While the RIAA has objected to a tool for downloading online videos, EFF senior activist Elliot Harmon responds with this question. "Who died and put them in charge of YouTube?"

He asks the question in a new video "explainer" on the controversy, and argues in a new piece at EFF.org that the youtube-dl tool "doesn't infringe on any RIAA copyrights." RIAA's argument relies on a different section of the DMCA, Section 1201. DMCA 1201 says that it's illegal to bypass a digital lock in order to access or modify a copyrighted work. Copyright holders have argued that it's a violation of DMCA 1201 to bypass DRM even if you're doing it for completely lawful purposes; for example, if you're downloading a video on YouTube for the purpose of using it in a way that's protected by fair use. (And thanks to the way that copyright law has been globalized via trade agreements, similar laws exist in many other jurisdictions too.) RIAA argues that since youtube-dl could be used to download music owned by RIAA-member labels, no one should be able to use the tool, even for completely lawful purposes.

This is an egregious abuse of the notice-and-takedown system, which is intended to resolve disputes over allegedly infringing material online. Again, youtube-dl doesn't use RIAA-member labels' music in any way. The makers of youtube-dl simply shared information with the public about how to perform a certain task — one with many completely lawful applications.
Harmon wants to hear from people using youtube-dl for lawful purposes. And he also links to an earlier EFF piece arguing that DMCA 1201 "is incredibly broad, apparently allowing rightsholders to legally harass any 'trafficker' in code that lets users re-take control of their devices from DRM locks..."

And EFF's concern over DMCA 1201 has been ongoing: DMCA 1201 has been loaded with terrible implications for innovation and free expression since the day it was passed. For many years, EFF documented these issues in our "Unintended Consequences" series; we continue to organize and lobby for temporary exemptions to its provisions for the purposes of cellphone unlocking, restoring vintage videogames and similar fair uses, as well as file and defend lawsuits in the United States to try and mitigate its damage. We look forward to the day when it is no longer part of U.S. law.

But due to the WIPO Copyright Treaty, the DMCA's anti-circumvention provisions infest much of the world's jurisdictions too, including the European Union via the Information Society Directive 2001/29/EC.

Science fiction writer Cory Doctorow (also a former EFF staffer and activist) explains why he's crowdfunding his new audiobook online. Despite the large publishers for his print editions, "I can't get anyone to do my audiobooks. Amazon and its subsidiary Audible, which controls 90% of the audiobook sales, won't carry any of my audiobooks because I won't let them put any of their digital rights management on it.

"I don't want you locked in with their DRM as a condition of experiencing my work," he explains in a video on Kickstarter. "And so I have to do it myself."

He's promising to sell the completed book through all the usual platforms "except Audible," because "I want to send a message. If we get a lot of pre-orders for this, it's going to tell something to Amazon and Audible about how people prioritize the stories they love over the technology they hate, and why technological freedom matters to people.

"It's also going to help my publisher and other major publishers understand that there is an opportunity here to work with crowdfunding platforms in concert with the major publishers' platforms to sell a lot of books in ways that side-step the monopolists, and that connect artists and audiences directly."

it's the third book in a series which began with the dystopian thriller Little Brother (recommended by Neil Gaiman) and continued with a sequel named Homeland. ("You may have seen Edward Snowden grab it off his bedstand and put it in his go bag and go into permanent exile in Hong Kong in the documentary Citizen 4," Doctorow says in his fundraising video.) The newest book, Attack Surface, finds a "technologist from the other side" — a surveillance contractor — now reckoning with their conscience while being hunted with the very cyber-weapons they'd helped to build. "There are a lot of technologists who are reckoning with the moral consequences of their actions these days," Doctorow says, adding "that's part of what inspired me to write this...

"Anyone who's been paying attention knows that there's been a collision between our freedom and our technology brewing for a long time."

Just three days after launching the Kickstarter campaign, Doctorow had already raised over $120,000 over his original goal of $7,000 — with 26 days left to go. And he also promises that the top pledge premium is for real....

