Slashdot Mirror
Torvalds Explains Dislike For GPLv3
Joe Barr writes "Linus Torvalds explains in three recent posts why he doesn't care for the DRM restrictions in GPLv3, and he has never been one to hold back. From his commentary: 'I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.' NewsForge has the complete text of all three posts available." We discussed his initial reaction to GPL3 at the end of last month. NewsForge is a sister site to Slashdot.
Torvalds sees openness as a tool, not as an end.
The real question is, should software developers impose their value system on end users or hardware manufacturers?
Given that developers and other intelligent people disagree as to what the right value system for software should be, my answer would be "no".
Toronto-area transit rider? Rate your ride.
By "we" is he referring to kernel developers? Because we all know RMS is a crusader trying to press his beliefs onto others. I think the creators of the GPL are trying to be much more influencial than Linus ever was. Linus mostly wants a great OS and community of developers. RMS wants complete reform (or removal) of IP laws. Different goals will get different reactions, and here's where they start to clash.
Developers: We can use your help.
He hit the nail on the head (can I think of any more cliches?) with that one. The point of opening the source should be to cooperate, not force people to do it your way. Version 2 of the GPL only forces people to not abuse your kindness. If we try to use our licenses to force our beliefs on others, where exactly does it end? With all the backlash in this country towards the religious right trying to legislate their own morality onto everyone else, you'd think the extremely liberal like Stallman would learn a lesson from that and NOT try to force his own sense of right and wrong onto everyone.
No, you're wrong.
DRM can be a mechanism for protecting legitimate rights that copyrightholders have. I'm sorry, but in order for the market to work and content to move into the digital age and away from physical media, there has to be DRM. Now, there should be provisions for expiration of DRM concurrent with copyright and whatnot, but there is nothing wrong with reasonable use of DRM for protecting intellectual property in a manner consistent with appropriate precedents and law.
Linus is taking a stand against the moral crusaders who don't seem to get that we don't live in academia. Good for him.
We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.
Well this shows what happens when people worship differently.
Linus worships a benevolent God, looking out for the best in a cooperative humankind.
The DRM people worship only one God, the Almighty Dollar.
He who knows best knows how little he knows. - Thomas Jefferson
Given the prevailing attitudes towards hardware vendors from a driver development perspective...
Don't put words in his mouth. Linus has never been the crusader that RMS is, and as he says in the article, doesn't want to be either. He claims that he doesn't feel like using software licensing and copyright as a weapon to fight political battles. I don't blame him, either. He seems to have meant precisely what he said. Since Linus isn't much prone to doublespeak or pulling punches, I'm tempted to believe him.
GPL3 is a tipping point for the FSF. If they go that route, they will lose all corporate support, which they think they don't need but in fact very much do. GPL3 goes way too far. So if they want to marginalize themselves...go right ahead.
Linus' philosophy doesn't bridge the gap between us vs them (coders vs hardware engineers), but it does help content owners deal with their own cesspool of problems.
I applaud his choice; it's not quite an RMS sort of view, but close: let the idiots deal with their issues. We'll let the software do its job.
Fairly simple, eh?
---- Teach Peace. It's Cheaper Than War.
Translation: "I'm a dumbfuck who puts words in peoples mouths."
td
hard core geek-ware
Money wins much of the time. I don't see this as an issue of forcing anything, but merely ensuring that the playing field remain somewhat hospitable to open source development. I think Linus' view might be appropriate for the process of development, but I think RMS is focused more on the environment in which that development takes place. In effect, Linus is asking that we place a great deal of trust in the commercial sector, trust which I'm tempted to think is entirely misplaced. There have undoubtedly been some shining stars, but these are the exception, not the rule. In essence, open source needs to protect itself against those who insist on playing in a more non-cooperative environment simply because it offers them greater advantage.
... RMS could always go looking for another kernel for his crusade.
Bravo Linus, for showing us that one need not have a GPL tatoo to enjoy the benefits of Linux.
I think that Linus is probably wrong there, if you have restrictions such as the one he suggests they would interfere with the types of creative commons use we assume today.
But trusted hardware is not very much good for copyright protection DRM in any case. That is break once run anywhere, just the same as the CSS scheme in DVDs
The real value of DRM is in implementing operating system features like 'check this machine does not have a trojan' or controlling circulation of private documents.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Because the BSD license is more like public domain.
Once you release something with BSD, anyone is allowed to utilise and build your openly created code into a closed proprietary product.
The GPL is a lets all get together and make it better license. It allows you to stand upon the shoulders of those before you and create a better system whilst keeping that openness for the next generation.
liqbase
People seem to forget that, simply because GPL3 is coming out does not mean that GPL2 is going away. GPL2 is permanent! GPL2 Lasts forever. Sure developers can choose to use GPL3 if they want but, the fact that they used GPL2 does not require them to use GPL3.
Linus doesn't like GPL3 in its present state, for good reason. He has stated that he will, for now, stick with GPL2. What's the issue? GPL2 has been good enough for Linux for the past ten years, there's no reason it should have to move to GPL3.
Just a quick question. Does this mean that device manufacturers that make (I don't know) routers using linux kernel could DRM their routers so that you can't hack them anymore? There seems to be a community out there that likes to rebuild the software on these devices to make them better. With DRM these coders would be out of luck?
I don't see that as a positive step.
Push the button Max!!!!
The question is not why you should migrate to GNU GPL v3, but why not?
In order for the market to work and content to move into the digital age and away from physical media, there has to be DRM.
I agree with you completely. I do not understand people that are totally anti-Rights-management. The problem is the way companies are using the DRM tool as a lot of them see it as a way to squeeze more profit from their customers.
But you have to see DRM with a broader view, it is about the management of rights in information, as the world continues to depend more on digital information there is an inherent *need* in controlling who can an who can not access that information. It is not only about music and movies. It is about documents and all other kind of digitally representable data.
The people that rant about the right management technology usually has no idea how to control information, I am totally against the way CORPOPRATIONS are using DRM technology (I was the first to compile a list of Sony Rootkit CD's when it started) but seriously, the technology is not bad, it is corporations abusing it to get more power.
