Tue09172019

Last updateSat, 25 May 2019 4pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the Non-Technical Manager 

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Online Managers Online Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

Certificate Authorities and DCinema

This weeks news brings up a sore subject: Trust.

In DCinema, this means Trusted Device Lists (TDL) and Certificate Authorities as specified in the SMPTE/ISO and DCI documents.

In the outside world, the foundation is also a group of companies who issue certificates that bring different levels of trust to different websites or those who access the websites. These companies are the CAs or Certificate Authorities. Last year, one was found to have been hacked.

Another has been found to have introduced a man-in-the-middle attack vector, meaning that once a legitimate user opened the door by giving the correct credentials, someone slipped in and assumes the identity of that user with all their rights (usually kicking them off the system – something that should arouse suspicion but which happens so often, seems normal.

Last week the Big Kahuna of CAs, Verisign, had to admit that they also were hacked into and that data was stolen from their systems. Coming so long after the break-in and after people got used to the news that smaller sites were hacked (relatively smaller sites...still significant to the system though), this isn't getting a lot of play. When Belgian CA GlobalSign was broken into the hue and cry approached ChickenLittle-ish. This week I see articles on Verisign that don't get any clicks.

Is it that all the tech geniuses at all the dcinema installers and installation and distribution sites double-triple checked their firewalls and decided they were nuke free and nuke-proof? Or perhaps we are complacent, feeling that the industry is not like the bank industry, with no immediate link to buckets of spendable cash, and no one really focusing the industry. Or, perhaps more logically, the dcinema industry is just hoping that the entire unbuilt fortress of SMPTE compliance will get together before the jewels that the studios need to protect get too exposed, because – "Hey, we're pedaling as fast as we can, and see, you wanted all these updates put into legacy equipment with constant patching to the legacy InterOp format..."

For bettor or worse, there is no universal trusted device list in the industry, most likely due to potential liability issues. This has led to every company and their brother having a separate list – though there is enough interplay that these are presumed to have enough intercourse that if one list is polluted with a rogue 'signed' utensil, it would be disseminated throughout the lists. So, the best and the worse of all possible worlds.

Into this is a RFI from a company (last week) suggesting that they can build a system...

This article is a work in progress. Here are some of the industry articles that provoked the issue:

Who to trust after the VeriSign hack? | IT PRO

VeriSign admits 2010 hack | IT PRO

Trustwave issued a man-in-the-middle certificate - The H Security: News and Features

Break-ins at domain registrar VeriSign in 2010 - The H Security: News and Features

Backdoor in TRENDnet IP cameras - The H Security: News and Features

Certificate fraud: Protection against future "DigiNotars" - The H Security: News and Features

OpenPGP in browsers - The H Security: News and Features

Google researchers propose way out of the SSL dilemma - The H Security: News and Features

Google wants to do away with online certificate checks - The H Security: News and Features

Is the end nigh for Certificate Authorities? | IT PRO

Certificate issuing stopped at KPN after server break-in discovered - The H Security: News and Features