Weekly Report: Linuxカーネルのx86向けKVMに解放済みメモリの使用の脆弱性

6 hours 27 minutes ago
Linuxカーネルのx86向けKVMには、解放済みメモリの使用の脆弱性があります。本脆弱性が悪用された場合、ゲストVMからホストマシンをクラッシュさせ、DoSを引き起こす可能性があります。また、本脆弱性の発見者は、ホストマシン上での任意のコード実行を行える可能性を示しています。各ディストリビューションベンダーおよび開発者が提供する情報を確認のうえ、修正済みのバージョンや対策情報が公開されている場合は速やかな適用を推奨します。

European Court: Apple Can Not Shirk Off its Interoperability Requirements

9 hours 27 minutes ago

One of the best bulwarks against monopoly is interoperability—that is making a new product or service work with an existing product or service. Interoperability allows users, and not the manufacturers of their devices or largest player in a market, to decide what application best serves them. Unsurprisingly, companies like Apple have worked hard to resist interoperability requirements. 

On July 8, the General Court of the  European Union (General Court) ruled against Apple in several cases the company brought against the European Commission (joint cases), affirming the company’s obligations under the Digital Markets Act (DMA). Apple argued in the cases that it should be exempted from the law’s requirements especially with regards to interoperability on multiple grounds. We applaud the General Court’s  decision, and congratulate the Free Software Foundation Europe (FSFE) as well as others who intervened in support of the Commission against Apple's attempt to shirk off its responsibilities, thus ensuring fair competition in European markets.

A Positive Development for Europeans

This is a clear and substantive win for developers and users in Europe. The stranglehold Apple exerts over its ‘walled garden’ is injurious for developers, users, and researchers alike. By confirming Apple’s obligations under the DMA, the General Court has ensured that developers will be given more choice on where they can publish their apps, and users will have more options to obtain apps which, for whatever reason, Apple dislikes. And researchers will have less roadblocks and hurdles to overcome in their studies of Apple’s OSes, particularly iOS, iPadOS, and watchOS.

Apple argues that the interoperability requirements will force it to lower the security standards that have led Apple products’ users to trust their devices. While this self-serving logic is not entirely without merit, it is far from the inevitable outcome. Especially with regards to the App Store, users can be given clear, informed choice when leaving the Apple ecosystem to obtain apps elsewhere. While we urge European courts to take Apple’s security concerns seriously, we’ve previously noted that this should not be used as a smokescreen to protect anticompetitive behavior.

Interoperability and security are not inherently at odds. When interoperable functionality is worked into the security model of a platform from the ground-up, a proper balance can be struck between two forces that are often falsely framed as naturally conflicting. While Apple OS platforms have not been built this way from the get-go, it is still possible, but takes more time to get it right. Here, the devil is in the implementation details.

Apple’s Case Arguments and the Court’s Rebuttal

Under the DMA, designation as a ‘gatekeeper’ is reserved for the biggest of Big Tech, companies that provide services deemed essential for businesses to reach end users. Apple is one of only seven companies that meet this designation, along with Alphabet, Amazon, Booking, ByteDance, Meta, and Microsoft. In its case, Apple argued that Article 6(7) of the DMA, specifying interoperability requirements for gatekeepers aimed at restoring fair competition, is unlawful in light of the Charter of Fundamental Rights of the European Union (specifically the right to property), and as such its designation as a gatekeeper subject to the requirements is unlawful and should be annulled as a result. In its ruling, the General Court rejected the argument as Article 6(7) does not form the legal basis of the designation.

Apple separately argues that the App Store fails to meet the requirements defining a core platform service (CPS), since the various stores (across iOS, iPadOS, watchOS, macOS) do not constitute a single platform. A company’s gatekeeper status relies on it providing a CPS that is an important gateway for business users to reach end users. Here, the implications of the argument are clear: remove service designation as CPSes, remove the gatekeeper status. The court rejected the argument on the basis that “irrespective of the device on which it was available, each of the App Stores was used for the same purpose, namely to intermediate between end users and business users in the distribution of applications and in-app digital content.”

Finally, the court rejected as inadmissible Apple’s argument that iMessage should not be classified as a number-independent interpersonal communication service (NIICS) constituting a CPS. This decision rested on the fact that the “classification does not, by itself, produce binding legal effects that bring about a change in Apple’s legal position” since iMessage was not listed as an “important gateway” in the designation decision and therefore was not subject to the DMA obligations.

In ruling against Apple in favor of the European Commission, the General Court has set an important precedent in ensuring competitive fairness and openness in the digital marketplace. The landmark effects of the DMA will serve to benefit all Europeans in the choice and freedom it affords them. Despite Big Tech’s legal challenges, these decisions build a strong foundation for a better digital future—a lesson which other regions should learn from and take note.