$10,000	You and Cory together come up with the premise for his next story in the "Little Brother" universe.
$75 or more	All three novels as both audiobooks and ebooks
$40 or more	All three novels as audiobooks
$35 or more	All three novels as ebooks
$25 or more	The audiobook and the ebook of Cory's new novel, Attack Surface
$15 or more	The audiobook for Attack Surface
$14 or more	The new book Attack Surface in ebook format as a .mobi/.epub file
$11 or more	The second book in the series, Homeland, in ebook format as a .mobi/.epub file
$10 or more	The first novel in the series in ebook format as a .mobi/.epub file
$1 or more	Cory will email you the complete text of "Little Brother," the first book in the series, cryptographically signed with his private key

Several organizations have asked the Copyright Office to renew the exemption to the DMCA's DRM circumvention restrictions. This would allow, they argued, abandoned online games to be preserved for future generations. In addition, the Software Preservation Network and the Library Copyright Alliance have asked for an expansion to allow these games to be made available more broadly.

Oakland's nonprofit "Museum of Art and Digital Entertainment" housed 40,000 historic pieces of videogame memorabilia — including 11,000 playable games. In 2017 they were the ones urging America's copyright office to allow museums and libraries to circumvent DRM to preserve abandoned online games like FIFA World Cup, Nascar and The Sims. The museum's sponsors include GitHub, Google, PlayStation, and Dolby Digital.

But now the MADE is "set to close its doors, with uncertainty ahead about whether it'll ever be able to reopen," reports GamesIndustry.biz: Founder and director Alex Handy said in an interview with GamesBeat that the group managing the museum couldn't reach an agreement on rent for the place during the COVID-19 crisis... 80% of its budget comes from admissions, its website says, and since it's been closed since March due to the pandemic, it's now forced to shut down and move its collections to storage.

Storage will be paid for thanks to donations — still open on this page and will also go towards eventually finding a new space for the museum. "The current plan is to stay in storage for two years while we raise the funds and make plans to create our dream video game museum," the museum's website reads. "When we're ready, we will be back and better than ever, mark our words."

Jim Salter, reporting for ArsTechnica: A reader tipped us off today that HBO Max stopped working a couple of weeks ago for Linux users, under any Web browser. Any attempt to play back a video on the streaming service on a Linux system -- regardless of distribution or browser -- returns an error saying, "We're having trouble playing this video. Please try again later." Unfortunately, trying again later won't help -- the root cause of the problem is that the Widevine DRM attempting to protect HBO Max's content from pirates is refusing to recognize any Linux system as a known platform.

We saw the same thing happen in January, when CBS All Access suddenly stopped working on Linux in the same way. When we asked CBS executives if they had enabled the Verified Media Path (VMP) requirement on their Widevine server, they suddenly clammed up -- but later that day, the service miraculously worked for Linux users again. We did verify that HBO Max will not work on Linux browsers and that the problem is -- once again -- Widevine DRM refusing to issue a license. Although HBO Max has not returned requests for comment at press time, it seems very likely that the cause here is the same as it was for CBS All Access back in January. It seems like somebody enabled Verified Media Path on the Widevine server, and since the Linux kernel is not a verified media path, Linux users can't get a license and can't watch the content.

Since its 1996 PC release, id's seminal shooter Quake has been ported to everything from flip phones and smartphones to game consoles and Web browsers. But even many serious fans of the series don't know about Quake Arcade Tournament Edition (Quake ATE), an officially licensed version of the game that ran on custom arcade cabinets. From a report: Even among those who know about it, few ever got a chance to play it during the brief time it was in arcades, and hardware-based DRM built into the cabinet meant the game wasn't playable on home emulators. That state of affairs now seems set to change thanks to the recent release of a Windows executable that can decrypt the data dumped from those aging arcade hard drives for play on a modern home computer.

Microsoft today published technical details about a new security feature that will soon be part of Windows 10. From a report: Named Kernel Data Protection (KDP), Microsoft says this feature will block malware or malicious threat actors from modifying (corrupting) the operating system's memory. According to Microsoft, KDP works by giving developers access to programmatic APIs that will allow them to designate parts of the Windows kernel as read-only sections. "For example, we've seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver," Microsoft's Base Kernel Team said today. "KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with." Microsoft says this new technology was developed with security in mind but that it also has other applications, such as anti-cheat and digital rights management (DRM) software.

An anonymous reader quotes a report from Motherboard: Earlier this year, we brought you the sordid tale of the GE refrigerator that won't dispense filtered water unless consumers pay extra for "official" filters from the company. This sort of digital rights management and artificial, software-enforced monopoly is a scourge on consumer rights. Now, finally, a fed up customer has found a way to bypass GE's refrigerator DRM, and has posted instructions online.

