
Why Rosyna Can't Take a Movie Screenshot - waffle_ss
http://www.alexrad.me/discourse/why-rosyna-cant-take-a-movie-screenshot.html
======
jrockway
This is all ultimately pointless because it's not like the video decoder
checks the integrity of its own code or the CPU running it or the compiler
that compiled it or that the OS it was tested against is actually running.
(Reflections on trusting trust.) Nothing actually cares about secure boot or
end-to-end code validation; Apple doesn't even include equipment on their
mainboards to do this anymore. Meanwhile, if you're going to grab pixels to
pirate video, that's easy: HDCP is broken, so just grab it at the link layer.
The key you need is on Pastebin!

Consumer DRM has always been a hardware-selling maneuver as far as I can tell.
"You need HDCP in order to watch this video." "I do? But HDCP is broken."
"Just buy a new monitor anyway." The Management Engine sounds like a similar
scheme. "You need an Intel Management Engine to watch this video." "I do?"
"Yes, it's very convenient for us that you need to buy a new computer even
though your current computer works fine otherwise."

Intel's just using Hollywood's fear of piracy to sell new computers, ignoring
the fact that the pirates are still pirating movies without any problems. It's
more funny than sad.

~~~
ris
"Intel's just using Hollywood's fear of piracy"

DRM has very little to do with piracy. Hollywood know perfectly well that DRM
will not stop a determined pirate and a movie only has to be ripped once to be
pirated indefinitely.

It's about control. It's about the studios always having a seat at the
bargaining table when new products/devices are being floated. They fear
becoming a commodity supplier.

~~~
davidgerard
>Hollywood know perfectly well that DRM will not stop a determined pirate and
a movie only has to be ripped once to be pirated indefinitely.

You know, I'm really not convinced they do. Everything I see from these people
leads me to think they literally think this stuff is _magic_ , and they want
the snake oil so badly they'll believe the people selling it over the people
telling them the disappointing truth, every time.

~~~
Thlom
As far as I know the DRM on DCPs (Digital Cinema Package) isn't broken. Yet.
Maybe because relatively few people have access to the encrypted content. I
guess the most important thing for the movie industry is to have the cinema
window free from pirated copies.

~~~
seanp2k2
Where/how is this used? I ask because screeners are definitely a thing.

~~~
Thlom
Most digital cinema releases are AES 128 bit encrypted. For specifics refer to
the DCI specification [1].

Screeners are from DVD/Bluray copies sent to academy members and such? If I'm
not mistaken?

[1]
[http://dcimovies.com/specification/DCI_DCSS_v12_with_errata_...](http://dcimovies.com/specification/DCI_DCSS_v12_with_errata_2012-1010.pdf)

------
buro9
My partner is an academic, a lecturer in film theory. She watches a lot of
films, and needs to make a lot of short clips for her lectures, and to take a
lot of screenshots for her papers.

This task is becoming increasingly difficult as time goes by. The most
reliable method (for her skill level) is now to rip DVDs, removing various
bits of protection, before playing the film using VLC on Windows and using VLC
to take the screenshot. This is a pain, as she now uses a Mac primarily (as
most academia seems to be doing so almost exclusively because it makes
presentations easier - connecting to projectors turns out to be the killer
feature).

For a lot of films though, she pauses a film and uses a camera directed at the
TV. Or worse, she'll record the clip on a camera (using the camera's
microphone).

Aside from things like Box of Broadcasts (which is for UK broadcast TV), there
are few to no resources for academics to resort to for sources of film that
will enable dissemination to students through materials and presentations. All
clips are short (10-30s), papers feature only a few screenshots when
published.

Regardless of the studio and technology company desire to lock things down and
control distribution, there remains a very legal exception to their controls:
education.

And of course, education has resorted to alternatives to these locks. There
exists private torrent sites that are collections of obscure, international
and predominantly non-Hollywood productions. Like torrent sites pre-Netflix,
these are actually the most reliable sources of films that academics use for
sources. Even when an academic owns a DVD (as nearly all do for future
presentation and citation purposes), the torrents deliver files that the
academic can use to create clips and screenshots.

As much as possible, I try and help my partner avoid such sites. They are
good, but in the hard world of academia I'm not sure her career will survive
trying to argue any form of legitimacy of downloading content for academic
purposes for already owned DVDs.

There is a very real and present danger that copy protections will harm
libraries and education. They already are.

