Slashdot Mirror
DRM in Real-Time and Embedded Systems
An anonymous reader writes "In this guest column at LinuxDevices.com, Victor Yodaiken speculates on the implications (and potential catastrophic consequences) of Digital Rights Management Passport (DRMP) technology to embedded, real-time, and mission critical computer systems. Quoting from the article: "When a technology gets pervasively embedded in microprocessors, computer boards, and software, it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems. Unfortunately, DRMP technology is incompatible with security and with the kinds of reliability needed in safety critical or mission critical applications.""
DRM in rocket launching chips might indeed have strange effects
... 3 ... 2 ... 1 ... LIFT OFF
Operator:
Launch System: launch operation aborted, you do not have the rights to "the final countdown"
"Son, in a sporting event, it's not whether you win or lose, it's how drunk you get" - Homer J. Simpson
Sir, the missile headed for the terrorist traing camp is changing it's coordinates! It looks like it's targeting the house of a Kazaa user.
I still love the smell of napalm in the morning though.
"Try browsing the Internet without enabling cookies and Java to see how easy it is for pervasive options to become non-optional."
It's a valid point, tho. I like some of the workarounds, such as Opera's willingness to throw out all cookies at the end of the current session, if said options are selected.
Still, the author appears rather alarmist; DRM is a licensing technology, not a security technology, as the author stated. Thus, WHY would consumer-grade "hardware" be found in professional-grade medical hardware? That's like buying a Packard Bell for IBM's web server... it just won't happen.
On that note, it'd be interesting to see if Intel/AMD/MS/blah will try to include DRM in "server" versions of hardware and software...
"I'm sorry, targeting that missile installation would violate the 'fair use' policy. Please contact an intel representative for liscensing information." Heh. Chips aren't so big that you can hardwire something into them, and not lose something in return, and it's not like intel makes a completely different chip for every application. This seems like a legitimate concern.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
From the article:
The DRMP system is based on the premise that unlicensed use of software or data should make computers stop working. You could also argue that bridges should be designed to fall down if someone is detected crossing without paying the toll.
Ok, I don't like DRM either, but that's rediculous analogy. Most people's interpretation of DRM doesn't include making computers stop working if they're running unlicensed software. It's designed to stop a software package from running if it isn't licensed on the machine. I have a really hard time believing that DRM will ever be in anything like heart monitors or any other specially designed hardware. In my opinion, this guy really is just being alarmist.
why is this news? Of course DRMP embedded in stuff will slow the stuff down. Running virus protection takes processor cycles too, so security == overhead there.
Unless Sen. Hollings has his way, DRM on the chip can be ignored by a custom OS. The problem being that Windows DRM 2005 will refuse to run without this capability.
"When a technology gets pervasively embedded in microprocessors, computer boards, and software, it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems."
I'd hate to see a scalpel go bezerk in the middle of an operation - curse you technology.
The only way drm would be included in embedded systems is by law. No manufactor would voluntary put it in for obvious reasons. Wince devices would be another story.
And for Hollywood, Its not like some hacker is going to go into a hospital and turn a resperator into an internet file swapping server and take down the whole media industry. Come on and get real!
Drm will only be in pallidium systems so Microsoft can make more profits by being the gatekeeper of the internet and all multimedia. Infact pallidium is really not a drm sollution in itself according to their faq but will be used to enforce it. Its already in Windows2000 and WindowsXP.
I am sure Fritz will make an exception for many critical embedded systems if he decides to write another insane and unconstitional law. After all the military can not be bothered by drm when their systems monitor nuclear missles. All he cares about is his big fat paycheck by his employers. OOps I meant contributers.
http://saveie6.com/
--it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems.
;)
I can't believe it... a last a positive use for DRM hardware !
Karma cannot be described by words alone.
As I've been saying, DRM / Content control will permeate every facet of ours lives given time..
At a certain point we wont even know what is the truth, and wont have the digital rights to find out... or tell someone if we do....
Though when i first started preaching we didnt have the cute phrases such as DRM, but the concepts were there.
1984? He was only off by the year.. more like 2004 is a more accurate guess.
---- Booth was a patriot ----
You would be surprised what kind of hardware is used in mission critial applications. When it is possible to reduce the costs suits would do anything. Including using inferior hardware and such.
And what about public funded government controlled institutions such as the NASA? They still use the 8086 chips, even though those are consumergrade, in their shuttles. If it functions it's good. Especially if the materials are cheap.
Thus, WHY would consumer-grade "hardware" be found in professional-grade medical hardware?
Because Fritzie-boy is all hot and bothered to close up the "Analog Hole". That means that NO commodity DSP or processor chips can fail to support DRM. One consequence is that embedded device makers will have to get special exceptions for un-screwed up processors and memory (vastly increasing costs and development time due to red tape). If embedded and real-time manufacturers use commodity parts anyway to control their costs then they'll have to contend with DRM just like anybody else. This is where the defib machine letting someone die on account of a licensing issue comes in.
Remember "professional-grade medical hardware" uses many of the same components as consumer grade hardware. The difference is in how it is configured and even more importantly certified to operate correctly. Mandatory DRM basically means that the well EVERYONE is drinking out of is going to be pissed in by Rosen, Eisner and Fritzie-Boy.
You would think the argument that many of our fancy military weapons might fail to work could be a pretty good one to use with all our "representatives".
In other news, the US launched a Nuclear Strike against China today.
Hillary Rosen had warned China of the implications of the nation's failure to address music Piracy.
"We warned them there would be severe implications, especially after our merger with the BSA brought software piracy under our jurisdiction."