The anonymous person registered a website called gefiltergate.com, and explained that by swapping the RFID tag from an official GE refrigerator to a third-party filter they bought on Amazon, they can get the refrigerator to continue filtering water as normal. For reference, third-party filters cost as little as $13; GE filters cost $55. I'm gonna go ahead and call this a "hack," because they're bypassing an artificial software lock to circumvent DRM, which is, at least in spirit, a hack, and a cool one at that. The hack was also done by Jack Busch over at GroovyPost last month. To make your fridge use "unauthorized" filters, you need to take the old filter out, flip it over, and carefully remove the RFID chip. This chip tells the fridge that it's a "real" filter. This chip is glued down, and the person on gefiltergate suggested that rather than try to pry it up, you can simply cut around it with a Dremel or a saw. They then taped the RFID chip to the circuit board that checks whether a filter is authorized. This then allows them to use third-party filters, no problem. As Busch explains in his blog post, the refrigerator will say "not filtering," but it will dispense water that goes through the new filter, so it does indeed work.

An anonymous reader shares a report: Western Digital has been receiving a storm of bad press -- and even lawsuits -- concerning their attempt to sneak SMR disk technology into their "Red" line of NAS disks. To get a better handle on the situation, ArsTechnica purchased a Western Digital 4TB Red EFAX model SMR drive and put it to the test ourselves. [...] Recently, the well-known tech enthusiast site Servethehome tested one of the SMR-based 4TB Red disks with ZFS and found it sorely lacking. The disk performed adequately -- if underwhelmingly -- in generic performance tests. But when Servethehome used it to replace a disk in a degraded RAIDz1 vdev, it required more than nine days to complete the operation -- when all competing NAS drives performed the same task in around sixteen hours.

[...] We want to be very clear: we agree with Seagate's Greg Belloni, who stated on the company's behalf that they "do not recommend SMR for NAS applications." At absolute best, SMR disks underperform significantly in comparison to CMR disks; at their worst, they can fall flat on their face so badly that they may be mistakenly detected as failed hardware. With that said, we can see why Western Digital believed, after what we assume was a considerable amount of laboratory testing, that their disks would be "OK" for typical NAS usage. Although obviously slower than their Ironwolf competitors, they performed adequately both for conventional RAID rebuilds and for typical day-to-day NAS file-sharing workloads. We were genuinely impressed with how well the firmware adapted itself to most workloads -- this is a clear example of RFC 1925 2.(3) in action, but the thrust does appear sufficient to the purpose. Unfortunately, it would appear that Western Digital did not test ZFS, which a substantial minority of their customer base depends upon.

"Doom Eternal has become the latest game to use a kernel-level driver to aid in detecting cheaters in multiplayer matches," reports Ars Technica: The game's new driver and anti-cheat tool come courtesy of Denuvo parent Irdeto, a company once known for nearly unbeatable piracy protection and now known for somewhat effective but often cracked piracy protection. But the new Denuvo Anti-Cheat protection is completely separate from the company's Denuvo Anti-Tamper technology... The new Denuvo Anti-Cheat tool rolls out to Doom Eternal players after "countless hours and millions of gameplay sessions" during a two-year early access program, Irdeto said in a blog post announcing its introduction. But unlike Valorant's similar Vanguard system, the Denuvo Anti-Cheat driver "doesn't have annoying tray icons or splash screens" letting players monitor its use on their system. "This invisibility could raise some eyebrows," Irdeto concedes.

To assuage any potential fears, Irdeto writes that Denuvo Anti-Cheat only runs when the game is active, and Bethesda's patch notes similarly say that "use of the kernel-mode driver starts when the game launches and stops when the game stops for any reason...."

"No monitoring or data collection happens outside of multiplayer matches," Denuvo Anti-Cheat Product Owner Michail Greshishchev told Ars via email. "Denuvo does not attempt to maintain the integrity of the system. It does not block cheats, game mods, or developer tools. Denuvo Anti-Cheat only detects cheats." Greshishchev added that the company's driver has received "certification from renown[ed] kernel security researchers, completed regular whitebox and blackbox audits, and was penetration-tested by independent cheat developers." He said Irdeto is also setting up a bug bounty program to discover any flaws they might have missed.

And because of Denuvo Anti-Cheat's design, Greshishchev says the driver is more secure than others that might have more exposure to the Internet. "Unlike existing anti-cheats, Denuvo Anti-Cheat does not stream shell code from the Web," Greshishchev told Ars. "This means that, if compromised, attackers can't send down arbitrary malware to gamers' machines...."

