Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Bug

5-Year-Old Critical Linux Vulnerability Patched (threatpost.com) 48

msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.

"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."
Movies

Slashdot Asks: Would You Like Early Access To Movies And Stop Going To Theatres? 337

It appears many major stakeholders in the movie industry want to bring new titles to you within days, if not hours, as they hit cinemas. Earlier this year, we learned that Sean Parker is working on a service called "Screening Room", an idea that was reportedly backed by Peter Jackson, Steven Spielberg and JJ Abrams, to bring movies on the same day as they show up in theaters. Apple seems interested as well. It is reportedly in talks with Hollywood studios to get iTunes rentals of movies that are still playing on the big screen. Earlier this month, Bloomberg reported that several studios are exploring the idea of renting new movies for $25 to $50 just two weeks after they have hit cinemas.

None of such deals have materialized yet, of course, and also it needs to be pointed out that several movie companies have discarded these ideas before because they know that by offering you new titles so early they are going to lose on all the overpriced cold drinks, and snacks they sell you at the theatre. There's also piracy concerns. If a movie is available early, regardless of the DRM tech these companies deploy, good-enough footage of the movies will crop up on file-sharing websites almost immediately.

But leaving all those aspects aside, would you be interested in getting new titles just hours or a week or two after they hit the cinemas? Would you want to end the decades-long practice of going to a theater?
Books

O'Reilly Discounts Every eBook By 50% (oreilly.com) 47

On Friday, O'Reilly Media announced "Our Cyber Monday sale starts now." An anonymous reader writes: They're offering a 50% discount on every ebook they publish -- over 14,000 titles from O'Reilly, No Starch Press, Pearson, A Book Apart, Make, Packt, and 25 other book publishers. (And they're offering a 60 percent discount on orders over $100.) Just use the code CYBER16 when checking out to claim the discount. The sale continues through Tuesday morning at 5 a.m. PST.

These are all DRM-free ebooks (in multiple formats), and there's even some "early release" editions -- advance copies distributed before their official publication. The discount also applies to new titles like "Head First Python" as well as old-school classics like "Learning Perl". Right now their best-sellers are "Wicked Cool Shell Scripts", "Modern Linux Administration", and "You Don't Know JS: Up and Going" -- but again, the discount applies to any ebook that they sell, and they also still have their selection of free programming texts.

Tim O'Reilly was one of the first people interviewed by Slashdot -- more than 17 years ago.
Microsoft

4K Netflix Arrives On Windows 10, But Only Via Microsoft's Edge Browser (theverge.com) 126

An anonymous reader quotes a report from The Verge: Netflix 4K streaming is finally heading to Windows PCs this week. While a number of TVs and set-top-boxes already support 4K Netflix streams, the PC has largely been left out of the high-quality streams due to piracy fears. Netflix is now supporting 4K streaming through Microsoft's Edge browser, but you'll need a new PC to actually make use of it. Netflix is only supporting 7th generation (Kaby Lake) Intel Core processors, and there aren't many laptops that actually support both the 4K display required and the new Intel processors. As a result, Microsoft is using the 4K Netflix support as a marketing effort for its Edge browser and to encourage people to upgrade their hardware to watch new episodes of the Gilmore Girls. It all might seem like a bit of a con, but it's largely the fault of DRM requirements from Hollywood studios and TV networks. Content providers have strict controls for 4K playback, so that streams can't be captured and redistributed illegally. The latest hardware decryption features simply aren't available on older Intel processors, and the new Kaby Lake chips now support 10-bit HEVC, a popular 4K video codec.
Government

President Obama Gives Up On The Trans-Pacific Partnership (theguardian.com) 355

An anonymous reader quotes The Guardian: White House officials conceded on Friday that the president's hard-fought-for Trans-Pacific Partnership trade deal would not pass Congress, as lawmakers there prepared for the anti-global trade policies of President-elect Donald Trump. Earlier this week, congressional leaders in both parties said they would not bring the trade deal forward during a lame-duck session of Congress, before the formal transition of power on January 20.
One Canadian law professor had argued the case against the TPP included its unbalanced intellectual property rules and risks to privacy, while the EFF believed it locked in the worst parts of U.S. copyright law and also exported them to other countries.
DRM

DRM is Used to Lock in, Control and Spy on Users, Says Free Software Foundation (torrentfreak.com) 72

