Terrible Malware-Infested Poker Site. Convenience, pragmatism, and social network effect immediacy beats theory, logic, and "long term thinking".
Replace "play poker with his buddies" with "watch movies his buddies are talking about" and "Joe's Terrible Malware-Infested Poker Site" with "Netflix's DRM-Infested Site" and the results are the same every time. Your grandpa isn't likely to care if Netflix has DRM or not so long as it doesn't stop him watching movies. If Netflix, because it's the brand he and his buddies trust, tells him to install a thing to keep watching movies, he installs the thing.
Maybe, maybe you might be able to convince your grandpa to stop watching videos using that thing he installed because it's bad for his computer's health... but there are a lot of "grandpas" out there, it's a huge category of people that "I just want to do the thing and I don't care how so long as it works and is convenient".
I don't think this a question of timeframe, it's a question of do the right thing for the most users. There are a lot more "grandpas" than there are DRM-fighting or at least DRM-wary concerned citizens like you or me.
> however, if the user then is repeatedly infected with malware, chances are it will not take long for a general understanding that downloadable video players are garbage-piled-up-on-grandpa's-computer bad (in the same way that IE toolbar plugins or warez websites' "special download managers" were) to take root
This is clearly written from the perspective of somebody who never did help desk work or helped family or friends with computer problems.
Your point being... that I underestimate how people will keep downloading them anyway? I haven't done help desk work, but have been asked to do plenty of the latter; over the years, at least in my vicinity, skepticism about downloadable plugins had certainly developed to a level where I would only ever see the "half of the window is toolbars" IE screenshots in 4chan /g/ snark threads anymore.
Yeah, that was my point... unless things have like drastically changed in the last few years I think you're overestimating the level of user education.
If Firefox doesn't support DRM Video Mozilla dies. Users will not use a browser where they can't watch the videos they want to watch and those videos are under DRM.
You can't solve this problem at the standard level or the browser level. You can only solve by education users enough that they see no DRM as a feature and at the legal level by enshrining user protections in law.
> To be clear: if DRM is not implemented in browsers, Netflix and the like will just make native apps, which are far larger vectors of malware attack than the locked down EME standard is.
False dichotomy.
Instead of exposing a small percentage of users to large attack vector (native app), you are exposing a very large percentage of users (close to 100%) with a lower attach vector. THe potential for damage is much, much higher, since it would affect about everyone using the Internet with major browsers.
For all the DRM Netflix has pushed down our throats, they still serve many titles (mainly movies and not their own productions) in piss-poor quality with those browsers whose users' freedom they have crippled. And I do mean absolutely awful quality as some titles clock in at less than 1000 kbps which isn't even nowhere near DVD quality.
What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place. Firefox staying relevant in the browser market is a better strategy in the long run than a hard line stance against DRM.
I can't tell if this is satire. Does anyone seriously believe that surrendering the war when you've lost one battle is an intelligent strategy? Mozilla contributes a whole lot to OSS, including providing a browser that can be trivially used without any black-box DRM-enforcement code hitting your system.
I didn't mean to suggest I categorically disagreed with the decision, in this case. I simply note that you can't extend that logic indefinitely, or you lose the thing you're fighting for.
> What good is integrity if nobody uses Firefox ? That was the main reason they added EME support in the first place.
This was rather the point of Fall of Men ("Zeitpunkt des Sündenfalls") in Firefox' history to me. It was also the point in time where I stopped donating to them.
Firefox is, AFAIK, the only browser vendor that decouples the EME module from the browser, allowing the browser to be downloaded without any DRM support at all. See the various "EME-free" directories here: http://download.cdn.mozilla.net/pub/firefox/releases/55.0/
The normal (not the "EME-free" ones) builds download the Widevine CDM from Google shortly after being run. The EME-free builds have a boolean pref pre-flipped, so that it doesn't download the Widevine CDM unless you manually flip the pref the other way. If you download a non-"EME-free" build and flip the pref, Firefox deletes the Widevine CDM if it already downloaded it.
In summary, if you already have Firefox, you don't need to go download a separate build to opt out of DRM. You can just uncheck the "Play DRM-controlled content" checkbox in the prefs to get to the same configuration.
Interesting, I didn't realize they did this. I guess they've been doing it since EME support landed[0] in 2015, but it sounds like they opted to not really publicize it. I always just set media.eme.enabled to false when I configure a new profile, but I hadn't really considered that this does not prevent the DRM libraries from being automatically downloaded.
That design decision makes sense, to decouple the EME module, and great that Mozilla offers a prebuilt binary without it, as an opt-out. I wonder if Chromium (or a fork) can also be built without this feature?
I'm not sure what decoupling means, and whether it's of any technical significance beyond bragging rights, but chromium won't support drm out of the box either because widevine is obviously not a part of chromium. You can take the widevine library from chrome and make it work with chromium if you jump through some hoops.
Not sure how it works on other OSs, but in my experience on Linux, Chromium is installed without Widevine DRM, Flash, or any proprietary stuff, and if you want that you have to install it separately.
Mozilla opposed EME very strongly. But when it was clear that Google, Microsoft and Apple all supported it and were shipping it, Mozilla was forced to ship it as well (with a flag that makes it easy to disable for users that want to).
Mozilla is playing a double game of pretending to be on the users side while completely being in Google's pocket. For Google this ensures they cannot be accused of being a monopoly.
