1. 18
  1. 5

    Hoping this can be abused (and is) to break enclaves as used by e.g. widevine, for e.g. compatibility, accessibility and archivist purposes.

    1. 3

      I see one big problem: possibility that streaming services will just stop working on all your existing hardware.

      1. 3

        How’s that a problem?

        • Intel hardware would be used to dump streams, not watch them.
        • Streams need to be dumped only once. Then they are forever unprotected and can thus be safely preserved by archivists, intact.
        • I don’t stream DRM’d content in the first place, and I’m not about to start doing so.
        • Any annoyances (such as described by you) to those who do help build antagonism to DRM.

        It’s a win-win, as I see it.

        1. 3

          You can’t dump them anymore if you’re not able to use netflix & co at all on such intel devices. All you get is that nobody with such a system can use them anymore. And I bet the first OS to be dropped entirely is linux, it’s already not full-hd supported, due to being not as “secure” as windows. So in summary you’re happy if everybody else has to suffer.

          1. 3

            What you say doesn’t quite make sense to me. Netflix and such services have an incentive to keep supporting Intel platforms—a large portion of their users use solely Intel-based platforms, and it would not make sense to lose them all as customers. x86-based Intel processors will still be used in both new and old hardware for a long while (despite ARM becoming more and more popular).

            As for dropping non-Android Linux users, I could see that as being more likely solely in terms of user base, but I still don’t think it’s a likely outcome. Breaking enclaves used by Widevine is not, as far as I’m aware, related to Linux in particular. I assume that the same technology is used by Widevine on all supported platforms (Windows, macOS, and Linux-based), and one could potentially develop an attack on any of them. Googling suggests that Netflix restricts video resolution when it’s not using hardware-based DRM on those platforms, which makes me believe there’s more motivation to do this on non-Linux platforms anyway.

            1. 4

              The issue is that Linux is designed to be an operating system which is modifiable by the user at all layers. Linux users are supposed to be able to run software in ways which violates the abstractions, for unusual situations such as sandboxing, debugging the platform, or developing novel new tooling. That is explicitly a non-goal for Windows and MacOS. To whatever extent operating systems can mitigate attacks on Widevine, Microsoft and Apple are likely to happily deploy those mitigations.

              It is of course up to the relevant video consortium whether they ever actually drop Linux support, and I don’t claim to know what they’re thinking or what they’ll do in the future. I do think it’s clear though that dropping Linux support would be consistent with their larger goals, if Linux’s market share drops far enough.

              Android involves a lot of custom kernel work for each device, much of which never gets upstreamed, so it’s absolutely possible that Android could keep Widevine support while non-Android Linux loses it.

              1. 6

                The issue is that Linux is designed to be an operating system which is modifiable by the user at all layers.

                I fail to see how that is an issue.

                DRM is.

                1. 2

                  I mean, I think DRM is a scourge and shouldn’t exist. I’m just explaining that it’s entirely conceivable that, in an escalation of that conflict, Hollywood could decide that support for Linux is less important than continuing to have DRM.

                  1. 2

                    I mean, I think DRM is a scourge and shouldn’t exist.

                    I absolutely agree.

                    Hollywood could decide that support for Linux is less important than continuing to have DRM.

                    That’d be a good thing. Because the more restrictive DRM is, the less likely people will put up with it.

                    Personally, if I am interested in something, I’ll probably buy it. But should it have DRM, I won’t. I’ll either lose my interest or find an easier way.

                    The more the annoying DRM is, the more the people there’ll be who’ll think along these lines.

                    1. 2

                      That’s certainly a fair position.

                  2. 2

                    Because I’d like to keep using netflix on my laptop without using windows in the future (it’s already degraded), thank you very much. I don’t care about demonizing DRM for the sake of having literally nothing available on linux, that’s useless.

                    Otherwise I’ll happily switch every system in my family back to windows after years, so they can keep using the things that are relevant for them. I already have a smartphone which can’t even use the app due to missing SELinux.

                  3. 2

                    I think you summarized my thoughts better than I could. Especially that android could easily still play widevine content (for example via play-services which require locked bootloaders etc), while open/normal linux systems loose their access entirely.

                2. 1

                  Oh and for example disney streaming already does not work on linux. And I personally could totally play the “I don’t care about them” card, until r/leopardsatemyface comes back when other services have to do the same, to keep their streaming contracts.

                  1. 2

                    Considering the relationship between copyright and Disney, I won’t be caught dead willingly giving up any of my money to them.

            2. 1

              The entitlement of the anti-drm movement is astounding. No one is guaranteed access to someone else’s work for free, and anyone should be able to protect their time and monetary investment.

              Everyone frames this as the People vs the Big Bad, but the reality is that quality content is expensive and requires significant investment for smaller companies/brands which is where I see DRM most often used, because all it takes is 1 bad actor to steal thousands of dollars and hundreds of hours of time.

              When those brands/individuals don’t want to allow to harvest their users information, they need a pay-wall and they need a way to secure their investment.

              We cannot delude ourselves into thinking we can have it both ways if we are to move beyond an ad revenue driven monetization model for the internet.

              DRM isn’t perfect, but it’s the best we have so far.

            3. 4

              This isn’t the first time µcode has been extracted from a CPU; see here (and the followup).

              1. 1

                wide-ranging consequences

                This only works on the Goldmont-based low-end CPUs, so don’t count on there being any wide-ranging consequences at all.