Slashdot Mirror
Linus on DRM
Thread on LKML:
Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!
Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.
I want to make it clear that DRM is perfectly ok with Linux!
There, I've said it. I'm out of the closet. So bring it on...
I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.
In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".
And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.
The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.
[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]
In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.
And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.
Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.
But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.
That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.
I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.
Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.
So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).
Linus
What is this "h*ll" ?
Is it where all the naughty puntuation marks go when they die?
graspee
What Linus is saying makes complete sense to me. I think the
Kernel level of Linux is the wrong place to make a political
stand like that. What has made Linux successful, and what will
make it ultimately *the* OS is it's an
Evolvable System
The fact that people can use Linux for whatever they need to is
what makes it such a compelling system. The fact that you can
tinker with it, change the source, in short make it work for you
is what makes Linux successful.
He also makes a good point, there is a difference between
allowing DRM and forcing everyone that uses the OS to use DRM
(as M$ want). There are some times when DRM is very legitimate
(Goverment Top Secret Docs, Litigation Confidential information
etc), and there are the times when I consider it to be
un-ethical (most other situations I can think of).
I have to say way to go Linus. Keep the system evolvable.
Ultimately isn't it a catch 22 anyway? If he prohibits DRM,
isn't that sort of like saying "this is my software and you
can't do XX with it".
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
Slashdotters are very confused. What to hate? Who to love?
sin(6cos(r)+5A)
Technology, encryption, reverse engineering, mp3's, drm, sniffers.. they arne't inherently evil. It's the usage and if they go against your morals, ethics and general desires, if they are good or not.
Laws which put their use at all, as forbidden or not, is what should not be put into law. It's how they are used.
-
ping -f 255.255.255.255 # if only
"There, I've said it. I'm out of the closet. So bring it on... " -- Linus Torvalds
Things are so much more interesting out of context...
Linus Not God, Says God
In a shocking announcement cast down from the Heavens today, it was announced that Linus Torvalds was not, in fact, God.
Anthony Macewell was chosen to receive this information, as he worked on his PC:
"It was kinda freaky", Anthony said, "Linux booted, and just when I was expecting it to fsck everything, my computer burst into flames and I was surrounded by a host of angels. I don't remember that ever being a feature of Red Hat."
The angels, their appearance accompanied by a flawless four-part harmony, left Anthony a delicate manuscript, explaining that he should make sure that it was delivered to the Linux community.
The manuscript reads:
"For the attention of the Linux Community: Linus Torvalds is not God. God is currently very busy in creating various new planets and overseeing the forthcoming apocalypse on Earth. He has not had the time to develop any mortal Operating Systems, and is not likely to do so in the near future. He will continue only to endorse white robes and comfortable sandals."
The reaction from the Linux community has been varied. The slashdot.org community has reacted by having a circular discussion, with any idea other than "Linus is God, and Linux is the best thing ever for anything", being slammed down by angry, frothing, Linux advocates. A crusade to burn all the non-Linus believing heretics has been launched, in the form of a new website with a flashy domain name, which will predictably close within two weeks due to a lack of interest.
A spokesperson for Microsoft commented, "Well, we never believed that Linus existed anyway. It takes more than a couple of sightings near burning bushes to convince us, you know. We'll continue to worship Windows as we always have done. Lots of people have faith in Windows, no matter how much it lets them down, so it must be right."
Why do I h8 apple?
Once again Linus leaves it up to the one thing that makes linux beautiful: Choice.
Are you secure enough in your masculinity to run 'man touch'?
I'm an "Oppenheimer", and I refuse to play politics with Linux
Is that "Oppenheimer" as in the head of the most politically motivated science program of all time?
"If you think education is expensive, try ignorance" - Derek Bok
Seems reasonable to me though. You don't have to compile it in to the kernel you use if you don't want it. He's just offering a choice. For this one, I will accept that he is in fact remaining neutral politically.
Damn, I didnt know RMS was playa hatin' Linus.
I'm an "Oppenheimer", and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to - which very much includes things I don't necessarily
personally approve of.
It's nice to see that Linus has his priorities in the right place. Too bad others can't follow his example. *cough* SCO *cough*
It's Linus' optimism. See, RMS insists that if you don't tell people what they can't do with software, that they'll do the worst. Linus assumes that people will do whatever they feel like, and the more they can do, the better, because you can't easily stop a movement. You can stop a man.
Go Linus. I'm not a DRM fan, but I am a fan of you ideology.
This was all a practical joke..!!
..and he said... "Watch them all support DRM now!..and he snickered again.."
It was Bill Gates snickering with a Linus puppet on his hand!
I said "Hey Bill! Whatchya doin'?"
I think it's interesting that it takes the "leader" of the OSS movement to put the brakes on some overboard reactions by slashdotters and many others. Too often we relate some issue as being a Microsoft invention and thus evil when all along it's been incorporated in a different form in our favourite OS. Perhaps we can learn a lesson about this and start applying it to other organisations (RIAA, MPAA, etc.)?
This is my digital signature. 10011011001
why does allowing binaries to be signed make DRM "ok". maybe i don't understand DRM (which is likely...)
Schrodinger's cat is either dead or really pissed off...
If you disable sharing of certain digital information for a vast majority of users, you've effectively plugged up the problem. Obviously, you'll never stop *everybody*, so that's not a realistic goal in the first place. So it doesn't really matter what Linus thinks/does, at least not in this point in time (the GUIs that come with the popular Linux distributions ain't ready to take a serious run at the desktop yet).
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
This is exactly why I like Linus. Unlike certain nutjobs, he's rational enought to know that one should always use the right tool for the job.
When ideals get in the way of actually achieving your goals they are doing more harm than good for the cause.
That comment made me wonder if RMS actually holds a grudge against Linus for not conforming to his standards of "purity".
The owls are not what they seem
--if you are going to do that, why would you even put the key in there? What am I missing?
Seems to me that drm violates the spirit of gpl, but I most likely still don't understand it. If some company wants to make a drm enabled kernel,and deploy it, then it can be cracked shortly if they follow the gpl? Or what? I don't get it obviously. This is like missiles, anti missiles, anti-anti missiles, ad absurdium.
new distro, the yossarian distro
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private keys in the binary
Can someone explain what's he talking about here ?
AFAIK, You sign someting with your private key and ppl. can use your public key to verify the integrety of the message.
Also if you want encryption, then u encrypt with the receivers public key so that only he can decrypt it with his private key
No where in this process is the private key required to be disclosed.
So what am i missing here ? or is he talking of some totally different keys ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
There is nothing horrible about the idea of DRM, its mearly what people are going to do with it. And before any blows my head, just remeber this is that same argument put forth to defend openbsd only yesterday( was it yesterday, I'm loosing track of time at the moment.)
I like that I can trust software to be what it says it is, I think its a step in the right direction to protecting againt trojans etc..
I dont want to be forced to do it though for every little thing that somebody thinks I need permission to run. If certain DRM can be applied to the linux kernal that make computing safer (and by that I mean actually safer, not MS safer or somebody else thinking their making me safer by imposing rules on me), then go right ahead.
Just make sure I can remove it should I wish.
"Enlightenment is your ego's biggest disappointment." --Yoginanda
Saying "you can't develop DRM for linux!" is like saying "you can't use this software in a government that sponsors or is involved with the oppression of human rights" .. it's a free operating system.. what are you going to do? Not sell it to them?
;)
This isn't exactly new either, as I recall, IBM's thinkpads which had linux pre-installed had a macrovision.o kernel module
I've taken this position from day 1 (as soon as I was able to comprehend it)
Linux needs some DRM infrastructure, though it's use is to be discouraged. It is not tech's place to play politics. Linux will need DRM to be used everywhere, as it can today as soon as MS makes it availible for the studios to use.
I stand behind Linus here.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
It's hard to argue with that logic, especially when you step back and take a look at why Linux was so wildly successful over the past three years.
Isn't this the point of the GPL, to give others the same rights?
And since I can imaging signing binaries myself, I don't feel that I can disallow anybody else doing so.
If the GPL is all about freedom, it's also about freedom of what you can do with it (ok you can't include it in close source software without releasing that source, but that's to protect it from being non-free).
If some third party wants to take the kernel source and add DRM to it, they are free to do so. I'm also free to not use their kernel and keep compiling my own from Linus' tree.
Linus does have a point.
After reading such blasphemous utterings, I propose we de-canonize St. Linus, the Farseer, and henceforth refer to him as "Linus, that puny piece of RIAA excrement".
My favorite kind of story: it may not be true, but it should be.
Lacking <sarcasm> tags,
Maybe not now, but later.
Look, you put out a set-top media box running embedded Linux. Assuming it is the multimedia grail (online video/audio playback & capture) it will do more than GPL/opensource codecs. It will NEED to handle WMAs and other proprietary formats that may include a time-locked DRM.
Do I like blanket DRM? No, I want to be able to make backups of my DVDs, CDs, and other purchased materials.
What I don't have a problem with is a box that will D/L the movie I want to watch and store it for a max of 48 hours in a "digital Blockbuster" scenario. And that will eventually happen as digital cable set-top boxes will include hard drives for local caching and they will require DRM on that hardware.
Same thing goes for more and more Point of Sale stations. Signed binary data will be more and more necessary. I'm waiting for the day software compares my signature with the one stored on the credit card's chip. And I'm all for it.
I'll be honest; I want them to be able to choose linux. The other option is that everything becomes Windows. Do you really want every credit card terminal, ATM and terminal to be Windows because it is the only thing that supports DRM?
I've been on slashdot so long I'm starting to get out of touch with the cool stuff if it ain't on slashdot.
Signing the Kernel sources or even the Binary...No problem....
Making the Kernel Compliant so that it will refuse to let certain media types run because the OS/System doesn't have the secret key to that media type...NOT OK...
The Preblem is in the furture inorder for some media types to run in the future to run public/private key stuff is going to hace to happen...however how can that happen in an OS kernel whose source code is public...the private key is then exposed to the world, which the media people who want this crap will never stand for...it could be wrapped up in a shared lib...but that violates everything OSS stands for...
DRM for the kernel to run on hardware which requires a signed binary is OK, I suppose although how do you control that since if I complie up my own kernel I need to sign it somehow to get it to run on my protected hardware, which means I have the ability to sign any binary to make it run on protected hardware...including a virus...and also I don't see myself spending 100's to 1000's of dollars to aquire the right to make binaries that run on my own computer....which is really where this discussion ultimately heads...
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Then I give away as freeware (but not open sourced or GPLed) some non-trivial app that requires the IBM version of the kernel. Boom...I get lots of users, a perf advantage courtesy of IBM DRM, crush my competitors and finally get a chance to try to fight the OS/2 vs Windows wars.
No-one commenting so far seems to have a clue what this is all about, so here goes.
Imagine someone builds hardware that will only run binaries signed by the manufacturer (current example: X-box, future examples: who knows)
Now imagine someone makes a version of Linux with functionality limited in some way -- think DRM, and gets that version signed by the hardware manufacturer so that it will run on the controlled hardware.
Now, as a user of that version of Linux, you have all your GPL rights to obtain, modify, and redistribute the source. But, since only the exact original signed binary will actually run on the hardware, those rights are (arguably) worthless.
Linus is saying that this is permissible, or at least that it is not his job to try to prevent it.
Now at least the flames can be on-topic...
I really don't see the point of changing the GPL to disallow DRM. DRM itself is not evil. Only when you use it im properly is it evil. I the community used DRM to load the kernel then the OS would be even more secure.
Ahh.. The mind what a wonderful trap!
A witty saying proves nothing.
Schrodinger's cat is either dead or really pissed off...
You don't want morals? You don't want politics?
Don't use the GPL
Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto.
And, apparantly, Linus's refusal to go off the deep end on zealotry means that he's "wimped out". Got it.
It must be nice to view the world in black and white... so easy, so simple... so naive and foolish.
Linus is making the right call here... there are valid reasons for DRM-like policies. There are lots of invalid ones too. But if you want it to be free, then it needs to be free. Trying to contort the GPL or other free license to fit your world view is bullshit, and it undermines the entire point of the license.
Linus' post seems all well and good, except that if falls well short of decribing how a full DRM scheme would actuallly work. Perhaps Linus is just saying "let them try", as long as they follow certaing ground rules. However, the inconsistency in his statement is that he seems to imply that thinks that effective DRM is actually possible with his ground rules. I do not. As most readers here, I'm skeptical that effective DRM is possible, period. But DRM with open source, I seriously doubt it.
That just makes me want to click it more!
Is your sig talking about the window manager?
Schrodinger's cat is either dead or really pissed off...
> On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.
Perhaps what the world needs is more engineers and artists, and less flaming zealots. I think Linus has been, and still is, getting it just right. In fact, I think his statements above and the way he views this issue is 100% in the spirit of the GPL. The code is supposed to be free, remember? This includes free to be used in unspeakable ways, so long as the source is always included and freely redistributable. You can't claim freedom for only the ideals you like, that's tyranny.
Then again, IANAL.
And remember kids: Never trust a computer you can actually lift.
----"So don't get these two things confused - one is an external key that is applied _to_ the kernel (ok, and outside the license), and the other one is embedding a key _into_ the kernel (still ok, but the GPL requires that such a key has to be made available as "source" to the kernel)."---- at least if its done, the source will have to be made available, and with the source.. well i imagine that ways to remove it will pop up... and if its external, well then its time to go with an opensource counterpart that falls under the GPL, refuse to use any software otherwise!
Comment removed based on user account deletion
My feelings about this are that some people at distros or embedded market want to lock their hardware/software (as Microsoft made with Xbox) and has pushed on Linus to explicitely allow them to do this.
Only a thinking.
the other thing is the other DRM that the alliance of music, media and software industry wants to produce.. where every content is digitally signed.. where you can not change the operating system on your hardware anymore etc... this are extremly bad things for linux and free software... we have to stop this whereever we can.. or else in a few years we will not be able to do anything useful on linux anymore...
mond
whose hand is up RMS's ass?
Schrodinger's cat is either dead or really pissed off...
What a fucking moron. The parent post should be +5 funny, only /. users think 'funny' means 'bitches about MS / Windows'.
What about an Open Source implementation of DRM? :)
Ciryon
Today you can amplify speech so loud to blow out someones eardrums. Or raise the pitch electronically to break glass and cause destruction.
The same is true for DRM. Code written for DRM is like a magic word that can suddenly sew up the mouths and cut off the hands of other people. This prevents them from ever speaking. Code regulates and forces behavior within that system to be a certain way. Spech does not.
Would voltaire protect someone from sewing shut his mouth with a few magic words?
