Slashdot Mirror
W3C Declares DRM In-Scope For HTML
FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary."
Looks like the web is becoming more like Xanadu, but not in a good way.
It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences. DRM on the web is already a reality, largely using Flash or Silverlight (see e.g. Hulu, Netflix). However, both of these platforms face problems -- Silverlight in particular seems to have a rather uncertain future, Flash availability on tablets and mobile in general is largely non-existant. The poster asks us to "please use other applications when necessary" - is this really a good answer? That is going to lead to even less interoperability, and I would argue it hurts the web at a time when it's already fighting a serious battle against native apps that generally offer developers better control (of UI, no random GC pauses, actual threading models, etc). It's easy to say "DRM will harm the web", it's a bit harder to foresee what the eventualities of telling people "please go away and use native apps" are.
I expect this is likely not going to be a popular response, but in short please realize that this is not as simple as saying "DRM is bad". Yes, DRM sucks but I'd argue that in the long run, having a hobbled web platform losing out to native apps (see e.g. iOS) is going to suck more.
It seems like it should be incumbent upon those that want to restrict your freedoms to bear the full burden of that cost. That is, we do not help them develop a standard for this, and force them to do all the work necessary for their restrictions to try to propagate in the browser ecosystem via plugins, extensions, custom applications, etc.
I would never go so far as to restrict *their* ability to do so, but we should never EVER encourage such behaviour in open standards.
The standards committees should be spending their time (and money) developing technologies that would help people, rather than hinder them.
The BBC is not calling for legal sanctions to be in the standard or anything silly like that. They are merely saying that any DRM standard for online video must be executed in such a way that existing copyright infringement laws apply to it. In other words there should be a "copyright" field in the metadata, so there is no doubt about it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Well, so much for open-source W3C-compliant browsers.
Lacking <sarcasm> tags,
Web Deli - "Serving fresh websites daily"
00:22 (0 minutes ago)
Attn: Philippe Le Hegaret
cc: Paul Cotton, Maciej Stachowiak, Sam Ruby
Dear Philippe et al,
Further to your discussion, [http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0122.html]
Adding DRM to the open web is a dick move.
When you are old you will look back and think... yeah we really fucked up when we did that.
But anyway - hindsight is usually clearer than foresight - personally I would think your respective talent could be put to better use.
What you do in the world matters, and doing what your doing is harmful - it's shaping a sub-optimal future.
Please reconsider the value of what you are doing and consider pursuing other projects.
Kind Regards,
Principal Web Developer
Julian Smith | Director
e: julian@webdeli.com.au
m: +61423797376
Web Deli - “Fresh websites served daily”
eCommerce | Online Marketing | Drupal | Email Solutions | PHP Development | iOS Development
Please send all mail to : 303/585 Little Collins Street, Melbourne, VIC, AUSTRALIA 3000
Flash, Java, Silverlight, take your pick.
As the world wide web has grown it has gotten more information and become LESS usable thanks to all of the crap loaded onto it.
Yes, I know I am falling into the old-school "Back in the day..." crowd here, but seriously- I have a 100mb internet connection now and compared to my old-school 14,400 modem back in the 90s average page load times are.... about the same.
The information I am able to find and use is also about the same.
The useless crap I have to sift through is now HUGE on the other hand, and it actually takes more time to find relevant information. I have to move past all the bad video posts, Twitter crap and asinine Facebook pages. And I haven't even mentioned the BS sites that do nothing but redirect seaarch terms to advert delivery pages.
Hell, I would rather go back to text-based internet browsing than be forced to "migrate to decent user interface technologies."
It's a web PAGE, pal. It should look and work like a PAGE.
In sixty years, will people make greatly exagerated movies about life in the Wild Web?
Implement as much of the spec as you want.
Never let a mediocre career stand in the way of a good time
HTML/Browser DRM is just another profit driver for big corporations. Just another tool to up their bottom line. It's nothing about the good of the people, protecting your machine from those that want to do wrong. If it were really about protecting any personal content then it would protect content I post on a private or public website. Look at how little control you have on Android and IOS already compared to 2000 when you had a freer internet on a pc. As for the major OSes playing together, won't happen. Each one wants dominance of the big marketing engine that use to be the internet.
