If you plan on streaming content from the new Disney+ streaming service on Linux devices, you'll likely be greeted with Error Code 83. Fedora Linux package maintainer Hans De Goede from the Netherlands first made the unpleasant discovery. gHacks reports: De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

A user on the Dutch site Tweakers dug deeper and uncovered the response code that the site returned when a device or browser was used that could not be used to play streams. According to the information, error code 83 means that the platform verification status is incompatible with the security level. Disney uses the DRM solution Widevine to protect its streams from unauthorized activity. Widevine supports three different security levels, called 1, 2 and 3, which have certain requirements. The supported level determines the maximum stream quality and may even prevent access to a stream if the requirements are not met. It appears that Disney set Widevine to a more restrictive level than its competitors. The decision affects Disney+ on Linux devices and on other devices that don't support the selected Widevine security standard.

This year's "International Day Against DRM" is highlighting user-disrespecting restrictions on educational materials.

An anonymous reader quotes the Free Software Foundation's Defective By Design site: The "Netflix of textbooks" model practiced by Pearson and similar publishers is a Trojan horse for education: requiring a constant Internet connection for "authentication" purposes, severely limiting the number of pages a student can read at one time, and secretly collecting telemetric data on their reading habits.

Every year, we organize the International Day Against DRM (IDAD) to mobilize protests collaboration, grassroots activism, and in-person actions against the grave threat of DRM. For IDAD 2019, we are calling on Pearson and similar companies to stop putting a lock on our learning, and demonstrate their alleged commitment to education by dropping DRM from their electronic textbooks and course materials. At the same time, it is our plan to show that a better world is possible by encouraging people to contribute to collaborative and DRM-free textbooks, and resist the stranglehold these publishers are putting on something as fundamental as one's education. To help us, join the Defective by Design (DbD) coalition as we organize local and remote hackathons on free culture educational materials, and an in-person protest of Pearson Education on Saturday, October 12th.
The group is joined in this year's event by the Electronic Frontier Foundation, Creative Commons, and The Document Foundation (as well as 10 other participating organizations). Here's some of the site's suggestions for ways to participate:

• In Boston, we'll be leading the way with our own demonstration on October 12th, 2019, at Pearson Education's corporate offices, followed by an evening hackathon on collaborative, freely licensed educational materials... We'll be providing activists around the world with support on how they can stage their own local in-person event, as well as how to join us online while we help improve the free and ethical alternatives to educational materials restricted by DRM.

• The easiest way to participate is to join us in going a Day Without DRM, and resolve to spend an entire day (or longer!) without Netflix, Hulu, and other restricted services to show your support of the movement. Document your experiences on social media using the tags "#idad" or "#dbd", and let us know at info@defectivebydesign.org if you have a special story you'd like us to share.

• Print and share our dust jacket design, which you can slip over your "dead tree" books (while you still have them) to warn others of the dangers of ebook DRM. Pass them out at coffee shops, libraries, and wherever readers congregate!

thegarbz writes: It seems not a day goes by without yet another story reflecting poorly on major browsers. Not uncommon are stories that are mixed with a degree of bloat, either discussing rarely used features or directly criticizing memory consumption of major browsers. Unfortunately memory consumption is quite often the result of complete feature implementation of technologies used on the web, including DRM for streaming services and WebRTC. Other times it's the result of security measures, feature creep, or poor coding.

So in 2019 for those of us with slower tablets, what browser do you use as an alternative to the big two? How well does it work with the modern HTML5 internet? Are websites frequently broken does the simplicity of other browsers largely go unnoticed?

dryriver writes: Thousands of charmingly old-fashioned computer and console games from the 8-bit, 16-bit, MS-DOS era are easily re-playable today in a web browser -- many Abandonware websites now feature play-in-browser emulated games. Here is a video of 101 charming old MS-DOS games, most of which can be re-played on Abandonware websites across the internet in seconds.

But what about today's cloud-linked, DRM crippled games, which won't even work without Steam/Origin/UPlay, and many of which don't even allow you to host your own multiplayer servers anymore? How will we play them 20 years from now -- on what may be Android, Linux or other OSs -- when they are tethered into the cloud? And is writing a fully-working emulator for today's complex Windows/DirectX games even feasible?