And those working for Google attempting to divert attention to Hollywood are symptomatic of the reality distortion field and self deception of SV. Google is a spyware company engaged in mass surveillance and creepily following everyone on the planet for profit. There are no redeeming values here. SV is basically a gold rush with greed and money being the primary driver glossed over with dollops of pretension.
The world just has to step up to take control and diminish the ideology that drives SV. So far be it open source, web services, standards or regulations there is no contribution. Why are there no alternatives to Firefox, Google, Facebook and others? You can't be completely dependent on these companies and then claim victimhood.
That deal may be over but Mozilla still gets money from Google for search. Why is user advocacy so low key and half hearted, this being just one of them. What do they have to lose?
They have consistently thrown in the towel while diluting the very things that users would choose them over Chrome for.
There are many ways to exert influence in this world. Mozilla is in SV and is very much part of the culture and ecosystem. We need genuine alternatives and activism against entrenched interests.
This was basically wanted by Firefox, Apple, Microsoft and Google. They are the modern web. Trying to go against them is how we ended up with XHTML, a standard no-one really wanted, or implemented.
Firefox opposed it very strongly, and only gave in and implemented it when it was clear that all other browsers were behind it - at that point the battle was already lost.
When the EFF says
> The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.
It is safe to assume the companies the EFF refers to are Google and Microsoft.
Mozilla's users outvoted Mozilla staff, and Mozilla staff gracefully conceded that users are best served when they have the OPTION to consume DRM-controlled content or free content.
And they implemented it as strictly opt in (they ask before installing it), and fully user controlled:
"Firefox downloads and enables the Google Widevine CDM on demand, with user permission, to give users a smooth experience on sites that require DRM. The CDM runs in a separate container called a sandbox and you will be notified when a CDM is in use. You can also disable a CDM and opt out of future updates by following the steps below. Once you disable a CDM, however, sites using this type of DRM may not operate properly."
So what was their option? Refusing to implement DRM (as opt-in) would mean that the ignorant user wouldn't be able to see Youtube videos anymore. The result would be that these users would move over to Chrome, Safari or Edge. There was no alternative.
Mozilla is very upfront about the fact that it goes against their principles. https://hacks.mozilla.org/2014/05/reconciling-mozillas-missi... Anyway it's opt-in, it's easy to uninstall the one CDM it comes with, and it's fairly easy to stop it from even asking about downloading CDMs. The EME-free build just does all of that for you up front.
Yes, there is an option, and it has been linked repeatedly in these threads. The irony being, of course, that if Firefox didn't yield to the other browser vendors in implementing EME they wouldn't have the marketshare to keep development going, which means there would be zero browsers rather than one that make it trivial to forgo DRM.
That's a gross oversimplification: Flash and Silverlight were rich platforms with complexity on the same order as the entire browser. EME has a much narrower interface which provides stream decryption – it doesn't even have the video codec, whereas Flash/Silverlight had complex video, audio, image, PDF, font, etc. implementations with a long history of exploits.
This really matters because so many of those exploits relied on other features to actually run the payload. Not having any of those in the first place is a big attack surface reduction, even if the politics are legitimately debatable.
>This was absolutely NOT wanted by Firefox.
They were the only browser to represent the users in this fight.
Don't put Mozilla in the same group as those other traitors.
But they ended up including DRM in their browser. So they're traitors and hypocrites, right?
You can still get the EME-free browser. They released both because ultimately, giving those who care a choice is easier than surviving once you alienate the legions of those who demand it for Netflix or the like.
The W3C is not the web. Look no further than the good work the WHATWG did to move the web forward while the W3C & Microsoft were holding the web back in the early 2000's.
> Look no further than the good work the WHATWG did
And who was WHATWG? Oh right, exactly the same companies that now voted for DRM as W3C standard. And why could they do WHATWG? Because they are the vendors of the majority browsers.
The W3C has pretty much zero power to prescribe what happens on the web.
Look at the history of their standards, and the direction that the web has actually gone.
The power for where the web goes is in the hands of web developers and browser developers. The W3C documents some things, but they are not a major player.
Actually, no. The Web is more an API for browsers at this point than anything. The W3C is, well, secondary, if browser manufacturers get behind another body - it'll happen.
I applaud you and anyone else who does this but I fear too many people sit on the other side of caring more about having Neflix now than maintaining the open internet. I know I won't be able to persuade my partner that we shouldn't watch Netflix anymore because of an issue she doesn't care about.
I'm willing to bet there are quite a few zeroes between the decimal point and the other digits of the percentage of people who will actually practice what you're preaching here.
If you want a text-only web, with no major content producers on it, you already have that. Just disable your browser's multimedia plugins. Or use Lynx, or some other browser of the 90s. The open parts of the web will still work.
Anyways, Netflix, Google, Apple, and Microsoft (probably - they aren't making their votes public) support this, so this is a great time to cancel your subscriptions and stop using their products.
> If you want a text-only web, with no major content producers on it, you already have that.
And that (the web as it is) is exactly what I want. And I want that the media companies who cannot accept that the web is free of DRM to stay away from it.
I will gladly take DRMed netflix over ad-ridden crap that "free" web gives us.
It seams that people are using "walled garden", "free/not free", "user hostile" without giving any thought.
It sure cannot be user hostile when there are no users, can it?
