Are certificates usually/often issued to expire at the end of a given calendar year? On the one hand, that would explain this happening on Dec 31.
But it's slightly weird because it's not yet the new year in UTC. This was posted several hours before that happening, and we've still got over 2 hours to go... (And the cinema is in New York, with almost 8 hours to go in local time, so it's not a local timezone issue either.)
(fyi)Japan Standard Time(JST) is UTC+9, single zone and no DST. Not sure of absolute time but Tweet is showing "Jan 1, 2024 at 2:19" timestamp on my JST phone.
Sony is a Japanese company but it's also a multinational company consisting of hundreds of companies they aquired over the years all over the globe. It's therefore a relatively small chance is has something to do with Japan specifically.
This is the most likely, yup. The certs are unlikely to have a precise end-of-year expiration. It will be whatever the expiration is for the last certs loaded.
10 years in cinema IoT, here. Features are encrypted by Key Delivery Messages (KDM), and those are per cinema server/projector "marriage". No KDM will be considered valid if the server certs are expired.
The Dolby/Doremi servers certificate ended the Dec 31 too. Our maintenance subcontractor updated them few weeks ago. SO I guess it is common for the industry. Then it is an industry which often play 365d/year so, it's just another sunday/monday. (Add to this our weeks doesn't start Sunday/Monday, but Wednesday for France by example, and Friday for the US, day of the release of new movies)
The studios set the requirements. A certificate that never expires would never fly with their need to control DRM as tightly as possible.
If Sony was still in the business, they would offer a certificate renewal for a small fee like the other manufacturers have done.
The root problem is that Sony exited the market and left a lot of cinema owners out to dry with the looming cost of $50,000+ per auditorium for replacement projectors.
> The root problem is that Sony exited the market and left a lot of cinema owners out to dry with the looming cost of $50,000+ per auditorium for replacement projectors.
That's the point I was trying to make; if someone accidentally pushed a broken update, that sucks, but its not the first or the last time it will happen, and at least there's a clear path to it getting fixed and someone being paid to do it. The cert being expired and the only company who would have been in charge of fixing that not really caring anymore sounds to me worse from pretty much any possible point of view, and selling a product that will stop working if you decide to stop servicing it seems pretty terrible.
And yet, many of the products we buy are exactly that. Gaming consoles dependant on online stores, smart TVs with software that could become useless at any moment, hundreds of little iot devices that are dependent on the manufacturers cloud being online... The list goes on.
This kind of thing is all over the consumer world. In a way it's cathartic to see it hitting businesses too.
Any idea if these projectors could be made to work with other sources that don't require DRM? As much as this sucks for movie theaters, it could also be the deal of the century for a home theater build if you know the right people...
I don't think you'd want to pay the power bill for one, nor would you want to have a large enough screen to not have it burn your retinas. That said I believe some of them do allow that (no clue what models or availability) since you can rent out theaters to play games on your own computer or console, https://www.cinemark.com/private-events/gaming/
If you’re in Central Texas, one of my high school friends and her husband run The Beltonian in Belton (shocking), a beautiful single-screen theatre built in 1922, renovated to have about 140 modern seats with tables, featuring various classic movies, reasonably-priced pub grub, Central Texas wines and beers, and available for similar rental arrangements (gaming or movies).
If you’re not in Central Texas, you likely have a similar, beautifully-restored old theatre available for similar rental arrangements.
Sure, maybe you wouldn't want it for a personal movie screen, since it's massive overkill for home use, but... you could definitely get use out of it for projection mapping your home and have the most amazing holiday displays on the block.
Okay, then I set the date on my computer to year the 2124. Now the DRM is unlocked!
You can't build a "time lock" with just encryption primitives. Even if you could build a time lock with just encryption primitives, we don't know when the copyright will expire until the original author has died, since copyright term is life + 70 years.
Someone would have to run a server that specifically chooses to start serving the keys on that date, which is an absurd notion given how absurdly long copyright lasts these days.
If the federal government were interested in passing a law that required this, I'm sure the Library of Congress could run such a server, but no such law exists.
> set the date on my computer to year the 2124. Now the DRM is unlocked!