~~~
higherpurpose
The strangest part is that _according to the law_ (fair use) she should be
able to do that. This DRM is effectively creating its own "copyright law",
just like Cory Doctorow has warned us before.

The whole copyright gang from MPAA to OS vendors and chip makers are using DRM
to expand the reach of copyright law. And you can't just say "well I'll just
break the DRM, since it's legal for me to take the screenshot" either. Because
breaking DRM is illegal...So in order to exercise one of your rights you have
to break another law.

~~~
mikeryan
You're conflating copyright law. She is legally allowed to take screenshots
and clips from copyrighted material. There's nothing in or about copyright law
that requires content providers to make this easy.

~~~
jrochkind1
The DMCA makes it illegal to circumvent technological protections in many
instances where the result would still be fair use, if it weren't for the
technological protections and the DMCA making circumventing them illegal.

It's not just that the content providers 'make it hard' \-- it's that their
attempts to 'make it hard' are protected by law, not just by difficulty. Even
if they DRM doesn't actually make it very hard at all, it's still protected by
the DMCA.

[https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_A...](https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act#Title_I:_WIPO_Copyright_and_Performances_and_Phonograms_Treaties_Implementation_Act)

~~~
tedunangst
If you read the section on exemptions, you'll see that there's one for exactly
this case: decrypting a dvd for the purpose of criticism.

~~~
jrochkind1
Yes, that is a temporary exemption made by the Librarian of Congress, as the
law provides for such temporary exemptions (which can also be renewed by the
Librarian -- or not).

Nonetheless, the existence of the DMCA as a legal framework, I think, belies
the picture the original comment I was responding to paints, of "Just because
there is fair use doesn't mean the content providers need to make it easy to
copy their works." The DMCA specifically gives the content providers
technological "challenges" the force of law, and makes it illegal to
circumvent them, without any general exception for fair uses. There are some
few specific exemptions ( _not_ a general one for anything that constitutes
'fair use' under copyright law), which are not actually part of the law
explicitly, but temporary and at the discretion of the Librarian of Congress.

------
MichaelGG
The other downside is that you can't use custom software to fix up video.
Netflix has a fairly poor player - more than one I've had to go torrent
something I was trying to watch in Netflix due to one playback issue or
another. From brightness to subtitles, to frame positioning (shifting the
whole playback area down to fit better on my wall when projecting very wide
formats) - Netflix offers nothing. Even worse for audio, where I often pump
center channel dialog and perform normalization.

It's sad how advanced the tech is compared to how limited our use is. (For
instance, it's technically trivial, but usably difficult to add Rifftrax
(MST3K reborn) to a movie on Netflix.)

Edit: The really nasty part is that this technology in general isn't bad. I
love TPMs, for instance. Gives me a fairly easy way to get relatively strong
security, say, to store my disk encryption keys, without memorizing a
passphrase. Trusted computing can allow the user to remain in control. But
slipping in DRM gets people understandably upset.

OTOH, I can't find details on exactly how this video stuff works. Wikipedia
points at the GPU part, making it seem like it's just the same HDCP-kinda
stuff that's been around for a while. (Annoying, but ultimately a decision of
your kernel to enable. As in, media isn't encrypted at the source to some
Intel key.)

~~~
userbinator
_Trusted computing can allow the user to remain in control._

Only as long as it's really the user the computer is trusting, and not some
other entity. Personally, I don't really like TPMs or any of the other "safe
computing" technology. In theory (and this is what everyone usually refers to
when they advocate it) they can help the user, but in practice they're almost
always being used to do the opposite and the path to freedom is insecurity
(e.g. jailbreaking, running homebrew software, etc.) As the saying goes, "in
theory, there's no difference between theory and practice; in practice, there
is."

 _OTOH, I can 't find details on exactly how this video stuff works_

That's sort of the point of DRM in general - you're not supposed to know how
it works, because then you would be in a much better position to break it.
It's no surprise that the details would be kept secret, and other security
technologies are likely being used for this purpose - e.g. DRM'd PDFs.

------
Pyxl101
Are chips with this feature sold in consumer devices? I'm planning to buy a
new computer soon. How can I avoid or boycott the chips in question? Or can
the feature be definitively disabled through the BIOS?

If I buy a computer, then I want to own it completely and not have arbitrary
DRM bullshit remove capabilities. If I wish to take a screenshot of copyright
content and share it with friends (fair use), then I should be able to do
that, and I will be seriously pissed if my own machine gets in the way.

Does anyone know which chips include this feature, and/or whether it can be
disabled?

