[HN Gopher] Sony software updates breaks movie theater projectors
___________________________________________________________________
Sony software updates breaks movie theater projectors
Author : donohoe
Score : 142 points
Date : 2023-12-31 17:20 UTC (5 hours ago)
(HTM) web link (bsky.app)
(TXT) w3m dump (bsky.app)
| crazygringo wrote:
| Super curious if there's any kind of contractual recourse where
| theaters can recoup the lost income from Sony.
|
| It's one thing if a projector breaks mechanically or due to a
| pre-existing bug; it's another thing when an update breaks it.
|
| In an age where updates are increasingly the norm, I wonder if
| there's legislation needed to hold manufacturers accountable for
| updates that break otherwise perfectly-functioning hardware?
| csdvrx wrote:
| > updates that break otherwise perfectly-functioning hardware?
|
| "Every update is a downgrade":
|
| http://itre.cis.upenn.edu/~myl/languagelog/archives/000606.h...
| m463 wrote:
| I liked this:
|
| > Notice, I'm no Luddite. I don't reject technology. I depend
| on it.
| donmcronald wrote:
| This is my experience with Roku TVs. They used to be ok, but
| they can't resist updating them and I have 3 that run
| noticeably slower than they did originally. It's probably a
| combination of the OS and apps.
|
| Even worse, something got updated that broke CEC integration
| with my sound bar on one of them, so now I can't use the
| built in volume control and need to use 2 remotes instead. I
| know it's a real first world problem, but it infuriates me
| that they can slowly _ruin_ a TV that _I own_ and I have no
| recourse.
|
| I'm so sick of the tech industry I hope the whole thing
| collapses. We need major legislation updates to make tech
| companies liable for all awful they're doing to the world.
| transcriptase wrote:
| Roku and smart TV manufacturers are infuriating.
|
| They choose a processor that's barely sufficient to run the
| software it releases with, and proceed release a constant
| stream of updates with nothing of value to the user.
| Meanwhile every update has the device running 5% slower,
| making it noticeably sluggish after a couple years.
|
| It almost feels intentional, but I'm sure no bean counter
| is going to permit spending a few dollars extra per unit
| for something they probably see as reason for people to
| upgrade.
| mikequinlan wrote:
| >hold manufacturers accountable for updates that break
| otherwise perfectly-functioning hardware
|
| Wouldn't the license agreement that you agreed to when you
| installed the software specify any responsibilities of the
| vendor and define what recourse you might have? Why would
| government action be needed?
| delecti wrote:
| Precisely for that reason. Most license agreements require
| the end-user to waive any recourse. That's what customer
| protection laws are for.
| crazygringo wrote:
| Because I have no negotiating power. Every license agreement
| says there's no recourse, so I can't pick one that does have
| it.
|
| There's a major free-market failure because there's no
| negotiation over the agreement. There's no representative for
| consumers pushing back. So that representative needs to be
| the government.
|
| This is the entire reason for consumer protection laws.
| 4death4 wrote:
| There is a negotiation over the agreement. If you don't
| agree with an agreement, then buy a different product.
| Thats how all agreements work. It's just not very fun to
| negotiate when there's a large power imbalance.
| malfist wrote:
| Find me a theater projector firmware/software that
| doesn't have an EULA. Go on, I'll wait.
| phartenfeller wrote:
| Same logic as why you need worker/renter rights, just
| find another employer/apartment. Sorry that the toaster
| shocked your wife, but you could have just gotten a
| different one with better safety standards.
|
| It is great that the government protects consumers.
| Otherwise, everyone would need to spend hours researching
| everything before making a rare purchase.
| hypeatei wrote:
| You're conflating human rights and safety issues with
| broken projector software which seems disingenuous.
|
| > Otherwise, everyone would need to spend hours
| researching everything before making a rare purchase
|
| On this issue specifically, these projectors seem to be
| in the tens (possibly hundreds) of thousands of dollars
| so some research and due diligence doesn't seem that far
| fetched.
| Adverblessly wrote:
| > It's just not very fun to negotiate when there's a
| large power imbalance.
|
| Indeed, which is why people may choose to band together
| in a bigger bargaining block to improve their position
| and possibly even achieve greater power than the other
| party. For example, they could choose to form a single
| block that represents the citizens of an entire country.
| 4death4 wrote:
| That seems like the opposite of the original comment,
| which was a desire to negotiate on an individual level.
| ncallaway wrote:
| Because the government has put constraints on what kind of
| agreements are valid (especially in the domain of sales to
| consumers).
