Intel's ME May Be Massively Infringing on Minix3's Free Software License

Software engineer (and IP Watchdog contributor) Fredrik Ohrstrom (a.k.a. Slashdot reader anjara) writes: Almost all Free Software licenses (BSD, MIT, GPL...) require some sort of legal notice (legal attribution) given to the recipient of the software, both when the software is distributed in source and in binary forms. The legal notice usually contains the copyright holder's name and the license text. This means that it's not possible to hide and keep secret the existence of Free Software that you have stuck into your product that you distribute. If you do so, then you are not complying with the Free Software license and you are committing a copyright infringement!

This is exactly what Intel seems to have done with the Intel ME. The Minix3 operating system license requires a legal notice, but so far it seems like Intel has not given the necessary legal notices. (Probably because they want to keep the inside of the ME secret.) Thus not only is Minix3 the most installed OS on our recent x86 CPUs -- but it might also the most pirated OS on our recent x86 CPUs!

Do you think they care?

[Anonymous Coward]

They're a corporation.

Lol.

Re:Do you think they care?

[NoNonAlphaCharsHere]

Corporationsare people, too, my friend. Thieving, evil, soulless people.

Re:Do you think they care?

[gweihir]

So jail them all? Not that I would be opposed...

Re: Do you think they care?

[Z00L00K]

No, just force them to give everyone access to the ME and also how to disable it.

Re: Do you think they care?

[AmiMoJo]

There isn't actually all that much they can do other than demand that every Intel CPU owner gets a copy of the copyright message. Minix was released under a BSD licence so Intel don't have to publish any changes or give up any access, the only requirement being that the acknowledge the original authors and their copyright with every copy they ship.

At best they could force Intel to waste some money notifying people. Since Intel can't know the details of everyone who bought an Intel CPU (I hope) they would probably have to take out adverts all over the world. That could actually be good though, because it will create more negative publicity about the ME.

Re:

[Anonymous Coward]

This is copyright infringement on a massive scale that they've allegedly committed, not exactly something that a "Here's the notice I was required to show you." will fix.

If giving notice is all that needs to be done, then I guess the MPAA should drop all of their lawsuits if the people that are allegedly sharing movies would just delete them. See how that just doesn't work?

Re:

[thegarbz]

That could actually be good though, because it will create more free advertising about the ME.

FTFY. People don't care about the negative parts of it. They sure as hell wouldn't care about some copyright violation.

Re: Do you think they care?

[fortfive]

But who would be the plaintiff?

Re: Do you think they care?

[mseitz]

Vrije Universiteit, Amsterdam, The Netherlands http://git.minix3.org/index.cg... [minix3.org]

Re:

[mysticgoat]

I just read the Minix 3 licensing agreement. The link in parent post is accurate.

A key phrase is " Any deviations from these conditions require written permission from the copyright holder in advance."

Intel may have obtained the necessary written permission to use the code without acknowledging the source. This is not FOSS (possibly if FOSS had been around when Dr Tanenbaum created Minix he and the university would have used one of the FOSS licenses. But possibly since Minix is derived from BSD Unix t

Re:

[ChrisMaple]

Fine Intel 2 shares of Intel stock per instance of infringement, or the cash equivalent, payable to the developers of Minix. That would put ownership of Intel into the hands of the Minix developers, or bankrupt Intel, or both.

Re:

[msauve]

"What sort of damages can Minix claim, here?"

Didn't read the article, did you?

Re:Do you think they care?

[OrangeTide]

If the copyright infringement is willful, the maximum penalty increases to $150,000 per violation.

Why not use MPAA and RIAA tactics against Intel? They can pay $150k per CPU they shipped in the last several years. If the Minix copyright holders are feeling nice, they can accept a lesser settlement instead.

That's how the law works.

Re:

[OrangeTide]

Sorry, this is all theoretical. There is no way that Andrew S. Tanenbaum would move ahead with any sort of legal action.[1] [cs.vu.nl]

Re:Do you think they care?

