Entries by David Short

Richard Stallman of GNU fame is the latest luminary to cast doubt on the idea of cloud computing. His point is that it's unwise to hand over your data. I do agree with him and worry about the way that our privacy is being undermined. On the other hand, many of the cloud services do offer great utility and when users have to choose between utility and security.......

Broadstuff is here, in a rather wet Amsterdam, to attend the IBC show. This is the International Broadcasting Convention and is the show for TV technology in Europe. It fills the RAI exhibition centre here in Amsterdam as well as all the hotels and taxis in the city.

Just to prove how wet it is here, here's a photo of the (empty) "IBC Beech". In previous years, with better weather, many TV technology types could be seen "working" here during IBC!



Now that everyone in the TV industry has got over the excitement of IPTV and High Definition from two or three years ago, IBC more about lots of small, incremental improvements everywhere, but no "wow" factor so far. We have been told that the mobile section has some surprises, so will will check those out over the weekend and report back.

A few things caught our eye, while walking around the show.......

Demo of rain proof TV lights with indoor rain (which was bit ironic considering the weather outside!)



The dancing girls at the FOR-A virtual studio demo.....



And finally, we couldn't leave you without a 2D picture of a 3D TV! I can't actually see the 3D myself, although my colleague can, but he tells me that it gives him a headache if he watches for too long.

I've just noticed that a small milestone has been passed in our household. That is, that for most "public service" TV content, we now have three ways of watching it "on demand". We are in the UK and so public service content comes from the BBC, ITV, Channel 4 and 5.

We can now watch recorded programmes on the BSkyB Sky+ PVR (satellite), we can watch the Virgin Media "On Demand" VOD service (cable) or we can stream video from the broadcasters' websites over the Internet. The BBC, in particular, has quite advanced solutions for cable and the internet, branded as "iPlayer". The other broadcasters are not far behind, but iPlayer is more comprehensive and consistent to use.

The BBC is interesting to watch as it shows what is technically possible. (The BBC has a mission to provide content to licence fee payers and is funded by the licence fee, so they don't have to worry about getting revenue from a new service.) It's clearly getting very easy to package and move content around, but is it commercially sustainable? I have been following the saga of ITV in the UK, who are funded almost entirely by advertising and they are seeing a steady decline in that revenue as advertising spend moves to the Internet and PVR's undermine TV ad spots.

So how do the three platforms measure up?

On an Standard Definition TV, I usually can't tell the difference between the Sky+ PVR and Virgin Media on demand. I have seen a few MPEG artefacts on the Virgin Media on demand service, but that might have been because I was looking for them! Over the internet (as you would expect) the picture resolution is noticeably lower and the frame rate also appears to be lower (giving a jerky picture, especially on slow panning shots.)

How about navigation? The most obvious point is that a PVR has to be programmed before the show is broadcast, although series linking mitigates this. (Some people would say that PVR isn't really "on demand", although it does give a similar user experience.) I have to say that the time/channel grid is still a very intuitive way of finding a show that I want to watch, but that might be because I am old fashioned

The navigation of a VOD catalogue on a TV does have a fundamental navigation problem as catalogues are large and TV screens are small. The early versions of the Virgin Media (then NTL) VOD were very cumbersome and slow to navigate, but Virgin and their VOD/middleware supplier SeaChange, have made many improvements and it is now quite usable. In particular the BBC iPlayer application, which is overlaid on the SeaChange platform, is very easy to navigate and even has a free text search option. It is still not a quick and simple as a Sky+ PVR, but that's because it is giving access to a much bigger library of content.

Navigation on a PC is better that the two TV based alternatives, but it would be, wouldn't it? There's more screen space and the computer has more processing power to keep the GUI running quickly. Of, course, we get into the "lean forwards / lean back" debate i.e. computers are for working on and TV's are for relaxing. Again, I might have an old fashioned view on this. Once I have done the hard work of finding the content, I always find that my children are happy to relax and watch the content on a computer

We've been checking our DNS servers at Broadsight in view of the recent vulnerability to the DNS system found by Dan Kaminsky. In a nut shell, the vulnerability means that unpatched DNS caches can be "poisoned" into remembering the wrong IP address for a server. If a person, company or their ISP is affected, any or all Internet applications can be redirected to a malicious server. This means that email, web, IM or even software updates could be subverted. For more info, see Bruce Schneier's Blog

This issue set us off thinking about trust and identity on the net, which is something we keep coming back to. The interesting thing about the DNS problem is that the DNS system is not meant to be very secure. If you want to check who you are talking to on the Internet (or any untrusted network) there are perfectly good technologies to do just that e.g. X.509 certificates, SSL, SSH, etc. The problem is that people are not very good at using them. For example, there are plenty of phishing scams that obscure the real server identity, simply by showing a "fake" address in the visible part of the hyperlink. Many people have revealed their banking passwords in spite of the fact that the certificate must have been invalid or missing. Of course, it's not all the fault of the users. Many websites that handle sensitive data don't use SSL (LinkedIn is an honourable exception, by the way). I guess this is partly cost and partly ease of use. Security always takes some time and effort.