Ubuntu is an African word meaning 'I can't configure Debian'
DRM is mostly used to create incompabilites to lock out competitors and not to protect intellectual properties. Look at FairPlay. Companies get sued to left and right for trying to be compatible with the iPod.
It has been pretty much proven that no fair DRM can be made. Not by a company anyway.
Now, there should be provisions for expiration of DRM concurrent with copyright and whatnot
Yeah, but there never will be. That's the problem of DRM.
DRM lets content producers legislate arbitrary terms. Copyright law becomes pretty much irrelevent, because the software dictates the terms, and DMCA gives those terms the force of law.
DRM completely eliminates the balance of Copyright law, because it gives content producers, who have an incentive to control every possible aspect of how their work is used, a blank check to do so.
"I'm sorry, but in order for the market to work and content to move into the digital age"
I'm sorry, but in order for the market to work, and chairs to move into the digital age, there has to be chairs rights management so nobody can copy a chair at home.
Oh, wait, that's not 'the market'. What you actually must have meant was 'for monopolists to allow humanity to move forward and reap the benefits from the digital age, they must retain the ability to enforce artificial scarcity in the interest of keeping revenues up in a situation where the laws of supply and demand would otherwise eradicate their ability to profit at their current levels of inefficiency'.
That's pretty much the opposite of 'the market'.
Look, GPL3 does not force ``our" morality (in whatever sense of ``our" is relevant) here on anyone; nobody is compelled to use the license OR to use software released under such a license. This is not exactly like sending a perv-squad to take down adult shops or sending Christian soldiers off on a crusade in the middle-east or sending young people to blow themselves up in crowded buildings. . . . Heck, it isn't even like that whack-job Jack Thompson.
(As an aside, there IS frequently plenty good reason to force our morality on those who don't agree. If the come walking into my town to commit genocide, I will impose my morality on them by either (i) appealing to their rationality or (ii) using force.)
"Every decent man is ashamed of the government he lives under." - H.L. Mencken
You are wrong.
DRM does not work. Ask PSP hackers (*)
Alice is the content creator.
Bob is the content consumer.
Eve is the eavesdropper.
Alice sends the encrypted content to Bob.
Bob has the key to decrypt the content, so he can see the plaintext.
Eve cannot see the plaintext -- but wait, Eve is just another split personality of Bob. So, yes, Eve has the key and can see the plaintext.
(*) Not crackers -- PSP hackers want to install software they themselves developed onto hardware they bought with their own money: if people will take advantage of their hacks to play copied games, it's a collateral. I, myself, want to make linux work on my playstation portable -- that I purchased with MY money. I didn't sign any contracts or NDAs with Sony. I just went to the store and I have the right to install whatever software I want in the fscking thing. If -- and only if -- I install "irregular" software/contents in MY hardware is the concern of the mentioned software/contents creator.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
One of the points he made which is very important is that digital signing of content is important for the way open source software works. If RedHat has to supply the keys used to sign Fedora Core 6 with the OS, the signature is completely useless. The anti-DRM provissions of GPL V3 would not only lead to less places you can use open source software, it would also make that software worse.
I also agree with the idea that, while DRM is evil, it's not software developers place to fight it and in fact there is no *need* to fight it. The proprietary vs open thing will soon be smack the content creators around just as badly as it is smacking the software creators around now. The more quality content that is available for free, the harder it will be for the content houses to insist that you not only pay for content, you also have crazy limits on what you can do with it.
There should be a fund and an organization dedicated to fostering tallent and helping them develop creating creative commons licenced works. I'd like to see all the National Endowment for the Arts money going to something like this for a few years. Better yet, I think there should be a tax on RIAA/MPAA producs used to fund it.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
Linus seems to walk in world all his own. Somehow he seems to think that we can vote with our dollars to force the hardware makers to cater for our non-drm needs. Right.
Has he got some other figures on linux use? It is already hard enough to get hardware makers to support linux besides closed source software like windows. But for hardware makers to develop non-drm hardware for just the linux market is insane. Linux is Linux because it runs on cheap easily available hardware. Specialist hardware or worse having to make you own would kill Linux fast.
What he maybe doesn't get that DRM isn't a analog state. It is binary. You either have it or you don't. Oh, and at the moment, we don't. We got a sorta DRM0.1 at the moment. FULL DRM will be a beast few can imagine. Certainly Linus doesn't seem capable. Stallman is capable.
FULL DRM means that ALL hardware and ALL software in your entire computer will be DRM aware. Hardware DRM will not work with NON-DRM software and/or NON-DRM hardware.
For DRM to realize its full potential EVERY piece of your computer must be DRMed. The motherboard, the CPU, the memory, the buses, the cables, the monitor, the speaker, etc etc. It cannot have a single open piece of hardware because the moment you have that the entire DRM chain becomes useless. It is the old argument against DRM that you will always still be capable of capturing the out put of any DRM device. As long as you can hear/see it you can recapture data no matter how it was protected before.
Que the old story of Vista requiring DRM monitors. if you don't then you could simply hookup a DVI cable to the output and put in a video capture device and instantly avoid any DRM measure.
Will Vista really do this? probably not, as I said before we don't have full DRM yet. We probably won't have it in Vista either. But it is coming unless we stop it now.
It is difficult to constantly be paranoid and think that behind every wintel move there must be an evil scheme but can we afford to be wrong?
Then there is Linus defence of DRM namely signing RPM packages. Well yeah, signing them makes it secure but what is that saying again? He who trades his freedom for security soon will have neither? Something like this.
We could have the security of knowing who wrote the software we run OR we can have the freedom to write and run our own software. Not both. Your choice.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I thought, when I first heard that Linux wouldn't support GPLv3, that he was simply throwing his teddies out the pram at something that was even written yet. No I hear his reasoning though it sounds like a very good call. GPLv3 sounds like it is loosing sight of what it really set out to achieve. OSS has reached a point where a lot of tech companies are seriously considering using it if not actually already using it. I can't help feeling that the power might have got to RMSs head a little. I'm not a big fan of Linus in particular but he does do a fairly good job of "keeping it real" something that people in powerful of infulental positions seem to lose sight of.
