To Boost Its New Crappy DRM, Hollywood Tries Giving Away Free Movies
from the free-sometimes-isn't-worth-the-cost dept
We're always told that the reason there's so much piracy out there is because "people just want stuff for free." This isn't actually supported by the facts, because we see people pay when they can get things for free all the time. And, similarly, we know that those who often get the most free stuff, also buy more. In other words, price may be one component of why people buy -- and free may be an appealing price -- but it is hardly the only component in how people make their decisions on obtaining content. One of the key issues, for many, is the freedom and or convenience in how they can make use of said content -- an area where DRM solutions take away value from the end-user (which, by definition, lowers the price that the average person is willing to pay).Given all that, there's something rather amusing about Hollywood's new pitch for its Ultraviolet platform. As you may recall, this is the kinder, gentler DRM for video content that the industry has been pushing. It does let you watch content on multiple devices (within limits), but it's still DRM. And, as such, it's no surprise that the reception to UltraViolet has been somewhat lukewarm.
In order to deal with that, the movie studios are trying something different: giving away free movies. Yes, there's something somewhat bizarre about Hollywood using "free" movies as the incentive to get people to buy into their Ultraviolet DRM, which is meant to get them away from the "free" movies they were getting through unauthorized means. While it may attract a few people, it seems likely that the industry is going to (once again) discover the point that many of us have been making for ages. It's not just about free. If free comes with massive strings -- such as annoying DRM -- it's just not going to attract that many people. If they were strategic thinkers, perhaps they'd finally realize that it's not just about free, but about the overall package, and then maybe they'd stop making the overall package so annoying all in an effort to stop some people from accessing the same content... for free.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: convenience, drm, free, price, ultraviolet
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
Who do we fear?
[ link to this | view in chronology ]
Re: Who do we fear?
As long as you're using an open-source player like VLC or MPC-HC, and you've got noscript/adblock/whatever, and you don't download and run any EXE files, you should be perfectly safe.
[ link to this | view in chronology ]
Re: Re: Who do we fear?
It is not common, but it is not impossible for someone to make a "movie file" that is really a collection of malicious code written to exploit a flaw in a video player.
[ link to this | view in chronology ]
Re: Re: Re: Who do we fear?
Then again, i use a bit of common sense, and actually check comments before downloading random crap, and i stick to streamed porn. (if you're going to find something dodgy, it's most likely in porn, for soem reason porn downloaders all seem to be morons when it comes to comps.
secondly, it's not like it's hard to run malware bytes and fix it if you do get teh internet herpes.
thirdly, most communities are pretty damned quick to pull dodgy files.
[ link to this | view in chronology ]
Re: Re: Re: Re: Who do we fear?
In 20 years of owning a PC, I've never had a virus. The only virus I ever got was before I knew what they were, a silly thing on the Atari ST that reversed your mouse cursor movement every 10 times you booted from an infected floppy. Cute.
But, that doesn't mean that viruses aren't a real problem. To give another example - when malicious code automatically running from websites first appeared, I rejected that idea because it sounded like people just blaming the site instead of their own badly secured PC. It's confirmed as a real threat now.
"Then again, i use a bit of common sense"
A rare commodity, I'm afraid.
"secondly, it's not like it's hard to run malware bytes and fix it if you do get teh internet herpes."
Having worked in tech support facing the general public, I can safely say that most people don't know what that is, and would probably put up with problems caused by an infection rather than fix it if they weren't too intrusive.
"thirdly, most communities are pretty damned quick to pull dodgy files."
Key word - communities. More mainstream sites might not, or even honeypot-style sites might be set up deliberately to catch the clueless user who just googles for a file instead of using a trusted community site.
[ link to this | view in chronology ]
Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Who do we fear?
...especially when the people doing the coding are fools. Most software like this is written in C, (or derivatives such as C++ or Objective-C,) which is in no way a "modern language that can guard against these types of attacks." By having no language-level safety features whatsoever, anything written in a C dialect practically comes with a big "HACK ME" sign as a standard feature.
We've known that the C language is one big security hole (that can't be fixed because too much existing code relies on these flaws to do "clever" things a microsecond or two more quickly than doing them in a sane way would take). But people keep using it, and people keep getting hacked because of it, leading to billions upon billions of dollars worth of damage. In any sane world, today it would be considered an act of criminal negligence to write any operating system or other network-facing software in a C dialect. But people still keep doing it...