Lets think for a minute here people. Someone else in a lower thread remarked that DRM was aimed at the "95% of windows users on the net". DRM is NOT a MS development effort. MS is just catering to the large amount of business's wanting it (RIAA, MPAA etc.). Linux tends to stay on a more anti-DRM ideal, whereas from MS's point of view, its strictly business. Their customers want it, so they'll provide it. Similarly, even though Linux developers may be ideologically opposed to DRM, they have no say in its implementation on Linux, since the liscense basically says, "do what you want". Don't blame MS for trying to make money in this case (other cases are exempt-DOJ for instance). It's what they do.
--rhad
Slashdot needs to interview Natalie Portman.
Or the whole xbox thing were only programs made/published by microsoft can be run. As I understand it this would not be possible under the GPL. Competition is good, just not x-box games that does not pay a MS tax. Free trade is good, just noot steel into the US. And by the way, we want to subsidize our air industry even though it is wrong.
Is this some kind of new precedent?
"Don't click through, it's reproduced below"
Apparently the Slashdot editors have changed their position on caching pages to prevent overload (the "Slashdot effect")
Will this be a permanent change, I wonder? And how did Michael get around those pesky US copyright laws? Did he actually wait for Linus's permission before duplicating his email?
If the checksum doesn't match, the binary changed, and the app won't run. Seems pretty sane.
Also, windows XP comes with "Driver Signing" which is basically an extortion bid to squeeze money from hardware suppliers (and perhaps to divert some of their cash from development of drivers for other OSes). Though fundamentally, it is not a bad idea to have some sort of check that the driver you just downloaded is in fact "blessed" by the manufacturer, if only for warranty purposes.
Checking checksums or signatures even does NOT equal DRM. As Linus said, this is something you can choose to use. Root gets a say in it (though in corporate environments it might still suck if you're not root).
DRM is not meant to be optional, it is meant to enforce license conditions ('rights'). Not security. Not integrity. Not trust. Making the possible impossible based not on security or convenience, but on a shrink-wrap license.
Checksums GOOD.
Signatures GOOD.
Digital Rights Management BAD.
It's NOT the same thing, folks.
SCO employee? Check out the bounty
Let the DRM flamewar begin. I hope Linus knows what he's doing. I'm still scratching over my head over him letting "I'll-sue-you" McVoy embed himself into the project.
I would agree with Linus' statement that there is nothing wrong with DRM. From a non-political point it makes since. Java allows signed applets, and webstart clients. This just provides the user with a way to determine if the code is okay or not. However I feel that if DRM is allowed to be implemented that M$ will skew us all forcing the hardware developers to only allow their signature. The idea is fine, and actually good, but the implementation will be like the US government. A good idea, but when money gets involved the jerks come out of the woodwork to skew everything. my $.02 -Shawn
Reluctantly, I think Linus is right.
The above scenario stinks, but the root evil is not what is done to Linux, but what is done to lock people in to the hardware. It ought to be legal to modify one's hardware, and if you can modify the hardware to accept binaries signed by you, for example, then the situation ceases to stink.
It is like people who write nearly-free software but restrict what kinds of task it can be used for. There are indeed many things wrong in the world, but only a few of them can be made better using software licensing conditions.
You're describing a black box situation. At this point Linux, *BSD and the other open sources are a sufficiently large base that we can now safely expect there to always be linux-friendly hardware.
Which means the only place this is an issue is a "black box" situation. So let's look at a hypothetical TiVo/XBox clone that runs Linux and has DRM. It won't do anything unless the DRM bit is active. It handles audio,video, plays games, does PVR, the whole shebang. *BUT* everything it touches has DRM on it.
This is not bad. Oh, it may not be your or mine cup of tea, but it's a perfectly valid implementation of Linux. If you don't like it, don't buy it. Or build one yourself without the DRM. While linux is free (as in beer) it's also free (as in speech). We don't have to like what other people say with it but we need to make sure we give them the opportunity to say something we don't like.
I've been on slashdot so long I'm starting to get out of touch with the cool stuff if it ain't on slashdot.
Well, duh... you check to see if the evil bit is set. I thought we had that all figured out now.
Davo -- Free speech, free software, AND free beer.
"I don't see any sane way to distinguish between "good" signers and "bad" signers." I move that signers are required to put a bit in the signature to identify it as good or bad. An "evil" bit if you will. We can even make an RFC for it.
Will I have to get my kernel signed before I'm allowed to boot it. Will it mean i will have to get an "approved" boot loader to stop "unapproved kernels" from being loaded.
Surely you can add this option to the kernel configuartor.
While Linus dosen't want to take a political stand on the issue (completly understandable, he's mearly protecting the sole reason for the existence of OSS) I think the GPL will clearly protect itself.
If you are required to publish the source of your work, even if you use DRM with linux, the source of that DRM must be released, which kinda cancels it out dosen't it? Making it pointless.
I'm not 100% sure on this, but putting DRM on anything GPL'd is a waste of time, cuz a DRM is only good if it's closed source.
Posting useless rant since 2003.
I know I'll be looking to uncheck the box that says DRM when I'm configuring new kernels to build in the future.
RMS is bitter about his inability to be at all relevant in the past few years.
Linus has been actively hacking, RMS has done nothing but blow hot air.
--
the strongest word is still the word "free"
YOU violate DCMA since you are explaining how to circumvert moderation system on Slashdot!
HE got burned and is making sure that people KNOW the consequences of non-free-OSS. While RMS is making sure this message gets across, Linux has the luxury of being able to get on with the job he is best able to persue: the "Linux Engineer".
RMS is better at the evalgelising partly because he is willing to suffer for his beliefs and he has personal, exasperating contact with the pitfalls of what he rails against. Both of these make him well suited to the "Saint GPL" role.
Otherwise, getting rid of a dissenting voice such as RMS means that we should get rid of the voices on the other side: the ones INSISTING on DRM. Fairs' fair.
I may disagree with your attempts to silence me, but I will defend to the death your right to do so.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
...if someone wants to write a kernel module that doesn't allow any media files to be played unless they are encrypted with your public key (forcing you to give your private key out to anyone you want to be able to play that media file), and alters their system so that no other software can access the memory space the player and media files are being run through, so you can't obtain a non-encrypted copy, and alters the player, so it only runs on a signed kernel, THE GPL DOESN'T ENTER INTO IT, so therefore THERE AIN'T SHIT YOU CAN DO TO STOP IT.
That said, you could exercise the brain bendingly easy task of NOT BUYING whatever gets produced like this. If it's that important to you, why do you care if it means you can't see The Matrix Reloaded, or whatever? You're preserving your principles. I don't buy music or download music at all, because I find the RIAA, it's member organizations, and the music business in general, to be revolting. I have no illusions that my "boycott" will change a damn thing, but I'm not contributing to their crap, and that's enough for me.
OK, I agree with what Linus is saying here - he is just a codehead and is not going to tell you what you can or can not put in your build. Cool, but we are still just talking about the technology.
The problem today is not the technology -- "IT IS THE LAW, STUPID!"
If Microsoft puts some crazy stupid DRM in the next version of Windows, it might be the final straw to get something else to the desktop (be it Mac OS X, FreeBSD, Linux, or something else). As long as people have the freedom of choice, M$ can only go so far before they loose the customer base.
The problem is the DCMA and the baby-DCMAs popping up at the state level. If the government makes DRM *MANDATORY*, you loose your choice. I can very easily see the RIAA and MPAA requiring that all OS's require DRM in the very near future. Think about it.
Ah, but do they really? I don't think there's anything in the GPL stipulating that an end user cannot modify a compiled binary. Why couldn't you just put a big static array of zeros in the code, and supply a secondary (closed source) program which overwrites those zeros with an actual key? You couldn't distribute pre-keyed binaries (since they wouldn't correspond to the source) but you can allow the end user to run a quick command to insert the keys into the binary him/herself.
You'd just make it a part of the installation process, like installing the boot loader. 1) Install kernel 2) Twiddle some bits in kernel 3) Install bootloader.
It seems like there would be no GPL violation since the binary you distributed was directly compiled from the source you distributed; the user just happened to run a command which overwrote a portion of that binary.
Especially in light of the fact that history generally looks more kindly on Einstein than on von Braun and Opennheimer.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
maybe it wasn't very funny then. and i don't believe you anyway.
...
... 4 ... 3 ...2...1..."
RMS: "Noooo!!! don't trust Linus!! he's a heretic!!"
Slashdrones: "RMS is crazy! RMS is crazy!"
RMS: "NOOOOOO!!! [robot voice] autodestruction activated... 5
I also reply below your current threshold.
The first time you get your nice new computer home, and install Linux on it, recompile the kernel to your own needs, and then realize that since your new , custom kernel isn't isn't signed by an authorized OS vendor, you can now no longer use half the features on your new system.. and then realize that you're just going to have to use whatever signed binary comes on your redhat cd and that you can never customize your kernel again...
Will you then be singing praises to how wonderful Linus's apolitical stance is still?
>>Don't use the GPL
>Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto
Umm, no. (not A ==> not B) is equivalent to (B==>A), not to (A==>B). If you use the GPL, morals and politics are attached, but nobody said having morals means you have to use the GPL.
Burn him!!! Burn the witch!!!!
But seriously. Options, even the sometimes-unpleasant ones, are always GOOD.
*Fortitudo, aequitas, fidelitas.*
Syncopants. Strange how a little twist of context can change minds so completely. Good grief, let them have some fundamental ideas of their own one way or another.
It's no wonder politicians and corporations have their way most of the time. People choose to act like livestock and then become surprised when the farmers show up and take over.
The world is a strange place. And like this sudden love for DRM shows, it gets stranger every day. I'm hoping Linus will post a message saying "Ha, just kidding to see which of you are numbskulls!"
Well I don't see why anyone shouldn't be allowed to do this. I also don't see why anyone would want to use this under the GPL. One would think if someone didn't want people to tinker with something they made they would release it under a different liscense.
If used in any OSS projects I'm quite sure it would kill the popularity/success of said project very effectively.
-Derick
Making the Kernel Compliant so that it will refuse to let certain media types run because the OS/System doesn't have the secret key to that media type...NOT OK...
Lack of a secret key is what prevents you from viewing the data. It's not the kernel's decision. Without the secret key the kernel couldn't let you view it whether it wanted to or not.
Remember DVDs? Remember CSS? Linux as it is right now has absolutely no dealing with DRM of any type. Lack of CSS means you have a lack of watching DVDs. The kernel's not going to bitchslap you for trying though. You'll try, and fail, because you don't have the secret key.
Linus' message was not about including DRM in Linux. It was about not preventing DRM.
There's a difference there. Go think about that for a bit.
That's worked super with Stallman.
It must be nice to view the world in black and white... so easy, so simple... so naive and foolish.
You're either with us, or you're with the terrorists.
Since I've already replied to three messages this way, and a lot of people seem to be missing the point ...
Okay. First of all, DRM is NOT synonymous with "digital copyright protection", okay?
Second. Linus is NOT saying "DRM is good" or "copyright protection is the shiznit". He in fact says in the message that a lot of uses for DRM he doesn't like.
Third. An example of what this article is actually talking about is cryptographically signing a regular, run of the mill built-by-Linus kernel image, somehow providing the signature along with the image at boot, and refusing to load it if the signature doesn't match. Since you don't modify the kernel itself, the GPL has no scope here, so it's obviously not prohibited under the terms of the GPL.
Fourth. This does NOT allow magically modifying the kernel image, nor does it allow magically allow copyright protection in the kernel, nor does it allow hiding private keys in the kernel, etc.
READ THE ARTICLE. Turn off your Slashdot "omg wtf it says drm so it's bad, lol" meme. Linus is not selling your souls to Jack Valenti here.
Really, it's irrelevant if you must know,
an unbreakable DRM the RIAA will never show.
For every time they try to imprison freedom,
some damn smart software engineer will beat em!
Words to men, as air to birds.
as long as we can delete it. As i imagine most distributions will.
sulli
RTFJ.
The kernel and initrd on the DirectTivo are signed, and the boot ROM will only load a signed kernel. (The initrd checks the root partition for modifications.)
They do this because you can get DirectTV without paying by tweaking the software. (They currently do not do this in their standalone units.)
...at least *nix is God's OS-of-choice.
And the manuscript you mentioned was surely edited in Emacs.
"First lesson," Jon said. "Stick them with the pointy end."
Imagine the following:
1) Someone makes a BIOS that will only boot a signed kernel, where the person with the BIOS password gets to pick which signatures are valid.
2) My company buys a bunch of workstations with this BIOS.
3) Our IT guys build a kernel that's tweaked for our company. They sign the kernel, and set the BIOS to only boot kernels with their signature.
This is wonderful. It means folks can deploy Linux within an organization without having to worry about umpteen zillion different kernels being installed by the workers. It means you can deploy at a university in such a way that students can't make their own boot floppies to get by the access controls on your public machines. It's a Good Thing.
Now, imagine this:
4) A set-top box designer uses this BIOS.
5) They set the BIOS to only boot kernels with their own signature, and don't give the BIOS password to people who buy the set-top boxes.
6) They refuse to sign any kernels that anyone else makes, and refuse to sign any kernels with dynamic module loading turned on.
This, I think, actually violates the GPL. They're distributing a Linux binary, and they're not giving you any way at all to modify it. You can't tweak the kernel you run on your own hardware that you bought with your own money. I think this would only comply with the GPL if you could boot your own signed kernels that the system would use. The fixed signature ends up being an important part of the running binary, and you're not given the "source code" you need to compile that part of the binary.
So, I think some uses of signature do not fall outside the scope of the GPL.
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private keys in the binary. You can sign the binary that is a result of the build process, but you can _not_ make a binary that is aware of certain keys without making those keys public - because those keys will obviously have been part of the kernel build itself.
I'm not so sure about this. I could create a GPL program that includes a "dummy" key in the source and then use a (GPL) hex editor to embed the real key into the binary. I don't see how this would violate the license. (Documents created with OpenOffice, for example, aren't automatically covered by the GPL.)
And what about binary only modules?
(Not that I disagree with Linus' larger point.)
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Comment removed based on user account deletion
DRM Should not be entered to just prevent the option for abuse.
Yeah, I think we all made that connection. That was pretty much the entire fucking point. In fact, I think Linus actually paraphrased that in his post.
And I reiterate, WHO MODS THIS SHIT UP?????