How will Abandonware work 20 years from now?

Slashdot reader pgmrdlm quotes Bloomberg: Pornography producers and sellers account for the lion's share of copyright-infringement lawsuits in the U.S. -- and judges may have seen enough. The courts are cracking down on porn vendors that file thousands of lawsuits against people for downloading and trading racy films on home computers, using tactics a judge called a "high tech shakedown." [Alternate link here.] In one case, two men were jailed in a scheme that netted $6 million in settlements.

The pornography companies have "a business model that seeks to profit from litigation and threats of litigation rather than profiting from creative works," said Mitch Stoltz, a senior attorney with the Electronic Frontier Foundation, a San Francisco group that has waged a campaign against companies it thinks abuse the copyright system.

Two companies that make and sell porn are responsible for almost half of the 3,404 copyright lawsuits filed in the U.S. in the first seven months of this year, according to an analysis by Bloomberg Law's Tommy Shen... The companies say they are protecting their movies from piracy and infringement under U.S. copyright law, as major movie studios have done for decades, and suggest that the content of their films is the reason for the wrath of the judges. But some of the tactics used in their infringement suits to identify targets and force settlements have critics -- and some jurists -- up in arms and may require congressional actions to fix.

The suits don't initially name names. They identify the Internet Protocol addresses using peer-to-peer networks like BitTorrent to download or distribute the movies and then file suits against âoeJohn Doesâ and ask the courts to order internet service providers, like Verizon Communications Inc. or Comcast Corp., to identify the account subscribers. Those people are then contacted by the porn company lawyers.
One lawyer notes that the lawsuits target users in wealthier areas, reports Bloomberg, which adds that in December one district judge even refused to grant the request for identities, ruling that the porn company "treats this court not as a citadel of justice, but as an ATM."

And last month a federal judge cited that ruling when refusing to enter a judgment in another case.

Forbes reports: In July, members of the federal Senate Judiciary Committee chose to move forward with a bill targeting copyright abuse with a more streamlined way to collect damages, but critics say that it could still allow big online players to push smaller ones around -- and even into bankruptcy.

Known as the Copyright Alternative in Small-Claims Enforcement (or CASE) Act, the bill was reintroduced in the House and Senate this spring by a roster of bipartisan lawmakers, with endorsements from such groups as the Copyright Alliance and the Graphic Artists' Guild. Under the bill, the U.S. Copyright Office would establish a new 'small claims-style' system for seeking damages, overseen by a three-person Copyright Claims Board. Owners of digital content who see that content used without permission would be able to file a claim for damages up to $15,000 for each work infringed, and $30,000 in total, if they registered their content with the Copyright Office, or half those amounts if they did not.
"Easy $5,000 copyright infringement tickets won't fix copyright law," argues the EFF, in an article shared by long-time Slashdot reader SonicSpike: The bill would supercharge a "copyright troll" industry dedicated to filing as many "small claims" on as many Internet users as possible in order to make money through the bill's statutory damages provisions. Every single person who uses the Internet and regularly interacts with copyrighted works (that's everyone) should contact their Senators to oppose this bill...

[I]f Congress passes this bill, the timely registration requirement will no longer be a requirement for no-proof statutory damages of up to $7,500 per work. In other words, nearly every photo, video, or bit of text on the Internet can suddenly carry a $7,500 price tag if uploaded, downloaded, or shared even if the actual harm from that copying is nil. For many Americans, where the median income is $57,652 per year, this $7,500 price tag for what has become regular Internet behavior would result in life-altering lawsuits from copyright trolls that will exploit this new law.

To celebrate the 25th anniversary of Doom, there's now mobile versions in the Google Play Store, reports Android Police, "and since this is a 25th-anniversary release, it includes the fourth expansion Thy Flesh Consumed. It's the complete package folks, and it's finally available on Android as an official release."

