Hacker News new | past | comments | ask | show | jobs | submit login

Can some one explain to me why having, say, an HTML 5 based video player with DRM would be worse than one implemented in a closed platform like Silverlight or Flash? I'm genuinely curious, and not trying to make an argument here.



The whole point of replacing Flash with HTML5 video is to get rid of buggy third party plugins that crash all the time and have shitty cross-platform support.

If HTML5 video is going to rely on buggy third party DRM plugins, we lose the benefit that was the whole point of HTML5 video.


> If HTML5 video is going to rely on buggy third party DRM plugins, we lose the benefit that was the whole point of HTML5 video

Only HTML5 video that has DRM will rely on EME plugins. We've lost nothing. In fact we've gained. HTML5 video now has a strict superset of the capabilities it had before.

Without EME:

                    Flash   HTML5
                  +------+--------+
    non-DRM video | yes  |  yes   |
                  +------+--------+
    DRM video     | yes  |  no    |
                  +------+--------+
With EME:

                    Flash   HTML5
                  +------+--------+
    non-DRM video | yes  |  yes   |
                  +------+--------+
    DRM video     | yes  |  yes   |
                  +------+--------+


All video will now have DRM. We have lost video that did not have DRM.

It will now be almost as easy to implement video with DRM in production as it is to implement HTML5 video without DRM. Every provider will now use DRM. Netflix will use fancy DRM, which mostly works. Everyone else will pay $19.95 for theirs.

Never thought we were going to bring back the age of Realplayer (and the million others.)


> All video will now have DRM.

No, it won't.

> We have lost video that did not have DRM.

We may lose some because it may get easier to implement DRM and that may tip the balance for some content source.

> It will now be almost as easy to implement video with DRM in production as it is to implement HTML5 video without DRM.

But plenty of sources will still choose not to use DRM, as is the case even with other formats where DRM is well-estbalished as an option with simple toolchains.


If you aren't already using DRM , why start now?


transitions easy.

pointy haired bosses.

Before this change, being DRM free was at least somewhat pragmatic. Now it's only principles and consumer rights, and we live in a capitalist society, who the fuck cares about those?

This is a terrible development.


DRM is only desirable if you want copying your content to be more difficult. The reverse is true with the majority of content on the internet.


I run my browsers without Flash in order to avoid Adobe's exploit-du-jour crapware. This means, for example, that I don't run Chrome.

If this binary blob from Adobe isn't presented with a similar UI as regular "plugins" (that the user can disable or uninstall), then I will look into writing an extension to disable it, or perhaps rely on a Firefox fork to give me a Flash-lite(tm) free browser.


You might want to reconsider. Chrome sandboxes the Flash runtime [1], meaning a 0-day exploit in Flash alone doesn't get an attacker access to your machine.

1. http://thenextweb.com/google/2012/11/13/google-declares-flas...


That, of course, does not save you from other problems with Flash and the way developers have (ab)used it. Crappy/useless widgets on screen that serve only to eat your CPU and batteries, including banner ads and the like.


You can search for "Click to play" in the settings and disable plugins until you click on them. This helps a little security-wise, too, in case an attacker is resourceful enough to have both a 0-day for Flash and the Chrome sandbox. Not sure how likely that is, but it's also trivial to white-list sites you trust not to send you exploits from the icon in the URL box.


What makes you so sure?


So sure of what?


> If this binary blob from Adobe isn't presented with a similar UI as regular "plugins" (that the user can disable or uninstall), then I will look into writing an extension to disable it, or perhaps rely on a Firefox fork to give me a Flash-lite(tm) free browser.

Again, it's been stated that you will be clearly given the choice to disable the CDM entirely.


You could use Chromium, the open-source version of Chrome. It comes without flash, which needs to be explicitly installed to make flash work. Not sure what OS you use, but this is what I do on Linux.


Chrome now has a built-in 'flashblock', like the Firefox plugin of that name. Enable the setting and you'll not see flash unless you click a placeholder icon.


You can disable Flash from chrome://plugins


As far as I am concerned, video should be delivered to vlc via httpstreaming.

then, no browser involved.