Bill Budington

Don’t Repeat NY’s 3D Printing Blunder

10 hours 49 minutes ago

This year the state of New York had the dubious honor of being the first to pass a controversial provision to mandate all 3D printers come with surveillance and censorship. That means not only is there a ticking clock to protect every artist, researcher, engineer, and hobbyist in the state, but there is a real risk of other states thoughtlessly following suit—prior to the New York rules even taking effect.

We, along with many other experts, already warned about this bill buried in the state’s crowded budget process. Hundreds of our supporters and 3D printing enthusiasts in New York reached out to their representatives hoping to kill this farcical bill. While there were some welcome amendments in response to the outcry, Albany passed it anyway.

It might be well-intentioned, but bills like these sell a fantasy that can only have an untold negative impact on the privacy, free expression, and consumer rights of anyone using these general purpose devices. Behind the banner of reducing gun violence, which is nearly always committed with commercial firearms, New York lawmakers have passed draconian legislation that will let manufacturers lock in users and collect their data.

Now that the bill has passed and been signed by Governor Hochul, let’s look at two important ways the final legislation changed since we last wrote about it, and why states like California shouldn’t make the same mistake.

Reduced Risk for Lawful File Sharing 

The New York bill includes language that criminalizes access to firearm print files, a proposal correctly dropped by states like Colorado due to First Amendment concerns. While this made it through to the passed legislation, a few wins were still gained.

Originally the legislation threatened felony charges for the storing and sharing of files, potentially impacting researchers, artists, and journalists with no intention of printing a firearm component. These charges were downgraded to a Class A misdemeanor.

Two provisions criminalized file sharing. The first of the two provisions criminalizing this file sharing, which pertains to the sale or distribution of files in the state, gained an important exception for when a sender has a reasonable belief that the recipient won’t illegally print these components. However the second provision, pertaining to criminalizing file possession, complicates this. Under 2.12 of the subpart, people who possess the file with intent to share the files do not clearly get this same reasonable belief exception.

In other words, if you share one of these files the actual sharing is covered by the exception, but the law makes it ambiguous whether possessing those same files is covered when you intend to share them.

While this exception could have created some breathing room for researchers and journalists operating in good faith, this slapdash bill language leaves plenty of ambiguity and potential speech-chilling effects. However, these changes do offer a modicum of harm reduction in this unconstitutional law.

Saving Face by Preserving Online Sale

Originally the bill had a strange requirement for all 3D printers and Computer Numerical Control, or CNC, machines to be sold and delivered face-to-face, with no exception. That would have meant a major barrier to access, particularly for people in agricultural and rural areas of the state who uniquely benefit from in-home fabrication and repair. It also would have meant a major inconvenience for businesses using these devices. For everyone though, it meant fewer retailers to choose from and facing more stigma for using these devices. 

Fortunately this was dropped from the bill entirely. 

Next Step: We Find Out What Was Actually Passed

In addition to being buried in the complicated legislative process of the NY budget and avoiding proper scrutiny, this bill also kicked the can down the road in determining what exactly is being mandated. In many respects, legislators passed a vibe. We’ll see how the actual law be developed over the next year by a working group with no mandated transparency to the public. Further, they have no obligation to ensure consumer safeguards in developing this state-mandated censorware.

We are still concerned by the possibility of a biased working group acting in the interest of manufacturers or facing pressure to accept consumer harms in the standards they produce. Our remaining hope is this working group convened by the Department of State and the state university system is composed of actual experts who are aware of how unfeasible and harmful this mandate is, and prevent it from being realized.

The Fight Continues

New York is the first to go down this path of state-mandated censorship and surveillance software on 3D printers, but it’s far from the only one to entertain it. It is now more urgent that we fiercely oppose this trend in other states, like California,  as they attempt to join the bandwagon—before even seeing the real-world impacts. 

Take action

Don’t Let California Repeat NY’s Mistake

We cannot allow this to be the foundation for future restrictions on speech and design, or serve as a playbook for the state and corporations to wrest control over our tools.

Rory Mir

【特別国会終盤1】法案目立つ高市色=丸山 重威

14 hours 42 minutes ago
 第221回特別国会 (2月18日開会・会期 150日間)は、7月17 日の会期末まで1カ月を 切り、審議は終盤に向か っている。政府提出の重 要法案はすでに成立の見 通しが立っているものが 多い。今国会では、高市 政権が、国家がいかに国 民の自由に制限を加え、 縛ることに「前のめり」 かが、あからさまに示さ れた。政権を支持する岩 盤層へのアピールを意識 した「右派迎合・戦前回 帰」路線と評したくなる 法案が続々と決まった。 問題はこうした時代錯誤 の法案が「憲法に照らし ..
JCJ