"However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it."
Not sure why you would defend the BBC, but that is pretty much the definition of a sanction. In fact it states quite clearly that the BBC is less interested in about how good the DRM is [they expect it to be broken], but whether anti-circumvention provisions is protected by law e.g. DMCA. It is just focused on stopping the people forced to pay for service in the UK having unrestricted access to the content they paid for.
Because this will break it beyond repair.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
That's pretty much all.
The best that this idiocy can possibly produce is further fragmentation of "The Web": right now, we have "kinda sane" standards in HTML 4.01 and XHTML 1, as well as CSS 2.1; everything beyond that are half-baked hacks in the form of several implementations of HTML 5, CSS 3 modules, their DOM APIs, and whatever browser vendors decided to implement. Adding DRM to the fray will not help things, since no matter how you look at it, you will end up with content only available on specialty browsers like Chrome, IE, or fringe mobile platforms, all the while still blissfully carrying the "HTML" tag.
At the end of the day, it will be cheaper for content peddlers to just cut out the bullshit and keep doing things in Flash, and I can't even say that I'm sad about it anymore.
Oh, and the W3C? They can go die in a car crash FWIW, it wouldn't be a huge loss beyond the humanitarian impact. Not like they did anything useful in the past 10 years.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
It's so tempting to just sit in the corner and say "DRM is evil, we don't want to taint the web with it" but unfortunately, as is often the case in the real world, we don't get to make decisions in isolation of their consequences.
It's not about the evilness of DRM, it's about the fact that it's useless. Has there been a DRM in history that has not been cracked? Why spend energy on a useless endeavour?
The people pushing for this may believe it's worthwhile and useful (or rather the content licensees do), but I think most people on Slashdot are clueful enough to know better.
So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?
Isn't it time for a binary web standard anyways, the creation of a universal bytecode for the web would enable programmers to have the power to either build with or without drm, but would also deliver much more power.
Is now on the web.
They should split off a commercial web from a free web via a TLD :)
On another point, the BBC mentions the revenue from selling DVD and audio recordings -- the profit from this is £182M. That compares to £3606M of income from license payers, at £145.50 each, thus about 25M licenses are sold. If every licence-payer paid an extra £7 we wouldn't need to protect that content. (Have I calculated that correctly?)
(Other broadcasters with different funding models might still want this system.)
More importantly those that *pay* for the content should simply get unrestricted access to it. The fact that the BBC make 5% profit on what is for all intended purposes a tax, simply shows how poor the content is. As for being taxed higher for the privileged something, how about they get paid a little less.
Nothing in the "Encrypted Media Extension" specs prevents or forbids proxying of both the key and the encrypted media stream to an external "decryption and caching" service. And all of the usual "how do we prevent the plaintext from leaking from the user's machine" questions are still in full force. It is unlikely that the W3C will get "effective protection".
extern warranty;
main()
{
(void)warranty;
}
Ummm, if the DRM is in the html code, then what is to stop somebody from having html code that circumvents the DRM? Here is a better idea. If you have content that you want to protect, then protect it on your end. Yes, it is less convenient for your users, but if they value your content they will still jump through your hoops. If they don't they will go elsewhere. Most likely the content owners realize that their content isn't all that valuable and if they try and restrict it on their end, people will indeed go elsewhere. However, that is how free markets are supposed to work.
Use online newspapers as an example. Many have paywalls and do quite well, with that model, however, those that do not want to pay, get their content elsewhere. It doesn't require DRM built into HTML to protect content.
So besides placating the studio executives, are there any valid (ideally technical) reasons why DRM should be pursued?
getting licensing on browsers so browser (trio, whatever, doesn't matter)monopoly can be created.
then they can create browsers without adblockers, cache flushing, cookie flushing etc..
it's both a technical and ideological explanation. not a pretty one.
world was created 5 seconds before this post as it is.
