Slashdot Mirror
Linus on DRM
Thread on LKML:
Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!
Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.
I want to make it clear that DRM is perfectly ok with Linux!
There, I've said it. I'm out of the closet. So bring it on...
I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.
In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".
And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.
The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.
[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]
In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.
And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.
Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.
But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.
That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.
I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.
Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.
So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).
Linus
What is this "h*ll" ?
Is it where all the naughty puntuation marks go when they die?
graspee
What Linus is saying makes complete sense to me. I think the
Kernel level of Linux is the wrong place to make a political
stand like that. What has made Linux successful, and what will
make it ultimately *the* OS is it's an
Evolvable System
The fact that people can use Linux for whatever they need to is
what makes it such a compelling system. The fact that you can
tinker with it, change the source, in short make it work for you
is what makes Linux successful.
He also makes a good point, there is a difference between
allowing DRM and forcing everyone that uses the OS to use DRM
(as M$ want). There are some times when DRM is very legitimate
(Goverment Top Secret Docs, Litigation Confidential information
etc), and there are the times when I consider it to be
un-ethical (most other situations I can think of).
I have to say way to go Linus. Keep the system evolvable.
Ultimately isn't it a catch 22 anyway? If he prohibits DRM,
isn't that sort of like saying "this is my software and you
can't do XX with it".
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
Slashdotters are very confused. What to hate? Who to love?
sin(6cos(r)+5A)
Technology, encryption, reverse engineering, mp3's, drm, sniffers.. they arne't inherently evil. It's the usage and if they go against your morals, ethics and general desires, if they are good or not.
Laws which put their use at all, as forbidden or not, is what should not be put into law. It's how they are used.
-
ping -f 255.255.255.255 # if only
"There, I've said it. I'm out of the closet. So bring it on... " -- Linus Torvalds
Things are so much more interesting out of context...
Linus Not God, Says God
In a shocking announcement cast down from the Heavens today, it was announced that Linus Torvalds was not, in fact, God.
Anthony Macewell was chosen to receive this information, as he worked on his PC:
"It was kinda freaky", Anthony said, "Linux booted, and just when I was expecting it to fsck everything, my computer burst into flames and I was surrounded by a host of angels. I don't remember that ever being a feature of Red Hat."
The angels, their appearance accompanied by a flawless four-part harmony, left Anthony a delicate manuscript, explaining that he should make sure that it was delivered to the Linux community.
The manuscript reads:
"For the attention of the Linux Community: Linus Torvalds is not God. God is currently very busy in creating various new planets and overseeing the forthcoming apocalypse on Earth. He has not had the time to develop any mortal Operating Systems, and is not likely to do so in the near future. He will continue only to endorse white robes and comfortable sandals."
The reaction from the Linux community has been varied. The slashdot.org community has reacted by having a circular discussion, with any idea other than "Linus is God, and Linux is the best thing ever for anything", being slammed down by angry, frothing, Linux advocates. A crusade to burn all the non-Linus believing heretics has been launched, in the form of a new website with a flashy domain name, which will predictably close within two weeks due to a lack of interest.
A spokesperson for Microsoft commented, "Well, we never believed that Linus existed anyway. It takes more than a couple of sightings near burning bushes to convince us, you know. We'll continue to worship Windows as we always have done. Lots of people have faith in Windows, no matter how much it lets them down, so it must be right."
Why do I h8 apple?
Once again Linus leaves it up to the one thing that makes linux beautiful: Choice.
Are you secure enough in your masculinity to run 'man touch'?
I'm an "Oppenheimer", and I refuse to play politics with Linux
Is that "Oppenheimer" as in the head of the most politically motivated science program of all time?
"If you think education is expensive, try ignorance" - Derek Bok
Seems reasonable to me though. You don't have to compile it in to the kernel you use if you don't want it. He's just offering a choice. For this one, I will accept that he is in fact remaining neutral politically.
It's Linus' optimism. See, RMS insists that if you don't tell people what they can't do with software, that they'll do the worst. Linus assumes that people will do whatever they feel like, and the more they can do, the better, because you can't easily stop a movement. You can stop a man.
Go Linus. I'm not a DRM fan, but I am a fan of you ideology.
