Tumbled Logic

Feb 24

Protecting your content, a handy guide

1. If you want to prevent people from accessing your content who aren’t supposed to, what can you employ?

  • Geo-blocking (only granting access to people whose IPs are associated with a given country or list of countries).
  • Authentication (users must log in, for example using a username and password).

2. What happens if your content is served from a different place to the front end, and the front end is protected but the content itself is not?

  • Employ some kind of shared session or single-sign on (perhaps, for example, passing a signed time-limited key whose signature is checked by the content server)
  • If using Flash Media Server (or compatible), enable SWF Verification (achieves goal imperfectly, essentially as a side-effect; it only actually verifies that the user has, or has had in the past, access the requesting SWF; penalises legitimate users using non-standard access mechanisms).

3. Once your content has been served to a user, who is a knowledgeable pirate willing to distribute it such that others can easily download it, how do you prevent them from doing so?

  • Serve your content only to devices which are under your complete and effective control (noting that PCs, mobile phones and games consoles rarely—if ever—satisfy this condition).

4. Once your content has been served to a user, who is not a knowledgeable pirate willing to distribute it such that others can easily download it, how do you prevent them from doing so if they for some reason attempt to despite the probability that somebody else (see (3)) will already have done for a given piece of content?

(a) and they are not likely to obtain it from aforementioned knowledgeable pirate who also has access to your content (see (3))

  • Employ some kind of digital rights management (noting that it is at this point moot, because they weren’t going to do anything with your content anyway; noting also that it runs the not insignificant risk of inconveniencing them at some point or another causing harm to your reputation and potentially to your turnover; noting further that it artificially restricts the platforms and devices upon which your content can be enjoyed by a legitimate consumer; finally also noting that it almost always significantly restricts the choice of technologies that your developers can employ in order to achieve realisation of your goals).

(b) and they are likely to obtain it from aforementioned knowledgeable pirate who also has access to your content (see (3))

  • As per (4)(a), noting however that any inconvenience they might suffer as a result significantly increases the risk of them obtaining your content from an illicit source.

5. Once your content has been served to a user, who is not a knowledgeable pirate willing to distribute it such that others can easily download it, how do you ensure that it can only be viewed on a narrow range of supported devices?

  • See (4)

6. Once your content has been served to a user, who is not a knowledgeable pirate willing to distribute it such that others can easily download it, how do you ensure that they cannot write a copy to transferrable media (such as a DVD-ROM, BD-ROM, USB stick, etc.) and pass a copy to a friend, irrespective of whether that friend has legitimate access to the content themselves?

  • See (2) and (4)(b), noting that the friend willing to be the recipient of an illicit transfer in this way can instead simply obtain the content from a knowledgeable pirate (see (3)).

7. Once your content has been served to a user, who is not a knowledgeable pirate willing to distribute it such that others can easily download it, how do you ensure that they cannot write a copy to transferrable media (such as a DVD-ROM, BD-ROM, USB stick, etc.) and retain that copy for a prolonged period?

  • See (2) and (4)(b).

8. Once your content has been served to a user, who is not a knowledgeable pirate willing to distribute it such that others can easily download it, how do you ensure that they cannot write a copy to transferrable media (such as a DVD-ROM, BD-ROM, USB stick, etc.) and transfer that copy to an unsupported device for playback (portable media player, phone, laptop computer, etc.)?

  • See (2) and (4)(b).

9. What else?

  • The more enhanced and flexible the legitimate distribution channel, the less demand is placed upon illicit channels.
  • Lack of, for example, Digital Rights Management does not negate the copyright status of a piece of content.

Posted at 8:31pm

Discoveries

I’ve created a collaborative Spotify playlist called “Discoveries”.

There are only a couple of tracks in it, but I’m inviting anybody and everybody to listen, and to add tracks they’ve recently discovered and enjoyed.

