Rick Zeman writes: The Washington Post has a lengthy article on Linus Torvalds and his thoughts on Linux security. Quoting: "...while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven't been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. ...

His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"

Of course, contradictory points of view are presented, too: "While I don't think that the Linux kernel has a terrible track record, it's certainly much worse than a lot of people would like it to be," said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, "very little of that research has been incorporated into Linux."

BUL2294 writes: The U.S. Library of Congress' Copyright Office has published their newest rules regarding DRM circumvention. Much to the chagrin of car makers and agricultural vehicle manufacturers, DRM circumvention, with the exception of telmatics ("black box") and entertainment systems, and anything that would run afoul of DOT or EPA regulations, is now allowed for "diagnosis, repair or lawful modification of a vehicle function." In addition, jailbreaking is now extended to tablets, wearables, and smart TVs, but not to single-purpose devices like e-readers. An exemption has been carved out for security researchers to hack cars, voting machines, and medical devices — as long as that device is not being used for its purpose and is in an isolated environment. Finally, owners of abandoned video games that require server authentication (where such authentication is no longer available) may also circumvent DRM. DRM circumvention is NOT allowed for jailbreaking gaming systems and e-readers, and does not allow for "format-shifting" (e.g. moving e-books from one platform to another).

The full text of the new rules is available online (PDF), and will be published in the Federal Register on October 28, 2015.

An anonymous reader writes: There's no dearth of media technology today. Not only do modern console emulate set-top boxes, but there are dozens of tiny appliances that bring TV shows and movies to your screens with varying levels of convenience and cost. So, what setup do you use? I'm curious about the hardware you use to collect, transmit, and display the media, in addition to the software running it, and the services you use or subscribe to that provide the media. I imagine there are a lot of cord-cutters in this crowd — if that's the case, how do you acquire the shows you want to watch? What problems still need to be solved in this area?

An anonymous reader sends a story from TeleRead which argues that Amazon doing harm to the e-reader category of devices it helped create. The company has been aggressively pushing adoption of its Kindle Fire brand of tablets, dropping the price for the cheapest model down to $50. Compare that to the basic version of the e-ink Kindle: $80 if you don't want it cluttered with "special offers." If you care enough about an e-ink screen, you might still buy it, but most of those people probably already have e-readers. The general populace, when looking at the tablet's color screen, app ecosystem, and access to forms of entertainment beyond books, will probably consider the tablet a no-brainer.

This is in Amazon's best interest; if you buy an e-reader, you're only going to be buying books for it. If you buy a tablet, they can sell you videos and software, too. Amazon has succeeded in pushing several competing e-readers out of the market. They also refuse to experiment or innovate on the design; there have been no significant changes since the Paperwhite's backlighting technology in 2012. Given that ebook sales are no longer growing explosively, this could be a sign that the e-reader category of devices is stagnating.

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

An anonymous reader writes: Wikileaks has released the finalized Intellectual Property text of the Trans-Pacific Partnership (TPP), which international negotiators agreed upon a few days ago. Unfortunately, it contains many of the consumer-hostile provisions that so many organizations spoke out against beforehand. This includes the extension of the copyright term to life plus 70 years, and a ban on the circumvention of DRM. The EFF says, "If you dig deeper, you'll notice that all of the provisions that recognize the rights of the public are non-binding, whereas almost everything that benefits rightsholders is binding. That paragraph on the public domain, for example, used to be much stronger in the first leaked draft, with specific obligations to identify, preserve and promote access to public domain material. All of that has now been lost in favor of a feeble, feel-good platitude that imposes no concrete obligations on the TPP parties whatsoever." The EFF walks us through all the other awful provisions as well — it's quite a lengthy analysis.

Lucas123 writes: The DCMA has allowed carmakers to keep third parties from looking at the code in their electronic control modules. The effect has been that independent researchers are wary of probing vehicle code, which may have lead companies like Volkswagen to get away with cheating emissions tests far longer than necessary. In a July letter to the U.S. Copyright Office, the Environmental Protection Agency expressed its own concern of the protection provided by the DMCA to carmakers, saying it's "difficult for anyone other than the vehicle manufacturer to obtain access to the software." Kit Walsh, an attorney with the Electronic Frontier Foundation, said the legal uncertainly created by the DMCA "makes it easier for manufacturers to conceal intentional wrongdoing. The EFF has petitioned the U.S. Copyright Office for an exemption to the DMCA for embedded vehicle code so that independent research can be performed on electronic control modules (ECMs), which run a myriad of systems, including emissions. Eben Moglen was right.

harrymcc writes: In 1972 -- years before Betamax and VHS -- a Silicon Valley startup called Cartrivision started selling VCRs built into color TVs. They offered movies for sale and rent -- everything from blockbusters to porn -- using an analog form of DRM, and also let you record broadcast TV. There was also an optional video camera. And it was a spectacular flop. Over at Fast Company, Ross Rubin tells the fascinating story of this ambitious failure.

An anonymous reader writes: AMD has finally revealed some basic details concerning their support of Vulkan on Linux. AMD has a Vulkan driver but it will begin its life as closed-source, reports Phoronix. In time the AMD Vulkan driver will transition to being open-source. This Vulkan driver is built to interface with their new AMDGPU kernel DRM driver that's part of their long talked about AMD open-source strategy for Linux. This closed-then-open Vulkan driver will be competing with Valve's Intel Vulkan driver that will be open from day one.

szczys writes: Chris Anderson is on the bleeding edge of the drone world, having founded 3D Robotics (drone manufacturer) and DIY Drones (enthusiast site). He takes on the issue of people flying drones where they shouldn't, and concludes that making drones self aware is the best solution. This isn't the "robots are trying to kill you" type of self awareness. Instead, it considers drone type, operator, and location, to establish if all those factors equate to a safe flight area. This is an important issue — in the last few months, there have been several stories about drones in places they should not have been. This included incidents like disrupting the efforts of airborne firefighting and interfering with a police manhunt.