[ link to this | view in chronology ]
Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Who do we fear?
Personally, Java and the .Net platform are too bloated and you have way too many libraries added, swelling your binary (and memory footprint) well beyond what should be required.
And those "safe" platforms have their own security faults. Again, bad programmers are the problem. There's no excuse for memory leaks, other than either lazy or bad management who won't let the developer do things properly. That's not a C problem either!
C#'s garbage collector is not infallible, neither is Java's.
C's had a LONG life and a LOT of use, which means it's pitfalls are well known. C#, for example, is far from being totally understood. Not all of its pitfalls are known. Same goes for the .Net framework, or any of the web frameworks.
Criminal negligence for using a non-flavour-of-the-month framework? That's quite extreme.
Code properly and you won't have a problem, there's less risk with a well known language like C (who's a lot more than a few microseconds faster!) than newer frameworks like .Net 4.5.
You should really revisit C, or at the minimum, take some embedded courses and see the power of such a language.
I'd take C any day over C#. C# has its place and C has its place. Those places don't necessarily need to overlap and in some cases they should not overlap at all!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who do we fear?
If a contractor knowingly built a building using shoddy materials, and that building later collapsed, causing significant harm and property damage, the contractor would be held liable. How is this any different?
Personally, I avoid Java and .NET whenever I can, and I'm well aware of the problems, both conceptual and practical, with using a garbage collector. (See http://programmers.stackexchange.com/questions/129530/what-are-the-complexities-of-memory-unmanaged- programming/129555#129555 for my thoughts on the matter.) And I "revisit C" fairly often, generally to fix stupid bugs in open-source libraries I'm using. And about half the time, it's a bug that would have been impossible to make in a sane language.
Contrary to popular belief, it's actually possible to do native code, with all the benefits thereof, without C. Here's a fun fact for you: By the time that the Morris Worm came around and conclusively proved that C is unsuitable for its original intended purpose, namely OS development, Apple had been busy for several years reinventing the concept of the operating system, and laying of modern OS design that the entire home computer revolution has been built on ever since. In Pascal.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Who do we fear?
As for Pascal, what is Apple using now for OS-X? Are they still using Pascal? What embedded systems run with Pascal as their OS design?
I am actually asking. Just because everyone uses C doesn't mean it's flawless, I know, but it doesn't necessarily mean it is totally absurd.
I also find it disingenuous to compare a standard OS for a typical user (most critical systems have been hardened to not succumb to said failures you are referring to - though I am certain vulnerabilities exist) to shoddy construction materials. There's no threat to loss of life using a standard computer, by comparison to shoddy craftsmanship or improper use of available materials.
And "I never said anything about Java or .Net..." You didn't say anything about Pascal or anything, you just bashed C.
http://en.wikipedia.org/wiki/Morris_worm
How does this explain why C is not the best language for operating systems?
According to the article, it was related to known vulnerabilities. How does that prove C was the problem and it was not the best design for an OS?
Some other reading:
http://stackoverflow.com/questions/520068/why-is-the-linux-kernel-not-implemented-in-c
I do wonder though, Apple used assembly and an extended form of Pascal.
Perhaps the frequency of hardware changes, variety of hardware available, and productivity requirements are the reason people use C and not assembly as the core?
Please explain how it is unsuitable.
All I can find is:
http://www.google.ca/url?sa=t&rct=j&q=why%20c%20is%20unsuitable%20for%20language%20for% 20operating%20systems&source=web&cd=30&cad=rja&ved=0CG4QFjAJOBQ&url=http%3A%2F%2 Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.170.9818%26rep%3Drep1%26type%3Dpdf&ei =FiTvUKfFL-f7iwK89IHgBw&usg=AFQjCNGcOJQmN9YxPthN0PR0xPE7ni_oKA&bvm=bv.1357700187,d.cGE
Wh ich states that:
-Data hiding above function level not supported in C
-Free use of global variables is common (programmer - not language problem) and results in mayhem when global variables are manipulated externally
-> this makes C unsuitable for component based system
- C lacks concurrency support, no language constructs for synchronization - makes it difficult to port kernel extensions, ie: device drivers from one OS to another.