This was all a practical joke..!!
..and he said... "Watch them all support DRM now!..and he snickered again.."
It was Bill Gates snickering with a Linus puppet on his hand!
I said "Hey Bill! Whatchya doin'?"
I think it's interesting that it takes the "leader" of the OSS movement to put the brakes on some overboard reactions by slashdotters and many others. Too often we relate some issue as being a Microsoft invention and thus evil when all along it's been incorporated in a different form in our favourite OS. Perhaps we can learn a lesson about this and start applying it to other organisations (RIAA, MPAA, etc.)?
This is my digital signature. 10011011001
This is exactly why I like Linus. Unlike certain nutjobs, he's rational enought to know that one should always use the right tool for the job.
When ideals get in the way of actually achieving your goals they are doing more harm than good for the cause.
That comment made me wonder if RMS actually holds a grudge against Linus for not conforming to his standards of "purity".
The owls are not what they seem
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private keys in the binary
Can someone explain what's he talking about here ?
AFAIK, You sign someting with your private key and ppl. can use your public key to verify the integrety of the message.
Also if you want encryption, then u encrypt with the receivers public key so that only he can decrypt it with his private key
No where in this process is the private key required to be disclosed.
So what am i missing here ? or is he talking of some totally different keys ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
There is nothing horrible about the idea of DRM, its mearly what people are going to do with it. And before any blows my head, just remeber this is that same argument put forth to defend openbsd only yesterday( was it yesterday, I'm loosing track of time at the moment.)
I like that I can trust software to be what it says it is, I think its a step in the right direction to protecting againt trojans etc..
I dont want to be forced to do it though for every little thing that somebody thinks I need permission to run. If certain DRM can be applied to the linux kernal that make computing safer (and by that I mean actually safer, not MS safer or somebody else thinking their making me safer by imposing rules on me), then go right ahead.
Just make sure I can remove it should I wish.
"Enlightenment is your ego's biggest disappointment." --Yoginanda
It's hard to argue with that logic, especially when you step back and take a look at why Linux was so wildly successful over the past three years.
My favorite kind of story: it may not be true, but it should be.
Lacking <sarcasm> tags,
Maybe not now, but later.
Look, you put out a set-top media box running embedded Linux. Assuming it is the multimedia grail (online video/audio playback & capture) it will do more than GPL/opensource codecs. It will NEED to handle WMAs and other proprietary formats that may include a time-locked DRM.
Do I like blanket DRM? No, I want to be able to make backups of my DVDs, CDs, and other purchased materials.
What I don't have a problem with is a box that will D/L the movie I want to watch and store it for a max of 48 hours in a "digital Blockbuster" scenario. And that will eventually happen as digital cable set-top boxes will include hard drives for local caching and they will require DRM on that hardware.
Same thing goes for more and more Point of Sale stations. Signed binary data will be more and more necessary. I'm waiting for the day software compares my signature with the one stored on the credit card's chip. And I'm all for it.
I'll be honest; I want them to be able to choose linux. The other option is that everything becomes Windows. Do you really want every credit card terminal, ATM and terminal to be Windows because it is the only thing that supports DRM?
I've been on slashdot so long I'm starting to get out of touch with the cool stuff if it ain't on slashdot.
No-one commenting so far seems to have a clue what this is all about, so here goes.
Imagine someone builds hardware that will only run binaries signed by the manufacturer (current example: X-box, future examples: who knows)
Now imagine someone makes a version of Linux with functionality limited in some way -- think DRM, and gets that version signed by the hardware manufacturer so that it will run on the controlled hardware.
Now, as a user of that version of Linux, you have all your GPL rights to obtain, modify, and redistribute the source. But, since only the exact original signed binary will actually run on the hardware, those rights are (arguably) worthless.
Linus is saying that this is permissible, or at least that it is not his job to try to prevent it.
Now at least the flames can be on-topic...
A witty saying proves nothing.
Schrodinger's cat is either dead or really pissed off...
You don't want morals? You don't want politics?
Don't use the GPL
Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto.
And, apparantly, Linus's refusal to go off the deep end on zealotry means that he's "wimped out". Got it.