I used to have a better sig but it broke.
but in order for the market to work and content to move into the digital age and away from physical media, there has to be DRM
I have always had such a strong reaction against DRM that any future with DRM has always seemed distopian to me. I tend to think that eventually the entire concept will be discredited, because customers will choose with their dollars products that can be played on all their devices, and artist will choose to ally themselves their customers. It is just a matter of people seeing what the geeks already know; that there is power in not getting locked into a single system.
However, there are such strong interests fighting for DRM, that I also admit that it's possible that in the end, that the future will require some sort of DRM. But if I am to concede that possibility, it then becomes clear to me that new laws are needed, protecting the user's rights. If copyright holders are to be allowed to use a technical solution for protecting against unfair use, then they must be prevented from hindering fair use.
there should be provisions for expiration of DRM concurrent with copyright and whatnot, but there is nothing wrong with reasonable use of DRM for protecting intellectual property in a manner consistent with appropriate precedents and law.
I agree with this, but there is a lot of hand waving in that "and whatnot." Society has a lot of work to do hammering out exactly where the boundaries between fair and unfair are. It's not even clear to me that a fair technical solution is possible. How would software know your intentions when you copy that file? Are you just making a backup for your own use, or are you going to sell it?
It is commonly argued here that RMS and FSF are out-of-touch crusaders to be marginalized when considering how really to get software written. I disagree.
Torvald's kernel and the community that support it are quite remarkable, and I wish to take nothing away from them. However, they would not exist if not for gcc and a host of other tools that themselves would simply not exist were it not for Stallman. He was savvy enough to see the creation of these tools; part of this savvy manifested itself in the GPL which demands quid-quo-pro from users of free software.
Now you can imagine a world in which we all just gave away our efforts, and you can imagine a world in which this benevolency resulted in a societal revolution in which open-source (but not necessarily free) software thrived. I can never prove that such a world might not have evolved, but the world as it actually exists has been heavily shaped by Stallman's efforts.
Stallman is certainly not irrelevant in the history of software. I would hesitate to dismiss him as irrelevant to the future.
...I think Linus is the only Human in the OS leadership. He seems to have a remarkable amount of common sense. Too bad it isn't rubbing off on his compatriots...
Life is hard, and the world is cruel
Okay, call me dense, but I really fail to understand why he thinks the GPLv3 is forcing people to give out their private keys??
Perhaps I'm misunderstanding something, but I was under the impression that GPLv3 says that "source code must be made available, including any encryption keys required to get it". Doesn't this just mean that any encrypted information needed to get the system running need be provided? How does this imply that people need to give away the keys they used to SIGN the code? Authenticating the code has nothing to do with its availability.
I don't understand why Linus seems to be confusing digital signing with DRM.. (yes, DRM uses digital signing techniques for implementation, but that doesn't imply that digital signing IS a form of DRM... only that DRM is a form of digital signing..)
- confused.
Ping Wales have an interview with Alan Cox on the subject. I know of two people who have tried submitting this, but it's been rejected both times.
I am TheRaven on Soylent News
> The GPL... allows you to stand upon the shoulders...
It's always interesting to see people depate BSD vs GPL in theoretical terms, while completly ignoring how both actually work in the real world.
The most prominant BSD licensed products (Free, Open and Net ) all happily share between themselves, thus effectivly standing on each other's shoulders. What they don't do is waste time on stupid license discussions, or being worried about what someone else might do with their code.
The GPL world, otoh, spends it's efforts on discussions like this one... and I can't find a single instance of people standing on each other's shoulders.
(not that i think linus should switch licenses. afterall, it's his software. he can license it any way he likes.)
Sitting Walrus Blog
We need someone to figure out how to get around the chip fab barrier. None of us hobbiests can build a fab plant, so there is the possiblility that chip producers will get together one day and essentially destroy the ability of OS software to run on newer hardware. In this scenario, the elite, the privy to secret hardware handshakes could continue to modify and release code that no one else could modify because only they have the secret keys to the hardware.
This might require a larger conspiracy than some of us are comfortable with, but consider the track record of the US government over the past 6 years, and get comfortable with conspiracy.
One doesn't even require a tinfoil hat to imagine that this will happen and is happening in certain segments of the hardware market. Although porting to another platform is facillitated by having source, what happens when some of the key logic is hard coded inside proprietary hardware?
I just hope that hardware doesn't become the achilles heel of OSS.
I think Linus might change his tune if and when companies begin releasing de facto proprietary version of Linux on closed hardware platforms.
It's simple really. A hardware company, say Dell or Apple, build DRM systems that only allow binaries that are digitally signed to run on their systems. They then proceed to pilfer GPLv2 code, sign it to run on their system, and then never give out signatures to any FOSS people.
Dell sells a PCs, servers or Laptops running "Dell Signed Linux". Sure they give you the source, but they don't give you the keys. Linux becomes a closed OS on DRM platforms, with only the big companies able to turn the now useless source into working binaries. Cue the "Proprietary Linux" club, which will begin to look an awful lot like the Unix club.
May the Maths Be with you!
What you're arguing though is that the concept is prudent, but the implementation is rife with abuse, and thus the concept should be abandoned. This is the same argument the RIAA used against file sharing.
I was quoted out of context in my autobiography...
Smart guy, but can't see the big picture outside his own specialist niche. This isn't a dig, it's an observation,and I have seen it many times with brilliant people I know. If the software patents and DRM goons had had their way back before he wanted to build a minix/unix replacement, he wouldn't have been allowed legally to do most of what he did. Heck, we would barely have affordable functioning home computers either.
I really like the idea of a new GPL that goes farther than the last one in making sure freedom and openness becdomes the norm and not the exception. If we can't get rid of software patents, we can use the fact they exist against that concept. It's sad but you can't remove the legal aspects to coding, so might as well use what ammo and tools are available to counter the threat that patents and DRM clearly are.
Look, GPL3 does not force ``our" morality (in whatever sense of ``our" is relevant) here on anyone; nobody is compelled to use the license OR to use software released under such a license.
