Slashdot Mirror
New RedHat Kernel Patch Illegal to Explain to U.S. Users
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
But sound doesnt travel in the land. Nor does... electricity, radio waves, or, come to think of it anything. Jeez, what a rip.
loply.com
I would comment on the stuff posted on theFreeWorld.net, but after reading their disclaimer, I was afraid to continue in the site.
Repeat after me:
I will NOT vote for anyone that voted for DMCA.
Um, whose name is at the bottom of the DMCA? I'm pretty sure it's not Bush's. Want a high comment score on Slashdot? Bash Bush.
To quote the article:
...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...
Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...
People who have witty things here blow.
-- LEGALESE --
PLEASE READ FIRST.
Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.
Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.
This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.
There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.
NO WARRANTY
BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
-- END LEGALESE --
Security Holes Fixed In Linux 2.4.19
None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.
- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory
- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present
- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present
- The
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption
- By setting the TF flag a carefully constructed binary could hang
the kernel dead
- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit
- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur
- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)
- The rt_cache_proc file could be tricked into returning chunks of
kernel data.
- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.
- Multiple
due to a sanity checking bug in the proc file handlers
- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions
We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.
Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in
affected as it lacks PnPBIOS support
Credits
The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.
-- Additional Required Patch --
diff -u --new-file --recursive --exclude-from
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;
@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;
__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));
+
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])
So that it will be illegal to explain to someone why it's illegal to explain to someone why it's illegal to...
You see? You see? Your stupid minds! Stupid! Stupid!
that somebody is gonna post the whole text of it here on slashdot and that I'm gonna see a blank DMCA WAS HERE page when I load up my homepage.
you can bypass that scary disclaimer and read all that hidden information here (reg. req'd, blah blah) :)
Satanists get good grades too...suspiciously good grades
Soon the US will be like China. Anyone want to make 50 cents a day to program Microsoft software? :)
Atto
I didn't use the preview button, so get over it!!!!
Mike
Yes, ofcourse, but you may not be able to fathom out what the patch does from the source. A security fix which prevents a buffer overflow could be as simple as adding or removing a typecast, which, if the kernel coders themselves didnt realise could be a security issue - Most Joe User's wont notice either... :(
Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.
loply.com
Anything you say can and will be held against you in a court of law.
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.
Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)
Just my $.02
I'm a little tea pot.
Dosent seem too unlikely considering the chaps at the top
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
It really looks that the DMCA induce so much fear that people start to censure themself.
The media corporation must be really happy yo see this.
I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
Next we are going to find out that all US Citizens have been placed on Double Secret Probation!
except if you used some ludicrously tortured logic.
Earth to 91degrees. Come in 91degrees. The only logic your US polititions use is ludicrously tortured. Earth out.
Ok, so Red Hat can't tell us what the patch is about... but from what I've read so far, I understand that its regarding security, and therefore, informing me about the security problem is illegal under the DMCA, because "it could be used to circumvent a digital copyright mechanism". (the computer)
But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?
I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.
Skiers and Riders -- http://www.snowjournal.com
They are posting information about ways to break the security of Linux. That sounds an awful lot like a DMCA violation under the same parts that were used to threaten Professor Felten, and indict Skylarov. The only difference is that Linux is not an asset of the entertainment industries....
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.
...begins in wonder
Registrant:
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01
Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600
So, is your point that there is only one stupid/bent judge in the system or that there is no one who would have a vested interest in having RedHat slapped for breaking a stupid law? In either case, you're wrong.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
We need a website that shows all the people that voted yes for the DMCA. So it will be easy to vote this November.
atto
I didn't use the preview button, so get over it!!!!
Mike
You're right. The signature at the bottom of the DMCA is:
(signed) All American Citizens
In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
1. I wonder if any lawyer can make a lawsuit out of this. If they do, they must have read "The Thing", and thus can be jailed. Why a lawsuit? I don't know, but lawsuits in the US seem to be the only way to say something or prove it.
:)
2. I'm sure RedHat folks will be called terrorists. After all, the "Red" in the Hat (and the fact that they are Kernel HACKERS) says it all...
smile, it's fun
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?
I've got a fever and the only prescription is more COBOL.
I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.
It's like this:
I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!
