158 comments

[ 3.6 ms ] story [ 228 ms ] thread
Just use a camera to take a shot
You completely missed the point of the article. "Trusted computing" is back with a vengeance. The fact that your computer runs complex firmware (your coprocessor's firmware can run a webserver?) which bypasses anything above it is the problem. It means you don't own your computer anymore: your overlords grant you the right to use it under certain conditions.
Nope I did'nt that is one way to bypass the problem
(comment deleted)
The problem is that you don't own your computer. You can't bypass that with a camera.

Who cares about movie piracy? Copy protection has always been broken and will always be. It isn't a problem.

Are chips with this feature sold in consumer devices? I'm planning to buy a new computer soon. How can I avoid or boycott the chips in question? Or can the feature be definitively disabled through the BIOS?

If I buy a computer, then I want to own it completely and not have arbitrary DRM bullshit remove capabilities. If I wish to take a screenshot of copyright content and share it with friends (fair use), then I should be able to do that, and I will be seriously pissed if my own machine gets in the way.

Does anyone know which chips include this feature, and/or whether it can be disabled?

thats the point. It helps Hollywood, at your expense. You as the purchaser of the computer are not "entitled" to being able to use the computer exactly as you want.
I believe this is part of "vPro" in intel marketing speak. Yes, many consumer CPUs have it. Intel provides pretty good feature lists by CPU if you want to avoid it:

e.g.

http://ark.intel.com/search/advanced?s=t&FamilyText=4th%20Ge...

Chipsets, not CPUs, but that is a moot distinction as Intel stopped licensing their ISA, so you have no choice but to use intel chipset with spyware buildin
All Intel chips since 2010 or so have the management engine. There's a reason why the "reclaim your freedom" notebook is still a Lenovo X60.

Some of them come with larger firmware (5MB, making up vPro and AMT), others with the smaller one (1.5MB) that merely does the DRM stuff, but all of them have the full hardware access detailled in the article.

AMD is clean on the chipset side until kaveri/kabini. After that, they come with a "platform security processor". I think the GPU has some DRM features (mostly concerned with adding Macrovision noise to the output signal), but I'm not into GPUs very much.

Contemporary ARM stuff mostly comes with TrustZone, which can typically be used for DRM as well. AMD adopted the TrustZone model for their current CPUs, too.

Since Protected A/V Path and similar DRM systems require OS cooperation, the easiest way to stay clear of them is to use Open Source media players, on an Open Source OS.

If you want to avoid supporting proponents of such hardware assisted DRM systems, plain ARM systems that ship without fixed operating system (eg. the cuBox series, rPI & follow ups) are your best bet.

@pgeorgi:

>All Intel chips since 2010 or so have the management engine.

Do you have sources for this? I wanted to verify it, but after a few Google searches I could not find anything that states exactly that. I have a Haswell CPU, but I have no Management Engine settings in my BIOS.

How does the vPro feature correlate with the Management Engine? Because not all Intel CPU's come with vPro. Or is that only a firmware difference? Would be nice to see clearer in this issue, but most websites contain only marketing nonsense.

It is part of the chipset and has other functions too (parts of the power management, for example).
My source is that I work on coreboot, where we have to interact with that stuff all the time. It's actually somewhat hidden in our haswell driver because so much is now binary-only on Intel platforms.

But look at http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=sr... whose comments refer to both "ME" (the management engine) and "PAVP", which is the "Protected A/V Path" referred to in the article.

One sure way to figure it out is to get a full image of your firmware flash, and analyze it. coreboot has a tool called ifdtool which can parse the "intel firmware descriptor", which is kind of a partitioning scheme for flash - among other things, to make room for the ME firmware.

Sometimes board vendors have full images available for download that you could use for analysis, but these days they're often smaller, shipping only the changed parts. flashrom (www.flashrom.org) might be able to read out the chip on your running system, but on Intel platforms in particular, this is often restricted and you'd need to attach some external flash programmer to read it out and be sure.

I think it speaks volumes that you have to work around such things on your own hardware in the first place...

As far as I know, vPro only requires the larger firmware and the use of on-chipset hardware, in particular NIC and GPU, since the vPro firmware doesn't support external devices.

I don't know if that's just economics (no need to write drivers for tons of devices, no desire to support other vendors' hardware) or if the ME is too limited for that - but my guess is the former.

One way we (at coreboot) can test ME involvement is to corrupt the ME firmware with an external flasher (while leaving everything else intact) and see the system either not start at all, or reliably shut down after 30 minutes. The exact behaviour depends on some wiring on the board, I guess.

From that file:

    pci_or_config32(PCI_DEV_HSW, 0xb0, 1 << 0);     /* BDSM */
What is "BDSM"? It almost seems like a strangely appropriate name for another DRM feature.

It's actually somewhat hidden in our haswell driver because so much is now binary-only on Intel platforms.

One thing that I've noticed browsing around Coreboot sources is that the source code is rather opaque - full of "magic constants" with little to no meaning. It may be "open-source" and GPL, but I don't think it's in the spirit of open-source to have code that can't really be understood. I can get the same depth of information by just disassembling a BIOS and seeing what addresses it writes with what values. If anything, it feels like someone has found a way to "contribute" to open-source without actually disclosing much. (Aside: how do binary-only blobs get let into Coreboot? It sort of defeats the purpose, doesn't it?)

and see the system either not start at all, or reliably shut down after 30 minutes

That second alternative is just scary. Really scary, like a hidden silent killswitch.

When all you do is to write a single opaque value in a register, and never use those bits again, it's slightly excessive to give each of them a name. This also reflects in chipset documentation, which sometimes comes with pages and pages of "write X to register Y", and not much more.

The value is that the higher level structure is more easily visible when you know what is code and what is data (which is the main issue with disassembly), and the ability to quickly see that you haven't missed extra code that is executed in some sneaky place because everything in the output is accounted for somehow.

The options we have with coreboot are to have 8MB of unaccounted stuff, or 500KB of unaccounted stuff. The latter can be reverse engineered more easily, since the scope is known, and the complexity is a magnitude smaller (no code decompressing other code, jumping into it, ...). That was actually done for sandybridge. We even built tools to simplify reverse engineering (www.serialice.com)

As for the funnily named BDSM register: http://www.intel.com/content/dam/www/public/us/en/documents/... calls it "Base Data of Stolen Memory". Essentially, both GPU and ME get assigned some system memory to work in, and that register contains the first address that isn't available to the CPU due to this arrangement.

That register itself is harmless. In older Intel chipsets, it was possible for the host CPU to get a peek into the ME's memory by messing with that register, which was used for some ME analysis in 2012 or 2013. Unfortunately they plugged that hole, and that register's role is more of the informative kind.

This also reflects in chipset documentation, which sometimes comes with pages and pages of "write X to register Y", and not much more.

It almost feels like they're trying to hide something if they don't give any reasoning for what those values do... and so I'm rather curious as to what happens if they're changed. Some bits might have no effect, some could have catastrophic effects (e.g. if they control some of the voltage regulation circuitry), and some could have very useful effects that they just don't want you to know about. Intel CPUs have had undocumented features since their introduction; it's not hard to imagine their chipsets do too.

For the most part it's probably that they kept things flexible that aren't strictly necessary, but it simplified their development process of the silicon.

So when they're done with the silicon, and routed all the traces, and so on, they can run their magic tool that measures delays and things like that, and then calculate the best performing set of values, and write them into the document.

