drm

64 Articles

Youtube-dl Makes Their Case, Returns To GitHub

November 16, 2020 by 47 Comments

Last month, the GitHub repository for the popular program youtube-dl was taken down in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). The crux of the RIAA complaint was that the tool could be used to download local copies of music streamed from various platforms, a claim they said was supported by the fact that several copyrighted music files were listed as unit tests in the repository.

While many believed this to be an egregious misrepresentation of what the powerful Python program was really used for, the RIAA’s argument was not completely without merit. As such, GitHub was forced to comply with the DMCA takedown until the situation could be clarified. Today we’re happy to report that has happened, and the youtube-dl repository has officially been reinstated.

Represented by the Electronic Frontier Foundation, the current maintainers of youtube-dl made their case to GitHub’s DMCA agent in a letter this afternoon which explained how the tool worked and directly addressed the issue of copyrighted videos being used as test cases in the source code. They maintain that their program does not circumvent any DRM, and that the exchange between the client and server is the same as it would be if the user had viewed the resource with a web browser. Further, they believe that downloading a few seconds worth of copyrighted material for the purpose of testing the software’s functionality is covered under fair use. Even still, they’ve decided to remove all references to the songs in question to avoid any hint at impropriety.

Having worked closely with the youtube-dl developers during this period, GitHub released their own statement to coincide with the EFF letter. They explained that the nature of the RIAA’s original complaint forced their hand, but that they never believed taking down the repository was the right decision. Specifically, they point out the myriad of legitimate reasons that users might want to maintain local copies of streamed media. While GitHub says they are glad that this situation was resolved quickly, they’ll be making several changes to their internal review process to help prevent further frivolous takedowns. Specifically the company says they will work with technical and legal experts to review the source code in question before escalating any further, and that if there’s any ambiguity as to the validity of the claim, they’ll side with the developers.

The Internet was quick to defend youtube-dl after the takedown, and we’re happy to see that GitHub made good on their promises to work with the developers to quickly get the repository back online. While the nature of open source code meant that the community was never in any real danger of losing this important tool, it’s in everyone’s best interest that development of the project can continue in the open.

Hackaday Links Column Banner

Hackaday Links: July 12, 2020

July 12, 2020 by 30 Comments

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not one but two international stories of a dystopian bent; one the one hand, pleased that it’s not us for a change, but on the other, sad to see the trend toward less freedom and more monitoring spreading.

The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

OK, time for a palate cleanser: take an hour to watch a time-lapse of the last decade of activity of our star. NASA put the film together from data sent back by the Solar Dynamics Observatory, a satellite that has been keeping an eye on the Sun from geosynchronous orbit since 2010. Each frame of the film is one hour of solar activity, which may sound like it would be boring to watch, but it’s actually quite interesting and very relaxing. There are exciting moments, too, like enormous solar eruptions and the beautiful but somehow terrifying lunar transits. More terrifying still is a massive coronal mass ejection (CME) captured in June 2011. A more subtle but fascinating phenomenon is the gradual decrease in the number of sunspots over the decade as the Sun goes through its normal eleven-year cycle.

You’ll recall that as a public service to our more gear-headed readers that we recently covered the recall of automotive jack stands sold at Harbor Freight, purveyor of discount tools in the USA. Parts for the jack stands in question had been cast with a degraded mold, making the pawls liable to kick out under load and drop the vehicle, with potentially catastrophic results for anyone working beneath. To their credit, Harbor Freight responded immediately and replaced tons of stands with a new version. But now, Harbor Freight is forced to recall the replacement stands as well, due to a welding error. It’s an embarrassment, to be sure, but to make it as right as possible, Harbor Freight is now accepting any of their brand jack stands for refund or store credit.

And finally, if you thought that the experience of buying a new car couldn’t be any more miserable, wait till you have to pay to use the windshield wipers. Exaggeration? Perhaps only slightly, now that BMW “is planning to move some features of its new cars to a subscription model.” Plans like that are common enough as cars get increasingly complex infotainment systems, or with vehicles like Teslas which can be upgraded remotely. But BMW is actually planning on making options such as heated seats and adaptive cruise control available only by subscription — try it out for a month and if you like it, pay to keep them on for a year. It would aggravate us to no end knowing that the hardware supporting these features had already been installed and were just being held ransom by software. Sounds like a perfect job for a hacker — just not one in Mexico.