That would be awesome! It would be a whole new angle on the historic GIANT SPIDERS that roamed the Wild, Wild West!
Here, read this: http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0137.html, this person puts it very clearly: WTF is the W3C doing trying to *hinder* an open accessible web? DRM is against what their purpose in life as an organisation is.
Did "the Director" die, or something??
To be, or not to be: isn't that quite logical, Slashdot Beta?
Poor content? Compared to 90% of the bland shit that is produced by the other big commercial producers (Sky, HBO, ITV, etc) the BBC stuff is far better
I would disagree. In fact if I was legally allowed the option. I would cancel my TV license and subscribe to netflix which is less than half the price :)
All that the W3C rep said is that it is within the scope of the HTML WG to work on this API. The API describes how to interact with an optional module. Nothing in the standard says that a user agent must support this module. Blaming the HTML WG for DRMed content is a bit like blaming your television manufacturer for Fox News.
Is that the idea? That the HTML behind web pages isn't viewable? That web pages can't be printed? Or can't be viewed after three days?
Just go use a PDF ffs.
The ads will load into your browser, but not the content you were trying to access. The Ads will play a video, but then the video you were trying to see will generate an error. While you're at work, an annoying sound will come from the ads, but you still won't be able to read the article you were hoping to read.
The web has already become useless. Every site is so loaded with crap ads, you can't even FIND the content you were googling for. So go ahead, add the DRM. It won't change anything. It won't work, it'll cost more money to implement, and you'll get less ad revenue as even more people give up as I have.
Long live the web, death to the web.
If telephones are outlawed, then only outlaws will have telephones.
The proposal is to extend HTMLMediaElement (which is an ALREADY existing part of HTML) so it supports DRM in a standard way. ...
HTMLMediaElement is a specific DOM element that correspond to media elements (audio, video) and extends the standard element with media specific features: play, pause, length, volume, etc
The proposal is to recognize that DRMs are an widespread feature used in conjunction with media elements. As such, it is worth standardizing.
If the DOM accepts having play/pause features on a media element, it could also support DRM methods on a specialization of this element.
As you said, the implementation and enforcement of DRM is EXTERNAL to the DOM/HTML. Have you read the proposal ? I guess you didn't because the ONLY thing this proposal adds is a bunch of events and methods to allow javascript to provide the key to decrypt an encrypted flow.
Sig (appended to the end of comments you post, 120 chars)
please leave our internet alone.
When the internet was non-profit, it was a community where people contributed things to be spread around. The idea was that this facilitated the growth of knowledge.
However, once you introduce commercial information to the picture, it needs to be defended because people need to get paid or they'll stop producing it and you'll be left with less powerful alternatives. One reason that we have industries is so that we can concentrate talent and reward the best, thus producing the best products.
At this point, I think it makes sense to start talking about a neo-Internet ("new internet") where all content is GPL licensed and designed to be shared. This would not be a Utopia. A lot of content (porn, entertainment, shopping) would probably not belong there.
But for those who just want to swap code and information, it would be great.
We badly needed the W3C to define a codec when they defined the HTML5 video standard. They didn't. They said it was out of scope. To this day, HTML5 video isn't widespread yet because of that. Apple and microsoft are pushing their own agenda in having a proprietary, controlled, patented standard in which they hold interests used, while disregarding technically viable, free, open solutions such as Theora or WebM.
But the motherfucking codec was "out of scope".
And DRM is in scope? What the fuck people! You consider you have no say in the very fucking core of the video playing system, but you do get to taint the web with unnecessary shit such as DRM?
Everyone at the w3c can go fuck themselves.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
designers that don't care about Linux
Why should they care when there are other more profitable things to care about? I was under the impression that X11/Linux still had a usage share indistinguishable from a rounding error.
but when a web service/site tries to funnel me into having to use an app
...you do what, exactly?
The impression I got from the incomplete sentence was "I find a close substitute".