...how DRM ever actually *CAN* be integrated into Linux in a useful and reliable way. Any kind of code-signing / authentication mechanism will ultimately depend on a signed kernel, and since you have the kernel source you can do whatever you like with it, including spoofing the "Yes, we're running DRM" responses. Even if it comes down to a hardware chip, the kernel will still be perfectly capable of intercepting calls to this chip and spoofing a "Yes, we're running DRM" reply. If the DRM-protected content is dependant upon mechanisms implemented on the client in order to restrict usage, then having total, source-level control over those mechanisms completely negates the security they provide.
Maybe I've missed something here, but client-side security never works in the end. And in the case of DRM-on-linux, I don't see how it can even get off the ground....
Well, there's a big difference between allowing people to digitally sign binary builds of the kernel, and actually supporting DRM directly.
Personally, it seems almost irrational to want to keep people from signing copies of the kernel. It's almost a free speech issue, people should be able to sign whatever the hell they want.
I think the real issue is restrictions people place on others, the TCPA/Pallidum DRM systems of which code signing is only a small part. I think I would hate to see Pallidum style 'locks' on the runtime environment in the 'official' version of the Linux kernel. If that does happen, I'm sure it will fork like mad, though.
I guess what Linus is saying is that if some companies want to make locked up, DRM'd systems using the Linux kernel, it's OK with him.
autopr0n is like, down and stuff.
"In short, it's perfectly ok to sign a kernel image - I do it myself indirectly every day through the kernel.org, as kernel.org will sign the tar-balls I upload to make sure people can at least verify that they came that way. Doing the same thing on the binary is no different: signing a binary is a perfectly fine way to show the world that you're the one behind it, and that _you_ trust it.
"
hah i'd rather have md5 checksums on kernel.org.
Sorry Linus, i don't agree on this one. DRM is a wicked technology. The fact microsoft calls its own version RMS gave me some thoughts. The fact that when installing Windows XP according the book, will result in a system which cannot play 5 of the most popular multimedia formats commonly used on the Internet. mp3 is i think the most well known.
The reason we install Linux on our PC, is mainly cause it gives us our freedom back. Not all of us might realize that immediatly, but thats exactly how freedom is experienced.
If i understand from your posting that its ok to have a signed vmlinuz binary and modules, and if that also means that the DRM stuff will fail if i recompile my kernel from source, i think you are just plain wrong. Sorry Linus. If only a binary vmlinuz kernel can be signed and distributed, and is the only way to authenticate with a Rights Managements Server, then we have ourselves a dead duck. End of open source.
Robert
You may not know this, but in kde 3.1 the kde developers added a beta DRM system to stop you from doing certain things like launching unauthorized programs, reading certain programs or changing certain settings.
In the 3.2 release the DRM framework will be complete, and will be a tool released so the restrictions can be easily mandated by the administrator.
So if you want freedom, run twm @ 640x480!
Comment removed based on user account deletion
You almost got it, but the 100% correct spelling is "GNU/hippies"
So I'm a pervert. Welcome to the Internet.
It's nice to see that Linus has his priorities in the right place. Too bad others can't follow his example. *cough* SCO *cough*
Let's not misinterpret SCO's actions.
They're claiming that IBM took some of their licensed software and, in violation of the license, purported to sublicense rights they didn't have under the GPL.
Unlike the original UNIX (System N), whose proprietary status may be problematic, SVRn was carefully re-implemented under well-defined IP law. (In fact, some believe that was the whole POINT of SVRn.) It is NOT public unless its owner MAKES it public. Right now its owner is SCO.
If there really is proprietary code circulating with GPL copyleft attached, it needs to be identified, purged, and replaced - or otherwise made free.
For instance: IBM might counter-sue and the court might find that SCO had incorporated GPLed code with functionality of comparable value, and as part of the decision make the leaked SCO code public. (Courts DO like to upset the status-quo as little as possible if it can be done equitably.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Seriously. Apple *could've* just taken the code and run with it (and, er, NeXT did, didn't they?), but they didn't; they founded Darwin. Why? Because it's a movement. Same goes for the vendors savvy enough to submit code to XFree86.
It is _plain obvious_ from the Palladium specs that Microsoft is going to use it to shut down competition.
Each of the arguments used to pretend that DRM won't be used in an anticoncurrential way could have been used some years ago to pretend that file formats wouldn't be useds in such a way.
War doesn't prove who's right, just who's left.
Looks like some overzealous Linux advocate needed his belly rubbed today. Sorry I hit too close to the mark.
It isn't the tool, it is the job.
When your job is adding 5+3, MS calculator works just fine.
When your job is making sure everyone else can add 5+3 for now and in the future, and allow them all the freedom to modify that program (ie octal), then may MS Calculator isn't the write tool for the job.
I'll just use the DRM free kernels, thank you very much.
1984 is NOT an option..
Nothing is truely good nor bad, but thinking makes it so.
- tristan
It will start innocently enough with one of the major PC manufacturers coming out with an extremely inexpensive PC. This PC will be bear three things. The first will be that this PC will have superior performance to any machine currently available. The second will be that it will have a DRM enable operating system that is much better than its predecessor (both performance and stability). The final item will be that the hardware will be DRM enabled and will be more advanced than anything currently available.
The hordes will eat this machine up and it will become the most popular system out there. They will love it and see nothing wrong with it. It will run just like their old machine only faster and more stable. It will run their old software and new DRM enable software transparently. The difference is that the DRM software will be copy protected and the users will be almost guaranteed to pay for it. The majority of people will not notice since most people pay for their software anyway. The hordes will drive the market to a DRM enabled system, the ultimate lock-in.
On the other side of the fence, the 'free alternatives' will be not be able to get the new hardware to work with their 'Free alternative'. They will boycott the manufacturers, but their boycott will not change things. They will not see the market for non-DRM enabled hardware and will, most likely, be locked into DRM for fear of being excluded from the much larger DRM market. Eventually, the 'free alternative' will only work on older hardware with older software. The 'free alternative' will not be able to run the latest and greatest DRM enabled software or media.
The free alternative will eventually die off due to the fact that it can't run the latest and greatest hardware and software.
It's coming to a neighborhood near you...sooner than you think.
-"The early bird catches the worm, but the late bird sleeps the most"
#It's fun to play with the D.M.C.A.#
#D.M.C.A#...
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Windows driver signing IS part of DRM -- WMP can disable features like loopback if you sound card driver is not signed.
However, as a practical consideration, this affects almost no users, so who cares.
OOG the Caveman says Digital Rights Management BAD.
Stop thinking in terms of your worthless MP3 hoard -- crypto verification has a huge application in "trusted computing". Linux advocates will be kicking themselves if Microsoft gets all the big government and corporate contracts due to having a superior security infrastructure.
I think a lot of people here are reading too much into Linus's statement "On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals." I do not believe that Linus is (a) making any reference to RMS position on DRM; or (b) suggesting that this is an issue over which they have a difference of opinion, just that he is saying he is infavour of _not_ letting ideals get in the way of his engineering.
Further, RMS must support rights management, since the GPL is a rights (or lefts) based device. That the management of rights over the digital domain should be excluded from the principle seems counterintuitive to me. Even when one acknowledges that Digital Right Managment is such a misleading name for the idea, Digitial Freedom Restrictions would be much better, RMS still has to be in favour (perhaps not, because I am sure he would recognise the pain of the implementation) since the GPL effectively restricts ones freedom to use GPLed stuff as one pleases.
This is why I disagree with him (RMS). Copyleft still relies on the existence of property in ideas (or the manifestation of those ideas, the "output of intellect" as I like to call it) and it is the existence of property in these things that is broken (IMHO) where there is no property the vendor of the thing is perfectly entitled to do what they like to DRM their thing, but they are subject to the normal vagaries of competition law and that will become an increasingly powerful (despite the recent microsoft case) avenue as industry consolidations increase. But by the same token the punter is entitled to do what they like with what they are given when they make the purchase and no amount of fannying about with "license" based restrictions will do any good (when there is no propoerty that is).
From my perspective there is only one valid
"The first thing to do when you find yourself in a hole is stop digging."
I read a lot of folks on here praising Linus and slamming RMS. Why? Linus is saying that the GPL should not be modified to prevent certain uses of the software.
The most adamant supporter of this position is RMS! That's the first and most important freedom of Free software! The freedom to use software for any purpose.
Here's a critique by RMS on a license that prevents certain unethical uses. RMS clearly states that it is not a free software license, even though he agrees with the principles.
Any license that prevented DRM usage would also not be a free software license.
Any license that prevented modification that added DRM would not be a free software license.
So Linus tries to distance himself from RMS.. yet is in complete agreement.
Do we listen more closely to Linus because he puts smileys in his emails or what? Personally I'm going to listen to both RMS and Linus. When it comes to "software ethics" I'll listen to RMS, and when it comes to "kernel locking semantics" and other stuff, I'll listen to Linus.
Nice one Linus, drag in the hated figure of RMS to rally the troops around to support your position and make sure that this becomes a personality grudge-fest instead of a discussion about the principles involved.
Easy steps to win an argument in the GNU/Linux community:
Who gives a rat's ass what RMS says about your ideals. The question is what are your ideals? The continued existence of GNU/Linux above all other things?
OK, so how do you justify that? Just stating your position doesn't justify it.
That's a dishonest position: when you do anything you impose your moral values on other people. The decision to not "impose your moral values" is in itself an imposition of your moral values on me. Everything we do and don't do has an effect on everyone around us. Specifically allowing the spread of DRM into GNU/Linux allows the propagation of content which has none of the fair use rights that content has had in the past in other media. Your decision not to oppose this (which it is your right to make blah blah etc) is a decision to allow something which you "don't agree with" to occur. You've made a choice with concrete effects in the real world.
Then don't make political pronouncements on political matters and pretend that you're not doing that.
Reply to oncoming flames: no, I can't code to a hundredth fraction of Linus.
Hey, how do you get root on a DRM machine ? You can't, by definition of DRM.
Instead, there's a remote server which is root for you.
Now go watch your DRM movie instead of thinking about politics (which is forbidden anyway).
War doesn't prove who's right, just who's left.
- Stop doing business with a programmer who works against your interest.
- Shop around for whatever programmers you want, based on price, quality, or
whatever.
- Recover from a programmer getting run over a bus or going out of business
or "reprioritizing their corporate strategies" or something like that. When
you run GPLed software, you don't have to worry
about being "orphaned" anymore, as long as you are willing to put in the time
and effort and expense to do something about it. (I have to say that as an
ex-Amiga user and a former OS/2 user, I am very sensitive to and
grateful for how the GPL solves
this problem. Think about what happens to the user of "dead" products. It
really, really sucks, and you don't want it to happen to you.)
This gives users a strong incentive to choose GPLed software. GPLed software is worth more than software that can't be maintained or supported. I am not speaking as an ivory-tower theoretical religeous "zealot" -- I'm speaking from real-life experience directly derived from has happened to me when software that I used, rotted. This is real and it matters.But binaries that can't be loaded without the right signature, take all that away. The main advantages of Free Software -- from a user's point of view -- are nullified by it. If your computer's BIOS won't load your OS because the signature is wrong, it's no different than not being able to build the software at all, due to it being linked against a proprietary library or due to you not having the include file that contains the define for a secret key, or due to you not having the source to anything. You can't maintain the software that you use. It might as well be proprietary software -- it's no different to you.
Linus isn't thinking in these terms, and Linux is his baby, so while it may make sense for me to talk about the purpose of the GPL in general, it is of course wrong for me to talk about the purpose of Linux's license specifically (even though that license happens to be the GPL). Apparently Linus didn't choose the GPL because he thought it was perfect, but because he thought it was best, or good enough or something. And as a developer he still gets the advantages of "open source" even though the users of his work are apparently destined to lose the advantages of "free software." (I guess this paragraph isn't saying anything that everyone doesn't already know; I'm just acknowledging the difference between Linus' values and many Linux users' values.) It makes me wonder: why didn't Linus choose the BSD license instead? It seems that it would serve his interests just as well.
(Well, I'm off to vacation. No more arrogant noise outta me for about a week -- well, at least not here on Slashdot. See ya.)
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Cat got your tongue? (something important seems to be missing from your comment ... like the substance or any point!)
Free as in.....? Last I checked, he doesn't care if it's free as in beer or free as in balls as long as it's free as in speech. And "free as in speech" pretty much means open source.
The problem is the DCMA and the baby-DCMAs popping up at the state level.
Your problem is you think the DCMA is some kind of world law.
If the government makes DRM *MANDATORY*, you loose your choice.
So false. "The government"?! How USA-ian of you. If your government makes DRM *mandatory*, I feel sorry for you. How does this have anything to do with Linux, Linus, or DRM?
I can very easily see the RIAA and MPAA requiring that all OS's require DRM in the very near future. Think about it.
Here's something for you to think about. Some OS's do not originate and are not bound by USA law. Like, oh, the LINUX SOURCE TREE, for example. Not to mention OpenBSD. As USA law gets tighter, you'll see source hosted and possibly built outside the USA more and more often. It already is. There will always be a country that does not conform to USA law. It's then your choice as a USA-ian to break your country's laws by importing it. The choice will remain yours.
I mean come on, last thing I want to do is support DRM on my linux machine. Even if it can be compiled without DRM, the chance for abuse would still be to great, and if I didn;t have DRM install then my software choices would be limited. IF this would to ever happen this would be the same time I revoke linux and run another Operating System.
DRM is like the discussion on gun control. (Guns don't kill people, people kill people.) And putting a nice fat elk on the dinner table is always a good thing for us meat eaters. DRM is the same way -- Linus is talking (in my opinion) about a useful purpose for something (that in the wrong hands) can cause a lot of damage.
(+1 Funny) only if I laugh out loud.
If a vendor implements DRM in a Linux kernel so that the kernel only allows signed executables to run, that's relatively easy to work around.
What is scarier is what TiVo did on their Series 2 machines, which is similar to how Microsoft locked down the XBox. The TiVo will only boot if the kernel and startup scripts match a signature in its ROM. In effect, you can't compile your own kernel to run on the TiVo or change the startup scripts, even though TiVo publishes its kernel source code.
The TiVo was harder to crack, but eventually someone figured it out.
It is entirely possible to violate the spirit of the GPL using DRM.
The GPL requires you to give out sources to the kernel, but it doesn't limit what you can _do_ with the kernel. On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.
Linus sure knows how to play you guys like a violin!
Linus says the GPL doesn't limit what you can do with the kernel. Which is true. Linus is simply underscoring what the GPL already says. Then in the next sentence he contrasts himself with RMS. But RMS WROTE THE GPL. RMS is the one that pushed the idea that a license should not limit what you can do with the software.