Hehe, that's correct. You're free to use the license or not. You can just as well release your work as public domain if you wish. Or protect it with a super restrictive Microsoft-style license where you're barely allowed to even run the software.
But what's being discussed, and why you see all "forcing morale on others stuff" is that you indeed do this if you decide to use GPLv3, which is what the article is basically about; the why's of why Linus don't really like it. And the reason is a lot about forcing morale on others.
Feel free to stray from the topic at hand (implications of GPLv3 and thoughts about it) but be aware you may go off-topic..
Beware: In C++, your friends can see your privates!
Because to the extent that your computer is an extension of your mind, DRM is a "restraining bolt" that determines what you can or cannot say or think about, and its application is almost entirely in the hands of a powerful few. Even if it was never abused (and that's a huge if), the idea of somebody else having the final say over what you are allowed or not allowed to think is a disturbing thought.
(Analogy: imagine someone had invented a pill that kept people from thinking about molesting children, and that they wouldn't let anyone move to their town unless they agreed to take that pill. Would you feel comfortable agreeing to that, even though it was for a good cause? What if you knew the pill could easily be altered in the future to, say, force people to vote for a particular political party? Remember, once you've moved to the new town, you'll have to either accept any additional pills they decide to require in the future, or pack up and move to another town again... which might be very inconvenient for you, especially if there are no longer any "pill-free" towns nearby)
I don't care if it's 90,000 hectares. That lake was not my doing.
Although Linus makes very good points I think he doesn't understand the pernicious nature of those who would want DRM technology.
Granted as a software creator I should have the ability to do whatever I want and the F/OSS community should only have domain over what they create. However, we are _not_ an independent community. Without hardware vendors the software we create is worthless.
If the almighty Microsoft decided to lock out hobbiests and allow only those paying into a "partners" program to have their software signed as running on windows and neither the OS nor the underlying hardware allowed for execution of unsigned code then the F/OSS would run into problems.
Granted "we" as a community could buy other hardware, but with the _vast_ market share of Microsoft it would be difficult [as it is to get drivers now] to convince vendors to spend the time, energy, and $$$ to develop F/OSS friendly hardware.
I think Linus is a bit niave in thinking that larger software vendors won't make backdoor agreements with larger hardware vendors to use DRM technology to remove competition.
I mean they've used every other tactic they can think of, why not hardware DRM?
Not really. A more appropriate action would be to develop a different way to pay content creators than trying to map the analogy of physical items made out of molecules onto abstract concepts made from pure information.
This whole scheme was a kludge when it was invented a couple of centuries ago, but it worked OK so long as there were only a couple of printing presses in each city. It really started getting strained when technologies such as photocopiers and tape recorders became available to the public. It almost broke down totally with the availability of hard drives and the Internet to transmit copies. Now, with the world moving towards the sale of content with no media at all, the concept is becoming absurd. There's no physical media left at all on which to map the physical property analogy.
Trying to simulate the physical object mapping with pure encryption and software algorithms is like trying to hold together jello with rubber bands. It's not going to work unless the government takes away your right to own a general-purpose computing device without encrypted links to your monitor and speakers. I assert that the freedoms that give you the right to own unhindered computer hardware are more important than the economic benefits that content producers would get from unbreakable DRM schemes. I don't care if the amount of content created and the number of producers the economy supports would be significantly decreased. Locking down every information handling tool available to us is just not worth it because the same DRM tools that content creators use to ensure payment will undoubtedly also be used by governments and private parties to monitor, snoop and control all of the information that we use.
Some police departments are using DRM in cameras to prove that photographic evidence has not been tampered with. This is just one of many, many examples people benefit from limiting the capabilities of the user. If you've ever worked in IT, you know how dangerous users can be. Imagine never having to remove gator from someone's computer again, while still giving them privileges to manage their own system.
An anti-DRM software license is just as stupid as RMS deliberately making su insecure because he was mad that he couldn't root a box.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
DRM will come and go. It's not the real threat you think it is. I have now been programming and dealing with hardware for about 20 years now. Just enough time to see the same things happen over and over again. Many makers will use DRM to lock you into bying there stuff. Consumers will get pissed off and stop bying that stuff.
I used to fret and worry about IBM locking down PC hardware so customers would end up locked in an IBM world. Remember that bus that IBM made, microchannel or something, that was suppose to be better than ISA. IBM was going to charge big time for board makers in liscence fees to make cards for these slots. Well along came a small company called Compaq and gave consumers what they wanted. Over the years I have watched this same scenerio play out over and over again with HD interfaces, Video cards, data file formats, you name it. Each time the open market solution natuarly won.
The consumer market wants cheap and hassle free solutions whether they have the DRM label or not. If John Doe can't plug his USB key and save a file in 10 seconds without sacrificing serious money he will go to a providor that will. Linus is right, vote with your dollars. In the ever competitive hardware market, where margins are as thin as tissue paper, some one will be there to cater to what you want.
Computer hardware and software is ultimately a buyers market. Let the market punish dumb hardware and software makers that restrict your use.
/me remembers the days when you didn't need firwalls
When I was starting Uni firewalls were just staing to become widespread at my uni. I hated this because I was used to the concept of every unix machine having a guest account you could log into and use.
It was (for my peers) part of the ettiquette for being on the internet that you did make your machine accessable.
Now we take for granted that you lock your machine down very carefully.
I see a similar change in approach now, we're used to freedom, but there are people out there who abuse this and therefore undesirable security is needed.
I see DRM in the same field as Firewalls, Spam filters, locked machines, etc. Unfortunate and undesirable, but a necessity in this big bad world.
If I notice someone is abusing the DRM I will vote with my wallet the same as I have always done. If the worst comes to the worst I'll just be stuck using old machines without hardware control - If I can't buy that anymore - I'll build my own with an FPGA.
I don't see an issue as long as we make sure there remains an alternative. GPL and friends provide that alternative.
"The weirdest thing about a mind, is that every answer that you find, is the basis of a brand new cliche" -
Has anybody here actually read and understood the anti-DRM provisions of GPLv3, or are you all just spouting off?