But then this runs into problems when a web site provides a native application precisely to work around limitations of Safari for iOS, such as the restrictions on the media object upload element (<input type="file">) in iOS. Only pictures and videos are supported, not other media types, the element was completely unavailable prior to iOS 6, and live streaming from the camera is still completely unavailable in Safari for iOS. (Source)
To my knowledge, the system used to restrict digital cable has not been cracked (apart from the "analog hole" workaround). That's the only example that comes to mind though.
you need to output unencrypted content to the end user
In the case of music or video, a recording of this output is a substitute for the legitimate copy. In the case of a video game, it is not. So to defeat the analog hole, produce interactive works.
So how does one buy a large enough monitor that is incapable of receiving broadcasts? Perhaps the UK market is different, but all the living-room-size monitors I see in the USA are capable of receiving broadcasts.
Lets focus on the specifics of EME. "DRM Bad" is a gross oversimplification.
Interesting, let's see.
I think we can all agree that HTTPS is a good idea - it lets us securely communicate with our bank etc.
Indeed, that's because HTTPS has nothing to do with DRM, besides the fact that both use encryption. HTTPS serves the user, and the user has full control over it.
What if our bank wants to send us a video message, or we want to watch one of our home videos we've stored on a cloud server? Well, we could use HTTPS for that. But HTTPS requires the server to encrypt the content as we're streaming it... that's probably OK for those scenarios, since there won't be more than one person downloading the same video at once.
Exactly. So far, no uses for DRM. Let's hear further.
Now suppose a video store offers to sell us a video. Of course we'd use HTTPS to send our credit card details to prevent them getting intercepted by hackers. The video store might let us download or stream the video over HTTPS. But HTTPS requires the server to encrypt the content as we're streaming it, and if lots of people are streaming the same video the server will be very busy. What's more, since the server has to send differently-encrypted data to different people, they can't use a CDN to spread the load (unless they load their private key into all the CDN boxes, which would be insecure). The solution is EME with the "Clear Key" encryption: the store encrypts the video file once, and tells us to stream the encrypted video file over plain HTTP from their CDN. They then send us the key over HTTPS. The browser uses that key to decrypt the file. Note that there's no "DRM" anti-consumer stuff here - the consumer's web browser has both the key and the encrypted data, and could save those if they wanted to. It's just protecting the data as it flows over the network, like HTTPS does.
What you described is no DRM. The server is giving the user full access to the media, by giving the key to him. They could as well store the media inside a password-protected zip file, serve it over plain HTTP, then send the password for that file to the user. It would have achieved the same level of security. The point is that no media company will use such a model for distribution, because a single user could give away his password to all the other users, making the system ineffective. In fact, no user's right is restricted by this model, there's no "black box" software or hardware involved, there are no encryption keys ureachable to the user, there's no personal information of the user stored inside the media. This is not DRM and this is not what people are afraid of.
Now, EME does also have hooks for a full DRM system. It doesn't specify a full DRM system - it's just hooks so your browser could include a DRM system if it wanted to. Rather than getting the clear key over HTTPS, the browser can get some encrypted data that's passed to the DRM system. The DRM system then does it's thing and decrypts the video, presumably applying copy protection as it does.
So after you've talked so much about completely irrelevant topics, you dismiss the actual problem with three lines and no argumentation. You're actually worsening my concerns, because not only you're telling us that EME will force all content consumers on the web to implement DRM and pay for its implementation and its computational overhead, but also you're giving us reason to believe that the specification will be incomplete, and every content publisher will be free to implement or license a different digital restriction management system based on those "hooks", forcing the users to choose what content they want to access, or to implement or license all of the competing systems, as is already happening with DRM systems for digital television broadcasting.
The sort of companies who are going
I, for one, will start with the boycott of any browser coming from one of the companies involved in this poisoning of the Web - on my computers and on those that people trust me to maintain.
Then why don't satellite TV access cards get hacked more often? Run certain parts of the game engine inside a smart card like that.
Gravity is really annoying for the American Airlines. Those are the breaks.
I'm fairly sure that without gravity, American Airlines wouldn't have much business. People could just flap their arms and fly to Mexico/Australia for the winter :-)
I know that I'm not going to be with the majority on this one, but I support this.