~~~
pgeorgi
All Intel chips since 2010 or so have the management engine. There's a reason
why the "reclaim your freedom" notebook is still a Lenovo X60.

Some of them come with larger firmware (5MB, making up vPro and AMT), others
with the smaller one (1.5MB) that merely does the DRM stuff, but all of them
have the full hardware access detailled in the article.

AMD is clean on the chipset side until kaveri/kabini. After that, they come
with a "platform security processor". I think the GPU has some DRM features
(mostly concerned with adding Macrovision noise to the output signal), but I'm
not into GPUs very much.

Contemporary ARM stuff mostly comes with TrustZone, which can typically be
used for DRM as well. AMD adopted the TrustZone model for their current CPUs,
too.

Since Protected A/V Path and similar DRM systems require OS cooperation, the
easiest way to stay clear of them is to use Open Source media players, on an
Open Source OS.

If you want to avoid supporting proponents of such hardware assisted DRM
systems, plain ARM systems that ship without fixed operating system (eg. the
cuBox series, rPI & follow ups) are your best bet.

~~~
Audiophilip
@pgeorgi:

>All Intel chips since 2010 or so have the management engine.

Do you have sources for this? I wanted to verify it, but after a few Google
searches I could not find anything that states exactly that. I have a Haswell
CPU, but I have no Management Engine settings in my BIOS.

How does the vPro feature correlate with the Management Engine? Because not
all Intel CPU's come with vPro. Or is that only a firmware difference? Would
be nice to see clearer in this issue, but most websites contain only marketing
nonsense.

~~~
pgeorgi
My source is that I work on coreboot, where we have to interact with that
stuff all the time. It's actually somewhat hidden in our haswell driver
because so much is now binary-only on Intel platforms.

But look at
[http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=sr...](http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=src/northbridge/intel/haswell/finalize.c;hb=HEAD)
whose comments refer to both "ME" (the management engine) and "PAVP", which is
the "Protected A/V Path" referred to in the article.

One sure way to figure it out is to get a full image of your firmware flash,
and analyze it. coreboot has a tool called ifdtool which can parse the "intel
firmware descriptor", which is kind of a partitioning scheme for flash - among
other things, to make room for the ME firmware.

Sometimes board vendors have full images available for download that you could
use for analysis, but these days they're often smaller, shipping only the
changed parts. flashrom (www.flashrom.org) might be able to read out the chip
on your running system, but on Intel platforms in particular, this is often
restricted and you'd need to attach some external flash programmer to read it
out and be sure.

I think it speaks volumes that you have to work around such things on your own
hardware in the first place...

As far as I know, vPro only requires the larger firmware and the use of on-
chipset hardware, in particular NIC and GPU, since the vPro firmware doesn't
support external devices.

I don't know if that's just economics (no need to write drivers for tons of
devices, no desire to support other vendors' hardware) or if the ME is too
limited for that - but my guess is the former.

One way we (at coreboot) can test ME involvement is to corrupt the ME firmware
with an external flasher (while leaving everything else intact) and see the
system either not start at all, or reliably shut down after 30 minutes. The
exact behaviour depends on some wiring on the board, I guess.

~~~
userbinator
From that file:

    
    
        pci_or_config32(PCI_DEV_HSW, 0xb0, 1 << 0);     /* BDSM */
    

What is "BDSM"? It almost seems like a strangely appropriate name for another
DRM feature.

 _It 's actually somewhat hidden in our haswell driver because so much is now
binary-only on Intel platforms._

One thing that I've noticed browsing around Coreboot sources is that the
source code is rather opaque - full of "magic constants" with little to no
meaning. It may be "open-source" and GPL, but I don't think it's in the spirit
of open-source to have code that can't really be understood. I can get the
same depth of information by just disassembling a BIOS and seeing what
addresses it writes with what values. If anything, it feels like someone has
found a way to "contribute" to open-source without actually disclosing much.
(Aside: how do binary-only blobs get let into Coreboot? It sort of defeats the
purpose, doesn't it?)

 _and see the system either not start at all, or reliably shut down after 30
minutes_

That second alternative is just scary. _Really_ scary, like a hidden silent
killswitch.