Defeating Fridge DRM With Duct Tape And A Dremel

June 14, 2020 by 81 Comments

We love writing about DRM here at Hackaday. Because when we do, it usually means someone found a way to circumvent the forced restrictions laid upon by a vendor, limiting the use of a device we thought is ours once we bought it. The device in question this time: the water filter built into GE’s fridges that would normally allow its “owner” to pour a refreshing glass of cold water. Except the filter is equipped with an RFID tag and an expiration, which will eventually deny you that little luxury. And if that’s already a feature, you can bet it won’t just let you insert any arbitrary filter as replacement either.

Enraged by every single aspect of that, [Anonymous] made a website to vent the frustration, and ended up tearing the culprit apart and circumvent the problem, with a little help from someone who was in the same situation before. As it turns out, the fridge comes with a “bypass filter” that is just a piece of plastic to fit in place of the actual filter, to pour unfiltered, but still cold water. That bypass filter is also equipped with an RFID tag, so the reader will recognize it as a special-case filter, which luckily enough doesn’t have an expiration counter.

The general idea is to take out that bypass filter’s RFID tag and place it on a generic, way cheaper filter to trick the fridge into thinking it simply doesn’t have a filter in the first place, while still enjoying the filters actual functionality. However, this might not be the most stable solution if the tag isn’t placed in the exact position. Also, retrieving the tag in the first place proved tricky, and [Anonymous] initially ended up with nothing but the antenna pad, while the tag itself remained sturdily glued into the plastic piece.

Continue reading “Defeating Fridge DRM With Duct Tape And A Dremel”

Right To Repair: Tractor Manufacturers Might Have Met Their Match In Australia

April 21, 2020 by 60 Comments

The simmering duel between farmers and agricultural machinery manufacturers over access to the software to unlock the DRM which excludes all but the manufacturer’s agents from performing repairs goes on. How this plays out will have implications for the right to repair for everyone on many more devices than simply tractors. Events so far have centred on the American Midwest, but there is an interesting new front opening up in Australia. The Aussie government consumer watchdog, the ACCC, is looking into the matter, and examining whether the tractor manufacturers are in breach of the country’s Competition and Consumer Act. As ABC News reports there is a dual focus, both of the DRM aspect and on the manufacturer’s harvesting and lock-in of customer farm data.

This is an exciting turn of events for anyone with an interest in the right to repair, because it takes the manufacturers out of the comfort zone of their home legal environment into one that may be less accommodating to their needs. If Aussie farmers force them to open up their platforms then it will benefit all of us, but even if it fails, the fact that the issue has received more publicity in a different part of the world can only be a good thing. There are still tractor manufacturers that do not load their machines with DRM, how long will it be we ask before the easy repairability of their products becomes a selling point?

There are many stories relating to this issue on these pages, our most recent followed the skirmishes in Nebraska.

Thanks Stuart Longland for the tip.

Header image, John Deere under Australian skies: Bahnfrend (CC BY-SA 4.0).

John Deere And Nebraska’s Right To Repair, The Aftermath Of A Failed Piece Of Legislation

March 9, 2020 by 99 Comments

For the past few years now we’ve covered a long-running battle between American farmers and the manufacturers of their farm machinery, over their right to repair, with particular focus on the agricultural giant John Deere. The manufacturer of the familiar green and yellow machinery that lies in the heart and soul of American farming has attracted criticism for using restrictive DRM and closed-source embedded software to lock down the repair of its products into the hands of its dealer network.

This has been a hot-button issue in our community as it has with the farmers for years, but it’s failed to receive much traction in the wider world. It’s very encouraging then to see some mainstream coverage from Bloomberg Businessweek on the subject, in which they follow the latest in the saga of the Nebraska farmers’ quest for a right to repair bill. Particularly handy for readers wishing to digest it while doing something else, they’ve also recorded it as an easy-to-listen podcast.

We last visited the Nebraska farmers a couple of years ago when they were working towards the bill reaching their legislature. The Bloomberg piece brings the saga up to date, with the Nebraska Farm Bureau failing to advance it, and the consequent anger from the farmers themselves. It’s interesting in its laying bare the arguments of the manufacturer, also for its looking at the hidden aspect of the value of the data collected by these connected machines.