The choice here isn't between a web with DRM and a web without DRM. The choice is between a web with one good standard, or a dozen crappy proprietary solutions.
Lets be realistic here. If DRM was not supported in the W3C standards then we would just end up with a mess of proprietary standards in its place. I hate DRM as much as the next slashdotter, but I hate having to load up shitty proprietary standards to handle DRM even more. During that last Olympics I had to boot into windows to watch the online stream because the CBC used silverlight, and the linux version was not compatible. Without some kind of standard this kind of shit we have going on with flash, silverlight, etc. is never going to stop.
and our browsers might be a bit more stable because we'll have more competent people getting the edges of the DRM right
You'll still need binary plugins to interface with your browser, because this draft specification deliberately only covers the "glue", not the DRM mechanism itself. DRM can't be implemented in open source. You'll have to download and install different, incompatible binary plugins from (say) Google or Adobe in order to view the media offered by Google sites or Adobe sites. Of course, you'll have to be running on one of the platforms supported by the plugins, otherwise no content for you.
The media's directly linked, it has a URL---
Hi! ho! the derry-o, we simply GET the stream.
The link has gobble-de-gook, it changes every time---
Hi! Ho! the derry-o, we follow redirect.
It's encrypted with a key, the key is passed to me---
Hi! ho! the derry-o, our extension reads it for free.
The key comes from a script, the script talks only to Fred---
Hi! Ho! the derry-o, our sandbox looks like Fred.
A dongle decodes the stream, which plugs into USB---
Hi! Ho! the derry-o, its Certs have just been leaked.
It's all secure at last! A special TV decodes it all---
Hi! Ho! the derry-o, they didn't sell any at all.
It's encrypted again but now, NO ONE gets the key---
Hi! Ho! the derry-o, we watch Gaussian noise for free.
I'm used to it. Digital TV reception in my area closely resembles watching a raw stream of encrypted video where only God has the key. A pretty mosaic of brightly colored boxes that rearrange themselves into endless, hypnotic patterns. Its audio is mercifully muted.
Frankly, I'm amazed at the progress we've made.
<blink>down the rabbit hole</blink>
I can't wait until they implement code obfuscation so nobody can steal my JavaScript or make fun of me when I use tables! /sarcasm
Actually, Stallman was wrong on that, starting with confusing out "renting out services run on someone else's computers" (which is the actual source of the "trap", insofar as it exists, that he refers to, and is a practice nearly as old as business use of computers) with "cloud computing" (which is a set of technologies relating to dynamic allocation of resources -- virtual servers, etc. -- which has many applications, including, but not limited to, more efficiently implementing the kind of remote third-party services which have been around forever in which Stallman sees a "trap".)
People have told me that when I get really pissed I'm equal parts insightful (when I'm right), scary, and funny.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
As evil as DRM is, the proposal is technically more "in scope" than video codecs.
The reason why the video codec is considered out of scope is because there is no "best" choice and there is room for improvement (see : h.265, VP9). As for the "proprietary, controlled, patented standard", I believe you mean h.264 aka MPEG4-AVC. Well, sure, it is not free but technically, it is the best for now, plus it has very good hardware support. And we are not certain that WebM is really patent-free considering how close it is to h.264 in some areas. (more info : http://x264dev.multimedia.cx/archives/377).
On the other hand, the proposed mechanism for DRM is much more abstract. It is just an entry point for the decoder to request a key. Nowhere a specific algorithm is mentioned. And the way to actually protect the content is totally out of scope.
Arrghh.. Really? People can still totally misunderstand the situation this badly, in 2013?
The people who endure the things that you're talking about, also pay. The fact that they paid for the DRMed media, is why they have DRMed media. Nobody does anything like what you're talking about, to avoid paying.
People who don't pay, don't go through any of that. How much work am I willing to do to watch that movie for free? NONE. The free content is what works on a computer without any patches, rebuilding, soldering, etc; it works under normal conditions with normal hardware and software. That's the smooth, reliable case, and since anyone and everyone can work on it, there are many players competing against each other to be The Best.