~~~
pgeorgi
When all you do is to write a single opaque value in a register, and never use
those bits again, it's slightly excessive to give each of them a name. This
also reflects in chipset documentation, which sometimes comes with pages and
pages of "write X to register Y", and not much more.

The value is that the higher level structure is more easily visible when you
know what is code and what is data (which is the main issue with disassembly),
and the ability to quickly see that you haven't missed extra code that is
executed in some sneaky place because everything in the output is accounted
for somehow.

The options we have with coreboot are to have 8MB of unaccounted stuff, or
500KB of unaccounted stuff. The latter can be reverse engineered more easily,
since the scope is known, and the complexity is a magnitude smaller (no code
decompressing other code, jumping into it, ...). That was actually done for
sandybridge. We even built tools to simplify reverse engineering
(www.serialice.com)

As for the funnily named BDSM register:
[http://www.intel.com/content/dam/www/public/us/en/documents/...](http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/4th-
gen-core-family-mobile-u-y-processor-lines-vol-2-datasheet.pdf) calls it "Base
Data of Stolen Memory". Essentially, both GPU and ME get assigned some system
memory to work in, and that register contains the first address that isn't
available to the CPU due to this arrangement.

That register itself is harmless. In older Intel chipsets, it was possible for
the host CPU to get a peek into the ME's memory by messing with that register,
which was used for some ME analysis in 2012 or 2013. Unfortunately they
plugged that hole, and that register's role is more of the informative kind.

~~~
userbinator
_This also reflects in chipset documentation, which sometimes comes with pages
and pages of "write X to register Y", and not much more._

It almost feels like they're trying to hide something if they don't give any
reasoning for what those values do... and so I'm rather curious as to what
happens if they're changed. Some bits might have no effect, some could have
catastrophic effects (e.g. if they control some of the voltage regulation
circuitry), and some could have very _useful_ effects that they just don't
want you to know about. Intel CPUs have had undocumented features since their
introduction; it's not hard to imagine their chipsets do too.

~~~
pgeorgi
For the most part it's probably that they kept things flexible that aren't
strictly necessary, but it simplified their development process of the
silicon.

So when they're done with the silicon, and routed all the traces, and so on,
they can run their magic tool that measures delays and things like that, and
then calculate the best performing set of values, and write them into the
document.

It also allows them to dial back some of the values should they figure out
that there are problems. I fully expect these numbers to change a couple of
times between them finalizing their silicon and releasing it (and the
reference code and documentation) to the public. Now consider how much trouble
it would be, even for Intel and their world famous fabrication process, to
create new silicon for each of those changes.

Take the tables in i945's raminit
([http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=sr...](http://review.coreboot.org/gitweb?p=coreboot.git;a=blob;f=src/northbridge/intel/i945/raminit.c;hb=HEAD#l923)).

From the shape of these values, they're probably some delay configuration for
the different types of DDR2 pins (dq, ctl, clk) going from somewhere inside
the silicon out to the pin of the package, but I doubt that the documentation
actually provided any explanation for them.

Of course, one of these registers could mean 'change all calculations in a way
that the electromagnetic field contains the private key'. But they need a
better way to enable that function than in firmware, where it's done for
everyone.

In the end, I'm fine with such magic values in magic registers, as long as
they make some sense (right register block for the current task instead of
messing with the audio codec while initializing usb) and are unconditional
(that is, no if (user_is_evil()) write_enable_tempest_register(); ).

If there are no unexplained conditionals, any backdoor would have to apply to
every user - in which case they could just enable it unconditionally in
silicon.

------
juliendorra
Just a note on the discourse: the point "I own it, I should be able to use it
the way I want" feels like not really effective (as a rhetoric) in many part
of the western world and in many social circles. I really feel for example in
France it would be easily brushed off using analogy to construction permits or
driver licenses, or just put the person in some crazy-libertarian box ("the
kind that want to print firearms at home"). There might be ways of framing the
issue that fit better in a socio-democrat context (Europe, etc.). Ideas?

~~~
DanBC
Europe has strong consumer protection rights.

The angle to take is that media is sold misleadingly. When I buy a DVD /
Bluray I am paying for a physical disc and a licence to use the contents of
the disc. That licence is restrictive and restricts my rights more than law.
Thus, I am not allowed to extract a short extract to use in an educational
setting (fair dealings; fair use). Packaging and marketing of DVD / Bluray is
unclear about this and gives the impression that you are "buying a movie", not
buying some plastic and a licence.

