Slashdot Mirror
Firefox 49 For Linux Will Ship With Plug-in Free Netflix, Amazon Prime Video Support (mozilla.org)
Reader LichtSpektren writes: Widevine, the media protocol that allows users to watch videos on Netflix, is supported in Firefox for Windows and macOS. But until now, its users on Linux were required to use a plug-in. That changes with v49, which offers out-of-the-box support for Netflix.Mozilla plans to offer plug-in streaming for Netflix as well as Amazon Prime Video and other similar services. The v49 will be available on Linux in September. Mozilla adds that it will be removing support for NPAPI plugins from its browser in the near future, plugins that some video streaming sites rely on for playback. "Mozilla plan to support the Widevine CDM on Linux, letting users watch Netflix without plugins," the company said.
If they switch from NPAPI to CDM, that does not make them plugin-free. CDM is based on plugins and Widivine is a plugin.
...controlled entirely by three major vendors for some reason is praised by the software development community.
What is it about freedom and control of your own systems that makes even professionals so afraid?
for netflix viewers: ignore this update, you already likely see netflix on an embedded linux television.
for non viewers: enjoy your free, mandatory DRM in the browser.
for Firefox developers: get rid of pocket, get rid of sync, please work on fixing the bugs youre assigned, hustle up and get that godforsaken voice chat program out of the browser, restore cookie control functionality, quit mandating signed plugins to curtail adblock users, and ditch the targeted advertising tiles.
Good people go to bed earlier.
This makes me wonder if "App Neutrality" will become a thing in the future the same way "Net Neutrality" is today.
Imagine a conversation like, "I really only watch anime's that are on Netflix because that site 'just works'. I don't want to have to do the extra steps that I need to do for Crunchyroll."
Although for all I know this will affect Cruchyroll too. I just picked them out of the air as an example.
I do support this move by Firefox, but can we please actually call it DRM on this site?
We were just talking about how we want to call it out as being anti-consumer, etc.
https://yro.slashdot.org/story...
There's one thing really holding my HTPC back from sheer awesomeness.
The fact I can't navigate Netflix with a keyboard. Sure there's some rough scrolling and what have you, but it sucks. I want full screen arrow navigation. I know a webpage CAN do it, but why it won't do it is beyond me. The fact it CAN be done on commercial boxes with dedicated apps just annoys me so. I've tried to get copies of the apps meant for Blu-ray players, I even tried installing Dolphin to see if I could get the Wii version to work. No good.
Friggin arrow keys! How hard could that be?
The preceding post was not a Slashvertisement.
Actually, worse then the typical kitchen sink, because they will remove support for the old standard drains. Because legacy support is bad...
Widevine is "DRM and Content Protection" scheme (see http://www.widevine.com). But is it open source? The Widevine plugin appears to be a binary without any source code.
https://tools.google.com/dlpage/widevine
Is Mozilla putting a binary blob into Firefox, or do they have the source code for Widevine?
And queue a bunch of the beginner Linux sites releasing articles on how to pin Firefox on 48. Because "Hell no" to that crap on my system.
My original submission said nothing about plug-ins, so I declare this "not my fault"
:P
"the attack surface of plug-ins" oh fuck off. If processes can't be assigned fine-grained permissions then your operating system is shit.
Unfortunately, people have allowed themselves to become locked into incumbent operating systems that are, as you put it, "shit". But given the presence of "sandbox" in the titles of bugs listed at Media/EME, it appears Firefox is at least trying to limit the permissions of the CDM.
"Everything you need to begin your device integration or content encryption process is available here. Depending on your needs, please review the information below to help determine your next steps. ... For end users, the implementation of Widevine DRM is dependent upon your device manufacturer and/or service provider."
That shit is certainly not free as in speech.
