The FSF, GPLv3 and DRM

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Thursday August 10, 2006 @08:37AM from the preaching-to-the-choir dept.

whats-life-without-gpl writes "FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG) fan and how GPLv3 is gearing up to protect against it. "

11 of 388 comments (clear)

Min score:

Reason:

Sort:

What's wrong with TiVo? by Chris+Pimlott · 2006-08-10 09:05 · Score: 2, Informative

I hope that Tivo get's taken to court. It would be a triumph for open source efforts.

Er, TiVo's one of the good guys, they release their source in compliance with the GPL.
1. Re:What's wrong with TiVo? by SpaceLifeForm · 2006-08-10 09:25 · Score: 3, Informative
  
  Yeah, but.
  
  They don't make it easy to hack the box and put fixes or
  enhancements of GPLed software on the box.
  
  Tivo went overboard, and locked down the entire box when
  they could have done the following alternative:
  
  Provide the source (as they do).
  Provide a build environment so you can make enhancements
  or install bug fixes to the GPLed software (they don't).
  Provide a method to update the box (reflash if needed) (they don't).
  Make sure the box will boot any kernel with GPLed userland (they don't).
  
  Tivo could do the above, and provide their signed proprietary
  binaries, and everyone would be happy.
  
  Because of Tivo, RMS has been gamed, and he and Eben have
  come up with a more complicated 'solution' to the problem.
  
  All the GPLv3 has to do (with regard to DRM), is to require
  that distributors provide the source, provide the build environment,
  provide their proprietary binaries, provide a method to update
  the box, and make sure the box will boot even if you change the GPLed software.
  
  Everyone will be happy, and the spirit of GPL will be preserved.
  
  --
  You are being MICROattacked, from various angles, in a SOFT manner.
2. Re:What's wrong with TiVo? by metamatic · 2006-08-10 10:08 · Score: 2, Informative
  
  At the same time, since these devices are now on networks, there is a real possibility of them getting hacked.
  
  Well, first off my DirecTiVo has no network option, and it's still crippled.
  
  Secondly, there's a simple solution which would enable them to comply with the letter and spirit of the GPL: Put a DIP switch inside the unit that turned off the signature verification.
  
  And thirdly, yesterday I had a successful Denial of Service attack perpetrated against my TiVo by TiVo/DirecTV themselves, who somehow screwed up a bunch of people's boxes by sending an erroneous "You are no longer authorized" message.
  
  --
  GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Re:Help a clueless newbie out? by AuMatar · 2006-08-10 09:23 · Score: 2, Informative

Yes, if the libraries are GPLed. If you mean glibc, that library is released under the LGPL, so no your program would not.

--
I still have more fans than freaks. WTF is wrong with you people?
Acronyms by ericlondaits · 2006-08-10 09:50 · Score: 2, Informative

FSF: Free Software Foundation
DRM: Digital Rights Management
RMS: Richard M. Stallman (founder of the free software movement, the GNU Project, the Free Software Foundation, and the League for Programming Freedom).
OSTG: The Open Source Technology Group.
GPLv3: GNU Public License version 3.

--
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
Re:Summus interruptus by bradkittenbrink · 2006-08-10 10:04 · Score: 2, Informative

I don't think the disclaimer is awkwardly placed, I think the link text was chosen poorly. I think the slashdot editor was right in placing the disclaimer directly following the link (I'm assuming the editor had to do that). Whoever thought it was a good idea to say
<a href="http://trends.newsforge.com/trends/06/08/02/ 2210213.shtml?tid=147">why RMS isn't a DRM</a> fan
instead of
<a href="http://trends.newsforge.com/trends/06/08/02/ 2210213.shtml?tid=147">why RMS isn't a DRM fan</a>
is the one at fault here.
Re:The problem with signing by AuMatar · 2006-08-10 10:15 · Score: 2, Informative

Not unless Linus creates the hardware. If he did not, he would be a third party and not in violation of the GPL. In that case it would be the person making the hardware who violated the GPL, and they would have to change their hardware (or get Linux to give out his key, but most likely change their hardware).