That's not your decision to make. They own their sites and content. You are, of course, free to ignore it. If you don't like a site, use the back button.
You can complain, of course. What you can't do is control others. That's something the web is good at working around.
And you have the options to not use it. You don't get to decide what other people do with their property. That's pretty much against the reasons the web is here.
You can complain, if you want. That doesn't appear to be helping but you're free to do so.
My strategy is to avoid it where reasonably possible. I let other people do what they want with their stuff.
"Mainline web: 0-rated DRMed Netflix if you pay ever-more exorbitant prices for our increasingly tiered package deals that make you try and remember the joy of 'cutting the cord'"
"Alternative web: Some competition without DRM, zero-rating, or other nonneutrality bullshit"
You go ahead and stick with your Netflix, buddy, and best of luck to ya.
American ISPs and legal precedent are all of course bought up by the interests building the former, but luckily I'm not tied down here.
Your assertion that standardizing DRM forces everyone to use it makes about as much sense as the assertion that teaching teenagers about condoms will make them all have sex.
Technically "capitalism" would also mention the small long-tail of web consumers that refuse to use browsers that enable these new W3C specs.
That said, most of actual market transactions involve some sort of subtle coercion or manipulation of emotions, which means they violate the core assumptions of economics. {Marketing, sales, religion/cults, magicians, A/B testing} all involve some sort of cognitive / psychological manipulation -- the core incentives of the modern economy incentivize companies to optimize for attention capture and behavior exploitation.
Only while the consequences of "not giving a shit" aren't immediately affecting them.
Those same people are the ones who turn around and complain "what can we do" and organize social media armchair protests when consequences simple enough for them to understand come along.
the market allows the DRM because people keep buying the content even when DRM is included, standardizing it may just mean less clunky implementations of DRM
but if we were to ban DRM from the market would something else crop up to replace it? would content creators stop making content?
what about IP laws? if we got rid of them, there would probably be more content AND more DRM? or would it be more content and less DRM since it would only be a matter of time before someone legally reproduces your work so why bother with DRM?
That's a hell of an accusation. And you should present evidence if you're going to level it. It is dishonorable to make baseless attacks on people's character and integrity.
Whether or not there's actual corruption, it's inevitable (in my opinion) that this sort of thing would happen. It's the march of economics. The open web just doesn't allow suppliers to meet demand. One way or another they'll find a way to do it. DRM snuck in the door via Flash. We just about stamped it out, but wouldn't you know it somehow it came back in a more insidious (if innocuous looking) form. People on our side like to claim that DRM is a foolish business model, but I'm not convinced that they're not just deluding themselves.
Whatever the answer is, I don't think it's stopping DRM with brute force. I think it will need to involve either coming up with alternate business models that are anywhere near as viable, or a way to keep it in a box to use for the few applications that really benefit from it.
I don't think that's true. EME exists -because- we started getting rid of Flash, Java, Silverlight etc due to their security issues. There needed to be something to replace those proprietary plugins or else some of the largest websites on the internet would just break with no way to fix them.
EME is the standardized version of the needed functionality from those obsolete plugins.
I dont think that is true. EME exists because media companies have the strange desire to treat their customers like criminals and Technology companies have the desire to ensure the user can not control the devices they "buy" from them.
EME is about control and limiting freedom, not about replacing Flash
What I said is technically true. You are simply talking about conspiracy theories and politics.
TV/Movie producers have a legitimate reason to want to protect their media. The lower the bar is for viewing the content they spend lots of money and work producing for free the more people do it. If there were no barriers to viewing movies then there are zero ways in our current economy to get a positive return. You can't fund Wonder Woman on money from advertisements. There needs to be a system where people pay for content.
EME is a means to an end. It's not inherently evil. If someone takes it and uses it for an evil purpose then we might have something to discuss, but today there is no way for our modern media to exist in a fully open source world. If EME didn't exist then we would still be using plugins to view Netflix. There is no situation where Netflix can operate in a fully open source system. And that's not a bad thing.
>>TV/Movie producers have a legitimate reason to want to protect their media.
I disagree.
>>>The lower the bar is for viewing the content they spend lots of money and work producing for free the more people do it. If there were no barriers to viewing movies then there are zero ways in our current economy to get a positive return
umm they are the ones creating the Barriers, DRM is a Barrier. I can not tell you how many times I have wanted to buy a movie or some other content only to find out it is not on the Platform or service I have choose to use.
Instead they want to only use the Platforms or services they bless. This is where the monopoly power of copyright breaks down.
If I want to watch a movie using my rPi running kodi I should have an easy way to buy a movie that just plays via a standard codec, it should not only be on a netflix, or worse now that every studio is making their own streaming platform we are going to see more piracy because they are simply refusing to sell their content in the manner consumer wants to buy it.
Basicly if you do not use Windows/Mac/Andirod/iOS you are out of consuming media. Linux haha screw you
>>EME is a means to an end. It's not inherently evil
DRM is inherently evil..
>>but today there is no way for our modern media to exist in a fully open source world.
That is completely false there is thousand and thousands of hours of media that exist in a fully open source world.
Music is almost all DRM free today, there is a strong push for DRM Free books,
TV and Movies seem to be the last hold outs for Defective by Design DRM.