Apparently RH is respecting the copyright of the people who discovered the flaws and chose to license the text under the "TheFreeWorld" blanket to prevent the authors from being accused of distributing potentially infringing documentation in the US. Read the article at The Register, it is almost as poorly written as this post but according to this excerpt:
The document has been copyrighted, and the authors have chosen to restrict its distribution, and to use Thefreeworld.net licence as the mechanism for doing so. Note that it is the copyright, rather than fear of the DMCA, that has forced Red Hat to join in.
RH is only doing this to protect the authors who for whatever reason chose to copyright the document. Possibly the wish to make a point as well concerning the idiocy of the DMCA.
What if someone forces you to read it?
:-)
You know, this could be used to "frame" someone;
Print it out (don't look at it!), then, when your victim least expects it - pull it up and say "read"!
Go to the nearest police station and say that you captured a "terrorist".
Lucky me, I live in sweeeeeden..
Thankfully, I'm in Canada and not bound by retarded US laws. /. is, though, so I'm not gonna post verbatin what the patch is.
The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.
If you believe everything you read, you'd better not read. - Japanese proverb
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind. ;)
UNIX? They're not even circumcised! Savages!
Who actually reads the fine print when they download something or access a web site???
...turn over my first born... missing appendages...soul....I am willing to bet a couple of people have clicked yes to this! poor dudes.
prOn sites: The button that says I am under 18 get me outta here! Who would ever click this button???
Micro$oft Eula:
and now we have...
Redhat: Don't click on the button if you are not a U.S Citi.... Click!
From excellent karma to terible karma with a single +5 funny post...
In case you don't know it, we will be getting something similar to the DMCA in Europe soon :(
You can read more here.
Posting this in the US would not be a violation of the DMCA except if you used some ludicrously tortured logic.
Tell that to Skylarov, who wrote a program that was mandatory in Russia under Russian law, and who found himself in jail in the US under the DMCA. It doesn't matter if he wins in the end, or isn't even allowed back in or whatever. He's totally innocent, has nothing to do with the US and shouldn't have been treated like that.
You can make up any BS laws you want for yourselves over there, but totally innocent people who have nothing to do with the US end up in jail because of them. I think the thefreeworld.net site is a brilliant idea.
If there's even the tiniest chance that some information posted could be illegal under some strange law of a country you have nothing to do with (and this security info certainly could be), and they're known to get (innocent, foreign, never been to the US) people jailed over this stupid law, then the prudent thing to do is post that info only on sites like this.
Unfortunately, given how few people in the US even know their own laws, it's practically impossible for people in Russia, Norway etc to be aware of all the weird quirks in US law, and they don't even know they should be aware of them. And people from those countries were still jailed for doing something perfectly legal. The US is a threat.
I'm sorry for ranting, mod me a troll or something, I can get real angry over stuff like this.
I believe posters are recognized by their sig. So I made one.
Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.
I agree. The DMCA should be updated to disallow any patching of security holes what-so-ever.
It doesn't matter if the law will totally discourage effective security measures by outlawing any discussion or implementation of flaws or improvements. As long as we have the DMCA to protect us, any attempted security measure is good enough even if it's just some text on a screen that say "don't look here under penalty of the DMCA". Of course we'll need to gouge out your eyes as potential copyright circumvention devices, but that's a small price to pay to guarantee our security, our safety, and our liberty.
My next sig will be ready soon, but friends can beat the rush!
here is the time to have a true "world company"
let's base debian in antarctica...
Ok, this looks to me to be the same as any other patch documentation. My impression is that the reasons it's illegal are the same sections and logic used to indight Skylarov. If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?
Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.
Science may someday discover what faith has always known.
http://www.dfc.org/dfc1/Active_Issues/graphic/grap hic.html
passed Senate by Unanimous Consent
(similar to voice vote in House)
passed House by Voice Vote
Eve Fairbanks says I drive a hybrid!LOL
There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.
Doing it like this is just prudent. Why should someone from Europe have to know all the details of US law, weigh the chances of it being a violation, when non-US people have already gone to jail over it and there's the option of not distributing it to Americans in the first place?