It's the same. "Fail closed" means you can "just" set the system time to be before the expiration date, "fail open" means you can just set the system time to be after.
Either way, having an expiring decryption key is just security theater that harms users.
Maybe not through crypto but otherwise perfectly achievable. No reason to achieve this within a file. If you really want to, some fancy solution involving blockchains and smart contracts is probably possible but there is no need.
Require by law all who desire copyright protection to register the work with a governmental agency and place a copy of the work in escrow at an archive as a condition. The archive knows when the copyright expires and starts serving the work to the public from that point forward. This is what to do if a state cares about public domain.
The status quo of corporations abandoning works to bit rot, actual rot, misplacement or fires for decades is strictly worse.
>> If the federal government were interested in passing a law that required this, I'm sure the Library of Congress could run such a server, but no such law exists.
> Require by law all who desire copyright protection to register the work with a governmental agency and place a copy of the work in escrow at an archive as a condition.
You’re just repeating what I already wrote. By all means, call your representatives.
No need to spoof the GPS signal, pop open the lid and replace the GPS chip with one that outputs an attacker-controlled time signal. I suppose it could encrypt this signal with some certificate burned into the silicon, but that could still (slowly and painfully) be reverse-engineered.
GP’s point stands, you can’t enforce a time lock with cryptography primitives. That’s the fundamental issue with DRM - you’re trying to restrict someone from getting your ciphertext, while at the same time allowing them to get to it if they meet certain (non-cryptographic) conditions, which standard cryptography just can’t do.
Not for the studios. There’s nothing more they would love than to get a continuous and non-ending stream of money for content they themselves have forgotten about owning.
There hasn't been cryptographic algorithms nor a DRM that proved good for > 50 years, let alone 70 years + safety margin. Even 3650 days expiry is considered too long.
How frequently does Sony change its identity. They should have a 999 year cert expiration and then check a revocation list in the off chance they Sony gets its private keys rooted.
I don't disagree! I don't feel like the exact technical justification really makes a difference here; there were working projectors, and now there aren't, and it's hard to see how that's not directly due to Sony designing things in a way that required them to continue operating that part of the business in order for that not to happen.
I agree but you do need to bear in mind that this isn’t a uniquely Sony design. Sadly, this is the mindset of the movie industry as a whole.
That needs to change before any trickle down effect to projector hardware can happen. But there’s no incentive for studios to change the way they given their IP because they benefit from the status quo
They left because their liquid crystal panels suffered from chronic burn-in and the cost of replacing them was no longer economically feasible. It was tolerable when “virtual print fees” were subsidizing the transition from 35mm film to digital but now that era is over and movie theaters owners are smart enough to buy DLP projectors which don’t suffer from the burn in problem.
I mean his comment history is on par with who he says he is - I think it's a great name. Just because I work mostly in the digital domain doesn't mean I dont long for the analog.
Super curious if there's any kind of contractual recourse where theaters can recoup the lost income from Sony.
It's one thing if a projector breaks mechanically or due to a pre-existing bug; it's another thing when an update breaks it.
In an age where updates are increasingly the norm, I wonder if there's legislation needed to hold manufacturers accountable for updates that break otherwise perfectly-functioning hardware?
> In an age where updates are increasingly the norm, I wonder if there's legislation needed to hold manufacturers accountable for updates that break otherwise perfectly-functioning hardware?
Maybe there should be a law that says:
1. Upgrades may be performed but never behind the user's back.
2. In particular, the user determines exactly when an upgrade is performed.
3. The user may roll back any update at any time.
4. Any services which the software depends on should be compatible with all versions of the updated software.
EDIT: 5. Security backports should be made available. However, the user should always be in control over whether they are installed. Sometimes working code is more important than 100% secure code. Also this rule will prevent companies from quickly forcing an update and sweeping security breaches under the rug.
1 and 2 - this seems incompatible with how 90% of the population uses software, namely they set it and forget it. Having to manually approve and schedule every single update for everything a user touches would be a) a security nightmare, as most things would never get updated ever and b) a UX nightmare, with a million different things asking for updates.