Why did he even put those two sentences together? Nothing about the license on the kernel has anything to do with what RMS said about Linus..?
[ Personally, I see it as a virtue - trying to make the world a slightly better place _without_ trying to impose your moral values on other people. You do whatever the h*ll rings your bell, I'm just an engineer who wants to make the best OS possible. ]
Aww, shucks, Linus is just a little ol' engineer, he doesn't care about moral values and all that stuff. Not like that nasty man with the beard over there.
I think Linus should run for office. He can repeat what RMS has already said many times (DRM bad, but licenses should not limit use), yet appear to be taking a completely opposite viewpoint.
And slashdot laps it up like mother's milk.
> I refuse to play politics with Linux, and I think
> you can use Linux for whatever you want to - which
> very much includes things I don't necessarily
> personally approve of.
Damn straight!
Did anyone else notice that Linux DRM is very much opt-in? You may not be able to read signed documents or listen to signed mp3's, but the world's functioned without up until this point just fine. If you don't like DRM, recompile the kernel with DRM removed.
- Cloud
Linus lives in the US.
Just because it CAN be done, doesn't mean it should!
I think Linux forgot, when most people talk of Linux they mean not the Kernel but distributions like Red Hat, SuSE, or Mandrake. I think Linus is mistaking that the argument has to do with the Kernel. The Linux Kernel would be able to support DRM technology as Linus pointed out, but Linux distributions would have no way of distributing Linux DRM technology.
DRM products are closed source programs, which can't be reversed engineering because there protected by the DMCA. DRM will effectively lock out Linux distributions from all future media and could destroy the Linux market.
Don't use the GPL
Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto.
Woah. Time to retake logic 101. Let me rewrite this one for you in terms that you're maybe more familiar with:
"You don't want wheels on your vehicle? Then what are you doing on a skateboard?"
"Duh, you're really stupid thinking that only skateboards have wheels!".
I don't disagree with your point on DRM, but getting that bit so wrong then following it up with some "duh, you're so naive" putdowns really makes you look like a schmuck.
23:36 24/4/2546
...)
... then".
DRM (digital rights managment), not possible, good luck.
software creative. "artists" sign their work. (i like to think i'm one, but i don't sign. if it's pretty, they know
"go-WORK" software job, boring.
this software is one for WORKERS. if it crashes, they just go to insurrance, they pay, (insurrance)
put up their fees. everyone gets richer (and fatter) doing nothing, besides crashing.
AND you can hire more people.
who cares. it's a job using windows.
its not creative, or just like a fish in an aquarium can be creative.
restrict so what. it's the tip of lazy-ness.
i thought they invented the computer to free their minds and be able to dream-invent-be-creative.
SUM: 10 years have past. where is "pay-os" where is "free-os"? No kidding.
"pay-os" is installed in 99.9% of all "offices", you know the shitty job ones. and on boring peoples
computers. you know the ones that watch soaps and don't know how to program there videos. don't mess
with thess people. it's just something they HAVE (car, table, fridge, dog, children).
"free-os" is installed somewhere in tachyon world. it' just ahead of everything.
by the way it gets worse: some people just use. they don't understand why and how stuff works.
how does a airplane work (who cares as long as i can brag i was in tahiti
how does a videorecorder work (. etc.
by the way: people move in groups, so they can talk non-sense and make dumb comments to lonely paser-bys.
they are actually in a system which is worse then any OS imagniable because it's running on gray matter.
so if "micro-u-know" wants to open a pig-farm, this is not my problem. i like pigs (e.g. bacon).
i noticed i can't like everyone, because people can chose to be the way they are.
as long as this isn't going to the chip (intel, amd, nec, motorola, ibm, etc.) it's "if
"so you want to restrict my "if-thens"? good luck.
the creative win (they actaully DO something NEW under the sun, WOAH! it's NEW in this solar-system).
and if they gobbel that (chip) up too, then someone will invent a new one (chip). see history.
oh and yeah don't forget: the average human life span is 80 years. alot of things get forgoten.
encluding 'restrictschens' ; )
i was afraid of totaliterisim, but alot of bad people just died (they tend to develop cancer), so now it's
up to us, and if mister "i-can-control-everything:[execpt]" dies who know what our kids will do?
i shouldn't post, i know it's blah.
How much of this really matters? What does the kernel itself have to do with DRM stuff? Isn't most of the 'rights stealing' effect of DRM going to be found in userland tools? If the kernel passes some sort of blessing on a document or program, isn't it still up to the userland stuff to use/ignore it as is appropriate?
Further, why should anyone expect a 'pure' DRM implementation in the kernel? Shouldn't it be configurable so that you can be 'pure', totally ignore it (ie, don't compile it in at all), but have some middle ground that fakes out the binary bits of DRM software, while really giving all the power and control to the user?
I'm sorry, but this all seems to be much ado about nothing, given the Open nature of the linux kernel. Either that, or I'm a total feeb who has 100% missed the point; this is a distinct possibility.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
... if one of the leaders of OS community admits to be Oppenheimer should Bill Gates admit being a Cllosedheimer.
If enithin kan gow rong it whil. (Murfey)
---rhad
Slashdot needs to interview Natalie Portman.
On one particular thursday (no Vogons, though), I replace my /dev/dsp with an ordinary file and play the song. I don't hear anything, but I now have /dev/dsp as a decrypted copy of the song (in dsp format, which something-or-other can convert to ogg). If I need any ioctl statements, I can use strace.
I now play this song (in its ogg form) on wednesdays, oh the horror.
Ah, you say, but the sound driver will take input in an encrypted form, and the new dsp format will be useless! Not so. The decryption code for this new format must be available under the GPL! I just read through this code (which probably includes private RSA keys) and build my converter.
Now, this all takes technical skill, but it's potentially scriptable. And considering the number of highly talented hackers highly opposed to DRM, I bet it'll be scripted within 24 hours.
Free software can't do DRM, no matter who trusts it.
Sig:Why copyright isn't a fundamental human right
the guy got modded up to 5 by paraphrasing the previous post? quit sucking on the glass dick, give up your crack addition and use your mod points on posts that deserve it.
At least in the U.S., the cable-company owns the set-top box, so they don't have to give the source to any customers, because they're not __giving__ the kernel in the first place. They're just letting someone use their computer.
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
Let's say I want to operate karlandtanya's streaming radion station. You can play music but you can't copy it. I believe this is possible becasue I don't believe in the existence of analog recorders. Hardware is cheap, but commercial OSs are not. So I choose to use GNU/Linux for the OS.
I want to prevent you from copying the digital stream I send you. How do control functionality and still respect the fact that you have the right to hack GPL software?
I sell a subscription to my service. I give you the OS and software. The box (and its Fritz chip) remain mine, but you are allowed to use it as long as you are a subscriber. I threaten to sue you if I find out you've changed my hardware in any way.
The OS I give you is "karlandtanya's Orwellian GNU/Linux". The distro comes with a binary kernel that I've signed. I also give you sources for everything, including a key-response program (which is compiled into the kernel) and (just to show I'm sincere) the source for the server side of the system. But I don't give you my secret key.
You immediately untar the sources, recompile the kernel and install. You don't make any changes to the source or any configuration.
You boot the box I loaned you. The Fritz chip won't let it boot. My hardware can only be used to do what I want it to you. "That's fair.", you say. "I paid for the subscription, not the box."
Because you are very clever, you have another very similar box, but without the Fritz chip. You build and install all the packages in karlandtanya's Orwellian GNU/Linux on your hardware and boot it up.
Next, you log onto my site. The site initiates a secure handshake with the key-response program built into your kernel. But when you built your kernel, you did not use my secret key. So the binaries cannot verify against my server. The site denies you access.
Now comes the interesting part:
Now, you and 10,000 of your friends take me to court for GPL violation.
Plaintiff: "Since I cannot compile a working binary from the source you sent me, you did not release the source code. You are in violation of GPL. You must release the source, replace the OS with a non-GPL OS, or refund our money."
Defendant: "Yes, I did release the source code. And it works. I just didn't give you my secret key."
Plaintiff: "No, you did not release the source. Since I cannot build exactly the same binary that you sent me, part of the source must be missing."
Defendant: "Yes, I did release the source. The binaries you generated function exactly the same as the ones I gave you. Part of their function is to verify that they were created using the same secret key as the server they are trying to connect to."
Judge:...
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
At least he dissed RMS (caps to indicate a person, not Root Mean Squared).
Just taking the other side to promote discussion.
Linus' pet operating system would not even exist, and have a strong ethical footing supporting the "goodness" of that existance, were it not for RMS' philosophical views. While this does not represent a "debt", per se., decent people generally respond to kindness (yes, the GPL is an act of kindness), by reciprocating.
Uh...Linus does. Stallman and Co. handed him lots of code to use. In return, he did the same, and now "GNU/Linux" has the best kernel around.
OTOH, I don't think that Stallman should be trying to push his ideology on Linus any more than Linus should be trying to do so to Stallman. The difference is that Stallman tries to do exactly that with Linus, and Linus doesn't do so to Stallman.
May we never see th
He then founded Be Inc, made the BeOS, then sent that down the toilet.
"Internet Appliances". Ha.
It's interesting how the knee-jerk reaction to the letters "DRM" completely disappears with the input of Linus.
I'm curious ... Linus says that you can't put private keys in the binary ... but what about loadable modules? After all, non-open-source kernel modules are allowed anyway, so it seems like you can essentially get anything you want into the kernel already.
Or is there some reason why that's not relevant? (I admit, I don't really know exactly how DRM's supposed to work.)
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Obviously, no one can release a binary only version of the kenel because it violates the GPL. But what about a binary only kernel module that contains the said secret keys?
--
Mike
-- Mike wildcard@illuminatus.org
Gates: VERY BAD!
Gates is the worst of the worst. He's bad, and competently so.
Ellison: BAD!
I think Ellison is fine. Yes, he's arrogant, immature, and runs a big company with tight licenses...but he also spends his days having fun taking swipes at Gates. He wins because he's a lesser of two evils. If Gates weren't around, he'd probably be a bad guy.
McNealy: BAD!
Doesn't seem to be particularly bad or good, in my book. Some good things, some bad things.
Carly (HP): VERY BAD!
She's bad, but incompetently so. Reminds me of AOL execs -- sure, they fall into the bad category, but they're far less dangerous than their MS competitors, so I'll root for them just as the underdog.
IBM CEO: What day is it?
IBM's happening to be nice ATM, but...
Linus: See above
Linus is great.
ESR is great too...sorta like Linus. The emphasis is on engineering.
RMS is a jerk, but I suppose that you have to have an extremist to lead a movement.
May we never see th
One very bad consequence of allowing DRM-enabled, signed kernels could well be the willingness of people to disclose bugs.
Let's say that right now, I discovered a kernel bug, say a buffer overflow, that allowed a program to insert and execute arbitrary code in kernel space.
Because I have no interest in attacking other people's machines, I would have no incentive to keep that bug a secret. I would want it fixed.
However, things might be very different if I were dependent on a DRM-locked, signed Linux kernel. Such a bug would be a prized and valuable find -- it would provide a point of attack on the DRM scheme itself. If I can insert arbitrary code into the kernel, then I acquire the ability to patch the DRM kernel logic itself, and perhaps gain full access to my own machine.
Where is my incentive to reveal the bug, when the result will be that the bug is patched and I lose that capability?
Under a strict interpretation of the GPL, signed binaries would be illegal to distribute, unless you distribute the private key that you use to sign them (making the signatures worthless, obviously). Here's my reasoning.
... However, as a special exception, the source code distributed need not include anything that is normally distributed..." The source for this hash is the program that does the hashing and the signing (probably exempt by the second sentence) and of course the private key used to sign it.
Let's assume you're using a standard signing algorithm like RSA, which signs a hash of the message (the binary).
Such a hash is a derivative work -- it's created directly from the binary through a hash function. (This is the biggest stretch of the argument, but at least in a mathematical sense this is very accurate. Note that it is not simply a re-expression of the work, but really reassembly of the bits in the original copyrighted expression).
A signed hash is a derivative work of the hash of the binary, for the same reason.
Therefore, the signature has to be distributed under the terms of the GPL as well. That means that if you give it out, you need to give the source to it as well. The source code is defined in the GPL: "The source code for a work means the preferred form of the work for making modifications to it.
Of course, this is a little tongue-in-cheek. But I think it's important to remember the clause in the GPL that requires you to provide not just source code but all of your build tools. Imagine if you created a new wacky language extension to C, (like a new primitive called do_my_secret_stuff) then used that to compile a program and gave out only the source code in C_with_secret_stuff? Those clauses are in the GPL for a reason, so don't forget what "source" means!
One of Open Source's greatest strengths, and a reason I participate in it, contribute to it, etc even though I'm a dyed-in-the-wool Microsoft man, is that OS excels at making technology work for "good".
In other words, MP3 has serious licensing issues? OS creates Ogg Vorbis.
Microsoft not forthcoming about SMB? Samba in your face.
With DRM, palladium, etc OS can make a strength out of it... embed support for the crypto assist processor into the system, then have your P2P apps sign and encrypt transmissions... or have it do encryption of your email. I'm sure there are plenty of other uses.
As for code signing, here's another opportunity to take something that could be used in an "evil" way and make some good use out of it instead.
Natural != (nontoxic || beneficial)
That is not necessarily a bad position. But it is not something I believe in. And I think it is appalling that so many of you hail it like some kind of luminary vision.
Some of you might argue that engineers don't yield to power but to the laws of nature. But then why do engineers build cars that require oil? Why is there no manned mission to Mars? Because of politics. Because of power. The laws of nature have nothing to do with it.
Freedom comes in many guises. How free is a king? How free a hungry man? Freedom for the strong means anguish for the weak. But freedom for the weak is merely annoying for the strong. That is why I support the freedom of the weak, and oppose that which serves merely to increase the freedom of the strong.
Today, Linux became a little bit less fun.
Who does this fool think he is?
Digital rights management is just that -- digital rights management. It is designed to prevent me from making fair use of MY software, music, DVDs, whatever.
I think what Linus is talking about is an entirely different applications of essentially the same technology. He's talking about signing as being a good thing, so that we -- the users -- can verify, for example, that the latest kernel release was actually released by Linus, and not some poser. This is good and fine. If we want to be able to verify such things, we simply install the appropriate verifying software, with internalized or modularized support in the kernel; alternatively, we can add/remove that verifying feature from the source.
In other words, *we* have the option to have these things, which would allow us to verify that the latest kernel release was actually signed by Linus (doesn't GPG do this?)