Section Three -- the anti-DRM provision -- basically says that any work covered by the GPLv3 is not to be construed as a copy-prevention measure. In other words, if some mis-worded legislation makes it onto the statute books -- specifically legislation which apparently makes an act illegal, ignoring that a copyright holder might well have given permission for such an act -- GPLv3 3 is there to make it quite clear that the copying is being carried out with the blessing of the author.
It also ensures that if software subject to GPLv3 is recorded on some medium which attempts to restrict copying, that any user who is forced to bypass anti-copying restrictions in order to perform a legitimate act for which permission had already been granted, has a legal defence for doing so.
Which of the above don't you agree with?
Je fume. Tu fumes. Nous fûmes!
So what about the modifications and improvements Microsoft might have made inside the tcp stack?
Can I just pick up those and carry on using their real world tested improved versions?
If it was released under a gpl license then it wouldn't be a problem because it would all be in the open.
* I know Microsoft has lots of dirty code, but not everything they do is evil and having to reverse engineer to find the modifications is wasteful in both time and resources.
You are right about the BSD variants openly sharing code, but thats more due to good sportsmanship and an informal gentlemans code than anything. Nothing (as far as I know) prevents me from taking a branch from one of them and creating a "Secure-BSD" and locking the code and my modifications away and not give the source away.
liqbase
I agree with Linus that the GPL is the wrong place to fight DRM.
If you like me and many others, think that DRM imposes problems for both individual persons and the way we want to run our societies, then you must fight DRM at the _real_ battlefield, namely the political process that makes the laws governing your society.
_WE_ know why DRM is a bad thing, but does the politicians? the voters? your friends?
You need to sharpen your thoughts about why you think DRM is a bad thing for our society, and then act upon it.
Fighting DRM is a political battle, not a technical.
We may not be able to gather enough political support to outright ban DRM, so let us instead follow the anti-tobacco crowds lead, and bit by bit; a law here, a ban there, make DRM product manufactureres life difficult and expensive.
Eg. enforce a DRM escrow: the content providers must guarantee, not promise, not try, but guarantee, that a DRM free version is available when the copyright expires.
And since DRM products enjoys not only the strong copyright protection, but also protection from DMCA laws, then it is only fair, that the duration of this state guaranteed monopoly is shortenend somewhat.
Be imaginative; think of all the little scenarios where DRM could be a problem, and work for small, concrete laws that expells DRM for that scenario, or at least makes it more expensive.
Make a "lex Sony rootkit"; make DRM dealers responsible for their actions in a way that actually hurt them.
Make sure that all DRM products are marked as such in a clear way, perhaps like on cigarette packets; "Warning, this product contains DRM, that may be harmfull for your personal freedom";-)
Make a "Lex ipod", that guarantees everybody the right to use their bought content on _all future_ appliances.
--
Regards
Peter H.S.
If Linux were released under GPL3, then nobody with a DRM box could run Linux on it. But by allowing Linux to run on DRM hardware, if something doesn't work because of DRM, then the HW manufacturers are the bad guys, and DRM at fault -- not those nice OSS people who just want to help everybody.
It also gives us all ongoing opportunities to observe misapplications of DRM technology (spyware, malware attempts) by providing a nice platform. While finding ways of actually thwarting lawful applications of DRM would be wrong, if there's an unlawful misapplication of DRM that's easily observable (because Linux runs on the thing) and possible to thwart...Cool!
So I have to say that Linus has it right, both in spirit and in strategy wrt to the kernel. And there's nothing stopping anyone from writing GPL3 applications that run on it -- but only if you get a non-DRM box. Which is another way of strategically opposing DRM -- allow your OS to run on it, but let it break half the apps, so people have a reason to not buy DRM hardware.
And he says as much, too.
KDE and Qt. There's your single example of shoulder-standing. Hell, anything compiled with the GNU compilers. Any other silly statements?
My blog. Good stuff (when I remember to update it). Read it.
and I can't find a single instance of people standing on each other's shoulders
Uh, say what?!? What about Linux (based on Stallman's work), mplayer (based on libavcodec, which uses X264), and basically every other GPLed software in existence? Looking at popular packages, it's hard to find GPL'd work that *isn't* standing on some other GPL'd product's shoulders!
More examples: CVS (based on VCS), SVN (based on CVS), Gimp (based on tons of image processing libraries, e.g. libpng)
It's possible that there is no CVS code in SVN (although I'd be surprised), but I would be astonished if the SVN developers weren't reading CVS code for ideas.
He's so level-headed in a field of holy-men-with-a-mission-from-$DIETY as far as the eye can see. I may not always agree 100%, but it's well worth it just to hear him point out from time to time that we do not, in fact, have to commit ourselves to Jihad.
torvalds is already implementing DRM in the core of the linux kernel.
it will prevent you using non GPL modules, prevent you from running non GPL program and finally prevent you from listening to non-GPL bands.
Not.
He's thinking about the near future, where most interesting new hardware would have a chain of trust that requires you to have secret keys to get your programs to run on it, and you will never get those secret keys.
You modify that source code to your heart's content, suckers, because it's written against this prison platform (and it's probably not really useful anywhere else) and if you change it, it won't load.
WTF is the point of the GPL then? Where is the freedom?
Leaving aside the fact that DRM itself is nonsense (it is), impossible (it is), and inherently repugnant and evil (it is), DRM is directly incompatible with the purpose of the GPL, that's all.
The GPL itself has a "no secret sauce" provision. You're not really staying free if you can keep to yourself some secret that the code actually needs to work. This is just formally and explicitly extending the same line of reasoning for the most likely way it's being violated.
I really can't understand why people don't get this. The corporate world on a whim thinks it might be more profitable to take away all your freedom to tinker. They're probably not even right about that.
You just all roll over? Sure, I'll help. No, I don't need to get paid.
RMS is saying, look, this is bad shit, and I want no part of building this prison. Anyone who feels like I do, here's a license you can use. Don't be a sucker.
Linus doesn't want to use it, fine. I think he's an idiot for not getting it, but no one is being "pressed." We're all free to do what we want. Stallman can't press anybody. And that's the point. he's fighting so that you can't be "pressed" by others.