3 - Maintaining a data path forward is tricky enough. Demanding that users be able to downgrade at anytime would be a very tall ask if user data has to survive the downgrade.
4 - This seems outlandishly expensive to do. This effectively reads “nobody can ever deprecate an api on anything”. This also seems to be broadly incompatible with fixing certain security vulnerabilities - would everybody have to maintain TLS 1.1 or plaintext api endpoints for old clients? Would a social media network have to maintain api endpoints that leaked more data than users were comfortable with?
It's all an incentive for "don't just churn software, plan well ahead".
This also seems to be broadly incompatible with fixing certain security vulnerabilities - would everybody have to maintain TLS 1.1 or plaintext api endpoints for old clients?
Or they would forced to produce an update that doesn't do anything other than e.g. upgrade the TLS version --- and has absolutely nothing else.
It raises the barrier enough to stop the lowest-common-denominator forced-obsolescence crap from becoming popular. If an individual can make software that lasts, big companies have no excuse.
> 1 and 2 - this seems incompatible with how 90% of the population uses software, namely they set it and forget it. Having to manually approve and schedule every single update for everything a user touches would be a) a security nightmare, as most things would never get updated ever and b) a UX nightmare, with a million different things asking for updates.
I don't see how an automatic update setting is incompatible with 2. If a user says "go ahead and install updates as needed" that is the user expressing their desire to receive updates.
I also think the phrasing in 1 is a little needlessly aggressive though I believe it comes from a place of frustration. The difference in my mind between saying "this thing updated behind my back" and "this thing updated automatically for me" is whether the user has registered the update as being beneficial or not, and depending on the device, that's a WIDE spectrum. I know my smart outlets update their firmware all the time, and an extremely small handful of times I do notice, because sometimes they end up not reconnecting to the wifi quite right and need to be reconnected. However if they updated and, for example, broke HomeKit support and no longer worked, I'd be angry the next time I tried to use them.
> 3 - Maintaining a data path forward is tricky enough. Demanding that users be able to downgrade at anytime would be a very tall ask if user data has to survive the downgrade.
I mean, this is just an engineering problem pure and simple. Most of the time, in my experience, graceful downgrade just isn't prioritized because, well, who can even do it for starters? Installing old software oftentimes means you need to do some really intense stuff, like wiping whatever device entirely, so the retention of data is moot.
If this was mandated I see no problem with getting it done in my industry. It's simply a matter of making it a priority IMO.
> 4 - This seems outlandishly expensive to do. This effectively reads “nobody can ever deprecate an api on anything”.
With certain products I can definitely see it being an advantage, and the first place my mind goes to is again, smart home products and appliances, automotive hardware, that sort of thing. Large, expensive items that incorporate software that the user interacts with can be an absolute nightmare when the OEM randomly decides that the way something's worked for years and years for you is now just not an option, or worse still, locks it behind a paywall. And what are your options here? Buy a new car or dishwasher? Or eat shit and pay them $20 a year that they have not earned and are providing no value for?
This is why the newest car I have is a 2018 Corvette, because I know all it's software and have access to it, and there's no system that's going to lock my heated seats behind a Chevrolet Premiere+ subscription where I have to give chevy money to permit my car to engage a damn relay for me.
My take on this is back when software was distributed on media like CDs, new versions were better. Updates were discrete, marketed and expensive. They had to be good!
Continuous updates continue to permeate, including into things that are still surprisingly connected to the internet in the first place.
I think that in time, forced updates will cause enough trouble that people will become more conscious of and dislike them. For some, one bad update is all it will take.
So, I think it's worth waiting to see if anti-update competitors appear before regulating this.
I have a PS3 and Sony removed the ability to load Linux on the device. Basically a class action lawsuit was filed because of the removal . The class action was ruled that they were liable.
For number 3 if we allowed for people to roll back any update that can include Teslas where they are doing OTA safety updates so that wouldn’t work out.
I would say that if a manufacturer releases something with software attached then they should also have to release the source code with a time lock so that people would be empowered to dig through the waste bins of electronic history and be able to find/make/learn/do more with it.
Some of those suggestions are things that sound good at first glance but are simply not great ideas.