The RIAA used the Digital Rights override software installed in all US computer systems to launch 12% of the US nuclear arsenal at strategic locations in the piracy prone nation.
"We have to protect the profit margins of the music industry. Musicians have a right to profit from their work, no matter what any one government wants."
When a CNN reporter brought up the potential legal implications of such a move, Ms. Rosen replied, "I don't think that's an issue. If I, or any other member of the RIAA is arrested, the President's pacemaker will automatically disconnect, as will the embedded medical devices in the bodies of half the US Senators. We will simply revoke the digital rights of those devices, thus rendering them inoperable."
"Live Free or Die." Don't like it? Then keep out of the USA
I seem to remember hearing 'when {blah} happens to embedded systems, many things will be affected in subtle and BAD ways.'
Where {blah} = y2k, now {blah} = DRM
Now I'm entirely AGAINST what DRM stands for, but that particular comment won't win any supporters after Y2k used it up.
"Draco dormiens nunquam titillandus."
"Just because you *can* do something, it doesn't mean you *should*"
I know I'm an old hippie, but I really believe that if Microsoft and Hollywood spent a fraction of the resources they're throwing at DRM solutions into creating a workable micropayments system for the web, and IP owners started selling their goods at reasonable prices, they'd be minting it in no time.
When VCRs first appeared, Jack Valenti decried them as the spawn of Beelzebub, and foretold the death of the movie industry because of home taping. What happened? They now make more money on VHS and DVD than they do in the cinemas.
And just to prove that piracy *isn't* an issue - the release on DVD of Harry Potter *without macrovision* was the biggest ever DVD release at the time. How come, if everyone was just waiting to pirate it?
To some wild conclusions, the author of that piece linked does.
1. Most military gear does not use off the shelf CPUs. An example - F/A-18E/F - while SuperHornet uses armored Cat-6 cables and PowerPC chips, they are specially made hardened chips for military and commercial sat applications. F/B-22 uses 486s as does F-15E but they are special 486s that come out just for military applications. If you sell a part to the US military for a system, you must produce that system for 15 more years. Since the new F-15Es for the US/Israel/Korea are just delivering now, one can expect 486s without DRM for a while, since F-22 may be in it's current model production until 2011, expect 486s until 2026.
Parts for missiles and PDAs sold to the Military are under the same rules.
2. Medical equipment - Usually use embedded OSes and Dragonball, 486s, ARM or Mot 68000 series chips, not the latest and greatest from Intel/AMD. They sure won't be running Palladium. I found that arguement by the author to be, well stupid.
3 I had another point, but I've got to go to work, and I forgot it. Sorry.
AFAIK, big (or small) fancy mission critical things like pacemakers and engine control systems do not use most (any?) of the same chips that run the kind of things DRMP is supposed to control.
Yes, yes, I know he sort of addressed this in the article, but not very well. These sorts of things seem to be specialized enough that if you have to have non-DRMP'd chips and none are available, you spec new ones and have them made. Makes it more expensive, yes, but not prohibitively so.
Gotta go re-read the dratted thing I suppose, but right now looks like flag-waving FUD to me. About DRM. Heh. No wonder slashdot posted it.
AMCGLTD.COM. Where cats, science fictio
A piece of code that runs behind the scenes and can stop the user accessing their data or even stop the machine from working at all. Didn't we used to call those Trojans?
Stephen
"Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
Not so fast there. With the possible exception of the cell phone, none of the systems you've described have any application whatsoever to digital rights management and the idea that DRM code will "somehow" find its way into every IC / processor, even when such application is utterly useless and contrary to the design constraints (and adds substantial costs) is simply unfettered paranoia. Code doesn't just "appear" by itself and attempts to push meaningless extentions of technology into areas which may risk lives is not going to happen. I can assure you that Boeing's fuel management control systems are not built from parts purchased at pricewatch.com, the differential resonance processor in an MRI isn't a .Net Managed Code resource, and the Navy isn't sourcing on-board trajectory guidance modules from RadioShack catalogs. Legislation that attempts to make that happen isn't going to fly because it would cripple the very industries that rely on technology to succeed and form the heart of Western industry. Even the worst case, the one you've predicted, isn't that bad; we'll just do like we always have -- if they build a higher wall, we build a taller latter. It's simple, really.
Look, I don't want to dismiss your ideas outright. In fact, I share your feelings about DRM -- In its present form it only protects the rights of the corporations, not the rights of the consumer. (In that regard, it should be called "Digital Restrictions Management.") However, this article furthers the same "idea taken to an extreme" paranoia that made people worry whether their car would start Y2K morning.
So relax; take a deep breath and go find something substantial to worry about. There are enough big problems out there without sweating the details of something incredibly unlikely to affect the world in the way you've described.
Remember the 105 year olds getting the letters telling them it was time to sign up for kindergarten? That was a y2k glitch. On 1 January 2000 I visited the US Naval Observatory's Time Site and was informed that the date was 1 January 19100.
A cousin of mine was pulling a low six figure salary from 97 through 99 fixing COBOL systems. The bamks/hospitals/etc spent quite a bit of money fixing the systems.
Best Slashdot Co
(start sarcasam)Yep, Intel should be responsible for incorporating DRM into our current technology. It isn't like they violate any copy right, patent laws, or IP theft. Hell, when their new line of processors come out (http://slashdot.org/article.pl?sid=02/10/11/03122 2&mode=thread&tid=118) I'm sure this technology will be fully functional, and we'll never notice it(end sarcasam)
--fetch daddy's blue fright wig, i must be handsome when i release my rage
Bold is mine. This will not just apply to software, it will apply to everything. Music, books, art, etc. The list goes on. Anything that you create now, even if it is for your own amusement, will be shut down by Digital Restrictions Management. This is just one step in the control of *creation of content*.