It also allows them to dial back some of the values should they figure out that there are problems. I fully expect these numbers to change a couple of times between them finalizing their silicon and releasing it (and the reference code and documentation) to the public. Now consider how much trouble it would be, even for Intel and their world famous fabrication process, to create new silicon for each of those changes.

Take the tables in i945's raminit (http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=sr...).

From the shape of these values, they're probably some delay configuration for the different types of DDR2 pins (dq, ctl, clk) going from somewhere inside the silicon out to the pin of the package, but I doubt that the documentation actually provided any explanation for them.

Of course, one of these registers could mean 'change all calculations in a way that the electromagnetic field contains the private key'. But they need a better way to enable that function than in firmware, where it's done for everyone.

In the end, I'm fine with such magic values in magic registers, as long as they make some sense (right register block for the current task instead of messing with the audio codec while initializing usb) and are unconditional (that is, no if (user_is_evil()) write_enable_tempest_register(); ).

If there are no unexplained conditionals, any backdoor would have to apply to every user - in which case they could just enable it unconditionally in silicon.

Can you provide insight on the claim in the article that Netflix encrypts to a secret Intel key? Versus Intel exposing a "protected" API that allows a way to get a (signed?) public key from the ME or something, which Netflix then uses to encrypt the stream?
hello pgeorgi - you are a mine of information on this stuff. thanks for taking hte time to explain all of it!

can you tell me if the odroid c1 is a good bet?

http://www.cnx-software.com/2014/12/10/hardkernel-odroid-c1-...

The company will provide images for Ubuntu 14.04 or Android 4.4 KitKat with Linux 3.10. I think other people can port os's to it.

I think it's going to be my next computer!

I actually did a bit of a shortcut on ARM, since some of those chips are as bad as Intel's or worse. For example, the rPi was criticized for a long time because the CPU was essentially subordinate to the GPU, whose code was binary-only. That seems to change now.

The issue with recommending suitable ARM chips is that there are so many different ones by all kinds of vendors following all kinds of philosophies. In fact it's the first time I heard of that particular chipset vendor.

I looked at the chip's specs: Like most current ARM CPUs it comes with TrustZone (including advertising for a "trusted video path"), so an important part to decide if that's an open system is to check what code is running in that mode, and if that can be disabled or replaced. The open sourced u-boot code might be able to give insights here.

The other thing is Mali graphics: those come with a closed source graphics driver. There's a reverse engineering project (lima), but they're relatively small and thus easily outperformed by chip vendors (release new iterations of the hardware every 6 months, and they'll never be able to support everything).

Sorry that I can't give detailed answers, but it's just too much to stay current with the entire ARM market.

Do you have an opinion on this project: https://www.crowdsupply.com/purism/librem-laptop ?

It's a laptop designed to be free software and it's using coreboot.

That's a step in the right direction, and probably your best option for a modern and very-libre system, but like they say, it still contains firmware blobs. A thinkpad x60, t60, or a couple of similarly spec'd macbooks are the only reasonable completely-free (via libreboot and a free OS) systems you can run right now.
It's a noble goal, but they're using Intel hardware. They also don't claim to be free software down to the firmware.

But assuming that's their goal:

They say they talked with Intel about opening up things, but they're far from the first one to try (and not the most powerful ones either, be it by $$$ or influence, unless there's some background story they keep to themselves).

My guess is that they intend well, talked to some sales folks, those promised the moon (and more, if necessary), and when things get serious, the sales persons will be nowhere to be found, while purism is too far down the road to start from scratch.

In the end, purism has to compromise while Intel can celebrate another design win.

So the end result will be that they use the smaller ME firmware (1.5MB is still a lot of unexplained cruft), the FSP binary (www.intel.com/fsp) and coreboot to glue things together - just like every other coreboot-using Intel based design does right now (there are a couple).

The main difference to everybody else will be that purism builds neither embedded electronics that do things no consumer has ever heard of, nor chromebooks.

That in itself is already a nice thing from a coreboot perspective, in that it provides exposure to the project and the issue, but I fear some purism backers will feel let down by such an outcome.

http://puri.sm/posts/purism-software-freedom-deconstructed/ looks like they try to indicate that "this BIOS code isn't all that much". No, it isn't - but it's exactly the part of the code that sets the rules under which the entire system later operates. In this, it's more important than the plain old (say) gimp binary in that huge top bucket, which has not much of an effect on the security or autonomy of the system or user.

I'd love to be wrong here, since either way I 'win' (actually the more I'm wrong, the more I win :) ). I just think it's unlikely given that I'm involved in that mess for the better part of a decade by now, while the purism folks seem to be newcomers with a lot of idealism but few experience with dealing with Intel and their unusual definition of software freedom.

Yes. I have a 2012 MacBook Pro 15" Retina and as described in the article, the chip & driver are present in my machine.

$ ioreg|grep AppleIntelMEI | | | | +-o AppleIntelMEIDriver <class AppleIntelMEIDriver, id 0x100000302, registered, matched, active, busy 0 (0 ms), retain 7>

My mid 2010 MacBook Pro 17" machine does not have the chip & driver (at least ioreg doesn't report anything). Just another data point.
Intel Xeon processors don't seem to ship with this. Then again intel doesn't expect many people using a xenon on a workstation motherboard as their PC.

I got lucky getting this.

Did you read that blog post about how RMS picks his nose and has silly opinions about some unrelated thing?
Breaking news: extremists on both sides of issue are seen as controversial figures.
What I don't really understand is how this could be used to stop piracy. Sure, you could stop recording on a machine with Intel Management Engine, but wouldn't pirates simply use a computer without Intel Management Engine to rip media?

Unless the media becomes impossible to consume without Intel Management Engine (sounds unlikely, how would you explain that to customers), how does it prevent anything?

> the media becomes impossible to consume without Intel Management Engine

That's why Intel management keeps greenlighting this project. Intel thinks that it if it can convince content producers to distribute media as blobs encrypted with Intel's public key (and maybe, say, Samsung's or Apple's), then we can transition to a world where consumer video files do work on most consumer hardware, but can't be decrypted outside the protected media path and ripped.

There's no reason this scheme can't work. OEMs and content producers just haven't been able to cooperate well enough to piece it together yet. Once they do, game over, except for the analog hole.

This scheme also has the side effect of creating a "moat" around existing OEMs. Sure, a new player can begin fabricating new CPUs, but existing media files won't be encrypted for these CPUs. It is literally a conspiracy against the public.

Dan would later learn that there was a time when anyone could have debugging tools. There were even free debugging tools available on CD or downloadable over the net. But ordinary users started using them to bypass copyright monitors, and eventually a judge ruled that this had become their principal use in actual practice. This meant they were illegal; the debuggers' developers were sent to prison.

https://www.gnu.org/philosophy/right-to-read.html

In our universe, the "debugging tools" that could defeat this scheme are ones that can depackage an Intel chip and read its EEPROM directly. What do you even use for that, a scanning electron microscope?
Part of me really wants to go into full libertarian cryptoanarchist mode to enable a safe way of doing anonymous Kickstarters for someone to buy that SEM and crack any new DRM that's being thrown at us.

But then I remind myself of this[0] and I realize we'd be probably fighting our own future. Our world is going downhill because it's too uncoordinated, not too coordinated.

We're in a really tough spot here.

[0] - http://slatestarcodex.com/2014/07/30/meditations-on-moloch/

The relevant quote:

But coordination only works when you have 51% or more of the force on the side of the people doing the coordinating, and when you haven’t come up with some brilliant trick to make coordination impossible.

