Boing Boing 

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

Tor founder Tom Doherty on publishing without DRM


Two years ago, Tor Books, the largest sf publisher in the world (and publisher of my own books) went DRM-free; yesterday, Tor's founder and publisher Tom Doherty took to the stage to explain why he dropped DRM from his books. Doherty spent some time talking about the business outcomes of life without DRM (in short, there's no new piracy of Tor books as a result of publishing without it), but really focused his talk on the community of readers and writers, and their conversation, and the role Tor plays there. Doherty's philosophy is that books get sold by being part of a wider context in readers' lives -- being something they talk and think about and share, and that DRM just gets in the way of that.

Meanwhile, Hachette -- publishing's most ardent DRM advocate -- and Amazon continue to duke it out in a ghastly and abusive public spat in which Amazon is attempting to extort deeper discounts from Hachette by de-listing, delaying and obfuscating its titles. If Hachette books were DRM free, the company could announce an "Amazon-refugee discount" of 10% of all its ebook titles at Google Play, Ibooks, and Barnes and Noble, and offer a tool to convert your Kindle library to work on one of those other players. But because Hachette allowed -- insisted! -- that Amazon put its own DRM on Hachette books, the only company that can authorize converting Amazon Kindle titles to work with other readers is Amazon.

Good luck with that.

Read the rest

Podcast: Firefox’s adoption of closed-source DRM breaks my heart

Here's a reading (MP3) of a my latest Guardian column, Firefox's adoption of closed-source DRM breaks my heart, a close analysis of the terrible news that Mozilla has opted to add closed source DRM to its flagship Firefox browser:

The decision to produce systems that treat internet users as untrusted adversaries to be controlled by their computers was clearly taken out of a sense of desperation and inevitability.

It’s clear that Mozilla plans to do everything it can to mitigate the harms from its DRM strategy and to attempt to reverse the trend that brought it to this pass.

Like many of Mozilla’s longtime supporters, I hold it to a high standard. It is not a for-profit. It’s a social enterprise with a mission to empower and free its users.

I understand that Apple, Microsoft and Google are for-profit entities that have demonstrated repeatedly that their profitability trumps their customers’ rights, and I fault them for this. But it’s not unreasonable to hold mission-driven nonprofits to a higher standard than their commercial counterparts.

Mozilla says it’s doing everything it can to reduce the harm from what it sees as an inevitable decision. As a Mozilla supporter, contributor and user, I want it to do more.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Mozilla CAN change the industry: by adding DRM, they change it for the worse

Following on from yesterday's brutal, awful news that Mozilla is going to add DRM to its Firefox browser, the Electronic Frontier Foundation's Danny O'Brien has published an important editorial explaining how Mozilla's decision sets back the whole cause of fighting for a free and open Internet.

Read the rest

Mozilla breaks our hearts, adds DRM to Firefox


For months, I've been following the story that the Mozilla project was set to add closed source Digital Rights Management technology to its free/open browser Firefox, and today they've made the announcement, which I've covered in depth for The Guardian. Mozilla made the decision out of fear that the organization would haemorrhage users and become irrelevant if it couldn't support Netflix, Hulu, BBC iPlayer, Amazon Video, and other services that only work in browsers that treat their users as untrustable adversaries.

They've gone to great -- even unprecedented -- lengths to minimize the ways in which this DRM can attack Firefox users. But I think there's more that they can, and should, do. I also am skeptical of their claim that it was DRM or irrelevance, though I think they were sincere in making it. I think they hate that it's come to this and that no one there is happy about it.

I could not be more heartsick at this turn of events.

We need to turn the tide on DRM, because there is no place in post-Snowden, post-Heartbleed world for technology that tries to hide things from its owners. DRM has special protection under the law that makes it a crime to tell people if there are flaws in their DRM-locked systems -- so every DRM system is potentially a reservoir of long-lived vulnerabilities that can be exploited by identity thieves, spies, and voyeurs.