Entertainment companies do not want to just control all of their content, they want to control ALL content. You will need to register with 'a third party' for a signature to release your *own works*. Of course, to keep the sigantures from just being owned by 'anyone', they will be prohibitively expensive. You will be unable to compete with the entertainment companies, the software companies, and all others. You won't even be allowed to release your own works of art, music or writing.
Somehow I doubt that a themometer will be allowed to shut down anything, in law or in practice.
It is the independent creation of content that is being threatened, and don't you forget it.
This is why any sort of DRM will ultimately fail for any device that isn't a dedicated media player. In order to be successful, when a DRM device has a fault of some sort, it has to assume that process X isn't authorized to execute. This is the antithesis of mission critical systems, which must never fail.
This is also why Palladium will also fail. Microsoft has said that to be useful, Palladium must run on 100 million machines. In order for it to be useful at all, it must fault towards false negatives (i.e., if it thinks something is wrong, it prevents execution rather than defaulting to execute). Assume that a)Palladium works properly 99.9% of the time and b)that each person tries to run a Palladium enabled program one time per day. Even working 99.9% of the time, there'll still be 100,000 errors per day (and we assumed that each person only tries to use Palladium once in a day, too). Because of the way Palladium works, these errors can't be corrected in house, meaning each person must call Microsoft HomeBase (or internet in, if Palladium lets them) and have the error corrected by a person. This process won't be automated by definition, otherwise it could've simply been part of Palladium itself.
Suppose Palladium shits and dies on you while you're trying to do a presentation of your big proposal? Suppose IIS shuts down your business site on the day after Thanksgiving? This isn't something you can fix yourself, you have to fight 99,999 other people for the phone lines to get the error corrected. There's just too much risk using this sort of scheme even in the business world, much less in mission critical embedded processors.
I think you'd be suprised then at how many QNX machines are running on standard intel in industry critical applications. I don't know about medical, but it's there in manufacturing and engineering.
"I see in the near future a crisis approaching that unnerves me and causes me to tremble for the safety of my country.... corporations have been enthroned and an era of corruption in high places will follow, and the money power of the country will endeavor to prolong its reign by working upon the prejudices of the people until all wealth is aggregated in a few hands and the
Republic is destroyed."
--U.S. President Abraham Lincoln, Nov. 21, 1864
-=[ Who Is John Galt? ]=-
it will alter the performance of power turbines, jet engines, medical instruments, cell phones and missile guidance systems.
So does this mean that if I'm driving into New York while talking on a GPS enabled cell, the DRMP in my fancy new phone is going to detect that I don't have the right to be driving and disconnect my call?
An old story but still funny... the Aegis crusier USS Norfolk had to be towed into harbor because the power plant was disabled by a Windows NT failure.
a vy .html
http://www.slothmud.org/~hayward/mic_humor/nt_n
"The capitalists owned everything in the world, and everyone else was their slave. They owned all the land, all the houses, all the factories, and all the money. If anyone disobeyed them they could throw him into prison, or they could take his job away and starve him to death. When any ordinary person spoke to a capitalist he had to cringe and bow to him, and take off his cap and address him as 'Sir' "
--Orwell 1984 p. 73
-=[ Who Is John Galt? ]=-
Please schedule immediate surgery to have the Fritz chip removed from your cerebellum before it is too late.
You have made a critical error in assuming that "Fritz" will have anything to do with the writing of any such law. The "Senator from Disney" did not write the proposed law. He merely took the money from the lobbyists along with the draft of the bill written by the lawyers retained by the concerned industry. There will not be any exceptions to the law - no matter how "sensible or reasonable" an exception might seem.
But let's not get despondent over this after all the bill still has to get through both houses of Congress and signed by the President before we have to worry about it. And once it passes Congress, but before it gets to the President is the time to fix it. Simply borrow a play from the RIAA and insert a paragraph to "clarify existing standard business practices". Here is my proposed "clarification":
No case may be brought before any Court using any section of this Act save by a licensed lawyer who has had a DRM protected override chip installed on their vagus nerve for a period of ten years.
Kind of breathtaking in it's simplicity eh?
You either believe in rational thought or you don't
~~~
A detachment of special forces is pinned down by enemy fire. The bad guys have found a bug in the special forces target tracking software that allows them to confuse it, maybe by putting out heat sources that are right on the threshold of what is flagged as a target by the software. The good guys fix their program in the field, correct the bug and reinstall. The DRM agent rejects the new software and prints a little message: You have tried to run unlicensed software on this processor.
He underestimates the military, take the Marines for example, they are men who solve problems by eliminating their causes. After the first instance of this happening the word will spread quickly in the software developer community of how a bunch of angry Marines showed up at Microsoft HQ (DMRP division) and rammed armed stick grenades up the developers Rectums before pulling all the pins with a string (Paralell processing).
Only to idiots, are orders laws.
-- Henning von Tresckow
lets build a lot of weapons with drm inside and sell them to iraq or afgahnistan...
then when they try to use them it tells them access denied.
But they probably are running a bit different 8086 than the one that was in my first computer. My guess is that a little more love was put into the chips they use. But I do see your point. I actually would have thought they'd be running some "super cool proprietery NASA space chip" or something.
Can all fish swim?
Comment removed based on user account deletion
However, his contention that the only use for Palladium/Trusted Computing Platform technology is DRM is wrong. It could be used, for example, with the Brazilian voting machines, to make sure that what you think is the output from the voting software really is. Without keys protected in hardware, you can't be sure. With TCPA, the output from the software (over the net or on floppy disk) can be signed with a chain of keys right down to the hardware. Without hardware help, there's no way to hide keys on remote systems.