[TheReaperD]

I favor the corporate death penalty [nyupress.org]. And I'm not being facetious, in general. I actually advocate for a corporate death penalty. Equifax and Wells Fargo are perfect examples of why it is needed.

Re:

[Anne Thwacks]

Most corporations could be expected to plead "Not guilty by reason of insanity" - as a juror, I would be tempted to accept the plea from many of them, including Equifax - provided the penalty is all directors being sent to the loony bin for life.

Re:

[thegarbz]

I generally favour not reducing a oligopoly to a monopoly. Corporate death penalties are usually worse on the market, consumers, workers, and people who own any kind of investments including retirement savings than they are on any of the people involved in the decisions for which you are demanding justice.

Re:

[gweihir]

Make that not a "penalty", but a safety-measure to protect society and I am on board. I think there just needs to be a limit of how much damage to society a corporation is allowed to do before it gets dismantled.

Re:

[thegarbz]

So jail them all? Not that I would be opposed...

To be clear, you wouldn't be opposed to the Government shutting down one of the two remaining PC chip manufacturers and granting a monopoly to the manufacturer who produces core computer parts all over the world?

I think you didn't think this through.

Re:Do you think they care?

[thsths]

No, corporate employees are not usually evil. The secret of a commercial organisation is to diffuse responsibility, so that you can perform evil actions with non-evil employees. Everybody things they are doing the right thing, just following procedures etc, but the end result is often evil.

Re:

[mwvdlee]

Nazi concentration camp guards (or in fact everybody working in those camps) were volunteers. Nobody was forced to work in those camps.
This is actually true for a number of the most extremly amoral things the Nazi's did (like razzia's); those were volunteers and the Nazi's didn't punish those who didn't volunteer either.
Those guards are 100% guilty and cannot hide behind orders.

Re:

[drinkypoo]

Nazi concentration camp guards (or in fact everybody working in those camps) were volunteers. Nobody was forced to work in those camps.

Nobody is "forced" to wear anything but a speedo and tape, either, but just try functioning in society dressed like that. I'm not trying to give anyone a free pass, it's better to die and for your whole family to die than to operate a concentration camp, but suggesting that it was wholly a matter of free will is probably bogus.

the jews where forced to wear Pieces Of Flair

[Joe_Dragon]

the jews where forced to wear Pieces Of Flair

Re:

[OrangeTide]

Do you think perhaps they volunteers to avoid going to the front lines? The concept of choice during a war is not the same concept we enjoy. It's difficult to take statements from even half of the participants and conclude that all of them desired to do it. I guess call me skeptical of wide sweeping generalizations.

Re:Do you think they care?

[Bruce Perens]

ME is turning into a colossal dumpster fire.

You have a point. This is really just another soiled mattress in the dumpster. With used hypos stuck in it.

Re:Do you think they care?

[AmiMoJo]

Hate to say it, but once again RMS is proven right. On multiple counts.

Who am I kidding, I love saying that.

Intel destroying itself?

[Futurepower(R)]

"ME is turning into a colossal dumpster fire."

Or maybe the equivalent of a billion dollar ad campaign against Intel.

Customers don't want spyware. It seems that, if Intel continues to try to force spyware on customers, Intel will eventually go bankrupt. That would be a very, very bad conclusion to the very, very bad management by Intel.

It is EXTREMELY important for the entire world, in my opinion, that Intel stay healthy. (The world needs AMD to stay healthy, also.)

Did the present Intel managers lack the social ability to understand that providing hidden access for hidden invaders would damage Intel's reputation? Apparently Intel needs a new CEO. Maybe other Intel managers should be replaced, also. Most of the technology development parts of Intel has seemed healthy to me; it's the business management that is failing, apparently.