|
| It happens all the time across many domains (look up the
| Uniform Commercial Code, for more general examples, or laws
| around vehicle sales).
|
| I have less inclination to be involved in business to
| business transactions, but there's absolutely a societal
| debate to be had around what laws and regulations we have on
| transactions of software.
|
| Society runs smoother, with more transactions, and this
| economic wealth, when consumers can assume a reasonable
| baseline of behavior that is being regulated by the
| government. If every purchase and every transaction requires
| deep due diligence there will be far fewer transactions.
| Levitz wrote:
| Because government action is consumer action.
|
| The government is not some foreign third actor, we live in a
| democratic society and as such, the way in which we do things
| is subjected to the desires of the public.
|
| If enough people consider the government should intervene,
| then the government should intervene.
| hypeatei wrote:
| Meh, shit happens and _maybe_ software rollback should be
| codified. Let the compensation be between the two parties
| involved (Sony and the customer) - similar to SLAs in the
| cloud.
| malux85 wrote:
| There is an enormous power imbalance between Sony and the
| customer which will lead to abuse.
|
| They will filibuster and or beaurocrat-ize away any will to
| pursue lawsuits, or they will offer token trivial
| compensation (which doesn't nearly reflect the actual lost
| income)
|
| Your "meh" apathy is what leads to the abuse of power by the
| larger parties
| hypeatei wrote:
| I just don't see the need for a law which turns a civil
| issue into a criminal one. There are already existing
| frameworks for this - contracts. If someone isn't
| comfortable with the terms, then they don't use Sony
| products.
|
| If your argument is that Sony is too big and has a monopoly
| on projectors - then antitrust laws exist.
| handoflixue wrote:
| As a society, we've already concluded that contracts are
| insufficient to cover a huge class of situations (minimum
| wages, banning non-competes, etc.). Why would you think
| they're sufficient to handle this one?
|
| We already have simple systems that handle "you broke my
| stuff" fairly well - why would we want to lean on
| something as slow and complex as antitrust laws to
| resolve this? The Epic vs Google lawsuit started in 2020.
| 3 years is a long time to wait to collect damages for
| broken projectors.
| hypeatei wrote:
| > Why would you think they're sufficient to handle this
| one?
|
| It's a business transaction where contracts are the norm.
| Sony may not be very flexible on terms, but no one is
| forced to buy their projectors and agree to the terms.
|
| > why would we want to lean on something as slow and
| complex as antitrust laws
|
| We would if consumers had no other choice but to buy Sony
| projectors only - that doesn't seem to be the case,
| though.
| MobiusHorizons wrote:
| > but no one is forced to buy their projectors and agree
| to the terms
|
| I don't know how much choice movie theaters have. As I
| understand it, these projectors read directly from a hard
| drive, and are heavily regulated to avoid piracy.
| According to the Wikipedia article [1] there are only 4
| approved manufacturers, and until very recently Sony had
| the only 4k model.
|
| [1] https://en.wikipedia.org/wiki/Digital_cinema (see the
| projectors for digits cinema section)
| verve_rat wrote:
| I think you are confused about how laws work. A law can
| cover sales and transactions without any criminal
| penalties. It can layout the ground for civil actions, to
| be taken by either government entities or the effected
| parties themselves.
|
| Just because a law is created doesn't mean a new crime
| with criminal penalties is created.
| hypeatei wrote:
| You're right, there doesn't have to be criminal
| penalties. Codifying compensation requirements for buggy
| software seems like it would need to be very broad and
| effectively a useless law, though.
| verve_rat wrote:
| Not really, just a simple law that said software vendor
| are liable for actual loss caused by their products would
| have a huge impact.
|
| Courts are our mechanism for sorting out the details, not
| legislation.
| guhidalg wrote:
| I'm sure Sony is sensitive to the PR hit from movie
| theaters telling their customers that the reason they can't
| watch a movie is precisely due to a Sony software update.
| Next time the consumer is buying a Sony product they'll
| think twice about its software reliability.
| ipython wrote:
| I argue Sony doesn't care as this isn't the first time
| they've shafted customers (see below), and it sure as
| heck won't be the last.
|
| https://en.m.wikipedia.org/wiki/Sony_BMG_copy_protection_
| roo...
| guhidalg wrote:
| Thanks for sharing that, my trust is Sony's software is
| now lower than before.
| amelius wrote:
| > In an age where updates are increasingly the norm, I wonder
| if there's legislation needed to hold manufacturers accountable
| for updates that break otherwise perfectly-functioning
| hardware?