Read the rest

Hugo-nominated authors blame Orbit for withholding their books from voters' package

Charles Stross, Mira Grant (Seanan McGuire) and Ann Leckie -- all nominees for this year's Hugo Awards -- have issued a joint statement blaming their publisher Orbit (a division of French giant Hachette) to withhold their nominated novels from a packet of ebooks sent to Hugo Award voters. This packet was originated by former Science Fiction Writers of America president John Scalzi, and for years, it has afforded all Hugo voters the opportunity to review the full slate of nominated works prior to voting. Hachette -- long known in the industry as the most reactionary and technophobic of the major publishers when it came to electronic publishing and DRM -- has taken the unprecedented step of undermining their own authors' chances at winning the most prestigious award in the field in order to conform to its business-wide doctrinal terror of piracy and ebooks substituting for print books.

Hachette has insisted that it took this step because it believes that authors should have control over their copyrights, but it's clear that these Hachette authors' wish is for their copyrights to be exercised in this specific way.

Read the rest

Podcast: Why it is not possible to regulate robots

Here's a reading (MP3) of a my recent Guardian column, Why it is not possible to regulate robots, which discusses where and how robots can be regulated, and whether there is any sensible ground for "robot law" as distinct from "computer law."

One thing that is glaringly absent from both the Heinleinian and Asimovian brain is the idea of software as an immaterial, infinitely reproducible nugget at the core of the system. Here, in the second decade of the 21st century, it seems to me that the most important fact about a robot – whether it is self-aware or merely autonomous – is the operating system, configuration, and code running on it.

If you accept that robots are just machines – no different in principle from sewing machines, cars, or shotguns – and that the thing that makes them "robot" is the software that runs on a general-purpose computer that controls them, then all the legislative and regulatory and normative problems of robots start to become a subset of the problems of networks and computers.

If you're a regular reader, you'll know that I believe two things about computers: first, that they are the most significant functional element of most modern artifacts, from cars to houses to hearing aids; and second, that we have dramatically failed to come to grips with this fact. We keep talking about whether 3D printers should be "allowed" to print guns, or whether computers should be "allowed" to make infringing copies, or whether your iPhone should be "allowed" to run software that Apple hasn't approved and put in its App Store.

Practically speaking, though, these all amount to the same question: how do we keep computers from executing certain instructions, even if the people who own those computers want to execute them? And the practical answer is, we can't.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Celebrate the Day Against DRM with 50% off O'Reilly ebooks and videos


Sara from O'Reilly writes, "Can we stop DRM here, 'fight tooth and nail to keep DRM out of web browsers '[as] a quarantine measure?' as Jeremy Keith suggests? Can we hit the pause button on efforts to lock down everything that might ever be for sale? Or will we find out just how toxic DRM can be when it's far too late? While we continue to remind folks of the ineffectiveness of DRM, it's ultimately up to you to take a stand. Together, we can take back those keys. In celebration of DRM free day save 50% on all 8000+ ebooks & videos from oreilly.com."

In Celebration of *Day Against DRM* (Thanks, Sara!)

Humble Image Bundle: name your price for Walking Dead, Saga, Chew and more; benefit CBLDF too!

The latest Humble Bundle teams up with DRM-free indie comics leader Image Comics, offering nine digital titles from Image on a name-your-price basis. You can also divert some or all of your payment to the Comic Book Legal Defense Fund, a vital free speech organization that helps comics publishers, creators and sellers who face censorship and even jail for daring to create cutting-edge media.

The bundle includes some of my favorite comics, including the comics version of The Walking Dead (even better than the TV show); the spectacular Saga (a delightfully unhinged effort from Brian Vaughan, who also created Y: The Last Man); and the genuinely demented Chew.

As with all the Humble Bundles, the Image Bundle is an object lesson in the trustworthiness of audiences, and the value of giving people what they want at an unarguably fair price (since you get to name your own) with a creator-friendly deal that lets readers and creators connect more directly than ever before in publishing history. I just bought in!

Humble Image Comics Bundle (pay what you want and help charity)

Podcast: What happens with digital rights management in the real world?

Here's a reading (MP3) of a recent Guardian column, What happens with digital rights management in the real world where I attempt to explain the technological realpolitik of DRM, which has nothing much to do with copyright, and everything to do with Internet security.