However, DRM and digital signing can never work in a GPL'ed system unless the person controlling the computer wants them. You're welcome to put a DRM-scheme in any GPL'ed (say) CD-player, referring to an external closed key. I, however, if I don't like that, can remove that from the source, thus have the program not even request such a key. Likewise with signing. This does not mean that DRM and signing are useless on GNU/Linux. It just means that they can't* be imposed against the administrator's will. The administrator of the computer can still use them -- if (s)he wants -- to verify that updates are signed by individual's they trust. And they can still use them to ensure that ordinary users on those machines (if said machines are corporate) can't use them to violate copyright laws, which would create liability for the corporation. However, the administrator can also choose *not* to use them.
I also don't see how RMS is the counter-point in this case. RMS has had ample opportunities to include anti-commercial, antiÐadvertising, and patent-fighting terms into the GPL. He has refused. I e-mailed him asking about the Open Software License, which has a clause in it that would terminate the right of anyone to use that software if they brought a patent lawsuite against any other under an OSI-approved license with the same clause in it. I suggested he put such into the GPL to ward off patent lawsuites. He refused, stating that there was already something in the GPL preventing stealth patents from infecting GPL'ed programs.
I don't think it's enough, but his worry is that such a clause would make the GPL a EULA, regulating the user's actual *use* of the software. I also don't see anywhere where RMS or anyone else in the FSF has said that the GPL bans DRM and signing, nor that it should be modified to do so. As it happens, I think that such a clause should be included in the GPL, because patents are a major problem for ALL software developers. If developers had to do exhaustive patent searches before writing code, nothing would EVER be produced. I think, however, that anyone who wants such a clause can simply add it to the GPL in their own modified version of it.
* The worrysome case, however, is with things like requiring DRM by law, or by hardware code. There are nazi ideas floating around to make it legally required for all software to use DRM. This may not directly affect any FS/OSS projects, as they can simply move abroad. However, one should not understimate the power of multinational corporations to get the WTO to penalize nations that don't agree to the US' draconian IP laws. Furthermore, hardware initiatives like Palladium would prevent GNU/Linux from running on hardware at all.
social sciences can never use experience to verify their statemen
As i'm not one to just jump into the foray of "yes yes, praise the almighty Linus" there is only one valid reason I see use for DRM and that's the binary signing but as it was pointed out it depends on who's doing the signing. The functionality which makes most sense for DRM already exist in the application arena with checksums/md5sums/etcsums and I just don't see how having DRM in the kernel is really going to change much. Maybe, for local networks, private industry inhouse situations where security is end all, be all it'll allow for tighter integration (ie: with hardware) and one less security issue but I mean this is such a small niche that it becomes retarded, again it can be done with software, ids programs etc and it's not like you can't write a module to monitor file checksums etc. Really the same problem exist, who's signing what.
It seems a little redundant to me really and whenever Microsoft talks about DRM they are talking about media as in video, music etc. 90% of people don't check checksums now all of a sudden they are going to start checking who signs their binaries? So here are a couple of questions that remain.
Is DRM really protecting the consumer?
Who's going to sign my binaries? ie: Project maintainer? Microsoft? Redhat?
If Joe Q Hacker signs my binary what's to stop it from running? I mean in all reality Joe Q User isn't going to check that it's safe or even care.
Is this protecting me as the computer user?
Feel free to answer the questions or point me in the direction of some documentation but as of now I think DRM is pretty retarded and is just going to be more stuff I don't waste time compiling, all it does is add another level of exploitation that already exist, this is just spelling it out and making it easier to exploit platforms that use DRM. Also, correct me if i'm wrong.
What kind of life is that where you don't want ideals, morals and ethics to get in the way of your goals?
Luckily, you are completely irrational and also completely removed from reality. People want to make a lot of money, yet very few people won't get ideals, morals and ethics in their way and proceed to sell crack cocain or child pornography.
Goals are what keeps us running. They are an end, not the means to an end. Those have to be chosen in the context of moral, ethics and ideals. If you can't reach your goal under these constraints, your goal was bad.
I personally think Linux is wrong. You can't just put your head in the sand and hope nothing will happen. The least you have to do is be outspoken, and he does not do that enough. There are millions of people who would love to tell the world about the dangers of DRM and other mostly evil technologies. Linus is one of the very few people who also has the leverage, whose word counts enough to be heard. I find it repulsive that he does not use his power to promote his morals and ethics.
If he does not have any morals and ideals, I can live with that. In that case I would feel sorry for him. But having the ideals and not doing something to move the world closer to one's ideals, I find that unexcusable.
Oh, he does! Partly because of the 'using the right tool for the job' issue, but also because of the lack of credit the GNU Project receives in the 'GNU/Linux' issue (which is why RMS won't give speeches at LUG's that don't have GNU in their names, as an example).
Remembering RMS responding on the Stallman Factor:
Linux, the kernel, is often thought of as the flagship of free software, yet its current version is partially non-free. How did this happen? This problem, like the decision to use Bitkeeper, reflects the attitude of the original developer of Linux, a person who thinks that "technically better" is more important than freedom.Actually, I don't believe RMS is big on the whole Open Source "packaging" of the term Free Software - it says nothing about freedom - even though this was the breakthrough back in 1998 that got Free Software into most people's homes.
Personally, I believe RMS and the GNU Project deserve huge credit - without GNU, Linux wouldn't exist! Linux is "just" the kernel.
Out!
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
What the media content providers want to ensure is that you, the human being, can hear/see the content, without there being a way for you to actually copy it to allow others to hear/see that content, or even for you to hear/see it at some later time frame or more than a specified (e.g. paid for) number of times. Whether we agree with their right to do that or not, that is a general description of their goal (or at least for many of them).
No protection will be perfect, of course. If you can hear it, you can record it from a microphone. If you can see it, you can record it from a camera. But as we know from past articles on Slashdot and elsewhere, even these techniques of copying are targets of efforts to prevent recordability. If you succeed at such recording, perhaps at least these methods will have forced a degradation of quality in that recording (e.g. while working to strip out any watermarking, you also damage the quality).
What the content providers particularly loath, however, is the ability to have direct access to the content digitally. If you have that, you can copy that as is, and play it back at a different time or place or in front of a different audience or multiple times. The primary means of preventing this is encryption. But at some point it has to be decrypted. At that point you then find the content in the clear. One aspect of DRM is to deploy a "sealed box" wherein the decryption can take place, yet the user cannot get access to the clear content. Windows can potentially do this due to its closed and proprietary nature. It won't be perfect, but most people will not have any idea how to bypass DRM. There is the potential to distribute software to do it that anyone can use, but certainly we can expect DRM in cooperation with Windows itself to make it hard for unsigned (by Microsoft) software to have access at the level needed to get at the clear content. For example, Windows with DRM will probably refuse to allow you to install your own sound card driver since that is one place where the clear content will be going through.
Linux could certainly have DRM code integrated into it. But because it is open source, and you can build your own kernel, this is a much harder black box to implement. From the point of view of content providers, Linux is a hazardous environment (so is BSD).
Linux supports loading modules which might be available only in object form. There are such modules already available commercially, such as for certain video cards. Some of us love them (because the cards are awesome) or hate them (because the modules are buggy, perhaps with new kernel versions, and cause crashes that would otherwise not be the norm in Linux). But when it comes right down to it, we can add new code to the kernel to work around all the interfaces the module is using. For a device driver, the hard aspect will be seeing what it actually does with the device at the register level. But a DRM black box would be something quite different, since it would need to be able to use existing sound card or video/TV card drivers. That opens the potential to wedge a tap in between DRM and the drivers (or even replace the driver with your own), which Linux would allow and Windows would not so easily. And don't think the media content providers don't know this (they have been getting a lot of hard technical lessons the past few years).
But it can still be possible to have DRM with Linux. One approach is to put the DRM directly in the device driver. That would help, but wouldn't be perfect since other code can be present in the kernel to get cozy with what the DRM is doing. The big problem is getting all the device manufacturers to make a Linux driver.
Perhaps the best (from a practical perspective, were the content providers ever to realize this) way is to put DRM directly in the hardware. That's about as sealed up as you can get. I'll explain how this can work in terms of music in an encrypted MP3 format, but you can extrapolate it in terms of other media or
now we need to go OSS in diesel cars
With regard to Linux, particularly these days, that debate extends to whether it should be "permitted" to exist at all, supposedly being a "hackers'" and "terrorists'" tool. Surely, anyone who enjoys Linux should have an interest in the ethics surrounding it.
Can you name one person who is actually on record arguing that open source software should not be permitted to exist? You aren't the first person to make this claim that others are charging Linux / Open Source / Freesoftware with being a terrorist tool but I have yet to see a single example of these others.
Paint it black!
Something to think about. What he is doing with the Gates foundation is really a very, very good thing.
This whole "debate" is like saying you can't sell hammers because we think someone will use them as a deadly weapon. BIOS support for signed boot images would be a good, useful thing - don't confuse this "hammer" with the malicious intent with which it may be used.
Imagine being able to tell your bios not to load a kernel (actually, boot loader is probably more accurate), unless it was signed by you. Then you've just guaranteed that even after a system break-in, you can at least start from a known clean kernel.
Doing this in hardware, designed so that there is no way for the running OS to overwrite the BIOS' copy of the key, is the only way to make it safe.
And, yes, I would personally USE it. I would LOVE to be able to tell the bios not to load a version of grub I didn't install, and I'd love to then also be able to tell grub not to load a kernel that was modified without my knowledge. While we're at it, I'd like to be able to extend that to all of my kernel modules, and from there even to certain key system binaries used during run-time.
In other words, allowing the bios to offer security checking really DOES allow for the possibility of ENDING the requirement that you wipe and re-install an OS (or even an application) after a successful break-in. It provides a very much needed "guaranteed safe starting point" for building additional security.
Should bios makers embed a microsoft key in every bios - absolutely not. Should bios makers provide a straight-forward way of letting system owners install their own keys? YES, PLEASE, YES!!!
So what APIs should the bios offer to the OS? Certainly nothing that allows the key to be read or overwritten, but it would be nice if it would provide a "check and approve or reject" API so running applications could determine whether other files are clean before loading them. As long as this all starts from a single trusted source (system reboot checks boot loader, which checks everything it loads (including the files used to make future checks)), this is THE CURE for lots of current security problems.
"I also don't necessarily like DRM myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to - which very much includes things I don't necessarily personally approve of." This gives us the clear direction and vision not only for Linux but also what our discreation should be at things that we come across in our lives. Most of our missed goals, missed targets, missed achievements are the result of our inability in drawing a line that puts us on the right path.
I think the word you are looking for is "sycophants".
-uso.
The Walking Dictionary.
C:\>_
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
- You have the right to sign your binaries.
-
Anything you sign can and will be used against you in a public forum.
- If you are under the age of 18, anything you sign can be used against you in a juvenile flame war for a juvenile offense and can also be used against you in an adult flame war if the forum admin decides that you are to be flamed as an adult.
- You have the right to talk to an attorney before signing any binaries.
- You have the right to have your attorney present during the signing.
- If you cannot afford PGP, OpenPGP will be provided to you without cost, before or during signing, if you desire.
- Do you understand these rights?
-AdamWhat, like one of his usual windy manifestos? I can assure you I've not, and am rather happy with the fact. One time I was about to when I realized there was some paint drying, and that immediately stole my attention. That guy gives new meaning to "Quixotic."
That said, which part of what I said was wrong? He fits the zealot part, that's for sure. And he has, in the past, received money for writing code. So he doesn't seem to have a problem with the code for $ thing.
I was too busy flaming, not busy enough checking grammer. Thanks for the correction, I'll try to be aware of that in the future!
Linus' "choice" apparently include the choice to take choice away from others.
You can say what you will about this, but it is not acceptable in the long term.
It is in general profitable to take choices away from other people, so (economics) people will take this to it's extreme.
When I'm standing before you I have the choice to attack you for no good reason. It is generally accepted that that is not allowed - not all choice is good.
When I have an influence over you (as your employer, your family, your major) I am by law required to only use that influence in the context in which it is applicable (on the workfloor, at home, on public streets) and only in a very limited fashion.
Nobody is allowed, except under circumstances that make it absolutely necessary to take away the choice to leave that influence. ( and when it is necessary that decision is only made with great deliberation and under multiple levels of scrutiny)
In the digital world DRM is designed to bypass all the safeguards that exist now. There is no scrutiny, and once you're in there is no realistic way out.
Do YOU want to live in that extreme ?
Yes, I said it DRM is good. Will I ever buy digital media, that lets say has a read once policy, or perhaps a timeout period. NO! Do I care if companies try and sell these products? NO! Do I care if it makes it more difficult to pirate? NO!
But would I like to be able to use a DRM system to have trusted binaries, so I myself can sign my kernel, sign the binaries I compile. Having a system that can then enforce policies and use *my* keyring from a USB key fob or other such removable media?
DRM does not have to do with restricting your freedoms the way the MPAA wants to use it, its a tool and as a tool it can be very useful.
Having an extendable DRM system which is integrated with ACLs and other controls within Linux would be IMHO a very very good thing.
Just because its supported doesnt mean you cant choose how it gets used.
What I'm confused is, if a particular kernel binary is signed, and that sig is thus required for some DRM piece of software to work, does this mean we won't be able to rebuild our own kernels since the resulting kernel will not be signed and thus DRM programs would not work?
I can't see the need for much DRM software on Linux anyway (at least not at present) but I do believe this to be a valid question. Can anyone answer?
-- DuckWing
I reiterate, is it free as in beer, balls, or speech? Or all of the above?
I disagree with Linus. Although my belief doesn't really matter because I am not a kernel hacker, I do expect that many Linux contributors may disagree as well. Unless all the contributors agree with his position, the potential is there for one of them to make the legal claim that distributing a DRM-signed GPL'd work for use in a DRM machine without providing the private key as part of the source code is a violation of their copyrights (traditional and/or DMCA). In this case, unless Linus is willing to play politics and fight his way through a lawsuit to prove his position, then regardless of his beliefs or the legal correctness of those beliefs, there will be no DRM-signed Linux. I also predict that he would lose, if he chose to fight in court.
An "external" DRM-signature that allows verification of the origin of a particular piece of code is perfectly fine UNTIL that signature's presence is enforced by the hardware as a condition for exectuion. At that point, the signature becomes functionally part of the instructions to the machine that enable the whole to be executed, and I believe that because the DRM machine is requiring the presense of both in order to execute that they are a combined work in the context of use on that machine.