They already have the most advanced form of DRM possible. Unlike a DVD or BD they can always cancel your account, pull movies from their catalog and dictate from which country you can watch movies. What do they gain from adding clientside DRM? The only thing I can imagine is plugging the analog hole but that is fundamentally impossible. At some point the photons of the screen have to reach your eyes. Even in the worst case scenario you can just use a capture card or even make your own by modding a display with an FPGA. It's futile to try to stop "pirates" with DRM. The only thing you can achieve is imposing even more restraints on your users.
> What's going to happen without a standard? A bunch of proprietary plugins?
What is supposed to be happen is a zero-tolerance and active fightback against anything DRM-related in the web - be it in the browser or be it a plugin.
That's a big shift from historical standards. Where has the pushback been for plugins that permitted DRM? Or from allowing them in, say Firefox?
I'm wondering why this proposal gets so much more attention than all the past DRM that's been on the web. Did people just not realize that it was there?
Flash and Silverlight DRM (as an example of 2) weren't previously web standards, and even the 3rd party plugins that included them had significant non-DRM-related uses.
This is a different animal: Adding standardized interfaces to browsers specifically designed to talk to dedicated DRM modules.
That's what I'm asking about; where was the pushback on those two bits of DRM? The position advocated by the poster I was responding too would take a very harsh view on Flash and Silverlight, even with their other uses.
Right, and from what they posted, I'm sure they took a harsh view of DRM-supporting plugins at the time too. I was trying to answer your questions about why there wasn't historically pushback that matches what we're seeing over EME now.
There were people that complained about Netflix using Silverlight, and such (in my case, it meant I couldn't watch it on my PC, for example). People complained about Flash back in its heyday too.
EME isn't causing a general outcry though, outside of certain corners of the tech world.
> Where has the pushback been for plugins that permitted DRM?
I have never installed any plugin for DRM and don't know anybody who has.* I also warned people about the dangers of DRM all the time. In this sense the pushback was always there - but since browser plugins were hated anyway this was a rather easy fight.
* OK, to be 100% honest: I am aware that Flash allowed some kind of DRM - but I never seen or used any application which used it and I don't know anybody who used any application where Flash DRM was used. So the statement still holds.
Plus most of the users using Flash and Silverlight for things like watching movies aren't likely to recognize that they are plugins. The answer to "How do you watch movies online?" is probably "Hulu" or "Netflix". Flash and Silverlight were never brands that non-technical users paid much attention to, they were means to an end. If they install something to "watch movies on Netflix", they may not remember because it was a one-time ask by the site they visit, and whatever it asked them to install didn't matter to the user so long as they could "watch movies on Netflix".
It took the iPhone to kill Flash and even then not having it was one of the biggest complaints about the phone. And they killed it for reasons having nothing to do with DRM.
You can't really expect companies like Google, Microsoft, or Apple to take up that mantle -- why would they, when it's not in their interests? If you actually want to fix the problem you probably need to hit the regulatory levers.
Their interest is in letting people use their browsers to view content. The media companies have made it clear that’s not happening without DRM.
So the browser companies support it.
It’s not manditory, you can ship content without it. But if Chrome said ‘DRM free only’ all that would happen is people would abandon it to be able to watch video online.
If you don’t like DRM then get legislation made. But you’ll never do that because even without the giant lobbying budgets I don’t see why lawmakers would make it illegal.
> The media companies have made it clear that’s not happening without DRM.
If people were actively boycotting anything that uses DRM and were bawling out media companies that use DRM, there would soon appear media companies that provide a "no-DRM media package". As soon as these companies were making big money with DRM-free content, I am pretty sure the large media companies would in the long run give up their stupid idea that DRM is necessary.
DRM is only necessary because there exist (too many) people who don't have a zero-tolerance policy against DRM.
> DRM is only necessary because there exist (too many) people who don't have a zero-tolerance policy against DRM.
Really? I can see a pretty good argument for why it SHOULD be legal. If I want to post some content I make online why shouldn’t I be able to try to protect it?
And let’s not go through the ‘But Sony rootkit!’ stuff. You can make safe DRM. Rooting someone’s computer is already a crime, that’s why Sony in trouble.
> As soon as these companies were making big money with DRM-free content...
Far too many people see nothing wrong with piracy. It works on music because it’s so cheap. I don’t think you’ll get 99c TV shows or especially movies any time soon. It probably isn’t sustainable, especially for movies.
So people will pirate, out of cheapness or inability to pay or ‘righteousness’ or whatever.
It’s not going to happen.
> ... I am pretty sure the large media companies would in the long run give up their stupid idea that DRM is necessary.
Why should they, from a business perspective, give up control they have now with basically no downside? I don’t even see a moral argument they should give it up.
Now I agree we need better fair use laws, and security people should be able to poke at DRM to make sure it’s not doing evil things. But I don’t see why society, under moral or business obligations, could support outlawing DRM.
> Really? I can see a pretty good argument for why it SHOULD be legal. If I want to post some content I make online why shouldn’t I be able to try to protect it?
The current state of affairs is that it's not just legal to use DRM, it's illegal (DMCA) to try and break a DRM scheme, _even if you do so in order to exercise your legally guaranteed fair use rights_.
It seems to me that there should be some sort of sort of moral right to self-defense that applies here: just like society/the law recognises that it is morally acceptable to use deadly force to defend yourself from someone who is trying to murder you (even if it wouldn't be otherwise), we can recognise that it is morally acceptable to use the legal equivalent of deadly force (ban DRM, make it illegal for them to enforce their right to protect their content) in self-defense (against them using DRM to make it illegal for you to enforce your right to fair use).