I believe posters are recognized by their sig. So I made one.
that makes it illegal to release the information to US citizens. The patch code was written entirely by non US citizens outside of the US borders. In order to prevent the possible prosecution by the US government, ala Skylarov, they released under license terms that forbid divulging information about it.
*Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*
Now, let's do a little deductive work here while we're about it, shall we?
This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?
Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?
I'll give you three guesses, but if you don't get it in one you haven't been paying attention.
KFG
Thus, it gives you information you can use to break into these systems, bypassing their "rights management". More info in the thread from last year here.
The point isn't even that anyone would be charged under the DMCA, but that under the language of the law, they could be. The underlying point is that disclosing security vulnerabilities and keeping current with their announcements are extremely common activities for any security professional doing his/her job.
That said, the whole exercise seems a bit lame and the article more or less says that straight out after leading in with a bit of sarcasm. It's not even the dumbest part of this law, but that's another story already beaten to death on /.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
You can honestly say that? My elected officials will pay attention to me only during election season, and I'm not supposed to complain? Screw that. Democracy only works if you don't pay attention to what happens. We have the DMCA, the Patriot Act, corporate tax breaks out the wazoo, and politicians who are essentially puppets for the companies who paid to have them elected. You're right, I shouldn't complain.
Ding! This is the correct answer. Yes, telling people about security holes is a DMCA violation under every interpretation of the law that I've seen (other than the cursory, "it only covers copying mp3s d00d!")
Please mod up the parent.
2002: New RedHat Kernel Patch Illegal to Explain to U.S. Users
2012: New RedHat Kernel Illegal to Explain to U.S. Users
2022: Engineering Illegal to Explain to U.S. Users
Opus: the Swiss army knife of audio codec
yes, it did happen once. IIRC, he found (or was told of) a bug in filesystem permissions that allowed someone outside a uid/gid to gain access to a file.
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
One of the falsehoods taught about US Government in our own schools is that its a "democracy", when in fact, it isn't. The US Government is a "representative republic". We elect people to do our dirty work for us... there's no law that says our elected officials have to listen to us, but the pressure of re-election keeps 'em tuned in to the opinions and concerns of their constituents.
So, when the election comes around in the near future, DON'T VOTE FOR ANYBODY CURRENTLY IN THE CONGRESS!! This is how we as a people communicate our discontent with the actions of our current Congress. Honestly, if we keep voting these same losers into the congress, but dislike the laws they make, then we're weak as a people and deserve to have our freedoms impounded for being complacent. Freedom is a privelage that requires maintenance.
(First order of business, challenge the DMCA)
Skiers and Riders -- http://www.snowjournal.com
I LIVE IN THE US: Salt Lake City, Utah. Come get me. Muwahahaha!
One future, two choices. Oppose them or let them destroy us.
Don't you know how the U.S. legal system works? Let me explain:
If I spank my kid in public, the DA (District Attorney) will go back to my H.S. classmates and former employers and show that I generally disrespect authority, maybe was a bully, have a short temper, and that the incident was the latest in a string of inhumane behavior and child abuse that dates back at least 10 years.
My defense attorney, will argue that I was never disciplined for any such actions, never in a fight that is on record, and never visited by the local Social Worker (Except for our first child, which came before we were married - and is std procedure). I currently am active in my childrens lives, have defied 'conventional wisdom' by marrying my 'HS swetheart', having a kid before we were married, and staying married 8 years and having 2 more kids. S/He would also pull in a shrink to counter any past 'anger' issues due to the fact that my mom wasn't "all there".
All for what really was a spanking. (No, this didn't happen to me, but WI has tried to jail teen fathers - who try to do the right thing and be a father - for rape. So it's not impossible.)
The DMCA exists because lawmakers were convinced that the economy was going to fall because of piracy and free-flowing information. The only way to combat this in the U.S. is NOT by being rational - it's by meeting and exceeding the original irrational ideas, in an opposite way, that brought this beast into existance in the first place.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I think DMCA is good example of how U. S. will loose its domination.
By restricting anything which may compromise poorly designed products U. S. will slightly stop any significant research and development, so as americans have to buy Japan electronics, they will have to buy encryption technology from Europe, communications equipment from Israel and software from Eastern Europe and Russia.