~~~
Ar-Curunir
Exactly, this is the main problem I have with the people who claim in comment
sections across the internet that since I'm only paying for a license to play
the content, I can't complain about owning it.

Nowhere on the iTunes store does it say, "Click here to purchase license to
play video". Not on Amazon or Google Play either.

This is just a case of false advertising by content producers and
distributors. If they can cheat me, why shouldn't I be entitled to cheat back?

~~~
w0utert
You acknowledged that you were aware of these facts when you read the EULA
(you did read it, right?) at some point in the past when installing or
updating iTunes (or whatever other service). I know it's ridiculous but that's
how it works, make sure to show a 50+ page 'you basically have no rights'
notice that you have to 'agree', and you can strip whatever privileges you
like from your paying customers.

~~~
frabcus
Nobody reads EULAs. They are irrelevant in a historical context.

They'll clearly be replaced by consumer law at some point.

You don't have to sign a 20 page license to go into a shop and buy a banana,
do you? And yet there are all sorts of property and purchasing rights (for
buyer and seller) associated with that.

The correct way of talking about this now is to discuss what the consumer law
should say which will replace EULAs.

~~~
w0utert
Obviously I understand that nobody reads EULA's, and I completely agree that
its crazy they even exist. Judging from the fact that I got downvoted for
simply stating the obvious it appears people assume I'm ok with EULA's, but
I'm not. That doesn't mean they don't exist though, and even though I don't
know the intricacies of their legality, the fact that I'm not aware anyone
ever successfully challenged an EULA in court (which would mean they should be
history by now), I'm assuming that, sadly, content owners and distributors
_can_ strip your rights by presenting you with an EULA that no-one reads.

------
hippich
This is what I call bullshit job - zero value for humankind created, tons of
human hours wasted. (I would even say negative value since security holes will
be found if not already in this microcontroller firmware)

~~~
tacoman
I stumbled upon this PAVP thing in an old Thinkpad just last week. My first
thought after reading about it was basically this. Somewhere, some very
talented software developers probably spent years working on this obscure,
essentially useless thing.

------
dmm
The Librem 15 project is trying to talk intel into letting them disable the
management engine. It's the last non-free part of the system.

[https://www.crowdsupply.com/purism/librem-
laptop](https://www.crowdsupply.com/purism/librem-laptop)

------
jsdir
Years ago, I remember trying to screenshot video on a Microsoft XP box. When I
tried to paste the screenshot inside any image editing program, the video
region would remain blank. If I correctly positioned the image editor window
over the window with the video source, the video would show through this
region, but the video remained positionally fixed to the screen. I cannot
remember if this happened for all video sources though. Could this have been
caused by DRM?

~~~
geon
It was because of how HW accelerated video decoding worked. You would specify
the coordinates of a rectangle on the screen where to play the video. Then
you'd display a rectangle of a certain color (#010000, I believe), to be used
as a mask.

The window manager could show windows on top of the video, and the masking
would work even though the video decoding HW knew nothing about window
management and vice versa.

------
dghughes
It's bizarre foreign movie and music corporations (I'm Canadian) are dictating
actual physical changes to computing hardware.

It's as bizarre to me as if US car corporations dictated I could only use
premium fuel from Shell and monitored it in real-time.

------
gear54rus
I only hope is that as bullshit like this becomes more and more prominent,
people will become more and more educated in what is acceptable and what is
not (since it will bite them more and more). Eventually, public opinion would
shift into more and more negative outlook on corporations who practice such
things.

Offenders' influence would then decline and people will become smarter,
everyone wins.

~~~
userbinator
_and people will become smarter_

Unfortunately, my impression is the opposite - people are slowly being
dissuaded from discovering these restrictions by the promises of convenience,
and when they do run into them, they're faced with heavy rhetoric to the
effect of "it's for your security" so they (reluctantly) accept it. Incidents
like this appear isolated and are downplayed by the majority, who will
continue to use the very services that restrict them, purely out of
convenience.

Corporations are diverting people's actions of sharing information into their
own channels so they can exert more control over them - witness all the "share
on Twitter/Facebook/etc" buttons appearing everywhere (I personally block
them, but I know they exist); they sure are convenient to use, and as a side-
effect of their use, it reduces the amount of people who will "manually" and
directly share with others (and thus know more about the transfer of
information themselves.)