If a driver exploit is discovered in the wild, Greshishchev told Ars that revocable certificates and self-expiring network keys can be used as "kill switches" to cut them off.

According to users on Reddit and ResetEra, Bethesda launched Doom Eternal with a DRM-free copy of the game's executable sitting in plain sight amid the download package. Ars Technica reports: Forum users on Reddit and ResetEra were among the first yesterday to report on the "official" DRM-free leak, which sat in a sub-folder titled "Original" for the Bethesda Launcher version of the game. That 67MB file can reportedly replace the 370MB, DRM-protected executable in the main game folder with minimal effort and no practical effect on playability. Ars has been unable to independently verify these reports, as a subsequent patch has apparently removed the DRM-free executable. But the trackers at CrackWatch and repackers in the cracking community have confirmed that the DRM-free version was distributed and working shortly after launch. And while the DRM-free version still requires a Bethesda account login the first time it's run, forum reports suggest crackers have already discovered a simple method to patch that check for a completely offline pirated experience.

Gizmodo shares the saga of a now-deleted video claiming to show Call of Duty's new "battle royale" mode: The YouTube video, initially posted by a user who goes by TheGamingRevoYT, was slammed with a copyright claim and ripped from the platform. Meanwhile, other gamers noticed that Reddit posts and Twitter threads even mentioning the upcoming release were being taken down for "copyright infringement." Last week, when one Redditor found a leak of what appeared to be the cover art for the new game, that got hit with a copyright claim too — and some other legal action. According to court documents obtained by TorrentFreak, Activision has spent the last week actively subpoenaing Reddit to uncover the identity of the Reddit user who leaked the initial artwork...

It's worth noting, as TorrentFreak points out, that there wasn't technically any "infringing content" posted to the thread itself — just an external link to a site that hosted the image in question.

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

dryriver writes: The 2010s were not necessarily the greatest decade to live through. AAA computer games were not only DRM'd and internet tethered to death but became increasingly formulaic and pay-to-win driven, and poor quality console ports pissed off PC gamers. Forced software subscriptions for major software products you could previously buy became a thing. Personal privacy went out the window in ways too numerous to list, with lawmakers failing on many levels to regulate the tech, data-mining and internet advertising companies in any meaningful way. Severe security vulnerabilities were found in hundreds of different tech products, from Intel CPUs to baby monitors and internet-connected doorbells. Thousands of tech products shipped with microphones, cameras, and internet connectivity integration that couldn't be switched off with an actual hardware switch. Many electronics products became harder or impossible to repair yourself. Printed manuals coming with tech products became almost non-existent. Hackers, scammers, ransomwarers and identity thieves caused more mayhem than ever before. Troll farms, click farms and fake news factories damaged the integrity of the internet as an information source. Tech companies and media companies became afraid of pissing off the Chinese government.

Windows turned into a big piece of spyware. Intel couldn't be bothered to innovate until AMD Ryzen came along. Nvidia somehow took a full decade to make really basic realtime raytracing happen, even though smaller GPU maker Imagination had done it years earlier with a fraction of the budget, and in a mobile GPU to boot. Top-of-the-line smartphones became seriously expensive. Censorship and shadow banning on the once-more-open internet became a thing. Easily-triggered people trying to muzzle other people on social media became a thing. The quality of popular music and music videos went steadily downhill. Star Wars went to shit after Disney bought it, as did the Star Trek films. And mainstream cinema turned into an endless VFX-heavy comic book movies, remakes/reboots and horror movies fest. In many ways, television was the biggest winner of the 2010s, with many new TV shows with film-like production values being made. The second winner may be computer hardware that delivered more storage/memory/performance per dollar than ever before.

To the question: What, dear Slashdotters, will the 2020s bring us? Will things get better in tech and other things relevant to nerds, or will they get worse?

This post contains spoilers for Star Wars: The Rise of Skywalker.
Jason Koebler, writing for Motherboard: Emperor Palpatine is back with a fleet of planet-killing Star Destroyers, the masses are scared to fight the Final Order, and the last glimmer of hope for the rebellion is nearly stamped out by ... overbearing DRM? The Rise of Skywalker is an allegory for the dystopian nightmare we are quickly hurtling toward, one in which we don't own our droids (or any of our other stuff), their utility hampered by arbitrary decisions and software locks by monopolistic corporations who don't want us to repair our things. In Skywalker, C3PO, master of human-cyborg relations, speaks six million languages including Sith (spoken by the Dark Side), but a hard-coded software lock (called Digital Rights Management here on Earth) in his circuitry prevents him from translating Sith aloud to his human users. Presumably, this is to prevent the droid from being used by the Sith, but makes very little sense in the context of a galactic war that has relied so heavily on double agents, spies, and leaked plans and documents. The only explanation that makes any sense is a greedy 3PO manufacturer that sells the Sith language pack as a microtransaction and a galactic Congress that hasn't passed strong right to repair laws for the junk traders, droid mechanics, and droid users of the galaxy. C3PO's software lock is a major plot point in Skywalker as he's unable to translate a Sith passage that could lead our heroes to the Sith planet that the aforementioned Palpatine is hanging out on.