So, supposing that your DNS is working properly, all that it tells you is that you are connected to a server that is registered with the name it's registered with. You don't really know who runs it or whether they can be trusted. Obviously, many user stick to well known brands like Google and Amazon for this reason. They may trust recommendations via word of mouth (off net or on discussion boards.) There are also some sites that rate other sites, but who guards the guardians? We can see scope for a system of federated delegation of trust, so trust can be securely passed on via social networks. Of course, there are sites that do this internally (notably eBay) and that has been very successful, but is limited to the site in question. It's also quite one dimensional. Trust should be a richer concept than that. For example, I might trust my accountant to do my taxes and my doctor to diagnose an illness, but not the other way round.

As more of life is conducted on the net, it will more and more become important to present identity and trust in ways that users can understand and use appropriately for the task at hand, from reading wibble on a discussion board right the way up to eCommerce and banking. I think it will be the mid-range activities that will be hardest to get right. Already, the banks are locking down their security, so criminals will be looking for softer targets e.g. pump and dump. Think how effective that would be if someone had subverted the website at the Financial Times?

What's the story here? That the government lost a couple of disks in the post? NO!!!! Things do get lost in the post!

The story is that unencrypted data was put in the post! Unbelievable! How many times have similar disks been intercepted, copied and then sent on their way? How would we ever know?

The other alarming thing to come out is that, according to news reports, a "junior official" prepared and sent the disks. Why do junior officials have this level of access?

This must be a big nail in the coffin for the UK Government's plan for a national identify register, which would have much more detailed information about everyone in the land. Does anyone believe that the government can keep such a valuable prize safe?

Today EMI announced that they will be selling non DRM music. In fact, their entire catalogue will be availble in an "unencumbered" format for a price. There's a BBC story about this here

This is a highly symbolic move and we won't rehearse the pro/anti-DRM arguments again. The interesting thing for me is that it is not actually much of a big deal for EMI. They already sell unencumbered content in the form of CD's. The price of 99p (UK prices) per track works about about the same as a chart CD [yes, CD's are a rip-off in the UK - maybe that's why they get ripped so often - sorry, couldn't resist the cheap pun ]

So, I don't think that this makes much short term difference to EMI. I guess that the price of a CD has an informal mark-up to pay for the extra copies that users make for the PC, MP3 player, car, friends, etc. All that EMI have done is move that model online, and therefore reduce their distribution costs.

What EMI might have done in the long term is the kill the (content aggregators') dream of locking up content so that users have to pay for every single copy, but I think that that was probably always a dream. If EMI can establish themselves as a trustworthy, friendly aggregator of music then their business model might last for a long time even if some fans get their music free. Actually, even if 90% of fans get music free!

What about movies? If the "non DRM" model becomes the standard, will Hollywood be able to keep its own content locked up? They do have an advandtage as DVDs do have enough protection to stop some users ripping them. On the other hand, I think they are swimming against the tide here. The big problem for Hollywood is maintaining the system of "release windows" in the face of non DRM copies circulating. I have never really understood why release windows have to be staggered around the globe and maybe they won't be in an non DRM future......

It's been a busy week at Broadsight, but I have had this story in the back of my mind as I think there are some interesting lessons and now the weekend is here I have some time to write about it.

For those of you outside the UK, the story is that various TV producers are being less the scrupulous about how they encourage viewers to phone to them. Depending on the show, viewers can call to vote, win a prize or make the (female) presenter take some clothes off. In the UK, many phone numbers have a "premium" added to the basic connection tariff and some of this can go to the TV company. The premiums can range from a few pence to a few pounds per call.

The basic "scandal" was that some of the prize winners were fake, but now that the issue has been opened up to scrutiny it seems that many companies are not following all the guidelines or at least, the aren't sure if they are. There are also wider issues. For example, is it fair to charge people a significant amount of money to vote and do they know the odds when they enter a "prize draw" by phone? See this story for more background.

These are a few points that interested me -

• Consumers are insensitive to money spent on phone calls (at least at the time of the call). Maybe they will get savvy now, but TV producers and many others find that a phone call is a great way to "sneak" money out of customers' pockets!