The same is happening with other types of media too, as evidenced by all the
efforts to hide the filesystem of devices from users, since one of the most
open ways to share data with someone is to give them a copy of a file. They
are even trying to discourage _linking to a resource_ , with browser vendors
thinking of hiding URLs or parts of them. Ultimately, they are pushing for a
world in which no one owns their (tightly locked-down) computing devices or
has any knowledge of how they work (except for a few "specialists"), and all
communication between individuals happens via some corporate intermediary.
This makes it easier to censor and manipulate the users (probably to squeeze
$$$ out of them), which is what the whole idea is about.

~~~
gear54rus
A comment so accurate it makes me sad :C

There isn't much one can do though as favoring convenience over not-so-obvious
benefits of (abstract, for them) freedom seems to stem from the very human
nature...

I used to think RMS' ideas were a bit far fetched, but with each such
revelation that comes to light in the form of post on some relatively unknown
blog those ideas seem more and more appropriate.

------
jandrese
The best part is that it is only a matter of time until the IME is cracked and
root kits come with bits that you will never be able to clean without getting
a whole new computer. Did you know the IME can send and recieve IP without the
host processor ever seeing it? It's the ultimate way to own a machine.

~~~
zaroth
I would assume the larger purpose of IME is actually exactly as a platform for
persistent undetectable system compromise. Purpose built for TAO? As
conspiracy theories go it's hard to explain the existence and full
capabilities of IME in this decade without some NSA involvement.

~~~
acdha
Please take the conspiracist nattering somewhere else. As explained in the
second paragraph of the article, the features of IME were requested by large
corporate IT departments and pushed mainstream by marketing pressure, with the
addition of DRM bits as requested by the large tech vendors who need them to
negotiate licenses with members of the copyright cartel.

You look at this and see a secure rootkit. A corporate IT worker looks at this
and thinks that they can image a workstation remotely no matter what's
currently installed. A security person looks at this and sees secure base
platform starting from TPM on down which can be setup to keep malware from
irrecoverably compromising the system (remember the recent Thunderstrike
discussion noting that TPM would protect against that firmware exploit?).

All of these have tradeoffs which can be debated but it's just silly to
pretend that the NSA is centrally directing the entire industry.

~~~
zaroth
Anyone who requested the feature of "able to send and receive packets which
are not seen by the OS" is either not really asking, or should be told no.

I mean, even if I have a pfSense or whatever box running in between, if I'm
reading this correctly, there could be packets traversing the network I can't
see?

And all of this has a "zero-touch" configuration capability. You know what
that means, right?

The two together, simply put, _it 's a factor to consider_ when buying this
hardware. People should be aware this feature exists, and what it's capable
of. More than anything, it feels like this is unreported and under-discussed.

~~~
acdha
You're misunderstanding is what's going on here: if you need something like
lights-out management, which is a requirement in any decent large IT shop, you
by definition have a separate processor running its own operating system.
That's the whole point: you can use this to power on the machine and initiate
something like a software install when it has no existing OS install or a
severely broken one.

Since that needs network access you either have the expense of needing
separate NICs and ports – common in the server space – or having some way for
it to share the NIC with the primary OS, which is popular because it costs
significantly less and doesn't require wiring two ports for every computer.
It's the latter capability which gives it the ability to send packets without
the knowledge of the main OS since the traffic isn't processed by it in any
way.

Again: this certainly could be abused but the capability originated for quite
benign reasons – every large organization with an even marginally competent IT
department wants the ability to do things like reinstall a system without
having to pay to send a tech on-site to hit a couple of keys.

~~~
zaroth
I understand perfectly well the IT requirements. However, capabilities which
originate for quite benign reasons but which allow complete, persistent, and
undetectable system compromise are typically called "bugs".

For example, I don't have any issue with remote power control. A secure form
of Wake-on-LAN is wonderful, as long as the public keys are fully enumerable
and totally under operator control, and the feature can be decisively disabled
if desired.

To your point about packet processing, to keep with the Wake-on-LAN example,
it's perfectly easy to share a physical port and keep the traffic fully
visible to the OS as well as a separate processor.