It must be nice to view the world in black and white... so easy, so simple... so naive and foolish.
Linus is making the right call here... there are valid reasons for DRM-like policies. There are lots of invalid ones too. But if you want it to be free, then it needs to be free. Trying to contort the GPL or other free license to fit your world view is bullshit, and it undermines the entire point of the license.
That just makes me want to click it more!
> On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.
Perhaps what the world needs is more engineers and artists, and less flaming zealots. I think Linus has been, and still is, getting it just right. In fact, I think his statements above and the way he views this issue is 100% in the spirit of the GPL. The code is supposed to be free, remember? This includes free to be used in unspeakable ways, so long as the source is always included and freely redistributable. You can't claim freedom for only the ideals you like, that's tyranny.
Then again, IANAL.
And remember kids: Never trust a computer you can actually lift.
Is this some kind of new precedent?
"Don't click through, it's reproduced below"
Apparently the Slashdot editors have changed their position on caching pages to prevent overload (the "Slashdot effect")
Will this be a permanent change, I wonder? And how did Michael get around those pesky US copyright laws? Did he actually wait for Linus's permission before duplicating his email?
If the checksum doesn't match, the binary changed, and the app won't run. Seems pretty sane.
Also, windows XP comes with "Driver Signing" which is basically an extortion bid to squeeze money from hardware suppliers (and perhaps to divert some of their cash from development of drivers for other OSes). Though fundamentally, it is not a bad idea to have some sort of check that the driver you just downloaded is in fact "blessed" by the manufacturer, if only for warranty purposes.
Checking checksums or signatures even does NOT equal DRM. As Linus said, this is something you can choose to use. Root gets a say in it (though in corporate environments it might still suck if you're not root).
DRM is not meant to be optional, it is meant to enforce license conditions ('rights'). Not security. Not integrity. Not trust. Making the possible impossible based not on security or convenience, but on a shrink-wrap license.
Checksums GOOD.
Signatures GOOD.
Digital Rights Management BAD.
It's NOT the same thing, folks.
SCO employee? Check out the bounty
While Linus dosen't want to take a political stand on the issue (completly understandable, he's mearly protecting the sole reason for the existence of OSS) I think the GPL will clearly protect itself.
If you are required to publish the source of your work, even if you use DRM with linux, the source of that DRM must be released, which kinda cancels it out dosen't it? Making it pointless.
I'm not 100% sure on this, but putting DRM on anything GPL'd is a waste of time, cuz a DRM is only good if it's closed source.
Posting useless rant since 2003.
What you're missing is the point.
Say I have a machine that has uber-top-secret data or whatever on it. I want to make sure that all the code that runs on it comes from "trusted" source. (I do this because I know the code may have mistakes or exploits in it, and this doesn't protect me from that, but it makes it less likely that I run code with trojans in it if I at least have proof of where it comes from.)
So, my machine has a cryptographic check in its firmware: instead of taking a kernel image and just booting it, it takes the kernel image and an accompanying signature tacked to the end of it and checks the signature against Linus' public key. If it matches, it boots. If not, it provides some sort of warning (flashing alerts on screen, sirens, whatever).
Linus, in his message, is saying that it's perfectly okay for me to do all of that. Not in so many words, but that's a valid example of "rights" management by digital signature, which he's saying the GPL can't prevent you from doing.
Remember, DRM is not just "digital copyright protection" as so many people on Slashdot seem to enjoy thinking.
In Soviet Russia, the point misses YOU!
Nowhere in this message does Linus even begin to talk about RIAA-driven media protection schemes. Why are you even bringing it up in this post? "Digital copyright protection" IS NOT the be-all and end-all of DRM.
Try reading the message again. Linus brings up the exact same point you did: "hiding" a private key in GPLed source is obviously not okay because it exposes the private key. And how does "wrapping it up in a shared lib" "violate everything OSS stands for"? Or are you conveniently overlooking the entire point behind the LGPL? Nevermind that shared libs don't even make sense at the kernel level.
Linus' message has nothing to do with Winputers or the RIAA or forcing you to run/not run whatever because some guy in a suit in Hollywood doesn't trust you with things that aren't his anyway. There's nothing to see here. Move along.
