Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel's ME May Be Massively Infringing on Minix3's Free Software License (ipwatchdog.com)

Posted by ryuzaki0 on from the secret-software dept.

Software engineer (and IP Watchdog contributor) Fredrik Ohrstrom (a.k.a. Slashdot reader anjara) writes: Almost all Free Software licenses (BSD, MIT, GPL...) require some sort of legal notice (legal attribution) given to the recipient of the software, both when the software is distributed in source and in binary forms. The legal notice usually contains the copyright holder's name and the license text. This means that it's not possible to hide and keep secret the existence of Free Software that you have stuck into your product that you distribute. If you do so, then you are not complying with the Free Software license and you are committing a copyright infringement!

This is exactly what Intel seems to have done with the Intel ME. The Minix3 operating system license requires a legal notice, but so far it seems like Intel has not given the necessary legal notices. (Probably because they want to keep the inside of the ME secret.) Thus not only is Minix3 the most installed OS on our recent x86 CPUs -- but it might also the most pirated OS on our recent x86 CPUs!

14 of 251 comments (clear)

  1. Do you think they care? by Anonymous Coward · · Score: 4, Insightful

    They're a corporation.

    Lol.

    1. Re:Do you think they care? by NoNonAlphaCharsHere · · Score: 4, Insightful

      Corporationsare people, too, my friend. Thieving, evil, soulless people.

    2. Re:Do you think they care? by gweihir · · Score: 4, Insightful

      So jail them all? Not that I would be opposed...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re: Do you think they care? by Z00L00K · · Score: 5, Interesting

      No, just force them to give everyone access to the ME and also how to disable it.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:Do you think they care? by thsths · · Score: 5, Insightful

      No, corporate employees are not usually evil. The secret of a commercial organisation is to diffuse responsibility, so that you can perform evil actions with non-evil employees. Everybody things they are doing the right thing, just following procedures etc, but the end result is often evil.

    5. Re:Do you think they care? by AmiMoJo · · Score: 5, Interesting

      Hate to say it, but once again RMS is proven right. On multiple counts.

      Who am I kidding, I love saying that.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Do you think they care? by TheReaperD · · Score: 5, Interesting

      I favor the corporate death penalty. And I'm not being facetious, in general. I actually advocate for a corporate death penalty. Equifax and Wells Fargo are perfect examples of why it is needed.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    7. Re:Do you think they care? by OrangeTide · · Score: 5, Insightful

      If the copyright infringement is willful, the maximum penalty increases to $150,000 per violation.

      Why not use MPAA and RIAA tactics against Intel? They can pay $150k per CPU they shipped in the last several years. If the Minix copyright holders are feeling nice, they can accept a lesser settlement instead.

      That's how the law works.

      --
      “Common sense is not so common.” — Voltaire
  2. No by Anonymous Coward · · Score: 4, Informative

    "Intel's ME **May** Be Massively Infringing on Minix3's Free Software License "
    [Emphasis mine].

    No. They aren't Even the author of Minix thinks it's fine. He thinks it's rude they didn't even tell him. But but didn't have to.

    http://www.cs.vu.nl/~ast/intel/

  3. The copyright holder does not seem to care... by williamyf · · Score: 4, Informative

    ... For now.

    1.) AST published an open letter, and the fact that the disclaimers are not posted does not seem to bother him much.
    See here: http://www.cs.vu.nl/~ast/intel...

    2.) Minix3 License, states that, when distributed in Binary form, the DOCUMENTATION has to reproduce the copyright notice and, well, there is no documentation whatsoever abut the ME.
    See here: https://github.com/Stichting-M...

    Having said that, security through obscurity is not a sensible policy, and AST's courtesy is not enough. If intel is using minix, they should say so and print the license.

    --
    *** Suerte a todos y Feliz dia!
  4. The license is four sentences. Read it by raymorris · · Score: 5, Informative

    The Minix3 standard license is four sentences:
    http://git.minix3.org/index.cg...

    The second clause / sentence of the license is:

    --
          * Redistributions in binary form must reproduce the above copyright
            notice, this list of conditions and the following disclaimer in the
            documentation and/or other materials provided with the distribution.
    --

    Intel did not comply with that. Intel violated the license. That's a fact. Tanenbaum isn't too mad about it, and that's fine. If he chooses not to sue them that's all well and good, but it doesn't change the fact that they did not comply with the license. Note Minix can ALSO be licensed under other terms - a company can contact the copyright holders to negotiate a different license, which may include payment. Intel didn't do that.

    They had no right to make and sell copies of Minix as part of their CPU, since they didn't do so under the normal license.

    Many years ago, Minix wasn't open source. It was sold for $69 / copy. After inflation that's about $150 in 2017 dollars. If Intel has unlawfully sold 500 million copies which they'd now need to pay Tanenbaum for - well he could be a very rich man if he chose to. Even at $1 per copy that's $500 million that Intel owes him.

    1. Re:The license is four sentences. Read it by Waffle+Iron · · Score: 5, Funny

      Maybe they *did* reproduce the copyright notice. For all we know, it might be etched somewhere on the CPU die in 100nm-tall characters.

  5. Actual license requirement text by Bruce+Perens · · Score: 5, Informative

    . Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

    This does indeed require that something shipped with the hardware should say that MINIX is in there. Even if there is no documentation provided.

    The BSD license is the most infringed. Most companies get this wrong. Many of them can tell you why they don't use GPL, and then they infringe on the BSD license, putting themselves in exactly the same place (being a copyright infringer) as if they had used GPL.

    --
    Bruce Perens.
  6. Intel destroying itself? by Futurepower(R) · · Score: 5, Informative

    "ME is turning into a colossal dumpster fire."

    Or maybe the equivalent of a billion dollar ad campaign against Intel.

    Customers don't want spyware. It seems that, if Intel continues to try to force spyware on customers, Intel will eventually go bankrupt. That would be a very, very bad conclusion to the very, very bad management by Intel.

    It is EXTREMELY important for the entire world, in my opinion, that Intel stay healthy. (The world needs AMD to stay healthy, also.)

    Did the present Intel managers lack the social ability to understand that providing hidden access for hidden invaders would damage Intel's reputation? Apparently Intel needs a new CEO. Maybe other Intel managers should be replaced, also. Most of the technology development parts of Intel has seemed healthy to me; it's the business management that is failing, apparently.

    The world was told more than 3 years ago about the hidden control: Secret of Intel Management Engine by Igor Skochinsky. (Mar 12, 2014)

    Intel was told that there would be problems: Intel's Management Engine is a security hazard, and users need a way to disable it. (May 8, 2017)

    Did the present managers lack the social ability to understand that it was likely that hackers would find defects in the Intel Management Engine? One article: Intel Patches Major Flaws in the Intel Management Engine. (Nov 22, 2017) Intel's reaction: Intel Management Engine Critical Firmware Update (Intel-SA-00086). (Dec 5, 2017)