Thursday, January 18, 2007

Microsoft goes to Hollywood

So I recently read up on the latest 'features' Windows Vista has to offer. Appearantly the guys at Microsoft have gone to extraordinary lengths to keep 'Premium Content' secure. Basically the content owners (read: Hollywood, RIAA, MPAA, etc) will be very strict as to what it will allow it to be transmitted over/to.

Basically the content owners can decide if a platform is secure enough, this sounds reasonable but if a platform is not secure it will basically be rendered useless. Let me give an example. Most computers use VGA outputs or if its relatively new, the faster DVI outputs. Because niether of these have encryption in their transmission lines they aren't secure. From a Microsoft white paper:

a regular DVI monitor will either get slightly fuzzy or go black, with a polite message explaining that it doesn’t meet security requirements
and VGA
many content owners are requiring that [VGA] resolution be constricted when certain types of premium content are being played. Eventually they may require that analog VGA outputs be turned off completely
So in order to view the sacred content, consumers will have to shell out money for new protocols and outputs or else get a blurry screen or a 'polite message'. This doesn't stop at video it goes on to audio as well.

The restrictions on manufacturers are enormous as well, which means the price will be jacked up to compensate (or features removed to compensate). There is this Hardware Functionality Scan (HFS) that will be used. Basically to try and get a fingerprint of the hardware like a video card. But of course it couldn't be a static message as that could be too easily hacked. From the same White Paper:
For purposes of authentication, the device driver can ask complex questions of the hardware and then check the answers... The HFS test vectors must to be devised such that each manufacturer’s chip will return a different answer in some subtle way.
[...]
The questions asked by the driver software must result in answers that are difficult for anything other than valid hardware to produce. Two mechanisms can be used for this:
  • The calculation of the answer in hardware must be so complex that it would be impractical for anyone to emulate the hardware necessary to calculate the answer.
    - Or -
  • The internal workings of the graphics chip must be kept secret, such that a hacker building an emulator could not find out the required information
In practice, using a combination of complexity and secrecy is likely to be the best option. When secrets are involved, the HFS code in the vendor-supplied driver should be obfuscated to prevent it being reverse engineered, although there is no absolute requirement to do obfuscation.

Not only must the internal workings be (unnecessarily) complex, but it must be kept a secret. So developing on this model would consist of:
Engineer: Ok, I got this graphics card thats really simple and runs fast too. It can play all kinds of formats. Also it will be really easy to use this design for future developments because the design is simple and elegant. Also bugs and mistakes that we might/will make will be easy to debug and track.

Content Owner Executive: It's too simple and will be hacked too easily. Make it complex so no one can emulate it.

Engineer:Argh

[Months Later]

Engineer: Ok, Graphics card is complex in its working, I don't fully understand how it works. Runs a bit slower now, and it some times stutters, but we can't figure out why.

Content Owner Executive: Ok, now I need you to make the driver test that it is talking to the right chip

Engineer:ok.... no problem....

Content Owner Executive: Don't make it just a simple response. It has to perform a random complex calculation that the answer would be unique to the device, and the driver has to make sure its the right response.

Engineer:So I have to make a program that does the same thing as the card? But I thought I made it complex so that it wouldn't be easy to make a program do the same thing....
Another blog goes on about how Hollywood will have a say in any new security measures along with other problems.

This is all the tip of the iceburg. There is even rediculously unecessary encryption being done by the processor and the graphics card. Yes, the graphics card has to decrypt information, which encryption/decryption is not an easy process (or else its useless) and consumes time and resources. Along with these 'tilt' bits that are just gold for hackers.

Everyone (including myself) is up in arms about this. It is obvious Microsoft wants this 'Premium Content' as they release a patch for a hack for one of thier PayToDownload services in just three days after the 'flaw' was published. Compare that to viruses, worms, and other malicious issues that get "Patched On Tuesdays" and must wait for a batch of other updates. Also amusing is that the patch was circumvented quickly with a new version of the utility.

At first I thought well maybe it was just an easy fix and decided to put it up when they could. But then I realized that they went against their normal operations, they went out of their way to make sure that this gets fixed and fast. They didn't wait to slap the update with next Tuesdays batch. They did it immeadiatly.

Of course there are the fear mongerers around like the first page I linked. They think that all the hardware is going to skyrocket in price and everyone, even non-Windows users will be shelling out the dollars.


Here's what I think will happen:
Legitimate owners will have a choice of upgrading their computer system expensively, or just using a consumer electronics device like a DVD player to view the stuff.

Hardware manufactures will probably go 2 routes or a combination.
1) Stick with Hollywood and make extremely expensive video cards just so they can play the next blockbuster film, hoping that many users will want to view/acquire them on PCs. In order to compensate for the requirements either the price will jump, or other functionality like 3D applications will have to be stripped to give more power to the card.

2) Ignore Hollywood and continue to do what they have always done, hoping that users WON'T base buying the cards on if it can play the protected content, but rather on how well the card performs for its cost.

Then of course there will be the people that will download the content for free, never giving a penny to the makers, because the copies they give have restrictions or requires more hardware than necessary to view them.

Most likely more legitimate users will go to the 'dark side' when they purchase some content and then have to upgrade their player, and then find out that they have to upgrade their display or else live with crappy images. When during the whole time the kid next door can get you a version that doesn't care what player or display it is on. You can even take it to another computer and play it.

Basically I see it that anyone that tries to follow these restrictions will get nipped in the butt. The only way they will work is if the vast majority follow them. Newsflash, the vast majority aren't doing this, and aren't going to start. Hardware manufacturers, even the big ones that start making boards compliant with these specs will probably have a huge drop in sales, while any manufacturers that continue making cards normally will soak up all the customers.

I suppose if all future Hollywood movies or content is ONLY available on the new mediums with the security like HD-DVD or Blu-Ray. Even then there will be insiders who will leak unprotected copies, and hackers to bypass the restrictions. They could possibly circumvent with lawsuits and counter-measures like putting up fake downloads of the content.

Of course such a swift change would outrage consumers when their new DvD players won't play anything new. (A lot are just switching from VHS to DVD).

By and large, I doubt we will notice much other than a rise in piracy and a decline of sales in Hollywood, who will undoubtly attribute to piracy and either continue to try and tighten their grip or finally discover the futility of it, and actually reap the benefits of using technology.

Either way, I think that we will see the end of this tyranny in either a transformation of existing large companies or new rival ones stomping them down.

Frankly even if the same movie was available for free on the web, it takes time to download, getting it to a better display is already enough of a hassle. Going to the store and picking up a copy for $9 and popping it in the tray is much easier. In fact a lot of times if I like a movie enough I will buy it. I have 'The Matrix' on my computer, but of course I own it as well. If I didn't own it, I would probably still buy it, even if I didn't watch it on the disk, even if I never watched the movie again.

I would buy it because we all like to have 'things' from the original source. We buy the little trinkets and memorabilia at huge markups when we really like who/what/where it came from. But if we see the same thing at the treasureshop for under a dollar, or even free, that particular one doesn't mean much even if we get it. It has been tainted by being in some stranger's hands, and we haven't had to give much up to get it. It's common everyday quality (even if its in pristine condition) simply because you know it changed hands. If we like what it represents we will pay a reasonable price to own an official copy.



Argh I really should proofread this but I have things to do, so I apologize for spelling/grammarical/technical mistakes.

at 6:28 AM 0 additional ramblings

Categories: , ,

Subscribe to: Comments (Atom)