It just gets worse the deeper you dig:
"In order to become [an implementation partner] the following obligations must be completed: ... Non Disclosure Agreement ... Product Licensing Agreement ... "
"[implementation partners] must: Have on staff a minimum of 2 individuals that are CWIP certified, Pass audits of end user sites conducted by Widevine to ensure proper and secure installations, End user and content owner experience must remain satisfactory"
NPAPI has started acting strange under FireFox for me. I currently have a crisis on my hands where in Linux, I cannot load Okular Plugin, or nspluginwrapper Acroread plugin and I need them.
I get errors like the following:
From Okular:
(msgtype=0xAA0006,name=PPluginInstance::Msg_NPP_SetWindow) Channel
timeout: cannot send/recv
Error: (msgtype=0xAA000C,name=PPluginInstance::Msg_NPP_GetValue_NPPVpluginScriptableNPObject)
Channel timeout: cannot send/recv
From NsPluginwrapper
wrapper.c:2228):invoke_NPP_SetWindow: assertion failed: (rpc_method_invoke_possible(plugin->connection))
*** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper/src/npw-wrapper.c:2278):invoke_NPP_GetValue: assertion failed: (rpc_method_invoke_possible(plugin->connection))
*** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper/src/npw-wrapper.c:2487):invoke_NPP_NewStream: assertion failed: (rpc_method_invoke_possible(plugin->connection))
*** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper/src/npw-wrapper.c:2159):invoke_NPP_Destroy: assertion failed: (rpc_method_invoke_possible(plugin->connection))
Okular Plugin and nspluginwrapper have nothing to do with each other. I instruct FireFox to load Okular Plugin for normal PDF Viewing but use Acroread when I have a specific site that requires an XFA Form filled out via Acroread. Has anyone else run into this?
It's even worse than just a binary blob, it's a binary blob designed for the sole purpose of subverting the end user:
"Robust device security is enabled by using factory provisioned keyboxes to establish a hardware root of trust, secure decryption and content rendering."
And let's make HTML support and the ability to zoom plugins too, while we're at it /s. No, seriously, some features are popular enough that they warrant being standard.
You can lead a horse to water, but you can't make it dissolve.
What is it about freedom and control of your own systems that makes even professionals so afraid?
Freedom and control is ok to a point, but often times having stuff just work is of greater importance.
I use Linux at home. I like it. I can setup cronjobs to automate maintenance tasks and write scripts to handle all sorts of neat tricks (ie, I had a ton of old TV series downloaded and discovered that my media player downstairs choked on anything encoded with the old "DivX" codec - in about 10 minutes I had a script written that would scan over the entire media directory, find stuff encoded in DivX, re-encode it, then delete the old file).
That being said - there comes a point where I just want my damned Netflix videos to work. And truthfully - for a STREAMING SERVICE - I don't have any issue with the DRM or plugins needed to facilitate it. The downside of DRM is that I consider it a rental. If I want to move the files to a different device it won't work, and if the mothership authentication servers go offline stuff stops working. I will not buy videos or songs that have DRM - HOWEVER, a streaming video subscription service is by definition already a rental service. On that type of arrangement I truly don't care about the DRM because I'm not paying for a copy of what I'm watching and for the most part the DRM doesn't get in the way.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
Netflix is a service you pay for, making you the customer, not just "the product" as with ad-supported services. When you asked Netflix support how to use the service with a PC keyboard, what was the form letter?
Do you have a disability advocate organization near where you live? Perhaps a support request from such an organization might carry more weight than one from an individual.
Hamburger menu > Preferences (or Options) > Content > Play DRM content
Turn it off and no CDM will run.
Removing NPAPI is actually a huge improvement, this has only been an invitation for companies to make a fleet of closed source, proprietary plugins that only run on Windows and which contain tons of security problems. Good riddance! Instead, if app developers need to do 3D and and video, they can use the built in browser APIs to do this, like WebGL, implemented better audited open source code available on all the platforms.
