Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday September 19 2018, @02:20PM   Printer-friendly
from the is-anyone-using-it? dept.

Molly de Blanc writes at that it has been one year since the World Wide Web Consortium (W3C) sold out. It was then they, including Tim Berners-Lee himself, decided to incorporate Encrypted Media Extensions (EME) into web standards signalling an end to the open Web. She covers how it happened, what has transpired during the last year in regards to EME, and what steps can be taken.

Digital Restrictions Management exists all over the world in all sorts of technologies. In addition to media files, like music and film, we can find DRM on the Web and enshrined in Web standards. As a Web standard, its use is recommended by the World Wide Web Consortium (W3C), making it not only easier, but expected for all media files on the Web to be locked down with DRM.

It's been a year since the the W3C voted to bring Encrypted Media Extensions (EME) into Web standards. They claimed to want to "lead the Web to its full potential," but in a secret vote, members of the W3C, with the blessing of Web creator Tim Berners-Lee, agreed to put "the copyright industry in control" of media access. The enshrinement of EME as an official recommendation is not how we envision the "full potential" of the Web at the Free Software Foundation (FSF).


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by unauthorized on Wednesday September 19 2018, @06:50PM (5 children)

    by unauthorized (3776) on Wednesday September 19 2018, @06:50PM (#737171)

    No idea about OSX or BSD, but running a browser as a different user under Linux is a massive PITA. You cannot run another X program in the same X session without sharing your session key (which is a security hole since X trusts all local applications by default), running it into it's own screen and switching (which is all kinds of inconvenient) or creating a dummy X session for the browser and streaming it somehow.

    On the plus side, what Linux does have is apparmor and selinux, which can lock down a browser quite well without account-based isolation, but unfortunately they need to be manually configured for most user-friendly distros.

    Not that Windows is any better mind you, at least X has the decency to secure access to itself since it doesn't secure running applications from each other, the win32 API has no internal security whatsoever and doesn't even warn you about the security risks if you try to spawn a GUI application as a different user. No idea if the new toolkit is any better, but knowing modern Microsoft, most security development time has probably gone in securing the toolkit against the user.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Informative) by maxwell demon on Wednesday September 19 2018, @07:18PM (2 children)

    by maxwell demon (1608) on Wednesday September 19 2018, @07:18PM (#737176) Journal

    You cannot run another X program in the same X session without sharing your session key

    You know that you can also use ssh with another account on your local machine? And that SSH knows how to forward X sessions?

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 2) by unauthorized on Wednesday September 19 2018, @08:47PM

      by unauthorized (3776) on Wednesday September 19 2018, @08:47PM (#737215)

      Yes, I did allude to remoting into an X session. Did you even read my comment?

      This still suffers from all kinds of integration issues such as not getting audio without some pulse voodoo and not having access to downloads by default and a plethora of other discrepancies compared to running it in the same user session. My argument is that it's a PITA and a very atypical user experience, not that it cannot be done.

    • (Score: 0) by Anonymous Coward on Wednesday September 19 2018, @11:09PM

      by Anonymous Coward on Wednesday September 19 2018, @11:09PM (#737289)

      You should also investigate firejail [wordpress.com] (namespace sandbox, Linux only) and Xpra [xpra.org] (X11 version of screen/tmux and sandboxing). That way programs should be unable (or have it hard, exploits will always be there) to access unrelated files or poke at other X11 clients.

  • (Score: 2) by bzipitidoo on Wednesday September 19 2018, @08:38PM (1 child)

    by bzipitidoo (4388) on Wednesday September 19 2018, @08:38PM (#737207) Journal

    It's not that big a pain. This works for me:

    user$ sudo xhost+
    user$ su otheruser
    otheruser$ firefox

    It's not 100% secure-- it is possible that instance of firefox can do a screen scrape. But I figure that in combination with making sure nothing sensitive is on any display is good enough to defeat 99.99% of attempts to breach it.

    • (Score: 4, Informative) by unauthorized on Wednesday September 19 2018, @09:02PM

      by unauthorized (3776) on Wednesday September 19 2018, @09:02PM (#737221)

      Never use xhost+, that gives front door access to everything X controls for everyone on your entire network. At least use "xhost +localhost", which still gives access to all input and display devices to every local process, but at least it keeps everything that can reach your local network from doing so.

      Either way, ssh tunneling or sharing the X cookie is far safer.