The world was told more than 3 years ago about the hidden control: Secret of Intel Management Engine by Igor Skochinsky [slideshare.net]. (Mar 12, 2014)

Intel was told that there would be problems: Intel's Management Engine is a security hazard, and users need a way to disable it [eff.org]. (May 8, 2017)

Did the present managers lack the social ability to understand that it was likely that hackers would find defects in the Intel Management Engine? One article: Intel Patches Major Flaws in the Intel Management Engine [extremetech.com]. (Nov 22, 2017) Intel's reaction: Intel Management Engine Critical Firmware Update (Intel-SA-00086) [intel.com]. (Dec 5, 2017)

Campaign for which competitor

[DrYak]

"ME is turning into a colossal dumpster fire."
Or maybe the equivalent of a billion dollar ad campaign against Intel.

Yeah, but in favor of whom ?

Look the other giant desktop/workstation/server CPUs maker :
AMD.
Since the curent Zen generation (and in laptop APU, since the previous generation, too) they have AMD PSP : an ARM core, which has few useful uses (storing keys like TPM, can be used to encrypt RAM transparentrly to avoid VMs trying to hack each other, etc.) but is a closed signed blob that can't be audited and has full RAM and bus access.
(at least luckily, unlike Intel ME/AMT it doesn't listen on the network by defa

Re:

[TheReaperD]

Though PC monoculture is a very bad thing, so is too much variance. No one wants a computing world where you can't get more that 25% of software to run on any particular platform so you may need multiple PCs just to use all of the software titles you want to use. This is a minor problem with video game consoles today (I'm looking at you, "console exclusives"!) but, back when there were many more, there was no way to play all the games you wanted to play on a single system as the titles were just not avail

Re:

[Anne Thwacks]

No one wants a computing world where you can't get more that 25% of cars from the same manufacturer.

FTFY

In the real world: where there are multiple architectures, you could reasonably expect people to write most software in high level languages, in a portable way.

Alternatively, the communists like you will take over, and we will all drive Trabants.

Cross-architecture testing is expensive

[tepples]

where there are multiple architectures, you could reasonably expect people to write most software in high level languages, in a portable way.

It costs money to support multiple architectures and multiple operating systems. Even though cross-compilation is possible, cross-testing is a bit more expensive, as it's not quite as practical to judge user interface responsiveness when you're relying on remote access to a leased VPS of the appropriate architecture through RDP, VNC, X11, GoToMyPC, LogMeIn, or the like. If a smaller company hasn't yet ramped up its collection of target hardware on which to test, end users will end up seeing notices like thi

Re: What is needed is for both of them to die.

[Zero__Kelvin]

The locking down on ARM has nothing to do with any limitations of UEFI on ARM. It was a move by Microsoft ... a choice to remove choice ... because they knew they could get away with it. They can do it on x86 just as easily from a technical perspective and many of us expect them to in the not too distant future if they think they can get away with it.

Re: What is needed is for both of them to die.

[Zero__Kelvin]

Hardware wasn't optimized to run Windows. That is ridiculous. I would agree with the other stuff you said of course, but keeping x86 / UEFI doesn't encourage lockdown either. The point is lockdown is a function of marketing and politics that leverages consumer ignorance, and is not tied to any processor.

Re: What is needed is for both of them to die.

[Zero__Kelvin]

You are clearly one of those easily confused people who didn't notice when Microsoft starting trying to make it the hardware's fault when they didn't support it properly. "Do ARM processors support Windows?" News Flash: There is no processor technology that supports a particular OS. Originally VAX was designed so that VMS could support virtual addressing in hardware, but there is nothing, and I mean NOTHING about Windows that is innovative, or that Intel considered when designing their processors. They hav

Re:

[Zero__Kelvin]

"So it made sense for OEMs to make sure Windows ran well, even if other OSs didn't."

This had nothing to do with the hardware "running well" and is strictly about drivers (software.) Secure boot is an optional UEFI module. You can have UEFI without secure boot. Also, UEFI is software, not hardware. It offers the same features for Linux as Windows, and there are Linux distributions that support it. Winmodems were "Windows Only" because of lack of documentation and drivers; there was nothing about the hardw

Re: What is needed is for both of them to die.

