Notices by Matthew Garrett (mjg59@nondeterministic.computer), page 4

Finally got to see it in person

There's a universe where TPM-based remote attestation is used to validate the state of the kernel and userland to prove to a streaming media platform that the kernel implements appropriate levels of protection before any media is served to it, but it's not this one - higher levels of Widevine-protected streamed media *are* distributed in a way that can only be decrypted by hardware, but that hardware is the GPU, not the TPM, and the TPM isn't involved at all

Using a TPM for any of this would be much more fragile, easily circumvented, and buy the streaming media companies nothing they don't already have. Claiming TPMs are already used by them is an utterly bizarre claim for the FSF to make. There's no truth to it whatsoever.

(The entire point of the GPU-enabled protected video path is that the decrypted media never hits the OS-visible framebuffer - that's why screenshots of DRMed content under Windows are blank. Using the TPM would mean the decrypted media would be visible to the OS again, making it much easier to scrape)

"Today, most of the major streaming media platforms utilize the TPM to decrypt media streams, forcefully placing the decryption out of the user's control." (from https://www.defectivebydesign.org/dayagainstdrm) I… just… what? This isn't even slightly true. There's plenty of good reasons to object to Microsoft imposing hardware requirements on Windows 11 that aren't strictly required, but *nobody* is doing media decryption on a TPM because TPMs are nowhere near fast enough to do that

Visited my old college and admired the sign describing how the Church of England is forcing them to keep displaying the memorial for a guy who made a fortune in the slave trade when they'd really prefer not having it in the chapel

Milan, it's been lovely, but can we talk about your air quality?

Milan has DLR level "I'm driving the train" vibes

@idlestate @Conan_Kudo I don't think that would have any impact here - NetApp would have the opportunity to FUD that using OpenZFS under the GPL rather than the CDDL wouldn't qualify for the patent grants, and the OIN would tell them to fuck right off

@Conan_Kudo @idlestate that's the kind of problem social campaigns are aimed at!

@Conan_Kudo @idlestate if only there were some sort of organisation aimed at furthering the interests of free software

(look at the FSF's involvement in releasing a new version of the GFDL to allow Wikipedia to transition to CC for precedent)

Irregular reminder that Oracle could, if they wanted, release a new version of the CDDL that explicitly made almost all of OpenZFS GPL-compatible and that's something people could have lobbied for instead of trying to make arguments that it's actually GPL-compatible if you squint hard enough

Incredible scenes as an FSF voting member (the people who choose the board) ignores an explicit request from someone to stop replying to them, tells them to block him instead, and then claims that if they reply to *him* then they're the real abuser https://gnusocial.jp/conversation/4188829#notice-8198659

@wolf480pl The vendor no longer has the power to change it, but they still have the power to control how the hardware behaves in the first place and this may not be to the user's benefit. Proprietary software that the vendor never updates is just as harmful as proprietary software that the vendor ships optional updates for.

@Suiseiseki But microcode is copyrightable software, as established in decades-old case law.

@Suiseiseki The only way that source code distribution could be required is if software licenses can apply, so why do you think that would apply to Linux in mask ROM but not Intel microcode?

Today's worst argument for the FSF's position on microcode - that the shipped microcode is hardware, not firmware, so can't be constrained by licenses. NEC v. Intel established that mask ROM microcode was copyrightable back in *1989*.

@Suiseiseki Microcode in an Intel CPU is not hardware circuits - it's software. Pretending otherwise is dishonest. When you power on an Intel CPU it runs code out of ROM that performs a series of operations (including performing cryptographic validation of other blobs) before jumping to the reset vector. And, well, good luck making the argument that there's no license associated with that - would you argue that a copy of Linux in ROM creates no GPL obligations?

When it comes to non-free firmware I think there's two reasonable positions - treat it like non-free code running on a remote system (suboptimal, outside the scope of current free software priorities) or treat it like software running on the primary CPU (all code on the local system should be free software, no matter where it's running). I think the FSF's position is unreasonable: https://mjg59.dreamwidth.org/70895.html