Is that what you meant?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Yes, admittedly, the Pascal language has lost a lot of popularity since those days. But that has nothing to do with technical merit. You can sum the reason why up in two words: Brian Kernighan. He was a very talented, very persuasive writer, and people have been treating his paper "Why Pascal is not my favorite programming language" practically as gospel ever since it was published, despite the facts that:
1) a lot of the objective language-level problems (as opposed to the purely stylistic gripes) he criticized were already obsolete when he wrote about them, and the rest no longer apply and haven't for a long time now, and
2) as the co-author of the definitive book on C programming, Kernighan had an obvious direct monetary interest in getting people to not use C's competitors, and therefore cannot be trusted as an objective source.
That's because, even though Pascal is my language of choice, I don't think it's the only suitable thing out there. But out of all the languages out there, the only ones I see that are in widespread use and actively causing damage are the C family. (And PHP, but that's a completely different topic.)
Because the "known vulnerability" was a buffer overflow, a flaw in the C language, and one that C makes very easy to create.
It's possible to create a buffer overflow bug in Pascal, but you have to really go out of your way to do it. (Including, in modern Pascal dialects, turning off the compiler's buffer checking that's designed to make this impossible.) In managed languages, it's even harder, since you don't have the option to turn off the buffer checking. But in C, it's trivial, as there are no bounds checks, either at runtime generated by the compiler or in the type system. (It's perfectly legal to declare a char[20] and then write to index 28. In Pascal, that's a compiler error.)
If you want to truly understand why the C family is unsuitable for operating systems, try monitoring Windows Update (or the update system on your OS of choice) for a while. Have a look at how often security patches show up to fix cases where "a carefully crafted [foo] could allow a malicious user to take control of the system." Those are buffer overrun exploits, and they keep coming. They keep happening, over and over and over again.
We're coming up on the 25-year anniversary of the Morris Worm. A quarter century later, we're still making the same mistake again and again and again, because the language is flawed and makes it very easy to make that mistake! One of my coworkers likes to say that Dennis Ritchie's true legacy is the buffer overrun, and you know what? He's right.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Why is the the fault of a language that developers can't understand it's limitations?
There's a reason people chose C and so far, you have only highlighted a limitation and the primary problem can be boiled down to two human factors:
1) Buffer overruns are due to bad coding (design or implementation/typos/errors)
2) Developers don't understand 1) or don't care or are told not to care.
I won't fault C because of code design.
People have to understand what they are doing with the tools they use.
I don't agree with the philosophy that compilers should protect against such behaviour. In some cases it may be desirable. If someone does it, well then it is their fault and I would hesitate to blame the language on the coder's mistake.
Man, you are bitter about C.
Out of curiousity, what language did you develop? No disrespect meant, but you sound like "Everyone is using this POS language with this flaw instead of mine, which is flawless."
Your words indicate you're really pissed and it just seems like a redirection of anger, and it is not placed at coders but instead the tool they used.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Indexing past the array is permissible because of the flexibility. You create an array for a contiguous memory allocation. You can access it with pointers or the index, which I will hazard a guess works out to the same thing when converted to assembly?
How is that a design flaw? Restricting is not useful.
You have to keep your pointers in check! That's a developer problem, not a language problem.
Why should the language restrict such behaviour?
If MS would push their developers to dot the i's and cross their t's and actually check their code for such mistakes in coding practices, this would not be a problem.
Unless the hardware caused this, corruption of pointers, due to some underlying problem in the context switch? Or a misconfiguration of a CPU register?
I don't know, but aside from pointer corruption caused by a glitch in the hardware (timing?), the only problem with accessing beyond the bounds of an array is due to bad coding!
Easy mistake, but what would be the loss to restrict C to protect against accessing beyond bounds? How can you tell what will happen at run-time? How do you know it's not intentional?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Of course restricting is useful, because it provides proof that your code will not index beyond the allocation. If you want to get a pointer to an element, you have to start from an index anyway, so any sane type system will ensure that your starting point is inside the array. (But C's won't.) So the real problem here isn't using the pointer, but moving the pointer.