The non-free DRMed content, is the stuff where the computer is always abnormal in some regard. Either the computer is actively hostile to its user (i.e. the user just accepts the absurdity of the DRM-compatible players' artificial limitations and their general lack of competitive features), or it's schizophrenic and (possibly) unreliable, due to needing to [appear to] serve two masters (the case you seem to be harping on).
There's not even a grey area worth speaking of. It's not a matter of "some non-payers have to deal with DRM and some customers don't." These are truly all-or-nothing scenarios, where the exceptions are so rare that it's not worth speaking of. Everyone who makes use of pirated media, is free from having to deal with DRM bullshit while they use that media. And similarly, everyone who does struggle with DRM, is always working with a non-pirated copy, which was paid for, unless you're talking about some fringe case of shoplifting or something like that. Don't you understand that?
So it's not a matter of keeping the honest honest. It's a matter of punishing and discouraging the honest for the "crime"(?) of being honest, constantly tempting them with the promise of how much nicer and easier things will be, if they defect.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It sucks, but it is what it is.
I don't think that's a very good attitude. Their goals on not realistic to begin with.
Filthy, filthy copyrapists!
http://lists.w3.org/Archives/Public/public-html-admin/2013Feb/0176.html
The question that lies open before us is: given that DRM exists, should it be implemented through proprietary plugins or should it be possible to hook it somehow into the open web platform?
How it can be possible to have an open platform and to "hook" DRM in it? DRM and an open platform are a contradiction. Good, you can give me the keys and the encryption scheme of your DRM and ask me to "follow the rules" to not copy the data. Anything other then to ask me polity to not copy your movie with the keys and the encryption scheme you just gave me, will be a closed platform.
It's a difficult question in part because even if you have the clear
goal that DRM should be eradicated — which you'll find is a view
actually shared by many people who support EME (in this form or another)
— there is no way to prove which path will most likely succeed in
attaining that goal.
I do know what will not archive that goal: to accolade DRM to a W3C standard. How can you say that people are opposing DRM and are actively working on a DRM W3C standard?
It certainly seems to be the case that platforms that probably
should have died a while back (e.g. Flash, Silverlight) survive to this
day because they support DRM.
Yes and now you are working to bring this to the open web. Which is not possible in an open web anyway, because you can't give me the keys and the encryption scheme and expect any security. So you can just drop the DRM in the first place and give me the content unencrypted.
We can all make guesses, we can have intuitions, but if we're being
honest there's no telling which strategy is most likely to succeed in
either eliminating DRM or turning it into something that's user friendly.
So that is the true agenda. To hook DRM in the open web as much as the user is not aware of it? That means turn the control over to the content producers. So basically, he is admitting defeat to Flash and Silverlight and wants to incorporate proprietary components in the open web. But by that in the future if you want to see "premium content" (from W3C) you have to accept those proprietary components in your open browser.
So what was the goal again for the W3C? To replace Flash and Silverlight with W3C proprietary components? I guess that's where the money is made.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
It's not Apple and Microsoft. It's them plus a couple dozen more companies that are a part of the H.264 pool. Basically anyone who makes electronics is in the MPEG-LA pool. And H.264 was pretty good at the time not to mention being widely adapted by all kinds of devices from phones to computers to set top boxes to game consoles. It became the Defacto standard.
WebM and everything else had the problem of not being significantly better than H.264 with a lot more problems. Video people remember the nightmare of competing players, containers, and codecs in late 90's and early 2000's. H.264 put an end to that. The last thing they wanted to do was have to go back to having to recode video in more than one format.
If WebM/Theora offered a significantly more compelling technical reason, say offered same quality as H.264 with smaller file sizes or faster encode times, then it would have been widely adopted by the industry. But it didn't. The only motivation to use it was purely ideological. Also video people were used to things being expensive. Compared to other equipment and software, an H.264 license isn't that expensive. If you are doing professional video you are used to the licensing models with music, actors, etc.. And most people trying to make a living around video could care less about the ideology. If it's not better, they aren't going to use it. And they will pay to use a better product.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
I could be considered "video people" (my associate has worked on TV his entire life, and our company produces several systems that are video-related, including a DVR/NVR). And yes, we do offer h.264 support, and yes, it's technically superior to everything else there is right now, including Ogg Theora and WebM, specially in the speed of the encoder. Also, there are no DSPs that support Webm or Theora, while there is plenty of hardware acceleration for h.264.