This signature, when enforced by hardware, also becomes part of an overall technological protection measure within the meaning of the DMCA. The DMCA requires the "authority of the copyright holder" to get access to a work protected by a technological protection measure (TPM). Nothing in the GPL authorizes the removal of a TPM, so if Linus unilaterally places a TPM on his copy of Linux (which the DRM-signature is) then he needs the authority of all the copyright holders to access the protected copy, which would include running it on a machine that enforces DRM. No text in the DMCA supports the position that if unprotected copies exist means that access to a TPM protected version is allowed.
Putting TPMs on other people's work without their approval results in a TPM protected work that no one can use. The GPL does NOT provide DMCA access rights either (it provides copying and modification rights but not TPM-access rights).
What he is doing with the Gates foundation is really a very, very good thing.
What he is doing helps a good cause. That is not the same thing.
I will agree however that more criminals should use a small fraction of their ill gotten gain to help good causes. This would help make the world a better place, irregardless of whether it successfully distracts from bad PR.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
[parallel universe]
[check]
Pay to the order of Linus Torvalds
Fifty-thousand dollars and 00/100 cents $50.000
Memo: DRM Good! (Hush) Hilary Rosen
[/check]
[/parallel universe]
This space for rent.
You and Linus can try to justify working on tools to screw your friends and yourself anyway you like. Call it choice, call it freedom, it's still dirty. In the end, the people you help screw others will squash you.
Many sorry laws will have to be passed to make DRM with GPL'd code work. First legal challenges to such misuse of GPL's code will have to work. Then the bastards will have to outlaw free code. There is no way to push their cripled versions while free code is available.
Friends don't help friends install M$ junk.
Don't forget the zeroth freedom, the ability to use the code for any purpose, and the ability to modify that code for any puropose and distribute the modifications. DRM denies all of the above, therfore DRM is against the GPL.
I'm just an engineer myself but I can spot so blatant a contradiction as that.
Friends don't help friends install M$ junk.
Linus and others' points are quite simple:
1.) You can sign a binary produced from GPL'ed code
2.) You can modify GPL'ed code as long as you release the changes.
3.) You cannot include secret keys in the binary unless they are also in the GPL'ed code. This of course makes them non-secret.
So, does this or does this not enable the kind of evil DRM that the riaa/mpaa drools over? Yes, it does! Now, let me explain why.
All that is needed for DRM, whether for good or evil purposes, is that the operating system lock out certain system level functions to prevent snooping on memory. Once the user (even root) cannot snoop on memory, key exchanges can take place safely between authenticated hardware and software or between software components. To prevent memory snooping, you must 'neuter' the operating system's kernel and perhaps also certain system libraries, depending on the OS's design. And example of this is LIDS, a patch to the Linux kernel which puts restrictions on what the root user can do. (In this case, the idea is to prevent a root-compromised machine from being damaged further.) For security purposes, DRM is a good thing. I can, for example, tell my BIOS to only execute the LIDS-enabled kernels that I have signed.
In the case of DRM for evil purposes, you have, for example, a custom hard-coded BIOS which ONLY allows the manufacturer's signed kernels--kernels that have been neutered that is. You may reasonably ask 'what about all the other software'. Well, some of that software may be signed and some may not. So possibly, your "hello world" program will still run. But the hardware will only allow the signed software to do the key exchanges for access to protected content. And since even your own code running as root will not be able to snoop into other processes memory space, the evil use of DRM will have been successfully achieved. Of course, some hardware may be even more restrictive and not allow any unsigned (user-provided) code to run. Examples might include set-top media boxes and video game consoles.
So, specialized hardware is one thing, but what does this all mean to those using standard PCs? Short of DRM-requiring legislation, we will continue to see TCPA hardware that allows the user to decide what signatures are acceptable. And, as I've explained, this is a good thing for security purposes. The danger will be if BIOS hardware, by law or by industry agreement, starts including a hard-coded "hollywood master key" that will allow the system to be booted into evil-DRM mode using a matching signed kernel. Now, unless this is the only booting mode allowed, you'll still be able to boot a standard kernel and do everything like normal--you just won't be able to access certain encrypted blocks on your hard drive until you reboot with the neutered and signed kernel and use signed, proprietary media players capable of the necessary key exchange.
Of course there is potential for a worse situation, however. Some hardware, such as sound or video cards, may refuse to talk unless their transports have been authenticated by the BIOS's "hollywood master key". So there is the possibility of interoperability problems.
But we do have a huge thing in our favor at this time: installed base of "non-compliant" hardware. Most people will not rush out and buy new computers just to access new protected and highly restrictive content or to use some new DRM-enabled MS Palladium version of Windows and Office. So we have the DivX (pay-per-view DVD) scenario all over again and the market will get a chance to decide. Frankly, I'm not too worried, but in the meantime, boycott any companies that support this rubbish!
Sure he's an extremist. Extremists are vitally important, as they set the boundaries. Anyone who is slightly less dogmatic than RMS appears reasonable and respectable. If it weren't for RMS, people like Bruce Perens would be viewed as wild-eyed extremists to be shunned rather than responsible moderates.
He says that Open Source "cite only short-term practical benefits as the reasons for what they do." while Free Software "embodies the firm philosophy of the free software movement" which means ensuring that the software, including future versions, forks and derives will remain free.
All Free Software licenses are Open Source licenses, but far from all Open Source licenses are Free Software licenses.
My other account has a 3-digit UID.
Actually the GPL is already a form of DRM. Here's my work, you can modify and extend it, but your extensions must extend to others the same digital rights that you were given to create your extension. It's been the "community" at large that has been enforcing that people stay within the digital rights offered by the GPL now people just want to do it with software... So now is Stallman going to want to call it GNU/DRM?
...in Ottawa. In Hull they just speak French.
Oh, you thought it was THAT Hull?
If you don't want to repeat the past, stop living in it.
From Linus:
No, Linus, you're not.
Extra credit for thinking big, though.
Right, because DRM naturally implies censorship. Methinks you're getting your causes mixed up. I'm no DRM fan, but I'm having a hard time seeing the protection of my copyrighted works as curtailing your free speech rights.
That's nice, but let's remember that he got a large part of the money through illegal practices after he picked up IBM's fumble.
Andrew Carnegie built a bunch of libraries, but he also used Pinkerton goons to kill strikers.
Philanthropy doesn't excuse prior evildoing.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Er...no. This is saying "if you use the GPL, lots of morals and politics come along with it". It doesn't say "the GPL is the only moral license". It say "the GPL is a moral license".
...but the GPL is just a tool. A legal tool.
So what.
The author of the license (RMS) is making a claim that his license is a moral one. I disagree. He's entitled to his opinions, as I am entitled to my opinions.
IMO, The license simply establishes the rules of a contract for community software. The way I see it, it's a moral less system, which just happens to be less vulnerable to commercial exploitation than other systems.
I like the GPL. I think it's an extremely empowering tool for building standards and charity.
"Tools and technology are neither good or evil. People are good and evil."
"Communism is like having one [local] phone company " - Lenny Bruce
If someone creates a version of the Linux kernel that only runs signed binaries, and the GPL forces them to release their source, couldn't someone simply hack their kernel to run unsigned binaries? It wouldn't even require any reverse engineering.
It seems to me that the GPL is inherently at odds with DRM, as DRM depends heavily on being proprietary and obfuscated (and this still doesn't stop people).
"alien" thinking
Hey, come on now. These are Americans you're talking about here. They are famous for their 30 second attention spans. Only a tiny minority of Americans have any ability to understand the thing called long term consequences. Look at the consumption. Look at the media. Look at the recent wars. Land of sheep and apologists.
If these people would really understand Linus and the Finnish way of separating frames of reference, they'd try to walk the walk before trying the talk.
Trusted binaries are an example of "good DRM". It keeps the nasty trojans and viruses away. I am fully in favor of that kind of use.
On the other hand, using DRM to prohibit "fair use" on copyrighted material is "bad DRM". Unfortunately, I think people like RIAA and MPAA are watering at the mouth at the prospect of legally and forcibly requiring "bad DRM" in any kind of media read/store/playback device.
Like Linus said in his messages, its kind of like the nuclear scientist Oppenheimer. Nuclear science can make electricity or can be used as a weapon. The science is not evil, its the people who might use it wrongly. It depends on who is using it and how.
I've been saying for some time now that if Linux didn't adopt DRM, they'd be left behind. Linus also understands that Linux is simply a tool. He simply gives the user the freedom to use his creation for their own endeavors whether or not he agrees with them. If you're going to say no one should use Linux for DRM, you might as well start supporting restrictions on guns, the Patriot act, etc., since you clearly believe you have the right to dictate others freedoms.
Vote for Pedro
I stand behind Linus here.
Then stand up, and kindly remove your tongue.
If you want "morals", do it your self. Don't ask others to do it for you. If you find DRM disgusting, evade it like the plague it is, but don't dare say people have no right to use it themselves. Even if this would lead to splitting the kernel in two camps, who gives a flying fuck. It's open source, and the only holy thing is that it's free of other people's decisions. You can make whatever you want of it.
Oh god, do I sound like I'm a preacher?
The decision to not "impose your moral values" is in itself an imposition of your moral values on me. Everything we do and don't do has an effect on everyone around us.
"Qui tacet, consentire videtur"
Silence gives consent
The kernel is DMR signed so that the hardware doesn't loot YOU!!!
"those who can, do. those who can't, teach." wake up engineers, this simplistic homily does not apply to you; you are both able to do and thus, you are able to teach those who would study your actions. the question is, what are you teaching?
sensible people = double plus good.
Free software comes with it's own Declaration of Independance and First Amendment.
That means it can't lose its freedom.
Open Source can be enslaved.
Philanthropy doesn't excuse prior evildoing.
Right, and some evil-doing (a rich corporate schmoes screwing other rich corporate schmoes out of money, BTW, which pales in comparison to helping the developing world resist the spread of HIV) doesn't necessarily preclude doing some good.
Just like the typical slashdotter: you are incapable of seeing a person as a complex being with both good and evil capabilities, especially if that is Bill Gates. Humans aren't a boolean variable you know, or even as simple as a computer, you know.
Pardon my ignorance, but if one is really concerned about DRM being intrusive, isn't it possible to not enable it say by not signing the binary kernel that one compiles, or if there are enough people, couldn't one form a 'fork' or something of the kernel that doesn't use DRM extensions.
I beg you to pardon my ignorance.
Thank you.
GrimReality
2003-04-24 19:27:51UTC (2003-04-24 15:27:51-0400)
Your post was written with too much insight and intelligence for most /. readers to properly enjoy or understand. Allow me to offer this abridged version for the general /. public...
While Linus is TEH G0DX0R, Natelie Portman would agree with GPL friendly DRM. Evil DRM used by sucky Microsoft will die and Netcraft confirms it. Don't worry, no hot grits down your PANTS over this one.
Join Tor today!
I think that the GPL may indeed need to be modified due to DRM developments, because they may soon violate the spirit of the GPL, if not the letter.
Very soon we may have hardware out there that will only run OSes that are signed, or even encrypted, with a specific key. These hardware manufacturers or software companies in cahoots with them may release versions of Linux for this hardware.
So you've got this machine running Linux. You've got the source, so you make the changes you need and recompile the kernel -- but you can't run the new kernel image, because it isn't signed.
Or you may be given an OS with an encrypted kernel image and source code that supposedly matches what's in the kernel image -- but since it's encrypted you have no way of telling, and you can't compile your own copy because you can't sign it.
I think the GPL needs to be modified to disallow the distribution of versions of software where the hardware is so restrictive that having a copy of the source code does nothing for you at all.
...and go with vi. :)
Just like the typical slashdotter: you are incapable of seeing a person as a complex being with both good and evil capabilities
Excuse me? Did you glean that Deep Insight into my personality all by yourself?
The funny thing is that right in the middle of trying to put words in my mouth, you reveal your own prejudice against slashdotters. Anytime you try to ascribe any characteristic to half a million or more people, you're on very thin ice.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I don't like DRM much, but if someone wants to use it then I don't see why I should stop them. If they add (or remove) DRM from the Linux kernel then the GPL is working the way it should.
By supposing to not impose your political views you are infact posing a view of non-imposition.
Poser
Yeah, I heard a BSD-licensed program just the other day talking about how oppressed it was. "Let my people go!" it said.
I'm still not convinced that Stallman hasn't perpetrated the Greatest Troll of All Time. He's just too hilarious.
First, BitKeeper, then DRM. Maybe it is time to start looking into the Hurd.
the funny thing is, RMS and Linus are exactly in agreement on this. The GPL should not be used to tell people what to do with their software (telling people what to use it for or add to it).
People fawn over Linus because he's easygoing. People dislike RMS because it's easy to make fun of someone with rigid beliefs.
"I don't wanna hear how you're so driven" some more stuff, then "If you say it, mean it, if you mean it, do it. You can't live your live through me, if you do it, live it, if you live it, say it, action is the air you breathe."
;) Anthrax's CD "The Sound of White Noise". I have that one, it's great. And Packaged Rebellion (track 4) is one of my favorite tracks.
ahh yes
Mostly DRM will be used for nasty stuff like the X-Box where only one operating system is allowed to run.
Right now, it is perfectly legal for Microsoft to make deals with the mobo manufactures and write firmware to lock people out of the X-Box. To me that's fine, it's Microsoft's hardware after all and they can do what ever they want with it.
The problem I have is that the laws currently state that Microsoft has some control over the hardware after a customer has purchased it. Customers who use the XBox hardware in ways that Microsoft doesn't like have been thrown in jail.
I have a problem with that. Before Microsoft sells the XBox they should have complete control of the hardware but after the sale, the customer should have complete control.
If the laws were changed to give these rights back to the customer, then I would not be so opposed to DRM.
Intrepretting the GPL with regards to DRM is difficult. For example, the signing could modify the binary stenographically. I think that would violate the GPL. If the signature was in a seperate file and then I think it would be Ok.
It's good that Linus is trying to clarify the issue before anyone goes to court over it.
RMS is not labelling Linus with 'engineer' in order to associate him with limited competance. Ie, engineers are dunderheads, Linus is an engineer, therefore Linus is a dunderhead.
Not at all. What RMS is suggesting is that Linus' notable skills and intelligence are limited to engineering. He doesn't have the breadth of knowledge necessary for visionary thinking. Linus is not a renaissance man.
So Linus takes some pains to point out that he's in the enviable position of not having to take a stand on much of anything. Big deal. We should all have such courage.
Come on Linus, pick an issue, make a stand, stake your reputation. I dare ya!