More bluntly: Content creators, with their support of the DMCA, have proven that they have no concern for my rights or freedoms. What standing do they have to expect me to have any for theirs?
Like I said I support better fair use laws as I know that’s a real issue right now.
The comparison to deadly force.... seems hyperbolic. No one is in mortal peril. I would have voted you up without that. Those kind of statements make it impossible to have/take discussions like this seriously.
I wasn't meaning to say that the legal prohibition to do something in this case is comparable (similarly bad) to deadly force; rather, I believe the relation between "prohibit DRM" and "use DRM to prohibit exercise of rights" is similar to that between "kill (in self-defense)" and "murder", and it seems accepted that in the kill-murder case, the latter justifies the former even though it would not be justified on its own.
On the other point, I'm not convinced that supporting better fair use laws is enough on its own. An equitable compromise between two parties with fundamentally opposing interests can rarely be reached if there is a deep asymmetry in terms of their ability to just take what they want and run. Maybe, if comparison to anything involving murder is going too far for you, we can instead make one to (ironically enough) stealing: if the local group of school bullies keeps dragging you into dark alleyways and taking your lunch money, will you also support better rights to keep your lunch money but think it is going too far to demand that they be put in detention, because you see a pretty good argument why they should have a right to free movement?
The only reason I'm resorting to violent metaphors is that our moral intuitions are usually more clear around those than around fairly recent societal constructions. Given the choice, I would rather be beaten up than subjected to any of the potentially life-wrecking legal threats listed in section 3 of https://www.eff.org/files/2014/09/16/unintendedconsequences2..., and I would think that this preference ordering is neither uncommon nor irrational. Given that, in what sense are the violent metaphors "too strong"?
It goes against most people's notions of fairness to pay for a product and still have it encumbered with a lot of limitations. I think the case is stronger if we're talking about streams or rentals, but of course DRM is hardly limited to those.
But we’ve always had that. I mean every video tape I ever watched as a child had FBI warnings explaining that there were limits on what you could do with it.
The only difference is that the videotapes can now try and enforce it themselves.
That doesn't really answer the question, does it? If someone wants to lock up their bike with an ineffective lock, it might be a bad idea, but they're not outside of their moral rights to do so.
> If you don’t like DRM then get legislation made. But you’ll never do that because even without the giant lobbying budgets I don’t see why lawmakers would make it illegal.
Well, a broad-based pressure group making them think they'd lose office if they didn't support such a thing is the only way anything like that ever gets passed. A lot of folks in Congress didn't want to see JASTA passed but felt they had no choice but to vote for it, so there's a model.
But yeah, this conversation, talking about how maybe if we ask Google nicely they'll act against their financial interests, strikes me as pretty naive.
Honestly I’m not sure it’s possible to make DRM illegal. On what grounds with that be constitutional? Artists have had rights to control how their work is performed in the US forever. How is this any different? Why would one form get protection and not the other?
I mean legally I don’t know if this counts as a free speech argument or not I just don’t see how such a long would end up passing muster.
What part of the US Constitution would make it illegal?
Companies should not have this kind of power. Internet is a basic need now, it's where we (as a race) create and share knowledge.
If it is immoral to put restrictions on book consumptions, why should be moral to put restrictions on media consumption?
And I'm not referring to access. You can buy a book on a store, and after that that book is yours you can lend to anyone else, and everyone can read the same pages on this same physical book.
It the right to use the information after that you paid for it.
They're likely to just lose users to people jumping ship to browsers that let them watch Netflix and they're all involved in distributing DRM-encumbered content themselves.
We have lost it: P2P should have been the future of internet. Instead it devolved into the "connect to a server for everything" cloud system.
Internet should be like ZeroNet: a serverless system where content of interest is shared by its millions of viewers and where servers only use a small amount of bandwidth as backups and initial seeders.
That the wikipedia still needs servers and asks donations yearly to keep them online is a testament to how stalled progress in internet infrastructure is today.
I think it's time to start contemplating alternatives to the Web.
The interests of users are no longer front and center. The past several years of the Web platform's evolution have been characterized by privacy invasions, out of control Javascript, spammy push notifications, AMP... and now this.
This is not what many of us signed up for. I don't know if there even are alternatives to the Web at this time but when you can't trust even the standards bodies to act in your best interest, it's time to start talking about how we could walk away from the whole thing.
"The interests of users are no longer front and center. "
Netflix is a 'user' of the internet, as any other.
The web is open - those who want to share their content freely can do that - those who want to DRM, they can do that.
The 'march of economics' is usually just the 'march of reality'. Game of Thrones is expensive to make - ultimately, people have to get paid for it somehow.
Most creative/entertainment projects are a dud. Only a few even make money.
BBS on HAM Radio? I've been toying with the idea for a while. The exact stack is not clear yet, but it has to 'liberate' me from the current web/internet insanity. It could be slow and imperfect, but dammit it would be ours again.
Not exactly a corruption, it is just world doesnt belong to national governments - only to corporations. That wont change any time soon and will only worsen.
Yes, please. It's a two way street, if they want the traffic, open the content. We all know there's clear value to the traffic a well positioned HN post brings.