If a remote party has permission to completely own my system, I want to see
their name (public key) listed every time the machine boots, like the warning
you get any time you access a government system;

    
    
      You are accessing a [Company Name] information system, which includes (1) this
      computer, (2) this computer network, (3) all computers connected to this network, and
      (4) all devices and storage media attached to this network or to a computer on this
      network. This information system is provided for [Company]-authorized use only. 
    
      Unauthorized or improper use or access of this system may result in disciplinary 
      action, as well as civil and criminal penalties. 
    
      By using this information system, you understand and consent to the following:
      
      You have no reasonable expectation of privacy when you use this information system;
      this includes any communications or data transiting or stored on this information
      system. At any time, and for any lawful government purpose, the government may,
      without notice, monitor, intercept, search and seize any communication or data
      transiting or stored on this information system. 
    
      The government may disclose or use any communications or data transiting or stored on
      this information system for any lawful government purpose, including but not limited
      to law enforcement purposes. 
    

Such a warning, requiring an 'I Agree' click at each boot, would adequately
explain the risks to end-users of having such a component active on their
system. But apparently, the more common practice is to _hide the prompt_ at
startup (typically Ctrl-P) to enter the MEBx Configuration screens behind
another BIOS setting.

I'm not an expert at vPro or Intel AMT by any stretch, but upon cursory
investigation, it appears the trust model (a.k.a all you need to completely
own a system) is an easily obtainable certificate, and control over the DNS
and DHCP server. It looks like the only thing that protects a system beyond
this is a vendor-specific "remote configuration timeout" which would have to
be reset by a local agent after it has expired. [2, 3] However, some Intel
documentation claims that TLS-PKI "...allows a client system to be provisioned
with zero physical interaction. Remote configuration is ideal for systems that
have already been deployed into an environment..." which implies some way to
overcome the remote configuration timeout... (See 'Alternate Path #2' on
footnote #5)

[1] - [https://software.intel.com/en-us/blogs/2009/10/07/intel-
amt-...](https://software.intel.com/en-us/blogs/2009/10/07/intel-amt-and-
remote-provisioning-aka-zero-touch)

[2] -
[http://h10032.www1.hp.com/ctg/Manual/c03455054.pdf](http://h10032.www1.hp.com/ctg/Manual/c03455054.pdf)

[3] -
[https://communities.intel.com/docs/DOC-1989#SECFAQ8](https://communities.intel.com/docs/DOC-1989#SECFAQ8)

[4] -
[http://downloadmirror.intel.com/21729/eng/RemoteConfiguratio...](http://downloadmirror.intel.com/21729/eng/RemoteConfigurationCertificateSelection.pdf)

[5] - [https://software.intel.com/en-us/articles/intel-amt-use-
case...](https://software.intel.com/en-us/articles/intel-amt-use-
case-11-remote-configuration)

------
based2
[http://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf](http://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf)

[https://news.ycombinator.com/item?id=8813029](https://news.ycombinator.com/item?id=8813029)

------
rando289
What is Rosyna? Googled it and came up blank.

~~~
danshapiro
The second footnote in the article is a twitter post from a user, @rosyna, who
said that she couldn't take a screenshot of Netflix.

[https://twitter.com/rosyna/status/550702351703875584](https://twitter.com/rosyna/status/550702351703875584)

------
Drakim
What I don't really understand is how this could be used to stop piracy. Sure,
you could stop recording on a machine with Intel Management Engine, but
wouldn't pirates simply use a computer without Intel Management Engine to rip
media?

Unless the media becomes impossible to consume without Intel Management Engine
(sounds unlikely, how would you explain that to customers), how does it
prevent anything?

~~~
rewqfdsa
> the media becomes impossible to consume without Intel Management Engine

That's why Intel management keeps greenlighting this project. Intel thinks
that it if it can convince content producers to distribute media as blobs
encrypted with Intel's public key (and maybe, say, Samsung's or Apple's), then
we can transition to a world where consumer video files do work on most
consumer hardware, but can't be decrypted outside the protected media path and
ripped.

There's no reason this scheme can't work. OEMs and content producers just
haven't been able to cooperate well enough to piece it together yet. Once they
do, game over, except for the analog hole.

