Announcement

Collapse
No announcement yet.

Mir Relicensed To GPLv2 Or GPLv3

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by starshipeleven View Post
    They keep them safe by keeping them disconnected from unsafe networks AND guarded, not by using flamboyant DRM or whatever.
    Ha! You'd think. But you'd be wrong. https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-02 <- And that's a problem because hospitals often have these machines in the same internet-facing network as all the other machines in the hospital: https://arstechnica.com/information-...cal-condition/

    Comment


    • #22
      Wow, unapproved post. Hasn't happened to me in a while...

      Comment


      • #23
        Originally posted by starshipeleven View Post
        I think you don't understand the point of "tivoized".

        Also proprietary software has published and documented vulnerabilities, and most hospital, industrial and military stuff is weakest, as it is usually decades-old and can't be replaced easily anyway.

        They keep them safe by keeping them disconnected from unsafe networks AND guarded, not by using flamboyant DRM or whatever.

        Because really, if the bad guys can solder the serial port on the device's motherboard they have full hardware access, and that means they can do whatever they want anyway.
        Tivoized is the manufacturer locking the platform so they can amortize the development and manufacturing costs over the cost of the software and services that the owner is locked into purchasing/subscribing in order for them to get value from the device. It's a strong-arm tactic to enforce users to comply with contractual obligations. Some manufacturers have been stupid enough to not make it crystal clear that a fixed term use of their software/services is a mandatory part of the purchase agreement, then the users get pissed off that they own the device and can't do what they want with it, enter the FSF looking for an angry mob to manipulate... don't get me wrong there's some genuine examples of evil tivoization out there, but there's also some glowing examples of healthy capitalism using it to put high electronics in the hands of consumers, and making the vast majority of those consumers extremely happy in the process too.

        Comment


        • #24
          Originally posted by Gusar View Post
          Ha! You'd think. But you'd be wrong.
          That's just a case of morons being morons, in many cases also physical security of important places is total crap for the same reasons (managers don't care).

          Comment


          • #25
            Originally posted by linuxgeex View Post
            Tivoized is the manufacturer locking the platform so they can amortize the development and manufacturing costs over the cost of the software and services that the owner is locked into purchasing/subscribing in order for them to get value from the device.
            Yes, that's the theory, but there are caveats. Tivoization in most cases is "locking down a device just because you can". I have a long experience about embedded stuff and consumer electronics.

            In 99.9% of the cases the actual cost of the device is irrelevant because it is a crappy embedded device bought in large numbers, the overwhelming majority of its users can't repurpose it even if it was not locked down in the first place, and the device itself would not lend itself to much use even if "freed" because as said above it is a crappy embedded device.

            In some specific cases like with consoles Tivoization kinda made sense back then, but it was a corner case. They were getting piled up to be used as computing nodes, back in ps3 days, although I still personally think it was mostly a drop in the bucket and the maneuver was made out of pride or whatever, not actual real money loss (I mean they sold fucking millions of consoles per year to actual gamers that bought games, who the fuck cares about a few tens of thousands that went into computing nodes, seriously).

            For example nowadays consoles would NOT need to be Tivoized at all as their hardware is relatively crappy x86 stuff and you can get (far) more bang for your buck if you buy x86 stuff directly.

            It's a strong-arm tactic to enforce users to comply with contractual obligations. Some manufacturers have been stupid enough to not make it crystal clear that a fixed term use of their software/services is a mandatory part of the purchase agreement, then the users get pissed off that they own the device and can't do what they want with it, enter the FSF looking for an angry mob to manipulate...
            Lolwtf don't get carried away, what I said above still applies. Most people can't repurpose even non-tivoized devices, where are those angry mobs you talk about?

            People caring about Tivoization are the Geek Minorities that can actually repurpose the devices, not general consumers.

            The main issue in Tivoized devices is that you usually pay for (yes you do pay for the hardware too) but at the end of the day you don't really own the device itself, so if the service is discontinued or if you close the contract, the device becomes a paperweight.

            While in many cases this happens because of physical reasons (specific networking or radio or whatever equipment that can only be used with specific frequencies or whatever), in case of many devices it just happens because of software limitations.