Its a two way street, but I think it works differently: they have good articles because they make the money to create them. So if a paywall works best for them then we have to accept that.
Note: the Chinese word "dao" predates Ethereum by a very long time. I'd be more worried that it would be difficult to find since the word is so common.
Trying to parse through the buzzwords, it sounds like it's trying to replace the need for a traditional database for ledger applications.
Let's say you're a traditional enterprise and you have a ton of geographically dispersed operations. Retail has shops open in malls across the country, logistics has warehouses across the country, and so on. Each one of these places has a local ledger - how much product is on the shelves, what came in, what went out the door. Many times, the ledgers are related - what leaves a warehouse should arrive at retail, and not drop off the face of the Earth.
Traditionally, you had a centralized database to manage all of this, from which reports could be drawn and sent to management. The problem with having a centralized database, however, is that it's a single point of failure. The database can suffer a loss of availability, etc.
If you replace it with a blockchain, then you can get rid of the database and allow all of your geographically dispersed operations to manage the ledger in a peer-to-peer manner, without the security problems that used to dismiss p2p solutions for enterprise, because the blockchain ensures the security of the ledger. Blockchain contracts can allow, say, a retail outpost to contract with a warehouse outpost to receive a shipment, even without connectivity to central management, and then central management can track the activity after-the-fact when it updates.
The real question that enterprise blockchains have to answer is, "is it really worth it to dump a system that works most of the time for a benefit I rarely if ever need that'll cost the enterprise a small fortune to develop, or are we picking blockchains because they're fad of the month and people love resume-driven-development?"
The Coco team shares Richard's view that the distinguishing factor is where the trust boundary exists within the system. In the case of Coco, we assume a lack of trust among consortium participants, but we leverage the attestation and anti-tampering features of Trusted Execution Environments (TEEs) to establish trust between the enclaves: assuming that the TEEs themelves are trustworthy, the TEEs can provide cryptographic proof of the software and configuration running on each enclave. In other words, I don't trust you, but my enclave has decided it can trust your enclave based on mutual attestation exchange and mutual authentication. In other words, we've transitioned from a byzantine failure mode (adversary can replace the expected remote code with arbitrary code at will) to a crash failure mode (adversary can shut the remote enclave down at will, but not alter what runs on it).
Once there is trust between enclaves, Proof of Work seemed inefficient as a consensus mechanism, although it's certainly one choice that is available and that can be used with Coco (in this case Coco would provide governance and confidentiality, but scalability and latency would be limited by PoW). Instead we can use any one of many distributed systems techniques such as Paxos or Raft to achieve consensus.
This is an amazing development for enterprise as it removes the major risk of being cheated after the fact. This is largely why it's so difficult to establish trust between enterprises and had lead to this situation where the best trust is authoritarian centralization.
If we can lose this barrier to establish trust from a human one to a code audit that would be and outstanding achievement for our civilization.
Is there even a difference between a traditional distributed database and a blockchain once you remove proof-of-work? Without proof-of-work, the Bitcoin P2P network would just be a distributed database storing a linked list of blocks (each block pointing to the hash of a previous block), plus some business logic.
And on top of that, it sounds like Microsoft ditched most/all of the proof-of-work, because the nodes are trusted and the proof-of-work increased transaction times. So it sounds like whether Coco is actually a blockchain or a distributed database which has been branded as a blockchain because blockchains are FotM, is debatable.
We tried to address several distinct concerns with Coco: scalability, latency, confidentiality and governance. Scalability and latency are determined largely by the consensus model of the network. Our intent with Coco is to make consensus pluggable so that each network can make its own choices (via the Coco network constitution) about how to run their market.
I agree with you that the branding is tricky, in part because the dominant term "blockchain" is describing a specific data structure. The key point we wanted to convey with Coco is that we are trying to enable secure, performant, multi-party computation. We think there will be many models for this over time as TEEs come into wider use. "Blockchain" is just one of them.
The part of a block depending on the hashes of its ancestors seems very useful for tamper-evidence, which is useful in many applications if you can handle the data model & volume. Being able to definitively say who changed what and when is worth a lot if you have to maintain data which could be used in court and a distributed ledger, Merkle tree, etc. is more predictable and much cheaper to run if you don't have to maintain mining-level infrastructure.
I know I already replied but I forgot to mention another great usage of a blockchain: Logging. Not general-purpose logging, no. I'm talking about SOX-like "must be tamper-proof" transaction logging.
So say you've got central logging setup at your organization. You're smart and are using rsyslog with SSL/TLS and your own CA. For the most part you can reasonably claim that your log messages are secure from the server that emitted them to the destination in your central logging system but can you guarantee they're not modified after that? No. You can't.
From this perspective using a blockchain for logging security-critical events would be extremely useful. It would be impossible for an attacker to modify the logs after-the-fact so that you could no longer determine which account they used to login.
You wouldn't want to use it for general logging because of the overhead but for things like login events, reboots, etc it would be fantastic.
Logging requires high speed transactions. Blockchain is very slow. That is by design, so that any changes incur too high a price for anyone considering tampering with it. Every block header write involves solving a hash puzzle (i.e. mining), that in the case of Bitcoin takes on average about 10 minutes to solve.
A blockchain isn't as much of a guarantee as you think it is. Maintaining an offline, physical-access-restricted backup of critical logs is arguably more secure than a blockchain which can be altered by an attacker controlling the majority of the blockchain's computational power.
