Your description goes here

Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.

At the beginning of December, we warned the Copyright Office that operating system vendors would use UEFI secure boot anticompetitively, by colluding with hardware partners to exclude alternative operating systems. As Glyn Moody points out, Microsoft has wasted no time in revising its Windows Hardware Certification Requirements to effectively ban most alternative operating systems on ARM-based devices that ship with Windows 8.

The Certification Requirements define (on page 116) a "custom" secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system's signature database, allowing the system to boot those operating systems. But for ARM devices, Custom Mode is prohibited: "On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable." [sic] Nor will users have the choice to simply disable secure boot, as they will on non-ARM systems: "Disabling Secure [Boot] MUST NOT be possible on ARM systems." [sic] Between these two requirements, any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot.

While UEFI secure boot is ostensibly about protecting user security, these non-standard restrictions have nothing to do with security. For non-ARM systems, Microsoft requires that Custom Mode be enabled—a perverse demand if Custom Mode is a security threat. But the ARM market is different for Microsoft in three important respects:

• Microsoft's hardware partners are different for ARM. ARM is of interest to Microsoft primarily for one reason: all of the handsets running the Windows Phone operating system are ARM-based. By contrast, Intel rules the PC world. There, Microsoft's secure boot requirements—which allow users to add signatures in Custom Mode or disable secure boot entirely—track very closely to the recommendations of the UEFI Forum, of which Intel is a founding member.
• Microsoft doesn't need to support legacy Windows versions on ARM. If Microsoft locked unsigned operating systems out of new PCs, it would risk angering its own customers who prefer Windows XP or Windows 7 (or, hypothetically, Vista). With no legacy versions to support on ARM, Microsoft is eager to lock users out.
• Microsoft doesn't control sufficient market share on mobile devices to raise antitrust concerns. While Microsoft doesn't command quite the monopoly on PCs that it did in 1998, when it was prosecuted for antitrust violations, it still controls around 90% of the PC operating system market—enough to be concerned that banning non-Windows operating systems from Windows 8 PCs will bring regulators knocking. Its tiny stake in the mobile market may not be a business strategy, but for now it may provide a buffer for its anticompetitive behavior there. (However, as ARM-based "ultrabooks" gain market share, this may change.)

The new policy betrays the cynicism of Microsoft's initial response to concerns over Windows 8's secure boot requirement. When kernel hacker Matthew Garrett expressed his concern that PCs shipped with Windows 8 might prevent the installation of GNU/Linux and other free operating systems, Microsoft's Tony Mangefeste replied, "Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves." It is clear now that opportunism, not philosophy, is guiding Microsoft's secure boot policy.

Before this week, this policy might have concerned only Windows Phone customers. But just yesterday, Qualcomm announced plans to produce Windows 8 tablets and ultrabook-style laptops built around its ARM-based Snapdragon processors. Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows, no matter how Qualcomm feels about limiting its customers' choices. SFLC predicted in our comments to the Copyright Office that misuse of UEFI secure boot would bring such restrictions, already common on smartphones, to PCs. Between Microsoft's new ARM secure boot policy and Qualcomm's announcement, this worst-case scenario is beginning to look inevitable.

Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.

In his keynote from the 28th Chaos Communication Congress last week, Cory Doctorow outlines the primary threat to software freedom in the 21st century: that as our lives become more dependent upon general-purpose computers, the attempts of industry and government to control computing will fundamentally endanger our personal liberty. Using the now-familiar history of digital rights management—its rise, its failure, and legislative efforts to enforce it—Cory illustrates how those threatened by technology will inevitably seek to cripple it. But the so-called copyright wars waged by content owners, he says, were only "a skirmish":

The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society.

This problem has been at the center of SFLC's recent work. It's the reason we've fought for disclosure of the software running implantable medical devices and are asking the Copyright Office to limit the DMCA's anti-circumvention provisions to ensure that people can install whatever software they choose on their personal computing devices.Thanks to Cory for his clear and accessible explanation of the threat to free computing and for his call (at 36:00) to support SFLC's efforts to fight restrictive implementations of UEFI.

You can download a high-resolution copy of the entire speech here or watch it on YouTube (Flash required).

Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.

The Software Freedom Law Center is seeking legal, technology, and administrative interns for the summer of 2012.

Legal interns assist SFLC counsel in all areas of our practice, including copyright and trademark licensing, patent review, and nonprofit corporate formation and compliance. Typical work includes legal research and writing, drafting educational materials, and assisting with registrations and other filing.

Summer internships are full-time and generally last 10 weeks or longer, although splits may be possible in some cases. All interns will work from our New York office. Internships are unpaid; students may seek seek funding from their school's public interest program or another sponsorship arrangement.

Applicants should have a demonstrated interest in software freedom and be conversant in legal and technical concepts related to free and open source software. Familiarity with at least one programming language and with general software development practices is preferred, as is course work or practical experience with copyrights, patents, trademarks, or nonprofit law.

Law students of all levels will be considered. Law school graduates seeking placement for funded public interest fellowships are encouraged to apply. To apply, please send a resume, cover letter, transcript, and writing sample, in a free and open format, to internships@softwarefreedom.org before February 15, 2012.

Technology and administrative internships are also available. For more information please visit our Internships page.

Blog post by Clint Adams. Please email any comments on this entry to <clint@softwarefreedom.org>.

At the Software Freedom Law Center, we do our internal accounting with free software. We had been using John Wiegley's Ledger for quite some time, and now we are also using Simon Michael's hledger.

We log most of our transactions either through manual entry in hledger-web (the hledger web interface) or import from .csv files via hledger convert. hledger can read comma-separated values from a file you might retrieve from a financial institution, and outputs entries in ledger format according to a set of rules that you specify. In some cases the data quality is poor enough that we do some preprocessing before feeding it to hledger.

Since we have no need for a large database-backed ERP system, we can take advantage of the benefits of the plain-text ledger format, and view reports from ledger, hledger, and hledger-web. We also plan to automate the generation of spreadsheets from the ledger entries.

There are some features we would like to see in or accompanying hledger-web: interactive CSV conversion, a VCS backend (through Data.FileStore), per-transaction atomic edits, tracking of which user made which changes, and the ability to intelligently deduplicate transactions.

If you know Haskell and would like to help us out, please take a look at this guide.

Blog post by Aaron Williamson. Please email any comments on this entry to <aaronw@softwarefreedom.org>.

OSCON is probably the single largest annual gathering of free software developers in the world, so it's always a good opportunity for SFLC to catch up with the projects we work with and to make new friends in the community. I only got to spend two days at OSCON 2011, but in that time I met and talked shop (and microbrews and vegan donuts) with lots of folks who are making impressive contributions to free software. I also got to talk about Legal Basics for Developers with Karen Sandler to a fantastic and engaged audience.

The audio and slides from our talk are available in this week's episode of Free as in Freedom, Karen's biweekly oggcast with Bradley Kuhn of the Software Freedom Conservancy. While we didn't get through nearly all of the topics on the slides, we talked about fundamental trademark, copyright, and corporate issues that all free software developers should be aware of. We also answered some excellent and challenging questions from the audience; we didn't have the foresight to repeat those questions, so they're not audible on the recording, but even so our answers should be understandable and informative.

It was a busy week for my co-presenter Karen: she was given an Open Source Award for her excellent work at SFLC and the GNOME Foundation and she gave an superb keynote speech about her advocacy work related to medical devices software, GNOME 3, and the importance of software user freedom. Karen has been a great colleague and mentor to me at SFLC and I'm thrilled to see her work recognized.

In addition to my talk with Karen, I had the pleasure of meeting (among many others) Matthew Garrett (Linux power management hacker and GPL activist) and David Mirza and Bruce Leidl of Subgraph (a Montreal startup building Vega, a free software website security-testing framework), trading notes with Van Lindberg (a very sharp free software lawyers in private practice), and of course trolling the usual suspects. And I fell deeper in love with Portland, OR, where OSCON returned in 2010 after O'Reilly was duly reprimanded for holding OSCON 2009 in dull San Jose.

Thanks to everyone who came to the talk and to O'Reilly for accepting our talk and hosting a great event! I'm already looking forward to next year.