Otherwise, show some gratitude to those who've taken risks to maintain and extend the political, social, and technilogical environmnet that has allowed you and others to make your invaluable contribution to the endeavor of applied computing.
Wow! I've been modded down as a troll for making similar comments about Linux, i.e. the possibility that it should support DRM if people want it.
Vote for Pedro
Is that legal with the kernel being GPL? I know it's technologically possible, but is it *legal* to do so?
Rhetorical question really. I have no doubt it will be done.
...which means that you have lost the ability to tinker with it, if it doesn't. A kernel that will only boot "approved" code is little better than a closed source entire operating system. It is marginally better, but to me it appears to violate the spirit of the GPL, even though Linus says it doesn't.
It's his baby! I'm certainly not a kernel hacker nor a lawyer, but just from a layman's point of view that's what it looks like. Anyone "you" is free to do whatever, except with a drm kernel you can't, but wait a minute you can, no you can't, etc. It's a dichotomy near as I can see.
That's the point of his message this morning. Arguably, no one else has standing to press suit for a copyright violation because such a kernel would only be a derivative of the kernel as a whole and not any individual's contribution to it. THere's another unlitigated GPL legal issue for you.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
You don't have to be political to enjoy a nice pair of new running shoes (made, possibly, with child labour), medical advances (made possible to some degree due to research done via unanesthesized vivisection of Jews by Nazis during WWII), or "free" health care (paid by tax dollars taken from those who now can't pay for their medical needs not covered by the "free" program).
I know nobody will read this because it's now an old story with lots of posts and, besides, this is off topic, but...
are you equating state funded healthcare with child labour and the holocaust?! If you are then... well it's just incredible. I'm speechless.
For the record, if you have state funded healthcare, the rich, not the poor, pay for it disproportionately. So you're never going to be in a position where your taxes take enough money to leave you vulnerable to 'medical needs not covered by the "free" program'. If you're too poor to pay for, say, good dental care, then you were too poor to pay for that before taxes.
What an incredible argument!
- NG
Gee, it prevents you from placing draconian EULA restrictions on modified distributions. Basically, the GPL prevents you from clobbering your neighbor on the head. Bad GPL! Bad Bad!
What you and other whiners about the GPL want is the right to take GPL'ed code, make changes/additions, and then distribute them without giving anything back to the community. You want to leach off of other people's work for your own gain and/or profit. You complain because the GPL doesn't allow you to use it's code as a basis for software licensed with EULAs that would give you the right to terminate the user's license to use the software for no reason.
The only people who really have cause to complain about the GPL are proprietary developers who are salivating over superior GPL'ed software, which they want to grab, modify, proprietize, and profit off of without even giving source code back. That's why MS likes the revised BSD license so much. They can grab anything there and use it without giving anything back.
Sorry, I don't give a damn about those of you whining about the GPL because it prevents proprietary companies from taking away every conceivable end-user right.
social sciences can never use experience to verify their statemen
...that point about the crypto check. What I DON'T understand is what good is it if it has to be "open"? How will it be any good as a check if the entire source is there to see, and must be revelaed?
I can understand at the file and user level, but at the core level of the kernel? Your personal files and data do NOT have to be "open" to anyone under any license, BUT, how is something "open" and "hidden-secret" at the same time in kernel space?
Perhaps I am confused even more. I can see anyone doing this with their own kernel,and keeping inside the GPL, but not transferring it to others, because then they must provide the source, negating any benefit from having a "secret" in the kernel, which has to stay open, yes? Or no? You can transfer a kernel that has both open and closed source in it under the GPL? BSD license you can I think, but I am not so sure under GPL.
I'm not going to try to speak for others, so here is another link.
The Free Software Definition
Linus needs to watch out because putting private DMCA protected keys into the source code of Linuxz will make Linux a trafficing agent for a circumvention device under the DMCA.
I'm personally looking forward to this happening. Instead of Free Dmitry, NY Fair Use (fairuse.nylxs.com) can get more coverage on this issue if they lock up the poster child of Free Software
http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com
--should have started my reply string here first. Yes, this is how I saw it too. It's up to someone to come up with something other than what we know of as drm , and if they can, then it can go into the kernel, but not until it can be both open and closed at the same time, else the license is violated.
So, this theoretical technology/code doesn't exist yet, does it? This statement by him is that IF it can be created and it works that it would pass muster, but not until then. A palladium styled approach wouldn't be legal, but something else-maybe.
I hope I understand this now.
Your proof that intelligent people are put down upon is a reference to a book written back in horse and buggy days? Good grief. If this is what you need to tell yourself to get through the day...well, just try not to take it out on other people.
For clarity's sake, being too academic and too pedantic is not the same as being too smart. You're a grad student, aren't you. Being too academic is the same as being too prone to using too little real information to formulate too general of propositions. Being too pedantic is concentrating on picayune trivia rather than concentrating on things that actually matter to any significant degree.
Being too smart? No such thing.
Indeed. This is probably the most interesting question of all. Linus makes a big thing of being apolitical, of caring only about the code. That's fine when events are rosy. If something unexpected were to happen, what would he do? Without ideals to guide him, how can we predict what he might do?
And if we cannot predict what he might do, if there is no way we can say "Don't worry, Linus will stand up for this", why is he the leader?
and hex and binary as well as decimal.
I agree with the above (I made a small alteration--changing "Linux" to "Linus Torvalds" for clarity and what I thought you meant to type). Linus Torvalds' words in this mailing list post and other threads I've seen him contribute to suggest to me he genuinely believes his words and deeds are somehow apolitical; as if politics can be somehow absent from any collaborative human endeavor. This, for me, makes his political naivete more striking than the intended DRM substance of his commentary.
Digital Citizen
On the other hand, one could argue that Stallman's political activism is annoying for those of use trying to enjoy a decent OS. And Linus never said he was trying to please anyone. As far as I can tell, he's been pretty honest in telling Stallman where he stands. I respect that - he isn't getting involved in all of Stallman's projects, because it's not his thing. He's a software engineer, and the world needs software engineers.
Also, I don't want to speak for Linus, but don't necessarily confuse apathy for simply not agreeing with Stallman. There has to be room for disagreement within any community - and if not, it's no longer a community, it's a cult.
Your argument is tantamount to that whole "you're either with us or against us" routine. That's a bit too divisive, as well as self-righteous. Some people, like me, think that there's room in the world for more than one software distribution scheme, and that people/companies that practice them aren't evil. I mean, I don't want linux to become "BSD for those who make their OS a religion" because I actually like linux better, but that seems to be where some people are trying to take it.
Linus be a "fair weather" friend to the Linux community, quietly disappearing into obscurity? I hope not, but, sadly, I'm not sure.
Watch that you don't confuse GNU with Linux as Stallman is ever quick to point out. Linus will be a friend to the Linux community as long as he's involved with the project. However, just because he released a project like Linux under GPL doesn't mean that he has to become a standard-bearer for GNU. I think you should certainly not necessarily count on Linus's support for GNU because, frankly, I don't know that he's given it.
Spoken like a fat, dumb, & happy type.
Slavery isn't inherently evil. It's the usage and if it goes against your morals, ethics and general desires, if it is good or not.
Laws which put its use at all, as forbidden or not, is what should not be put into law. It's how it is used.
--
So, as long as you treat your slaves kindly, it's ok!
Spoon not. Fork, or fork not. There is no spoon.
Oh, you're an existentialist!
Nope. Just a scientist.
Pity it's still an ideology, though.
Interesting, because the notion that "the absence of a choice is itself a choice" is one of the main tenets of existentialism, as I recall. So, in making that connection yourself, you seem to be practicising a bit of existentialism. For me, my lack of a pre-defined ideology is just that. I don't let that lack define me either, because I just don't care enough. I always thought existentialism was a load of crap.
Thank god somebody said it.
To whom did he give that money? Hmmm... I wonder if Gates is invested in any pharmaceutical companies... did someone say vaccine? nah... that'd be ridiculous... like vaccinating all our kids with hepatitis.
archive of comp.os.linux.advocacy
The Defense Contract Management Agency (DCMA) is only a party to controlling the world. The way things are going now, it may not be long before the DCMA assists in applying the Digital Millennium Copyright Act (DMCA) to the rest of the world.
Yes.
If that happen to RMS, he'd not go down without kicking, screaming, generally making an annoying, attention-getting fuss, and making us think, "ya know, he's annoying, but doing that to him is wrong".
Problem there is one of uniqueness. That's what Stallman does about anything. So, honestly, I don't know that anyone would notice if Stallman's screaming because his mail got misdelivered or because he got thrown in a jail cell in Guantanamo Bay.
First, I think that it's a reach to think that anyone involved with linux will actually be prosecuted/persecuted simply for developing an OS. Second, I think it's a reach to assume that because Linus doesn't get involved with the "Free Software" fight that he would cave in to the US government. That and since he has Finnish citizenship he could tell them to piss off.
You need to separate two scenarios: is Linus in general apathetic, or is he simply uninterested in your cause?
Yes, I am a cynic, and somewhat paranoid.
Well, yeah, but we won't hold that against you. Just remember to keep the tinfoil hat firmly applied to your skull. ;)
If you don't like DRM then just take it out as long as you don't distribute it. That's my take from his note. Doesn't sound like a problem to me.
The Linux community needs to break into the mainstream desktop and they need corporate alliances to do that. If corporations think that the Linux community will stab them in the back, they won't cooperate.
I'm sure there are zealots that could care less if Linux never goes mainstream but, like all extremists, they aren't thinking about the future of their cause.
Laws are for people with no friends.
DRM and the elements there of are a tool, and like most tools they neither good nor bad, its the use of the tool that counts. Consider a chain saw, it can be used to cut down the dead tree about to fall on your house, or you can use it in ways inspired by certain horror movies. Now imagine a secure DRM platform for police car video cameras, where it can be proved beyond a reasonable doubt that the images shown in court are as the camera saw them with no manipulation. There are many other examples
...but you can always choose not to use DRM, say, by using only pre-2003 computers. The problem with Linus' practicality is its succeptiability to falling down the slippery slope. We are going to have problems when we value convenience more than freedom. I have a hard time seeing where you could draw a distinct line between BitKeeper is good, DRM is bad in the following list...
The price of freedom is eternal vigilanceSigning a binary is one thing. Building a kernel that will only run signed binaries and signed by known presumably respectable entities is something else again. The latter does indeed take away freedom to run whatever you wish on your own machine. A signed kernel for purposes of verification that it was what X produced is one thing. Requiring that the kernel/OS be signed by X before the hardware will actually run it is something else again. The latter means that once I mod my kernel, which almost every Linux user with changing hardware/interests eventually does, that the machine will not necessarily run it due to some Palladium like TCI hardware being present. This definitely flies directly in the face of Open Source and Free Software.
Ok, so suppose there is a working DRM implementation in the kernel.
I work as a sysadmin, providing desktop services on unix systems. Something like this would be great!
I could sign all binaries that I trust to run with root privileges, and as long as my private key is safe, running unknown binaries as root becomes impossible.
This will make root exploits somewhat more difficult, and if the BIOS supports it too, hacking the system with boot floppies/netboot etc. will be really hard.
Think about it.
Please don't rip off my work uncredited.
I wrote that little passage and it was originally published on segfault.org a couple of years back.
My journalism page which shows this
Shame segfault.org doesn't seem around at the moment.
Hello? Since when is getting a monopoly lock on the software industry and using that to push poorly-documented pseudo-standards instead of the real thing just `screwing other rich corporate schmoes out of money'?
There are reasons why democracy does not work nearly as well as capitalism.
-- David D. Friedman
I really don't understand how signing works anyhow. Ok, so U = S^E mod N, where (E,N) is the public key, S is the encrypted signature and U is the unencrypted digest. So all we need to do to appropriately encrypt some U value (and thus create our own signatures) is to find some Z such that U + Z*N is an integer power of E. (Then, S = Eroot(U+Z*N). )
Is there really no mathematical way of doing that? I certainly can't see it requiring factoring E.
I know that the "encryption" applied to the digest is actually the RSA *decryption* algorithm (applying the secret key). But this problem isn't equivalent to decrypting a message, because when we're decrypting a message there's only one correct result. In this case, we don't care what result we get as long as it'll give back our U when passed back through the signature decryption (RSA encryption) formula.
It's called TiVo.
Honesty may be the best policy, but apparently by elimination, dishonesty is the second best policy.
I think it's Finnish for [GNU/]Hurd.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
"...I'm just an engineer who wants to make the best OS possible..." - Linus
Uh.... make that "the best kernel possible". Linux is a kernel not an OS. Unless of course you mean GNU/Linux - which is a complete OS (a GNU OS with a Linux kernel).
Or does the above statement imply that he believes that he is the only contributor to the Linux kernel even?
Just remember what Fred von Lohmann said on the EFF site:
"Briefly, the music, movie, and publishing industry are trying to outlaw the use of computers to produce new ideas, and share current ideas."
I figure people can just remove the DRM section of code from their system. Try that on M$ or Apple.
DRM = DIGITAL REPRESSION MANDATE
"The more you tighten your grasp, the more slip through your fingers..."
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
Excuse me Linus, but the topic was "DRM in Linux". Kernel signing is an important issue too, but pretty off-topic (a distant parallel at best). I agree with his stance on DRM in Linux, but I wish he hadn't watered it down so badly.
How does a kernel recompile work under this scenario? You're not going to be able to sign it "Signed by Linus" yourself. That would be stupid. You're not going to be able to download a perfectly customized and signed kernel from another source, so long as CPUs and bandwidth are factors.
So it sounds to me like the choice is between having the freedom to tweak your own software, and being able to run all these "signed apps."
You want the truthiness? You can't handle the truthiness!
We need the HW equivilant of open and free software. Imaging being able to download software, firmware, HW schematics, BOM's, CAD drawings, PCB etch masks, CNC machine instructions and so on and literally build a computer, set-top device, stereo, or whatever from raw materials.
Fuck manufacturers that won't build the HW I want. Fuck the braindead BIOS with embedded DRM. Fuck proprietary busses and data encoding standards.
Unfortunately, this won't help when every fab embeds DRM dainbramage in their chips, but it will help stave off the cultural apocalypse of entertainment exclusively available at the local AIAA (Asshole Industry Ass-ociation of America) store.
No, I work a real job, unlike you. I hope that doesn't depress you. Hang in there; I'm sure you'll dig yourself out of the whole some day.
"Sufferin' succotash."
Sometimes I'm allowed also to add 5 insightfull moderation points. However i'm certain they have on every slashdot member a certain "politics" profile. So when CmdrTaco thinks the opinion shoudl evolve in a certain direction, he either gives "the lefties" or "the rightwingies" moderation points to use. its very very sneaky. I just found out how they did it.