It is Netscape/Mozilla that is primarily to blame for Flash, Java, Unity, Shockwave plugin junk, because Mozilla for a while did not include built in Video and 3D capability for a long time despite enormous demand for this, but did provide plugin APIs which were just an invititation for Windows only plugins that would lock out FreeBSD and so on. There are still too many applications, often corporate custom apps used in corporate and education environments, and online games, that still use the Flash, Unity, and Java junk despite Flash disappearing from many sites like YouTube. We have Mozilla to blame for this plugin mess. Hopefully it will now go away for good and take all of its binary blogs, crappy proprietary code and so on with it.
Now, Firefox finally needs to get sandboxing and multiprocess to work to further security and safety, something that should have been done eons ago like Google Chrome has done.
Getting rid of NPAPI will be a win for Linux as it will stop companies from making OS dependant binary blob plugins and force them to use the built in browser 3D, audio and video APIs instead.
Most Firefox memory use is due to memory leaks and caching of image data, rather than actual code. What the browser could and needs to do is allow for more on the fly decompression of image so off screen images are not stored in memory uncompressed and allow the user to set the maximum size of the image cache. Google Chrome seems to do a little better because each tab is a different process, there is more chance for memory to reclaimed by the OS when a tab is closed and the process killed. Firefox is one big process that just accumulates leaked memory.
Are you saying that all libraries for browsers is being loaded statically at startup?
The world's burning. Moped Jesus spotted on I50. Details at 11.
I'm in agreement. If Netflix wants to throw out DRM-laden video, well, I'm only paying like $12 a month, so I'm willing to concede them the point. I'm not buying the videos, as you say, so if distribution means DRM-capable infrastructure, then so be it.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Dear Sir/Ma'am,
Our client, pecosdave, suffers from the debilitating disease of Laziness wherein he cannot be bothered to use a mouse or mouse-like interface to use your service, "Netflix". Our client has sent not zero, but exactly 1 (one) email to your customer support asking for proper keyboard support for your services web browser client. As described in his email, he is able to use arrow keys and the space bar without problem, and mashing his hand down on a keyboard as a response to your "Are you still watching?" prompt. However, anything that requires our client to sit up and move his arm around causes him considerable pain and mental anguish. We politely ask for your assistance in aiding our client and others stricken with Laziness in providing proper keyboard support for your platform.
Sincerely,
Real-life Lawyer
Association of Lazy People
This is the same buggy piece of crap that led to root exploit on many Android phones, since of course a media player needs privileged access to the kernel.
http://bits-please.blogspot.co...
But don't worry, that was a fluke, I'm sure the opaque blob for the PC is written by their best men, and not the scum of the earth who failed their McDonalds job interview.
The complete loss of security to all their users is a small price to pay to eradicate unlicensed copying of movies once and for all!
In a fair world, refrigerators would make electricity.
Why is it an issue? If you don't want to watch streamed Hollywood movies, the plugin won't be plugged-in. It's not going to reach out and stop your torrents, FFS.
Socialism: a lie told by totalitarians and believed by fools.
I mostly concur.
I was under the impression, anecdotal evidence based on experience, that Firefox leaded memory via it's Flash video player. I found that once I stopped using Firefox for YouTube it seemed to never really leak memory anymore.
But yeah, Chrome's one tab = on process is a smarter design.
Legacy security holes are bad. If no one's willing to continue to maintain the interface, it should be removed.
ICON = Idiots Can Operate Now
GUI = Goober User Interface
I use WIndows because I don't know how to use a computer.
All things I said in the 90's.
My real reason for wanting to be able to use my keyboard is I built a Kodi system and put all of my media on it. I really don't want to have to switch back to the Wii so my wife and kids can use Netflix, which they can't live without, and Amazon Prime video, which I have.
That and I have https://amzn.com/B00SIIU2N6 ">this as a control. I can make it work with the crappy little touchpad and have done so, but it breaks the feel of the whole system.
The preceding post was not a Slashvertisement.
Just get a Roku for your streaming services. It may not integrate into your HTPC, but it's always-on and low-power. If you have a universal remote already, it supports IR even if it comes with a Bluetooth remote.
