Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel's ME May Be Massively Infringing on Minix3's Free Software License (ipwatchdog.com)

Posted by ryuzaki0 on from the secret-software dept.

Software engineer (and IP Watchdog contributor) Fredrik Ohrstrom (a.k.a. Slashdot reader anjara) writes: Almost all Free Software licenses (BSD, MIT, GPL...) require some sort of legal notice (legal attribution) given to the recipient of the software, both when the software is distributed in source and in binary forms. The legal notice usually contains the copyright holder's name and the license text. This means that it's not possible to hide and keep secret the existence of Free Software that you have stuck into your product that you distribute. If you do so, then you are not complying with the Free Software license and you are committing a copyright infringement!

This is exactly what Intel seems to have done with the Intel ME. The Minix3 operating system license requires a legal notice, but so far it seems like Intel has not given the necessary legal notices. (Probably because they want to keep the inside of the ME secret.) Thus not only is Minix3 the most installed OS on our recent x86 CPUs -- but it might also the most pirated OS on our recent x86 CPUs!

22 of 251 comments (clear)

  1. Do you think they care? by Anonymous Coward · · Score: 4, Insightful

    They're a corporation.

    Lol.

    1. Re:Do you think they care? by NoNonAlphaCharsHere · · Score: 4, Insightful

      Corporationsare people, too, my friend. Thieving, evil, soulless people.

    2. Re:Do you think they care? by gweihir · · Score: 4, Insightful

      So jail them all? Not that I would be opposed...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re: Do you think they care? by Z00L00K · · Score: 5, Interesting

      No, just force them to give everyone access to the ME and also how to disable it.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:Do you think they care? by Bruce+Perens · · Score: 3, Insightful

      ME is turning into a colossal dumpster fire.

      You have a point. This is really just another soiled mattress in the dumpster. With used hypos stuck in it.

      --
      Bruce Perens.
    5. Re:Do you think they care? by thsths · · Score: 5, Insightful

      No, corporate employees are not usually evil. The secret of a commercial organisation is to diffuse responsibility, so that you can perform evil actions with non-evil employees. Everybody things they are doing the right thing, just following procedures etc, but the end result is often evil.

    6. Re: Do you think they care? by AmiMoJo · · Score: 3, Informative

      There isn't actually all that much they can do other than demand that every Intel CPU owner gets a copy of the copyright message. Minix was released under a BSD licence so Intel don't have to publish any changes or give up any access, the only requirement being that the acknowledge the original authors and their copyright with every copy they ship.

      At best they could force Intel to waste some money notifying people. Since Intel can't know the details of everyone who bought an Intel CPU (I hope) they would probably have to take out adverts all over the world. That could actually be good though, because it will create more negative publicity about the ME.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Do you think they care? by AmiMoJo · · Score: 5, Interesting

      Hate to say it, but once again RMS is proven right. On multiple counts.

      Who am I kidding, I love saying that.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Do you think they care? by TheReaperD · · Score: 5, Interesting

      I favor the corporate death penalty. And I'm not being facetious, in general. I actually advocate for a corporate death penalty. Equifax and Wells Fargo are perfect examples of why it is needed.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    9. Re:Do you think they care? by OrangeTide · · Score: 5, Insightful

      If the copyright infringement is willful, the maximum penalty increases to $150,000 per violation.

      Why not use MPAA and RIAA tactics against Intel? They can pay $150k per CPU they shipped in the last several years. If the Minix copyright holders are feeling nice, they can accept a lesser settlement instead.

      That's how the law works.

      --
      “Common sense is not so common.” — Voltaire
  2. No by Anonymous Coward · · Score: 4, Informative

    "Intel's ME **May** Be Massively Infringing on Minix3's Free Software License "
    [Emphasis mine].

    No. They aren't Even the author of Minix thinks it's fine. He thinks it's rude they didn't even tell him. But but didn't have to.

    http://www.cs.vu.nl/~ast/intel/

    1. Re:No by Bruce+Perens · · Score: 3, Informative

      Does not matter what he thinks, what the license itself says is what matters in a court of law.

      If he's the only copyright holder, the decision to sue or not is entirely in his hands. Nobody else would have a right to sue.

      --
      Bruce Perens.
  3. Nothing to see here by Sephr · · Score: 3, Interesting

    Intel paid for a license and the parties involved are under an NDA.

  4. The copyright holder does not seem to care... by williamyf · · Score: 4, Informative

    ... For now.

    1.) AST published an open letter, and the fact that the disclaimers are not posted does not seem to bother him much.
    See here: http://www.cs.vu.nl/~ast/intel...

    2.) Minix3 License, states that, when distributed in Binary form, the DOCUMENTATION has to reproduce the copyright notice and, well, there is no documentation whatsoever abut the ME.
    See here: https://github.com/Stichting-M...

    Having said that, security through obscurity is not a sensible policy, and AST's courtesy is not enough. If intel is using minix, they should say so and print the license.

    --
    *** Suerte a todos y Feliz dia!
  5. The license is four sentences. Read it by raymorris · · Score: 5, Informative

    The Minix3 standard license is four sentences:
    http://git.minix3.org/index.cg...

    The second clause / sentence of the license is:

    --
          * Redistributions in binary form must reproduce the above copyright
            notice, this list of conditions and the following disclaimer in the
            documentation and/or other materials provided with the distribution.
    --

    Intel did not comply with that. Intel violated the license. That's a fact. Tanenbaum isn't too mad about it, and that's fine. If he chooses not to sue them that's all well and good, but it doesn't change the fact that they did not comply with the license. Note Minix can ALSO be licensed under other terms - a company can contact the copyright holders to negotiate a different license, which may include payment. Intel didn't do that.