More laws will emerge to prevent techology companies moving out, restricting U. S. citizens to work abroad. Canada will have to require visas from americans, because they will seek asylum in there. British and Canadian controls will be set on american international airports to prevent asylum seekers to enter both countries. Amnesty International will be terminated and reopened in Paris.
Military power will be supplied by foreign components and foes will know their weaknesses better than U. S. The more 9/11 will arrive and U. S. will try to respond with military actions. U. N. will become angry about it.
Americans will still fly to space, but only to repair ISS or put in new communication equipment for Japan/Europe corporations. I am really looking forward to Intel HQ and R&D in Europe or Canada, while moving production plants to U. S., rather than Mexico, because of workforce price.
Japan will legally buy Hawaii. Russia with Japan will be complaining about american fishermen overcoming legally agreed quotas on fish in northern Pacific.
Networks of other countries will have the similar border with U. S. like China has with whole world - just because no one using any data tramsmission could not be sure if it will not be attacked by legal (in U. S.) attack at the network.
Why? Because few people wanted to keep high margins on movies...
--
paja
One of the prime rules of administering a system is to never destabilize it. I have great respect for Red Hat, and use their systems every day, but whatever this patch does, I will not apply it until I understand what effect it is going to have on my systems.
I suppose I could (and really SHOULD) look at the source and figure it out from there, but given the fact that time is a scarce resource, it will be lower on my priority list than the other problems that are more readily apparent to me.
That means that the DMCA is actually contributing to the destabilization of the systems I am responsible for. Makes me wonder just who is being protected here in the land of "free speech" and home of the brave.
We do value the ideas of Democracy, but we are a Republic. A Republic is just a little bit different then a Democracy. For instance, we do vote for the men and women that represent us in our nation's capital.
However, the laws that they create do not necesarily represent the views of their constituents. If that was the case, then every American Citizen would have the right to vote on the creation of laws such as the DMCA.
Our Republic is a popularity contest regarding who ends up in office. This popularity contest is run in front of a back-drop of "parties" which are supposed to represent the basic views of the person running for that office.
In the Republic of the United States, true Democracy only exists in the local arena (School Millage Hikes/Cuts, local ordinances and such) and sometimes shows its face in state elections when public acts are put up for citizen review.
If we lived in a true Democracy, I personally believe that the citizenry would have destroyed the Constitution many years ago by creating laws that limit the freedoms and liberties that our Republic currently partially protects. The trouble is that our representatives have forgotten that and so have the citizens that voted them in. If they were to remember what our form of government really is and change some of their ways, we can once again move forward with our great experiment.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
You're being silly here. None of this is going to happen, because other countries are considering, or have already enacted, laws just as bad, if not worse than, the DMCA. Check out the information on the EU directive known as the European Union Copyright Directive, or the Digital Agenda Act, which is Australia's answer to the DMCA. The DMCA is on shaky constitutional grounds in the US, is the act your country going to pass be?
Marxism is the opiate of dumbasses
Sticking feathers up your butt does not make you a chicken - Tyler Durden
You are incorrect. A *patch* for GPLed software may be released under any license the author desires. This is what allows propriatary binary only hardware support, as well as providing functionality for such software as might otherwise violate the DMCA, such as DVD players.
/.
The *patch* is the work of the author and has nothing to do with the code otherwise under the GPL. You're thinking along the MS lines that the GPL is somehow a "virus" that infects your propriatary code. Stop it.
You also seem to be laboring under some sort of misconception that the GPL somehow can confer legality/illegality. It's perfectly possible to write GPLed code under one jurisdiction that may be illegal under another and thus may be freely distributable in, say, the US, but not in, say, China. Or in this case China, but not the US.
The licese has been posted here on
Read it and think about it.
KFG
Or so I guess, since I can't read it.
Err, I don't think you can release a patch for GPL software (ie, Linux) under a non-GPL license.
The patch itself is perfectly legal, and GPL licensed, and downloadable by anyone, etc.
The documentation accompanying the patch, that explains what security holes were closed, is licensed so as to be undistributable to people in the US jurisdiction. This is because the act of distributing this info is illegal under the DCMA.
I believe posters are recognized by their sig. So I made one.
Massachusetts rejected this crap. So, maybe all of us should follow suit. Redhat should ignore it, or
use a Massachusetts based location ot get it out.