[Zero__Kelvin]

Nope. That's still software not supporting the hardware. There is no end run around it.

Prison for not disclosing Intel vulnerabilities?

[Futurepower(R)]

Replies to:
"Our feelings are not doing any financial or reputational damage to the Intel brand."
and to:
"... what are the geeks (such a small market that it can not be measured) going to do about it?"

It is common, I've observed, that technically-knowledgeable people believe they should not get involved with social issues. In fact, however, they have discussions like this one and have a huge amount of power.

What are the legal issues? Can you recommend Intel or AMD hardware without telling the managers of your company or your customers that the hardware is not secure? Could you go to prison for knowingly selling insecure hardware without informing the customers in a way that causes them to fully understand? Suppose a company loses millions of dollars because Intel hardware you recommended was found to be hackable, especially since that kind of vulnerability has already happened. Can you be found liable?

"Intel has been richly rewarded for implementing ME and with AMD implementing similar backdoors..."

Intel SHOULD be "richly rewarded" for that. "Implementing ME" was a good idea. The issue is that was done in a way that Intel has kept hidden, and in a way that customers who don't need that feature are not allowed to understand and cannot control.

It seems to me that the business side of Intel is not being managed well. What I know about Intel management is from talking with Intel employees, sometimes at conventions, sometimes at social events not connected with technology, visiting an Intel campus during an open house event, and from news stories.

Here is one example of what I have learned, from a 2013 news story:

Intel has been emitting fluoride for years without state knowledge, permit [oregonlive.com]. (Sept. 24, 2013)

Quote from that story: "When Intel applied for D1X approval, the company considered its fluoride emissions insignificant and did not include those. It was only when the company applied for the new DEQ permit required by greenhouse gas regulations that it [Intel] requested a 6.4-tons-per-year fluoride emission limit."

Intel is putting 6.4 TONS EACH YEAR of fluoride compounds into the air around its plant! Does that seem to you to be good business management?

My understanding is that there are many areas of bad business management at Intel. The central technological group, however, seems to me to be well-managed. For example, in recent years Intel has released CPUs that provide the same computational power, but lower the electrical energy required. That achievement is good for all humans on the planet.

Re:Intel destroying itself?

[infolation]

The option is open hardware. One of Intel's most vocal anti-ME corporate customers is Google, who are gearing up to replace Intel x86-based servers with the OpenPOWER (IBM Power9) platform in data centres, in part, for this very reason.

No

[Anonymous Coward]

"Intel's ME **May** Be Massively Infringing on Minix3's Free Software License "
[Emphasis mine].

No. They aren't Even the author of Minix thinks it's fine. He thinks it's rude they didn't even tell him. But but didn't have to.

http://www.cs.vu.nl/~ast/intel/

Re:

[Z00L00K]

Rude and flattering, but I think that the unwillingness to tell that Minix was used is due to the "security due to obscurity" reason.

But now when the genie is let loose then it's more a question of when the ME will be hacked.

The license is four sentences. Read it

[raymorris]

The Minix3 standard license is four sentences:
http://git.minix3.org/index.cg... [minix3.org]

The second clause / sentence of the license is:

--
      * Redistributions in binary form must reproduce the above copyright
        notice, this list of conditions and the following disclaimer in the
        documentation and/or other materials provided with the distribution.
--

Intel did not comply with that. Intel violated the license. That's a fact. Tanenbaum isn't too mad about it, and that's fine. If he chooses not to sue them that's all well and good, but it doesn't change the fact that they did not comply with the license. Note Minix can ALSO be licensed under other terms - a company can contact the copyright holders to negotiate a different license, which may include payment. Intel didn't do that.

They had no right to make and sell copies of Minix as part of their CPU, since they didn't do so under the normal license.