Will it? Half the point about how blockchains work is that dropping blockchains which are shorter than mainline is standard operating procedure and completely ordinary.
People holding cryptocurrency would notice an illegitimate takeover of the blockchain right away because they'd be trying to spend cryptocoin which, all of a sudden, they no longer have. But regulators aren't trying to tally up business inventory on their own ledger so that they can send it off to other parts of the business and all of a sudden that kind of logistics fails for the regulator because of what you called "funny business". A regulator is a passive observer, and a passive observer can't detect funny business without actively auditing the blockchain against their perceived notion of whether the current state of the blockchain is normative... which is a very difficult problem indeed to do at scale, one which regulators today haven't yet been able to really automate, even with the relative certainty of a database (which a regulator could order regular dumps of, for analysis, if it wanted to).
Googling for enterprise blockchain scenarios, I find https://www.hyperledger.org/projects/sawtooth/seafood-case-s... I guess in this case the goal is to ensure customers trust in the enterprise beyond just reputation. These records are currently being stored in traditional databases and the customers trust that the records aren't being tampered with out of the expectation of consequences if the enterprise was caught cheating. But, with a blockchain record, cheating becomes extraordinarily harder. The customers do not need to trust. They can verify.
While a 51% attack is a real concern, an even more likely scenario is the network going down. During a network split the local node(s) will happily continue to ingest logs which once the network is healed will all be rejected.
While I haven't had any real life interactions with these, I can think of a couple scenarios where it might make sense:
- Your company handles dangerous or highly regulated materials (prescription drugs, hazardous materials, etc.) and you are required to have controls in place to monitor your supply chain.
- You deal with lots of vendors of questionable reputation, or have a history of graft, embezzlement, or other loss in your supply chain. For example, easily "misplaced" goods like cigarettes that need to be distributed to lots of retail locations.
Health care: the network of providers and insurance companies need to share limited information securely. Right now it's completely ad-hoc and broken (I was billed $3000 for a cancer drug. I had the flu!)
Identity/reputation: If you have a certain reputation on eBay, you can't carry that reputation over to Amazon to sell goods. You must start from scratch. If the reputation score was independent of the service you could even post it on Craigslist and people could trust it.
Real estate: I paid a lot of money for a completely useless title insurance. If the details of a home title were stored on a blockchain, there would be no need for this entire industry of bloodsucking leeches. :)
Supply chain: there's an ad-hoc network of suppliers for many things (cars, planes, electronic doodads). There is no central authority, and it spans the globe. Having perfect knowledge of the supply chain can save companies lots of money. It's what made Walmart successful, now everyone can do it on a shared platform.
The tech for this stuff is still very primitive. I'd compare it to when Jaron Lanier started virtual reality in the late '80s. He was right but several decades too early. There are still some limited contexts where a current blockchain can be useful right now, but it won't be a big thing for a while.
Yes. Sprinkle a bit of blockchain pixie dust on your servers and now all of the sudden you can secure your data and go paperless. It wasn't possible before this. Software was useless before blockchain. Blockchain invented computers.
I think for large, dysfuctional corporations, it could potentially act as a single source of truth for certain data sets. In theory you could just use any database, but in practice a lot of times different departments get different setups from different parts of IT at different times. I work for a bank and our data is all over the map. I'd like it if everyone had to operate on and report from the same system, and that system was inherently auditable and unified.
The "single source of truth" is what people have been calling the Corporate Data Warehouse since the dot com era. The realities of that approach -- centralized gatekeepers, too hard to keep everyone on the same schema, different subgroups need different variations on the schema, slowness to iterate since everyone needs to accept the smallest change, etc. -- all those realities is what has largely given up on that Single Source of Truth vision in favor of microservices or data lakes or choose your buzzword du jour.
Blockchain solves problems around auditability, but it doesn't really solve the practical difficulties around the original CDW vision. If you weren't able to make a centralized data store work with a sql database, you're not going to make it work with a distributed ledger.
Yeah I think that's fair. Certainly the hardest problem is the human one. I don't think blockchain is a silver bullet, just maybe it will help. I wouldn't dump millions of dollars into it or anything without some sort of pilot / proven model.
>... all those realities is what has largely given up on that Single Source of Truth vision in favor of microservices or data lakes or choose your buzzword du jour.
>If you weren't able to make a centralized data store work with a sql database, you're not going to make it work with a distributed ledger.
The solution is clear: blockchain microservices. Each microledger is localized to the team using it, allowing for individual ledgers to be reused and composed to facilitate organizational agility across the enterprise. Stakeholder mindshare will soar.
Thanks, this helps answer the same question ("why not just any database?") when I read about it Walmart implementing a blockchain based solution to tackle food tampering.
Well, for a bank it can be super duper useful because it's "incorruptible digital ledger of economic transactions" (the very definition of a blockchain). So if you're transferring money from one bank to another it makes it all but impossible to mess with that transaction in flight (man in the middle attacks, timing attacks, replay attacks, etc).
Another example would be trades: Most people think of trades as buying stocks and bonds in an open market but there's a lot of private/internal-to-an-organization markets too. The blockchain is an excellent way to facilitate such transactions.