|
| Maybe there should be a law that says:
|
| 1. Upgrades may be performed but never behind the user's back.
|
| 2. In particular, the user determines exactly when an upgrade
| is performed.
|
| 3. The user may roll back any update at any time.
|
| 4. Any services which the software depends on should be
| compatible with all versions of the updated software.
|
| EDIT: 5. Security backports should be made available. However,
| the user should always be in control over whether they are
| installed. Sometimes working code is more important than 100%
| secure code. Also this rule will prevent companies from quickly
| forcing an update and sweeping security breaches under the rug.
| tantalor wrote:
| Not gonna happen in a million years
| vlovich123 wrote:
| Some of those suggestions are things that sound good at
| first glance but are simply not great ideas.
|
| For example, support for downgrades means you a security
| vulnerability can be reintroduced by a malicious user which
| may not be desirable. Writing software that's backwards and
| forwards compatible across all releases can be extremely
| expensive to impossible (eg a feature in your application
| that requires a new OS or you need to use a now removed API
| when running on older releases).
|
| There are difficult technical issues involved and trying to
| legislate specifics may not be the best idea vs other
| approaches that improve real freedom (eg you have to
| release sufficient details to your customers that they can
| write their own software for your hardware).
| thfuran wrote:
| >For example, support for downgrades means you a security
| vulnerability can be reintroduced by a malicious user
| which may not be desirable.
|
| And there are regulated industries where a software
| update could be the fulfillment of a recall.
| csdvrx wrote:
| > Some of those suggestions are things that sound good at
| first glance but are simply not great ideas.
|
| Actually, yes they are. I'm not a big fan of legislation,
| but the upgrade crazyness has to stop at some point!
|
| > For example, support for downgrades means you a
| security vulnerability can be reintroduced by a malicious
| user which may not be desirable
|
| What if "I, the user" deem it "desirable"?
|
| I'm holding to bios with known vulnerabilities so I can
| work around "security features" that are "for my own
| protection" like 1) preventing me from underclocking (to
| keep the security features of the now-dead SGX) 2) using
| any M2 WWAN or NVMe that I want
|
| It's gone to a point where it's not desirable for me to
| upgrade, and to prefer the risks that come with an
| exploit as at least I know my freedom to use my hardware
| the way I want will not suddenly become limited.
|
| Another example: getting root on android with mediatek
| was considered a "bug" and work a mandatory "upgrade"
| that prevent users from being able to get root that way.
|
| But I want to be root!
| hdhuwgdue2 wrote:
| Regular bios updates rub me the wrong way. Wife's lappy
| recently decided to update it of its own volition too. I
| was livid, but thankfully nothing broke. I hate that OS
| can do it, but I hate more the fact that bios is clearly
| less reliable..
| thfuran wrote:
| Do you believe that the operator of a deliberately
| insecure system should be liable if it ends up suborned
| by a botnet and used to attack someone else's system?
| csdvrx wrote:
| > Do you believe that the operator of a deliberately
| insecure system should be liable
|
| Only if said operator signed a contract. No contract=no
| liability.
|
| Here in the US, the Supreme Court has made it clear that
| law enforcement agencies are not required to provide
| protection to the citizens cf
| https://www.nytimes.com/2005/06/28/politics/justices-
| rule-po...
|
| If even the police isn't liable, why should I be liable
| or have any kind of duty to protect your system?
|
| Your system, your problem.
| thfuran wrote:
| Do you also think it's fine to shit in other people's
| wells or for companies to dump their toxic waste in the
| middle of other companies parking lots as long as
| you/they haven't signed a contract explicitly agreeing
| not to?
| amelius wrote:
| > For example, support for downgrades means you a
| security vulnerability can be reintroduced by a malicious
| user which may not be desirable.
|
| Backports exist because of this reason. Just added them
| as a requirement to the list of rules above.
| az226 wrote:
| Windows 10 forced an updated on my PC and deleted all my
| personal files. I paid a forensic data firm four digits to
| get about half my data back.
| at_a_remove wrote:
| Could you tell us more about this?
|
| Were you keeping your personal files in the usual
| "Documents" and "Videos" and such laid out by Microsoft? Or
| somewhere else?
| userbinator wrote:
| Not the one you're responding to, but my guess is this:
| https://news.ycombinator.com/item?id=18189139
| 542458 wrote:
| 1 and 2 - this seems incompatible with how 90% of the
| population uses software, namely they set it and forget it.