For example, support for downgrades means you a security vulnerability can be reintroduced by a malicious user which may not be desirable. Writing software that’s backwards and forwards compatible across all releases can be extremely expensive to impossible (eg a feature in your application that requires a new OS or you need to use a now removed API when running on older releases).
There are difficult technical issues involved and trying to legislate specifics may not be the best idea vs other approaches that improve real freedom (eg you have to release sufficient details to your customers that they can write their own software for your hardware).
> Some of those suggestions are things that sound good at first glance but are simply not great ideas.
Actually, yes they are. I'm not a big fan of legislation, but the upgrade crazyness has to stop at some point!
> For example, support for downgrades means you a security vulnerability can be reintroduced by a malicious user which may not be desirable
What if "I, the user" deem it "desirable"?
I'm holding to bios with known vulnerabilities so I can work around "security features" that are "for my own protection" like 1) preventing me from underclocking (to keep the security features of the now-dead SGX) 2) using any M2 WWAN or NVMe that I want
It's gone to a point where it's not desirable for me to upgrade, and to prefer the risks that come with an exploit as at least I know my freedom to use my hardware the way I want will not suddenly become limited.
Another example: getting root on android with mediatek was considered a "bug" and work a mandatory "upgrade" that prevent users from being able to get root that way.
Do you believe that the operator of a deliberately insecure system should be liable if it ends up suborned by a botnet and used to attack someone else's system?
Do you also think it's fine to shit in other people's wells or for companies to dump their toxic waste in the middle of other companies parking lots as long as you/they haven't signed a contract explicitly agreeing not to?
> Do you also think it's fine to shit in other people's wells or for companies to dump their toxic waste in the middle of other companies parking lots as long as you/they haven't signed a contract explicitly agreeing not to?
You are using loaded words to 1) imply I would support some questionable actions where you assume intent and 2) refer to negative externalities, but I'll suppose you are not trolling interact in good faith with you.
Both the actions you define are ignoring property rights: your well, your parking lot = I can't do that, unless you allow me (with a contract!)
My well, my parking lot = I can do that, and you don't get to say what I do with my property, unless we have signed a contract which creates liability.
Many people seem to have a strong desire to be able to force ME to update MY browser/operating system/bios/whatever else to be up to THEIR standards, because it has consequences on THEIR liability.
I care a bit about them, but I care way more about MY freedom: I do what I what with MY computers.
Note that intent matters: I have no desire to cause bad things to other people. I'd be very sad if my computer was used as "part of a botnet" like someone else said. I might even try to avoid that - but only as far as it puts my freedom first, and there's not even a requirement that I try (because I might have better things to do lol)
Should bad things like botnets happen, 1) it wasn't my intent, as preserving my freedom was my intent 2) the negative externality is sad, but it's not my liability: you should secure your property, or said differently "your problems aren't my problem"
This whole interaction feels very strange to me. By any chance, are you European? Europeans seem to have very different concepts of freedom and liability than we do.
>but it's not my liability: you should secure your property, or said differently "your problems aren't my problem"
But we're talking about you deliberately not securing or even actively reducing the security of your property in a manner that could reasonably be predicted to lead to harm to other's property, and that harm occuring, through no fault of the harmed party. You're not supposed to store loaded guns unsecured on your front porch (not around here anyways).
>By any chance, are you European? Europeans seem to have very different concepts of freedom and liability than we do.
No, I'm from the US.
>You are using loaded words to 1) imply I would support some questionable actions where you assume intent and 2) refer to negative externalities, but I'll suppose you are not trolling interact in good faith with you.
I'm asking whether you would, not suggesting that you do. But yes, the acts in question were significantly more questionable than those in my previous comment, since your answer to that was more extreme than I expected. So how about the middle ground: Do you believe that the EPA should impose restrictions on companies' or citizens' right to dump whatever toxic waste they want into rivers? If you think the physical commons should be protected from predictable harm by negligence or reckless disregard, why not the digital?
> But we're talking about you deliberately not securing or even actively reducing the security of your property
We have different preferences about what's the right security/freedom ratio.
