The FSF, GPLv3 and DRM

whats-life-without-gpl writes "FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG) fan and how GPLv3 is gearing up to protect against it. "

Of course RMS is not a DRM!

[Abreu]

One is a person, the other an ill conceived business plan...

Re:Of course RMS is not a DRM!

[Chris+Pimlott]

The summary actually says he's not a "DRM fan" but it's interrupted by the awkwardly placed "potential bias" disclaimer. Editors, you can just put that at the end of the summary, no need to jam it in the middle of a sentence where it destroys the flow.

Re:Of course RMS is not a DRM!

[bohemian72]

You left off a couple airports:

RMS: Ramstein, Germany
DRM: Drama, Greece

Re:Of course RMS is not a DRM!

[jeroendekkers]

Are you sure? According to Microsoft, RMS is a DRM system.

Re:Of course RMS is not a DRM!

[DittoBox]

I wish another stupid politcian would come up with another retarded description for something technical so all these no-so-funny anymore tubes jokes would rot in the bowels of internets history.

Oh look, another joke that wasn't funny.

The problem with signing

Linus Torvalds, has a problem with this. He says that he himself signs the Linux kernel, and that that's his way of telling everyone, "You can trust this, it's from me." In an email message to the Linux Kernel Mailing List (LKML) on 23 April, he says that there are two types of keys: "One is an external key that is applied _to_ the kernel (OK, and outside the license), and the other one is embedding a key _into_ the kernel."

GPLv3 says that if any GPLed software carries an embedded key, this key should me made available to the users, but it makes no demands on the first kind of key. Linus has said that he would never distribute his signing keys, but the GPLv3 does not require him to release them. The key he talks about only describe the trustworthiness of the kernel. It in no way affects the freedoms of copyleft. It's only the embedded keys, which can be used to nullify the freedoms offered by copyleft, that need to be released.

Re:The problem with signing

[AuMatar]

Its not the same at all. I buy Tivo hardware. I have the right to use it as I wish, since I own the hardware. A hardware mechanism that stops it from booting if unsigned prevents me from utilizing my rights as an owner. If the code Tivo uses is GPLed I'm being denied my rights twice- not only my rights as a hardware owner, but my rights under the GPL.

Linux signing the key is different because its unenforced. Its a way of recognizing that Linux blesses this version of the kernel, but it doesn't stop you from running any other version of the kernel.

Re:The problem with signing

[mrchaotica]

The detail is that the Tivo hardware enforces the authenticity of Tivo's signing key, whereas it's up to the user to enforce the Linus key.

But the effect is the same.

If a company, for example, edicts as policy that they won't accept any kernel save that signed by Linus, then that pretty much leaves everyone else out of the picture for Linux kernels, doesn't it? GPL or no, that company can't get a kernel from anyone else.

The difference is that the same entity is both the one releasing the code and enforcing the key. Linus doesn't have to release his key because he is not requiring it to run the code on anything (therefore, he isn't violating the license). Some company can create hardware that will only accept kernels signed with some particular key only if it doesn't actually distribute a modified and signed kernel itself (because it wouldn't be bound by the license in the first place).

This does bring up a flaw in the idea, though: what stops a company like TiVo from creating "unrelated" shell organizations so as to separate the kernel development and hardware development in order to get around this?

(note: I used the kernel merely as an example; there's no need to inform me about issues related to the lack of the "or any later version" clause)

Re:The problem with signing

[sumdumass]

so, suppose Tivo leases the hardware instead of letting you buy it. Then everything would be ok right?

You rights under the gpl require them to let you have the source code for GPLed software they distribute and possibly change it if that is your wish. Nothing in the GPL makes a claim that you are entitled to run that code on any specific hardware, is there? Not any provision that i know of.

Having hardware and not being able to run whatever you want on it is a different story. If you want to do something the manufacturer didn't intend, then you are going to have to work around the limitations of the hardware. This includes limitations purposly implanted by the manufactuer. But, unless the hardware is GPLed, I don't see anything in the GPL guarenteeing this ability.

This is a key example of why manufacturers don't want to provide GPLed drivers. It will be construed before the day is out that there is some fundelmental rights here and assure microsofts possition on the GPL being viral. Stop and really think about it from an angle outside the everything should be free attitude and look for the real issue.

Re:The problem with signing

[Great_Geek]

It seems to me this loophole is already closed by (all of) the drafts of GPLv3. It does not matter which key owned by whom, the KEY TEST (sorry, can't resist) is whether a modified version will run. If TivoV3 uses Linus' signature as DRM, then TivoV3 must give the user a way to sign using Linus' key; which means TivoV3 would be stuck.

The second draft is very explicit and well thought-out; the question is whether you agree with the intent. On the one side, RMS (and an all-star cast) with a strong philosophical position supported by well thought-out arguments. On the other hand, Linus with some spur of the moment comments opposing RMS (at least I hope Linus' comments are spur of the moment because his position is not well articulated).

Re:The problem with signing

[Hope+Thelps]

Stop and really think about it from an angle outside the everything should be free attitude and look for the real issue.