Join in :)

Posted at 6:11pm

Feb 22

Adobe SWF Verification

So Adobe has this thing, called “SWF Verification”, which is touted as some kind of content security scheme for streaming media.

Now, it’s fair to say that SWF Verification is marginally more useful than, say, checking a referrer, because it does rely on you having access to the SWF itself (at least for a short period) in order to perform the operations that the genuine Flash Player does.

Assuming you do (because it’s publicly accessible, and SWF Verification has been deployed as a mechanism to prevent downloading of streaming media in ways which Adobe Flash Player doesn’t permit), then it really is just a slightly more long-winded form of a referrer check.

SWF Verification is based upon a hash derived from the SWF file your server is expecting to be requesting the streaming media, and a fixed string. Well, currently it’s fixed, but in future it could vary: either way, if your client has access (as Adobe’s Flash Player does) to the actual SWF, then all this does is confirm that you know how to use sha256-hmac and speak the protocol.

Listen up, because this is a crucial part of how the Internet works: there is nothing you can implement on a server which can tell the difference between program “A” on a client and program “B” on a client, if both A and B have access to all of the same resources, talk the same protocols, and the latter goes to the trouble of emulating the former at a protocol level. None. A and B will be utterly and completely indistinguishable so long as one person is willing to put in the small amount of effort required to make it so.

Feel free to do us all a favour and stop trying. It will make the lives of both you and your customers a little easier.

Posted at 10:11pm

Feb 20

Ones and zeroes and pixels

I’ve had lots of recent conversations (online and off) on this subject. Gruber puts it rather succinctly:

This sort of nonsense gets to the bottom of what’s wrong with these entertainment executives’ outlook on the world. They want to define everything by arbitrary device types — this is a “TV”, that is a “computer”, this other thing is a “mobile device” — and then sell/distribute the same content to different device types separately and with no spillage. But it’s all bullshit in the digital world. It’s all just ones and zeroes and pixels. To these TV executives it makes sense to block Boxee from supporting Hulu because Boxee is for “TVs” and Hulu is only intended for “computers”. Now they’re stuck trying to figure out which arbitrary slot the iPad fits into.
Posted at 8:55am

Feb 16

A conversation I have every month or so

dwineman:

Me: (tries to visit a local restaurant’s website via iPhone)
Restaurant website: I require Flash. Fuck off.
Me: I just want to know how late you’re open.
Website: Nope.
Me: But I’m on my phone. Don’t you have a little “HTML Version” link up in the corner or something?
Website: I’m ignoring you.
Me: What if I’m on my phone because I’m out, looking for a place to eat? Didn’t that ever occur to you?
Website: Fuck entirely off.
Me: (gives up, switches to computer)
Website: Oh! Hi! What can I help you with today?
Me: What are your —
Website: Hang on, I’m loading the music.
Me: Really.
Website: You’ll love it. It’s “Girl from Ipanema” arranged for steel drum and keytar.
Me: No, you don’t have to —
Website: Loading…
Me: All I want is —
Website: I SAID DOT DOT DOT.
Me: (drums fingers on desk)
Website: There we go. Isn’t that nice? It’s… what’s the word. Ethnicky.
Me: What are your hours?
Website: Take a look at our menu! It’s a PDF of a screenshot of a scan of a Word document printed on a dishtowel. With fonts!
Me: I don’t care. What are your hours?
Website: Don’t worry, the menu loads in a new window so the music won’t stop. Can I show you some broken images?
Me: What. Are. Your. Hou. Rs.
Website: I… I don’t know.
Me: (goes to Denny’s)

Posted at 12:17pm

Feb 11

A short list of Chrome issues (beta 2)

blech:

An update on the issues listed in December:

[snip]

On the other hand, I am pleased to see that a request for the zoom button to instead maximise has been rejected as “Invalid”.

rejected as “Invalid”? I wholeheartedly approve.