On a less serious note, you could be sure that your opponent in a network game is a person, not a gamebot.
That being said, DRM would still be the #1 use for the technology.
I haven't heard a single case in which some valuable information was stolen or some computer was hacked because of cookies - and I also can't imagine a way how something like that should happen.
Can someone please tell me why cookies are considered "insecure"?
How else shall we implement sessions? Query-strings? Awww.
The Ukraine has allready suffered from the music industry over zellous rights management. I can't believe how blatent the corperate sponsership of the sennate is in the US. It seems to be accepted that if a sennitor (or president for that matter) has their campaign funded by a company or interest group then he will legistlate in their favour. It even seems like some companys hedge their bets and back both parites. This is supposed to be a democracy? I thought the idea was to look out for the interests of the people who vote for you. I have no dowbt that simmalar things happen everywhere but it is not quite as blatent. The Fritz chip and related technologies do not help the little people at all. They only help content producers and M$.
What's wrong with encoding a session identifier in the URL? You don't have to put it in a query string if you don't want to. The entire URL is available for coding state.
Cookies are evil and software architects need to get that through their heads. Unfortunately, many projects are staffed only with developers and application programmers incapable of a deep analysis of anything.
Comment removed based on user account deletion
Does this mean the recording industry can be prosecuted under the new anti-terrorism acts?
Some of this idiocy should begin mitigating when campaign finance reform kicks in next election cycle. I just hope it's not too late. Does anyone want to take odds on whether there ARE elections in 2004?
Hic iacet Arthurus, rex quondam rexque futurus.
Footnotes:
3.TPCA says that the hardware device that stores and handles encryption can be turned off locally. However, what this will mean in practice is that any DRM sofware will detect failure and refuse to operate.
So if I am running Linux (which doesn't give a rats ass about DRM) turning off the hardware won't matter to me as NONE of the software I run expects any DRM hardware to be in place. Same thing with an embedded real time OS running in a medical instrument or in my car, etc.
LEGAL LIABILITY
I wouldn't be surprised, also, if some of the mission-critical applications that the author claims may be affected are covered by explicit legal requirements for certification which will proscribe the mischievous addition of functionality which is both unrequired for the operation of the devices in question and which by its presence will undermine their reliability and safety.
By all means sound the warning bells when some of these bought toyboys introduce particularly inept legislation, and use excessive scope in their proposals to argue that they and their corporate sponsors are too stupid and self-interested to be permitted to decide on these matters, but don't pretend that just because one interest group has its head pushed so far up its posterior that it resembles a klein bottle it will be allowed to get its own way even if the result is that aircraft may start dropping out of the skies. All that does is to play into the hands of the content-distributors' efforts to portray their opponents as turning hysterical now that someone is finally doing something about their thievery.
Not just NASA. There are quite a few nuclear reactor protection systems based on the 8086/8088.
I really don't think these chips are any different then what you could buy from an electronics store. We performed our own signature and time response testing after replacing anything so they were well tested prior to use.
Bad boys rape our young girls but Violet gives willingly.
/. needs a better topic icon for stories like this. I suggested this one a long time ago, but apparently they didn't listen to me or didn't care.
:P Maybe I'll try to make it. :P
The picture should have a fat white man's legs and ass with his pants down around his ankles. His pockets are stuffed with money and congressmen and he's taking a shit right on top of a copy of the Constitution. That would be a better icon than a hand with a microphone.
Best. Comment. Ever. Enjoy!
Very expensive specially designed software. After all, poor Mr. Smith is dead just the same if the life support is shut down by the operating system, the data base, or the email program instead of the processor.
They should make DRM mandatory for medical systems to make sure that every lifesupport systems uses very expensive specially designed software.Imaging what damage a virus could do with a medical system which runs outlook.
I am quite sure that all critical systems already use specially designed software.
The part about ABC and XYZ word processor (or insert any content editing program) is very persuasive and will be the first place we will see this pushed beyond sensible limits. Many people will still say "shut up and use MSWord". Once it gets to this point it may already be too late.
My hope is that by raising awareness through intellegent articles like this one, more people will see the extent of the risks. The fact is that the kind of pervasive DRM that is being pushed is incompatible with many applications, and as the engineers designing these systems begin to understand the issues, they will apply "due diligence" as described in the article.
If the extreme DRM approach wins in the marketplace, we will all suffer from the kind of thing described in the article, and more. At the very least, it will increase the cost of developing and deploying the kind of critical systems described because they will lose access to a lot of commodity technologies because of these concerns. What will emerge is two technology worlds one with and one without locked in DRM controls.
IMHO, the DRM side will lose because of all the unintended consequences of their badly implemented technology. It's a monopolist's approach, and the real strength of PC hardware is the competitive markets for all the component technologies. The worry is that we will all be happily resting in the warm water before we realize it is too late.
Uh-oh... what's scary is that his scenario might prove very attractive to the computer industry.
The computer industry is currently reeling from the high degree of competition that has been brought about the commoditization and universality of the PC architecture.
In the bad old days, IBM deliberately kept product lines separate and incompatible so that they could segment individually manipulate different groups of customers. Certain product lines were arbitrarily designated for certain classes of customers (small business, large business, scientific, etc.) If competition developed in one area, they could cross-subsidize and lower prices for that group while raising them for another. The victimized group couldn't do much, because migration to the more cost-effective hardware was too difficult. High margins were maintained.