This scheme also has the side effect of creating a "moat" around existing
OEMs. Sure, a new player can begin fabricating new CPUs, but existing media
files won't be encrypted for these CPUs. It is literally a conspiracy against
the public.

~~~
rando289
Dan would later learn that there was a time when anyone could have debugging
tools. There were even free debugging tools available on CD or downloadable
over the net. But ordinary users started using them to bypass copyright
monitors, and eventually a judge ruled that this had become their principal
use in actual practice. This meant they were illegal; the debuggers'
developers were sent to prison.

[https://www.gnu.org/philosophy/right-to-
read.html](https://www.gnu.org/philosophy/right-to-read.html)

~~~
rewqfdsa
In our universe, the "debugging tools" that could defeat this scheme are ones
that can depackage an Intel chip and read its EEPROM directly. What do you
even use for that, a scanning electron microscope?

~~~
TeMPOraL
Part of me really wants to go into full libertarian cryptoanarchist mode to
enable a safe way of doing anonymous Kickstarters for someone to buy that SEM
and crack any new DRM that's being thrown at us.

But then I remind myself of this[0] and I realize we'd be probably fighting
our own future. Our world is going downhill because it's too uncoordinated,
not too coordinated.

We're in a really tough spot here.

[0] - [http://slatestarcodex.com/2014/07/30/meditations-on-
moloch/](http://slatestarcodex.com/2014/07/30/meditations-on-moloch/)

The relevant quote:

 _But coordination only works when you have 51% or more of the force on the
side of the people doing the coordinating, and when you haven’t come up with
some brilliant trick to make coordination impossible._

 _The second one first. In the links post before last, I wrote:_

> _The latest development in the brave new post-Bitcoin world is crypto-
> equity. At this point I’ve gone from wanting to praise these inventors as
> bold libertarian heroes to wanting to drag them in front of a blackboard and
> making them write a hundred times “I WILL NOT CALL UP THAT WHICH I CANNOT
> PUT DOWN”_

 _A couple people asked me what I meant, and I didn’t have the background then
to explain. Well, this post is the background. People are using the contingent
stupidity of our current government to replace lots of human interaction with
mechanisms that cannot be coordinated even in principle. I totally understand
why all these things are good right now when most of what our government does
is stupid and unnecessary. But there is going to come a time when – after one
too many bioweapon or nanotech or nuclear incidents – we, as a civilization,
are going to wish we hadn’t established untraceable and unstoppable ways of
selling products._

------
frik
What about graphic cards from Nvidia/AMD? What about the ARM CPUs from various
vendors like Apple, AppliedMicro, Atmel, Broadcom, Freescale Semiconductor,
Nvidia, NXP, Qualcomm, Samsung Electronics, ST Microelectronics and Texas
Instruments?

Do they have similar DRM features too?

------
eeZi
[http://www.slideshare.net/codeblue_jp/igor-skochinsky-
enpub](http://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub)

It even has an embedded Java runtime.

------
psk
I don't know much about HDMI, but couldn't I just run the video/movie in
fullscreen and then capture the output from the HDMI and save the raw output
to a disk?

~~~
userbinator
Yes, HDCP has been broken for a long time and even if it wasn't, you could
still capture the LVDS signal that drives the LCD panel itself.

But the problem is that those are _very_ high-speed signals(1920x1080 24bpp at
60FPS is around 350MB/s+) that require suitable hardware to capture, basically
uncompressed video, and recompression would introduce more artifacts than the
original. That's why pirates don't usually go this route; the result is only
slightly better than pointing a good camera at the screen.

~~~
w0utert
I always assumed most movies were ripped using exploits at various points in
the playback software stack? At some point the unencrypted bitstream needs to
be available to decode, if you hacked the player or GPU driver code to dump it
at that point, it would be possible to re-assemble it into an unencrypted
video file, right? You would use a computer without any of the DRM features
the article is about of course.

------
michaelbuddy
not much info at the top of the searches for Rosyna, what consumer processors
is it in / going to be in? is it easy enough to just not buy it?

------
nercury
DRM is a placebo against technology.

------
pbprabhuram
Just use a camera to take a shot

~~~
mercurial
You completely missed the point of the article. "Trusted computing" is back
with a vengeance. The fact that your computer runs complex firmware (your
coprocessor's firmware can run a webserver?) which bypasses anything above it
is the problem. It means you don't own your computer anymore: your overlords
grant you the right to use it under certain conditions.

~~~
pbprabhuram
Nope I did'nt that is one way to bypass the problem

~~~
geon
The _problem_ is that you don't own your computer. You can't bypass that with
a camera.

Who cares about movie piracy? Copy protection has always been broken and will
always be. It isn't a problem.