In a scathing critique, the Free Software Foundation is urging the U.S. Government to drop the DMCA's anti-circumvention provisions which protect DRM. From a report on TorrentFreak:Late last year the U.S. Copyright office launched a series of public consultations to review critical aspects of the DMCA law. FSF sees no future for DRM and urges the Copyright Office to repeal the DMCA's anti-circumvention provisions. "Technological protection measures and Digital Restrictions Management (DRM) play no legitimate role in protecting copyrighted works. Instead, they are a means of controlling users and creating 'lock in'," FSF's Donald Robertson writes. According to FSF, copyright is just an excuse, the true purpose is to lock down and control users. "Companies use this control illegitimately with an eye toward extracting maximum revenue from users in ways that have little connection to actual copyright law. In fact, these restrictions are technological impediments to the rights users have under copyright law, such as fair use." Even if copyright was the main concern, DRM would be an overbroad tool to achieve the goal, the foundation notes. FSF highlights that DRM is not just used to control people but also to spy on them, by sending all kinds of personal data to technology providers. This is done to generate extra income at the expense of users' rights, they claim. "DRM enables companies to spy on their users, and use that data for profit," Robertson adds. "DRM is frequently used to spy on users by requiring that they maintain a connection to the Internet so that the program can send information back to the DRM provider about the user's actions," he adds.
DRM

EA Blocks 'Origin' Access In Six Countries, Citing US Embargoes (pcgamer.com) 121

An anonymous reader writes: "In compliance with US embargoes and sanctions laws, Origin is not available in Cuba, Iran, Myanmar, North Korea, Sudan, Syria, and Ukraine (Crimea region)," a community manager from EA posted in September. Engadget calls it "a reminder of the risks you take when buying copy-protected game downloads... Even if you started your account elsewhere, you aren't allowed to either visit the Origin store or use any of your purchased games."

Sunday an employee at EA's Origin game store commented "This isn't an EA-specific issue -- it's an issue that impacts all companies offering services that are covered by trade embargoes." But since the U.S. lifted sanctions on Myanmar in September, EA "is internally reviewing the situation... It's unclear to me whether we can do anything for residents of other countries that are still similarly embargoed, but I'll bring the topic up for discussion internally."

DRM

Shadow Warrior 2 Developers Say DRM Is a Waste of Time (arstechnica.com) 99

zarmanto writes: Ars Technica reports that one particular game studio might finally get it, when it comes to DRM'ed game content. They're publishing their latest game, Shadow Warrior 2, with no DRM protection at all. From the article: "We don't support piracy, but currently there isn't a good way to stop it without hurting our customers," Flying Wild Hog developer Krzysztof "KriS" Narkowicz wrote on the game's Steam forum (in response to a question about trying to force potential pirates to purchase the game instead). "Denuvo means we would have to spend money for making a worse version for our legit customers. It's like the FBI warning screen on legit movies." Expanding on those thoughts in a recent intervew with Kotaku, Narkowicz explained why he felt the DRM value proposition wasn't worth it. "Any DRM we would have needs to be implemented and tested," he told Kotaku. "We prefer to spend resources on making our game the best possible in terms of quality, rather than spending time and money on putting some protection that will not work anyway." "The trade-off is clear," Flying Wild Hog colleagues Artur Maksara and Tadeusz Zielinksi added. "We might sell a little less, but hey, that's the way the cookie crumbles! We hope that our fans, who were always very supportive, will support us this time as well," Zielinski told Kotaku. "...In our imperfect world, the best anti-pirate protection is when the games are good, highly polished, easily accessible and inexpensive," Maksara added.
Open Source

Adobe Resurrects Flash Player On Linux (neowin.net) 153

An anonymous reader quotes a report from Neowin: Four years ago, Adobe made a decision to stop updating the Flash Player package (NPAPI) on Linux, aside from delivering security patches. It has made an about turn on this decision in the last week and has said that it will keep it in sync with the modern release branch going forward. In its announcement, Adobe wrote: "In the past, we communicated that NPAPI Linux releases would stop in 2017. This is no longer the case and once we have performed sufficient testing and received community feedback, we will release both NPAPI and PPAPi Linux builds with their major version numbers in sync and on a regular basis." Although this is great news for Linux users who don't want to struggle to watch Flash content online, there also a few drawbacks. Adobe writes: "Because this change is primarily a security initiative, some features (like GPU 3D acceleration and premium video DRM) will not be fully implemented. If you require this functionality we recommend that you use the PPAPI version of Flash Player." You can download the new NPAPI binaries from the Adobe Labs download page.
Operating Systems