| Having to manually approve and schedule every single update
| for everything a user touches would be a) a security
| nightmare, as most things would never get updated ever and b)
| a UX nightmare, with a million different things asking for
| updates.
|
| 3 - Maintaining a data path forward is tricky enough.
| Demanding that users be able to downgrade at anytime would be
| a very tall ask if user data has to survive the downgrade.
|
| 4 - This seems outlandishly expensive to do. This effectively
| reads "nobody can ever deprecate an api on anything". This
| also seems to be broadly incompatible with fixing certain
| security vulnerabilities - would everybody have to maintain
| TLS 1.1 or plaintext api endpoints for old clients? Would a
| social media network have to maintain api endpoints that
| leaked more data than users were comfortable with?
| userbinator wrote:
| It's all an incentive for "don't just churn software, plan
| well ahead".
|
| _This also seems to be broadly incompatible with fixing
| certain security vulnerabilities - would everybody have to
| maintain TLS 1.1 or plaintext api endpoints for old
| clients?_
|
| Or they would forced to produce an update that doesn't do
| anything other than e.g. upgrade the TLS version --- and
| has absolutely _nothing_ else.
| ToucanLoucan wrote:
| > 1 and 2 - this seems incompatible with how 90% of the
| population uses software, namely they set it and forget it.
| Having to manually approve and schedule every single update
| for everything a user touches would be a) a security
| nightmare, as most things would never get updated ever and
| b) a UX nightmare, with a million different things asking
| for updates.
|
| I don't see how an automatic update setting is incompatible
| with 2. If a user says "go ahead and install updates as
| needed" that is the user expressing their desire to receive
| updates.
|
| I also think the phrasing in 1 is a little needlessly
| aggressive though I believe it comes from a place of
| frustration. The difference in my mind between saying "this
| thing updated behind my back" and "this thing updated
| automatically for me" is whether the user has registered
| the update as being beneficial or not, and depending on the
| device, that's a WIDE spectrum. I know my smart outlets
| update their firmware all the time, and an extremely small
| handful of times I do notice, because sometimes they end up
| not reconnecting to the wifi quite right and need to be
| reconnected. However if they updated and, for example,
| broke HomeKit support and no longer worked, I'd be angry
| the next time I tried to use them.
|
| > 3 - Maintaining a data path forward is tricky enough.
| Demanding that users be able to downgrade at anytime would
| be a very tall ask if user data has to survive the
| downgrade.
|
| I mean, this is just an engineering problem pure and
| simple. Most of the time, in my experience, graceful
| downgrade just isn't prioritized because, well, who can
| even do it for starters? Installing old software oftentimes
| means you need to do some really intense stuff, like wiping
| whatever device entirely, so the retention of data is moot.
|
| If this was mandated I see no problem with getting it done
| in my industry. It's simply a matter of making it a
| priority IMO.
|
| > 4 - This seems outlandishly expensive to do. This
| effectively reads "nobody can ever deprecate an api on
| anything".
|
| With certain products I can definitely see it being an
| advantage, and the first place my mind goes to is again,
| smart home products and appliances, automotive hardware,
| that sort of thing. Large, expensive items that incorporate
| software that the user interacts with can be _an absolute
| nightmare_ when the OEM randomly decides that the way
| something 's worked for years and years for you is now just
| not an option, or worse still, locks it behind a paywall.
| And what are your options here? Buy a new car or
| dishwasher? Or eat shit and pay them $20 a year that they
| have not earned and are providing no value for?
|
| This is why the newest car I have is a 2018 Corvette,
| because I know all it's software and have access to it, and
| there's no system that's going to lock my heated seats
| behind a Chevrolet Premiere+ subscription where I have to
| give chevy money to permit my car to engage a damn relay
| for me.
| windows2020 wrote:
| My take on this is back when software was distributed on
| media like CDs, new versions were better. Updates were
| discrete, marketed and expensive. They had to be good!
|
| Continuous updates continue to permeate, including into
| things that are still surprisingly connected to the internet
| in the first place.
|
| I think that in time, forced updates will cause enough
| trouble that people will become more conscious of and dislike
| them. For some, one bad update is all it will take.
|
| So, I think it's worth waiting to see if anti-update
| competitors appear before regulating this.
| dejj wrote:
| Amelius' 5 laws to Asimov's 3.
|
| Make them a bit terser, and maybe "Right to repair" will
| heave them out of the science fiction tarpit.
| johnchristopher wrote:
| > 1. Upgrades may be performed but never behind the user's
| back.
|
| > 2. In particular, the user determines exactly when an
| upgrade is performed.