> You're not supposed to store loaded guns unsecured on your front porch (not around here anyways).
I don't think the government or anyone has any say about where or how I may keep my guns.
People believe they might have a say, so there are laws on the books, but they're frequently taken down by the courts.
> So how about the middle ground: Do you believe that the EPA should impose restrictions on companies' or citizens' right to dump whatever toxic waste they want into rivers?
I believe it shouldn't, but that's just my opinion.
You may not believe it, but in terms of efficiency and keeping the environment, it doesn't matter (see below)
> If you think the physical commons should be protected from predictable harm by negligence or reckless disregard, why not the digital?
I don't believe in in the physical word, and I don't believe it in the digital world either.
Regardless of my beliefs, there's a nobel prize winner who's shown that it doesn't matter how the rights are initially assigned, as long as parties can negotiate with no transaction costs.
Check the Coase theorem.
The EPA imposing restrictions create transaction costs, so I think we're better off without them
I think a world without any form of meaningful protection or regulation sounds very dystopian and not like one I would choose to live in under our current capitalist society.
Even the author of the “theorem” you cite indicated that he didn’t believe it to be practical.
Regular bios updates rub me the wrong way. Wife's lappy recently decided to update it of its own volition too. I was livid, but thankfully nothing broke. I hate that OS can do it, but I hate more the fact that bios is clearly less reliable..
This is my experience with Roku TVs. They used to be ok, but they can't resist updating them and I have 3 that run noticeably slower than they did originally. It's probably a combination of the OS and apps.
Even worse, something got updated that broke CEC integration with my sound bar on one of them, so now I can't use the built in volume control and need to use 2 remotes instead. I know it's a real first world problem, but it infuriates me that they can slowly ruin a TV that I own and I have no recourse.
I'm so sick of the tech industry I hope the whole thing collapses. We need major legislation updates to make tech companies liable for all awful they're doing to the world.
They choose a processor that’s barely sufficient to run the software it releases with, and proceed release a constant stream of updates with nothing of value to the user. Meanwhile every update has the device running 5% slower, making it noticeably sluggish after a couple years.
It almost feels intentional, but I’m sure no bean counter is going to permit spending a few dollars extra per unit for something they probably see as reason for people to upgrade.
>hold manufacturers accountable for updates that break otherwise perfectly-functioning hardware
Wouldn't the license agreement that you agreed to when you installed the software specify any responsibilities of the vendor and define what recourse you might have? Why would government action be needed?
Because I have no negotiating power. Every license agreement says there's no recourse, so I can't pick one that does have it.
There's a major free-market failure because there's no negotiation over the agreement. There's no representative for consumers pushing back. So that representative needs to be the government.
This is the entire reason for consumer protection laws.
There is a negotiation over the agreement. If you don’t agree with an agreement, then buy a different product. Thats how all agreements work. It’s just not very fun to negotiate when there’s a large power imbalance.
Same logic as why you need worker/renter rights, just find another employer/apartment. Sorry that the toaster shocked your wife, but you could have just gotten a different one with better safety standards.
It is great that the government protects consumers. Otherwise, everyone would need to spend hours researching everything before making a rare purchase.
You're conflating human rights and safety issues with broken projector software which seems disingenuous.
> Otherwise, everyone would need to spend hours researching everything before making a rare purchase
On this issue specifically, these projectors seem to be in the tens (possibly hundreds) of thousands of dollars so some research and due diligence doesn't seem that far fetched.
> It’s just not very fun to negotiate when there’s a large power imbalance.
Indeed, which is why people may choose to band together in a bigger bargaining block to improve their position and possibly even achieve greater power than the other party. For example, they could choose to form a single block that represents the citizens of an entire country.
Because the government has put constraints on what kind of agreements are valid (especially in the domain of sales to consumers).
It happens all the time across many domains (look up the Uniform Commercial Code, for more general examples, or laws around vehicle sales).
I have less inclination to be involved in business to business transactions, but there’s absolutely a societal debate to be had around what laws and regulations we have on transactions of software.
Society runs smoother, with more transactions, and this economic wealth, when consumers can assume a reasonable baseline of behavior that is being regulated by the government. If every purchase and every transaction requires deep due diligence there will be far fewer transactions.
