[HN Gopher] Sony software updates breaks movie theater projectors ___________________________________________________________________ Sony software updates breaks movie theater projectors Author : donohoe Score : 142 points Date : 2023-12-31 17:20 UTC (5 hours ago) (HTM) web link (bsky.app) (TXT) w3m dump (bsky.app) | crazygringo wrote: | Super curious if there's any kind of contractual recourse where | theaters can recoup the lost income from Sony. | | It's one thing if a projector breaks mechanically or due to a | pre-existing bug; it's another thing when an update breaks it. | | In an age where updates are increasingly the norm, I wonder if | there's legislation needed to hold manufacturers accountable for | updates that break otherwise perfectly-functioning hardware? | csdvrx wrote: | > updates that break otherwise perfectly-functioning hardware? | | "Every update is a downgrade": | | http://itre.cis.upenn.edu/~myl/languagelog/archives/000606.h... | m463 wrote: | I liked this: | | > Notice, I'm no Luddite. I don't reject technology. I depend | on it. | donmcronald wrote: | This is my experience with Roku TVs. They used to be ok, but | they can't resist updating them and I have 3 that run | noticeably slower than they did originally. It's probably a | combination of the OS and apps. | | Even worse, something got updated that broke CEC integration | with my sound bar on one of them, so now I can't use the | built in volume control and need to use 2 remotes instead. I | know it's a real first world problem, but it infuriates me | that they can slowly _ruin_ a TV that _I own_ and I have no | recourse. | | I'm so sick of the tech industry I hope the whole thing | collapses. We need major legislation updates to make tech | companies liable for all awful they're doing to the world. | transcriptase wrote: | Roku and smart TV manufacturers are infuriating. | | They choose a processor that's barely sufficient to run the | software it releases with, and proceed release a constant | stream of updates with nothing of value to the user. | Meanwhile every update has the device running 5% slower, | making it noticeably sluggish after a couple years. | | It almost feels intentional, but I'm sure no bean counter | is going to permit spending a few dollars extra per unit | for something they probably see as reason for people to | upgrade. | mikequinlan wrote: | >hold manufacturers accountable for updates that break | otherwise perfectly-functioning hardware | | Wouldn't the license agreement that you agreed to when you | installed the software specify any responsibilities of the | vendor and define what recourse you might have? Why would | government action be needed? | delecti wrote: | Precisely for that reason. Most license agreements require | the end-user to waive any recourse. That's what customer | protection laws are for. | crazygringo wrote: | Because I have no negotiating power. Every license agreement | says there's no recourse, so I can't pick one that does have | it. | | There's a major free-market failure because there's no | negotiation over the agreement. There's no representative for | consumers pushing back. So that representative needs to be | the government. | | This is the entire reason for consumer protection laws. | 4death4 wrote: | There is a negotiation over the agreement. If you don't | agree with an agreement, then buy a different product. | Thats how all agreements work. It's just not very fun to | negotiate when there's a large power imbalance. | malfist wrote: | Find me a theater projector firmware/software that | doesn't have an EULA. Go on, I'll wait. | phartenfeller wrote: | Same logic as why you need worker/renter rights, just | find another employer/apartment. Sorry that the toaster | shocked your wife, but you could have just gotten a | different one with better safety standards. | | It is great that the government protects consumers. | Otherwise, everyone would need to spend hours researching | everything before making a rare purchase. | hypeatei wrote: | You're conflating human rights and safety issues with | broken projector software which seems disingenuous. | | > Otherwise, everyone would need to spend hours | researching everything before making a rare purchase | | On this issue specifically, these projectors seem to be | in the tens (possibly hundreds) of thousands of dollars | so some research and due diligence doesn't seem that far | fetched. | Adverblessly wrote: | > It's just not very fun to negotiate when there's a | large power imbalance. | | Indeed, which is why people may choose to band together | in a bigger bargaining block to improve their position | and possibly even achieve greater power than the other | party. For example, they could choose to form a single | block that represents the citizens of an entire country. | 4death4 wrote: | That seems like the opposite of the original comment, | which was a desire to negotiate on an individual level. | ncallaway wrote: | Because the government has put constraints on what kind of | agreements are valid (especially in the domain of sales to | consumers). | | It happens all the time across many domains (look up the | Uniform Commercial Code, for more general examples, or laws | around vehicle sales). | | I have less inclination to be involved in business to | business transactions, but there's absolutely a societal | debate to be had around what laws and regulations we have on | transactions of software. | | Society runs smoother, with more transactions, and this | economic wealth, when consumers can assume a reasonable | baseline of behavior that is being regulated by the | government. If every purchase and every transaction requires | deep due diligence there will be far fewer transactions. | Levitz wrote: | Because government action is consumer action. | | The government is not some foreign third actor, we live in a | democratic society and as such, the way in which we do things | is subjected to the desires of the public. | | If enough people consider the government should intervene, | then the government should intervene. | hypeatei wrote: | Meh, shit happens and _maybe_ software rollback should be | codified. Let the compensation be between the two parties | involved (Sony and the customer) - similar to SLAs in the | cloud. | malux85 wrote: | There is an enormous power imbalance between Sony and the | customer which will lead to abuse. | | They will filibuster and or beaurocrat-ize away any will to | pursue lawsuits, or they will offer token trivial | compensation (which doesn't nearly reflect the actual lost | income) | | Your "meh" apathy is what leads to the abuse of power by the | larger parties | hypeatei wrote: | I just don't see the need for a law which turns a civil | issue into a criminal one. There are already existing | frameworks for this - contracts. If someone isn't | comfortable with the terms, then they don't use Sony | products. | | If your argument is that Sony is too big and has a monopoly | on projectors - then antitrust laws exist. | handoflixue wrote: | As a society, we've already concluded that contracts are | insufficient to cover a huge class of situations (minimum | wages, banning non-competes, etc.). Why would you think | they're sufficient to handle this one? | | We already have simple systems that handle "you broke my | stuff" fairly well - why would we want to lean on | something as slow and complex as antitrust laws to | resolve this? The Epic vs Google lawsuit started in 2020. | 3 years is a long time to wait to collect damages for | broken projectors. | hypeatei wrote: | > Why would you think they're sufficient to handle this | one? | | It's a business transaction where contracts are the norm. | Sony may not be very flexible on terms, but no one is | forced to buy their projectors and agree to the terms. | | > why would we want to lean on something as slow and | complex as antitrust laws | | We would if consumers had no other choice but to buy Sony | projectors only - that doesn't seem to be the case, | though. | MobiusHorizons wrote: | > but no one is forced to buy their projectors and agree | to the terms | | I don't know how much choice movie theaters have. As I | understand it, these projectors read directly from a hard | drive, and are heavily regulated to avoid piracy. | According to the Wikipedia article [1] there are only 4 | approved manufacturers, and until very recently Sony had | the only 4k model. | | [1] https://en.wikipedia.org/wiki/Digital_cinema (see the | projectors for digits cinema section) | verve_rat wrote: | I think you are confused about how laws work. A law can | cover sales and transactions without any criminal | penalties. It can layout the ground for civil actions, to | be taken by either government entities or the effected | parties themselves. | | Just because a law is created doesn't mean a new crime | with criminal penalties is created. | hypeatei wrote: | You're right, there doesn't have to be criminal | penalties. Codifying compensation requirements for buggy | software seems like it would need to be very broad and | effectively a useless law, though. | verve_rat wrote: | Not really, just a simple law that said software vendor | are liable for actual loss caused by their products would | have a huge impact. | | Courts are our mechanism for sorting out the details, not | legislation. | guhidalg wrote: | I'm sure Sony is sensitive to the PR hit from movie | theaters telling their customers that the reason they can't | watch a movie is precisely due to a Sony software update. | Next time the consumer is buying a Sony product they'll | think twice about its software reliability. | ipython wrote: | I argue Sony doesn't care as this isn't the first time | they've shafted customers (see below), and it sure as | heck won't be the last. | | https://en.m.wikipedia.org/wiki/Sony_BMG_copy_protection_ | roo... | guhidalg wrote: | Thanks for sharing that, my trust is Sony's software is | now lower than before. | amelius wrote: | > In an age where updates are increasingly the norm, I wonder | if there's legislation needed to hold manufacturers accountable | for updates that break otherwise perfectly-functioning | hardware? | | Maybe