Being in banking (where we're trying to take advantage of blockchain transactions) the objections from management so far have been surrounding the inability to "undo" a transaction. Even though you can just make the same transaction in reverse afterwards the price of whatever it was that you're trading could've changed resulting in some troublesome circumstances.
For it to work you have to negotiate contracts ahead of time to ensure that all parties participating understand the ramifications of such a system. Since the blockchain is new technology it will be difficult to get 3rd parties to sign of on such things.
'because it's "incorruptible digital ledger of economic transactions" (the very definition of a blockchain)'
I would think that blockchain requires it to be a distributed ledger. A non-distributed digital ledger is simply a Merkle tree?
" So if you're transferring money from one bank to another it makes it all but impossible to mess with that transaction in flight (man in the middle attacks, timing attacks, replay attacks, etc)."
You can use non-blockchain cryptography to guarantee that.
> You can use non-blockchain cryptography to guarantee that.
Not in the same way though. An attacker could still modify the transaction after-the-fact at both endpoints during or after reconciliation processes (sadly, most banking transactions still happen in batch and there's multiple reconciliation processes every day). They could hack the reconciliation process(es) to undo or modify transactions later in the same day or--depending on the banks in question--days later.
Then there's also the possibility of just changing balances at one end of the transaction (flat out) with no way for the 3rd party to perform the equivalent of double-entry accounting to verify that the amount received matches what was sent. Bank transfer reconciliation catches problems like this all the time and it's baffling to me (but apparently has legitimate causes).
A blockchain would completely negate any such attacks and make reconciliation pointless.
> Well, for a bank it can be super duper useful because it's "incorruptible digital ledger of economic transactions" (the very definition of a blockchain).
If that’s the definition of a blockchain then it must include proof-of-work. Data doesn’t become incorruptible because you put it inside a block that points to the hash of a previous block.
I always wished airline/hotel "point" programs were blockchain based. This would instantly create a valuable secondary market for people to transact points for things. This will never happen, of course, because I assume the business model for those programs factors into account that only a small % of the awarded points are ever redeemed. (I remember reading this many times over the years, but don't have a reference.)
First and foremost: blockchain, in its essence, is a document timestamping
service. As such, it allows somebody reading it to tell the order of arrival
of stored documents (documents themselves being unmodifiable, as they are
usually identified by content in cryptography).
It just happens that ledger is a quite good fit for document timestamping, and
account balance can be used as a way to transfer money-like values (note that
it's not the only way; cryptographers have a history of developing digital
money systems).
About the only thing new about blockchain is that it doesn't need a trusted
third party (system with rights and means to modify the data) to timestamp
documents to defend against adversarial modifications to the timestamps
stream.
Anyway, anything that would use ordering of documents/messages could be built
on top of blockchain, but calculating proof-of-work is a very steep price to
pay for the defense against some of the participating servers being malicious,
given that enterprises happily trust regular databases that don't sign
cryptographically anything.
In theory, this benefits complex business processes running across corporations/agencies/gov/etc. requiring a distributed ledger. For example, mineral mining/procurement/certification/etc is a complicated lifecycle across many actors. I can't remember which podcast I heard it on, but the suggestion was anywhere there was a "clearing house" in use by multiple corporations for a particular process, there was an opportunity for blockchain/smart contract use.
In practice, I have yet to see anything concrete, but I haven't exactly been looking hard.
> In practice, I have yet to see anything concrete, but I haven't exactly been looking hard.
"In theory yes, in practice no" - sums up every explanation I've seen of whether blockchain technology could be applied to a particular problem. I still haven't seen a "killer app" that's not better suited to a traditional database.
Bitcoin became useful because it's an unregulated currency that has enough acceptance to be liquid and enough anonymity to be used for clandestine purposes. As soon as you try to use blockchain tech for "traditional" transactions you end up eating the computational cost of a distributed ledger for no apparent benefit.
In between different companies, I have seen some dumb implementations of an "electronic signature" (both homebuilt and using decrepit, ancient technology). Having one universally-adopted tool for establishing trust between parties, whether that's medical patient information, contract work, or supply-chain handoff could be revolutionary.
We did a POC for shareholder voting for the Indian stock exchange.
Auth is handled by the stock exchange and votes / proxies are handled on the block chain portion.
I wasn't involved in the project, but it seems like the primary benefits are public auditability and the immutable nature of the transactions were the value drivers. As implemented, full trust is placed in the (non block chain) central exchange for initial vote assignment and all auth.
If I pay a 5 USD subscription and just play 2 games, one for an hour and the other for 10 hours; who will get what and when?
Also, being a subscription model, does this imply now all of these games are online-only? If I'm offline, a game does not know if my subscription is valid/active. How is that handled?
What happens later, when I cancel my subscription? I don't see an easy way for you to protect the games once a user has downloaded all of them and cancelled your service.
We're not going to post our revenue split numbers exactly, but what I will say is that we distribute revenue based on played time on a per-user basis, each calendar month. We share revenue with our devs, with the supermajority of it going to them. In other words the developer portion of revenue will be split 10:1 in your example.
You do need an internet connection to launch games, you're right about that!
We use both an API and some encryption to make sure that a game which is saved to your computer is only launchable through the client. If you cancel your subscription, you're going to have a bunch of files you can't use.
However, we don't ever want you to lose the characters you've fallen in love with, even if you leave us, so your save files are yours to keep, and should be compatible with any other windows or steam build of the game!
I believe not.