Digital Copyright
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
Begin obligitory karma whoring. that is the website for the people who vote on what bills, and this is specifically for the DMCA
"Martha Stewart can lick my Scrotum......do i have a scrotum?" -- Sharon Osbourne
The issues discussed in the patch notice are pretty mundane, and it took me quite some time to figure out what the hell the problem with the DMCA might be. I'm still not sure.
The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)
But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.
I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?
I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.
Always keep a sapphire in your mind
Chapter 12, section 1201 of the DMCA. "(c) Other Rights, Etc., Not Affected. - (4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. " You can talk about it. You can read it. You can even post it. Bob & Tom can read the Redhat patch description over the radio. This looks to be in direct conflict with b1, also in section 1201: "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - " U.S. congress is prohibited from passing the latter into law, it being in direct conflict with the first amendment. Remove the word 'technology' and it's probably okay. If 'technology' means descriptions as well as boxes with pretty lights and buttons. First amendment of the American constitution includes: "Congress shall make no law ... abridging the freedom of speech, or of the press ... "
A Google search for "DMCA first amendment" and "bill of rights" will get you where you need to go if you think I've taken something out of context.
Apologies for the length; brevity is not the soul of law. Legal experts, I'll be interested to hear why I've incorrectly interpreted this rare clear use of English in legislation.
Yes, but am I responsible for the actions of a president I most emphatically did not elect, whom many would say was not legitimately elected at all but sits in the Oval Office nonetheless? Am I responsible for the actions of some senator from North Carolina or Texas (I'm in Massachusetts) who is the chair of some committee that exercises extra-Constitutional power to affect what bills even get seen by the full legislature? Am I responsible for the actions of some unelected official even though their rules and regulations only have the force of law because Congress improperly abdicated their legislative authority when they created some bureau fifty years ago?
No, no, and no. I can and do vote for a mere handful of representatives, whose roles have become so diluted by the above factors that voting is purely an act of principle untinged by practical effect. To say that people in general are responsible for outcomes that people in general can affect so little is ridiculous.
Slashdot - News for Herds. Stuff that Splatters.
Next time, actually read the law. The DMCA is VERY broad. Sounds to me like your extent of reading on it was the name, and not the contents of the act itself.
The DMCA makes it illegal to publish any sort of information that provides data relating to any sort of bug that could be potentially exploited. This was, IMHO, added to prevent people from writing applications that would allow individuals to circumvent applications that where protecting copywrited materials, but it's all in the wording.
-- I'm the root of all that's evil, but you can call me cookie..
Seriously, how do people defend Bush? Clinton was a crappy president in a lot of ways (DMCA, weapons treaties, etc) and so is Bush.
You do realise that your country is holding people prisoner in Cuba in violation of the Geneva Convention on the treatment of Prisoners of War (and don't be nice to them!), right? And that your country has decided that doing something about the Greenhouse Effect is too expensive? Or that letting other countries try your soldiers on war crimes is too hard? And that getting rid of weapons of mass destruction is good, unless they're yours
Not that my country is innocent; Little Johnny locks up kids in the desert and uses the navy to storm refugee ships and then pays other countries to take the refugees of our hands.
Young man, there's a need to feel down
I said, young man, throw yourself on the ground
I said, young man, 'cause your in a new town
There's a need to be unhappy
Young man, there's a place you can go
I said, young man, when you're short on your rights
You can stay there, and I'm sure you will find
Many ways to have a good time.
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
They have everything For old men to enjoy.
They can hang out with all you boys.
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
You can't get yourself clean
You can't have a good meal (because it likely contains DNA that created a plant that fuels you so you can talk... and say anything... and thats information that they don't want you to share)
They can do whatever they feel.
Cong' man, Are you listening to me
I said, cong' man, what do you want to be
I said, cong' man, you can make go away your rights,
all you've got to do is this one thing.
No man, does it all by himself
I said, every man, put your life on the shelf
And just break that, its the D.M.C.A.
I'm sure you can break that today
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the Y.M.C.A.
You have everything for old men to enjoy.
They can hang out with all you boys.
