Originally Posted by paidgeek
May I ask what you find "scary"?
In short? The fact that it's essentially a Java VM with no known restrictions.
BD+ only operates within the bounds of the player whether it is a hardware or software player.
Based on this:http://securityevaluators.com/eval/spdc_aacs_2005.pdf
There are a few scary things:
Discovery returns various information about the device, including details of attached components (e.g., devices connected to the digital output ports).
An additional trap (TRAP_DiscoveryRAM) provides content code with access to specific areas of player RAM external to the VM memory area.
In addition to Discovery, the Interface provides content code with a variety of routines that code may use to control the underlying device. This includes (but is not limited to) traps that initiate media reads; establish Internet connectivity; run native code; perform decryption with device or title keys; and generate device-signatures.
Just seems to open way to many Windows into the device. Call it a blunder or malicious, but the XCP fiasco has shown how little regard the content industry has toward the integrity of their customers devices, it's shown how far they will go to "protect" their content.
It is basically just a set ot tools that allow the content companies to run more intelligent and updateable tests and operations to make sure content is played on valid players.
And Java could be called a set of tools to allow people to make useful programs, but it can do all sorts of terrible things too.
BD-J allows software companies to run all sorts of programs as well, but the types used for BD+ are naturally designed for protection of content.
And it's specifically because they are designed for content protection, that they can (apparently) access the underlying device (what happens if I update my video drivers to a version after the disc is released?), to control the underlying device (I don't want the security system on a disc running my PC), to run arbitrary native code (with native code, all bets are really off).
It seems BD+ could easilly be used to do something XCP like (if not worse), so my question is, what is BD+ allowed to do? Are there restrictions on what it's allowed to do?
And since we've gone down the whole DRM/CP path, to insiders on any side, what do you think of Microsoft's The Darknet and the Future of Content Distribution
paper, the talk given to Microsoft's Research Group about DRM
, and the idea that DRM is inherently flawed because it gives the end user everything necessary (the key, the cypher, and cyphertext) to decode the content?