And in addition, three Doom re-releases are now available for the Nintendo Switch, Xbox One, and PlayStation 4, reports the Verge -- though there was one little glitch: Bethesda says it'll get rid of the strange requirement that players must log into an online account before they play the newly re-released versions of Doom, Doom II, and Doom 3, which went live yesterday. Players quickly criticized Bethesda for the seemingly ridiculous limitation -- the first of these games was released more than 25 years ago, at a time when there was obviously no internet requirement. The online login will be made optional in a coming update, Bethesda said today.
The re-releases were part of QuakeCon 2019, reports IGN, noting that Bethesda also showcased Doom Eternal's multiplayer, "revealing new details about the unique 1v2 Battle Mode."

Forbes hails the re-releases as "id Software's fast-paced, ultra-violent...classic shooters," adding that "It appears the re-releases are actually Unity remakes, though whether much has changed beyond resolution support remains to be seen." But they may also have some other minor differences, Engadget reports: There have been a few other complaints as well, such as the addition of copy protection, graphical changes (such as filtering that softens those 1993-era graphics) and apparent music tempo slowdowns on the Switch. That's not including the removal of downloads for the old PS3 and Xbox 360 versions. It's not a fiasco, but these clearly weren't the straightforward ports some were expecting.

Texbook publishing giant Pearson will soon be publishing a lot fewer textbooks. It said this week it's ending regular revisions of all print textbooks in its higher-education category. As Pearson faces mounting pressure from the resale market, the move signals a growing shift in the publishing industry to a "digital-first" model. From a report: Instead of revising all 1,500 of its active titles every three years according to the print schedule, the British education publisher said it will focus on updating its digital products more frequently, offering artificial intelligence capabilities, data analytics and research. Pearson is billing the decision as a way to help drive down college costs for students. But the company and the education publishing industry as a whole have been criticized for years for the rising prices of textbooks. That has pushed a majority of students into secondhand textbook markets like Chegg or spurred them to forego buying class materials altogether. The average cost of college textbooks rose about four times faster than the rate of inflation over the last decade. "Our digital first model lowers prices for students and, over time, increases our revenues," Fallon said in a statement. "By providing better value to students, they have less reason to turn to the secondary market. Pearson's e-books can cost about $40 on average and go up to $79 for additional learning tools like homework assistance. That compares to prices that can go as high as $200 or $300 for a print textbook, according to Pearson CEO John Fallon, though students can still rent one for $60 on average.

Former Supreme Court Justice John Paul Stevens passed away Tuesday evening of complications following a stroke he suffered on July 15. He was 99 years old. An anonymous Slashdot reader shares a lightly edited version of Ars Technica's 2010 story that originally marked his retirement from the Supreme Court: In April 2010, the Supreme Court's most senior justice, John Paul Stevens, announced his retirement. In the weeks that followed, hundreds of articles were written about his career and his legacy. While most articles focus on 'hot button' issues such as flag burning, terrorism, and affirmative action, Stevens' tech policy record has largely been ignored. When Justice Stevens joined the court, many of the technologies we now take for granted -- the PC, packet-switched networks, home video recording -- were in their infancy. During his 35-year tenure on the bench, Stevens penned decisions that laid the foundation for the tremendous innovations that followed in each of these areas.

For example, Stevens penned the 1978 decision that shielded the software industry from the patent system in its formative years. In 1984, Hollywood's effort to ban the VCR failed by just one Supreme Court vote; Stevens wrote the majority opinion. And in 1997, he wrote the majority opinion striking down the worst provisions of the Communications Decency Act and ensuring that the Internet would have robust First Amendment protections. Indeed, Justice Stevens probably deserves more credit than any other justice for the innovations that occurred under his watch. And given how central those technologies have become to the American economy, Stevens' tech policy work may prove one of his most enduring legacies. In this feature, we review Justice Stevens' tech policy decisions and salute the justice who helped make possible DRM-free media devices, uncensored Internet connections, free software, and much more. As the report mentions, Stevens was the Supreme Court's cryptographer. "Stevens attended the University of Chicago, graduating in 1941. On December 6 -- the day before the Japanese attacked Pearl Harbor -- Stevens enrolled in the Navy's correspondence course on cryptography."

"Stevens spent the war in a Navy bunker in Hawaii, doing traffic analysis in an effort to determine the location of Japanese ships," the report adds. "He was an English major, not a mathematician, but he proved to have a knack for cryptographic work."