If I had to guess, I'd say you were thinking about iteration when you wrote that. And iteration with a pointer can actually produce slightly more efficient ASM than iteration with an index variable, especially if you're doing something non-trivial inside your loop. It's a trick I've used myself a time or two, when efficiency was at a premium. But there are two points to keep in mind here.
First, most of the time, efficiency is not at a premium. Even modern "embedded systems" often have hundreds of MHz and tens or hundreds of MB of RAM at their disposal thanks to Moore's Law.
And second, even with pointer-based indexing, you can still stay within bounds when iterating an array. Just off the top of my head, a for..in loop could easily be implemented this way.
...except that Microsoft is hardly the only source of these errors. They show up in Linux. They show up in Firefox and Chrome. They show up in major open-source projects, exactly the place where "Linus's Law" predicts they should not, because it's such an easy mistake to make, and such an easy mistake to miss when reviewing it.
With run-time bounds checking, created automatically by the compiler. That's how modern languages ensure that buffer overruns do not occur in dynamic arrays, whose size are not known at compile-time. This is not a hard problem, no matter how confusing you try to make it sound.
I addressed this in my other response. Please provide a legitimate scenario for doing this intentionally, otherwise this argument has no validity.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Can you give examples of such languages?
Are any used for drivers? Could any be used for OS development?
Also, not all embedded systems have that much RAM. I firmly do not believe MHz and MB are excuses to bloat your code, not that you're implying it, but I don't think you should encourage it.
Bytes are free, yes, but you should not use them just because you can!
I have many MSP430 dev boards, 2012's (not the year, the model), which has only 128B of RAM. That makes it fun! I could code in assembly, and have, but I prefer C so I can focus on the algorithm. I don't import libraries because of limited flash sizes (2kB).
I am aware of the Raspberry Pi and would love to have it, but back orders, having an infant at home, house maintenance, the desire to play/write music, and the expectation of my employer that I will become a CRM Dynamics developer... those prevent me from having the fun I would love.
Though I do ask, can you give examples, actual code samples, that leave buffer overruns wide open in C that someone can exploit or cause themselves?
And examples of languages that prevent such possibilities.
Remember, questions like "What language is OS X written in?" is not the same as "And how'd that work out for you?" sarcastic comments!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
On the native side, Delphi, or other dialects of Object Pascal. (Also Haskell, I think.)
On the non-native side, anything that runs on the CLR or the JVM.
Delphi used to be used for drivers, until Microsoft changed the driver format and Borland neglected to update the special linker required. Were that to change, there's no reason why it couldn't be used for drivers or OS work.
Oh, I definitely agree with you there, I just think that there need to be limits. When people talk about not using bounds checking, they invariably attempt to justify it by talking about the performance impact, as if their code was still going to be run on 1980s hardware, and that's just plain ridiculous in this day and age! This is exactly the sort of scenario that the old adage about "premature optimization" was designed for.
Personally, off the top of my head? No. I try to avoid C whenever possible. However, I know where you can find plenty of real-world examples. Go to the bugtracker for Mozilla Firefox, or for any major open-source *nix project, and run a search for "buffer overflow" or "buffer overrun", and you'll get results, complete with code samples.
See above.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Imagine a chainsaw that had a button that would cause the chain to disconnect. Clearly, there's a legitimate use for this feature: maintenance. But now imagine that this button was located right by the most convenient place for the user to put his thumb while he was holding the trigger down, and that there was no safety system whatsoever in place to prevent the chain-disconnection feature from being activated while the motor was active.
And then someone's using it one day, and they accidentally bump the button with their thumb, and the chain flies off right into their face. Would you say "oh, that's the user's fault; he should have understood the tool he was using" or would you say "why in the world was he using such an unsafe tool in the first place?!?"
Thousands of people end up in the hospital because of this, but people keep buying this model of chainsaw, because the slick salesmen at the hardware store keep reassuring them that this chainsaw is just fine. "Oh, no, that thing they talk about on the news, that's just a bunch of sensationalism. You know how journalists are, always jumping on any story they can find. They need ratings, y'know? But this is perfectly safe; all you need to do is understand the tool and know what you're doing. Those guys they're talking about on the news, well, I hate to say it, but that's really their own fault. They weren't careful. They weren't smart enough to understand what they're doing. But you're not like that... right?"
