my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Operations   » Digital Cinema Forum   » Booth internet access? (Page 1)

This topic comprises 2 pages: 1  2

Author Topic: Booth internet access? Harold Hallikainen Jedi Master Film Handler Posts: 906 From: Denver, CO, USA Registered: Aug 2009 posted 04-21-2014 12:48 PM                        Some services, like Theater Key Retrieval rely on equipment within the booth making outgoing TCP (or HTTP) connections to servers on the Internet. What percentage of auditoriums are configured to allow equipment on the auditorium network to access the outside world (again, typically an outgoing HTTP request)? THANKS! Harold  |  IP: Logged Marco Giustini Film God Posts: 2713 From: Reading, UK Registered: Nov 2007 posted 04-21-2014 01:03 PM                     Same percentage that can reach an NTP server! I'd say 90% - in a way or another. As you noticed, most services today are relying on the Internet for content/key/advert transfer. The server may not be configured to access the network directly - which is wrong, their clock will drift and some manufacturers will ask money to re-sync it if the drift is too severe - but the internet would just be minutes away.  |  IP: Logged Mike Blakesley Film God Posts: 12767 From: Forsyth, Montana Registered: Jun 99 posted 04-21-2014 04:00 PM                        quote: Marco Giustini The server may not be configured to access the network directly - which is wrong, their clock will drift I don't understand why, in this age where we can manufacture stuff down to tolerances in the microns, we can't build a computer clock that is accurate.  |  IP: Logged Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 04-21-2014 05:52 PM                     Mike.... Those clocks exist but they are expensive. Locking to NTP protocol via the internet is almost as accurate as having a real atomic clock. The idea being that all devices in a complex containing clocks lock to one accurate source and all stay synchronized... Mark  |  IP: Logged Harold Hallikainen Jedi Master Film Handler Posts: 906 From: Denver, CO, USA Registered: Aug 2009 posted 04-21-2014 07:01 PM                        Thanks for the responses! So, it looks like auditoriums generally have outgoing internet access, right? It IS difficult to build an oscillator that is stable over temperature. Getting much better than 5ppm over temperature gets expensive. 5ppm is about 13 seconds a month. One thing I do with NTP is adjust my clock speed in the correct direction each time I need to make a correction. So, over time, the error gets smaller and smaller. Also, I'm generally setting the default NTP server in the sutff I'm working on to pool.ntp.org and using 8.8.8.8 for DNS. Harold  |  IP: Logged Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 04-21-2014 07:14 PM                        My theatre has Internet service, but it's not connected to the projector/server setup. That's on its own independent network and not connected to anything other than itself. On my own computers I generally point ntp at time.windows.com; I figure Microsoft can afford the traffic, and I enjoy the irony of using a ms service to keep the time on Linux machines.  |  IP: Logged Marcel Birgelen Film God Posts: 3357 From: Maastricht, Limburg, Netherlands Registered: Feb 2012 posted 04-21-2014 07:27 PM                     You can also use a local server as your NTP server. Many decent routers can even take the role as the local NTP server. Let this server sync with an NTP pool and connect all your equipment to this server. That's actually what the designers of NTP had in their minds anyway. And although I do get the convenience of your booth having Internet access, there isn't really a reason why it actually should have it. Even it you rely on something making a TCP connection to somewhere else, that should be an exceptional case, not the standard. You know all those security leaks you hear about in the news all day long? Well, that kind of shit starts right where everything needs to be hooked up directly to the Internet, even the stuff that doesn't belong there. Why should your projector, server or even TMS be capable of making a call to a random location on the Internet? Stuff like "Theater Key Retrieval", which looks very "drafty" right now, should keep this in mind. The idea of automated key delivery is great, but it should NOT require every playback server or IMB being hooked up directly to the Internet. If that's the case, the design is awkwardly wrong and just blatantly ignores all the crap that's been going around on the Internet the last few years.  |  IP: Logged Steve Guttag We forgot the crackers Gromit!!! Posts: 12814 From: Annapolis, MD Registered: Dec 1999 posted 04-22-2014 06:30 AM                     While we have internet access to all of our booths...what is allowed to have internet access is almost nothing...there is typically a device that has the ability to get the time and all of the devices in the booth get their time from that device. The other reason is for remote support. There is zero reason for every device in the booth for having internet access. It is a potential breach of security and a waste of bandwidth.  |  IP: Logged Dennis Benjamin Phenomenal Film Handler Posts: 1445 From: Denton, MD Registered: Feb 2002 posted 04-22-2014 12:58 PM                        If your digital projection booth is a V.P.F. site, it is most likely accessible from the outside world through the Internet. However, while your N.O.C. can get in, as an operator - it is not a good idea to let your equipment "out". The only case would be for N.T.P. server access. Other than that, you are opening your equipment up for various issues. Especially if your Library Media Server is running a Microsoft based operating system.  |  IP: Logged Marcel Birgelen Film God Posts: 3357 From: Maastricht, Limburg, Netherlands Registered: Feb 2012 posted 04-23-2014 03:37 AM                     A NOC or any external service party should access their customer networks using something like a VPN. At the very least there should be some access lists in place that only allow traffic from certain approved ranges. Essential components in your projection chain are running on "industry standard" operating systems like some flavor of Linux and sometimes even Windows and they're no less susceptible to exploits being used by viruses, Trojans, etc. Since most vendors do not have their focus on maximizing security and you shouldn't have your focus on applying every possible patch at every possible time, it's essential to keep this stuff isolated from the plain Internet as much as possible. The same is true for other systems, like POS terminals and associated servers.  |  IP: Logged Joris Springer Film Handler Posts: 83 From: Almere, Flevoland, The Netherlands Registered: Feb 2007 posted 04-29-2014 05:28 PM                     Personally I wonder why those harsh restrictions, isn't the NTP protocol something you can control with certain ports? Isn't the DCI standard going too far in some points of view or are there some ways to avoid the DCI standard and that way still make all servers vulnerable and in a way decieve the DCI standard? I wonder why the DCI is a "holy grail"...  |  IP: Logged Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 04-29-2014 05:30 PM                        I'm frankly a bit surprised that NTP is allowed. I'm not a NTP expert but wouldn't it be possible to set up a "fake" NTP server to gradually shift the time on a server and/or projector? Which then creates it a security hole in the key system. I must be missing something.  |  IP: Logged Mark Gulbrandsen Resident Trollmaster Posts: 16657 From: Music City Registered: Jun 99 posted 04-29-2014 06:31 PM                     If you could control the UTC refrence up or down it theoretically might. It should follow what the the master clock is doing which may be the internet, a GPS locked NTP server or some goofy clock you devise that you can speed up or slow down... You still have to convert what ever clock to issue NTP protocol. Mark  |  IP: Logged Harold Hallikainen Jedi Master Film Handler Posts: 906 From: Denver, CO, USA Registered: Aug 2009 posted 04-29-2014 07:42 PM                        I believe the clock within the media block can only be moved something like 6 minutes a year, and that is enforced within the media block. That, I believe, only deals with licenses and keys. Youcan start a show anywhere within the authorized window, so the servrr can use ntp to independently keep its clock accurate for show scheduling. While my question originally mentioned TKR, our lss-100 can use http or https post to post logs to a server for analysis. This can be a server on an internal network or on the Internet, as desired by the installer. Some sample reports are here. . Harold  |  IP: Logged Kevin Tan Film Handler Posts: 8 From: Singapore Registered: Feb 2014 posted 04-30-2014 11:37 AM                     Hi Harold, I checked with the page, it is pretty cool feature~ Kevin  |  IP: Logged

All times are Central (GMT -6:00)

This topic comprises 2 pages: 1  2

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.