News blog TorrentFreak spoke with a member of piracy group "The Scene" to understand how they obtain -- or rip -- movies and shows from sources such as Netflix and Amazon Prime Video. The technique these people use is different from hardware capture cards or software-based 'capping' tools. From the report: "Content for WEB releases are obtained by downloading the source content. Whenever you stream a video online, you are downloading chunks of a video file to your computer. Sceners simply save that content and attempt to decrypt it for non-DRM playback later," the source said. When accessing the content, legitimate premium accounts are used, often paid for using prepaid credit cards supported by bogus identities. It takes just a few minutes to download a video file since they're served by CDNs with gigabits of bandwidth.

"Once files are downloaded from the streaming platform, however, they are encrypted in the .mp4 container. Attempting to view such video will usually result in a blank screen and nothing else -- streams from these sites are protected by DRM. The most common, and hard to crack DRM is called Widevine. The way the Scene handles WEB-releases is by using specialized tools coded by The Scene, for The Scene. These tools are extremely private, and only a handful of people in the world have access to the latest version(s)," source noted. "Without these tools, releasing Widevine content is extremely difficult, if not impossible for most. The tools work by downloading the encrypted video stream from the streaming site, and reverse engineering the encryption." Our contact says that decryption is a surprisingly quick process, taking just a few minutes. After starting with a large raw file, the finalized version ready for release is around 30% smaller, around 7GB for a 1080p file.

Cory Doctorow writes at BoingBoing: "The books will stop working": That's the substance of the reminder that Microsoft sent to customers for their ebook store, reminding them that, as announced in April, the company is getting out of the ebook business because it wasn't profitable enough for them, and when they do, they're going to shut off their DRM servers, which will make the books stop working.

Almost exactly fifteen years ago, I gave an influential, widely cited talk at Microsoft Research where I predicted this exact outcome. I don't feel good about the fact that I got it right. This is a fucking travesty.
We're just days away from the "early July" shutdown. And Doctorow elaborated on his feelings in a blog post in April: This puts the difference between DRM-locked media and unencumbered media into sharp contrast... The idea that the books I buy can be relegated to some kind of fucking software license is the most grotesque and awful thing I can imagine: if the publishing industry deliberately set out to destroy any sense of intrinsic, civilization-supporting value in literary works, they could not have done a better job.

Daetrin writes: Sony is unwilling to confirm "Playstation 5" as the name, but their next console is "no mere upgrade" according to a report from Wired, which cites Sony executives -- who spoke on the record:

"PlayStation's next-generation console ticks all those boxes, starting with an AMD chip at the heart of the device. (Warning: some alphabet soup follows.) The CPU is based on the third generation of AMD's Ryzen line and contains eight cores of the company's new 7nm Zen 2 microarchitecture. The GPU, a custom variant of Radeon's Navi family, will support ray tracing, a technique that models the travel of light to simulate complex interactions in 3D environments. While ray tracing is a staple of Hollywood visual effects and is beginning to worm its way into $10,000 high-end processors, no game console has been able to manage it. Yet."

The console will also have a solid-state drive and is currently planned to be backward-compatible with both PS4 games and PSVR.

Starting today, Microsoft is ending all ebook sales in its Microsoft Store for Windows PCs. "Previously purchased ebooks will be removed from users' libraries in early July," reports The Verge. "Even free ones will be deleted. The company will offer full refunds to users for any books they've purchased or preordered." From the report: Microsoft's "official reason," according to ZDNet, is that this move is part of a strategy to help streamline the focus of the Microsoft Store. It seems that the company no longer has an interest in trying to compete with Amazon, Apple Books, and Google Play Books. It's a bit hard to imagine why anyone would go with Microsoft over those options anyway.

If you have purchased ebooks from Microsoft, you can continue accessing them through the Edge browser until everything vanishes in July. After that, customers can expect to automatically receive a refund. According to a newly published Microsoft Store FAQ, "refund processing for eligible customers start rolling out automatically in early July 2019 to your original payment method." If your original payment method is no longer valid (or if you used a gift card), you'll receive a credit back to your Microsoft account to use online at the Microsoft Store. Microsoft will also offer an additional $25 credit (to your Microsoft account) if you annotated or marked up any ebook that you purchased from the Microsoft Store prior to today, April 2nd. Liliputing reminds us that "if you pay for eBooks, music, movies, video games, or any other content from a store that uses DRM, then you aren't really buying those digital items so much as paying a license fee for the rights to access them... a right that can be revoked if the company decides to remove a title from your device unexpectedly or if a company shuts down a server that would normally handle the digital rights management features."