Cong' Man, I once filled your shoes,
I said, I'm not down with the you's
I felt, no man cared if I were alive
I felt the whole world was so jive
That's when someone came up to me
and said young man take a walk up 1600 pen 'reet
There's a thing there called the D.M.C.A.
They can start you'r ass on it's way.
D.M.C.A.
just go to the J.A.I.L.
Cong' Man, Cong' Man, I once filled your shoes,
Cong' Man, Cong' Man, Now it's out with all yous
D.M.C.A.
D.M.C.A.
D.M.C.A.
D.M.C.A.
Please use [ informative / summarizing ] SUBJECT LINES
Flame me here
¦ ©® ±
I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".
First of all, DeCSS is illegal under the DMCA, it has nothing to do with the judge being stupid or the MPAA being smart. The whole purpose of DeCSS is to circumvent CSS, which is a protection mechanism. That's not it's primary purpose, or even it's secondary purpose; that is it's only purpose. Since that is specifically what the DMCA was crafted to make illegal, I don't see how anyone who isn't completely ignorant can say that DeCSS doesn't violate the DMCA.
Furthermore, the judge was not stupid at all, he was corrupt, which is a different thing entirely. He was one of the authors of the DMCA, and as such the ethical thing for him to do would have been to pass the case on to another judge due to his obvious conflict of interest. However, he knows that law as well as anyone does, and he is certainly capable of spotting a blatant violation of it, which DeCSS is, on his own.
The only question in the case was whether the source code to DeCSS was criminal under the DMCA or protected speech under the First Amendment. This is where Kaplan's corruption took hold, and he declared that the functional use of the code took precedence over it's educational or informative value.
Under capitalism man exploits man. Under communism it's the other way around.
to trick someone who isn't free to believe he is, than it is to trick someone who is free into believing he isn't.
Think about it.
But then it actually happened in Real Life. Lawyers at HP saw how DMCA could be abused to prevent discussion about vulnerabilities, they used it to bully. Most people wouldn't have believed it six months ago, but nowdays, thanks to HP, we know that it really is plausible that DMCA could be used by someone to attack Red Hat for discussing a security problem. It's not just theoretical. It's not just paranoia. It actually happened.
So it's more than just a stunt; it's also a ridiculous but legitimate ass-covering, made necessary by a ridiculous law.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If I read all of this right, it appears that the discoverers of the bug copyrighted their white paper in a way that prohibited distribution to anyone in the US. Thereby allowing them to invoke the DMCA if they so choose. As the register article points out, Red Hat was forced to go along with this because the authors of the bug whitepaper wanted to prove a point. With all of the real issues (Here & here) surrounding the DMCA, why are we even wasting our time with this?
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.
A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.
Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.
Consider the options:
1. Live under the DMCA. Linux developers, who live all around the globe, start snubbing US Citizens because of DMCA fears (mostly legitimate). So as a US Citizen, you don't really have an open source O/S anymore -- no one is sharing source or info with you!
Result: You have a Microsoft-like "Patch and Pray" situation developing. You don't know what the patches do, or whether you want or need them. You're a mushroom -- you're kept in the dark and fed bullshit. LOVELY. Switch to FreeBSD. Or maybe OpenBSD. Whatever.
2. You get fed up with the DMCA and move elsewhere, in hopes of finding a new country whose intellectual environment is supposedly more open and accessible. I don't personally endorse this (I love NY) but hell, it might be ok for people less attached to their environs.
Result: You're surrounded by people who despise George W. Bush and see you as their personal GWBush voodoo doll. So they harangue and harass you about every screwed up thing the U.S. does as if you personally ordered it. Everyone hates you. You can't walk twenty feet down the street without some French psycho grabbing your collar and screaming at you for being "imperialist scum" (or whatever the current anti-US epithet is, I can't keep track). As soon as word gets out that an American lives nearby, terrorists swoop in and cut off your head, if you haven't killed yourself from depression already. No one cries at your funeral, and the stonecarver deliberately misspells your name.
Not really an option. I'd say maybe Canada, but even they don't like us anymore. I have a friend living in the Far East, but then, some people got their heads cut off over there recently, so that's out. Ok...
3. Become an activist and protest the DMCA, start political rallies, support the green party, etc. Raise all kinds of hell in hopes of altering the status quo.