- Microsoft takes code, generates a secure hash, and encrypts that hash using it's private key, generating a digital signature.
- The digital signature is embedded in the work.
- When the work is loaded by the X-Box, it decrypts the digital signature using MS's public key. Then, it generates its own hash and compares it to the one it got by decrypting the signature. If they are the same, the code is legit, otherwise, abort!
So, you see, there is no private information embedded in the X-Box. It's all public keys.OK, I agree with what Linus is saying here - he is just a codehead and is not going to tell you what you can or can not put in your build. Cool, but we are still just talking about the technology.
The problem today is not the technology -- "IT IS THE LAW, STUPID!"
If Microsoft puts some crazy stupid DRM in the next version of Windows, it might be the final straw to get something else to the desktop (be it Mac OS X, FreeBSD, Linux, or something else). As long as people have the freedom of choice, M$ can only go so far before they loose the customer base.
The problem is the DCMA and the baby-DCMAs popping up at the state level. If the government makes DRM *MANDATORY*, you loose your choice. I can very easily see the RIAA and MPAA requiring that all OS's require DRM in the very near future. Think about it.
Ah, but do they really? I don't think there's anything in the GPL stipulating that an end user cannot modify a compiled binary. Why couldn't you just put a big static array of zeros in the code, and supply a secondary (closed source) program which overwrites those zeros with an actual key? You couldn't distribute pre-keyed binaries (since they wouldn't correspond to the source) but you can allow the end user to run a quick command to insert the keys into the binary him/herself.
You'd just make it a part of the installation process, like installing the boot loader. 1) Install kernel 2) Twiddle some bits in kernel 3) Install bootloader.
It seems like there would be no GPL violation since the binary you distributed was directly compiled from the source you distributed; the user just happened to run a command which overwrote a portion of that binary.
Imagine the following:
1) Someone makes a BIOS that will only boot a signed kernel, where the person with the BIOS password gets to pick which signatures are valid.
2) My company buys a bunch of workstations with this BIOS.
3) Our IT guys build a kernel that's tweaked for our company. They sign the kernel, and set the BIOS to only boot kernels with their signature.
This is wonderful. It means folks can deploy Linux within an organization without having to worry about umpteen zillion different kernels being installed by the workers. It means you can deploy at a university in such a way that students can't make their own boot floppies to get by the access controls on your public machines. It's a Good Thing.
Now, imagine this:
4) A set-top box designer uses this BIOS.
5) They set the BIOS to only boot kernels with their own signature, and don't give the BIOS password to people who buy the set-top boxes.
6) They refuse to sign any kernels that anyone else makes, and refuse to sign any kernels with dynamic module loading turned on.
This, I think, actually violates the GPL. They're distributing a Linux binary, and they're not giving you any way at all to modify it. You can't tweak the kernel you run on your own hardware that you bought with your own money. I think this would only comply with the GPL if you could boot your own signed kernels that the system would use. The fixed signature ends up being an important part of the running binary, and you're not given the "source code" you need to compile that part of the binary.
So, I think some uses of signature do not fall outside the scope of the GPL.
...how DRM ever actually *CAN* be integrated into Linux in a useful and reliable way. Any kind of code-signing / authentication mechanism will ultimately depend on a signed kernel, and since you have the kernel source you can do whatever you like with it, including spoofing the "Yes, we're running DRM" responses. Even if it comes down to a hardware chip, the kernel will still be perfectly capable of intercepting calls to this chip and spoofing a "Yes, we're running DRM" reply. If the DRM-protected content is dependant upon mechanisms implemented on the client in order to restrict usage, then having total, source-level control over those mechanisms completely negates the security they provide.
Maybe I've missed something here, but client-side security never works in the end. And in the case of DRM-on-linux, I don't see how it can even get off the ground....
Well, there's a big difference between allowing people to digitally sign binary builds of the kernel, and actually supporting DRM directly.
Personally, it seems almost irrational to want to keep people from signing copies of the kernel. It's almost a free speech issue, people should be able to sign whatever the hell they want.