You can find DRM-free eBooks at some online stores including Smashwords and Kobo (by browsing the DRM-free selection), or from publisher websites including Angry Robot, and Baen.

georgecarlyle76 brought our attention to Amazon's claim of an algorithm that "solves the 'second-screen problem' in real-time."

"Ever hear (no pun intended) of audio watermarking?" asks VentureBeat. It's the process of adding distinctive sound patterns identifiable to PCs, and it's a major way web video hosts, set-top boxes, and media players spot copyrighted tracks. But watermarking schemes aren't particularly reliable in noisy environments, like when the audio in question is broadcasted over a loudspeaker. The resulting noise and interference -- referred to in academic literature as the "second-screen" problem -- severely distorts watermarks, and introduces delays that detectors often struggle to reconcile. Researchers at Amazon, though, believe they've pioneered a novel workaround, which they describe in a paper newly published on the preprint server Arxiv ("Audio Watermarking over the Air with Modulated Self-Correlation") and an accompanying blog post. The team claims their method -- which they'll detail at the International Conference on Acoustics, Speech, and Signal Processing in May -- can detect watermarks added to about two seconds of audio with "almost perfect accuracy," even when the distance between the speaker and detector is greater than 20 feet...

So how's it work? As Tai explains, the model employs a "spread-spectrum" technique in which watermark energy is spread across time and frequency, rendering it inaudible to human ears while robustifying it against postprocessing (like compression). And it generates watermarks from noise blocks of a fixed duration, each of which introduces its own distinct pattern to selected frequency components in the host audio signal. Conventional detectors would compare the resulting sequence of noise blocks -- the decoding key -- with a reference copy. But Tai and colleagues take a different approach: Their algorithm embeds the noise pattern in the audio signal multiple times and compares it to itself. Because said signal passes through the same acoustic environment, Tai explains, instances of the pattern are distorted in similar ways, enabling them to be compared directly. "The detector takes advantage of the distortion due to the acoustic channel, rather than combatting it," he added.
"Audio content that Alexa plays -- music, audiobooks, podcasts, radio broadcasts, movies -- could be watermarked on the fly," explains Amazon's blog post. It argues that this could be useful "so that Alexa-enabled devices can better gauge room reverberation and filter out echoes."

To avoid copyright claims, "YouTube creators and Twitch streamers have been performing terrible a capella covers of popular songs," reports the Verge: React videos are a huge part of YouTube's current culture; people lift popular movie trailers and film their reactions to what's happening on-screen. These videos are typically monetized... In recent months, YouTube creators have run into copyright issues while making TikTok reaction videos, where they collect cringey TikTok clips and either react or provide commentary on them. [T]hose TikTok videos contain music from artists signed to labels like Sony and Warner, and those labels will issue copyright claims, preventing creators from monetizing their videos... TikTok videos include less than 10 seconds of music, yet that can still be enough to receive a copyright claim -- on TikTok itself, the music is all licensed from the labels...

To work around that, creators like Danny Gonzalez and Kurtis Conner have started replacing the music with their own singing. Gonzalez and Conner half-heartedly sing songs like Linkin Park's "In The End" and Imagine Dragons' "Believer" while the corresponding TikTok video plays on screen... It's a little painful to hear, but ultimately a very fun loophole in the copyright system that YouTube has to enforce... The hope is that major labels like Sony Music or Warner Music Group can't claim copyright infringement, or at least that the singing won't trigger YouTube's automated system for finding copyrighted content.

"I've been making the argument that everything is a free software issue for a few months now," writes the campaigns manager for the Free Software Foundation, in a new essay sharing thoughts on "the issues proprietary technology poses in dating and maintaining romantic relationships": Many dating Web sites run proprietary JavaScript... Proprietary JavaScript is a trap that impacts your ability to run a free system, and not only does it sneak proprietary software onto your machine, but it also poses a security risk. Any piece of software can be malicious, but proprietary JavaScript goes the extra mile. Much of the JavaScript you encounter runs automatically when you load a Web site, which enables it to attack you without you even noticing.