Result: with the FBI's newly restored powers (they've recently gotten back the powers stripped from them after Watergate, in case you haven't heard) they identify you as a rabble rouser, anti-American whatsis, etc and so forth, and you get busted for every possible thing you could get busted for right down to jaywalking. We're talking the total Abbie Hoffman treatment. Eventually you go into hiding or get so depressed you kill yourself (or some CIA spook helps you kill yourself, either way).
FACE IT, CHUMS! I've already resigned myself to it. I am doomed. I fully understand this. So, the hell with it. I'll stay right where I am, where at least my neighbors like me. Maybe I'll get stuck with Palladium, maybe I'll get stuck with the DMCA. Fuck it. There's FUCK-ALL I can do about it anyway.
And, if people won't tell me what kernel patches do, if they snub me for things that are totally out of my control, well, screw it. I'll switch to BSD. Or maybe something else. Adapt, improvise, overcome.
One thing's for certain: I'm not travelling ourside our borders ever again. NOBODY likes us. EVERYONE hates us. Time to stay home and fire up the Playstation!
Farewell! It's been a fine buncha years!
That's where the problem is. Most of the major players involved in some way with the DMCA are in favor of it, most of it's opponents don't have the resources to fight them.
Sure, there are plenty of other wealthy people/corportations who COULD help in the fight, but there's no reason for them to do so. Why help out people like us at their expense, unless they're helping themselves too?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
How does Massachusetts get around the National Supremacy clause of the US Constitution? That'd be a good trick.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I can understand that people may be worried about publishing kernel patches, but careful reading of the above makes it very clear that these do not violate the DMCA, even if they inadvertantly or implicitly reveal information that could be used to defeat copyright protection. The reason is simply that this is not the primary design and purpose of the information. Rather, the information is designed to extend and improve the functionality of the Linux kernel.
Contrast this with the Sklyarov case, where the primary purpose of the information and technology he presented was to defeat copyright protection. The situations are completely different.
I can't blame Europeans for being excessively cautious with regard to American law, but they could consult with a lawyer and be reassured. My opinion is that this is really a political statement, and that they are being disingenuous in claiming to be afraid of prosecution.
This is really stupid and childish. I'll be the first to condemn the DMCA (after my own legal troubles with it), but this is not the way to go about it.
Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.
What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.
The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)
The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.
Linux does not provide DMCA type copy protection -- PERIOD
YES, IT DOES -- PERIOD
Assuming you have a file named "copyrighted_file", which contains copyrighted text, the following command:
$ chmod 600 copyrighted_file.txt
will "effectively" prevent access to it by the system - this is all that's required under the DMCA to qualify as a "technological measure", as per section 1201-3:
(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
In layspeak: if something stops you from looking at something without someone's permission, then it 'effectively controls access'.
This is the main purpose of the +r bit in file permissions.
Although the bill was passed unanimously, the names of eleven sponsors are listed by thomas.loc.gov
0 22 81:|TOM:/bss/d105query.html|
2 03 7:
The house bill, HR 2281, was sponsored by Howard Coble and had nine cosponsors:
Rep Berman, Howard L. 2/11/1998
Rep Bono, Mary 6/5/1998
Rep Bono, Sonny 9/26/1997
Rep Conyers, John, Jr. 7/29/1997
Rep Frank, Barney 7/29/1997
Rep Hyde, Henry J. 7/29/1997
Rep McCollum, Bill 1/27/1998
Rep Paxon, Bill 6/5/1998
Rep Pickering, Charles 6/22/1998
The senate bill was S. 2037 and was sponsored by Orrin Hatch.
Bill summaries can be found at:
http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR
http://thomas.loc.gov/cgi-bin/bdquery/z?d105:S.
No one here or in the referenced links has backed up the claim that DMCA would apply to publishing these kernel patches, using quotes from the DMCA itself. Why do you suppose this is?
And more importantly, why are so many people willing to accept these claims without any proof or even any evidence?
Readers need to think for themselves, and not just accept what people tell them. It's all too easy to swallow unsupported claims which fit into our preconceptions. But in fact those are the ones for which it is most important to check the facts, simply because they are the ones where we are most likely to make mistakes.
See my earlier post for evidence that the DMCA does not apply to publishing kernel source. I quote from the text of the DMCA itself, and link back to the rest of it.