Read the rest

Publishers Weekly on Humble Ebook Bundle

As noted, the new Humble Ebook Bundle is live, and Publishers Weekly has a great writeup on it, including my decision to independently produce an audiobook of my novel Homeland.

HOMELAND audiobook, read by Wil Wheaton, DRM-free, in the new Humble Bundle!

For the past two months, I've been working on a secret project to produce an independent audiobook adaptation of my bestselling novel Homeland, read by Wil Wheaton, one of my favorite audiobook voice-actors (and a hell of a great guy, besides!). The audiobook is out as of today, and I'm proud to say that for the next two weeks, it is exclusively available through the new Humble Ebook Bundle, which kicks off today, featuring an amazing collection of name-your-price DRM-free ebooks by authors like Holly Black and Scott Westerfeld, as well as Wil Wheaton. As always, there are some surprise bonus titles that will be added in week two, and so long as you pay more than the average at the time of purchase, you'll get these automatically.

Read the rest

How to unDRM old iTunes songs

If you have anything in iTunes bought prior to 2009, chances are it's got DRM on it. Here's how to take it off. [Wired]

Studio gives Kickstarter Veronica Mars movie backers substandard, DRM-crippled "rewards"


Ryan writes, "I was a backer of the Veronica Mars movie, one level of backer got you a digital download of the movie. They ended up going with Warner Bros owned/backed Flixster. So for me I have an apple TV and a Roku. Flixster doesn't support appleTV or airplay, the Flixster channel for the Roku will crash anytime you try to watch anything. Flixster also will not allow you to watch the movie on a computer that has dual monitors."

The studio will allow you to buy a better experience on a non-Flixster service, send them the bill, and get a refund (but only if you complain first).

There's a copy of the movie on The Pirate Bay with more than 11,000 seeders, which means that this Flixster business is doing precisely nothing to deter piracy, and is only serving to alienate megafans who voluntarily donated money to see this movie made, and to subject the studio itself to potential millions in administrative costs and refunds to investors who were forced into the retail channels.

Read the rest

Coffee DRM and the wider world of state spying and corporate control

Dan Gillmor's got more to say about the news that K-cups are getting coffee DRM and what it means in the wider world: "Just as the police and security agencies are racing deploy all new technologies to spy on everyone – whether the law permits it or not – private industry is racing to retain as much control as possible over the products and services it sells, and thereby control over us."

Netflix disables Chrome's developer console

When you watch Netflix videos in the Chrome browser, the service disables Chrome's developer console, a debugging and programming tool that gives you transparency and control over what your browser is doing. The Hacker News thread explains that this is sometimes done in order to stop an attack called "Self-XSS" that primarily arises on social media sites, where it can cause a browser to leak nominally private information to third parties. But in this case, the "Self-XSS" attack Netflix is worried about is very different: they want to prevent browser owners from consciously choosing to run scripts in the Netflix window that subvert Netflix's restrictions on video.

This is the natural outflow of the pretense that "streaming" exists as a thing that is distinct from "downloading" -- the idea that you can send a stream of bytes to someone else's computer without the computer being able to store those bytes. "Streaming" is at the heart of "rental" business models like Netflix's, and there's nothing wrong with the idea of rental per se. But the only way to attain "rental" with computers is to design computers so that their owners can't give them orders that the landlords disagree with. You have to change the computer and its software so that you can't see what it's doing and can't change what it's doing.

Your browser is a portal to your whole social life, your financial life and your work life, entrusted with the most potentially compromising secrets of your life. Anything that allows third parties to make it harder for you to figure out what the browser is doing, or to prevent it from doing something you don't want, should be a non-starter. As soon as a powerful entity like Netflix comes to depend on -- and insist on -- computers that owners can't control, that company is doing something wrong. Not because rentals are bad, but because taking away owner control from computers is bad.

This is why it's such a big deal that Netflix has convinced Microsoft, Apple, and Google to build user-controlling technology into their browsers, and why it's such a big deal that Microsoft, Apple, and Google have convinced the W3C to standardize this for all devices with HTML5 interfaces. Any time we allow the discussion to be sidetracked into "How can Netflix maximize its revenue by enforcing rental terms?" we're missing the real point, which is, "How can people be sure that their browsers aren't betraying them?"