The second one first. In the links post before last, I wrote:

> The latest development in the brave new post-Bitcoin world is crypto-equity. At this point I’ve gone from wanting to praise these inventors as bold libertarian heroes to wanting to drag them in front of a blackboard and making them write a hundred times “I WILL NOT CALL UP THAT WHICH I CANNOT PUT DOWN”

A couple people asked me what I meant, and I didn’t have the background then to explain. Well, this post is the background. People are using the contingent stupidity of our current government to replace lots of human interaction with mechanisms that cannot be coordinated even in principle. I totally understand why all these things are good right now when most of what our government does is stupid and unnecessary. But there is going to come a time when – after one too many bioweapon or nanotech or nuclear incidents – we, as a civilization, are going to wish we hadn’t established untraceable and unstoppable ways of selling products.

This actually already happened, with the judge that declared wget as hacking tool...
It happened decades ago, games consoles have always worked this way. Games consoles are not quite a dystopian disaster ...
> except for the analog hole

It's a pretty big hole, and it's practically impossible to seal. Which is why I don't think we'll ever see "game over" for piracy, no matter how advanced DRM technology becomes.

At this point, I think censoring the internet is the only way for the movies/music industry to win. Sadly this isn't so far fetched.

> it's practically impossible to seal [the analog hole]

It's easier than you think. Look at Macrovision. Look at the EURion constellation. All you have to do is make your secure video path emit some kind of signal not immediately apparent to human eyes. In a post-general-purpose-computing world, you can just make consumer-grade devices respect these signals and refuse to record and make professional-grade equipment both insanely expensive and specifically traceable.

(comment deleted)
I agree, but my point is this - If you can see it or hear it, then you can record it. Sure, the recording device you'll need in the future might be insanely expensive/rare/illegal, but there's also a lot of money in piracy.
More importantly, why would software be required to engage in all activity by piping through such a hardware interface. I would expect that open source alternatives and virtualization could easily bypass its necessity.

At first glance, dumping the contents of any source media, or capturing network streams properly, should readily provide the raw, unencrypted content data, which is then decoded by an application that has been implemented without use of those particular hardware features.

Am I being naive?

> the contents of any source media...should readily provide the raw, unencrypted content data

Once this crap becomes ubiquitous, why would companies ship unencrypted bits at all? They could send files encrypted with all the major OEM "protected content" keys. If you're running on non-supported hardware, well, sucks to be you, pirate. I imagine it's rather difficult to extract the private key from DRM hardware.

In the end, big media wins.

They already did that, twice. First with DVD which used a weak scrambling scheme that was defeated, then with BluRay which used strong encryption, but people were able to extract the keys. The problem with that scheme is that once any one key leaks, you can't do anything about it, especially not if the key is burned in your CPU. You can't expect everyone to go buy a new Intel CPU each time someone manages to extract a private key.
DVD encryption was the same strength as BluRay, cryptographically. The difference between them are twofold:

1) For DVDs there were only a handful of player keys, like less than 30 if I recall correctly. Once they were all leaked the system was broken forever. AACS as used on BluRay has so many keys and such efficient revocation that each player can have its own key.

2) The BluRay designers realised that AACS by itself was insufficient because it takes time to revoke a key, and if they leak faster than they can be revoked the total quantity doesn't matter much. So they did BD+ as well, which is basically a kind of band-aid to detect emulators using stolen keys.

BluRay security has definitely been more effective than DVD security, especially in its earlier days, but the leak of the HDCP master key was pretty fatal, and eventually (all proprietary) emulators got good enough that BD+ programs couldn't really tell them apart from legit licensed players.

  They already did that, twice.
The DRM on the PS3 lasted from 2006 until at least 2010 - and even today, as I understand it, online play is disabled if you refuse a patch that closes the jailbreak security bugs. Perhaps effective DRM is possible, it's just taking a lot of practice.

What's more, in the past media distribution was on physical disks and players weren't on the internet, so software couldn't be upgraded. The future is obviously in downloads and streaming, which will enable a bunch of new things.

Key rotation will be much simpler as vendors can just issue a compulsory automatic upgrade. As a different download can be prepared for every customer, there's no need for keys to be shared by multiple customers. Every download can be watermarked so anything that does get out can be traced to a particular downloader.

So I don't think the failures of the past indicate it's impossible for DRM to ever work.

The goal is that the decoding is done by trusted hardware, not by software keys. So you can run VMs and open source, but they won't have the keys to decrypt the content.

Same deal with HDCP, where PCIe is treated as an unsafe bus, so data goes encrypted from the kernel to the GPU to the display device (something like that).

It's also why sometimes people have trouble watching Netflix or so on, because some part fails. Apple TV + Toshiba TV at my parents' has this problem maybe 1/10 times we try to play.

But you're right that encrypting a million end user devices is pointless if there is even one unencrypted point. No doubt hardware companies, movie companies, and Netflix are already wetting themselves with the prospect of having no unencrypted holes left. Still seems highly unlikely to actually work - piracy finds a way.

Worst comes to worst, pirates will just start modifying legit HD screens to scan image directly from pixels (or pixel controllers) and record audio straight from the digital output and/or speaker hardware.

You can't prevent movies being ripped off without actually DRM-ing human brains. Otherwise there always has to be an unencrypted channel that goes to our eyes and ears.

The goal of DRM is not to kill piracy 100% and anything else is abject failure, it's to raise the cost of engaging in piracy to the point where just buying the movie seems easier and cheaper.
You can say that, but the fact that they do things like HDCP (normal users aren't going to do multi gigabit/s raw captures) would speak otherwise. Engaging in piracy is as simple as a search and download. Unless this tech works 100%, piracy will always remain that easy.
The idea is if only a handful of professionals are uploading high quality rips, then it becomes feasible for law enforcement to investigate and take them down. Sort of like professional DVD pirates where they have actual pressing plants. If everyone is uploading stuff from home, it's harder.

Regardless, they didn't stop at HDCP. Check out Cinavia for an interesting approach to closing the analogue hole.

The "stopping privacy" argument could be a red herring.
(comment deleted)
That was a totally different problem, where the screenshot tool is not aware of the video acceleration.

This post explains why it is impossible for software to take a video screenshot on a modern computer with a certain piece of Intel DRM.

You're right, and if I'd read more closely I would have been able to come to that conclusion by myself.
The other downside is that you can't use custom software to fix up video. Netflix has a fairly poor player - more than one I've had to go torrent something I was trying to watch in Netflix due to one playback issue or another. From brightness to subtitles, to frame positioning (shifting the whole playback area down to fit better on my wall when projecting very wide formats) - Netflix offers nothing. Even worse for audio, where I often pump center channel dialog and perform normalization.

It's sad how advanced the tech is compared to how limited our use is. (For instance, it's technically trivial, but usably difficult to add Rifftrax (MST3K reborn) to a movie on Netflix.)

Edit: The really nasty part is that this technology in general isn't bad. I love TPMs, for instance. Gives me a fairly easy way to get relatively strong security, say, to store my disk encryption keys, without memorizing a passphrase. Trusted computing can allow the user to remain in control. But slipping in DRM gets people understandably upset.

OTOH, I can't find details on exactly how this video stuff works. Wikipedia points at the GPU part, making it seem like it's just the same HDCP-kinda stuff that's been around for a while. (Annoying, but ultimately a decision of your kernel to enable. As in, media isn't encrypted at the source to some Intel key.)