Laziness != Convenience && Laziness != WAF
You can map keyboard keys to IR remote presses, making it work like an easy to understand consumer electronic device.
I use Chromium as basically my HTPC with a simple custom web app (runs locally on the machine) to tie a bunch of services together in Fullscreen Kiosk Mode.
I use a Mele F10 Deluxe air mouse/keyboard, purchased on Amazon for $30US. You can bind certain keys to certain devices (it has both RF and IR transmitters). I only use IR to turn m TV on and Off, but you can program it to control volume as well.
In Chromium I use the following extensions to make the experience a little cleaner:
- No Scroll Bars Please!
- Smooth Key Scroll
- uBlock Origin (necessary for Youtube and Spotify)
Sounds like we will have to back track?
Not sure how this plays out?
I'm not sure what you're implying here. This is about removing a large chunk of very old cruft and replacing it with something much smaller and much more tightly constrained.
Why is it an issue? If you don't want to watch streamed Hollywood movies, the plugin won't be plugged-in. It's not going to reach out and stop your torrents, FFS.
The issue is that we want an open source browser that's free from proprietary binary blobs. We're worried becuase "Mozilla plan to support the Widevine CDM ... without plugins". That is, Widevine won't be an optional plugin anymore. Instead, it appears that this proprietary binary blob will be installed by default for everyone.
Do you understand that this isn't about watching movies? It's about the principle of open source software.
Four, actually. (Five if you count Opera.) Three of which are open-source and have reasonably open development models. Plus the APIs are governed by an open-standards process that anyone can participate in.
I'm not sure what the point of your message is actually. Are you arguing that NPAPI was a valuable extension point to let people democratically extend the Web platform? Because in practice it was not; the only NPAPI plugin developers could use in practice was Flash. And Flash was 100% Adobe, so did not lend itself to "freedom and control of your own systems".
Removing NPAPI in favour of the much more limited CDM interface is a major net reduction in code and attack surface.
Your hate reflex is definitely misplaced this time.
Firefox does do "on the fly decompression of images so off screen images are not stored in memory uncompressed".
When complaining about Firefox memory usage, make sure your understanding of the issues is up-to-date.
Mozilla doesn't distribute any closed-source binary blobs. Firefox downloads the CDM separately. You can configure it to not do that. There's a "don't play DRMed content" checkbox in preferences; I'm not sure if that stops the download, but it will stop the blob being loaded.
How do you know? Because the company said that is how it works and they would never do anything to harm us?
EXACTLY
WAF is a very heavy considering in my HTPC. Putting all my movies, music, and photos on KODI has a high WAF, however having to go to the Wii or use a clunky touchpad for Netflix is very low on her tolerance list. She will generally switch to the Wii so she doesn't have to deal with the stupid browser launcher and touchpad.
The preceding post was not a Slashvertisement.
Because the code that loads the CDM blob is open source. If you don't trust the binaries distributed by Mozilla you can build it yourself.
Definitely see my recommendation for Roku in my other post, then. I was a one-device guy before Roku. Great UI, even if Netflix subverts it a bit too much. https://www.roku.com/how-it-wo...
I've seriously considered getting one of those TV's that has built in Roku. If I'm not mistaken it will play back the media on my Kodi box anyways.
(I'm still on a CRT for now, long story)
The preceding post was not a Slashvertisement.
I'd recommend not. If you can avoid a TV with Smart functionality, you can have a box that's easily replaced to upgrade even after the TV warranty is over.
Also, if you want a Roku TV, you have to buy one made by TCL. Their TV's aren't terrible, but having a choice is worth the extra money for a separate box.
Get her a FireTv/Roku and call it a day. I have several fire breathing HTPCs, with badass GPUs, but the wife only sees the FireTV for Amazon, Netflix and Kodi. She has her own remote and input, I even labeled the input with her name. This lets me go as crazy as i want with my HTPCs without worrying about accommodating normal users.
Good-bye