"Pressing." LOL! All this hate against RMS and the FSF is so barbarous, and so sadly ironic, frankly...
Tired of Political Trolls? Opt Out!
Dell "pilfers" code, doesn't maintain it, leaves users with laptops and desktops that will only run 2 year out of date software they can't update.
Bad business decision again; users revolt.
Please explain how it is bad business to force an upgrade cycle? Sounds very much like our current software overlords. Incidentally this is also a technique employed by shoe makers who make footware that wears out easily. This is very good business indeed for the suppliers.
In fact the scenarios you describe both sound plausible and like good business for Dell. The only caveat is that no one comes along to undercut them with an open platform including support for gma and gpa.
Bitkeeper.
Analogies don't equal equalities, they are merely somewhat analogous.
don't buy a trusted platform based machine
The whole "trusted platform" name is misleading. It means hardware that some 3rd party software or content vendor can trust, not hardware that the owner of said hardware can trust.
Since a TP actually limits what the owner can do with it, I suggest using the more accurate term, "trussed platform".
(trussed: (adj) bound or secured closely; "the guard was found trussed up with his arms and legs securely tied"; "a trussed chicken")
I certainly wouldn't buy a trussed platform machine.
-- Alastair
I feel that Linus is missing the point. GPL3 is mostly a set of changes to give some assurances that code licensed under it will not be made proprietary through the use of DRM and strengthens the provisions regarding patents.
Having anti-patent provisions makes total sense in my book. Having patents invoked against GPL'ed software means that the software cannot legally be used, and this provision makes it just that much more costly for a real (not a lawyer-only firm) to shut down a GPL project using patents while not effecting other users in the least.
The DRM provisions don't forbid the use of DRM, but assuming their legal theory is correct, it will make it legal to circumvent the DRM assuming that it is done for a legal end.
I do not understand people that are totally anti-Rights-management.
Because DRM is used in a way that is _too_ restrictive. i.e.:
1. Why shouldn't I be allowed to import a DVD from another region? Maybe it's never going to be available in my region, or maybe it's a lot cheaper if I import it. Yeah, the manufacturers have problems with me buying it from a cheaper region but they don't hesitate to make people redundent because they can employ people to do the same work cheaper elsewhere. If the manufacturers want to exploit the global economy, why do they have the right to prevent their customers from doing the same?
2. Why shouldn't I be allowed to play a DVD using FOSS software? IMHO a mainstream distribution format should not require me to buy specific hardware or software in order to read it - I have legitimately bought the media and a licence to the content, I shouldn't have to pay more money to use it.
3. Even if DRM is only used to prevent you breaking the laws, I worry about this since many people legitimately believe that a lot of laws are bad laws - people should be allowed (to some extent) to be able to use their own moral compass to decide what's right. A good example is the broadcast flag - why should I be prevented from making a video recorder to allow me to time-shift TV shows for my own use? Recording TV shows and then watching them a few hours later doesn't create any adverse effects for anyone so from what I can see the broadcast flag will simply restrict what I can do with the content for no good reason - currently I can ignore such bad laws but if it's actually enforced through technological means I can nolonger make a moral choice for myself.
This is really about trust - why should I trust someone to get the restrictions placed on content right?
The trust issue also applies to things like software signing: being able to lock a machine down so it can only run trusted software on the surface looks attractive - no more malware. But how do I trust the certification authority? e.g. if a machine will only run software that Microsoft certifies as trusted then I have these problems:
1. Why should I trust that MS's definition of "trusted" is the same as mine. For example, Windows Media Player and IE7 both "phone home" - presumably MS thinks that's trustworthy behaviour but I certainly don't.
2. What are the legal implications if MS accidentally signs some malware? If there's no penalty then it seems software signing is useless.
3. Why should I trust that MS won't use software signing to stop 3rd parties producing competing software - what happens when they refuse to sign OpenOffice for example?
Essentially, a certification authority needs to be trusted - what do I base that trust on? In my experience, large companies and governments are both untrustworthy (from the consumer's point of view).
http://blog.nexusuk.org
No, people will continue to use hardware as well as they can. The ability to use your hardware as you see fit is a core freedom that's not contradicted by GPL3. That's very different from making DRM friendly code.
The bottom line is that DRM will be used to deny you the ability to run your own code, regardless of your cooperation. DRM is about control and locking people out. You can see it coming.
Friends don't help friends install M$ junk.
>> In order for the market to work and content to move into the digital
>> age and away from physical media, there has to be DRM.
Perhaps in the generic sense of "digital rights management", i.e., some combination of technological and legal mechanisms for managing the legitimate rights of those people who create, own and distribute digital content.
But that's not what "DRM" is used to mean, by many content owners. To them, "Digital Rights Management" is about forcing on consumers -one- unbelievably restrictive, poorly engineered, legally questionable mechanism for protecting -and substantially extending- their already overbroad perception of what their "rights" are under the law.
> I agree with you completely. I do not understand people that are totally
> anti-Rights-management. The problem is the way companies are using the DRM
> tool as a lot of them see it as a way to squeeze more profit from their
> customers.
Very true. But many of the Anti-Rights-Management folk have leftover -legitimate- suspicions of anyone defending rights management. Like a man who's been beaten up by crooked cops once, he will -always- be suspicious of cops. The fact that they are good cops doesn't change this.
Until the good cops start cracking down on the bad cops, we can't even -begin- to deal with the suspicions.
> But you have to see DRM with a broader view, it is about the management
> of rights in information, as the world continues to depend more on
> digital information there is an inherent *need* in controlling who
> can and who can not access that information.
That's not completely on target, I feel. There is a need to enforce the legitimate ownership rights to information. This is not precisely the same as "controlling who can and can not access that information." Rights management law and technology needs to take into account the right of consumers to have permanent unencumbered (not unrestricted) use of digital content they have purchased.
That means when technology changes, I need to have recognized my absolute -right- to transfer the content to another form. That means when the company that produced the content folds, I need to have recognized my absolute right to engineer my own solutions for transferring and utilizing this content (and have third-parties engineer the same). I need to have recognized my absolute right to -refuse- to accept future contractual licensing changes on content I have already purchased. I need to have recognized my absolute right to be informed prior to purchasing, the licensing terms of the content, in simple clear terms.