I think the real issue is restrictions people place on others, the TCPA/Pallidum DRM systems of which code signing is only a small part. I think I would hate to see Pallidum style 'locks' on the runtime environment in the 'official' version of the Linux kernel. If that does happen, I'm sure it will fork like mad, though.
I guess what Linus is saying is that if some companies want to make locked up, DRM'd systems using the Linux kernel, it's OK with him.
autopr0n is like, down and stuff.
It will start innocently enough with one of the major PC manufacturers coming out with an extremely inexpensive PC. This PC will be bear three things. The first will be that this PC will have superior performance to any machine currently available. The second will be that it will have a DRM enable operating system that is much better than its predecessor (both performance and stability). The final item will be that the hardware will be DRM enabled and will be more advanced than anything currently available.
The hordes will eat this machine up and it will become the most popular system out there. They will love it and see nothing wrong with it. It will run just like their old machine only faster and more stable. It will run their old software and new DRM enable software transparently. The difference is that the DRM software will be copy protected and the users will be almost guaranteed to pay for it. The majority of people will not notice since most people pay for their software anyway. The hordes will drive the market to a DRM enabled system, the ultimate lock-in.
On the other side of the fence, the 'free alternatives' will be not be able to get the new hardware to work with their 'Free alternative'. They will boycott the manufacturers, but their boycott will not change things. They will not see the market for non-DRM enabled hardware and will, most likely, be locked into DRM for fear of being excluded from the much larger DRM market. Eventually, the 'free alternative' will only work on older hardware with older software. The 'free alternative' will not be able to run the latest and greatest DRM enabled software or media.
The free alternative will eventually die off due to the fact that it can't run the latest and greatest hardware and software.
It's coming to a neighborhood near you...sooner than you think.
-"The early bird catches the worm, but the late bird sleeps the most"
DRM is like the discussion on gun control. (Guns don't kill people, people kill people.) And putting a nice fat elk on the dinner table is always a good thing for us meat eaters. DRM is the same way -- Linus is talking (in my opinion) about a useful purpose for something (that in the wrong hands) can cause a lot of damage.
(+1 Funny) only if I laugh out loud.
... if one of the leaders of OS community admits to be Oppenheimer should Bill Gates admit being a Cllosedheimer.
If enithin kan gow rong it whil. (Murfey)
Let's say I want to operate karlandtanya's streaming radion station. You can play music but you can't copy it. I believe this is possible becasue I don't believe in the existence of analog recorders. Hardware is cheap, but commercial OSs are not. So I choose to use GNU/Linux for the OS.
I want to prevent you from copying the digital stream I send you. How do control functionality and still respect the fact that you have the right to hack GPL software?
I sell a subscription to my service. I give you the OS and software. The box (and its Fritz chip) remain mine, but you are allowed to use it as long as you are a subscriber. I threaten to sue you if I find out you've changed my hardware in any way.
The OS I give you is "karlandtanya's Orwellian GNU/Linux". The distro comes with a binary kernel that I've signed. I also give you sources for everything, including a key-response program (which is compiled into the kernel) and (just to show I'm sincere) the source for the server side of the system. But I don't give you my secret key.
You immediately untar the sources, recompile the kernel and install. You don't make any changes to the source or any configuration.
You boot the box I loaned you. The Fritz chip won't let it boot. My hardware can only be used to do what I want it to you. "That's fair.", you say. "I paid for the subscription, not the box."
Because you are very clever, you have another very similar box, but without the Fritz chip. You build and install all the packages in karlandtanya's Orwellian GNU/Linux on your hardware and boot it up.
Next, you log onto my site. The site initiates a secure handshake with the key-response program built into your kernel. But when you built your kernel, you did not use my secret key. So the binaries cannot verify against my server. The site denies you access.
Now comes the interesting part:
Now, you and 10,000 of your friends take me to court for GPL violation.
Plaintiff: "Since I cannot compile a working binary from the source you sent me, you did not release the source code. You are in violation of GPL. You must release the source, replace the OS with a non-GPL OS, or refund our money."
Defendant: "Yes, I did release the source code. And it works. I just didn't give you my secret key."
Plaintiff: "No, you did not release the source. Since I cannot build exactly the same binary that you sent me, part of the source must be missing."