Trusted computing can allow the user to remain in control.

Only as long as it's really the user the computer is trusting, and not some other entity. Personally, I don't really like TPMs or any of the other "safe computing" technology. In theory (and this is what everyone usually refers to when they advocate it) they can help the user, but in practice they're almost always being used to do the opposite and the path to freedom is insecurity (e.g. jailbreaking, running homebrew software, etc.) As the saying goes, "in theory, there's no difference between theory and practice; in practice, there is."

OTOH, I can't find details on exactly how this video stuff works

That's sort of the point of DRM in general - you're not supposed to know how it works, because then you would be in a much better position to break it. It's no surprise that the details would be kept secret, and other security technologies are likely being used for this purpose - e.g. DRM'd PDFs.

This is all ultimately pointless because it's not like the video decoder checks the integrity of its own code or the CPU running it or the compiler that compiled it or that the OS it was tested against is actually running. (Reflections on trusting trust.) Nothing actually cares about secure boot or end-to-end code validation; Apple doesn't even include equipment on their mainboards to do this anymore. Meanwhile, if you're going to grab pixels to pirate video, that's easy: HDCP is broken, so just grab it at the link layer. The key you need is on Pastebin!

Consumer DRM has always been a hardware-selling maneuver as far as I can tell. "You need HDCP in order to watch this video." "I do? But HDCP is broken." "Just buy a new monitor anyway." The Management Engine sounds like a similar scheme. "You need an Intel Management Engine to watch this video." "I do?" "Yes, it's very convenient for us that you need to buy a new computer even though your current computer works fine otherwise."

Intel's just using Hollywood's fear of piracy to sell new computers, ignoring the fact that the pirates are still pirating movies without any problems. It's more funny than sad.

> Intel's just using Hollywood's fear of piracy to sell new computers, ignoring the fact that the pirates are still pirating movies without any problems. It's more funny than sad.

And it's even more sad that the most computer illiterate, "honest" people are the most vulnerable to this strategy. People that want an honest way to watch movies have the most problems watching them.

Yes, this is truly the sad part of DRM: the people that actually pay for content are the ones whose experience is most degraded. Pirates don't have to buy monitors with HDCP. Pirates can watch their collection when the authorization servers are down. Pirates can back up their media. Pirates can take screenshots. (Though I've never had this particular problem even with "DRM'd" media on Linux.) The list goes on.

The content industry wonders why they can't stop piracy. Maybe they could start by providing a product that's as good as what the pirates get.

The most egregious: Pirates can skip the FBI warning and previews.

We got a portable DVD player to add to our arsenal of distractions for our toddlers on long road trips. One of the DVDs we purchased—an Elmo sing-along—prohibits the viewer from skipping the five-minute donation plea that plays before the menu. This is especially frustrating because the kids will inevitably bump something requiring playback to be restarted (even with the button lock enabled, the disc door can still be opened) at least once an hour.

Whoever made the decision to set the "unskippable" flag on that track must have absolutely no familiarity with their customer base. For the vast majority of parents, I'm sure the effect is exactly the opposite of what they intended: if I was ever considering donating to Sesame Workshop, I'm certainly not anymore.

Do what I did for a few friends, rip them and edit them to remove that crap.
Example: If you rented "The Interview" on Google's video service (in HD) and played it back on a software/hardware stack that didn't have the latest DRM(1), you were limited to SD.

You paid for HD. You got SD.

Of course, you could go pirate a full HD copy of the movie and play it back anywhere. The effectiveness of these inconveniences is overwhelming.

(1) I'm not positive it was even possible to redeem an HD rental in HD. I don't know anyone that didn't get forced to play in SD.

I always get forced to watch Google Play movies in SD and I have a late 2013 MacBook Pro. It's the main reason I use iTunes more than Google Play.
when I rented it, HD and SD cost the same amount. but your point is taken
I looked into this and you could get HD on locked down devices (phones, tablets, TVs), but not computers, regardless of operating system. This was weird to see given that EME made it into Chrome recently and now Netflix works without silverlight. I ended up renting it on Youtube, then googling for an HD copy. Found one hosted on Google Drive (!), which produced quite a chuckle.
> Though I've never had this particular problem even with "DRM'd" media on Linux

The intel video driver on Linux is open-source. I am sure there would be forks disabling this functionality in case it would be implemented. I find it outrageous that there's software that disables a functionality like screenshot taking, that's malware to me. I own that framebuffer, not intel.

"Intel's just using Hollywood's fear of piracy"

DRM has very little to do with piracy. Hollywood know perfectly well that DRM will not stop a determined pirate and a movie only has to be ripped once to be pirated indefinitely.

It's about control. It's about the studios always having a seat at the bargaining table when new products/devices are being floated. They fear becoming a commodity supplier.

DRM is absolutely to do with piracy, that's the whole point of the technology.

Of course Hollywood knows that any given DRM scheme will be broken at some point. How much they care about this depends a lot on what exactly "at some point" really means. Almost all money from movie sales comes in a spike when the movie is first release, hardly any movies go on to become long-term cult classics that people are still buying years later. If a DRM scheme is so good that it takes three months to crack once disks hit the street, from the movie studios perspectives that's a huge win because during the movie's peak people had to cough up the money to buy it or put up with some truly crappy low quality version.

The same economics holds for other things like video games. Nobody cares if you beat the DRM on a game that's five years old.

So the real question is, can DRM give studios and other content creators such a window of time? The results are mixed. Sometimes the answer has been yes. Other times the answer has been no. It's complicated and depends on a lot of fiddly things.

DRM is tied to formats, not to movie releases. Your timin argument is odd when you consider that they still release movies on DVD with a thoroughly broken DRM system.

> The same economics holds for other things like video games. Nobody cares if you beat the DRM on a game that's five years old.

Yes, they do. Japanese game companies wanted to make it illegal to sell games to the second user market; MAME rom sites are routinely shut down.

Disney initially resisted releasing films on VHS because they would not be able to extract a charge from everyone in the room watching the movie. Disney uas investigated a bunch of different rights protection mechanisms. They invented video cassettes that had a ratchet meaning they could only be watched once and needed to be sent back to a factory to be rewound. They invented a DVD that oxidized in contact with air. It would be sent to you in special packaging. You had about 48 hours after opening the package before the disc degrades.

Early music players had weird schemes - one digital copy; weird software needed to load music to the device.

All of these are about controlling how the consumer uses the product. The intent might be to make casual piracy harder, but the effect is to make life really freaking hard for honest people.

DVDs are coming out months after the initial release, so timing is a part of consideration here.
"DRM is absolutely to do with piracy, that's the whole point of the technology."

DRM's stated goal was dealing with piracy, 20+ years ago. That does not mean that that is what it does now. Goals aren't results, to say nothing of the fact that goals 20 years ago aren't necessarily goals today. It is highly arguable that, given that it has failed to stop piracy comprehensively, that its primary utility to the people that use it is actually platform control. For instance, please see and think about the stuff discussed in http://www.antipope.org/charlie/blog-static/2012/04/understa...

One of the reasons I don't accept "DRM is about piracy and nothing else" is that it doesn't make sense of the observable facts. DRM costs money and basically doesn't work. If it were really about piracy, I think the "DRM is about piracy" theory would see one of two reactions to that fact: Either we'd see a great deal more investment into DRM than we do now to the point where it could actually be relied upon [1], or it would get dropped to save money. Neither is happening; DRM continues, its advancements are quite perfunctory overall, and breaks proliferate. On the other hand, "DRM as platform control" implies that the currently level of DRM tech and investment makes perfect sense, it's already the correct amount as investing a whole bunch more would not increase the already absolute control over platforms that it yields. So I am inclined towards the platform control theory, as it seems to match reality better.