"Linux users can now stream shows and movies from the Disney+ streaming service after Disney lowered the level of their DRM requirements," reports Bleeping Computer: When Disney+ was first launched, Linux users who attempted to watch shows and movies were shown an error stating "Something went wrong. Please try again. If the problem persists, visit the Disney+ Help Center (Error Code 83)."

As explained by Hans de Goede, this error was being caused by the Disney+ service using the highest level of security for the Widevine Digital Rights Management (DRM) technology. As some Linux and Android devices did not support this higher DRM security level, they were unable to stream Disney+ shows in their browsers... Yesterday, Twitter users discovered that Disney+ had suddenly started working on Linux browsers after the streaming service tweaked their DRM security levels...

Even with Disney+ lowering the DRM requirements, users must first make sure DRM is enabled in the browser. For example, Disney+ will not work with Firefox unless you enable the "Play DRM-controlled content" setting in the browser.

As of this week, players who owned a legitimate copy of Tron: Evolution they paid for but never played it, no longer can. From a report: Tron: Evolution, a tie-in game for the 2010 Tron: Legacy film, used SecurRom, a form of digital rights management (DRM), and publisher Disney hasn't paid its bill. This means Disney can no longer authenticate purchases and "unlock" copies of the game that people bought but haven't used yet. Players first noticed they couldn't play the game after purchasing it in October, but a thread on Reddit today brought more attention to the issue. "I often buy games on sales, but don't play them immediately," user Renusek said on Reddit. "Yesterday I decided to play Tron: Evolution, maybe even practice speedrunning it, so I install the game, try to activate it (game still uses SecuROM DRM) and... the serial key has expired (?!)." SecurROM is DRM software that companies attach to video games to make sure they aren't downloaded illegally. It was popular among big game publishers some years back, often causing havoc and annoyance to players.

Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip. From a report: Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more. Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it. If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.

An unspecified number of smart TVs manufactured by Samsung will lose native support for Netflix next month, the companies said in an announcement this week. From a report: Netflix app installed -- or available for -- Samsung smart TVs manufactured in 2010 and 2011 (C and D lineups) -- and likely sold for many years after that -- will stop functioning December 2, Samsung alerted customers this week. In a statement, a company spokesperson said these TV models were sold only in the U.S. and Canada. In its statement, the top smart TV manufacturer advised affected customers to look for a game console, streaming media player, set-top box or other devices that still support Netflix app to continue their binge-watching sessions. A Netflix spokesperson cited technical limitations for the change. The developement comes weeks after Netflix alerted several Roku customers that they, too, will lose access to the streaming service on December 1.

Adobe, Twitter, and The New York Times Company have announced a new system for adding attribution to photos and other content. A tool will record who created a piece of content and whether it's been modified by someone else, then let other people and platforms check that data. The Verge reports: The overall project is called the Content Authenticity Initiative, and its participants will hold a summit on the system in the next few months. Based on what Adobe has announced, the attribution tool is a piece of metadata that can be attached to a file. Adobe doesn't describe precisely how it will keep the tag secure or prevent someone from copying the content in a way that strips it out. Adobe chief product officer Scott Belsky said that some technical details will be worked out at the summit. Adobe described this system as a way to verify "authenticity" online. And The New York Times Company's research and development head, Marc Lavallee, suggested it could fight misinformation by helping people discern "trusted news" on digital media platforms.

But the most obvious uses include identifying a photo's source and making sure artists get credit for their work. Many photos and webcomics circulate anonymously on platforms like Twitter, and an attribution tag would help trace those images back to their creator. This depends entirely on how well the CAI system works, however. Tags wouldn't be very useful if they could be easily altered or removed, but if the system preserves security by tightly controlling how people can interact with the image, it could have the same downsides as other digital rights management or DRM systems.