The sensible angle to look at it from is "what am I trying to achieve in licensing my software?"

If you want users of your software to receive the right to modify it then these terms are likely to suit your aims.

If you want manufacturers to be able to limit the ability of recipients to modify your code then the GPL is probably not a good license for you, and never was.

Re:The problem with signing

[DShard]

Even if they lease the hardware to you, they still are distributing licensed software for your use. They can't change the GPL with another licenses agreement. Anyone implementing this scheme is getting away with it do to lack of attention from users. So that ISP who has a DSL modem running linux who isn't offering you the source code is breaking contract law with their vendors, namely the copyright holders.

It doesn't matter what manufactures want. They aren't obligated to support linux. They aren't forced to use linux in their closed embedded systems. But if they do use it, since it means less cost, easier maintenance and higher quality, they are agreeing to the contract under which that code may be distributed. In the case of Windows CE, there is a definite cost and an onerous contract you need to agree to. Linux to has a cost too. You need to offer the source to anyone you give the software to. Leased, bought or free, you still need to offer them that.

Re:The problem with signing

[Chops]

It's not quite so simple. Suppose a manufacturer were to build a computer that would only run an OS signed with Linus's key. That turns his "signing key" into an "embedded key". The problem here is that there is no fundamental distinction between the two kinds of keys; it's just a question of how they are used.

The manufacturer building that computer is perfectly legal. Linus continuing to develop Linux and sign his copies of it afterwards is perfectly legal.

The illegal act -- and the signifier of the "fundamental distinction" you're after -- is when the manufacturer copies Linux in order to sell it to someone on his special computer. He may only make that copy if he's complying with the terms of the GPL, the same as it ever was, and in order to comply with the GPL, he must ensure that the people receiving software from him receive the same rights he had when he received it -- the rights to modify it for any purpose that suits them. Since he want to deny his customers that right (at least when running on the computer he sold them), the GPL v3 will (correctly IMHO) deny him the right to sell Linus's software along with his shiny new computer.

If he made that computer, and required that his end users download a kernel.org kernel signed by Linus in order for his computer to operate, he would be in the clear, as would his end users (since they aren't copying any GPLed work, the provisions don't have to apply). This situation would make RMS slightly unhappy, since the end user isn't free to modify his computer's software, but it's perfectly legal according to the terms of the GPL v3.

Of course, the DRM provisions aren't designed to attack that farfetched example; they're designed to counter the much more plausible example of Tivo-style DRMization of GPLed works, letting Tivo profit from hundreds of millions of dollars worth of community research without compensating the community in kind.

Lay off the acronyms?

[megaditto]

The FSF, GPLv3 and DRM, WTF, STFU, and RTFM

There, fixed it for you

I think...

[badasscat]

FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG)

We'd better get the CIA and FBI involved, along with the RIAA, NTSB, MPAA, ABC, CBS, CNN, AOL, MSN, and NBC. Oh, and be sure to alert the EFF and NRA while you're at it. Note that I am not affiliated with the RNC or DNC, although I am a FOB.

Of course RMS is not DRM!

One of them tries to control what you can do by enforcing a system of burdensome legal restrictions, and the other is a system for managing digital rights.

Could we use a few more acronyms?

[eck011219]

FYI, that article really ID's the SNAFUs with DRM and OSS as pertaining to the GPL. I was KO'd when I read it - IANAL, but I wonder if it's BS or OK. Maybe I'll keep it on the QT until I know. Gotta run - I need to have a BM so I can leave for my AA meeting ASAP.

Preaching to the choir?

Hardly. Slashdot features some of the most anti-GPL trolls around =- they can put the Microsoft Marketing department to shame on occasion.

*waves to the trolls* Hi! This is for you!

1) The GPL is only ever a problem for you if you want to distribute someone else's work that they already let you use for free.

2) See point 1.

Gift horse, mouth, examination via the anus... all those are things that spring to mind when I hear complaints about how restrictive the GPL is.

Re:Preaching to the choir?

[Millenniumman]

No it can't. It will always be free. The difference is that it can be used in proprietary software, and there is nothing wrong with allowing people that freedom.

OSS is properly a development model, not a philosophy.

He is against DRM, but that's not the point

[Ed+Avis]

TFA gets it wrong. Richard Stallman is opposed to DRM; look at the 'Defective By Design' real-world protests of earlier this year. But that's not the point here.

Since the beginning the idea of free software (as rms sees it) is that if you use a program, you should have the freedom to modify it, among other freedoms. So if you have a Tivo, you should have the freedom to modify the software that runs on your Tivo. If Linux is GPLed, then it's clearly not allowed for the Tivo manufacturers to ship it with a label saying 'we forbid modifying the software'. It's also not allowed under the GPL for them to try blocking your freedom another way by withholding the source code. But under GPLv2 your freedom to change the program can still be taken away, by the manufacturer making the device only execute signed binaries (for which nobody but the manufacturer has the signing key). GPLv3 as proposed is about making sure your freedom to change the software running on your computer (or Tivo) isn't taken away like this.