With DRM, we can foresee a return to the golden days of yore. If DRM makes computers useless for applications where security and high reliability are required, voila! we have market segmentation.
We could have cheap consumer PC's with DRM in them, basically unusable for many applications for the reasons so clearly articulated by Yodaiken.
This would, of course, create a market for exactly the "very expensive nonstandard hardware" he talks about.
Vendors could make high margins on products like "medical computers," knowing that hospitals did not have the option of migrating to commodity consumer PC's.
"How to Do Nothing," kids activities, back in print!
The technology doesn't bother me, it's the law that drives it. Does anybody think all IP laws should be abolished (like slavery laws)?
Comment removed based on user account deletion
I read about this years and years ago. NASA sent a spacecraft to Venus or someplace. The system had two processors, each of which was designed to test the other processor for signs of failure and if such were detected, to shut the other processor down and take control of the spacecraft.
Well, one of the processors' software had a bug in it that caused it to believe the OTHER processor was defective. It shut the other one down and began to take the craft off-course.
NASA had to reprogram it from the ground to convince it that it was the one that was defective. When they managed to do so, it restarted the other processor, handed off control, and shut itself down.
I can easily see DRM having problems like that which is what the author is suggesting.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
"Despite marketing, DRMP is a licensing technology, not a security technology ..."
Absolutely true.
What most people fail (or deliberately refuse) to understand is that any technology must be simple to be reliable.
The sole purpose of that piece of crap is clearly to ensure that everyone on this planet one day can be tracked, let alone forced to pay a fee for even the silliest thing. It's a Bad Thing (tm) both technically and ethically.
DRM is achieved by building walls, reliability (and performance) by removing them. Somebody must stop that dangerous waste of time and resources before it's too late.
Is anyone else out there pissed at the fact that they will actually have to log on to the internet to even use their computer? I mean for broadband its ok, but there are a lot of dialup users out there, who don't need to log in right now to listen to music or to watch DVD's.
It's an absolute, non-negotiable condition of any media that I own that I can play it whereever, whenever, and with whatever technology I deem appropriate. It's absolute and non-negotiable that my right to play is never contingent on 3rd party approval. This should be everyone's creed, if it isn't already.
I don't even have an ISP at home. (my lunch hour at work is sufficient, hence my posts at about 12'o clock ;-) That DRMed Elvis Costello CD which got released a while back would have been entirely useless to me.
WHY would consumer-grade "hardware" be found in professional-grade medical hardware?
In a word, COTS. That's short for "Commercial Off The Shelf", and it is commonly used to mean "use something cheap from the consumer market instead of a high-quality part". Everyone is doing it, up to and including spacecraft and launch vehicles. And people seem to think it is some kind of magic bullet, as if the time you do not spend developing is not somehow lost integrating and working around deficiencies.
So yes, a scalpel could go beserk....
Not to mention a laser knife, or one of those microwave or radiation "scalpels".
Oh, the mess...
Something as trivial as a malfunctioning X-ray device could possibly condemn you to a slow painful death in cancer.
Making a law that forces these things to be more complex and bug-prone with DRM would seem like a bad idea to any thinking person.
But I guess the glory of capitalism is that a lot of people doesn't care if a stranger die as long as they make a buck.
"First lesson," Jon said. "Stick them with the pointy end."
In a word, yes. That's really the whole point of the argument. DRM is a trojan for the entire industry (if it succeeds). I don't really see how it can win since it is only a gift for a very small segment of the market. MS and to a lesser degree Intel are the big gorillas here. Only MS has the monopoly power to make it widely deployed, but they have a harder time pushing it in Congress because they are already seen as a monopolist bully by many. The [RM]IAA are the ones doing all the lobbying, and trying to make everyone think they are harmed by all those nasty pirates. MS is only too happy to supply the technical means to implement it. It's one of those conspiricies that can't be attacked because the collaboration is silent.
DRM cannot be implemented piecemeal, no security system can. Imagine a military base that has security gates and open gates, all leading onto the same base. Or a server with some secure ports, some insecure. No good! It's all or none.
For you and others, let me repeat that: Every component has to be DRM enabled, fulltime, or the system is insecure.
This eliminates your point 2, that medical equipment uses 486s, Dragonballs, etc. The OS is unimportant; the chip is unimportant. Each component has to enforce DRM or there's a security hole. It's all or none. This is another reason to dislike DRM, it forbids Linux and all other source-available OSs, in fact, it restricts what software you can run. But back to your point 2, ARM is used in PDAs, so it has to support DRM. Every component that can connect to other components has to be DRM enabled. Every component has to reject connections to non-DRM-enabled components. The medical system would have to be isolated from the rest of the world. So much for downloading new versions of software easily.
As for point 1, the military is moving to COTS (Commercial Off The Shelf) components precisely because the pure military market is so small. Imagine the per-unit cost of buying a thousand processors of a couple of hundred airplanes, when the development cost is just as high as a commercial processor. You thought $600 hammers were bad! Ha!
Infuriate left and right
Revolution!!
By the way, when in the heck are they going to start selling that "Revolution OS" film? Come on already.
>I thought the idea was to look out for
>the interests of the people who vote for you
The moment I read that line, I knew you were not from the US.
Have you seen the Robocop movies? All three? I know, the second was lame at best and the third was downright pathetic, but take a look at the way they portray OCP, the Omni Consumer Products Corporation.
Seems out of control, right?
Wrong.
The USA is not run by the citizens, it is run by the Corporations and the people with money.
Americans have been well trained to believe TV over all else. It is a nation of Sheeple, not people, sheeple. The one with the most money wins.