Shouldn't a position that has evidence behind it be more believable than one which is offered without any backing at all? Pay attention to your own thought processes as you consider the new information I am presenting here. Think about whether you are being objective and open to new ideas, even when they contradict your prejudices.
Thinking for yourself is hard work, harder than letting other people think for you. But if you can get yourself to do it, eventually you'll find that it's a hard habit to break.
I found the dates that the DMCA was introduced and what not, and near the bottom it mentions that there was a voice vote. Now if this is the actual vote by the Senate on the bill or not, its hard to say, as I don't understand it much, but I did not see any other links or anything that described a roll call, or any sort of formal vote..
Here is where I was looking at.
The Green Party is also a good choice for a party that is against corporate welfare legislation. That's pretty much the core focus of their party platform, though it's more oriented towards enviromental concerns.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If a security document describing flaws in the kernel is a violation of the DMCA, than surely any coments in the source code of any Open Source product are also in violation (I guess that means my code is safe! *grin*)!
/bin/cat... HA! It's now a tool to circumvent copy protection, don't let it run with root privs! And don't forget to change chmod so it can't clear bits... the DMCA doesn't specify that *YOU* may circumvent your own protection!!!
Further, since the DMCA doesn't specify that the language must be English, the source code itself might well be in violation. Say goodbye to utilities like crack (and thus cracklib), or port-scanners. In fact, you might choose to view the contents of a protected file with
Hmmmm, now what big organization hates open-source, and would benefit the most from having it declared illegal.... what giant mega-corp would be happy to have security notifications disallowed.... hmmmmm....
This does actually go beyond Alan Cox making a point, he really does have to worry about releasing patches giving circumvention information in the US.
Consider the following:
Assume Microsoft Palladium has shipped.
Assume a major remote exploit bug/hole allowing one to bypass the "trusted computing environment" is discovered in this new OS.
Assume the steps required to reproduce the bug allow one to bypass the DRM built into the OS.
If you posted either an exploit or a description of the bug you could be charged with violating the anti-circumvention section of the DMCA.
Now assume someone has a "trusted computing" patch for linux that uses digital signatures for security. Remember this can also be used for DRM.
Bug allowing trusted computing subsystem to be bypassed is found.
Someone posts patch for this bug, by it's very nature the patch contains enough information to exploit the hole.
This also would be violating the anti-circumvention provisions of the DMCA.
If you think perhaps this is an overly broad reading of the law and nobody would really ever be prosecuted for violating the DMCA in this way. Remember DAs who have decided a perp is evil and must be guilty of something will find something to nail you on. Usually a law with overly broad language that was aimed at an entirely different problem. Some favorites are RICO, federal wire-fraud statutes, tax evasion, anti-conspiracy statues, computer crime laws, and coming soon to a courtroom near you the DMCA.
Happy Fun Ball is for external use only.
I can understand that Cox wouldn't want to be skyleroved.. Yes he works for RedHat and RedHat is a US company.... All the more reason to be worried about being made a 'test case'.
It's one thing to cry 'paranoid'. It's another to be told by your lawyer that, should you take what you consider to be a completely reasonable and prudent action, you run the risk of:
- Being arrested and possibly held without bail (risk of flight as a foreign national).
- havin your trip schedule completely messed up.
- being denied access to your primary employer's home state
- having to defend yourself against criminal charges (even if you're found innocent, it could cost you hundreds of thousands of dollars).
- If found guilty, you could end up in jail for years.
Remember: We already have Skylerov as example of having this happen to a foreign national.Given a choice between this, and making a political statement about the stupidity of this law by simply obeying it, what would you do? If you had a family to support, would this change your decision?
Free Software: Like love, it grows best when given away.
Yes, I live in the US. Do you have any examples?
I'm claiming that this scenario would surely require more than just a misunderstanding of technology, but also a serious misunderstanding of the DMCA.
In any case, the fact that technology is misunderstood in the courts is all the more reason to avoid being alarmist and confusing in how we (as people who DO understand technology) portray the DMCA. Do you think it helps anyone's understanding of technology for Cox to be claiming that sercurity holes have something to do technological measures for controlling access to copyrighted works?