And content providers and software and hardware manufacturers are fighting like mad to avoid respecting any of these rights.
> It is not only about music and movies. It is about documents and all
> other kind of digitally representable data.
> The people that rant about the right management technology usually has
> no idea how to control information,
Well, to be fair, most people who -support- DRM technology usually have no idea how to control information, either.
> I am totally against the way CORPOPRATIONS are using DRM technology
> (I was the first to compile a list of Sony Rootkit CD's when it
> started) but seriously, the technology is not bad, it is corporations
> abusing it to get more power.
Unfortunately, they will continue to abuse it until (A) the rights of consumers and the responsibilities of corporations are clearly enumerated in the law, and (B) DRM technology is mature enough to rely on. We aren't even close to that point. It requires methods for accurately and independently auditing the software and hardware end-to-end. That ain't happening; not in DRM, not in voting, automotive, medical, or any other hardware and software where we have a need for verification and reliability.
I have experienced enough DRM headaches with my Sony Minidisc player to be convinced it is a bad idea. In this case, the Sony DRM Nazis decided that with their newer generation of NetMD players, they'd make it impossible to upload anything recorded on the player, period, even though it's stuff I recorded it through a mic onto the MD myself. In addition, once I got a new computer I had to re-rip all of my music just to be able to modify what was already on my music minidiscs.
Now imagine a world where such technology is pervasive, in which there is no original CD to rip from, so I have to buy the music all over again. Maybe a solution can be found, involving ability to transfer files using my fingerprint or something, but that technology doesn't exist yet. Not to mention that DRM doesn't factor in my ability to lend things out. Where does that fit in?
Another thing that worries me is the issue of historical archiving. If all of our data is stored in an actually airtight DRM, how will future generations be able to access it? This may seem silly given the idea that the original is still held unencrypted *SOMEWHERE*, but if a small media corporation were to go under and their original files were to be lost, all we would have would be a few extant DRM-encrypted discs or files. What then?
I feel like consumers would be more willing to pay money for online music if the files had fewer restrictions put on them. I know that if I could recieve 192kbps MP3s from the iTunes music store instead of limited-use limited-device DRMed AACs, I would consider buying from it a lot more strongly. DRM just ends up giving consumers headaches in most instances, and makes just about everything more inconvenient. Until such free-use media is offered for us to buy, people will keep on making illegal use of file-sharing networks.
That's exactly the problem I'm talking about.
Copyright is about protecting ideas - not about protecting physical objects
But it's currently implemented in terms of mapping to physical media. It controls copying the information from one instance of media to another. The problem is that computers with hard drives can instantly create thousands of these new copies, so attempting to regulate this action is almost impossible without taking away computers' general ability to copy.
If people want to protect ideas, they should come up with a scheme to do it that doesn't depend on keeping track of all the ephemeral copies that may be in computers. The costs of accounting for that (in terms of user restrictions, lost rights, government interference and abuse) aren't worth the economic benefits to content creators provided by tracking all those individual copies.
You can get on your high horse and say "The content belongs to the creator, so the current system must be preserved as-is". However, I can get on a higher horse and say that the current system is unfair because I can buy a physical copy and view it over and over again without the creator getting one more cent. In a perfect world, the creator would get compensated each time somebody enjoyed their work. The current system is a very crude approximation of what would really be fair. However, that ideal system is currently unworkable and unenforceable, so nobody attempts to impelement it, and we use the less fair current system. Well, the current system is rapidly becoming unimplementable, too. I'm saying that we should shift to another system not focused on the hopeless goal of managing countless billions of individual copies without ruining everyone's computer systems.
Linus understands the license correctly, as do you, but you don't understand Linus. He wasn't talking about what RedHat does -now-, he was saying -if- you had hardware that only ran signed kernels and -if- RedHat distributed a kernel for it -then- the GPLv3 -would- require RedHat to distribute their private key at the same time.
Nothing to do with anything being done now, since RedHat does not currently run on any such locked hardware afaik.
--Parity
'Card carrying' member of the EFF.
In college, I had a class on ethics where pairs took turns giving lessons on different topics. The topic my friend and I took was software licensing: have you ever read the GPL? Ever read the WinXP license? If so, great! It's a beast. Just in case you were serious about your comment, here's GPL2, simplified:
"If you want to use this software, no problem - you're free to do so. If you want to distribute this software, you must make the source code available to those who you distribute it to, at no cost over the cost of distribution."
Just to clear that up.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
The consumer market wants cheap and hassle free solutions
The solutions will be entirely hassle free.
Since Microsoft controls the PC market and the MPAA/RIAA cartels control almost all popular media they will make if very simple indeed.
You won't have to make any choices at all:
To play any mainstream media you need the DRM MediaPlayer.
The DRM Media Player is signed and only runs on Windows.
Windows is signed and only runs on a Complete DRM PC.
Infact 99.5% of all PCs will play the media hassle free the other PCs will not play mainstream Media won't be able to read mainstream office documents and won't run mainstream Software since it will all be signed.
Users will at last no longer have to even think about running Linux. And developers won't have to worry about writing better office suites, email or media software since these open source programs won't run in the secure mode neccessary for them to interoperate with the 99.5% of the population.
And finally should anyone try to break the DRM cartel to produce non-price-fixed software or allow fair usage rights on media they will be locked up for breaking the DMCA.
I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers.
Bill Gates has no qualms about enforcing his rules on hardware manufacturers. Neither does Steve Jobs or anybody else in industry. And corporate CEOs are religious about how they think the market should operate and won't shut up about it.
RMS is no more religious than any of these people, and the GPLv3 restrictions are still far less onerous than anything Microsoft, Apple, Sun, or any of the other big players will force you to agree to.
Linus is entitled to his opinion about the GPLv3. But his statement that we have no moral right to enforce those restrictions is ridiculous in light of the fact that everybody else is trying to place far stronger restrictions on licensees and nobody thinks twice about it.