PC-BSD Follows a Rolling Release Model, Gets Renamed To TrueOS 132

prisoninmate quotes a report from Softpedia: By following a rolling release model, TrueOS promises to be a cutting-edge and modern FreeBSD-based operating system for your personal computer, designed with security and simplicity in mind -- all while being stable enough to be deployed on servers. TrueOS will also make use of the security technologies from the OpenBSD project, and you can get your hands on the first Beta ISO images right now. The development team promises to offer you weekly ISO images of TrueOS, but you won't have to download anything anymore due to constant updates thanks to the rolling release model. TrueOS will use LibreSSL instead of OpenSSL, offer Linux DRM 4.7 compatibility for supporting for Intel Skylake, Haswell, and Broadwell graphics, and uses the pkg package manage system by default. "TrueOS combines the convenience of a rolling release distribution with the failsafe technology of boot environments, resulting in a system that is both current and reliable. TrueOS now tracks FreeBSD's 'Current' brand and merges features from select FreeBSD developer branches to enhance support for newer hardware and technologies," reads today's announcement.
Bitcoin

Kim Dotcom Will Revive Megaupload, Linking File Transfers To Bitcoin Microtransactions (fortune.com) 76

Long-time Slashdot reader SonicSpike quotes an article from Fortune: The controversial entrepreneur Kim Dotcom said last month that he was preparing to relaunch Megaupload, the file-sharing site that U.S. and New Zealand authorities dramatically shut down in 2012, with bitcoins being involved in some way... This system will be called Bitcache, and Dotcom claimed its launch would send the bitcoin price soaring way above its current $575 value.

The launch of Megaupload 2.0 will take place on January 20, 2017, he said, urging people to "buy bitcoin while cheap, like right now, trust me..." Crucially, Dotcom said the Bitcache system would overcome bitcoin's scaling problems. "It eliminates all blockchain limitations," he claimed.

Every file transfer taking place over Megaupload "will be linked to a tiny Bitcoin micro transaction," Dotcom posted on Twitter. His extradition trial begins Monday, and he's asking the court to allow live-streaming of the trial "because of global interest in my case." Meanwhile, the FBI apparently let the registration lapse on the Megaupload domain, which they seized in 2012, and Ars Technica reports that the site is now full of porn ads.
DRM

BitTorrent Cases Filed By Malibu Media Will Proceed, Rules Judge 69

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.
Bitcoin

'SingularDTV' Will Use Ethereum For DRM On A Sci-Fi TV Show (rocknerd.co.uk) 78

It's "an epic sci-fi adventure about the human race's journey into a theoretical technological Singularity." Or is it an "entertainment industry boondoggle...part DRM snake oil marketing, part pseudo-Bitcoin scam and part sincere Singularitarian weirdness?" Long-term Slashdot reader David Gerard writes: SingularDTV is an exciting new blockchain-based entertainment industry startup. Their plan is to adapt the DRM that made $121.54 for Imogen Heap, make their own completely pre-mined altcoin and use that to somehow sell two million views of a sci-fi TV show about the Singularity. Using CODE, which is explicitly modeled on The DAO ... which spectacularly imploded days after its launch. There's a white paper [PDF], but here's an analysis of why these schemes are a terrible idea for musicians.
'Singular' will be a one-hour adventure/drama "that explores the impact technology will have on the future of our planet and how it will shape the evolution of our human race," set in the years 2021 to 2045, "as an unprecedented technological revolution sweeps over the world..."
DRM

Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry (fastcompany.com) 394

Rumors of Apple's next iPhone missing a headphone jack have been swirling around for more than a year now. But a report from WSJ a few weeks ago, and another report from Bloomberg this week further cemented such possibility. We've talked about it here -- several times -- but now Cory Doctorow is shedding light on what this imminent change holds for the music industry. Reader harrymcc writes: Fast Company's Mark Sullivan talked about the switch with author and EFF adviser Cory Doctorow, who thinks it could lead to music companies leveraging DRM to exert more control over what consumers can do with their music.From the article:"If Apple creates a circumstance where the only way to get audio off its products is through an interface that is DRM-capable, they'd be heartbreakingly naive in assuming that this wouldn't give rise to demands for DRM," said Doctorow. If a consumer or some third-party tech company used the music in way the rights holders didn't like, the rights holders could invoke the anti-circumvention law written in Section 1201 of the Digital Millennium Copyright Act (DMCA). Steve Jobs famously convinced the record industry to remove the DRM from music on iTunes; is there really any reason to believe the industry might suddenly become interested in DRM again if the iPhone audio goes all digital? "Yes -- for streaming audio services," Doctorow says. "I think it is inevitable that rights holder groups will try to prevent recording, retransmission, etc." Today it's easy to record streamed music from the analog headphone jack on the phone, and even to convert the stream back to digital and transmit it in real time to someone else. With a digital stream it might not be nearly so easy, or risk-free."Doctorow shares more on BoingBoing.
DRM