Defendant: "Yes, I did release the source. The binaries you generated function exactly the same as the ones I gave you. Part of their function is to verify that they were created using the same secret key as the server they are trying to connect to."
Judge:...
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
Just taking the other side to promote discussion.
Linus' pet operating system would not even exist, and have a strong ethical footing supporting the "goodness" of that existance, were it not for RMS' philosophical views. While this does not represent a "debt", per se., decent people generally respond to kindness (yes, the GPL is an act of kindness), by reciprocating.
Uh...Linus does. Stallman and Co. handed him lots of code to use. In return, he did the same, and now "GNU/Linux" has the best kernel around.
OTOH, I don't think that Stallman should be trying to push his ideology on Linus any more than Linus should be trying to do so to Stallman. The difference is that Stallman tries to do exactly that with Linus, and Linus doesn't do so to Stallman.
May we never see th
Digital rights management is just that -- digital rights management. It is designed to prevent me from making fair use of MY software, music, DVDs, whatever.
I think what Linus is talking about is an entirely different applications of essentially the same technology. He's talking about signing as being a good thing, so that we -- the users -- can verify, for example, that the latest kernel release was actually released by Linus, and not some poser. This is good and fine. If we want to be able to verify such things, we simply install the appropriate verifying software, with internalized or modularized support in the kernel; alternatively, we can add/remove that verifying feature from the source.
In other words, *we* have the option to have these things, which would allow us to verify that the latest kernel release was actually signed by Linus (doesn't GPG do this?)
However, DRM and digital signing can never work in a GPL'ed system unless the person controlling the computer wants them. You're welcome to put a DRM-scheme in any GPL'ed (say) CD-player, referring to an external closed key. I, however, if I don't like that, can remove that from the source, thus have the program not even request such a key. Likewise with signing. This does not mean that DRM and signing are useless on GNU/Linux. It just means that they can't* be imposed against the administrator's will. The administrator of the computer can still use them -- if (s)he wants -- to verify that updates are signed by individual's they trust. And they can still use them to ensure that ordinary users on those machines (if said machines are corporate) can't use them to violate copyright laws, which would create liability for the corporation. However, the administrator can also choose *not* to use them.
I also don't see how RMS is the counter-point in this case. RMS has had ample opportunities to include anti-commercial, antiÐadvertising, and patent-fighting terms into the GPL. He has refused. I e-mailed him asking about the Open Software License, which has a clause in it that would terminate the right of anyone to use that software if they brought a patent lawsuite against any other under an OSI-approved license with the same clause in it. I suggested he put such into the GPL to ward off patent lawsuites. He refused, stating that there was already something in the GPL preventing stealth patents from infecting GPL'ed programs.
I don't think it's enough, but his worry is that such a clause would make the GPL a EULA, regulating the user's actual *use* of the software. I also don't see anywhere where RMS or anyone else in the FSF has said that the GPL bans DRM and signing, nor that it should be modified to do so. As it happens, I think that such a clause should be included in the GPL, because patents are a major problem for ALL software developers. If developers had to do exhaustive patent searches before writing code, nothing would EVER be produced. I think, however, that anyone who wants such a clause can simply add it to the GPL in their own modified version of it.
* The worrysome case, however, is with things like requiring DRM by law, or by hardware code. There are nazi ideas floating around to make it legally required for all software to use DRM. This may not directly affect any FS/OSS projects, as they can simply move abroad. However, one should not understimate the power of multinational corporations to get the WTO to penalize nations that don't agree to the US' draconian IP laws. Furthermore, hardware initiatives like Palladium would prevent GNU/Linux from running on hardware at all.
social sciences can never use experience to verify their statemen
What the media content providers want to ensure is that you, the human being, can hear/see the content, without there being a way for you to actually copy it to allow others to hear/see that content, or even for you to hear/see it at some later time frame or more than a specified (e.g. paid for) number of times. Whether we agree with their right to do that or not, that is a general description of their goal (or at least for many of them).