Of course anyone can write GPLed software that has DRM restrictions. But if you use it, you should have the right to modify it, and remove the DRM if you don't want DRM on your computer. That is the important point.

Analogously: there is nothing in the GPL against charging a sum of money for the software. You can sell it for as much as you like. But if you do, the person who receives it still gets all the freedoms to use, share and change the program.

I fear a repeat of the Bison fiasco...

[nweaver]

Bison (GNU's version of YACC) used to have the restriction that the output of Bison, since it was a large amount of code, was GPL. As a result, nobody used Bison except for GCC, because the liscence was untenible.

I fear that GPLv3, by trying to force RMS's notion of "Liberty" more strongly (anti-DRM provisions, anti-closed-hardware provisions) will be a repeat: GPLv3 based software will only be used by the real FSF zealots. Everyone else will avoid it.

Let us be thankful that Linus Torvald has more of a "tit for tat" notion rather than a liberty notion, and thus selected GPLv2 only.

Re:I fear a repeat of the Bison fiasco...

[noidentity]

I haven't heard the Bison story before, so I'll go by what you wrote. The difference is that the proposed GPL v3 restrictions will only affect those wanting to make closed hardware that runs a particular binary built from GPL software, while the Bison example affects anyone not wanting to use the GPL on the output. Unless I'm missing something, these differences are vast.

How would the proposed GPL v3 affect average programmers in a negative way, other than denying us pieces of hardware that come with GPL binaries and source code but which we can't use with modified versions of the source?

Re:I fear a repeat of the Bison fiasco...

[mpcooke3]

DRM will be used to attempt to restrict users rights to read documents, share documents, listen to music, watch films and possibly connect to other systems.

Microsoft, the RIAA and the MPAA have wanted to be able to do this for a long time.

We will then need a blessed versions of Linux that has been signed by a major financial backer like IBM who could give kickbacks to the right cartels just to be able to access the content we can currenly use and to read files sent to us from Microsoft machines.

I don't know if Richard Stallman stands much chance against the tide of monopolies and cartels that want to use DRM to restrict our rights(RIAA/MPAA) and kill competition (Microsoft).

But I'm glad someones trying.

Re:I fear a repeat of the Bison fiasco...

[Chops]

Bison (GNU's version of YACC) used to have the restriction that the output of Bison, since it was a large amount of code, was GPL. As a result, nobody used Bison except for GCC, because the liscence was untenible.

Correction: Bison used to have the restriction that the output of Bison was GPL, because nobody (including the FSF) had noticed that that was true. As soon as somebody did (in 1996 or so), the FSF put in a special exception and life went on pretty much as normal.

I fear that GPLv3, by trying to force RMS's notion of "Liberty" more strongly (anti-DRM provisions, anti-closed-hardware provisions) will be a repeat: GPLv3 based software will only be used by the real FSF zealots. Everyone else will avoid it.

Yes, the popularity of Bison has certainly suffered a staggering defeat; the Debian popularity contest, to pick a random example, shows it slightly less popular than X Windows, but slightly more popular than the ftp client. Doubtless we should heed your example and run screaming from the GPLv3 lest we, like it, and like Bison, become...

(shudder)

unpopular.

Nice use of the word "zealot" to describe harmless nerds who like to share their software, also.

Re:What's wrong with TiVo?

[Bryansix]

Because if you RTFA you will see that TiVo makes it impossible to run modified code on it's hardware which effectively makes the source code useless to anybody.

Re:What's wrong with TiVo?

[SpaceLifeForm]

Yeah, but.

They don't make it easy to hack the box and put fixes or
enhancements of GPLed software on the box.

Tivo went overboard, and locked down the entire box when
they could have done the following alternative:

Provide the source (as they do).
Provide a build environment so you can make enhancements
or install bug fixes to the GPLed software (they don't).
Provide a method to update the box (reflash if needed) (they don't).
Make sure the box will boot any kernel with GPLed userland (they don't).

Tivo could do the above, and provide their signed proprietary
binaries, and everyone would be happy.

Because of Tivo, RMS has been gamed, and he and Eben have
come up with a more complicated 'solution' to the problem.

All the GPLv3 has to do (with regard to DRM), is to require
that distributors provide the source, provide the build environment,
provide their proprietary binaries, provide a method to update
the box, and make sure the box will boot even if you change the GPLed software.

Everyone will be happy, and the spirit of GPL will be preserved.

Re:What's wrong with TiVo?

[MojoRilla]

The irony here is that by requiring signed binaries, TiVO is both restricting and protecting users.

Sure, by requiring signed binaries, you are restricted to run code only from TiVO. This restricts what users can do with their own hardware.

At the same time, since these devices are now on networks, there is a real possibility of them getting hacked. If TiVO ran untrusted binaries, this probably would have already happened. Of course, this happens now with Series 1 TiVO's, but you can't put them on the net without hacking, and if you are smart enough to do that, you probably have a firewall. So in some ways TiVO is doing a good thing by only running trusted code.

It is an interesting tradeoff.