Most Americans know this or are in denial. Why do you think the percentage of eligible voters who actually vote is usually in the single digits?
Corporations have all the power.
And as for your belief that the same big money interests hedge their bets by donating to both parties, you're right. Microsoft gave to both the Gore and Bush campaigns, and I'd wager the cash given was roughly comparable in both cases.
Give money and you're buying access to an elected official. Plain and simple.
The concept of the USA being a democracy or republic is long dead. It's a fallacy believed by the foolish, the uneducated, the mentally challenged and those in denial.
Corporations run the nation, and the only force that can ever stand up to them are the politically connected special interest groups. However, they will never do so, because it would hurt them more than it would help them. Why would a special interest group take on a corporation and lose it's funding in the process?
The anti-trust laws exist for two reasons.
1. Give the impression that the government gives a rats ass.
2. To try and prevent a single corporation from being able to simply toss out the government. The 800 lb gorilla wants to keep all the other gorilla smaller. Of course it doesn't work that way. There are corporations with more power than the government, but the government has the guns and it maintains the laws that keep order, so it is tolerated by the ruling corporations.
Welcome to America. Be a good little consumer. Bend over so the corporations can have their way with you. Don't complain or a lawyer will get medevil on your ass.
"Live Free or Die." Don't like it? Then keep out of the USA
It's not the technology that's "bad", it's how the technology is applied.
Anyone who has tried to construct a "secure" system has run into the same problem TCPA/DRM is addressing: How can you assure that the code you are executing is trusted? Specifically, that it hasn't been corrupted, either intentionally or unintentionally.
Every life- or safety-critical system goes through (or should) a process of verification at startup, and runs self-checks at regular intervals. The same mechanism that is used for TCP/DRM could provide a simpler and higher level of assurance that something bad hasn't happened to your code (or data).
(In a previous life building safety-critical embedded systems, I went to extreme lengths during startup, and during idle periods, to (re)verify checksums on code and data structures. That was to detect corruption and initiate recovery if something bad happened. It wasn't perfect, but it was better than nothing. And it worked. What those systems might have done had those checks not detected those failures makes me shudder.)
Think about using that same TCPA/DRM technology to ensure the integrity of the system's code and data. Think about that same TCPA/DRM technology to ensure the integrity (and maybe privacy) of data consumed or generated by a system, especially medical systems. Those applications of the TCPA/DRM technology could be extremely benficial.
He is making the same point as you (just in a more subtle way). The legislation in question *does* in fact target all of these systems (they meet the definition of a digital media device in the bill).
As a result of such silliness (along with the even sillier examples like digital anal thermometers and such), getting the bill into law is going to be fought at many levels. It will be virtually impossible to get it in with the wording currently proposed. Exceptions *will* be made to permit the manufacture of non-DRMed hardware, and that automatically weakens the intent of DRM (ubiquitous protection of licenced content).
As far as Victor is concerned, he has little to worry about. Hardware for embedded systems will be unencumbered. He's just airing for the side of sanity from his perspective.
Look at the tomato! Isn't it sad? He can't dance! Poor tomato!
But this whole scheme has a far more hideous side: in order to make the whole thing work every software and hardware component in the computer through which the IP content is passed through has to be trusted. If it's possible to put in your own driver for the output device then it's trivial to hack the driver to capture the content. Not to mention the fact that you got to have the OS support the whole scheme.
This all boils down to the fact that there is no way this is going to be compatible with our favourite OS. We can't have unprotected IP passing through OSS code. No way. If the market moves to this new scheme of things we're back to the pre DeCSS days where you could only play DVD's under windows. But now it's ALL the content from Internet, next generation DVD's and CD's that are blocked. That is going to hurt us on the desktop...
Small wonder that M$ is backing this scheme.
TCAP-Abort
The point is that cookies are effectively mandatory, though they were introduced as being strictly optional. The point is that the same thing can (even more easily) happen to DRM as well.
The actual security (goodness?) of cookies isn't the point here; it's simply that "optional" technologies don't always remain so.
Enviormentally friendly power sources:
Large weights are mounted on a wheel. Each weight is equipped with DRM. When a weight reaches the bottom of the wheel the weight is given an invalid passport and stops working, when it reaches the top it is given a valid one. This process drives the wheel that drives a generator.
FRA: STFU GTFO
So why is it that every major chip maker is coming out with DRM when there is NO "consumer" demand? DRM is univerally loathed and no one wants to buy it. The reason is that it's being pushed by publishers, who have displayed their greed before, and the chip makers themselves who would love it if everyone had to constantly buy new equipment. It's not economic! It will cost more, it's performance will be poor by all measures and no one wants it. Yet it is hapening.
If the chip makers can get away with it on your PC they WILL get away with it elsewhre. History shows that todays big iron is tomorrows embeded system. If they can't, they will continue to push legislation that forces it. In the mean time, it's much easier to push DRM onto closed boxes that few people other than embeded systems designers ever examine or care about. EVIL. Cars, ironically, are a great example of demand for gimped up systems that defeat the end user. Yes, in the end those gimped up systems might refuse to start a perfectly sound engine. The author is entirely informed and correct.
Comparing this to Y2K hysteria is at best ignorant. The alarms should be loud and clear. "Digital Rights Management" IS and extreem concept on it's own. The whole idea of you being deprived of control of YOUR machine because you might "steal" a look at your entertainment without paying a fee to a publisher is a radical concept impossible to impliment in the past. Libraires will not be possible if DRM takes hold and is accepted. DRM will be used to impliment the DMCA's non reverse engineering clauses for embeded systems, regardless of performance because clueless executives make up for their ignorance with greed. The author's insight into performance issues for embeded systems and how it will happen is a useful thing to consider.