            Like for example Pogoplugs. They were the "physical interface" to a cloud storage provider, acting as local usb ports (or sata ports) to transfer stuff to and from your cloud and act as local NAS (acting as a cache of sort to see/use the stuff in your cloud without having to pipe it up/down your internet connection all the time).

            Then the service was discontinued, and these devices are now useless because their control server has been shut down, even if they are still perfectly fine.

            They were not Tivoized though, so nowadays there is still people buying the used ones or the remaining stock (for cheap) and installing Debian or Arch on them.

            don't get me wrong there's some genuine examples of evil tivoization out there, but there's also some glowing examples of healthy capitalism using it to put high electronics in the hands of consumers, and making the vast majority of those consumers extremely happy in the process too.
            The lack of examples in this sentence don't sway me in your favor one bit.

            Consider that most closed source devices aren't Tivoized, they are just undocumented and closed source (and the hardware inside is a turd anyway so none in his right mind would waste their time reverse-engineering it). Tivoization is making any attempt to modify the firmware futile by cryptographically signing stuff, for no real reasons in most cases, as explained above.

            The only thing that matters is ensuring the firmware is NOT tampered with if you want to broadcast DRMed stuff on it, but that does not remotely need you to lock down the whole damn device for good. Android devices for example can reproduce DRMed content only if their bootloader is locked (i.e. can load only signed firmware) AND the fimrmware itself is signed (i.e. not tampered with). If that check fails then you can't see DRMed stuff.
            And in many cases it's not terribly difficult to unlock bootloader, and at least a few OEMs even give you the codes to unlock your bootloader (this action nullifies the warranty, of course).

            Comment


            • #26
              unapproved post for linuxgeex

              Comment


              • #27
                Originally posted by starshipeleven View Post
                The only thing that matters is ensuring the firmware is NOT tampered with if you want to broadcast DRMed stuff on it, but that does not remotely need you to lock down the whole damn device for good. Android devices for example can reproduce DRMed content only if their bootloader is locked (i.e. can load only signed firmware) AND the fimrmware itself is signed (i.e. not tampered with). If that check fails then you can't see DRMed stuff.
                And in many cases it's not terribly difficult to unlock bootloader, and at least a few OEMs even give you the codes to unlock your bootloader (this action nullifies the warranty, of course).
                I agree that there should be consumer protection legislation and processes in place so that consumers can get value from things they've purchased. Ie there should be legislation forcing sellers to provide a way for consumers to get full control / access of their devices. Not the manufacturers. It would be impossible to force all the manufacturers to comply. Few are in jurisdiction, it would take way too long to make China adopt such legislation let alone get them to enforce it on purchases made off their soil. So we have to enforce it at the retail level. If NewEgg is bound by law (with penalties exceeding the cost of the devices themselves) to make it possible for consumers to purchase the right to free access to the devices they purchase from NewEgg, then NewEgg isn't going to carry those devices until the Brands put that process in place. Motorola has done nicely on this front in that they have been letting people pay to unlock the bootloader of their phones for years, even while they are still under contract and locked to a specific network. Recently where I live there's been changes to regulations forcing the carriers to unlock all phones for free on request, starting Dec 2017, its a nice start.

                Comment


                • #28
                  Originally posted by linuxgeex
                  don't get me wrong there's some genuine examples of evil tivoization out there, but there's also some glowing examples of healthy capitalism using it to put high electronics in the hands of consumers, and making the vast majority of those consumers extremely happy in the process too.
                  Originally posted by starshipeleven View Post
                  The lack of examples in this sentence don't sway me in your favor one bit.
                  Well the glaringly obvious example is mobile phones. By locking them down, carriers have been able to provide them at a greatly reduced starting cost to consumers. Another glaringly obvious example is the high-feature cable box, inspired by Tivo itself. Let's not forget the entire telecom infrastructure while we're at it, which is what started this whole business model.

                  Comment


                  • #29
                    Originally posted by starshipeleven View Post
                    unapproved post for linuxgeex
                    Michael this is a disease on this forum. Please fix it.

                    Comment

                    Working...
                    X