Announcement

Collapse
No announcement yet.

GDC Server Certificate

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Also let's not forget that I believe there is a technical reason for soldering the battery on the ICP - I believe there have been many other boards which failed because the contacts on the battery was getting too weak to maintain a flow of energy. Still, as Marcel said, there must be a programme to have them replaced by the manufacturer. But, again, this is another story.

    Comment


    • #17
      LOL! I was servicing Apple 2's for a large school district in the late 70's. They were actually pretty reliable. Cinema servers are also not a consumer product, at least no consumers I know have bought any. And... this is why I have always said that smart theater operators should amortize their equipment costs off over ten years. I have replaced more early Dolby servers than any other. I think I have replaced 4 GDC servers because of bricked media bocks and that was the customers choice to do so to have the 3 year warranty, plus GDC allows a trade in credit for your old server. But as far as the ICP's goes, there is no reason that battery can not be field replaceable and the cert reloadable through the recovery program It's all DCI bull crap that it's not. Also keep in mind that large server farms in large IT rooms normally get upgraded every three years. So expect to see similar approach happen in digital cinema gear, although over a 7 to 10 year span.
      Last edited by Mark Gulbrandsen; 05-30-2020, 01:18 PM.

      Comment


      • #18
        Mark:
        You do not have permission to view this gallery.
        This gallery has 1 photos.

        Comment


        • #19
          You didn't actually make a valid point. So nothing missed.

          Comment


          • #20
            Then you missed our invalid point

            You keep comparing GDC to Apple - which I am not sure would work well for either of them - but that is not the point. And as others have pointed out, you can still dig an old iPhone first generation out and use it without the latest features of course.

            We are not here questioning whether GDC should add new features to old machines but whether they should be allowed to brick their machines via software unless a ransom is paid. That seems like a very valid point to me.

            To make a fair comparison with Apple, it would be like you turned on a 2008 MacBook Pro - with a 10.11 El Capitan OSX system - and you get an Apple message "this OS has expired, please call Apple to purchase a new one". And the only thing you can use is Clock and Calculator.

            Comment


            • #21
              For consumers, a commonly used OS or important piece of software with a hard expiration date, will end up with a class-action-lawsuit. Keep in mind that Apple settled a lawsuit regarding slowing down their older model phones with newer OS releases. This was their way of doing planned obsolescence and it pretty much backfired. Although a settlement is technical not a recognition that you "lost", them paying consumers about half a billion dollars in compensation is a clear indication they recognized some wrongdoing on their end.

              There is a difference in that most users of a GDC server or a projector with an ICP are business customers and not consumers, so, some protections do not apply to them.

              Regarding the ICP batteries, like discussed before: This is a good point for discussion too, although a bit more complicated, due to the fact that a battery doesn't have an exact kill date. Still, a non-field-replaceable battery is a doubtful implementation.

              I do indeed remember there being ICPs with the certificate battery still being replaceable, but apparently they had some reliability issues, where a bad contact in the socket caused certificates to vanish. The ICP battery design is, in my option, a bad design. You could easily implement a replaceable battery in another form-factor with another type of connector that's more reliable and give the primary battery a supercap backup that could power the volatile memory for a few hours in the absence of the primary battery.

              Comment


              • #22
                Harold of USL/QSC fame has indicated what certificate batteries of socketed form are inherently problematic (VERY low current draw can make the slightest flaw in contact due to any number of reasons, unreliable).

                Barco clearly feels a socketed battery is okay as their ICMP and their new ICP-D both use socketed batteries.

                I'd say that ICP certificate batteries expiring wouldn't be such a big deal IF the OEMs would have an exchange program at reasonable cost to change out ICPs with a fresh battery one. Barco's "buy a new one" approach is a poor customer service answer and, thus far, I have not seen a program emerge from the other OEMs. I will say that Barco's ICP-D is a significantly lower cost version of the ICP and I believe it is to be retrofittable into xenon machines, at some point.

                But yeah, I think the server certificate expiration should be a "free" fix. It should NEVER have expired in such a short time. Make them something like 25-years where you know that the unit won't have any chance of being in common use. They did something like that with the series 1 3D licenses on the TI boards. They kicked the can far enough down the road so as to render the problem essentially a non-problem.

                Comment


                • #23
                  Fame? The problem I've seen with batteries and battery holders is the use of nickle contacts. These are very poor under low current conditions. If we could get batteries with gold plated contact and battery holders with bifurcated gold plated contacts, I think we'd be a lot better off. But I have not seen them. Speaking of low current contacts, how often do you fix something by unplugging a board and plugging it back in? Same problem!

                  Certificate expiration is an interesting issue. I use Let's Encrypt for certificates for my web sites. They expire in 90 days. I have a cron job that automatically renews them before they expire. I just looked through the DCI specs and do not see anything on required certificate expiration.

                  Harold

                  Comment


                  • #24
                    Harold...a common board that needs reseating is the ICP...it has gold contacts as do the sockets it plugs into...still, depending on environment (humidity and temperature), they can become problematic at the change of seasons.

                    Comment


                    • #25
                      Originally posted by Harold Hallikainen
                      Fame?
                      You're our "royalty" here, now wear it.

                      In the end it's all just money pinching, which I could still somewhat understand for a cheap consumer board, but an ICP is sold for some serious dough and therefore my personal expectations are higher. You could easily replace those button-cell-style batteries with something better. I don't know if a rechargeable battery would make sense to increase overall life expectancy, but it feels better suited.

                      You could wrap the battery cells in a block, with a mount on the ICP. Instead of wonky nickel contacts in a wonky mounting frame, you give the pack a proper, copper connection lead and a solid connector on the board. It's done that way for other battery-backed stuff too, most RAID battery packs connect the same way. Heck, even the Dolby CAT1600 for the CP850 is a better design.

                      Regarding the 10 year expiration date: I remember some certification management software limiting certificates issued to 10 years. About 10 years back, I had a similar issue with the OpenSSL tools, where I wasn't able to create certificates that would last e.g. 25 or so years, due to some bugs.

                      There is a difference between built-in certificates and stuff like websites. The reason for the short validity of those certificates is much more of a business model of those commercial certificate authorities than anything else. Commercial certificates are usually renewed every year. Let's Encrypt is a free service and not only is it easier to retract certificates for "bad actors" by simply not renewing them, the short validity gives them the opportunity to purge non-used certificates.

                      For equipment, such an auto-renewal comes with additional issues. First of all it requires a working internet connection and companies have the tendency to go out of business or simply terminate services they don't see as essential anymore.

                      Comment


                      • #26
                        a common board that needs reseating is the ICP...it has gold contacts as do the sockets it plugs into...still, depending on environment (humidity and temperature), they can become problematic at the change of seasons.
                        You answered your own statement right at the end. Change of seasons cause not only on screen shifts as buildings expand and contract, but they do the exact same thing r=to edge connectors, especially ridiculously large ones like on the ICP. Gold does not oxidize, tarnish or inhibit contact in any way by itself. So a simple reseat so all contacts are perfectly aligned is usually all that's needed. You are not doing anything to the gold by applying deoxit to them. I first saw this in the early Chyron titling equipment where they had boards so large it made the ICP look like an infant. A smple reseating always fixed it for three to four months. And it was noted by another tech back then that hey1 It's related to the change of seasons...

                        Comment


                        • #27
                          Media blocks have all sorts of battery packages. Yes, occasionally, they do lose certs - but manufacturers do reserialize them. The problem is, so far, no one seems to bother about reserializing ICPs. In comparison to a media block, I also think reserializing an ICP is a less security critical thing, so, the three OEMs could probably do it, it wouldn't need to be TI.

                          Comment


                          • #28
                            Originally posted by Steve Guttag
                            Barco clearly feels a socketed battery is okay as their ICMP and their new ICP-D both use socketed batteries.
                            GDC takes a sensible approach with the SX-3000 and 4000, I think - they use the Tadiran pill batteries with pins as the contacts, that insert into holes in the battery holder, and then a clamping bar screwed on top of them, to hold them down. The only gotcha is that you have to be really careful when removing the bar, because the top of the battery can stick to it, and you can end up pulling both batteries out, stuck to the bar, if you don't hold the batteries with your fingers before pulling the bar away after unscrewing it. Obviously if that happens, the IMS is buggered.

                            But as long as you don't let that trip you up, the GDC design is a good way of making the batteries field replaceable, but more reliable than if they were just held in place by a spring clip.

                            Comment


                            • #29
                              I'm glad they have a workable solution! Are the contacts gold?

                              Comment


                              • #30
                                Gold is for beginners, real contacts are made from iridium or osmium... or gold pressed latinum.

                                The engineer in me still can't really comprehend that we have our DCI equipment littered with booby-traps that are more unstable than a Russian RBMK reactor, just to hide a few bytes away. There must be better solutions for this, not involving purposely crappy DRAM that needs to be constantly powered and refreshed. Maybe we should look at the likes of Apple and how they protected their iPhone. Apparently, the collective force of the FBI and NSA is powerless against their way of hiding private keys away.

                                Comment

                                Working...
                                X