    They had no right to make and sell copies of Minix as part of their CPU, since they didn't do so under the normal license.

    Many years ago, Minix wasn't open source. It was sold for $69 / copy. After inflation that's about $150 in 2017 dollars. If Intel has unlawfully sold 500 million copies which they'd now need to pay Tanenbaum for - well he could be a very rich man if he chose to. Even at $1 per copy that's $500 million that Intel owes him.

    1. Re:The license is four sentences. Read it by Waffle+Iron · · Score: 5, Funny

      Maybe they *did* reproduce the copyright notice. For all we know, it might be etched somewhere on the CPU die in 100nm-tall characters.

  6. Actual license requirement text by Bruce+Perens · · Score: 5, Informative

    . Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

    This does indeed require that something shipped with the hardware should say that MINIX is in there. Even if there is no documentation provided.

    The BSD license is the most infringed. Most companies get this wrong. Many of them can tell you why they don't use GPL, and then they infringe on the BSD license, putting themselves in exactly the same place (being a copyright infringer) as if they had used GPL.

    --
    Bruce Perens.
  7. Re:SoSuMi by Bruce+Perens · · Score: 3, Informative

    The idea that Intel could violate an IP law is ludicrous.

    Ha ha ha ha ha he he. Haw. Snort.

    First, you can look at the number of patent infringement lawsuits against them, some of which they lost.

    Then, you can consider that any company, regardless of its size, can have a failure of due diligence.

    I get paid to fix them all day long.

    --
    Bruce Perens.
  8. Intel destroying itself? by Futurepower(R) · · Score: 5, Informative

    "ME is turning into a colossal dumpster fire."

    Or maybe the equivalent of a billion dollar ad campaign against Intel.

    Customers don't want spyware. It seems that, if Intel continues to try to force spyware on customers, Intel will eventually go bankrupt. That would be a very, very bad conclusion to the very, very bad management by Intel.

    It is EXTREMELY important for the entire world, in my opinion, that Intel stay healthy. (The world needs AMD to stay healthy, also.)

    Did the present Intel managers lack the social ability to understand that providing hidden access for hidden invaders would damage Intel's reputation? Apparently Intel needs a new CEO. Maybe other Intel managers should be replaced, also. Most of the technology development parts of Intel has seemed healthy to me; it's the business management that is failing, apparently.

    The world was told more than 3 years ago about the hidden control: Secret of Intel Management Engine by Igor Skochinsky. (Mar 12, 2014)

    Intel was told that there would be problems: Intel's Management Engine is a security hazard, and users need a way to disable it. (May 8, 2017)

    Did the present managers lack the social ability to understand that it was likely that hackers would find defects in the Intel Management Engine? One article: Intel Patches Major Flaws in the Intel Management Engine. (Nov 22, 2017) Intel's reaction: Intel Management Engine Critical Firmware Update (Intel-SA-00086). (Dec 5, 2017)

    1. Re:Intel destroying itself? by infolation · · Score: 3, Interesting

      The option is open hardware. One of Intel's most vocal anti-ME corporate customers is Google, who are gearing up to replace Intel x86-based servers with the OpenPOWER (IBM Power9) platform in data centres, in part, for this very reason.

  9. Prison for not disclosing Intel vulnerabilities? by Futurepower(R) · · Score: 3, Interesting

    Replies to:
    "Our feelings are not doing any financial or reputational damage to the Intel brand."
    and to:
    "... what are the geeks (such a small market that it can not be measured) going to do about it?"

    It is common, I've observed, that technically-knowledgeable people believe they should not get involved with social issues. In fact, however, they have discussions like this one and have a huge amount of power.

    What are the legal issues? Can you recommend Intel or AMD hardware without telling the managers of your company or your customers that the hardware is not secure? Could you go to prison for knowingly selling insecure hardware without informing the customers in a way that causes them to fully understand? Suppose a company loses millions of dollars because Intel hardware you recommended was found to be hackable, especially since that kind of vulnerability has already happened. Can you be found liable?

    "Intel has been richly rewarded for implementing ME and with AMD implementing similar backdoors..."

    Intel SHOULD be "richly rewarded" for that. "Implementing ME" was a good idea. The issue is that was done in a way that Intel has kept hidden, and in a way that customers who don't need that feature are not allowed to understand and cannot control.

    It seems to me that the business side of Intel is not being managed well. What I know about Intel management is from talking with Intel employees, sometimes at conventions, sometimes at social events not connected with technology, visiting an Intel campus during an open house event, and from news stories.

    Here is one example of what I have learned, from a 2013 news story:

    Intel has been emitting fluoride for years without state knowledge, permit. (Sept. 24, 2013)

    Quote from that story: "When Intel applied for D1X approval, the company considered its fluoride emissions insignificant and did not include those. It was only when the company applied for the new DEQ permit required by greenhouse gas regulations that it [Intel] requested a 6.4-tons-per-year fluoride emission limit."

    Intel is putting 6.4 TONS EACH YEAR of fluoride compounds into the air around its plant! Does that seem to you to be good business management?

    My understanding is that there are many areas of bad business management at Intel. The central technological group, however, seems to me to be well-managed. For example, in recent years Intel has released CPUs that provide the same computational power, but lower the electrical energy required. That achievement is good for all humans on the planet.

  10. copyright laws are just like other laws by cas2000 · · Score: 3, Insightful

    copyright laws are for people to obey, not for corporations.

    copyright laws are for corporations to wield, not for people.