I'm sure you can agree how ridiculous this scenario would be with a physical tool. Why, then, should it be considered acceptable in the virtual development world?
You say it's all just developer error. If it had only happened the one time, I'd be inclined to agree with you. But when there's a clearly-established pattern of the same error over and over and over again, spanning multiple decades and thousands of developers, all of them making the same mistake even when they know about it, simply because that mistake is so easy to make, that's not developer error. That's a bad tool that makes it far too easy to make a certain mistake. (Are you familiar with "Unsafe At Any Speed"? What I'm describing is analogous to the difference between an unsafe driver and an unsafe car.)
You assert that "in some cases it may be desirable." I find this idea absurd. Extraordinary claims require extraordinary evidence. In what situations would it be desirable to deliberately create a buffer overrun in your own code? (Legitimate scenarios only, please. The obvious answer, "writing malware," does not count.)
And no, I didn't develop any language. But I've been working with computers, both as a programmer and as a user, for decades, and I've seen the damage that widespread acceptance and usage of C has done, from both sides. I'm well aware that there's no such thing as a flawless language, but there's a huge distance between "no language is perfect" and "therefore we should not reject a language known to have serious safety flaws, because competing languages which do not have serious safety flaws are not perfect either." But apparently your mind is simply better-equipped than mine at making leaps of logic of that magnitude...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
I'm trying to have an intelligent discussion and you're attempting to behave like a troll. When you hurl insults, not disagree, then that's not debating.
You could say "you sound like a naive programmer and here's why..." and explain. But you didn't. And your analogies are really horrible too. People could hold the chainsaw incorrectly and harm themselves too! People using radial arm saws have removed their hands and many shops have stopped using them as a result, but is that the tool's fault?
A chain release button, to me, is not even on the same level as a buffer overrun.
Please explain how following proper rules of programming results in buffer overflows? If the developer guarded against that with if-statements, how can a buffer overflow result from accessing an array? Please also clarify the data structures used in your example, such as an array-index or pointer-array or simple buffer and pointer.
Then please explain, if C was so dangerous, why are these other languages you say are safer not being used? Why is it no one is using them? Is it really the results of R&K or is it ease of development and portability?
How would you design the OS and what language would you use? I'm not Tannenbaum, I am not Torvalds. I've not been lucky enough to edit the Linux Kernel, though I'd love to. I've modified drivers when I could and edited board support packages on embedded systems. But no, I didn't write a compiler or OS. I studied EE. I have done many projects at home, from the ground up in hardware and software, and my language of choice is C. But that's me, that's my experience. I've been warned to protect my code, don't leave it open to the problems buffer overflows cause.
My primary roles were testing, system testing, debugging, etc... but I listened to their warnings.
Why do thousands of developers do that? Because of poor coding standards? Because of laziness? Because they don't test their code enough? They are focused on producing instead of quality? They tested their own work without trying to break it?
So yes, if you want to be productive in this debate, rather than sarcastic and inflammatory, you could explain why other languages are not used. Give logical reasons please. I don't know if I can fully believe it was the sales pitch of C that resulted in its adoption for just about every hardware interfacing software development project.
You can't be the only one, and I've seen books on avoiding buffer overflows, so why has no one else adopted it?
And if C was unsafe at any speed, why would it be so widely adopted? Why would it not have been dropped? It cannot be a conspiracy! I don't buy that, unless you can provide some proof of that, it just does not seem logical.
If you choose to flame again, I won't bother replying. That's highly counter productive. I do not feel I have flamed you at all, questioned, yes, but I think you're inserting tones that are not present.
If I wanted to flame you, it would be blatantly obvious.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Who do we fear?
Then please explain, if C was so dangerous, why are these other languages you say are safer not being used? Why is it no one is using them? Is it really the results of R&K or is it ease of development and portability?
Well, let's analyze this one objectively:
Ease of development? Only if compared against ASM. Just look at the focus of this thread: In C, you have to manually write your own bounds checks! And that is demonstrably something that people get wrong, a lot. Nothing easy there.
Portability? Not for OSes, which is what we're talking about here. OSes have many design goals, but they're very low-level software, designed to interface with hardware. Portability is not one of them, by definition.