there should be a law that says: | | 1. Upgrades may be performed but never behind the user's back. | | 2. In particular, the user determines exactly when an upgrade | is performed. | | 3. The user may roll back any update at any time. | | 4. Any services which the software depends on should be | compatible with all versions of the updated software. | | EDIT: 5. Security backports should be made available. However, | the user should always be in control over whether they are | installed. Sometimes working code is more important than 100% | secure code. Also this rule will prevent companies from quickly | forcing an update and sweeping security breaches under the rug. | tantalor wrote: | Not gonna happen in a million years | vlovich123 wrote: | Some of those suggestions are things that sound good at | first glance but are simply not great ideas. | | For example, support for downgrades means you a security | vulnerability can be reintroduced by a malicious user which | may not be desirable. Writing software that's backwards and | forwards compatible across all releases can be extremely | expensive to impossible (eg a feature in your application | that requires a new OS or you need to use a now removed API | when running on older releases). | | There are difficult technical issues involved and trying to | legislate specifics may not be the best idea vs other | approaches that improve real freedom (eg you have to | release sufficient details to your customers that they can | write their own software for your hardware). | thfuran wrote: | >For example, support for downgrades means you a security | vulnerability can be reintroduced by a malicious user | which may not be desirable. | | And there are regulated industries where a software | update could be the fulfillment of a recall. | csdvrx wrote: | > Some of those suggestions are things that sound good at | first glance but are simply not great ideas. | | Actually, yes they are. I'm not a big fan of legislation, | but the upgrade crazyness has to stop at some point! | | > For example, support for downgrades means you a | security vulnerability can be reintroduced by a malicious | user which may not be desirable | | What if "I, the user" deem it "desirable"? | | I'm holding to bios with known vulnerabilities so I can | work around "security features" that are "for my own | protection" like 1) preventing me from underclocking (to | keep the security features of the now-dead SGX) 2) using | any M2 WWAN or NVMe that I want | | It's gone to a point where it's not desirable for me to | upgrade, and to prefer the risks that come with an | exploit as at least I know my freedom to use my hardware | the way I want will not suddenly become limited. | | Another example: getting root on android with mediatek | was considered a "bug" and work a mandatory "upgrade" | that prevent users from being able to get root that way. | | But I want to be root! | hdhuwgdue2 wrote: | Regular bios updates rub me the wrong way. Wife's lappy | recently decided to update it of its own volition too. I | was livid, but thankfully nothing broke. I hate that OS | can do it, but I hate more the fact that bios is clearly | less reliable.. | thfuran wrote: | Do you believe that the operator of a deliberately | insecure system should be liable if it ends up suborned | by a botnet and used to attack someone else's system? | csdvrx wrote: | > Do you believe that the operator of a deliberately | insecure system should be liable | | Only if said operator signed a contract. No contract=no | liability. | | Here in the US, the Supreme Court has made it clear that | law enforcement agencies are not required to provide | protection to the citizens cf | https://www.nytimes.com/2005/06/28/politics/justices- | rule-po... | | If even the police isn't liable, why should I be liable | or have any kind of duty to protect your system? | | Your system, your problem. | thfuran wrote: | Do you also think it's fine to shit in other people's | wells or for companies to dump their toxic waste in the | middle of other companies parking lots as long as | you/they haven't signed a contract explicitly agreeing | not to? | amelius wrote: | > For example, support for downgrades means you a | security vulnerability can be reintroduced by a malicious | user which may not be desirable. | | Backports exist because of this reason. Just added them | as a requirement to the list of rules above. | az226 wrote: | Windows 10 forced an updated on my PC and deleted all my | personal files. I paid a forensic data firm four digits to | get about half my data back. | at_a_remove wrote: | Could you tell us more about this? | | Were you keeping your personal files in the usual | "Documents" and "Videos" and such laid out by Microsoft? Or | somewhere else? | userbinator wrote: | Not the one you're responding to, but my guess is this: | https://news.ycombinator.com/item?id=18189139 | 542458 wrote: | 1 and 2 - this seems incompatible with how 90% of the | population uses software, namely they set it and forget it. | Having to manually approve and schedule every