Definitely. I've also said a number of times over the years that I'd pay a significant premium for a permanent, archival digital copy (no DRM attached -- can be played with 100% open software / hardware, format shifted, etc. as required) over traditional media. I'd expect such a copy to be watermarked and to be frank I really don't care about that, since the goal is to preserve the single copy for myself and potentially for posterity, not to go distribute it illegally. I suspect many other legitimate users would also be interested in something like this -- e.g. historians, archival libraries, etc.

I've also considered the tax issue. It's a decent way around the problem, to be honest, though I think I'd rather do something like "if you make a copy, register it with the government and pay a tax on the copy, and you won't be liable for any DMCA or copyright violations on that single copy". That neatly solves the disappearing culture problem with streaming only services, and makes sure the authors get paid. The tax could be set at e.g. 3x the average cost for a comparable retail copy, so if you can (for example) go get a $30 BluRay in the store and live with the DRM restrictions on it many people would do that vs. paying $90 for a registered copy. It's also hard to argue that effectively paying for three copies of the work is harming the rights holder in any way.

My biggest issue has always been trying to reach the right people that drove this kind of requirement in the first place, to discuss and show that they've basically gone down a wrong route. As you hinted at, they're effectively letting the big time pirates get away with blatant copying via e.g. the illegal streaming services, while focusing entirely on theoretical piracy from home users at the expense of traditional consumer rights (view/read/listen wherever and however desired, provided it's a legal copy and used for for private viewing/listening). Consumer DRM won't fix the actual problem, I'm fairly comfortable stating that it's proven not to at this point, and I might go so far as to argue the existence of popular, paid illegal streaming services is the (black) market filling a gap that exists largely as a result of how DRM and related restrictions are used against consumers to devalue legitimate media purchases.

What I do find somewhat interesting in this whole mess is that we do a lot of non-x88 secure systems business as a direct result of backlash against DRM reaching out and effectively infecting unrelated technologies such as general purpose computers (which are arguably far more important to the world as tools than the latest Hollywood blockbuster is to the masses). In the end, trying to permanently stop piracy with draconian requirements on all equipment that could possibly play a video seems to instead be seeding a new crop of unrestricted technology, and a full rejection of DRMed media from the people that buy it. It will be very interesting to see how this plays out over the coming years.

My impression is that Hollywood has found a new solution to limit duplication and is in the process of rolling it out as we speak.

Rather than making popular movies and protecting them by technical means, they are simply making movies that nobody wants to watch

Couldn't agree more at this point. Went to see one movie recently that was notably not produced by the companies most known for forcing DRM and streaming exclusives, and while the film itself was good (a rarity these days) I also noticed that nearly every trailer was for a remake of some old success. not for anything original. The weird part is how our society is giving up individual control of key technologies just for continued access to this stuff.

Sometimes I wonder if the push for DRM and streaming only is only so that the studios can go back and redo past success without competition from their own earlier, better works. To me, that behavior is just as much a violation of copyright as piracy, but I admit that may not be a view shared by many others.

As an aside, we are still seeing increasing demand for a DRM-free open firmware GPU...for compute and graphics, not for DRMed video playback...

Sounds like we'll be back at BIOS-hacking.

Cheers

Unfortunately no, you're not. This thing always has to run, the "BIOS" (UEFI firmware) won't even start if you don't load the PSP firmware, and the PSP firmware boot process is crypto locked much like the bootloader on e.g. an iPhone.

If you want to get rid of it, you have to move away from x86. This is one of the primary reasons we sell POWER9 based systems, not Intel or AMD based machines (Intel has a very similar item called the Management Engine, or ME, and just like the PSP it can't be removed or disabled despite what people may claim elsewhere).

You might wanna check out https://ivanceras.github.io/svgbob-editor/

That's correct, but the hardware security on at least 1st generation Zen is pretty much broken. You can run unsigned code on the PSP. There was a talk on 36c3 about it.

That said, the PSP firmware is quite minimal anyway and according to the researchers it seems unlikely to have any malicious content. From that perspective it looks much more acceptable than Intel's ME.

Just because you can run unsigned code on the PSP doesn't mean it can be rendered safe. It's much more like the fact that you can jailbreak an iPhone than anything else, but you still have to use the initial AMD-signed firmware, which means you've still got a third party fundamentally in control of the machine. Need to change something in that initial firmware? Too bad, not allowed.

I don't consider the PSP "acceptably small". It's something akin to half a meg of proprietary binary in an extremely sensitive position in the system, has been found to be vulnerable to bad actors hacking into it, and it's something purposefully walled off so that only AMD can (ostensibly) change the binary that they've mandated must run at all costs. Yet, last I checked, I don't get an SLA that financially guarantees the PSP will not access or tamper with data on the machine under any circumstances, or that I will receive financial compensation, including loss of business (in corporate use) or additional expenses incurred (in personal use) to the full amount that any system is offline or has to be replaced due to any flaw whatsoever in that signed code. So, no deal, especially when I'm quite literally typing this from a computer that doesn't have either an ME or a PSP (though it does have an owner-controlled "ultravisor" functionality that could be put to work to improve the machine security for myself or for Raptor, not just for Hollywood's interests). Not gonna step backward into the proprietary world at this point, and the continued forcing of ME/PSP shows which direction that world is headed fast IMO.

And yes, we've patched systems in response to various CVEs when we have the source code. Reducing attack surface can do wonders, but the PSP design simply doesn't allow that to happen -- you have to take the whole thing including all risk, period, or simply not use the CPUs.

What we should be asking at this point is which vendor will be first to offer an open-firmware GPU, something that can be trusted for scientific computations, AI, visualization, etc. vs. trusted only so far as it won't let you copy Hollywood movies. Two very different targets, and they need two different product lines IMO.

I guess the only reason AMD finally bothered to fix their VAAPI driver is because of Chromebooks - people tested it, found that AMD's VAAPI implementation was broken, and AMD had no choice but to fix it.

This is the thread for complaining about PSP... there's another thread for complaining about the video drivers