You Should Be Allowed To Fix McDonald’s Ice Cream Machines, Say Federal Regulators

Editors Note: According to our infallible record keeping, this is the 50,000th post published on Hackaday! We weren’t sure this was the kind of milestone that required any drawn out navel-gazing on our part, but it does seem significant enough to point out. We didn’t pick any specific post to go out in this slot, but the fact that it ended up being a story about the right to repair ice cream machines seems suitably hacky for the occasion.


The McDonald’s ice cream machine is one of the great marvels of the modern world. It’s a key part of our heavily-mechanized industrial economy, and it’s also known for breaking down as often as an old Italian automobile. It’s apparently illegal to repair the machines unless you’re doing so with the authority of Taylor, the manufacturer. However, as reported by The Verge, The FTC and DOJ may soon have something to say about that.

Things are coming to a head as the Copyright Office contemplates whether to carve out new exemptions in the Digital Millennium Copyright Act. The legislation is widely reviled by many for making it illegal to circumvent copy protection, an act that is often required to maintain or repair certain equipment. As a result customers are often locked into paying the original manufacturer to fix things for them.

Both the FTC and DOJ have have filed a comment with the Copyright Office on the matter. The language will warm the cockles of your heart if you’re backing the right-to-repair movement.

Changes in technology and the more prevalent use of software have created fresh opportunities for manufacturers to limit Americans’ ability to repair their own products. Manufacturers of software-enabled devices and vehicles frequently use a range of restrictive practices to cut off the ability to do a “DIY” or third-party repair, such as limiting the availability of parts and tools, imposing software “locks,” such as TPMs, on equipment that prevent thirdparty repairers from accessing the product, imposing restrictions on warranties, and using product designs that make independent repairs less available.

The agencies want new exceptions to Section 1201 of the DMCA to allow repair of “industrial and commercial equipment.” That would make it legal to tinker with McDonald’s ice cream machines, whoever you are. The hope is this would occur along with a renewal of exceptions for “computer programs that control devices designed primarily for use by consumers and computer programs that control motorized land vehicles, marine vessels, and mechanized agricultural vehicles.”

Brush up on the finer details of icecreamgate in our previous coverage. This could be a grand time for change. Enough is enough— McDonald’s ice cream machines have been down for too long! Video after the break.

Continue reading “You Should Be Allowed To Fix McDonald’s Ice Cream Machines, Say Federal Regulators”

Apple Aftermath: Senate Entertains A New Encryption Bill

If you recall, there was a recent standoff between Apple and the U. S. Government regarding unlocking an iPhone. Senators Richard Burr and Dianne Feinstein have a “discussion draft” of a bill that appears to require companies to allow the government to court order decryption.

Here at Hackaday, we aren’t lawyers, so maybe we aren’t the best source of legislative commentary. However, on the face of it, this seems a bit overreaching. The first part of the proposed bill is simple enough: any “covered entity” that receives a court order for information must provide it in intelligible form or provide the technical assistance necessary to get the information in intelligible form. The problem, of course, is what if you can’t? A covered entity, by the way, is anyone from a manufacturer, to a software developer, a communications service, or a provider of remote computing or storage.

There are dozens of services (backup comes to mind) where only you have the decryption keys and there is nothing reasonable the provider can do to get your data if you lose your keys. That’s actually a selling point for their service. You might not be anxious to backup your hard drive if you knew the vendor could browse your data when they wanted to do so.

The proposed bill has some other issues, too. One section states that nothing in the document is meant to require or prohibit a specific design or operating system. However, another clause requires that covered entities provide products and services that are capable of complying with the rule.

A broad reading of this is troubling. If this were law, entire systems that don’t allow the provider or vendor to decrypt your data could be illegal in the U. S. Whole classes of cybersecurity techniques could become illegal, too. For example, many cryptography systems use the property of forward secrecy by generating unrecorded session keys. For example, consider an SSH session. If someone learns your SSH key, they can listen in or interfere with your SSH sessions. However, they can’t take recordings of your previous sessions and decode them. The mechanism is a little different between SSHv1 (which you shouldn’t be using) and SSHv2. If you are interested in the gory details for SSHv2, have a look at section 9.3.7 of RFC 4251.

In all fairness, this isn’t a bill yet. It is a draft and given some of the definitions in section 4, perhaps they plan to expand it so that it makes more sense, or – at least – is more practical. If not, then it seems to be an indication that we need legislators that understand our increasingly technical world and have some understanding of how the new economy works. After all, we’ve seen this before, right? Many countries are all too happy to enact and enforce tight banking privacy laws to encourage deposits from people who want to hide their money. What makes you think that if the U. S. weakens the ability of domestic companies to make data private, that the business of concealing data won’t just move offshore, too?

If you were living under a rock and missed the whole Apple and FBI controversy, [Elliot] can catch you up. Or, you can see what [Brian] thought about Apple’s response to the FBI’s demand.

DoJ And FBI Now Issuing Command To Botnet Malware

Looks like the FBI is starting to get pretty serious about fighting malware. Traditionally they have attacked the servers that activate and control botnets made up of infected computers. This time they’re going much further by taking control of and issuing commands to the botnets. In this instance it’s a nasty little bug called Coreflood, and they’ve been given permission to take the yet-unheard-of step by a federal judge.

An outside company called Internet Systems Consortium has been tapped to do the actual work. It will call upon the malware on infected computers and issue a command to shut it down. That falls short of fixing the problem as Coreflood will try to phone home again upon reboot. This gets back to the initial problem; we won’t ever be able to stop malware attacks as long as there are users who do not have the knowhow (or simply don’t care) to protect and disinfect their own computer systems.

How long do you think it will be before some black hat comes up with a countermeasure against this type of enforcement?

[via Gizmodo]

Bittorrent Admin Convicted By Federal Jury


[Daniel Dove], administrator of the site EliteTorrents.org, has been convicted of conspiracy and felony copyright infringement. Running a bittorrent tracker isn’t in itself illegal, but [Dove] apparently recruited seeders and distributed the initial illegal copies to them from his own server. From the press release, it seems the Justice Department is quite tickled with finally getting a conviction in a P2P case after a jury trial.

[photo: nrkbeta]