single update | for everything a user touches would be a) a security | nightmare, as most things would never get updated ever and b) | a UX nightmare, with a million different things asking for | updates. | | 3 - Maintaining a data path forward is tricky enough. | Demanding that users be able to downgrade at anytime would be | a very tall ask if user data has to survive the downgrade. | | 4 - This seems outlandishly expensive to do. This effectively | reads "nobody can ever deprecate an api on anything". This | also seems to be broadly incompatible with fixing certain | security vulnerabilities - would everybody have to maintain | TLS 1.1 or plaintext api endpoints for old clients? Would a | social media network have to maintain api endpoints that | leaked more data than users were comfortable with? | userbinator wrote: | It's all an incentive for "don't just churn software, plan | well ahead". | | _This also seems to be broadly incompatible with fixing | certain security vulnerabilities - would everybody have to | maintain TLS 1.1 or plaintext api endpoints for old | clients?_ | | Or they would forced to produce an update that doesn't do | anything other than e.g. upgrade the TLS version --- and | has absolutely _nothing_ else. | ToucanLoucan wrote: | > 1 and 2 - this seems incompatible with how 90% of the | population uses software, namely they set it and forget it. | Having to manually approve and schedule every single update | for everything a user touches would be a) a security | nightmare, as most things would never get updated ever and | b) a UX nightmare, with a million different things asking | for updates. | | I don't see how an automatic update setting is incompatible | with 2. If a user says "go ahead and install updates as | needed" that is the user expressing their desire to receive | updates. | | I also think the phrasing in 1 is a little needlessly | aggressive though I believe it comes from a place of | frustration. The difference in my mind between saying "this | thing updated behind my back" and "this thing updated | automatically for me" is whether the user has registered | the update as being beneficial or not, and depending on the | device, that's a WIDE spectrum. I know my smart outlets | update their firmware all the time, and an extremely small | handful of times I do notice, because sometimes they end up | not reconnecting to the wifi quite right and need to be | reconnected. However if they updated and, for example, | broke HomeKit support and no longer worked, I'd be angry | the next time I tried to use them. | | > 3 - Maintaining a data path forward is tricky enough. | Demanding that users be able to downgrade at anytime would | be a very tall ask if user data has to survive the | downgrade. | | I mean, this is just an engineering problem pure and | simple. Most of the time, in my experience, graceful | downgrade just isn't prioritized because, well, who can | even do it for starters? Installing old software oftentimes | means you need to do some really intense stuff, like wiping | whatever device entirely, so the retention of data is moot. | | If this was mandated I see no problem with getting it done | in my industry. It's simply a matter of making it a | priority IMO. | | > 4 - This seems outlandishly expensive to do. This | effectively reads "nobody can ever deprecate an api on | anything". | | With certain products I can definitely see it being an | advantage, and the first place my mind goes to is again, | smart home products and appliances, automotive hardware, | that sort of thing. Large, expensive items that incorporate | software that the user interacts with can be _an absolute | nightmare_ when the OEM randomly decides that the way | something 's worked for years and years for you is now just | not an option, or worse still, locks it behind a paywall. | And what are your options here? Buy a new car or | dishwasher? Or eat shit and pay them $20 a year that they | have not earned and are providing no value for? | | This is why the newest car I have is a 2018 Corvette, | because I know all it's software and have access to it, and | there's no system that's going to lock my heated seats | behind a Chevrolet Premiere+ subscription where I have to | give chevy money to permit my car to engage a damn relay | for me. | windows2020 wrote: | My take on this is back when software was distributed on | media like CDs, new versions were better. Updates were | discrete, marketed and expensive. They had to be good! | | Continuous updates continue to permeate, including into | things that are still surprisingly connected to the internet | in the first place. | | I think that in time, forced updates will cause enough | trouble that people will become more conscious of and dislike | them. For some, one bad update is all it will take. | | So, I think it's worth waiting to see if anti-update | competitors appear before regulating this. | dejj wrote: | Amelius' 5 laws to Asimov's 3. | | Make them a bit terser, and maybe "Right to repair" will | heave them out of the science fiction tarpit. | johnchristopher wrote: | > 