Many years ago, Minix wasn't open source. It was sold for $69 / copy. After inflation that's about $150 in 2017 dollars. If Intel has unlawfully sold 500 million copies which they'd now need to pay Tanenbaum for - well he could be a very rich man if he chose to. Even at $1 per copy that's $500 million that Intel owes him.

Re:The license is four sentences. Read it

[Waffle Iron]

Maybe they *did* reproduce the copyright notice. For all we know, it might be etched somewhere on the CPU die in 100nm-tall characters.

Re:

[Megane]

in the documentation and/or other materials provided with the distribution.

Etching it on the CPU die, or even "it's in the binary somewhere!" is specifically not good enough. The ME's use of Minix being a surprise to everyone indicates that they in fact did not follow this term of the license.

Re:

[Megol]

There have to be no copyright notice at all for the copyright to be valid. The copyright doesn't have to be registered to be valid.

The potential problem here is that the license states that it should be noted somewhere that the product uses Minix, not that the copyright notice for Minix wasn't visible before buying the product.

Re:

[Megane]

After logging in to the ME

Oh, you!

Re:

[AmiMoJo]

Even if he personally doesn't want to get rich off it, perhaps any settlement money could be invested in reverse engineering enough of the ME to replace the only currently unremovable bits, i.e. the early boot stuff.

Or better still do the same for AMD parts, so that people who care about security and privacy aren't motivated to give Intel more money.

Re: The license is four sentences. Read it

[Zero__Kelvin]

I think the big win here is that Intel is distributing license violating code in an encrypted form and now the question is what other violations are there. Since the only way to determine that is to give access to the decryption mechanism to actually be able to look at it ....you see where I'm going with this.

I'm passing that suggestion on to Tanenbaum

[raymorris]

You may be right. Tanenbaum or others at the University may be able to subpeona the code. I'm sending him a link to your post.

Minix creator Tanenbaum replied to my email

[raymorris]

Andrew Tanenbaum replied to me / us 20 minutes after I sent him a link to your post. He figures Intel would be will to spend millions fighting a subpeona, so it's not worth it. :(

$750 per copy up to $150,000 per *work*.

[raymorris]

There is a range, but basically $750 per copy, up to $150,000 per work. So Intel owes Tanenbaum $150,000, or whatever damages he can prove.

Re:No

[Bruce Perens]

Does not matter what he thinks, what the license itself says is what matters in a court of law.

If he's the only copyright holder, the decision to sue or not is entirely in his hands. Nobody else would have a right to sue.

Re:

[Carewolf]

Does not matter what he thinks, what the license itself says is what matters in a court of law.

If he's the only copyright holder, the decision to sue or not is entirely in his hands. Nobody else would have a right to sue.

Wasn't there a case recently where one company sued the other for violating the GPL? But the company suing was not a copyright holder but they were allowed to sue anyway, because they were a competitor.

Metabyte vs Nvidia and others

[raymorris]

In general, anyone who was harmed by an unlawful act can sue. The plaintiff would show that:
1) The defendant did an unlawful act (including torts such as negligence)
And
2) That unlawful act caused harm to the plaintiff

In Megabyte vs Nvidia, the copyright infringement may have constituted unfair competition or unfair trade practices under state law. The court ruled that *if certain specific conditions are met*, the federal Copyright Act preempts state common law and the plaintiffs did not prevail.

So while *in

Re:

[Kjella]

If he's the only copyright holder, the decision to sue or not is entirely in his hands. Nobody else would have a right to sue.

In civil court yes, but I think it would be possible to file a criminal complaint. Like if I'm an author and I've sold you the exclusive right to sell my book in the US, but we've had a falling-out and now I'm playing scorched earth. Can I now say "fuck you, not enforcing my copyright" and implicitly let everyone else print and sell my book? If it amounts to commercial copyright infringement it's the public prosecutor making the charge, not the victim. Of course you couldn't get damages, you couldn't stop n

Re:

[Marlin Schwanke]

Does not matter what he thinks, what the license itself says is what matters in a court of law.