As for the fact that the DRM users "say" it's about piracy... feh. Words. Words are meaningless nowadays. Look to the actions.

[1]: While "it can always be cracked" triumphalists haven't been looking, the previous gen consoles took an awful long time to be cracked. I'd say there's evidence that this could in practice be made to work for software, at least. The 3DS is still only pried open a bit, just shy of 4 years after its release, and that only recently! I wouldn't care to bet when the XBone or the PS4 get cracked; a straight interpolation of existing trends can easily suggest six or seven years. Music and movies are still going to be hard to fully protect due to the fact that what is output to the AV system is the content. Software allows for more opportunities for DRM.

I think you attribute your own goals to the DRM. I, for one, don't believe DRM is there to prevent all and any copyright infringement through technical means. It works very well against casual copying. Even Macrovision for VHS did, despite being cracked. It has no means to prevent e.g. unlicensed public performance though. Neither it's aiming at preventing unlicensed distribution on non-DRM platforms, which you seem to point as a fault of DRM.
"I think you attribute your own goals to the DRM."

Impossible. I have no goals for DRM, except maybe to see it die. While I do not believe that DRM is currently related to piracy, it is hardly a bizarre idea that it is intended to restrict piracy... that is the stated goal.

Either we'd see a great deal more investment into DRM than we do now to the point where it could actually be relied upon [1], or it would get dropped to save money.

... or studios have found a sweet spot they're happy with (or at least, not totally unhappy with) where spending more on DRM wouldn't be justified by the incrementally smaller increase in sales.

i.e. if you double your spending on your copy protection and it lasts an extra week before getting cracked, how much that extra weeks worth of sales is worth depends a lot on how many previous weeks there were before the crack. At some point the ROI curve stops making sense.

I suspect it's not pure business though - people in the media live off their creativity and seeing people pirate your stuff can be emotionally difficult. I would not be surprised if some places over-invest in DRM because they feel a moral and emotional imperative to defend their work from piracy as much as they can.

BluRay DRM is probably as good as you can technically get for movies distributed on discs. For movies distributed via the internet it's easier. But the economics of DRM are tricky - the key thing that hurt BluRay DRM (and the designers were fully aware of this problem) is that movie producers have a strong financial incentive to push player prices low, and player manufacturers have a strong financial incentive to push movie prices low. Movies and players are "compliments" of each other in the economics jargon. Not surprisingly, player makers make the absolute minimal effort when it comes to DRM and that's one reason why cracks keep happening.

One of the most obvious tension points here is PC software players. They're much harder to defend. But they increase the size of the player market (and therefore the movie market) a lot. So movie studios ended up deciding to allow them, despite knowing it'd weaken the DRM.

BD+ was designed to try and resolve this problem by allowing movie producers to spend the money on copy protection rather than player manufacturers, and it was remarkably effective for a long time. BD+ ended the era of open source players for good, only full time reversing teams that are willing to keep up continual effort on a disk-by-disk basis can break it. But in the end it wasn't enough for a fully convincing solution.

>Hollywood know perfectly well that DRM will not stop a determined pirate and a movie only has to be ripped once to be pirated indefinitely.

You know, I'm really not convinced they do. Everything I see from these people leads me to think they literally think this stuff is magic, and they want the snake oil so badly they'll believe the people selling it over the people telling them the disappointing truth, every time.

There's also a legal component of control. More DRM means more identifiers for content creators, distributors, consumers, including open-source Firefox that will support HTML5 DRM.

http://www.michaelgeist.ca/2014/10/new-tpp-leak-canada-emerg..., ".. shows Canada as the strongest opponent to TPP IP demands, signalling its opposition to a proposal 56 times, more than any other country. The strongest opposition comes in the patents, enforcement, trademarks, and copyright sections.

.. the U.S. wants Canada to eviscerate many of the recent reforms found in copyright and counterfeiting legislation along with court rulings on patent protection. These demands focus on enhanced criminal liability for copyright infringement .."

As far as I know the DRM on DCPs (Digital Cinema Package) isn't broken. Yet. Maybe because relatively few people have access to the encrypted content. I guess the most important thing for the movie industry is to have the cinema window free from pirated copies.
Where/how is this used? I ask because screeners are definitely a thing.
DCP is the format in which movies are distributed to theaters, usually on hard drives but sometimes over satellite or wired networks.
> It's about control. It's about the studios always having a seat at the bargaining table when new products/devices are being floated. They fear becoming a commodity supplier.

The only way the studios would become a commodity supplier is if there were numerous other sources of content people would pay money to watch. That's what it means for your product to be a commodity. E.g. consumer PCs are a commodity because if you don't like Dell, you can get an identical product from HP. But with movies, if you want Harry Potter, you have to play ball with Warner Bros., because consumers want that specific movie, not some generic equivalent.

The studios want DRM not because they don't trust consumers, but because they (rightfully) don't trust the tech industry. It doesn't matter that Harry Potter isn't a commodity if you can pirate it without doing business with Warner Brothers. The tech industry sells hardware and software services for consuming content, and it helps its bottom line if piracy is easy and prevalent. See, e.g., Youtube's being built on the back of infringing Viacom's copyrights. DRM gives the studios a toe-hold in the process to deter products that blatantly promote copyright infringement.

The studios are also distributors, and it is on distributors the pull of DRM is the strongest.

You are indeed a commodity if the consumers can get their Harry Potter fix from anyone.

(And that is basically what "pirates" have been saying for ages, that distributors are ice block sellers in the refrigerator age, and that distribution is destined to move up the value chain in the digital age.)

There won't be a value chain if the content creators don't get compensated. Piracy, digital or otherwise, only works if you are skimming off the top of a viable business model.

The distribution channel is really the commodity. Hell, pirates do it for free.

I'm a pirate, but I realize the worst thing that could happen is widespread piracy. Someone has to pay to create the media.

I have yet to hear a "pirate" (in the political sense) argue creators should not get compensated. The argument is mostly, as I said above, that distribution is a commodity.

Note that a commodity still exists, but it would probably mean that the age of exclusive distribution deals would be over. It also implicates prices should go down, so more money should reach creators.

What do you think they mean when they say "Data should be free!"

Even a cursory look at their position that places like pirate bay should be allowed to be openly run would lead to creators not getting compensated.

Of course if pressed on it, they'll say, "oh, they can work on donations or whatever people feel like paying." But that's forcing content creators to act like street beggars. Like a movie theatre is going to put a hat in front of the Avengers 2 movie to raised 300 million of Avengers 3. It is ridiculous.

You keep putting up a silly proposition just to argue against it. I know it's easier for you, but it's also intellectually dishonest.

I've had a small bit of dealings with political "pirates", and I have yet to encounter the position you describe. "Information wants to be free" (which I guess you really mean) is really an old catch phrase more associated with the cyber liberty movement of the early 90s and the crypto wars, more than with modern political pirates.

Nobody has suggested movie theaters run on donations alone, but there has been suggestions that movie theaters should be free to license movies outside the distribution agreements. Again, the underlying idea is that distribution will become commodity. Argue against that instead and I will gladly explain the situation further.

The situation with sites like The Pirate Bay is not a matter of letting them operate or not, but a matter of where the common carrier status lies and where the legal responsibility falls (with the uploader, the downloader or the various infrastructure providers).