Posted at 9:59pm

nsurl: MagicPrefs I am investigating this immediately after I press the “ReBlog post” button below.

nsurl:

MagicPrefs

I am investigating this immediately after I press the “ReBlog post” button below.
Posted at 7:29pm

Feb 9

These are the reasons why nevali.net does not have a comments box

(there are several, but people have asked)

  1. Once upon a time, I had a comments box. In two years, I received two, perhaps three, legitimate comments. The number of spam comments (all detected as such and suppressed from view, mind), measured in the thousands. Because of this, I switched comments off—it just wasn’t worth anybody’s while.

  2. I moved this blog to Tumblr a while ago. Tumblr doesn’t support comments natively; this I considered fine, because I’d already disabled comments on the old WordPress blog. I lost nothing in particular by way of this transition.

  3. Third-party commenting systems are all terrible at what they do, in no small part because they’re drastically limited in how they can do it.

  4. When I (occasionally) use somebody else’s comments box to reply to a post (if it’s there, I’ll use it—it’s only polite), I tend to find it an exercise in frustration. None of the niceties I have for posting are available when commenting on somebody else’s site. I’ve lost count of the number of comments which have inexplicably vanished into nothingness upon pressing the mysterious “Submit” button (which I am starting to believe in this context refers to what I’m doing myself, rather than what I’m doing to the HTML form).

  5. On those sites I see which do have comments, and where they are actually used regularly, the signal:noise ratio is awful.

  6. The Web has a built-in reply mechanism. It’s called the link. If I reply to something in a post, I’ll link to it. You do the same. Simples.

  7. If you leave a comment on my blog (were I to, hypothetically, enable comments), I could delete it at will. The reverse also applies. I’ve seen those who are in favour of everything having the ability to retain attached comments mention that often the comments are more valuable than the posts themselves: if this is the case, do those comments not deserve to be posts in themselves?

  8. The number of people reading this blog who would actually have something to say and don’t have some form of blog, journal, or other self-publishing system can be falls somewhere in the low zeroes. Whose blog system would you rather use to say something—the one you chose, or the one I did?

  9. If I reply to you via my blog, the people who regularly read my blog (but not necessarily yours) will see it too. They may get curious, and have a look at what you’d posted originally. You might link to my comment, perhaps with a witty riposte of your own, and the same applies in reverse. Et cetera.

  10. If you think you need comments on your blog because otherwise people wouldn’t know how popular you are, you’re doing it wrong.

Posted at 11:00pm

Feb 5

Oh sweet lord, it’s WORSE

Regarding my last post, it turns out I was wrong. It was actually Mac OS X translating the extended attributes, not the NFS server.

Mac OS X turned the xattrs into resource forks, and promptly AppleDoubled them.

Gee, thanks, Apple.

Posted at 10:27pm

Does it work like this yet?

I want a couple of things:

  • A (disk) filesystem which works on multiple platforms which supports extended attributes (the easy part)
  • Mac OS X never ever resorting to AppleDouble if the filesystem supports extended attributes (actually, I’d like it if Apple just ditched resource forks altogether in favour of extended attributes, but there’re probably a whole bunch of compatibility reasons why not, irrespective of capabilities).
  • A network filesystem supported by both Mac OS X and other platforms which supports extended attributes (provided the on-disk filesystem underneath does)

Can I do this with NFS, or will I get AppleDouble cruft all over the place?

The answer, apparently, is “no”.

Exporting a ZFS filesystem from an OpenSolaris host to Mac OS X (10.6.2, since you ask) via NFS works swimmingly.

I can set and read xattrs from within Mac OS X.

I haven’t quite figured out how read them in Solaris: I’m not sure if either Mac OS X or the NFS server are doing some kind of translation. I’m guessing the latter is.

Meanwhile, setting a custom icon on a folder still litters the folder with AppleDouble cruft.

I can live without being able to read xattrs from within OpenSolaris, but is there some voodoo global setting that I can apply in order to use xattrs in preference to AppleDouble? Pretty please?

Posted at 10:24pm