Friends don't help friends install M$ junk.
you forgot one thing. The American consumer is very choosy. What is going to impel them to embrace something like this? IF DRM was in place it would be a barrier to entry, however what is going to firmly establish it in the marketplace over night, certainly not the consumer if the technology is going to behave the way you say it will. As soon as a few consumers run into roadblocks using DRM, they will be looking for solutions that don't offer it. Market pressure will be the key. All that would need to happen is 1 chip maker that doesn't support DRM and one OS that works with that chip, consumers will do the rest! Collusion is always defeated by a "cheater" and in this case the cheater would be one hardware manufacturer who could amass a huge fortune by not implementing DRM. Try to think about the economic forces that drive the market. All of the arguments I have heard so far make three erroneous assumptions.
1. DRM will automatically appear in anything that receives an electrical current.
2. All software will be designed to be an active participant (seamlessy integrated into everything) in achieving goals that only a person like Jack Valenti and a few others could possibly want.
3. That there will be 1 person making every decision and watching every mouse click that a consumer makes.
Give me a break - the market loves to destroy crap like this. Anything that does not give consumbers freedom opens itself up to huge attacks and competition in the marketplace.
Simple example - company A makes a DVD player that does not play "authorized" DVDs. company B makes a DVD player that does. Whose DVD player are you going to buy? Lets say that company A actually does not have a DVD player that can restrict what the playing of "unauthorized" DVDs, but is coming out with one soon. Then I wil create company B to explicitly capitalize on company A's narrowsited behavior.
END
Don't forget the practical implications of hardware and software enslavement. The author points out the practical considerations. You have pointed out the loss of a free press. The two are equivalent and one will invariably lead to the other.
Consider an automotive emmisions control computer. It may refuse to start your engine if it's last recorded information indicates that the engine will polute. Oh yeah, that might be codified in future laws to enforce exitsting laws on polution control so that break tags and inspections become redundant. Sounds good? The state, we can be sure, will continue to exact yearly fees to own such an automobile, perhaps to combate software "fraud" like fixing your car or examining it's computer without the appropriate licenses, certifications and equipment. Can you imagine a world where people used to just fix their cars in their garrage? Ah!
The code in such embeded systems will be designed to make you buy a new car every four years. It will invariably refuse to start if you miss a monthly oil change a yearly check up or you car is just older than five years old without a huge fee.
Right now so much as release of information on the correct interpretation of diagnostic codes is being debated by lawmakers. Do you think those folks have a clue as to what is comming? The people who gave you DMCA and are considering forced DRM have no clue about such implications. Continue to sound off while you can.
Content creation is important as it allows us to create free software that maintains user control over equipment. It also enables us to make our case for such things being a good thing to begin with. The second is an old and well know benifit of free press. The first is new, but vital for the second to be true as you point out.
Friends don't help friends install M$ junk.
/. is good for getting informed about these things, but not for political activism. The EFF might be a good place to start if you want to get involved. We are all pursuing this is our own ways, and according to our own urges. It's the "open way", you scratch your own itch. Find existing projects, or start your own if you can't find one to join. If you want to help /., post a good story with links to resources or participate by making good comments. You'll know you're in the right ballpark when you stop getting modded out of existence.
The phrase "Digital Rights Management" is a linguistic trick to make it sound like sony or microsoft has a right to control what you read.
Perhaps it should be called Digital Rights Infringement, or Digital Rights Prevention|Removal - pick anything that sounds good. But for god sakes, stop calling it DRM.
How do you let people know that your new acronym refers to "DRM". Well, whenver someone mentions a NY Times article, they always put (free registration required) in parenthesis. Everytime DRI is mentioned, everyone should put (DRM) in parenthesis.
Maybe DRI (DRM as the industry calls it), will then be seem for the power grab that it really is.
You might be able to use some of the TCPA hardware resources to implement privacy and security facilities, but what you design would be far removed from anything in the current proposals. Your solution is more like virus detection under Windows. It is much better to make sure the external interfaces are well secured than to constantly scan for intrusions. Scanning is a good check that you aren't getting hacked, but not a good way to run a reliable system.
How many of us are running machines with high-temp military/space grade chips? How often is the general public ripping CDs using a real-time OS/toolset?
There is some crossover, but this author doesn't understand hardware boundaries as they exist today. I don't buy the "propogation" theory either.
DRM will fail anyway, there are countless ways to hack a human interface, and digital content is too easily manipulated by the masses (the genie is out of the bottle). We here know this. Valenti will find this out after he pays for the tech industry to distribute his content securely and it still ends up shown free in our basements before box office release. More money to the servants of chicken little = us.
With any DRM, they fight not the spread of content but the spread of knowledge to manipulate content aka DeCSS. Can you imagine a day when acquiring and building a Linux bos from industrial parts (non-DRM components) is illegal, along with the knowledge of how and where to do this?
"Strange Days" and a handful of other thoughtcrime-esque movies portray such an environment. I don't see it being possible. Not without revoking a huge section of personal freedoms from people. Information wants to be free. Somebody needs to rebuild the model for rewarding the creation of information.
mug
Every time the topic comes around I've pointed out exactly what you say: It's NOT about content, it's about preventing independent content and/or distribution models from ever becoming viable alternatives. I don't know why this is so hard for otherwise-intelligent people to understand! :(
~REZ~ #43301. Who'd fake being me anyway?
The military hardly ever uses consumer electronics in the serious applications. Everything is "milspec."