Proprietary JavaScript doesn't have to be the only way to use Web sites. LibreJS is an initiative which blocks "nonfree nontrivial" JavaScript while allowing JavaScript that is either free or trivial. Many dating apps are also proprietary, available only at the Apple App and Google Play stores, both of which currently require the use of proprietary software.
The essay also warns about the proprietry software used for restaurant reservations, ride-sharing apps, and chat applications. (Not to mention the non-free software behind gift shopping on Amazon.) And even if you decide on a romantic evening at home, "you might find yourself tempted by freedom-disrespecting, DRM-supporting streaming services like Hulu and Netflix...."

"These are all proprietary tools, and the act of using them restricts our freedoms. When the ways we connect with one another are proprietary, we're trusting our secrets, intimacies, and relationships to technology we cannot trust."

An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Richard Stallman recently visited Mandya, a small town about 60 miles from Bengaluru, India, to give a talk. On the sidelines, Indian news outlet FactorDaily caught up with Stallman for an interview. In the wide-ranging interview, Stallman talked about companies that spy on users, popular Android apps, media streaming and transportation apps, smart devices, DRM, software backdoors, subscription software, and Apple and censorship. An excerpt from the interview: If you are carrying a mobile phone, it is always tracking your movements and it could have been modified to listen to the conversations around you. I call this product Stalin's dream. What would Stalin have wanted to hand out to every inhabitant of the former Soviet Union? Something to track that person's movements and listen to the person's conservations. Fortunately, Stalin could not do it because the technology didn't exist. Unfortunately for us, now it does exist and most people have been pressured or lured into carrying around such a Stalin's dream device, but not me.

I am suspicious of new digital technology. I expect it to have new malicious functionalities. It has happened so many times that I have learned to expect this, so I have always checked before I start using some new digital technology. I asked to find out what is nasty about it and I found out these two things. It was something like 20 years ago, and I decided it was my duty as a citizen to refuse, regardless of whatever convenience it might offer me. To surrender my freedom in this way was failing to defend a free society. This is why I do not have a portable phone. I refuse to carry a portable phone. I never have one and unless things change, I never will. I do use portable phones, lots of different ones. If I needed to call someone right now, I would ask one of you, "Could you please make a call for me?" If I am on a bus and it is late and I need to tell somebody that I am going to arrive late, there is always some other passenger in the bus who will make a call for me or send a text for me. Practically speaking, it is not that hard.

The L3 protection level of Google's Widevine DRM technology has been cracked by a British security researcher who can now decrypt content transferred via DRM-protected multimedia streams. ZDNet's Catalin Cimpanu notes that while this "sounds very cool," it's not likely to fuel a massive piracy wave because "the hack works only against Widevine L3 streams, and not L2 and L1, which are the ones that carry high-quality audio and video content." From the report: Google designed its Widevine DRM technology to work on three data protection levels --L1, L2, and L3-- each usable in various scenarios. According to Google's docs, the differences between the three protection levels is as follows:

L1 - all content processing and cryptography operations are handled inside a CPU that supports a Trusted Execution Environment (TEE).
L2 - only cryptography operations are handled inside a TEE.
L3 - content processing and cryptography operations are (intentionally) handled outside of a TEE, or the device doesn't support a TEE

"Soooo, after a few evenings of work, I've 100% broken Widevine L3 DRM," [British security researcher David Buchanan] said on Twitter. "Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg." Albeit Buchanan did not yet release any proof-of-concept code, it wouldn't help anyone if he did. In order to get the DRM-encrypted data blob that you want to decrypt, an attacker would still need "the right/permission" to receive the data blob in the first place. If a Netflix pirate would have this right (being an account holder), then he'd most likely (ab)use it to pirate a higher-quality version of the content, instead of bothering to decrypt low-res video and lo-fi audio. The only advantage is in regards to automating the pirating process, but as some users have pointed out, this isn't very appealing in today's tech scene where almost all devices are capable of playing HD multimedia [1, 2].

With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues. From a report: The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks. The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.

"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."