The government is not some foreign third actor, we live in a democratic society and as such, the way in which we do things is subjected to the desires of the public.
If enough people consider the government should intervene, then the government should intervene.
In my experience in this industry they often have multiple (2-3) projectors in the projection booth for exactly this kind of issue, a bulb goes out, etc. They also play the previews and ads before the movie on a different, cheaper projector.
Having 2 Sony projectors wouldn't help here though...
Meh, shit happens and maybe software rollback should be codified. Let the compensation be between the two parties involved (Sony and the customer) - similar to SLAs in the cloud.
There is an enormous power imbalance between Sony and the customer which will lead to abuse.
They will filibuster and or beaurocrat-ize away any will to pursue lawsuits, or they will offer token trivial compensation (which doesn’t nearly reflect the actual lost income)
Your “meh” apathy is what leads to the abuse of power by the larger parties
I’m sure Sony is sensitive to the PR hit from movie theaters telling their customers that the reason they can’t watch a movie is precisely due to a Sony software update. Next time the consumer is buying a Sony product they’ll think twice about its software reliability.
I just don't see the need for a law which turns a civil issue into a criminal one. There are already existing frameworks for this - contracts. If someone isn't comfortable with the terms, then they don't use Sony products.
If your argument is that Sony is too big and has a monopoly on projectors - then antitrust laws exist.
As a society, we've already concluded that contracts are insufficient to cover a huge class of situations (minimum wages, banning non-competes, etc.). Why would you think they're sufficient to handle this one?
We already have simple systems that handle "you broke my stuff" fairly well - why would we want to lean on something as slow and complex as antitrust laws to resolve this? The Epic vs Google lawsuit started in 2020. 3 years is a long time to wait to collect damages for broken projectors.
> Why would you think they're sufficient to handle this one?
It's a business transaction where contracts are the norm. Sony may not be very flexible on terms, but no one is forced to buy their projectors and agree to the terms.
> why would we want to lean on something as slow and complex as antitrust laws
We would if consumers had no other choice but to buy Sony projectors only - that doesn't seem to be the case, though.
> but no one is forced to buy their projectors and agree to the terms
I don’t know how much choice movie theaters have. As I understand it, these projectors read directly from a hard drive, and are heavily regulated to avoid piracy. According to the Wikipedia article [1] there are only 4 approved manufacturers, and until very recently Sony had the only 4k model.
I think you are confused about how laws work. A law can cover sales and transactions without any criminal penalties. It can layout the ground for civil actions, to be taken by either government entities or the effected parties themselves.
Just because a law is created doesn't mean a new crime with criminal penalties is created.
You're right, there doesn't have to be criminal penalties. Codifying compensation requirements for buggy software seems like it would need to be very broad and effectively a useless law, though.
Ohh this has already started. Happened to me the other day: machine for rectal air insufflation under x-ray guidance to allow reduction of an intussusception (a condition where the bowel folds in on itself). It primarily affects young children and if the procedure fails they require an open operation. Failure to treat the intussusception eventually results in bowel perforation, peritonitis and potentially death.
Went to start the procedure, machine reports it’s ready to work, all set up, assistant presses start, cryptic error messages. No way to fix. Turns out our license has improperly expired for reasons unknown. No way to override.
It’s past 5 pm Friday of the New Year’s weekend. No one on call for the company has any idea how to fix. Took three hours repeatedly phoning the company to finally get put through to an engineer who gave us magic series of button presses and codes to get the machine working.
We used to have a purely mechanical machine, maintained in house by an on site engineer. Now we have to deal with this. There is only one company making these machines, so no competition. Progress.
It was (and probably still is) quite common to hire a cracker to remove the DRM from industrial equipment software to prevent any downtime it causes; of course that's not a life-support application, and the motive was that downtime for such machinery is often very costly.
Of course with the recent Polish train debacle (https://news.ycombinator.com/item?id=38788360) stories of DRM schemes where incomplete defeat causes subtly worse behaviour (rather common in games), and the ability to engineer a system with plausible deniability in mind, like some of Apple's hardware-locking attempts, one does wonder whether medical devices may have such logic bombs too.