|
| Haha, at last, yes !! Take that stupid windows XP countdown
| to reboot !!
| iancmceachern wrote:
| In my experience in this industry they often have multiple
| (2-3) projectors in the projection booth for exactly this kind
| of issue, a bulb goes out, etc. They also play the previews and
| ads before the movie on a different, cheaper projector.
|
| Having 2 Sony projectors wouldn't help here though...
| vlovich123 wrote:
| It would if Sony staggered software releases to sibling
| projectors.
| layer8 wrote:
| > updates that break otherwise perfectly-functioning hardware
|
| Arguably the hardware still functions perfectly, it's the
| software that's broken.
| Xenoamorphous wrote:
| Daikin semi-bricked my 3 aircon units in the middle of the
| summer with a firmware upgrade.
| lancesells wrote:
| Is there something where a projector needs to be connected to the
| internet? This seems as silly as bluetooth speakers like Sonos
| needing an internet connection.
|
| Perhaps someone can share what is needed here and why it's
| connected.
| buro9 wrote:
| IIUC, movies are delivered to local storage via the internet,
| and those files are heavily DRMd, the DRM is checked
| synchronously when films are played.
| joezydeco wrote:
| So maybe this was a key rotation issue instead of what we
| think of as a software update (e.g. bugfixes)?
| 542458 wrote:
| That sounds roughly correct based on when I worked at a
| theatre, although back then they mailed you drives. Worth
| noting that the movies are encrypted and you only get
| decryption keys at release.
|
| But Sony hasn't made projectors in a while. I suspect this
| was something like an expired certificate rather than an
| actual software update.
| Baldbvrhunter wrote:
| DRM and no unauthorised screenings outside of approved show
| times.
|
| Although you can use them for non DRM showings.
| imperialdrive wrote:
| That's terrible. Very curious who pushed that button and why.
| Just confirmed they're closing all locations.
| rcdemski wrote:
| Down in Denver too. My money is on a date rollover issue related
| to DRM.
| sprocket35 wrote:
| Digital cinema tech here. Sony hasn't been releasing updates
| since they exited the business in 2020.
|
| This is likely an expired certificate related to the encryption
| on the movie files.
| crazygringo wrote:
| Are certificates usually/often issued to expire at the end of a
| given calendar year? On the one hand, that would explain this
| happening on Dec 31.
|
| But it's slightly weird because it's not yet the new year in
| UTC. This was posted several hours before that happening, and
| we've still got over 2 hours to go... (And the cinema is in New
| York, with almost 8 hours to go in local time, so it's not a
| local timezone issue either.)
| userbinator wrote:
| This is Sony, and it is the new year in Japan.
| FirmwareBurner wrote:
| Sony is a Japanese company but it's also a multinational
| company consisting of hundreds of companies they aquired
| over the years all over the globe. It's therefore a
| relatively small chance is has something to do with Japan
| specifically.
| swells34 wrote:
| It likely depends on where the programmer who has the
| original cert issued was... so quite likely Japan, given
| the evidence
| dn3500 wrote:
| A digital cinema tech with the username "sprocket35"?
| firtoz wrote:
| There have been stranger things
| Aloha wrote:
| I mean his comment history is on par with who he says he is -
| I think it's a great name. Just because I work mostly in the
| digital domain doesn't mean I dont long for the analog.
| saghm wrote:
| Honestly, is that better? Leaving all the devices set to EOL
| and get bricked or whatever feels pretty wasteful.
| sprocket35 wrote:
| The studios set the requirements. A certificate that never
| expires would never fly with their need to control DRM as
| tightly as possible.
|
| If Sony was still in the business, they would offer a
| certificate renewal for a small fee like the other
| manufacturers have done.
|
| The root problem is that Sony exited the market and left a
| lot of cinema owners out to dry with the looming cost of
| $50,000+ per auditorium for replacement projectors.
| prepend wrote:
| Having a short term cert seems wasteful too.
|
| How frequently does Sony change its identity. They should
| have a 999 year cert expiration and then check a revocation
| list in the off chance they Sony gets its private keys
| rooted.
| rladd wrote:
| They recently released an update for my 2021 vintage OLED TV, and
| after applying it it now doesn't work properly at all. It's still
| usable, but only barely.
| sschueller wrote:
| I wonder how much longer until we have a military or medical
| device that doesn't work killing people because a DRM certificate
| expired...
| mixmastamyk wrote:
| Probably already happened but the witnesses have expired.
___________________________________________________________________
(page generated 2023-12-31 23:00 UTC)