In this story he must have used his database on which slashdot members are againts RMS or in favor of RMS.
Robert
Ok-- I administrate a number of open source projects. I tend to have very strong political views on many things, but I also uderstand something: there is a right and a wrong place for the enforcement of ideology. For the record, I do not think that Stallman or Torvalds have crossed the line.
I may not agree with Stallman entirely GNU/Linux thing insofar as Stallman created the GPL so that people would have the freedom of how to distribute GPL'd words and now seems to be crying about the fact that too many people don't call Linux GNU/Linux. That position seems a little hipocritical. But I respect his right to have a a position on this issue and he is certainly entitled to his point of view.
The point is that if you try to *enforce* your morality through a product that people can choose to use if they desire, not only is this doomed to fail, but it threatens to marginalize the people who you want to be on your side. Making a stand by interfering with people is not a way to make any progress (though demonstrations can be effective when used properly but one has to realize that civil demonstrations and civil disobedience is an attack against an established entity whether civil or corporate).
Instead, I think it is important to try to gain community involvement in the process-- create dialogue and create problems that enable people rather than interfere with them. For exmaple, I am working on creating a robust, highly scalable, and highly available ad server written in PHP for Linux (using Apache and OpenAFS as its preferred dependencies, with LDAP and database connectors and drivers coming later). Everyone may say "We don't like pop-up ads" but I see this as a great way to start a dialogue between users, developers, and advertisers.
LedgerSMB: Open source Accounting/ERP
RMS is a superb engineer too. And if he used that as the centerpiece of his work, he would have a level of respect far beyond what he has today. He is to the GCC what Linus is to Linux.
The problem is I think that Linus sees himself as a software engineer while Stallman wants to engineer a society (not to be confused with the security term of social engineering). I think that Stallman sees himself more as a role model and teacher while Linus sees the centerpiece of his work being the software he helps to build.
I agree-- RMS is the one picking the GNU/Linux debate for *stupid* reasons. And that detracts from the images of his real software accomplishes.
LedgerSMB: Open source Accounting/ERP
Reading between the lines, yes, it's about
Palladium. The fear is that some day soon
the only decent computer hardware will be
set up to only boot kernels approved by the
RIAA. If you want to run Linux, you'll have
to run it on old, second rate, and possibly
illegal hardware.
Okay, no need to get so nasty. Maybe I was wrong to generalize, but here's my point: a lot of slashdotters talk about Microsoft and Bill Gates as if they were the epitome of evil, without any critical thought. You did the same. I'm trying to point out that there is more complexity to Mr. Gates than his anti-competitive behavior on Microsoft's behalf. Please respond to that point; you haven't yet.
Hello? Since when is getting a monopoly lock on the software industry and using that to push poorly-documented pseudo-standards instead of the real thing just `screwing other rich corporate schmoes out of money'?
Look, in all honestly, who has Microsoft's anti-competitive practices hurt the most really? Has it made an entire third of Zimbabwe's population die from AIDS? I don't think so. Perspective; that is what I am talking about. Whatever your problem with Bill Gates and how he made his money, at least recognize that he is doing something positive and intelligent with it. And to respond to another poster's comment, no he is not just handing it to large drug companies. He and his wife are doing hardcore research to figure out who is doing the right thing for fixing this epidemic, and then they are giving those people money. They are doing good things for the world, which far outweigh, in my mind, any evil that Bill and co. have done to emasculate, for the most part, a bunch of other nerdy and/or wealthy white males. Get over it...software is not the center of the universe. And Bill G. is more complicated than just evil. That was my main point, which apparently every poster who responded to me missed, because they were too busy spitting out their anti-MS anti-Bill missives.
I guess actually a fourth of Zimbabwe's population is infected with AIDS, those that we know about. Not much less to be concerned about though.
You idealist idiot. Have you ever sifted through the source code? Its a fucking mess. He is a totalitarian, and there are whole groups of engineers at HP, Sun, IBM and other places that probably want to wring his neck. And check out the kernel.org mailing lists. I would day that Linux and his decisions are tolerated and he is hardly beloved. He is a pompous ass and would probably fail a modern CS class in OS design. The only reason Linux caught on is the same reason Microsoft caught on. Idiot users don't know better. Idiots first used Linux because they were greasy, unwashed losers who couldn't afford a commercial kernel. And Microsoft, well, greasy idiots cheaped out and got a PC or an Apple and now we have a huge community of Microsoft and Apple losers.
No engineer has EVER worked alone. He works alone, deciding what Linux will become, in a vacuum. He is incorrigible, and he will always be right.
If you think Linux is a walking God, why is he working for Retard Transmeta and coming up with garbage like Midori?
FreeBSD, it is well documented, coherent, and always builds correctly in -STABLE, and has a completely coherent/synchronized-with-the-kernel userland, c library and compiler.
Linux is as un-elegant as it gets.
And lack of elegance should piss off a career academic like you... - oh, I forgot, as an Academic, you are about as bad as it gets.
The mob has ruled the computing industry into mass fuckheadedness.
As the posts above shows, DRM on Linux will always be somewhere between impossible and impractical.
So support DRM on Linux is a moot point. The only thing it really does is give DRM positive publicity. Which will increase Palladium's momentum and legitimacy.
So, Linus' comments were fundamentally short-sighted.
Don't worrry everybody! We can always turn to the Hurd! (Just as soon as they finish it)
Yes, you can make hardware that will only run signed binaries, and thus close that hardware to tinkering. Infact, making such hardware has already been attempted, it's called a console.
m plain_and_stop();
In essence, the bootloader of such hardware does the equivalent of:
if (valid_signature(kernel))
boot(kernel)
else
co
This is nasty, if you are running on such hardware, than the ability to change the kernel in any way you like brings you nothing: if you change anything, even something completely trivial, the signature will no longer be valid, and your new changed kernel will not boot.
Linus is rigth though, this is clearly allowed under the GPL. And furthermore, it very likely CANNOT be forbidden even if we would want to.
A Signature is (or atleast it can be) a separate document saying the equivalent of: "I, Bill Gates, testify to the fact that the kernel with sha1sum=b7a7bf03dcafd4d48001d6a2a6fd2ceaefa4cc1e is trustworthy and can be booted. signed(bill_g)"
There is no way for the GPL, or any other legal document to forbid the above document from existing. The signature above is clearly not a derived work of the kernel, but rather a commentary upon it. (namely a commentary on the trustworthiness) The only info derived from the kernel is the sha1sum, but the only function of this is to make it clear which kernel you are talking about. (much like mentioning the ISBN-number of a book you are reviewing)
Furthermore, there is also no way you would be able to forbid hardware from acting on the existence (or absence) of such a signature. Afterall there is no law saying that "hardware *must* boot all code."
Now, what *would* be nasty would be new laws *requiring* hardware to implement signature-checking. Such laws would essentially make it forbidden to make user-modifiable computers. The way the US is moving at the moment, I would not be too surprised if such a law is introduced and passed in the next few years.
The only difference between bullet-proof personal privacy protection and Orwellian DRM measures is who has the private key. And if you have the source code (and the GPL requires that you can get it), you can always set your own private key.
DRM is about taking away the user's control of their computer. The GPL is about making sure that the user has full control of their computer.
Linux, because it's system software under the GPL, is already anti-DRM.
: a lot of slashdotters talk about Microsoft and Bill Gates as if they were the epitome of evil, without any critical thought. You did the same.
Like hell I did. I'll have you know, kid, that I've put a great deal of thought into my position vis-a-vis Gates, MS, and the mediocrity franchise in general.
Oh, and FYI: you're the one who came up with the phrase "epitome of evil." I merely pointed out that the man has engaged in criminal behavior.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Geez, I can't wait for programs that WON'T run if DRM is enabled. In the future, all of my programs and utilities will have this, and no: I will NOT code it otherwise. If you don't like it, don't run my programs on your untrustworthy DRM enabled hardware.
Don't use the GPL
Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto.
You just made yourself look very stupid.
if i log into a system i only have the rights to access data how the system allows me to. if someone else owns a file, they have the ability to stop my use of the file. all the DRM buzzword is is the ability for a file to be owned by users not on the system. or perhaps it could be done by just having automatic user accounts made for new artists.
Question
http://www.ironfroggy.com/
Am I the only one that see it or didn't Linus just take a stand on DRM?
:)
What he said was that you can't hide encryption keys in the binary, but it's perfectly okay to have DRM as long as the key are published as part of the source.
What this means is: "You can't distrubte a (Hollywood) DRM'ed Linux kernel"
Yes, he says DRM is allowed, but only good DRM. The kind of DRM I'd like to have on my computer, so that I'm in control.
Typical Hollywood, pipe-dream DRM relies on me not having access to the keys. Linus has just said that this isn't allowed. The only type of DRM you can have is the type of "DRM" that SSH already enforces for me. People with the right keys can get stuff and those without it can't, and I can change the keys.
I wouldn't mind at all, having bullet-proof DRM that I had the keys for. (And knew they couldn't be changed on me.) It would actually be a bit reassuring. Say you keep your journal on your PC. It would be nice to have some DRM on your system to keep someone from just posting it to the net.
The DRM he's saying is allowed is very simlar to the "DRM" we already have on our systems: Unix file permissions.
The whole point of Hollywood DRM is to take root access away from the person sitting in front of the computer. He's just said that any keys compiled into the kernel would have to be published, and since the only way to have tough to crack DRM is at the kernel level (or below), that can't be done.
Yay Linus for satisfying the both the idealists, and those who just want to bitch about OSS zealots, and that god Linus isn't one of them.
Life is too short to proofread.
I think he was right on...
/. readers could testify from personal experience that they were made to feel bad, or different (or even beat up a few times) because of their intelligence. A lot of the less intelligent kids where I went to school picked on me, because I understood math and science. The most popular insult they had for me was to call me scientist!
I do agree with you that you can not be too smart, but being smart (unless you make an effort to conceal it) will get you cast out of a lot of american society. I am sure that hundreds of
Fortunately I only got hit hard once during school, the reason I only got hit once was because I have pretty good foot speed and they could not catch me on the play ground, the one time someone managed to get me, he had the balls to do it while the teacher was standing in the hall outside of my classroom.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
And Phil was never really nailed. And as long as he doesn't sell PGP internationally he'll be fine. Export regulations on strong encryption may be silly, but they do exist, and as long as he follows them he's fine. And courts have already ruled that publishing algorithms on the net is perfectly legal and covered by the First. I'm sure he has lawyers keeping him on the straight and narrow.
So far, I can't see where anybody got convicted in this country for something where the law was rudely twisted in ways that weren't predictable (though I'd love to see examples). That's not to say that I agree with the laws themselves - but if you flaunt them, expect to be a martyr.
Seriously, no one will go after Linus. If they do, they will be laughed out of court. That is, unless Linus decides to become a bit of a radical and start doing things he's not now.
Don't you mean "H?ll"?
I know we're supposed to be talking about Iraq here, but I'd just like to point out that even though the GPL keeps the kernel safe from embedded keys (that we can't read about in source form), one can write closed source modules that get linked to kernel code via a open source wrapper like nVidia's kernel module.
Wow. Well, when you relax a little, let me know, and maybe we can continue this conversation. If you'd read the initial posts, you would have seen I was reacting to the simplistic characterization of Bill Gates as evil. You responded to my critique of that, so I assumed you were supporting that characterization. Tell me where I went wrong. If you have done a lot of thought on this issue, please let me in on your little secret. And please don't call me kid, you don't know how old I am, and neither do I know how old you are--it will just help us to keep a civil conversation, if that is possible at this point. Or maybe you're trolling me, which, if that is the case, good work!
crippled hardware
Challenged hardware! Challenged!
Everyone seems so resigned to the fact that a MD5 sum (or the like) is not a "derivative work" under US copyright law and therefore not coverable under the GPL. I'm not so sure. 17 USC s. 101 reads (in part): "A 'derivative work' is a work based upon one or more preexisting works, such as a . . . condensation . . ."
Certainly an MD5 sum is "based" on the file to which it pertains. Refering to it as a "condensation" thereof is, I'm sure, an over-simplification. However, I think that the basic idea underlying derivative works applies. [The statute does not provide a comprehensive definition of "deriviate works" - courts fill in the details.]
Granted, an MD5 sum is just a big freaking number and so it may be argued that, as such, it lacks sufficient "originality" to be subject to copyright protection at all. But heck, it seems to me that all executable code is susecptible of the same characterization but such has not precluded copyright protection for programs generally. Besides, as with all other works subject to copyright protection, anyone would still be free to 'independently' 'create' and use the number comprising the copyright-protected MD5 sum (e.g., by some means independent from the file to which MD5 sum pertains.)
So, I provisionally reject the popular premise in this discussion that MD5 sums are not, in-of-themselves, GPL-able.
Fair comment from Linus. Freedom 0, the right to use for any purpose.
But when the boot is on the other foot, and DRM is deciding about Linux, at the hardware level, I wonder whether Linus will be as indifferent to DRM.
i'm not sure if we are in the same Universe of Discouse here, but i would consider murder[the ending of a life] moral. i'm not hard-fast on it, so there is room for doubt, but it follows pretty steady from the rest of my "axioms" i hold dear. if life is a curse on the living by definition, then removing such a curse [the ultimate curse] would not be immoral. so it would work like this : murder is killing, killing ends suffering and potential suffering, therefor murder ends suffering, and potential suffering, anything that ends suffering and potential suffering is a Good Thing, what causes Good things is moral, therefor murder is moral. any questions?
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
That is a rather instructive standpoint. How I read it is:
// wining:that is worse than flaming, right ?)
"DRM is maybe only very marginal and might have very little usefulness, but since it has _some_ use we will support it"
I don t see this as a clever engineer move: it is also good engineering practice to reject a feature that has little use so that the system is kept simple &stupid.
Priorities: When installing the latest typical distro (pick a name beginning by M, or R) on the not-too latest typical HP pavilion , I will see that many devices (modem, tablet, webcam, keyboard) are not supported, not even as a 2.5 or unofficial patch. And that for a 1.5 to 2 year typical home/midrange machine from a vendor that claims to support linux.
Your problem is that you fail to see the dangers of having drm. It's not like you'll have a "choice" about things; if you want to watch the news, you might have just given permission not just to turn drm on, which doesn't "just give you the news", but does other evil legal things like give them the ability for the IPDroids to plant tracking worms and the ability to snoop on your hardrive, selling to the government the data they've collected.