1. Upgrades may be performed but never behind the user's | back. | | > 2. In particular, the user determines exactly when an | upgrade is performed. | | Haha, at last, yes !! Take that stupid windows XP countdown | to reboot !! | iancmceachern wrote: | In my experience in this industry they often have multiple | (2-3) projectors in the projection booth for exactly this kind | of issue, a bulb goes out, etc. They also play the previews and | ads before the movie on a different, cheaper projector. | | Having 2 Sony projectors wouldn't help here though... | vlovich123 wrote: | It would if Sony staggered software releases to sibling | projectors. | layer8 wrote: | > updates that break otherwise perfectly-functioning hardware | | Arguably the hardware still functions perfectly, it's the | software that's broken. | Xenoamorphous wrote: | Daikin semi-bricked my 3 aircon units in the middle of the | summer with a firmware upgrade. | lancesells wrote: | Is there something where a projector needs to be connected to the | internet? This seems as silly as bluetooth speakers like Sonos | needing an internet connection. | | Perhaps someone can share what is needed here and why it's | connected. | buro9 wrote: | IIUC, movies are delivered to local storage via the internet, | and those files are heavily DRMd, the DRM is checked | synchronously when films are played. | joezydeco wrote: | So maybe this was a key rotation issue instead of what we | think of as a software update (e.g. bugfixes)? | 542458 wrote: | That sounds roughly correct based on when I worked at a | theatre, although back then they mailed you drives. Worth | noting that the movies are encrypted and you only get | decryption keys at release. | | But Sony hasn't made projectors in a while. I suspect this | was something like an expired certificate rather than an | actual software update. | Baldbvrhunter wrote: | DRM and no unauthorised screenings outside of approved show | times. | | Although you can use them for non DRM showings. | imperialdrive wrote: | That's terrible. Very curious who pushed that button and why. | Just confirmed they're closing all locations. | rcdemski wrote: | Down in Denver too. My money is on a date rollover issue related | to DRM. | sprocket35 wrote: | Digital cinema tech here. Sony hasn't been releasing updates | since they exited the business in 2020. | | This is likely an expired certificate related to the encryption | on the movie files. | crazygringo wrote: | Are certificates usually/often issued to expire at the end of a | given calendar year? On the one hand, that would explain this | happening on Dec 31. | | But it's slightly weird because it's not yet the new year in | UTC. This was posted several hours before that happening, and | we've still got over 2 hours to go... (And the cinema is in New | York, with almost 8 hours to go in local time, so it's not a | local timezone issue either.) | userbinator wrote: | This is Sony, and it is the new year in Japan. | FirmwareBurner wrote: | Sony is a Japanese company but it's also a multinational | company consisting of hundreds of companies they aquired | over the years all over the globe. It's therefore a | relatively small chance is has something to do with Japan | specifically. | swells34 wrote: | It likely depends on where the programmer who has the | original cert issued was... so quite likely Japan, given | the evidence | dn3500 wrote: | A digital cinema tech with the username "sprocket35"? | firtoz wrote: | There have been stranger things | Aloha wrote: | I mean his comment history is on par with who he says he is - | I think it's a great name. Just because I work mostly in the | digital domain doesn't mean I dont long for the analog. | saghm wrote: | Honestly, is that better? Leaving all the devices set to EOL | and get bricked or whatever feels pretty wasteful. | sprocket35 wrote: | The studios set the requirements. A certificate that never | expires would never fly with their need to control DRM as | tightly as possible. | | If Sony was still in the business, they would offer a | certificate renewal for a small fee like the other | manufacturers have done. | | The root problem is that Sony exited the market and left a | lot of cinema owners out to dry with the looming cost of | $50,000+ per auditorium for replacement projectors. | prepend wrote: | Having a short term cert seems wasteful too. | | How frequently does Sony change its identity. They should | have a 999 year cert expiration and then check a revocation | list in the off chance they Sony gets its private keys | rooted. | rladd wrote: | They recently released an update for my 2021 vintage OLED TV, and | after applying it it now doesn't work properly at all. It's still | usable, but only barely. | sschueller wrote: | I wonder how much longer until we have a military or medical | device that doesn't work killing people because a DRM certificate | expired... | mixmastamyk wrote: | Probably already happened but the witnesses have expired. ___________________________________________________________________ (page generated 2023-12-31 23:00 UTC)