The Free Software Foundation will be celebrating its 30th anniversary on Oct. 3rd. Recently, you had a chance to ask its founder Richard Stallman about GNU/Linux, free software, and other issues of public concern. Below you'll find his answers to your questions. Learn more about how you can join the FSF here, and help fight the good fight.

An anonymous reader writes: An editorial in the Wall Street Journal rings a bell we've been ringing for years: "Who owns the knowledge required to take apart and repair TVs, phones and other electronics? Manufacturers stop us by controlling repair plans and limiting access to parts. Some even employ digital software locks to keep us from making changes or repairs. This may not always be planned obsolescence, but it's certainly intentional obfuscation." The article shows that awareness of this consumer-hostile behavior (and frustration with it) is going mainstream. The author links to several DIY repair sites like iFixit, and concludes, "Repairing stuff isn't as complicated as they want you to think. Skilled gadget owners and independent repair pros deserve access to the information they need to do the best job they can."

An anonymous reader writes: Lexmark is best known for its printers, but even more important to its business is toner. Toner cartridges are Lexmark's lifeblood, and they've been battling hard in court to protect their cashflow. The NY Times has published an editorial arguing that one of their recent strategies is bogus: making patent infringement claims on companies who refill used cartridges. Think about that, for a moment: Lexmark says that by taking one of their old, empty cartridges, refilling it with toner, and then selling it somehow infringes upon their patents to said cartridges. "This case raises important questions about the reach of American patent law and how much control a manufacturer can exert after its products have been lawfully sold. Taken to their logical conclusion, Lexmark's arguments would mean that producers could use patent law to dictate how things like computers, printers and other patented goods are used, changed or resold and place restrictions on international trade. That makes no sense, especially in a world where technology products and components are brought and sold numerous times, which is why the court should rule in favor of Impression." The Times paints it as the latest attack on ownership in the age of DRM.

MojoKid writes: Microsoft's Xbox One launch didn't go off exactly as planned in late 2013. Before the console's release, the company was dogged over DRM restrictions with the console and concerns over its high price tag compared to its counterpart, the Sony PlayStation 4. Microsoft would attribute the higher price tag to the included Kinect camera — a peripheral that many gamers didn't particularly care for. Former Xbox Chief Robbie Bach offered his two cents recently on the Xbox One — a console that launched years after he announced he retired from the company in 2010. Bach noted, regarding the Xbox One's rocky launch, "...gosh, I think some of that was predictable and preventable." As for the future of physical game media, Bach doesn't think that the future will be so bright when it comes to DRM and always-connected requirements in the next generation of gaming consoles. He said that the next Xbox would "probably not" have physical media to speak of, with consoles adopting digital-only distribution.

darthcamaro writes: Mark Shuttleworth, BDFL of Ubuntu is clearing the air about how Ubuntu will make use of .deb packages even in an era where it is moving to its own Snappy ('snaps') format of rapid updates. Fundamentally it's a chicken and egg issue. From the serverwatch article: "'We build Snappy out of the built deb, so we can't build Snappy unless we first build the deb,' Shuttleworth said. Going forward, Shuttleworth said that Ubuntu users will still get access to an archive of .deb packages. That said, for users of a Snappy Ubuntu-based system, the apt-get command no longer applies. However, Shuttleworth explained that on a Snappy-based system there will be a container that contains all the deb packages. 'The nice thing about Snappy is that it's completely worry-free updates,' Shuttleworth said."

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.

sandbagger writes: The latest attempt to create artificial scarcity comes from Xerox, according to the editors at TechDirt, who cite German sources: "Xerox uses region coding on their toner cartridges AND locks the printer to the first type used. So if you use a North America cartridge you can't use the cheaper Eastern Europe cartridges. The printer's display doesn't show this, nor does the hotline know about it. When c't reached out to Xerox, the marketing drone claimed, this was done to serve the customer better..."

An anonymous reader writes with another story about Popcorn Time, after yesterday's report that two Danes were arrested for sharing information about how to use it. From the article at BGR: Often described as 'Netflix for pirates,' Popcorn Time users are now being targeted for infringement. The makers of a film called The Cobbler recently initiated a lawsuit against 11 Popcorn Time users in Oregon for copying and distributing the aforementioned film without authorization. The Cobbler, in case you're unfamiliar, stars Adam Sandler and was released in early 2015 to tepid reviews. "Tepid" is putting it nicely.

Kohenkatz writes: Matchstick, a project built on FirefoxOS that aimed to compete with Google's Chromecast, which was initially funded on Kickstarter, is shutting down and will be refunding all pledges. In a post to Kickstarter backers today, they announced that this decision was due to the difficulty of implementing the DRM components that are necessary for access to a lot of paid content. Rather than drag out the project on an unknown schedule, they have decided to end the project.

RockDoctor writes: The Guardian is reporting that the EU is becoming increasingly vociferous in its opposition to "geo-blocking" — the practice of making media services available in some areas but not in others: "European consumers want to watch the pay-TV channel of their choice regardless of where they live or travel in the EU." That adds up to a block of nearly 500 million first-world media consumers. They don't necessarily all speak the same language, but English is probably the most commonly understood single language. And the important thing for American media companies to remember is that they're not American in thought, taste or outlook.