Netflix disables use of the Chrome developer console (pastebin.com)

Why DRM'ed coffee-pods may be just the awful stupidity we need


I've been thinking about the news that Keurig has added "DRM" to its pod coffee-makers since the story first started doing the rounds a couple of days ago. I've come to the conclusion that while the errand is a foolish one, and the company deserves nothing but contempt for such an anti-competitive move, that there might be a silver lining to this cloud. As I've written recently, there's not a lot of case-law on Section 1201 of the Digital Millennium Copyright Act (DMCA), the law that prohibits "circumventing...effective means of access control" to copyrighted works. In the past, we've seen printer companies and garage door opener manufacturers claim that the software in their devices was a "copyrighted work" and that anyone who made a spare part for their products was thus violating 1201. But that was 10 years ago, and it's been a while since there was someone stupid and greedy enough to try that defense.

I think Keurig might just be that stupid, greedy company.

Read the rest

Top Shelf Comix launches DRM free store

Top Shelf Comix, an extraordinary and daring independent press, has announced a DRM-free comics store, including the classic Moore/Campbell collaboration "From Hell" and the bestselling Nate Powell comics "The March" and "Swallow Me Whole." (Update: apparently only some of the company's digital releases are DRM free; From Hell is not among them).

I see that the schedule of upcoming digital titles includes some of my favorite Top Shelf titles, including The Homeland Directive (this will have DRM), Too Cool to be Forgotten (this will have DRM) and The Underwater Welder. I hope they do Lost Girls soon.

EU elections: ask candidates to sign digital rights pledge

Kirsten From Edri writes, "European Digital Rights (EDRi) has launched WePromise.EU to put digital civil rights on the agenda of the European election. The platform is based on a two-sided promise: On the one hand, parliamentary candidates will be able to endorse a ten point 'Charter of Digital Rights' that supports an open digital environment. On the other, citizens across Europe can in turn sign the petition and promise to vote for candidates that have endorsed the Charter."

Read the rest

Why DRM is the root of all evil

In my latest Guardian column, What happens with digital rights management in the real world?, I explain why the most important fact about DRM is how it relates to security and disclosure, and not how it relates to fair use and copyright. Most importantly, I propose a shortcut through DRM reform, through a carefully designed legal test-case.

Read the rest

Adobe ebook DRM changeover means

A lot of people are about to lose their ebooks. (Thanks, Florian!)

Humble Audiobook Bundle: name your price for audio editions of "Junky," "Heartbreaking Work of Staggering Genius," "Blood Meridian" and many more!


You've only got two days left to take advantage of The Humble Audiobook Bundle, which lets you name your price for a stellar lineup of DRM-free audiobooks (this is practically the only way to get DRM-free audiobooks these days, since Audible, the company that controls 90% of the market, requires that publishers use DRM even if they object to it). The Humble Audibook Bundle selection includes Salman Rushdie's "Satanic Verses;" William S Burroughs's "Junky;" Meg Cabot's "Abandon;" Dave Eggers's "A Heartbreaking Work of Staggering Genius;" Cormac McCarthy's "Blood Meridian," Charles Portis's "True Grit," and many more.

The Humble Audiobook Bundle

All library audiobooks going to DRM-free MP3s

Ben writes, "Overdrive, which is one of the main suppliers of downloadable audiobooks to public libraries, announced that it is retiring its DRM-encrusted .WMA formats and pushing everything to DRM-free .mp3s."

This is a big deal. Audiobooks are the last holdouts for DRM in audio, and one company, Audible, controls the vast majority of the market and insists upon DRM in all of its catalog (even when authors and publishers object). Itunes, Audible's major sales channel, also insists on DRM in audiobooks (even where Audible can be convinced to drop it). Audiobooks can cost a lot of money, and are very cumbersome to convert to free/open formats without using illegal circumvention tools. To stay on the right side of the law, you have to burn your audiobooks to many discs (sometimes dozens), then re-rip them, enduring breaks that come mid-word; or you have to play the audio out of your computer's analog audio outputs and redigitize them, which can take days (literally) and results in sound-quality loss.