No protection will be perfect, of course. If you can hear it, you can record it from a microphone. If you can see it, you can record it from a camera. But as we know from past articles on Slashdot and elsewhere, even these techniques of copying are targets of efforts to prevent recordability. If you succeed at such recording, perhaps at least these methods will have forced a degradation of quality in that recording (e.g. while working to strip out any watermarking, you also damage the quality).
What the content providers particularly loath, however, is the ability to have direct access to the content digitally. If you have that, you can copy that as is, and play it back at a different time or place or in front of a different audience or multiple times. The primary means of preventing this is encryption. But at some point it has to be decrypted. At that point you then find the content in the clear. One aspect of DRM is to deploy a "sealed box" wherein the decryption can take place, yet the user cannot get access to the clear content. Windows can potentially do this due to its closed and proprietary nature. It won't be perfect, but most people will not have any idea how to bypass DRM. There is the potential to distribute software to do it that anyone can use, but certainly we can expect DRM in cooperation with Windows itself to make it hard for unsigned (by Microsoft) software to have access at the level needed to get at the clear content. For example, Windows with DRM will probably refuse to allow you to install your own sound card driver since that is one place where the clear content will be going through.
Linux could certainly have DRM code integrated into it. But because it is open source, and you can build your own kernel, this is a much harder black box to implement. From the point of view of content providers, Linux is a hazardous environment (so is BSD).
Linux supports loading modules which might be available only in object form. There are such modules already available commercially, such as for certain video cards. Some of us love them (because the cards are awesome) or hate them (because the modules are buggy, perhaps with new kernel versions, and cause crashes that would otherwise not be the norm in Linux). But when it comes right down to it, we can add new code to the kernel to work around all the interfaces the module is using. For a device driver, the hard aspect will be seeing what it actually does with the device at the register level. But a DRM black box would be something quite different, since it would need to be able to use existing sound card or video/TV card drivers. That opens the potential to wedge a tap in between DRM and the drivers (or even replace the driver with your own), which Linux would allow and Windows would not so easily. And don't think the media content providers don't know this (they have been getting a lot of hard technical lessons the past few years).
But it can still be possible to have DRM with Linux. One approach is to put the DRM directly in the device driver. That would help, but wouldn't be perfect since other code can be present in the kernel to get cozy with what the DRM is doing. The big problem is getting all the device manufacturers to make a Linux driver.
Perhaps the best (from a practical perspective, were the content providers ever to realize this) way is to put DRM directly in the hardware. That's about as sealed up as you can get. I'll explain how this can work in terms of music in an encrypted MP3 format, but you can extrapolate it in terms of other media or
now we need to go OSS in diesel cars
This whole "debate" is like saying you can't sell hammers because we think someone will use them as a deadly weapon. BIOS support for signed boot images would be a good, useful thing - don't confuse this "hammer" with the malicious intent with which it may be used.
Imagine being able to tell your bios not to load a kernel (actually, boot loader is probably more accurate), unless it was signed by you. Then you've just guaranteed that even after a system break-in, you can at least start from a known clean kernel.
Doing this in hardware, designed so that there is no way for the running OS to overwrite the BIOS' copy of the key, is the only way to make it safe.
And, yes, I would personally USE it. I would LOVE to be able to tell the bios not to load a version of grub I didn't install, and I'd love to then also be able to tell grub not to load a kernel that was modified without my knowledge. While we're at it, I'd like to be able to extend that to all of my kernel modules, and from there even to certain key system binaries used during run-time.
In other words, allowing the bios to offer security checking really DOES allow for the possibility of ENDING the requirement that you wipe and re-install an OS (or even an application) after a successful break-in. It provides a very much needed "guaranteed safe starting point" for building additional security.
Should bios makers embed a microsoft key in every bios - absolutely not. Should bios makers provide a straight-forward way of letting system owners install their own keys? YES, PLEASE, YES!!!
So what APIs should the bios offer to the OS? Certainly nothing that allows the key to be read or overwritten, but it would be nice if it would provide a "check and approve or reject" API so running applications could determine whether other files are clean before loading them. As long as this all starts from a single trusted source (system reboot checks boot loader, which checks everything it loads (including the files used to make future checks)), this is THE CURE for lots of current security problems.
[a signature hash] is a qualitative statement made about the work in question, but the statement is its own creative work.