"movie theaters should be free to license movies outside the distribution agreements."

I'm not sure I understand what that means. Any deal they make to license the movie is a distribution agreement, by definition.

The deals underlying movie distributions are cut once or twice a year, mostly at trade conferences. It's not something the theaters are privy to. You are normally not allowed to license elsewhere unless you care to lose your distributor. It's something that plagues many independent theaters, at least in Europe.

It's all a bit of a power play over their heads and it's one of the reasons why you can't start an online streaming service in today's environment, which was one of the questions that was relevant to the political pirates last I've heard from them.

I don't know much more because I'm out of touch with the whole piratism thing, I just wanted to correct the "why u no pay" attitude earlier. It's a bit silly to think they could have reached parliamentary representation on that party line, and slightly condescending to everyone involved.

Pirating movies: No hassle with DRM

Buying moving legally: Trouble with DRM (Windows, OS X), often impossible to play on Linux.

Let the customer decide. :-)

Consumer DRM is about making piracy more difficult. It's not an all or nothing proposition.

Video and Audio DRM will never stop scene pirating. It's easy to just copy the output. But it stops me from just copying movies I rented on Amazon Instant to my brothers PC.

If 10% of the population is pirating you shit, you aren't losing very many sales. Sure it hurts your profit margin a little. But most dedicated pirates are junkies for content.

But if my mom can't figure out how to pirate your content, you are fucked. That's why Napster and the P2P ruined the commercial music industry. It not only took a huge chunk of the revenue, but it changed the perception of the value of music itself. Instead of 12 bucks per album, people wanted 20,000 songs on their IPOD for free.

The fight against piracy isn't a fight to exterminate it, but to keep piracy out of reach of the critical mass.

Some DRM really works. PC multiplayer DRM works great and is the only reason the PC industry is surviving. Movie theatres are the best DRM there is. Not being able to sideload stuff on a nonjailbroken iphone is huge.

(comment deleted)
I wonder if Intel's SGX will be able to enforce that DRM much more effectively (going from history, probably not).
Question about capturing at the link layer:

Does anyone have any resources for capturing HDMI, stripping HDCP and recording on a computer?

(comment deleted)
You can't rip movies with an iDevice. The future of movie companies is, ship hardware devices.
Just a note on the discourse: the point "I own it, I should be able to use it the way I want" feels like not really effective (as a rhetoric) in many part of the western world and in many social circles. I really feel for example in France it would be easily brushed off using analogy to construction permits or driver licenses, or just put the person in some crazy-libertarian box ("the kind that want to print firearms at home"). There might be ways of framing the issue that fit better in a socio-democrat context (Europe, etc.). Ideas?
I'm not sure either. But at least in by country the leftish parties seem the most interested in protecting consumer rights, which might be a way to go. The libertarians seem more worried about protecting the company's "intellectual property" and include management engines in "their own" products.
Maybe stress that the computer is a creative tool and should not have artificial limits put in place? Compare this to a hammer and imagine that one weekend you wanted to finish that cupboard you're building in your garage, but your hammer starts throwing exceptions because your nails are not Apple iNails or otherwise MAFIAA-certified ones. "How dare you buy generic nails in a mom&pop shop around the corner?"

General-purpose computer is a tool that should be able to execute arbitrary code its users want to. I think Cory Doctorow summed it up the best: http://boingboing.net/2012/08/23/civilwar.html.

Europe has strong consumer protection rights.

The angle to take is that media is sold misleadingly. When I buy a DVD / Bluray I am paying for a physical disc and a licence to use the contents of the disc. That licence is restrictive and restricts my rights more than law. Thus, I am not allowed to extract a short extract to use in an educational setting (fair dealings; fair use). Packaging and marketing of DVD / Bluray is unclear about this and gives the impression that you are "buying a movie", not buying some plastic and a licence.

Exactly, this is the main problem I have with the people who claim in comment sections across the internet that since I'm only paying for a license to play the content, I can't complain about owning it.

Nowhere on the iTunes store does it say, "Click here to purchase license to play video". Not on Amazon or Google Play either.

This is just a case of false advertising by content producers and distributors. If they can cheat me, why shouldn't I be entitled to cheat back?

While that is a reasonable question, a even more reasonable question would be why are they allowed to cheat you and why do you have to cheat them back in the first place?
Sorry for the late reply, but I was simply framing my response in the context of the current situation, where if I want the right to play content that I purchased, then I basically have to resort to 'cheating'. Since I was misleadingly led to believe that I was purchasing the content itself, and not merely a right to play it within some closed box, I was cheated. I then have to resolve to cheating to regain what I believe I lost.

If politicians took a stronger stand against the tactics of media companies, then I most likely wouldn't need to cheat.

You acknowledged that you were aware of these facts when you read the EULA (you did read it, right?) at some point in the past when installing or updating iTunes (or whatever other service). I know it's ridiculous but that's how it works, make sure to show a 50+ page 'you basically have no rights' notice that you have to 'agree', and you can strip whatever privileges you like from your paying customers.
That doesn't work in Germany and probably not in other EU countries.

Cookie law shows that Europe will go after these small things. (But also that their "solution" might be stupid.)

Nobody reads EULAs. They are irrelevant in a historical context.

They'll clearly be replaced by consumer law at some point.

You don't have to sign a 20 page license to go into a shop and buy a banana, do you? And yet there are all sorts of property and purchasing rights (for buyer and seller) associated with that.

The correct way of talking about this now is to discuss what the consumer law should say which will replace EULAs.

Obviously I understand that nobody reads EULA's, and I completely agree that its crazy they even exist. Judging from the fact that I got downvoted for simply stating the obvious it appears people assume I'm ok with EULA's, but I'm not. That doesn't mean they don't exist though, and even though I don't know the intricacies of their legality, the fact that I'm not aware anyone ever successfully challenged an EULA in court (which would mean they should be history by now), I'm assuming that, sadly, content owners and distributors can strip your rights by presenting you with an EULA that no-one reads.
No, sorry, I didn't read the EULA. Also, I'm not a lawyer, and wont hire one to review each piece of software I use. In fact, I'm so wiling to take legal risks that I'll even greet my neighbors without consulting a lawyer first!
Not all EULAs hold up in all jurisdictions.
> the point "I own it, I should be able to use it the way I want" feels like not really effective (as a rhetoric) in many part of the western world and in many social circles. I really feel for example in France

I really think that's a complete strawman. People in France (or Europe in general) very much feel like "this is my computer, I use it any way I want". Personally I think even more so than Americans, because usually consumer protection from corporate scheming is better in Europe.

BTW libertarians would be a-ok with corporations defining how your computer works, that's entrepreneurial freedom, after all.

>BTW libertarians would be a-ok with corporations defining how your computer works, that's entrepreneurial freedom, after all.

Only because they imagine markets ('free') to be entirely defined according to consumers' desires, as opposed to the mess of monopolies, cartels and semi-cartels that exist naturally in the real world.

For me in France and Germany the correct angle is that if you do not control your computer, some big crazy American corp do, and can and will do whatever they want with your content, which usually means make money with it.
To use it "the way I want" is much smaller priority as to be able to dictate who uses my private property, for what purpose, and when. DRM violates each of those, and as rhetoric goes, the only law we should need is private property laws.

A driver license allow me to drive legally on the public road. It do not grant anyone else to repossess my car, instruct it to not run if someone else is behind the wheel, dictate who might repair or or what parts it will accept.