And neither am I, nor would I like to be. Their ideas have found some acceptance in the server world, but outside of that particular niche, both of their philosophies have largely been a failure. The computer revolution has been driven by home users, built on the OS principles pioneered by Apple and popularized by Microsoft.
Are you sure? Like I said in my other reply, these bugs have a long history of showing up in exactly the places where you would think they wouldn't.
You know FreeBSD? Widely renowned for its obsessive attention to security? Known for its strict standards and review practices? Well, have a look at http://securitytracker.com/id/1026460. Just last year, someone found a buffer overflow exploit in FreeBSD's Telnet implementation. This is freaking Telnet we're talking about! A well-understood protocol that's been around for decades. I bet whoever wrote that didn't think they leave their code open to buffer overflow problems either. But they did.
Because they're human, and humans make mistakes. And when you see people making the exact same mistakes so consistently, even when they know not to, even when they're trying not to but they just slipped up at some point and then someone ends up getting hacked because of an honest mistake, shouldn't you at least consider that maybe, just possibly, it might be happening because of a design flaw in the tool that just makes it too easy to make that particular mistake?
That's what got it adopted at first. C came out of Bell Labs, with the full force of AT&T's marketing and branding behind it. Never underestimate the power of a good sponsor. (Do you really think anyone would be using Java today if it had been invented by J. Random Hacker in his garage, and not by Sun?)
Nowadays, I'd say a bigger factor is inertia, the idea that "this is how we do it because this is how we've always done it." Everyone knows that C and its derivatives are the only way to write an OS, so that's how everyone does it. People talk about portability. They say that it's because a C compiler is one of the first things anyone writes for any new platform. But that's just a chicken-and-egg argument; people write C compilers for new platforms because everyone expects there to be one, because that's how it's always been for other new platforms.
Umm... what's with the C word? I never said anything about a conspiracy. Again, please don't put words in my mouth.
And I note that you haven't actually provided legitimate example of a time when a developer might want to intentionally create a buffer overflow for legitimate purposes. As expected.
[ link to this | view in chronology ]
Re: Re: Re: Who do we fear?
This is even trickier when you don't have a "standard" decoder due the fact that a format is not associated with a particular software vendor or their exclusive proprietary application.
Even PDF vulnerabilities can be blunted by not using the "official" decoder.
An uninviting environment slows down the spread of pathogens of all kinds.
[ link to this | view in chronology ]
Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Who do we fear?
Like AC said, if it's a movie file, it *can't* contain malware...
However, if you go to some shady sites that have a promise of good quality, recent releases, they'll try to sucker you in by getting you to install their download manager, or fill out an offer for a credit card before you get a download link... but still, you have to be really committed to downloading malware if you make it that far.
The downside to downloaded movies is the lack of metadata. You have to do some manual labor sometimes to get the movie put into your library where all your media players and devices will recognize what it is. For me at home, though, that has all be solved with Plex Server. Plex just figured out what movie it is based on the name of the file and downloads cover art, lots of meta data, and appropriate video thumbnails automatically for the movie as soon as it's done downloading, and it automatically just plays on any device in my house.
For me, the sad thing for Hollywood is that I now get a better PACKAGED experience from my downloaded movies - the cover art, plot summaries, etc, all directly onscreen. The official means of playing an Ultraviolet movie don't give me that experience.
[ link to this | view in chronology ]
Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Who do we fear?
You also have to factor in OS, OS version, and microprocessor architecture.
Talk about fragmentation. Now there's fragmentation.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Who do we fear?
That's true of any malware, though. OSX and Linux users have traditionally been able to sit smug and laugh at Windows users with their malware problems, even if they're using the same infected files. Meanwhile, the vast majority of malware takes advantage of flaws that have already been patched - they just take advantage of those who haven't bothered updating/patching yet. That won't be 100%, but it might a non-trivial number above 0%.
There's no such thing as malware that hits every machine, but that's not relevant. A successful zombie botnet might only need a few thousand infections, and as we've seen even technically proficient users might let their guard down when running non executable files. You don't need to get everybody, just enough to make your aims successful.
[ link to this | view in chronology ]
Re: Who do we fear?
If I need to see something so bad (which I doubt I have to) I will just Opt to Buy A Used Physical Copy.That way they do not get a dime from me.