No, it's not the military that should be fighting against this. It is every IT department on earth. Why would ANY business ever buy a piece of equipment that permits an outside entity to muck around with it, or even disable it? In this nightmare future, there is no such thing as a "production" system, because entites outside can change or disable the system configuration at will.
Defenders of this technology say, "Yes, but they won't do that." Maybe not, but how can you be sure? What if you are in a business that competes with one of your own vendors? Obviously, such conduct would be illegal, and, as we all know, companies never do anything illegal. Also, this is an exciting new opportunity for a DoS attack. Suppose you have a production server that allows file uploads for legit reasons? If people upload improper content, no biggie, you just delete it, right? Not anymore. Someone uploads a renegade copy of Sierra's "Cooking Light" software and BAM! One of your production servers shuts down.
Now I realize these scenarios are unlikely, but my point is that they are not impossible. And that alone should scare the excrement out of any CIO.
Besides, its not all that unlikely. Let me tell you a little story from my own personal experience. I worked for a "pre web" electronic commerce operation. We used AIX and Netware. TCP/IP was just becoming a big deal (although the web wasn't here yet -- it existed, but basically just at CERN and other research institutions), so we decided we wanted to do our IPC over sockets. This meant we had to install TCP/IP NLMs (remember NLMs?) on all of our Netware servers. I got this job.
Now, I wasn't a CNE (I probably shouldn't have been given the job), but it was just installing an NLM on our test servers, and I knew my TCP/IP, so no big deal. We had five test servers. We purchased 5 legal copies of the NLM. I took one of the floppies and went from machine to machine, installing. Five minutes later, EVERY SINGLE EMPLOYEE IN THE COMPANY, about 45,000 people all over the USA, started getting those annoying netware broadcast messages (this is the MS-DOS era folks) that a Novell Software License was being violated on the network. These messages came every few minutes.
This was my early experience with digital rights management. I got it cleaned up within the next twenty minutes, but you had better believe that it is not a good thing to annoy an entire company, even for half an hour.
This is NOT A GOOD THING. An inexperienced person can install software on a test system and interfere with an entire corporation. Now imagine this with outside entities able to reach in to you corporate network and do things like this.
If I were a CIO, I would have a policy that forbade ANY DRM enabled equipment to be attached to my corporate network. Period. And I would see to it that every vendor I worked with got a copy of this policy.
Gene Spafford (one of the foremost computer security experts, and founder of COAST, the reliable systems project at Perdue University) defines a secure computer system as one that does "what you expect, when you expect it." No DRM equipped system could possibly meet this definition. Ever.
Think about this when you are making purchasing decisions and setting coprorate policy.
Just a little note on the 8086 architecture. I don't think it's a method of cutting costs. Rather, I think it's to model technology on a proven, working, rock-solid platform that is going to behave predictably.
I think, therefore I am an Atheist.
Because as the wheel makes the first revolution, there is an average of the same number of weights on the right and left sides, so the wheel will not keep rotating in a particular direction.
The notion that running "anti-virus software" equals security is just stupid. If you keep your system up-to-date and run a reasonable mail reader, you don't need it. Anti-virus software is like taking antibiotics prophylactically: it's expensive and not good for you. And anti-virus software breaks a lot more than just making your computer slower.
This paper is just fear-mongering since it requires you to make the leap that DRM will be embedded into everything, which makes no sense at all. You can easily reproduce this arguement for nearly any technology, since almost nothing will be appropriate everywhere.
I think that papers like this do not help our effort. Let's attack the real problems we face today, rather than making up imaginary ones.
I am afraid, it is not a valid point to say that it is a social burden wbeb
sites use javascript and cookies. Nor is it a
burden to say, for example, that there are too
many churches in my town and since I am an atheist it bothers my.
If you don't like it, visit other sites that
don't use javascript or pop-up! And if you don't
like to drive by churches, then too bad!
The only potential problem with the websites .doc files).
are only those that are meant to be visited by everyone:
like the government sites, the State Attorney's General, the IRS, etc,. These
are the only onece that should be contructed with greater
care (and without
Is the market for high-end medical technology big enough that Intel will be building DRM-free microprocessors and the HD makers will be building DRM-free HDs to suit the market's needs? Will this even be possible if CBDTPA passes in anything remotely resembling its current form? (read it yourself and you'll find the answer is NO!).
In any case, the author is better qualified than you are to determine what's alarmist and what isn't, unless you're prepared to discuss the RTOSs you've developed on your own over the years.
Tech Public Policy stuff
I really like your argument of the market being the white knight and saving the day- but there is a force that is more powerfull in the medium term than the market. The Law.
Get a law passed forcing DRM and goodbye freemarket and its ability to correct in this situation.
Perhaps market realities will impose themselves EVENTAUALLY- but you can't count on that being any time soon.
Remember "Trusted computing" meaning one-way trust with you on the short end.
You trust the chip, the keys and algorithms in the chip, and so-forth. The chip DOESN'T trust YOU, the chip hides the algorithms, keys and so-forth and thus prevents you from using them. You could ask microsoft for a public-key that the chip would then verify in the secret way it verifies things. Then you'd be fine untill or unless MS decided it didn't trust YOU anymore OR until some hacker wound with MS' keys and decided to have some fun with you.
--- And the funniest thing is that Pallidium actually provides a plausible scenario for cyber-terrorism becoming a "weapon of mass destruction".
If all rights are revokable, you could shut down the world permanently with just the right messages.
Nasrudin called at a large house to collect for charity. The servant said
"My master is out." Nasrudin replied, "Tell your master that next time he
goes out, he should not leave his face at the window. Someone might steal it."
- this post brought to you by the Automated Last Post Generator...