According to Brocious himself, the company has known about this vulnerability for at least 3 years.
That's three years that they had to issue a fix.
And this vulnerability is so trivial, that anyone with even a modicum of electrical knowledge and minimal programming experience can overcome it. There is, simply, no reason this vulnerability should still be in shipping locks.
They have no excuses. They should be paying for this.
The lock itself doesn't use any encryption, and the cards use a very weak 32-bit encryption based on the site code. The lock itself exposes everything via the programming port on the bottom. When I say everything, I mean that includes the site code (the unique code for the hotel) and everything that's in active memory.
Unlocking it is a simple matter of finding the sitecode and issuing an unlock request.
At least with the Humble Bundle, I'm guaranteed that all or nearly all of the games will have native Linux ports. With Indie Royale, it's a crapshoot - if I'm not lucky enough to get a Linux port of a game, there's a good chance it won't work in Wine either.
The problem was that while Windows was the most-deployed OS in the country at the time, US Government export controls on encryption standards prevented anything with stronger than 40-bit encryption from being allowed to enter their country.
They came up with SEED because they needed strong crypto. The fact that the AtiveX control is the only way to use it is an artifact of that effort. They essentially had no choice at the time.
SEED is so old now that it's probably exceptionally difficult to port it to current browsers that support NPAPI or Pepper, both of which differ subtly from the original API SEED was developed against for Netscape browsers.
If you're going to blame someone, blame the US Gov't.
... as content producers and distributors, they rely on the very freedoms and fair use exceptions that they are constantly seeking to curtail.
As sad as the eventuality would be, it would amuse me immensely if they succeeded in curtailing Fair Use. Watching their own ability to produce and distribute become curtailed to the point where they can no longer profit from their content would be hilarious.
How do we show them that this is self-destructive?
I've been racking my brain trying to think of a way to show them that these kinds of rules are like putting a gun to their own heads - enforcing it will only kill them in the long run as their market ultimately abandons them and their assets shrink to nothing.
If they manage to get fair use outlawed, only outlaws will have the creativity to create. And then where will they get the content and inventions to sell?
It amuses me that they were careful to use the word "linked."
Indeed, we've seen a lot of studies that show a link between video games and violence, but we've also seen that there's an significant lack of studies that show that violent video games can cause violent behavior.
So while their attempt to get this labeling legislated is rather misguided, their proposed labeling is quite correct.
What they should do is mandate a series of studies: Figure out what aspects of Copyright law have a net benefit on the economy.
Each lawmaking session, repeat the study, and make some "best guesses" on the long-term effects of the current laws, based on all of the evidence presented by those studies.
Then, craft a law that exploits some aspect of that evidence - for example, if studies show that shorter terms have a net economic benefit, then shorten the term - and apply a "sunset" provision that requires a new set of studies. If the newly-enacted laws show a net benefit, then they may be extended with a new sunset period. If they show a net negative impact, the provisions should be repealed.
Repeat ad nauseum.
I predict that the end result of this process would be a maximal Copyright term of not more than 5 years from the date of the "fixed form," an elimination of criminal provisions, abolition of Patent laws, an elimination of DMCA-like anti-circumvention laws, and abolition of takedowns and domain seizure in all forms.
A 5% increase in traffic isn't really statistically significant. Many sites see a lot of up- and down-swings to the tune of up to 10% on a regular basis. Merely saying they had an increase of about 5% (and it doesn't say of what) doesn't mean much.
Along those lines, all new laws (and any re-authorizations of old laws) should come with clear and stated metrics that will be used the next time around to determine if the bill was successful. If the metrics are not met, then the bill should not be allowed to be re-authorized without significant changes.
I LOVE this idea. I've had similar thoughts myself.
In particular, I think we should do this to the entirety of USCFR, all Titles. On Copyright and Patent laws, for example, effective metrics could be to require that the actual economic benefits, as measured by a diverse team of economic analysts (from different backgrounds in academia and business, as well as government), are used to determine what new changes must be made to the laws.
That would be an excellent way to lead to clearer, stronger, more sensible laws that benefit everyone, and not just "stakeholders."