Years ago, I remember trying to screenshot video on a Microsoft XP box. When I tried to paste the screenshot inside any image editing program, the video region would remain blank. If I correctly positioned the image editor window over the window with the video source, the video would show through this region, but the video remained positionally fixed to the screen. I cannot remember if this happened for all video sources though. Could this have been caused by DRM?
(comment deleted)
It was because of how HW accelerated video decoding worked. You would specify the coordinates of a rectangle on the screen where to play the video. Then you'd display a rectangle of a certain color (#010000, I believe), to be used as a mask.

The window manager could show windows on top of the video, and the masking would work even though the video decoding HW knew nothing about window management and vice versa.

My partner is an academic, a lecturer in film theory. She watches a lot of films, and needs to make a lot of short clips for her lectures, and to take a lot of screenshots for her papers.

This task is becoming increasingly difficult as time goes by. The most reliable method (for her skill level) is now to rip DVDs, removing various bits of protection, before playing the film using VLC on Windows and using VLC to take the screenshot. This is a pain, as she now uses a Mac primarily (as most academia seems to be doing so almost exclusively because it makes presentations easier - connecting to projectors turns out to be the killer feature).

For a lot of films though, she pauses a film and uses a camera directed at the TV. Or worse, she'll record the clip on a camera (using the camera's microphone).

Aside from things like Box of Broadcasts (which is for UK broadcast TV), there are few to no resources for academics to resort to for sources of film that will enable dissemination to students through materials and presentations. All clips are short (10-30s), papers feature only a few screenshots when published.

Regardless of the studio and technology company desire to lock things down and control distribution, there remains a very legal exception to their controls: education.

And of course, education has resorted to alternatives to these locks. There exists private torrent sites that are collections of obscure, international and predominantly non-Hollywood productions. Like torrent sites pre-Netflix, these are actually the most reliable sources of films that academics use for sources. Even when an academic owns a DVD (as nearly all do for future presentation and citation purposes), the torrents deliver files that the academic can use to create clips and screenshots.

As much as possible, I try and help my partner avoid such sites. They are good, but in the hard world of academia I'm not sure her career will survive trying to argue any form of legitimacy of downloading content for academic purposes for already owned DVDs.

There is a very real and present danger that copy protections will harm libraries and education. They already are.

Curious why VLC/screenshot doesn't work on Mac?
It certainly does work -- I use it frequently. The VLC snapshot tool works perfectly, and the system screen shot (cmd-shift-3/4) works too, at least on the H264 video I just tested with. Not sure what the issue could be.
I have seen GPU acceleration cause problems with VLC taking screenshots before, the problem doesnt have anything to do with the video format as far as I remember, but with video drivers, updating those solved the issues.
It may be this. I assist remotely and thus far we've found Windows VLC after ripping a DVD and stripping copy protection to be the most reliable method. It just works almost every time (though even then she'll find some Windows computers at the uni don't work which the IT guy there suspects is to do with lower privileges and a clash with some group policy - but he doesn't know which ones).

Helping non-technical people get things done isn't just a case of figuring what works today, it's also what is most consistent and will continue to work. She very much gets used to one way of doing thing and disrupting that really interferes with her just getting work done.

The strangest part is that according to the law (fair use) she should be able to do that. This DRM is effectively creating its own "copyright law", just like Cory Doctorow has warned us before.

The whole copyright gang from MPAA to OS vendors and chip makers are using DRM to expand the reach of copyright law. And you can't just say "well I'll just break the DRM, since it's legal for me to take the screenshot" either. Because breaking DRM is illegal...So in order to exercise one of your rights you have to break another law.

You're conflating copyright law. She is legally allowed to take screenshots and clips from copyrighted material. There's nothing in or about copyright law that requires content providers to make this easy.
The DMCA makes it illegal to circumvent technological protections in many instances where the result would still be fair use, if it weren't for the technological protections and the DMCA making circumventing them illegal.

It's not just that the content providers 'make it hard' -- it's that their attempts to 'make it hard' are protected by law, not just by difficulty. Even if they DRM doesn't actually make it very hard at all, it's still protected by the DMCA.

https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_A...

If you read the section on exemptions, you'll see that there's one for exactly this case: decrypting a dvd for the purpose of criticism.
Yes, that is a temporary exemption made by the Librarian of Congress, as the law provides for such temporary exemptions (which can also be renewed by the Librarian -- or not).

Nonetheless, the existence of the DMCA as a legal framework, I think, belies the picture the original comment I was responding to paints, of "Just because there is fair use doesn't mean the content providers need to make it easy to copy their works." The DMCA specifically gives the content providers technological "challenges" the force of law, and makes it illegal to circumvent them, without any general exception for fair uses. There are some few specific exemptions (not a general one for anything that constitutes 'fair use' under copyright law), which are not actually part of the law explicitly, but temporary and at the discretion of the Librarian of Congress.

Easy or hard isn't the issue. The problem is there's an evil catch-22 at the intersection of copyright law and DRM: She's allowed to take the screenshots and clips, but it's illegal for her to get the DRM removal tools that would let her do that. And even if she magically acquired the tools, it is illegal for her to use them, even for an otherwise legal purpose.

It's like giving you a driver's license, but making it illegal for you to buy, rent, borrow or be gifted a car. And if you did happen to have a car anyway, it's also illegal to start, stop or steer it.

She is an academic in the UK, I'm not sure fair use applies but something else probably does. She's far more aware of those issues than I, I just advise how to get things done regardless of whatever constraints she may be under. My understanding though is that the constraints are technology based and how they interfere and prevent some things, rather than legally based and whether she is allowed to do something or not.
Fair use is called "fair dealing" in UK law (and in many other common law jurisdictions). It's not exactly the same, but similar enough in most cases.
I don't know much about HDMI, but couldn't I just run the video/movie in fullscreen and then capture the output from the HDMI and save the raw output to a disk?
Yes, HDCP has been broken for a long time and even if it wasn't, you could still capture the LVDS signal that drives the LCD panel itself.

But the problem is that those are very high-speed signals(1920x1080 24bpp at 60FPS is around 350MB/s+) that require suitable hardware to capture, basically uncompressed video, and recompression would introduce more artifacts than the original. That's why pirates don't usually go this route; the result is only slightly better than pointing a good camera at the screen.

I always assumed most movies were ripped using exploits at various points in the playback software stack? At some point the unencrypted bitstream needs to be available to decode, if you hacked the player or GPU driver code to dump it at that point, it would be possible to re-assemble it into an unencrypted video file, right? You would use a computer without any of the DRM features the article is about of course.
(comment deleted)
This is what I call bullshit job - zero value for humankind created, tons of human hours wasted. (I would even say negative value since security holes will be found if not already in this microcontroller firmware)
I stumbled upon this PAVP thing in an old Thinkpad just last week. My first thought after reading about it was basically this. Somewhere, some very talented software developers probably spent years working on this obscure, essentially useless thing.
I only hope is that as bullshit like this becomes more and more prominent, people will become more and more educated in what is acceptable and what is not (since it will bite them more and more). Eventually, public opinion would shift into more and more negative outlook on corporations who practice such things.

Offenders' influence would then decline and people will become smarter, everyone wins.

and people will become smarter

Unfortunately, my impression is the opposite - people are slowly being dissuaded from discovering these restrictions by the promises of convenience, and when they do run into them, they're faced with heavy rhetoric to the effect of "it's for your security" so they (reluctantly) accept it. Incidents like this appear isolated and are downplayed by the majority, who will continue to use the very services that restrict them, purely out of convenience.