This is completely untrue. A signature hash is a quantitative statement about the work. That's the entire point of a hash. There can be a thousand english-language reviews of a movie, all of which will be different. There is only one possible hash of a kernel in any given hashing language/algorithm. There is no room for "creativity" in the computation of a signature hash.
However, I doubt that a copyright infringement case would get very far. Consider the criteria for fair use:
Criteria 1: What is the purpose and character of the use?
The purpose of a hash is completely different from the purpose of a kernel. The hash also has completely different characteristics than the kernel. Both favor fair use.
Criteria 2: What is the nature of the work?
The nature of a hash is a single factual, mechanical observation about a published work, favoring fair use.
Criteria 3: What is the amount and quality of the work being use?
The amount of the work included in the hash is a vanishingly small amount of the original work. Less then 100 bytes derived from a several megabyte program. It is impossible to reconstruct a kernel from a kernel hash. Both observations favor fair use.
Criteria 4: What effect does the use have on the market for the original work?
None, thus strongly favoring fair use.
Can you name one person who is actually on record arguing that open source software should not be permitted to exist?
....
....
....
They are not on record. And I won't actually name one of my co-workers. But Yes.
There are others who have been far more public however. There was one Jim Allchin a couple years ago. He didn't come right out and say it, but he dances around it and implies it quite well.
From a cnet article here.
Microsoft Corp.'s Windows operating-system chief, Jim Allchin, says that freely distributed software code such as rival Linux could stifle innovation and that legislators need to understand the threat.
That, as well as programs such as music-sharing software from Napster Inc., means the world's largest software maker has to do a better job of talking to policymakers, he said.
''Open source is an intellectual-property destroyer,'' Allchin said. ''I can't imagine something that could be worse than this for the software business and the intellectual-property business.''
''I'm an American, I believe in the American Way,'' he said. ''I worry if the government encourages open source, and I don't think we've done enough education of policy makers to understand the threat.''
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
RMS is a superb engineer too. And if he used that as the centerpiece of his work, he would have a level of respect far beyond what he has today. He is to the GCC what Linus is to Linux.
The problem is I think that Linus sees himself as a software engineer while Stallman wants to engineer a society (not to be confused with the security term of social engineering). I think that Stallman sees himself more as a role model and teacher while Linus sees the centerpiece of his work being the software he helps to build.
I agree-- RMS is the one picking the GNU/Linux debate for *stupid* reasons. And that detracts from the images of his real software accomplishes.
LedgerSMB: Open source Accounting/ERP
Yes, you can make hardware that will only run signed binaries, and thus close that hardware to tinkering. Infact, making such hardware has already been attempted, it's called a console.
m plain_and_stop();
In essence, the bootloader of such hardware does the equivalent of:
if (valid_signature(kernel))
boot(kernel)
else
co
This is nasty, if you are running on such hardware, than the ability to change the kernel in any way you like brings you nothing: if you change anything, even something completely trivial, the signature will no longer be valid, and your new changed kernel will not boot.
Linus is rigth though, this is clearly allowed under the GPL. And furthermore, it very likely CANNOT be forbidden even if we would want to.
A Signature is (or atleast it can be) a separate document saying the equivalent of: "I, Bill Gates, testify to the fact that the kernel with sha1sum=b7a7bf03dcafd4d48001d6a2a6fd2ceaefa4cc1e is trustworthy and can be booted. signed(bill_g)"
There is no way for the GPL, or any other legal document to forbid the above document from existing. The signature above is clearly not a derived work of the kernel, but rather a commentary upon it. (namely a commentary on the trustworthiness) The only info derived from the kernel is the sha1sum, but the only function of this is to make it clear which kernel you are talking about. (much like mentioning the ISBN-number of a book you are reviewing)
Furthermore, there is also no way you would be able to forbid hardware from acting on the existence (or absence) of such a signature. Afterall there is no law saying that "hardware *must* boot all code."
Now, what *would* be nasty would be new laws *requiring* hardware to implement signature-checking. Such laws would essentially make it forbidden to make user-modifiable computers. The way the US is moving at the moment, I would not be too surprised if such a law is introduced and passed in the next few years.