Alternatively, the video should be made available for download as a file.


I believe the issue is not about the video player per se, but the specifications that are going to be (or are already there) added to HTML as a standard.

As I see it, it kind of looks like it help DRM, first by legitimizing it, i.e. it doesn't carry the same weight if it's something proposed by only one corporation ("these guys are crazy and don't know what they are doing") vs the weight it carries by virtue of being part of the HTML standard ("if it's a standard it must be already accepted by everyone so it must be good!")

And second, by preventing fragmentation among DRM solutions, i.e. it will be easier for DRM users (not end-users) to interact with one another and even innovate and pass on that innovation (licensing, etc) instead of fightning among them like it happens nowadays (i.e. SecuROM vs their competition, etc).

Again, that's what it seems to me, but maybe someone else can provide a different explanation?


It would be worse because HTML is supposed to be a hypertext standard, not a DRM standard. We shouldn't be putting closed things in "open" standards.


Standards cannot be open, they force you to do things certain way. E.g. provide support of legacy crap like JS and HTML.


There is nothing closed being put into the standard.


How do you think this DRM will work?


Because Adobe will be writing a closed-source module distributed in a binary form, you'll end up with the exact same situation as with plugins IMHO.

Only a subset of the available OS and processor architectures will be supported.

Flash was designed years ago and even though everyone wants it to die, we're still feeling its pain. Designing a similar solution in 2014 is just asking for trouble for the next 10-20 years IMO.

Oh, and you're giving up the opportunity/right to audit the code that runs on your devices.


Flash attempted to do everything - what we're seeing from it now is just the last few use cases for which it has not been replaced with HTML5 - and the solution is for the single use case for which HTML5 is a bad fit - reducing the bloat, enabling performance improvements and massively reducing the size of the TCB. Ultimately it's about as good as can be got out of html5 video.


I have the same feeling. Few people I know even use a browser to watch that type of content anymore. Frankly I think native apps on the TV, Nexus 7, iPad, etc won already and this isn't going to be used much.


I guess it depends on the implementation. At least we can put limits around the current flash plugin. Can we do the same thing for the new plugin architecture, so a media codec exploit doesn't take over your browser?

Or in a darker version - can we make sure the new plugins don't scan your drive for "incompatible content". Game anti-cheat systems already do that. At least flash / silverlight was playing nice so far, unlike some of the more interesting DRM systems in the past.


The various content providers have used HTML5 EME to demand stricter DRM than they could generally achieve before with closed source plugins, and they've got their wish. In particular, the EME implementations they're currently willing to license content for are Microsoft's (locked to Windows, unlike Silverlight/Flash) and Google's (locked to Chromebook hardware with its full protections against unauthorised software enabled).


DRM is less likely to be inflicted on users if every publisher must put effort into their own less-polished version.


Okay, let's assume that, in the former case, the functionality required is built into the browser and enabled by default.

The problem with the former case, then, is that I get a browser that ostensibly supports my freedom, and this code that runs things secretly, without letting me intervene or analyze, comes in with it, under the radar.

In the latter case, I have to take a deliberate action, explicitly agree to a license, and install a product I know to be freedom-denying. So I have something icky on my computer if/when I specifically choose to, and I know exactly what the icky stuff is, why it is there, and how to get rid of it if I decide to.

I think it would be much better if Mozilla were to present the DRM stuff as an optional, not-installed-by-default plug-in with clearly restricted scope, access, and capabilities. If they do this, then they probably ought to spin off the group that makes the plug-in as a separate organization.


To quote [1]:

" * Each person will be able to decide whether to activate the DRM implementation or to leave it off and not watch DRM-controlled content.

* We have surrounded the closed-source portion with an open-source wrapper. This allows us to monitor and better understand the scope of activities of the closed-source code."

So your hypothetical built-into-the-browser and on-by-default implementation does not describe the same thing that has been announced for Firefox. Indeed the actual plan is quite close to what you suggest in your final paragraph.

[1] https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challen...


That's good. Thanks for the info.


It wouldn't.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: