While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
The Free Software Foundation is promoting the march, and their "Defective By Design" site is sharing this quote from the march's organizers. Dear W3C: we demand you comply with UNESCO and international civil and political rights. Halt EME -- ensure the protection of a secure, accessible, and open web. Make ethical standards or stand on the wrong side of history.
Doctorow also says that "If there's anything good that might come of Brexit, it's that the UK will renegotiate and reevaluate its relationship to the Organisation for Economic Co-operation and Development and other directives. The UK enjoys a really interesting market position if it wants to be the only nation in the region that makes, exports, and supports DRM-breaking tools."
Click through to read some of the highlights.
"You're paying for the metal but the electronic parts technically you don't own it. They do," says Kyle Schwarting, who plants and harvests fields in southeast Nebraska... "Maybe a gasket or something you can fix, but everything else is computer controlled and so if it breaks down I'm really in a bad spot," Schwarting says. He has to call the dealer. Only dealerships have the software to make those parts work, and it costs hundreds of dollars just to get a service call. Schwarting worries about being broken down in a field, waiting for a dealer to show up with a software key.
The article points out that equipment dealers are using those expensive repair calls to offset slumping tractor sales. But it also reports that eight U.S. states, including Nebraska, Illinois and New York, are still considering bills requiring manufacturers to sell repair software, adding that after Massachusetts passed a similar lar, "car makers started selling repair software."
The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."
Click through for the rest of the story.
Tim Berners-Lee has final say over this change, according to the article, which directs callers to urge him to "keep the web free and open, rather than rescuing DRM from its slow collapse due to the complexity of fielding and supporting it without standards like those the W3C makes."
-Support for Raspberry Pi Zero.
-Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test).
The addition of vioscsi, a driver for the Google Compute Engine disk.
-Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24.
-wm(4): C2000 KX and 2.5G support; Wake On Lan support; 82575 and newer SERDES based systems now work.
-ODROID-C1 Ethernet now works.
-Numerous bug fixes and stability improvements.
NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from http://www.NetBSD.org. You can download NetBSD 7.1 from one of these mirror sites.
They're seeking statutory damages of $150,000 per infringement plus restitution of the sites' profits. So, depending on how many instances of infringement are discovered, the damages in this case could be astronomical. The studios claim the sites had more than 8 million visitors each month, nearly half of which were linked to IP addresses in the U.S... The sites are believed to be operated in Vietnam.
The court also ordered GoDaddy, VeriSign and Enom to disable all six domain names, to prevent the domains from being transferred, and to do it without communicating or warning the sites' owners first. In response, the defendants purchased a new domain, and then began publicizing it with ads on Google AdSense.
Facing a maximum of 40 years in prison, Steele could get his sentence reduced if he testifies against Hansmeier, according to the article, and "Steele appears to have pinned all of his hopes on that option... I've seen a lot of plea agreements in a lot of federal cases, and I don't recall another one that so clearly conveyed the defendant utterly surrendering and accepting everything the government demanded, all in hopes of talking his sentence down later."
"As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures."
Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.
"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."
"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."