Overdrive going DRM-free for libraries is a massive shift in this market, and marks a turning point in the relationship between the publishers/creators and the technology companies that act as conduits and retail channels for their work. It's especially great that libraries are getting a break, as they have been royally screwed on electronic books and audiobooks up until now.

Read the rest

Teach your rooted Android phones to lie to apps about whether it's rooted

There's a funny paradox in rooting your Android phone. Once you take total control over your phone, some apps refuse to run, because they're trying to do something that treats you as untrusted. Now there's a utility called Rootcloak that lets you tell your rooted phone to lie to apps about whether it is rooted. It's both long overdue and a neat demonstration of what it means to be root on a computer.

You bought it, you own it, right?

In the latest Electronic Frontier Foundation post for Copyright Week, Corynne McSherry tackles one of the most troubling aspects of modern copyright law: the idea that even though you've bought a device or a copyrighted work to play on it, they're not really your property. Because of the anti-circumvention rules (which are supposed to backstop "copy protection"), it's illegal to discover how your technology works, to tell other people how their technology works, to add otherwise lawful features to your technology, and to make otherwise lawful uses of your media.

Read the rest

How to have a healthy relationship with technology

My latest Guardian column, "Digital failures are inevitable, but we need them to be graceful," talks about evaluating technology based on more than its features -- rather, on how you relate to it, and how it relates to you. In particular, I try to make the case for giving especial care to what happens when your technology fails:

Read the rest

Requirements for DRM in HTML5 are a secret


The work at the World Wide Web Consortium (W3C) on adding DRM to HTML5 is one of the most disturbing developments in the recent history of technology. The W3C's mailing lists have been full of controversy about this ever since the decision was announced.

Most recently, a thread in the restricted media list asked about the requirements for DRM from the studios -- who have pushed for DRM, largely through their partner Netflix -- and discoverd that these requirements are secret.

It's hard to overstate how weird this is.

Read the rest

DRM-free comics of excellence from Image Comics

The rise of Marvel's Comixology has meant that DRM -- Digital Rights Management -- has become the norm for comics, meaning that your collection is forever locked to Comixology's platform, and it is illegal for anyone except Comixology (and not the artists and writers who created the comics!) to unlock them so that they can be viewed on non-Comixology players.

It's as though Comixology had come up with a scheme to get us to buy our comics in a form that could only be put into special longboxes that they alone can sell -- longboxes that can only be stacked on the shelves they choose, and comics that can only be read under the lightbulbs they authorize, in the chair they approve. Every penny you spend on Comixology increases the cost of your switching away from it -- and increases the extent to which a single company (now owned by Disney) controls and sets the rules for making, publishing, retailing and reading comics.

Some comics creators are pushing back. Image Comics, publishers of The Walking Dead, announced its DRM-free comics store in July (Image is also noteworthy for its creator-friendly contracts, which are among the best in the industry). Last week, Image put on a one-day comics expo in San Francisco where it featured the new DRM-free titles coming to its store, and Wired rounded up seven amazing-looking stories that you'll be able to buy without selling your soul.

Image's creator-friendly policies have attracted some pretty amazing talent, like Grant Morrison, Jamie McKelvie, Michael Chabon, and many others. But the one I'm most intrigued by is Bitch Planet, from Kelly Sue Deconnick:

Read the rest

High-end CNC machines can't be moved without manufacturers' permission


On Practical Machinst, there's a fascinating thread about the manufacturer's lockdown on a high-priced, high-end Mori Seiki NV5000 A/40 CNC mill. The person who started the thread owns the machine outright, but has discovered that if he moves it at all, a GPS and gyro sensor package in the machine automatically shuts it down and will not allow it to restart until they receive a manufacturer's unlock code.

Effectively, this means that machinists' shops can't rearrange their very expensive, very large tools to improve their workflow from job to job without getting permission from the manufacturer (which can take a month!), even if their own the gear.

Read the rest

Representation of women in games and movies: the awful numbers


Catriona tumbled these enraging statistics about gender and representation in games and films for 2013:

Read the rest