Here comes the so-fucking-what part. That is the past. That's what we had. HTML5 was supposed to be about getting things right and future-proof this time. We've all suffered format wars, and we all know what happens with vendor control over standards. We all wanted to get away from anything proprietary, HTML5 exists to get rid of flash, plugins, etc. Then they boycotted themselves. No capture interfaces for video/audio, they where discarded at the last second, so we still depend on flash for that. No real video element, since the lack of a single codec makes it useless.
Sincerely, I couldn't care less about what "video people" think about the web. Everyone in the web community outside people in the MPEG-LA group wanted WebM or Theora.
So, yeah, a switch would've been traumatic at first, but it would be worthwhile in the long run, and all the people that matters where willing to go through with it.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
As far as I understood the EME the W3C will not define any particular implementation, but will provide an interface to Content Decryption Modules. Vendors can then set a key and the CDM will decrypt the content.
So basically it's the same as with codecs. The W3C failed to define a set of open codecs and they are not defining any particular DRM.
I guess that means that the system or the browser will provide such CDM with the help of TPM and the W3C just provides a standard set of API to set keys and decrypt content.
It's just like Flash or Silverlight, with the minor difference that the DRM will run in your system.
See https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
You can always just play back the video in a VM (vmware, wine, whatever)
The Trusted Platform Module and UEFI Secure Boot specifications were created specifically to allow a program to know what kind of VM it's running in.
Yes. Because there is something called principles. Because freedom is not free. Because there are friends that will ask for help with the same. And because then you can publish/validate the approaches that worked so others would not have to go through the blind alleys.
Hardware is cheap these days, and if you get a good deal on a stereomicroscope the soldering of even tiny SMD parts is about as easy as it can get.
Nothing. But you can't actually do anything with this key.
The key is generated by a license server and used by a decryption module. The decryption module is in charge of validating the key and decrypting the media.
Even if you grab the key (trivial as you said), you still need the decryption module to accept it.
So, it is up to the decryption module (a plugin to the browser) to have a correct security scheme to avoid reusing this key outside its intended use. The best use case would be to have a key containing a date range for its validity (for example, 48h validity for VoD, a week or a month for a weekly/monthly SVoD) and maybe content id (for a single movie VoD), the whole key signed with a private key from the license server and the public in the decryption module.
So for a 48h VoD, it is not an issue if you grab the key because the DRM implementer is aware of that and should be able to work its DRM scheme to support it.
Sig (appended to the end of comments you post, 120 chars)
Death penalty is wrong in any occasion.
Renting a movie for 48h is perfectly ok.
So having a standard mechanism for browser to be notified that the content is protected and requires a key it can request to an license server and then pass back the obtained key to a decryption module that would enforce the content protection is 100% legitimate.
The REAL problem with DRM is not that they exists: they are perfectly legitimate in a society where we accept that people could own things privately. The real prob is their abuse, enforcement of stupid things and sloppy implementation. I don't care if my DVD or my BluRay is encrypted. However, I do care if it prevents me from skipping the stupid FBI warning or the upcoming-movies-i-don-t-care trailers. DRMs are a pain in the ass and 100% inefficient for things you own permanently.
However, DRM are an efficient way to support renting content for 2 simples reasons:
* renting being a one shot act, I can easily see another company to rent my next movie if the experience is subpar. So there is a huge incentive for the company to provide a great experience.
* rented media do expire. So a company can update its DRM scheme to improve user experience without breaking compatibility with content already sold.
Sig (appended to the end of comments you post, 120 chars)
with a paper notebook and a pen: http://veronika-funtom.livejournal.com/519477.html (in Russian)