EFF Asks FTC To Demand 'Truth In Labeling' For DRM (techdirt.com) 122

An anonymous reader quotes a report from Techdirt: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It's bad enough when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it's vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.
Microsoft

Linux Kernel 4.8 Adds Microsoft Surface 3 Support (betanews.com) 133

Brian Fagioli, writing for BetaNews:If you are a Windows user, and want a really great computer, you should consider Microsoft's Surface line. Not only do they serve as wonderful tablets, but with the keyboard attachment, they can be solid laptops too. While many Linux users dislike Microsoft, some of them undoubtedly envy Windows hardware. While it is possible to run Linux distros on some Surface tablets, not everything will work flawlessly. Today, release candidate 1 of Linux Kernel 4.8 is announced, and it seems a particularly interesting driver has been added -- the Surface 3 touchscreen controller. "This seems to be building up to be one of the bigger releases lately, but let's see how it all ends up. The merge window has been fairly normal, although the patch itself looks somewhat unusual: over 20 percent of the patch is documentation updates, due to conversion of the drm and media documentation from docbook to the Sphinx doc format. There are other doc updates, but that's the big bulk of it," says Linus Torvalds, Linux creator. Will Microsoft's lower-priced (starting at $499) hybrid computer become the ultimate mobile Linux machine?
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 93

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
DRM

Sega Saturn's DRM Cracked Almost 23 Years After Launch (gamasutra.com) 96

An anonymous reader writes from a report via Gamasutra: The Sega Saturn's DRM has finally been cracked after it hit store shelves nearly 23 years ago in November 1994. Engineer James Laird-Wah first set forth to break through the console's copy protection in an attempt to harness its chiptune capabilities. Laird-Wah has, however, developed a way to run games and other software from a USB stick in the process. Since disc drive failure is a common fault with the game console, his method circumvents the disc drive altogether, instead reworking the Video CD Slot so it can take games stored on a USB stick and run them directly through the Saturn's CD Block. "This is now at the point where, not only can it boot and run games, I've finished just recently putting in audio support, so it can play audio tracks," explained Laird-Wah, speaking to YouTuber debuglive. "For the time being, I possess the only Saturn in the world that's capable of writing files to a USB stick. There's actually, for developers of home-brew, the ability to read and write files on the USB stick that's attached to the device.
Crime

Aaron Swartz Ebook's DRM Has Been Cracked (hackaday.com) 63

Slashdot reader jenningsthecat writes: From Hackaday comes news that the collected writings of Aaron Swartz, released as a watermarked eBook by publishing company Verso Books, has had its watermarking scheme cracked by The Institute for Biblio-Immunology, who also published a guide for removing the BooXtream watermarks.

The writings of Aaron Swartz, with DRM applied? Oh, the irony. Still, at least the DRM employed doesn't restrict a user from reading the book on any and all capable devices, so it's not a very intrusive form of DRM. But I somehow doubt that Mr. Swartz would take any comfort from that...

Piracy

Judge Dismisses Movie Piracy Case, IP-Address Doesn't Prove Anything (torrentfreak.com) 164

An anonymous reader quotes a report from TorrentFreak: In what's believed to be a first of its kind ruling, a federal court in Oregon has dismissed a direct infringement complaint against an alleged movie pirate from the outset. According to the judge, linking an IP-address to a pirated download is not enough to prove direct copyright infringement. In the Oregon District Court, Magistrate Judge Stacie Beckerman recently recommended dismissal of a complaint filed by the makers of the Adam Sandler movie The Cobbler. According to the Judge both claims of direct and indirect infringement were not sufficient for the case to continue. What's unique in this case, is that the direct infringement claims were dismissed sua sponte, which hasn't happened before. To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer. This is traditionally done by pointing out that the IP-address is directly linked to the defendant's Internet connection, for example. However, according to Judge Beckerman this is not enough. In response to community backlash, Oculus has decided to change its DRM policy (again) to allow HTC Vive games to play on the Oculus Rift virtual-reality system.

Slashdot Top Deals