I will Buy and Support Local and Indie Non-Hollywood and Non-DRM Art !!!
[ link to this | view in chronology ]
Re: Who do we fear?
EVERYONE likes free stuff, EVERY-fucking-PERSON on this planet...
so i REALLY hate the copy maximalists constant tsk-tsking about freetards who only want free...
EVERYONE wants free...
(AND the copy maximalists MOST of all: they want free rent for NO effort...)
lastly, for any kampers here who have dealt with entitled rich people (which is most ALL rich people), they will KNOW that rich people are the FIRST in line to not only get 'free' stuff, but to stiff underlings, hirelings, and other bidnesses ALL THE FUCKING TIME...
'cause -you know- they *deserve* to have all their shit free, unlike us li'l peeps of no means...
art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
Re: Who do we fear?
[ link to this | view in chronology ]
Re: Re: Who do we fear?
Some of us have standards of morality that prevent us from paying the MAFIAA a dime.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
You would hope that they would learn something when it fails, but I suspect it will instead be twisted around as evidence that "pirates" won't purchase from legal channels even when those channels are available for free.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Free?
Ill pay for DRM free stuff.
Fuhk man, how many times do we have to tell you?
I want to be able to use my content however I damn well please. I want to play it on my laptop, desktop, Ipad, or Windows phone... whatever.
You can take my money and use it how you wish. I will use my legally purchased content as I wish, and if I cant, I just wont buy it. There is your lost sale.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
VUDU is really easy to use. Wal-Mart set it up pretty well and I find it more convenient for rentals than anything else. Once I had entered my credit card number, it became a click it and rent/buy it (well, license it) process.
I had not originally realized it was UV behind the 'purchases' until I installed Flixter on my phone and the movies just appeared there.
Now, the bad. You need a UV license for the content AND it has to be available on the service. So, I can watch some movies on my phone but not on any of my TV's, and I can watch some movies on the TV's, but not my phone - that's pretty annoying.
Overall, I would say for the average consumer, it is much easier than my DLNA server setup (to ditch those plastic disk things) because the DLNA 'standard' is still so un-standard that unless things are encoded correctly, they may only play on some of the devices (BTW - Sony is the worst, their Blu-Ray player, streaming box, and PS3 all support different file types).
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
A really wrong approach (DLNA)
Alternately, you can use a better streamer like a Roku and run 3rd party software on it. Apps like Plex and XBMC are light years ahead of the DLNA clients baked into most TVs, Stereos, or BluRay players.
[ link to this | view in chronology ]
Re: A really wrong approach (DLNA)
I just use VLC.
[ link to this | view in chronology ]
Re: A really wrong approach (DLNA)
so long as your not running random .exe's attempting to download from shady sites, you're probably never going to see a virus in a download.
[ link to this | view in chronology ]
Re: Re: A really wrong approach (DLNA)
[ link to this | view in chronology ]
Re: Re: Re: A really wrong approach (DLNA)
[ link to this | view in chronology ]
Re: A really wrong approach (DLNA)
[ link to this | view in chronology ]
Re: Re: A really wrong approach (DLNA)
playon wants money for a crap interface with a tenth the functionality of the freeware (plex)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This is illegal because ... ummm ... give me a minute...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
To me entertainment freedom means I get to watch what I want, when I want, where I want, on the device I want without any advertisment, without any fbi-warning, with the means to make backups - this sort of freedom is certainly worth a few of my bucks.
A DRM-, advertisment-, fbi-warning-laden construct is worthless to me.
Dear Hollywood, get back to me when you got some offer that is worth the name...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
In other news
[ link to this | view in chronology ]
Re: In other news
Worked much better.
(mice like peanuts over cheese, BTW)
[ link to this | view in chronology ]
Re: In other news
[ link to this | view in chronology ]
This of course will lead to the rather funny point that the service is so bad they can't even give it away.
Also, you missed the best part of the source article: to get the movies, it requires the customer to buy either a new tv or blu-ray player, which makes them anything but 'free'.
[ link to this | view in chronology ]
They must think they are so clever when they go through all this effort so they can say they offer something, yet intentionally foul it up so that no one wants to take them up on that offer.