Except only the rightsholder has the standing in court to enforce the license.

Re: No

[Zero__Kelvin]

Sure, but there is no law against changing ones mind. If enough people were to talk to Tanenbaum about why it actually IS a big deal he might be persuaded. They DiD for a fact violate. Tanenbaum can choose to do nothing, but that doesn't mean it didn't happen. A thief who gets a pass from the victim is still a thief even if he never gets prosecuted for the crime.

Nothing to see here

[Sephr]

Intel paid for a license and the parties involved are under an NDA.

SoSuMi

[mveloso]

Note that Intel doesn't violate IP, it licenses it. The idea that Intel could violate an IP law is ludicrous.

Re:SoSuMi

[Bruce Perens]

The idea that Intel could violate an IP law is ludicrous.

Ha ha ha ha ha he he. Haw. Snort.

First, you can look at the number of patent infringement lawsuits against them, some of which they lost.

Then, you can consider that any company, regardless of its size, can have a failure of due diligence.

I get paid to fix them all day long.

Re: SoSuMi

[Zero__Kelvin]

He has already publicly stated he had no idea the code was being used and that they contacted him for support which he would not have given if he knew what it was for, so no need to ask what has already been proffered.

Re:

[Anonymous Coward]

I don't think there was money involved, and i don't think there was an NDA.
http://www.cs.vu.nl/~ast/intel... [cs.vu.nl]

But they had a license :)

Re:

[Gavagai80]

"If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users."

In this case, clearly the maximum freedom for the distributor-user to remove the freedom of the end user has been achieved.

Re:

[Megol]

What freedom have been removed?

Re:

[lucasnate1]

The freedom to modify the ME and disable it.

Re:

[anonieuweling]

Slasdotted as cs.vu.nl appears, do we have a mirror?

Re:

[Megol]

Where did you see that they were exempt from the documentation part of the license? I also think that it is fine not documenting the use for this case but being interested in the development doesn't give a copyright/license exemption.

Re: Nothing to see here

[Zero__Kelvin]

They had a license, but they didn't use it. They violated the terms so the license is null and void in this case. Tanenbaum is wrong when he says it is proof the license confers maximum benefit, since again, they didn't adhere to the terms of the license.

Yes, there is indeed something to see

[Bruce Perens]

The author of MINIX, Andrew Tannenbaum, wrote a public letter about hearing that MINIX was in the Management Engine. He did not indicate that Intel had any form of special license or had even informed him that MINIX was in the management engine.

He might not care that he's being infringed, he might not even have figured that out. But it really does look like he's being infringed.

Re:

[religionofpeas]

His name is Tanenbaum.

Re: Yes, there is indeed something to see

[Zero__Kelvin]

He doesn't care who knows his name. Haven't you Hurd? :^)

Re:

[Anonymous Coward]

Sure he did

http://www.cs.vu.nl/~ast/intel/ [cs.vu.nl]

Re:

[fph il quozientatore]

Not sure. At least for a modern free software project, this would not be viable because there are too many contributors: you have to contact everyone who submitted a patch and get their agreement if you want to relicense their code.

Settlement terms: All CPU code must be released

[Anonymous Coward]

But honestly I think we still need to focus on developing CPUs and SoC for which the end-users have complete control over every aspect if we want to inevitably gain control over our devices. We also need a complete set of source code for other chipsets. From wifi an GSM modem chips to graphics and keyboard controllers. It seems that right now the only real project with any progress aiming to do that is EOMA68. Unfortunately this stuff take YEARs and we still don't ultimately have a card or standard complian

The copyright holder does not seem to care...

[williamyf]

... For now.

1.) AST published an open letter, and the fact that the disclaimers are not posted does not seem to bother him much.
See here: http://www.cs.vu.nl/~ast/intel... [cs.vu.nl]

2.) Minix3 License, states that, when distributed in Binary form, the DOCUMENTATION has to reproduce the copyright notice and, well, there is no documentation whatsoever abut the ME.
See here: https://github.com/Stichting-M... [github.com]

Having said that, security through obscurity is not a sensible policy, and AST's courtesy is not enough. If intel is using minix, they should say so and print the license.

