TiVo OS being ported to OCAP?

Posted on Wednesday, January 3, 2007 by MegaZone

ZatzNotFunny has an interesting post today. Dave found a letter submitted to the FCC by the National Cable & Telecommunications Association (NCTA) which appears to indicate that TiVo is porting their software to OCAP. I don’t know if this is accurate, or if the authors of the letter misunderstand the TiVo port for Comcast & Cox, which I understand to run directly on the hardware and not within the OCAP environment.

Dave is following up with TiVo, and we’ll both be at CES next week and I’ll have some questions for TiVo, pending what Dave hears back.

Overall, the letter is an argument by the cable industry to force their crappy interfaces on all of us. It is a response to a call from CE vendors to open up the cable interfaces to allow CE vendors to produce products that interact with the cable systems – for VOD, PPV, etc – with unique interfaces, such as TiVo. What the cable industry wants is that your cable vendor downloads a OCAP application to your device, so no matter which device you use, you get their interface for their features. So no matter which device you connect, the OnDemand interface is the same. That would mean no nice TiVo interface to such things, but whatever the cable company pushes – and they’ve done such a great job on their interface design to date. I think the letter greatly exaggerates the issues. It would not be difficult to present functionality in a standardized API instead of downloadable applications. And since most CE devices are updatable, even TVs these days, if the cable industry develops a new application then the devices can be updated to support them. Not a big deal.

And this is just stupidly laughable:

Development of cable’s downloadable security would no longer be subject to non-disclosure protections which are essential to the development of effective network security, again contrary to the congressional mandate in Section 629. It should be obvious that a security system must keep certain information secret that might otherwise be used to try to break its security.

Network security is one of the things I do, and have done for a while. I did firewalls and VPN for GTE Internetworking a few years back, and spent a fair bit of time with cryptography, and every expert in the field will tell you that security through obscurity is FALSE security. Effective network security is ALWAYS developed in the open, with peer review. Systems that have been developed in closed environments include CSS on DVD and WEP on WiFi – both readily cracked. WPA on WiFi, which replaced WEP, was developed using open, peer-reviewed systems and it has not been cracked. I think I’m going to send this to Bruce Schneier, just for laughs. (I just did.) Man, every time I read that “It should be obvious” sentence it makes me laugh, obviously the person who wrote that doesn’t know jackshit about security systems. A good security system only needs to keep the keys secret – everything else is open and published, like AES. If you have to keep the workings secret to maintain security, you’ve developed a bad system.

EDIT: Literally the second I hit post, I got an email notice that Dave Zatz had updated his post. TiVo replied to him and confirmed the port to OCAP.

About MegaZone

MegaZone is the Editor of Gizmo Lovers and the chief contributor. He's been online since 1989 and active in several generations of 'social media' - mailing lists, USENet groups, web forums, and since 2003, blogging.    MegaZone has a presence on several social platforms: Google+ / Facebook / Twitter / LinkedIn / LiveJournal / Web.    You can also follow Gizmo Lovers on other sites: Blog / Google+ / Facebook / Twitter.
This entry was posted in OCAP, TiVo. Bookmark the permalink.
  • stile99

    I would suggest that the person who wrote that DOES know jackshit about security.

    The punchline is…that’s ALL he knows, but he’s writing it for people who don’t even know THAT much.

    It’s something the cable industry has been doing since day one basically. Trot out an ‘expert’ to a room full of mouth-breathers (Can we still insult elected officials in this country?) who gobble up his pablum like it was candy. His credentials are laughable at best, but since he knows more than they do (even if just barely…land of blind, one-eyed man and all that) they accept them.

  • plaidomatic

    Well, it’s true that certain things must be kept secret to preserve security: The keys.

  • plaidomatic

    Is it possible that you’re thinking of how applications like TiVo vs the cable industry will interoperate somewhat backwards?

    I haven’t read the OCAP specs, but I’ve read a couple of articles trying to get a handle on it.

    It seems that the OCAP layer and the APIs it exposes would allow the TiVo UI to interface with the underlying features provided by the hardware, and exposed by the OCAP/ACAP APIs. In systems where VOD/PPV/etc are available from the provider and supported by the hardware, an application (like TiVo) could provide UI for this as well, instead of being required to call the cable UI.

  • megazone

    There are two different issues.

    One is porting the TiVo interface to the OCAP platform. This would allow the TiVo interface to run on any device that supports OCAP applications – cable boxes, TVs, etc. That’s what seems to be happening from the letter and what TiVo confirmed to Dave.

    The other is CE devices getting access to things like OnDemand, PPV, etc. The cable industry wants to force this via OCAP. The CE devices would have to support OCAP applications. For TiVo this would mean supporting OCAP on a box like the Series3 – or 3.5, whatever supports CableCARD 2.0.

    OCAP does not provide a standard way to access things like VOD, TiVo would not be able to provide the interface. The way it works is the cable company downloads their OCAP Java-based ‘VOD’ application. Then what TiVo would have to do is call up that VOD app whenever the user selected VOD. Same thing for things like channel guides. If TiVo wanted to use the cable company provided guide data, they would have to call the OCAP guide application, etc.

    What the CE industry wants is a standardized interface to the data, NOT via OCAP applications. A standard API, or something like XML/SOAP, where the CE vendor can get the data and present it in the interface they want, then pass the requests to the cable company. Cable companies don’t want to give that control up, they want to force CE vendors to show the interface they, the cable company, use. So you’d have the same VOD interface no matter if you used a cable box, TV, or TiVo – they’d all be runnign the same OCAP VOD app.

    That’s what all the fighting is about, and the major holdup to CC2.0 – since the cable industry wants to force OCAP as part of CC2.0 and the CE industry is fighting for a new system instead.