--
I still have more fans than freaks. WTF is wrong with you people?
Get a grip. by Corngood · 2006-08-10 12:01 · Score: 2, Informative

They can't stop you legally from doing anything you want with the device (or let's assume that for now), but there's no reason for you to expect that it is capable of anything other than what the manufacturer intended. They are perfectly free to cripple their product for whatever reason they like, so long as it is sold as such.
Re:The problem with signing by Chops · 2006-08-10 12:33 · Score: 2, Informative
This does bring up a flaw in the idea, though: what stops a company like TiVo from creating "unrelated" shell organizations so as to separate the kernel development and hardware development in order to get around this?

I thought of this same thing after I wrote an earlier post in this thread, and when I checked out the GPLv3 draft, I saw that it was very cleverly handled even in that case:

The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances. (For instance, if the work is a DVD player and can play certain DVDs, it must be possible for modified versions to play those DVDs. If the work communicates with an online service, it must be possible for modified versions to communicate with the same online service in the same way such that the service cannot distinguish.) A key need not be included in cases where use of the work normally implies the user already has the key and can read and copy it, as in privacy applications where users generate their own keys. However, the fact that a key is generated based on the object code of the work or is present in hardware that limits its use does not alter the requirement to include it in the Corresponding Source.

So it doesn't force Redhat to give away their private signing keys, unless RHEL _refuses_ to install a non-signed binary (as opposed to merely complaining about it) -- the keys must be "necessary to install and/or execute" the resulting binary. It does cover a situtation where Tivo makes the hardware and the "Ovit" company makes a software image which runs on the Tivo:
- If Ovit's software runs only on the Tivo hardware, then the signing key is "necessary to ... execute modified versions in the ... recommended or principle context of use," and Ovit is guilty of copyright infringement (since the GPLv3 does not apply to their redistribution).
- If Ovit's software runs on other hardware than the Tivo (with "all the same functionality"), then their software is legal by the terms of the GPLv3, which is correct, because they really are making general-purpose media center software, and the lack of freedom on Tivo hardware is merely an irritation rather than a menace.
It's really slick. It's almost like they thought about it for a while before they wrote it :-).
Re:The problem with signing by MadEE · 2006-08-10 12:40 · Score: 2, Informative

That is right but you do not own the code or the schematics for the design. You have ever right to unsolder the chips and sell them on ebay if you wish or to beat the hardware with a hammer. Your rights end at the hardware; decisions in design belong to the makers of the hardware no matter how entitled you believe yourself to be to it. Your ownership rights end at what you can do with the device you own once it is in your hands it does not force manufacturers to accommodate your whims.
Re:I fear a repeat of the Bison fiasco... by Chops · 2006-08-10 13:00 · Score: 4, Informative

Bison (GNU's version of YACC) used to have the restriction that the output of Bison, since it was a large amount of code, was GPL. As a result, nobody used Bison except for GCC, because the liscence was untenible.

Correction: Bison used to have the restriction that the output of Bison was GPL, because nobody (including the FSF) had noticed that that was true. As soon as somebody did (in 1996 or so), the FSF put in a special exception and life went on pretty much as normal.

I fear that GPLv3, by trying to force RMS's notion of "Liberty" more strongly (anti-DRM provisions, anti-closed-hardware provisions) will be a repeat: GPLv3 based software will only be used by the real FSF zealots. Everyone else will avoid it.

Yes, the popularity of Bison has certainly suffered a staggering defeat; the Debian popularity contest, to pick a random example, shows it slightly less popular than X Windows, but slightly more popular than the ftp client. Doubtless we should heed your example and run screaming from the GPLv3 lest we, like it, and like Bison, become...

(shudder)

unpopular.

Nice use of the word "zealot" to describe harmless nerds who like to share their software, also.