Re:

[Bruce Perens]

The license actuall says documentation and/or other materials provided with the distribution.

So, your legal theory doesn't fly, sorry.

Re:

[williamyf]

The license actuall says documentation and/or other materials provided with the distribution.

So, your legal theory doesn't fly, sorry.

I know #2 does not fly.

But, who is going to sue intel for infringment?

The copyright holder is AST, and he is quite ok with the current state of affaires.

The other Option is Vrije Universiteit, and considering the amount of graduates that go work for ASML/Intel, I seriously doubt it...

Re:

[williamyf]

I came back to add an addendum:

My reply was don with all due respect. I was almost certain that #2 was not valid, as IANL. Far from me to catch an online fight with Bruce Perens. A fight which I am certain to lose.

You being a prominent guy in FOSS, probably have more chances of making AST or the Vrije Universiteit to reconsider their stance and either request compliance, or sue Intel for infringement.

In the meantime, again, only AST or Vrije Universiteit can demand intel to comply or sue them, and so far, t

Re:

[Antique Geekmeister]

For casual readers who don't know who "AST" is, that letter at http://www.cs.vu.nl/~ast/intel... [cs.vu.nl] is from Andrew S. Tannenbaum, the primary author of Minix. In the letter, he accepts Intel's current behavior quite explicitly. Andrew also complains, in a postrscript, about the use of ME as a spy engine. If Minix were published under a GPL, instead of a BSD license, Minix developers could demand that ME publish the source code for their modifications used to create the spyware. It is precisely that kind of sec

Re:

[tlhIngan]

If Minix were published under a GPL, instead of a BSD license, Minix developers could demand that ME publish the source code for their modifications used to create the spyware. It is precisely that kind of secretive and abusive misuse of open source work that free software and the GPL licenses was designed to prevent.

Nope, GPL wouldn't help you there, either. If Intel chose to use Linux instead, the spyware wouldn't be covered under the GPL. (And there's far more case history for this example than Minix -

Re:

[skiminki]

Are the management engine binaries stored in the CPU or are they loaded from the motherboard? If the latter, the CPU doesn't ship with Minix and the notices should come with the motherboard, right?

Re:

[Megol]

And here I pop up again and point out that security through obscurity _IS_ added security and _IS_ a valid choice in a system otherwise designed for security.

Re:

[Nite_Hawk]

What makes you think that? Security through obscurity just means that it will take longer for the majority of the world (including yourself) to find out about the flaws. All it really does is grant the people with resources to find those flaws a bigger window of time to operate on them before being caught.

The ramifications are huge too. It's one thing to get hacked, it's another thing to get hacked and never find out (or never be able to plausibly claim that's what happened).

Re:

[thegarbz]

well, there is no documentation whatsoever abut the ME.

You've never been to Intel's website have you? There is a fuckton of documentation on the ME. There is with pretty much everything that gets used for corporate resource management and that is one of the primary selling points of ME.

Management Engine

[dohzer]

For those who wanted to know.

Actual license requirement text

[Bruce Perens]

. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

This does indeed require that something shipped with the hardware should say that MINIX is in there. Even if there is no documentation provided.

The BSD license is the most infringed. Most companies get this wrong. Many of them can tell you why they don't use GPL, and then they infringe on the BSD license, putting themselves in exactly the same place (being a copyright infringer) as if they had used GPL.

Re:

[eddeye]

This does indeed require that something shipped with the hardware should say that MINIX is in there. Even if there is no documentation provided.

Not necessarily. The "and/or" conjunction is a bit sloppy. It indicates flexible interpretation, which can include that notice is only required if at least one of those things is provided (documentation, other materials). If neither are provided with the product, the BSD clause may not be triggered - at least under one reasonable interpretation of the languag

Minix is under a BSD license

[Antique Geekmeister]

You're quite correct. The Minix license is visible at https://github.com/minix3/mini... [github.com] .