[ link to this | view in chronology ]
This is the problem with DRM. It is easily circumvented, it does not stop piracy and the only result is pissing off paying customers. Why can't the entertainment industries see this?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Opened DVDFab and ripped a DRM-Free Region-Free DVD, burned that to a blank DVD (for the time being it's just easier to do it this way for my wife) and voila, she could watch the movie on the computer.
The only thing DRM achieved in this case is frustrating my wife, inconveniencing me and using up a blank DVD.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
First the bin, then the bit bucket...
It's like how Netflix and Amazon Prime are where old/bad movies go to die. Now add UV to that list. '-p
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
*NOT* free
[ link to this | view in chronology ]
Re: *NOT* free
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is nothing new
[ link to this | view in chronology ]
Oh no way!
I mean - who would buy things they could get for free?
Like - vegetables. I mean, since you can grow them for free, who on earth would buy them....?
[ link to this | view in chronology ]
Not worth it. At all.
What did I get? Well, the Vudu app doesn't work on any of my mobile devices, so I got the ability to watch a digital version of my Blu-ray disc through the app...wait for it...on my Blu-ray player. Because the extra ten steps to put the disc in is totally worth losing HD Audio for.
Oh, and I also got 10 crappy movies in SD that I will never, ever watch.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Pirate on
I've looked at it from different angles trying to figure out just what their hold up is, and all I can figure out is that they want people to pirate...and then it hit me!
BLANK DVD SALES!
When pirates download their booty,they usually make a back up on DVD and in many places Hollywood gets a cut of all the DVD sales.So...
Ultraviolet=
increased pirating=
increase in DVD sales=
$,$$$,$$$,$$$
All that stuff about infringement and DCMA notices and all that anti pirate rhetoric is just a smoke screen!
What they really want, is for you to be a pirate!
Yeah, that's it...has to be!
[ link to this | view in chronology ]
@Mason Wheeler
And I said you SOUND like a bitter person because all you did was trash talk C.
Only after many posts does your reasoning come out. You can't say "it's obvious" because how many people here honestly know C? Or write code that talks to hardware?
Anyway, I'll look for myself for code examples then. I figured, based upon your word choice against C, that you had specific coding examples.
I am not a hacker, no time, and I'm not a CS major, so I don't know all the ins-and-outs of compilers or how OS's manage how an application runs. I do understand the processor level though, with pipelines and such, and the DMA etc...
That's why I asked for examples, of some code that can be exploited and how it is exploited.
Generally, if I am against something to the point of bashing it, I would prefer to be able to give examples off the top of my head, so during a conversation I could back it up. That's NOT A DIG AT YOU! It's just how I debate.
I can't think of any time I've written code that would, by itself, overflow a buffer.
That's why I asked for examples.
I'll consult the web for examples.
Thanks.
Cheers!
[ link to this | view in chronology ]
Wow
Outside of the DRM of Ultraviolet, it's a pain in the arse to set up as well. First you have to make an account, then you have to register the movie to your account from the computer. Next you have to register your device exclusively to Ultraviolate...otherwise no dice. Finally you have to put in the code that comes with your movie each and every time you wish to watch the movie you purchased away from the TV set...
The fact that they are giving away free movies (with a catch) is a sign of desperation that the Ultraviolate format is dying...but when you see how much of a hassle it is, why should anyone be surprised that it is?
[ link to this | view in chronology ]
Re: Wow
I just don't get all this negativity about evil DRM, but maybe that's just because I don't use Linux in my home theater. But why deal with the pain when my BD player and my cheap Roku box stream UV just fine?
BTW, the post I'm responding to is full of shite. There's no 48-hour limit, I never had to register any player, and I never had to enter a movie code more than once.
[ link to this | view in chronology ]
Re: Re: Wow
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Then I can go to pirate bay, iso hunt, or wherever, download the content, and it would be perfectly legal and paid for, and that would be the end of it.
[ link to this | view in chronology ]
Industry Imbeciles
Fortunately I am not interested in most of the infantile BS that these days comes out of Hollywood and the so-called "Music Industry" (which mainly consists of the issue soft porn videos all with the same inhuman and inflexible beat, boring two chord backing, and a three-note melody - if there is any melody at all).
I pity the younger generation that does not know any better than to consume the puerile rubbish that makes up mainstream entertainment in the 21st century.
[ link to this | view in chronology ]