The user experience of machines in the healthcare field is abysmal. You'd think that someone would have thought about your use case, but they either didn't, or they did and said "Well, that'll never happen because <reasons>".
The reality is someone in management said "we need the machine to lock out under X condition for Y reason" and an engineer said "that's a bad idea because Z also someone could die" and management said "do it anyway" and the engineer chose to implement it versus undergo significant financial hardship of quitting their job and finding another one
They recently released an update for my 2021 vintage OLED TV, and after applying it it now doesn’t work properly at all. It’s still usable, but only barely.
Is there something where a projector needs to be connected to the internet? This seems as silly as bluetooth speakers like Sonos needing an internet connection.
Perhaps someone can share what is needed here and why it's connected.
No, the projector is never connected to the internet. It's connected to a cinema server. In the case of Sony, it's always a Sony server. This is not usually connected to the internet either. Instead, the usual topology is to have a Theater Management System (TMS) that pre-ingests content in the form of Digital Cinema Packages (DCPs) and then propagates it to each auditorium's server.
This TMS is also not connected to the internet in most cases. Digital cinema is locked down tight as an ATM. Most theaters have pretty meager on-site IT, so email and thumb-drives and hard-drives still rule.
I work in cinema IoT including KDM and DCP delivery and ingestion to TMS or cinema server, and our solution is to have a separate agent inside the private cinema network that can broker communication with cinema devices like projectors, calibrators, and audio processors. Some of these have their own UIs in the local network, or if you've got the company VPN, but in general for monitoring we just rely on SNMP or server API.
The cinema servers are different. They all have APIs that provide varying levels of monitoring, control, and automation for the server, itself, as well as connected devices including limited monitoring and control of projectors and audio. They all support RDP or VNC, so if you're behind the same firewall you can get to their UI. Same with TMSes... they have UIs that you can access remotely, if you're on the company VPN.
But the projector itself? Never on the internet. It's "married" to the cinema server, and will only work with that particular server, based on their respective certs.
In Sony's case, it sounds like the projector certs have expired, so now they are invalid when used with the updated server certs.
IIUC, movies are delivered to local storage via the internet, and those files are heavily DRMd, the DRM is checked synchronously when films are played.
That sounds roughly correct based on when I worked at a theatre, although back then they mailed you drives. Worth noting that the movies are encrypted and you only get decryption keys at release.
But Sony hasn’t made projectors in a while. I suspect this was something like an expired certificate rather than an actual software update.
It hasn't changed much. Most features are still delivered on drives. They're just too damn BIG otherwise.
Keys are sent separately, and are valid only for a certain date-range, and for a specific cinema server. In this case, Sony servers only work with Sony projectors, and vice-versa. Each device has its own certs, but for encrypted feature encoding, the standard is Key Delivery Messages, which unlock the feature Digital Cinema Package (DCP). DCPs are a general purpose cinema package, and is also used to deliver unencrypted clips like ads and trailers.
But the key is the Key. It's only valid for the specific cinema server, and the cinema server is "married" to the projector by encryption. This protects against on-site MITM attacks.
If there's a server update that doesn't update the certs on either the server itself, or the projector (in Sony's case), then the marriage breaks, and the silver screen stays dark.
Nothing anyone else can do about it, either, since any valid certs would have to be issued by Sony, and nobody has the private keys except Sony.
> as silly as bluetooth speakers like Sonos needing an internet connection
Where are you getting your information? Sonos speakers that support bluetooth don't need an internet connection to use bluetooth. They only need an internet connection when you want them to stream music from the internet.
Sonos isn’t Bluetooth speakers, they have a couple in their portable lineup that do offer Bluetooth, but last I checked the majority don’t offer Bluetooth and to be honest I like it better this way.
Not having my phone locked up to only play music is awesome, being able to use voice control to play specific songs and have them play throughout the house is awesome. Bluetooth is a pain, not being able to use Instagram (or any other app that wants control of audio) while my daughter listens to a song sucks.
This is likely an expired certificate related to the encryption on the movie files.