It’s likely that the wider hardware hacker community and the farming community have different outlooks on many fronts, but in our shared readiness to dive in and fix things and now in our concern over right to repair we have a common purpose. Watching these stories at a distance, from the agricultural heartland of the European country where this is being written, it’s striking how much the farmers featured are the quintessential salt-of-the-earth Americans representing what much of America still likes to believe that it is at heart. If a company such as John Deere has lost those guys, something really must have gone wrong in the world of green and yellow machinery.

Header image: Nheyob / CC BY-SA 4.0

DMCA-Locked Tractors Make Decades-Old Machines The New Hotness

January 7, 2020 by 125 Comments

It’s fair to say that the hearts and minds of Hackaday readers lie closer to the technology centres of Shenzhen or Silicon Valley than they do to the soybean fields of Minnesota. The common link is the desire to actually own the hardware we buy. Among those working the soil there has been a surge in demand (and consequently a huge price rise) in 40-year-old tractors.

Second-hand farm machinery prices have made their way to the pages of Hackaday due to an ongoing battle between farmers and agricultural machinery manufacturers over who has the right to repair and maintain their tractors. The industry giant John Deere in particular uses the DMCA and end-user licensing agreements to keep all maintenance in the hands of their very expensive agents. It’s a battle we’ve reported on before, and continues to play out across the farmland of America, this time on the secondary market. Older models continue to deliver the freedom for owners to make repairs themselves, and the relative simplicity of the machines tends to make those repairs less costly overall.

Tractors built in the 1970s and 80s continue to be reliable and have the added perk of predating the digital shackles of the modern era. Aged-but-maintainable machinery is now the sweetheart of farm sales. It confirms a trend I’ve heard of anecdotally for a few years now, that relatively new tractors can be worth less than their older DMCA-free stablemates, and it’s something that I hope will also be noticed in the boardrooms. Perhaps this consumer rebellion can succeed against the DMCA where decades of activism and lobbying have evidently failed.

They just don’t build ’em like they used to.

[Image Source: John Deere 2850 by Raf24 CC-BY-SA 3.0]

[Via Hacker News]

Prusa Dares You To Break Their Latest Printer

December 16, 2019 by 158 Comments

Two months after its surprise reveal at the 2019 East Coast RepRap Festival, the Prusa Mini has started shipping out to the first wave of early adopters. True to form, with the hardware now officially released to the public, the company has begun the process of releasing the design as open source. In their GitHub repository, owners can already find the KiCad files for the new “Buddy” control board and STLs for the machine’s printable parts.

But even so, not everyone feels that Prusa Research has made the Mini as “open” as its predecessors. Some concerned owners have pointed out that according to the documentation for the Buddy board, they’ll need to physically snap off a section of the PCB so they can flash custom firmware images via Device Firmware Upgrade (DFU) mode. Once this piece of the board has been broken off, which the documentation refers to as the Appendix, Prusa Research will no longer honor any warranty claims for the electronic components of the printer.

For the hardcore tinkerers out there, this news may come as something of a shock. Previous Prusa printers have enjoyed a fairly active firmware development community, and indeed, features that started out as user-developed modifications eventually made their way into the official upstream firmware. What’s more, certain hardware modifications require firmware tweaks to complete.

Prusa Research explains their stance by saying that there’s no way the company can verify the safety of community developed firmware builds. If thermal runaway protections have been disabled or otherwise compromised, the results could be disastrous. We’ve already seen it happen with other printers, so it’s hard to fault them for being cautious here. The company is also quick to point out that the installation of an unofficial firmware has always invalidated the printer’s warranty; physically breaking the board on the Mini is simply meant as a way to ensure the user understands they’re about to leave the beaten path.

How much support is a manufacturer obligated to provide to a user who’s modified their hardware? It’s of course an issue we’ve covered many times before. But here the situation is rather unique, as the user is being told they have to literally break a piece off of their device to unlock certain advanced functionality. If Prusa wanted to prevent users from running alternate firmware entirely they could have done so (or at least tried to), but instead they’ve created a scenario that forces the prospective tinkerer to either back down or fully commit.

So how did Prusa integrate this unusual feature into their brand new 32-bit control board? Perhaps more importantly, how is this going to impact those who want to hack their printers? Let’s find out.

Continue reading “Prusa Dares You To Break Their Latest Printer”