I'm not convinced BSD is the most infringed license, but you seem correct that infringing it is common place. One reason difficulty is that the BSD license does not have the clear consequences that GPL violation does, that violation loses access to all other GPL licenses from the same copyright owner. The Free Software Foundation has been using this successfully to enforce GPL compliance.

Re:

[AmiMoJo]

I always thought it would be even better if the GPL cancelled the violator's right to ALL other GPL software, but I guess there probably isn't an international legal basis for that.

Re:

[The Evil Atheist]

There's a common sense basis for that. The GPL isn't an organization or a collective. It's just a licence. A licence, regardless of which country's laws, or international law, cannot forbid the use of other things having the same licence. That would be a ridiculous ability for a licence to have.

Such a thing would also work against the GPL more than help it. What if someone was infringing on one GPL project, but then was a very good contributor to another unrelated project? That other GPL project would su

Re:

[Kjella]

A licence, regardless of which country's laws, or international law, cannot forbid the use of other things having the same licence. That would be a ridiculous ability for a licence to have.

A license can obviously only retract rights to the same work it grants rights for. But the conditions for that can very well be external to the work, for example you can look at the patent retaliation clause in the Apache license which pretty much says if you sue anyone for violating any other patent infringed by this work, then all your patent licenses are terminated. As such it would be entirely possible to write a license where any other GPL violation would terminate this license. Now if that was a stand

Re:

[Antique Geekmeister]

Organizations with large suites of GPL licenses, such as the Free Software Foundation, are in a similar position to companies with large suites of software patents. If the licenses on one tool are violated outrageously, then the license for all components owned by that copyright holder can be withdrawn en masse. That would be a deliberate choice by the FSF. I will note that the FSF has always been _very_ careful about enforcing the GPL judiciously. Violators get every opportunity to comply voluntarily long

Can anyone prove they didn't include notices?

[Phil Hands]

Intel do have lawyers, and free software folk that understand licensing.

I'm sure they are capable of working out that all they need to do to be in compliance is to include the copyright notice somewhere in the binary blob that is ME.

Has anyone actually been in a position to check if they did that or not?

If not, I suspect that this is a non-story.

Also, even if AST were upset enough to sue (which does not appear to be the case), I don't suppose it would cost much to shut him up.

Are there any other copyright h

Re:

[account_deleted]

Comment removed based on user account deletion

Of course in the USA, everyone can lose

[theendlessnow]

I wonder if the folks that determine MInix was in it could face federal prosecution for DMCA.

Sometimes it's not about right or wrong, but about how deep the pockets go.

An offer they couldn't refuse

[DCFusor]

Intel isn't often this stupid. I propose an alternate explanation - NSL by the TLA's demanded they add this backdoor. And can't talk about it. We know this happens to other firms. Occam's razor.

copyright laws are just like other laws

[cas2000]

copyright laws are for people to obey, not for corporations.

copyright laws are for corporations to wield, not for people.

Re:

[skiminki]

Based on the git log of Minix, there are multiple people contributing patches. I would think you'd need to get a contract with more or less every contributor that shows up in the "git blame" of the used release.

It would be very cool (although unlikely) if Intel etched the license in one of the metal layers of the CPU.

Re: DON'T FORGET LINUS ALSO STOLE MINIX!

[Zero__Kelvin]

You should have logged in. You could have won the internet in the "Most Stupid and Misinformed Post" category. Hint: Tanenbaum argued that Linux should take the Minix / Microkernel approach which Linux rejected in favor of a monolithic approach.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[viperidaenz]

Correction, the author has made it sort of clear he has not explicitly given Intel a license. He did say they talked about licensing.
What is clear though, is the author in question has no right to give out any license. The copyright holder is the university he works at, not him. There has been no statement from the university.