I think this says a lot less than you think it does. Everyone who tries to convince others of the weight of their argument is "trying to press [their] beliefs onto others". This does not address whether those beliefs are wise or valuable.
They already are much more influential, but influence isn't that important without understanding what the influence is trying to get you to do. The GNU GPL is almost 20 years old and is the most popular license in the Free Software community. GNU is a remarkably popular OS. Linus Torvalds has not written any license, nor has he assembled a social movement, nor has he put together an operating system. The Linux kernel was originally his work, but now there are many forks of the Linux kernel and Torvalds' fork is one (and this fork has many contributors, Torvalds no longer writes Linux alone). People draw inspiration and code from his fork of the kernel, but plenty of people in the community don't use the Linux kernel at all, yet they still use some GNU programs (such as GCC). Even some proprietary software projects use GNU programs to build their systems (again, GCC among them). The GNU project aims to bring people software freedom—the freedom to run, inspect, modify, and share programs—freedoms which Torvalds sometimes works against (his chastising Andrew Tridgell for working on a program to allow users to copy data from Bitkeeper repos comes to mind).
Please cite a source to back this up; I know of nowhere RMS says that he would like all patent, trademark, copyright, and other laws to disappear. RMS presents a clear understanding of why we should not use the term "intellectual property" (which is what you mean by "IP" here), and has come up with a clever use of copyright law to create and maintain a legally defensible commons. Someone who is utterly opposed to copyright law would not do this. They would probably reject copyright law entirely for copyrightable works, place their copyrightable works into the public domain and encourage others to do the same. Yet in his explanation of "copyleft", RMS says why he doesn't place his copyrightable work into the public domain (but would be fine with his copyrighted works entering the public domain through systematic copyright expiration, in fact during the recent GPLv3 conference Eben Moglen said that RMS would be more comfortable with a copyright regime from long ago instead of the one we have now).
Your post is vastly overvalued in its moderation. It is not interesting nor does it deserve a +5.
Digital Citizen
Whole DRM concept is seriously flawed and cannot work in reality but in limited way only. Here are my points:
- In cybernetics theory, there is no mathematical distinction between hardware and software. Hardware has theoretical base in abstract automatons while software in algorithms, but cybernetics shows those two are mathematically equivalent. Whatever algo you can design in hardware (logic gates, for example) you can implement in software and vice versa. Also in theory, there is no distinction between data and program as well.
- Most non-cs people intuitively accept hardware as something static, and software+data as something volatile, and DRM is a try to declare software+data static by binding it to hardware. This is fundamental error of the DRM, because hardware could be not as "static" as it is expected to be. So, DRM concept does not respect laws of mathematics which makes it false.
- Algorithm cannot decide if it runs as a part of some "bigger" algorithm. First emulator of specific DRM hardware will make the specific hardware obsolete.
Example for dummies:
Imagine your computer is DRMed totally to the stage you can only use a word processor with limited scripting of your own documents, and email to send your documents around. But you can create an universal computing platform even on top of that:
- let the document represent a "memory" for virtual computer (line==instruction, use hex or keep the stuff human readable or both)
- write some virtual instructions as a document script functions
You can code an 8-bit platform such way in a week or two, capable of running some ancient 8-bit operating system such as Newdos-80 or CP/M at the speed comparable with those of 70'-80' computers. Or you can code something like forth or lisp even quicker, in days.
- Process your data such as sound or pictures on that platform. Use other word documents as a filesystem.
- use email transport as a low level network layer, implementing some simple protocols over it, treating an email message as a "packet".
Now you have a free as in uncontrolled platform at your hands.
There you are, staring at me again.
I think you (and the people who modded him "Funny", too) misunderstood him. Digital Restrictions Management (DRM) can be a bad tool for companies to use against their customers, but could actually have legitimate uses for those customers themselves. I think companies would like the ability to use Digital Restrictions Management (DRM) so that, say, their customer database couldn't be copied off of their LAN. A doctor's office would like the ability to keep medical data from being accessible to non-employees. Etc., etc., etc.
GPG is an extremely handy tool, but it only implements security, not Digital Restrictions Management (DRM). I can send my accountant an encrypted accounts file, for example, but have to trust that he won't redistribute it. With ideal DRM, I don't have to trust him.
Still, I'm not pro-DRM by any means. Just sayin' that I can see applications where you and I could benefit from it, too.
PS: I plan to keeping referring to DRM as Digital Restrictions Management until Google sees it my way. Any assistance is appreciated.
Dewey, what part of this looks like authorities should be involved?
People who buy the content are unaffected
Not true. Exactly the people that buy the content are affected.
If I as a regular customer buy a DRM'ed CD, I can't easily make a copy for my car. If I am a pirate, it's a non-issue to record a non-DRM CD over the analog out of the DRM'ed one, and people copying/buying from the pirate are not restricted either.
"When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
Except that that's not true. People who buy the content are affected. We are being prevented from exercising our fair-use rights. Prior to CSS being broken I could not backup the DVDs that I had legally purchased, nor could I copy them to a hard disk in a media center computer so that might access them all through a menu rather that having to fetch the approprate DVD from it's case. Frankly, I'd prefer not to be wasting a whole lot of shelf space in my living room for storage of DRM'd media. I could go on about the ways in which I am affected both directly and indirectly, but the above is enough to illustrate the point.
There's a war going on between content producers and the pirates and the people who buy are getting caught in the middle as the content producers treat everyone like a potential criminal.
Because very few people actually bother to find out what is really going on.
When Brian LaMacchia gave a talk on Palladium at MIT RMS didn't bother to show up till late, then at the end gave a long harangue that demonstrated only that he had not listened to a single word of the talk.
Trusted computing is not a very good copyright enforcement mechanism, it is as good as anything else that is going to be around and that is going to probably allow computers to do the same sort of stuff that dedicated media devices are allowed to play etc.
Trusted computing is a much better solution for the problem 'how can I know that this machine has not been tampered with', in other words to answer the Thomson paradox.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
This is the same argument the RIAA used against file sharing.
Companies aren't citizens. They shouldn't be treated in the same ways and shouldn't be compared by the same standards. So my argumentation isn't like RIAA suing filesharers.