Corporations are diverting people's actions of sharing information into their own channels so they can exert more control over them - witness all the "share on Twitter/Facebook/etc" buttons appearing everywhere (I personally block them, but I know they exist); they sure are convenient to use, and as a side-effect of their use, it reduces the amount of people who will "manually" and directly share with others (and thus know more about the transfer of information themselves.)

The same is happening with other types of media too, as evidenced by all the efforts to hide the filesystem of devices from users, since one of the most open ways to share data with someone is to give them a copy of a file. They are even trying to discourage linking to a resource, with browser vendors thinking of hiding URLs or parts of them. Ultimately, they are pushing for a world in which no one owns their (tightly locked-down) computing devices or has any knowledge of how they work (except for a few "specialists"), and all communication between individuals happens via some corporate intermediary. This makes it easier to censor and manipulate the users (probably to squeeze $$$ out of them), which is what the whole idea is about.

A comment so accurate it makes me sad :C

There isn't much one can do though as favoring convenience over not-so-obvious benefits of (abstract, for them) freedom seems to stem from the very human nature...

I used to think RMS' ideas were a bit far fetched, but with each such revelation that comes to light in the form of post on some relatively unknown blog those ideas seem more and more appropriate.

DRM is a placebo against technology.
It's bizarre foreign movie and music corporations (I'm Canadian) are dictating actual physical changes to computing hardware.

It's as bizarre to me as if US car corporations dictated I could only use premium fuel from Shell and monitored it in real-time.

The best part is that it is only a matter of time until the IME is cracked and root kits come with bits that you will never be able to clean without getting a whole new computer. Did you know the IME can send and recieve IP without the host processor ever seeing it? It's the ultimate way to own a machine.
I would assume the larger purpose of IME is actually exactly as a platform for persistent undetectable system compromise. Purpose built for TAO? As conspiracy theories go it's hard to explain the existence and full capabilities of IME in this decade without some NSA involvement.
Please take the conspiracist nattering somewhere else. As explained in the second paragraph of the article, the features of IME were requested by large corporate IT departments and pushed mainstream by marketing pressure, with the addition of DRM bits as requested by the large tech vendors who need them to negotiate licenses with members of the copyright cartel.

You look at this and see a secure rootkit. A corporate IT worker looks at this and thinks that they can image a workstation remotely no matter what's currently installed. A security person looks at this and sees secure base platform starting from TPM on down which can be setup to keep malware from irrecoverably compromising the system (remember the recent Thunderstrike discussion noting that TPM would protect against that firmware exploit?).

All of these have tradeoffs which can be debated but it's just silly to pretend that the NSA is centrally directing the entire industry.

What impressed me the most was how it's not only hard-coded, but that it can still reliably halt the system even when forcibly disabled. If only it could be fully and truly disabled in the BIOS, or even better, isolated as a separate SKU, then I would be much less irate about it's existence.

You can literally wipe all configuration from NVRAM and the platform is still available for "zero-touch remote configuration".

This truly is a PC beside the PC. The level of complexity is astounding; they built everything but a way to turn it off.

Anyone who requested the feature of "able to send and receive packets which are not seen by the OS" is either not really asking, or should be told no.

I mean, even if I have a pfSense or whatever box running in between, if I'm reading this correctly, there could be packets traversing the network I can't see?

And all of this has a "zero-touch" configuration capability. You know what that means, right?

The two together, simply put, it's a factor to consider when buying this hardware. People should be aware this feature exists, and what it's capable of. More than anything, it feels like this is unreported and under-discussed.

You're misunderstanding is what's going on here: if you need something like lights-out management, which is a requirement in any decent large IT shop, you by definition have a separate processor running its own operating system. That's the whole point: you can use this to power on the machine and initiate something like a software install when it has no existing OS install or a severely broken one.

Since that needs network access you either have the expense of needing separate NICs and ports – common in the server space – or having some way for it to share the NIC with the primary OS, which is popular because it costs significantly less and doesn't require wiring two ports for every computer. It's the latter capability which gives it the ability to send packets without the knowledge of the main OS since the traffic isn't processed by it in any way.

Again: this certainly could be abused but the capability originated for quite benign reasons – every large organization with an even marginally competent IT department wants the ability to do things like reinstall a system without having to pay to send a tech on-site to hit a couple of keys.

I understand perfectly well the IT requirements. However, capabilities which originate for quite benign reasons but which allow complete, persistent, and undetectable system compromise are typically called "bugs".

For example, I don't have any issue with remote power control. A secure form of Wake-on-LAN is wonderful, as long as the public keys are fully enumerable and totally under operator control, and the feature can be decisively disabled if desired.

To your point about packet processing, to keep with the Wake-on-LAN example, it's perfectly easy to share a physical port and keep the traffic fully visible to the OS as well as a separate processor.

If a remote party has permission to completely own my system, I want to see their name (public key) listed every time the machine boots, like the warning you get any time you access a government system;

  You are accessing a [Company Name] information system, which includes (1) this
  computer, (2) this computer network, (3) all computers connected to this network, and
  (4) all devices and storage media attached to this network or to a computer on this
  network. This information system is provided for [Company]-authorized use only. 

  Unauthorized or improper use or access of this system may result in disciplinary 
  action, as well as civil and criminal penalties. 

  By using this information system, you understand and consent to the following:
  
  You have no reasonable expectation of privacy when you use this information system;
  this includes any communications or data transiting or stored on this information
  system. At any time, and for any lawful government purpose, the government may,
  without notice, monitor, intercept, search and seize any communication or data
  transiting or stored on this information system. 

  The government may disclose or use any communications or data transiting or stored on
  this information system for any lawful government purpose, including but not limited
  to law enforcement purposes. 
Such a warning, requiring an 'I Agree' click at each boot, would adequately explain the risks to end-users of having such a component active on their system. But apparently, the more common practice is to hide the prompt at startup (typically Ctrl-P) to enter the MEBx Configuration screens behind another BIOS setting.

I'm not an expert at vPro or Intel AMT by any stretch, but upon cursory investigation, it appears the trust model (a.k.a all you need to completely own a system) is an easily obtainable certificate, and control over the DNS and DHCP server. It looks like the only thing that protects a system beyond this is a vendor-specific "remote configuration timeout" which would have to be reset by a local agent after it has expired. [2, 3] However, some Intel documentation claims that TLS-PKI "...allows a client system to be provisioned with zero physical interaction. Remote configuration is ideal for systems that have already been deployed into an environment..." which implies some way to overcome the remote configuration timeout... (See 'Alternate Path #2' on footnote #5)

[1] - https://software.intel.com/en-us/blogs/2009/10/07/intel-amt-...

[2] - http://h10032.www1.hp.com/ctg/Manual/c03455054.pdf

[3] - https://communities.intel.com/docs/DOC-1989#SECFAQ8

[4] - http://downloadmirror.intel.com/21729/eng/RemoteConfiguratio...

[5] -

What about graphic cards from Nvidia/AMD? What about the ARM CPUs from various vendors like Apple, AppliedMicro, Atmel, Broadcom, Freescale Semiconductor, Nvidia, NXP, Qualcomm, Samsung Electronics, ST Microelectronics and Texas Instruments?

Do they have similar DRM features too?

not much info at the top of the searches for Rosyna, what consumer processors is it in / going to be in? is it easy enough to just not buy it?