• TV production and distribution is now very cheap. I don't mean user generated content here, I mean programmes that look like they are professionally produced. There are channels (mainly dating and soft porn) that appear to be sustained mainly by phone calls. I don't know the numbers, but given that they operate late a night and in the small hours I don't think we are talking about large numbers of calls - they can only be generating a few pounds a minute.


• TV producers are desperate for new business models now that conventional advertising looks so shaky. There seems to have been a headlong rush into generating phone revenue - in fact, such a rush that no one had a chance to checkout the guidelines or best practice


• Premium rate phone calls are like a back door pay per view system, albeit voluntary. We often discussed the future funding of content production on this blog and we generally don't think that it will play out quite like the big studios would like, so it's interesting to look at this as an example of a new business model. If there was some more transparency, so people understood what they were getting for their money if might be quite a fair way of buying entertainment. Of course, only about a third of the money gets to the producer, but that's probably comparable to the costs of setting up a content protection or DRM system

This is an interesting article by Tom Robinson about how record companies control the content they have bought from the artists. (For anyone who doesn't know, Tom Robinson is a UK based singer/songwriter, who had several hits in the 70's and 80's.)

We all know that record companies are the BAD GUYS and treat their musicians appallingly But the thing that interested my here was that Tom pointed out that most artists actually make their money from "secondary" activities, such as touring and merchandising. (I Assume this doesn't apply so much to the "superstars", but then they are a minority.)

Now that the cat is out of the bag and people are starting to realise that the isn't any "magic" technology that can keep content safe once it's in the field, various luminaries (Steve Jobs, Bruce Schnier, etc) are starting to muse about alternative business models that don't rely on perfect DRM. The model that Tom describes works very well for the artists in a "post DRM world". Not so good for the aggregators! (Record companies, in this case)

Of course, there is still a need for marketing, distribution, navigation, etc and lots of people are trying to lock up that market and take a slice because it's so temptingly scalable! DRM is the obvious first line of attack as it simply recreates the old model using electronic rather than physical distribution. It's also easier to justify a "closed" system if you can cite security.

Other people are trying to own the search space and bandwidth. However, I think that the good news is that these are basically commodities, so price competition should help both the consumers and producers.

I think we are in for an interesting few years.......

There's an interesting story about the crack on the HD DVD DRM at Bobbie Johnson's Blog. DRM is hard, because as Bruce Schneier (and probably many others) have said digital content "wants" to be copied. In the latest twist to the content protection tale, a hacker has discovered that he can find the keys by looking in the memory of his DVD player. There's a surprise The significant thing about this hack is that Hollywood really did seem to believe that that they had good a "secure" DRM system. I can't find the reference, but I remember Andy Setos of News Corp saying that this was their last chance to get DRM right.

There is so much snake oil in the world of DRM, that I prefer to go back to cryptographic basics. If you want legitimate owners to view content, you have to send decryption keys. If you send keys, then the bad guys will get them unless you can hide them in software or some physical device. Pay TV smart cards try to do the latter and are fairly successful as you need industrial size equipment to hack them. This attack seems to be a standard bit of reverse engineering and the only surprise is that anyone is surprised!

I don’t really buy the “update” idea that the AACS people put forwards, as there must be a root key somewhere!

Here's an interesting article from CNet - Why the Zune will help kill DRM

It seems that Zune doesn't interoperate with other MS DRM systems. It's amazing that MS can't even be compatible with itself when incompatibility is one of the consumers' genuine grips with DRM. I personally avoid "encumbered" media, because I want to play my media on a range of devices without too much hassle. My preferred choice for music, for example, is an old fashioned CD (which usually comes out of it's case once to get ripped and then goes back on the shelf!) There are some interesting attempts to make DRMed media portable (e.g. Coral and Marlin) but I think that the big vendors will scupper these initiatives. They can't help "embracing and extending" standards for their own competitive advantage and in the hope that they can become the de facto standard.

I think there are three big things to understand about DRM -

• It's hard to make it portable and hassle-free for the consumer. It's almost impossible to make it respect traditional "fair use".


• It's impossible to stop people hacking DRM without the use of hardware support e.g. smartcards or "trustworthy computing". That's why the DCMA and EUCD have such ridiculously harsh punishments for attempting to circumvent copy protection mechanisms.


• Digital distribution will fundamentally disrupt the nature of the content supply chain, whereas today's DRM systems are really designed to preserve the "old" economics ie. hit based, expensive content distributed via middlemen who all take a large cut.

So, how will this all end? I think that consumers will resist DRM systems unless they are hassle-free, respect fair use and the content is priced to reflect the lower costs of online distribution. I don't think that the traditional content industries will hit any of those targets, but their are plenty of people waiting in the wings with new business models that don't reply on high cost "premium content". For example, advertising funding, low cost unprotected content, user generated and prosumer generated content.