Slashdot Mirror
Hypervisors Can Defeat GPLv3's Anti-Tivoization
DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.
Frankly, I'm not sure what the article is trying to state.
If the code is released under GPLv3, then modifications of the code must be able to run on the same hardware. It doesn't matter if the key to run the code is a checksum or a password to give the hypervisor. Either way, if modification of the client cannot be dropped into the place of the original client (either to run on the same hardware or the same hypervisor), it's in abuse of the GPLv3.
Help! I'm a slashdot refugee.
I can't help but think this kind of tivoization will be horribly broken by the end of the year. there's likely a way that someone somewhere will figure out a way to wipe the whole mess and do away with this nonsense.
Sigs are too short to say anything truly profound so read the above post instead.
GPLv3 states that you have to be able to use modified versions of the code on consumer devices. How can you circumvent that? Even if it runs in a hypervisor, you are still violating the license.
the Anti-Tivoization clause is one the sore points in my book about the GPL 3. Because of the hippocraticy worded in it,
For TiVo being a consumer product is Bad, IBM Being corporate product it is good.
Free Software has a lot of advantages but if you try to get too academic with it it gets to a point where adoption of such products are impractical.
Take the TiVo, what GPLv3 wanted to do was force TiVo to release their DRM so the community has access to their product. What actually happends is TiVo
finds a backdoor to the license and uses it, or drops using open source and any stop to any shared contributions from TiVo and a move to a different
platform.
The License for free software is the cost of using the software. (Except for trading money (and rules) for rights to use, you agree to follow these rules for
rights to use) as more rules you add to the license the more expensive the free software becomes. So if you make FreeSoftware to strict on its use
people won't use it. Academically Free as in speech software sounds like a good plan but real life realizes there is information that you want to keep
private.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Simply put, if any part of the firmware is GPL 3'ed, even if it's running under a VM, it still requires the ability to replace it by the user w/o authorization from the factory. If I remember the license and discussion about it, it's "if it's in there, it's there for all."
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Legalese dictates engineering choices?
Do they really think software these days isn't slow and bloated enough without the additional burden of context-switching, just to circumvent the licensing problems?
I equally despise Microsoft and RMS these days...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
You are trying to use the law to stop people from using technology. You make rules that say you can not make a hard to modify device that runs Linux like a Tivo. They make it hard to copy a DVD. Both groups will find a technical way around the problem. The sad thing is that GPLv3 treats "professional" systems differently than "consumer" systems! May both sides have fun trying to write around technology.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
To help slashdotters not have to RTFA!
(from the whitepaper link)
"Device vendors are also required to provide access to the source code of the GPL programs (see PLv2 ï½3, GPLv3 ï½6), including "the scripts used to control compilation and installation of the executable" [Footnotes 4, 6]. However, the GPLv2 does not require that installed executables must work, which enables a mechanism the Free Software Foundation calls "Tivoization."
"Tivoization," according to LinuxInfo.org, "refers to the configuring (by the manufacturer or vendor) of a digital electronic product that uses free software, so that the product will operate only with a specific version of such software." Technically, this means that a vendor of a product that uses GPL v2 programs could provide access to the source code, thus being compliant with the software license, but the product would be prevented from working if a modified version is installed, through the checking of the software image's signature."
the more things slip through your fingers.
Either Tivo is considered a derivative work of Linux or it's not. In the former case, the company is required to release the source code to both hypervisor and Windows CE or else cease shipping the device. In the later case, Linux developers have no business telling Tivo what to do with their own hardware and software. Neither should Microsoft have any legal say in people running Vista basic in a VM.
Did I miss something in the article, because all I read is "GPLv3 code can exist in the same universe as non-GPLv3 code provided there are clear boundaries." Which just begs one to add "In other news, some still consider water to be wet."
Seriously though, as far as I understand the article's intent it simply proposes using a hypervisor to isolate closed/locked code from GPLv3, providing the same type of boundary dynamic linking gives between (possibly closed/locked) OS libraries and any GPL application - except at a lower level.
Seems like the whole GPL 3 thing is "going the other way" if you step back and look at it.
It used to be that the restrictions on proprietary code caused people to want other options, and jump through hoops to get around the restrictions.
Now people will be doing the same to deal with the restrictions of GPL 3.
Seems that the "spirit" of open software is being compromised by people trying to nail it down in legal terms.
Running a GPLv3d executable under a modified BSD kernel that prevented that GPLv3ed program from violating its constraints would be the moral equivalent of what this company is suggesting, but without all the virtual machine crap. I'll let other posters deal with that issue (though I suspect that what they're doing doesn't really violate the letter or spirit of the GPL.)
What I'm complaining about is the buzz about virtualization. What is the point? How many levels of abstraction do we need before we realize enough is enough, and that we can do nearly everything we need with what we've had forever?
We WERE playing Buzzword Bingo, weren't we? I thought that "Anti-Tivoization" was never going to come up.
The resulting product is fundamentally different from a TiVo.
While on TiVo, there is no way to change any part of the code without the signing key, in the proposed solution it is possible for the user to change the whole open-source system with an other one, as required by the GPLv3 license. As such, there is much more freedom for the user to tinker with its own system.
But for the manufacturer, it has the distinct advantages that some parts of the system can be isolated from the open subsystem, in a much more stable way, both legally and technically, than in a closed-source driver. Thus, it is possible to implement DRM, software subject to type conformance, or safety-critical tasks without risking corruption from the open system, whatever this system does. And contrary to the current solution, this does not require additional hardware.
Why are we doing this? Why are we trying to break GPL3, when it's the type of license that benefits the user the most of all?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
This sounds like SELinux or AppArmor, you get to modify the code but if the security context is the same, you can't access any more. Maybe a bit more fancy than that since virtualization will allow you to share devices without sharing content. In short, you have a hypervisor that can run two VMs, e.g. one Linux and one Palladium/TC/TXT DRM-up-your-ass Blu-Ray/HD-DVD player and yet they live in separate world. This may actually be the easiest way to get HD content playing on your Linux machine, but technically not under Linux.
Live today, because you never know what tomorrow brings
Maybe I misunderstood the intended market, but why would Tivo be interested in this? A better solution would to have another CPU running the "secure" functions and have it service the needs of a larger CPU that runs the GPL code (this aux CPU behaves as an ASIC). Keep in mind, I am talking about low power CPU like the smaller PowerPC or ARM.
It would be cheaper per unit since it would eliminate any run time license fees from the hypervisor provider.
It could be more power efficient since the hardware designer wouldn't have to bump up to a larger CPU model to accommodate running two virtual machines.
It would be more secure since the secret code would reside wholly within the auxiliary CPU and the main CPU running the GPL code would only pass messages (eg. Function calls) via a defined protocol.
It would be a more modular approach that allows different product designs to share the same auxilary CPU.
It would be GPL3 friendly, while keeping content providers happy.
Just wondering...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
I thought virtualization was an pretty obvious workaround to the GPL3. To be honest they should have put language into the licence to prevent using virtualization to circumvent the DRM clauses
Really, your new version of the kernel will have the same privileges as the old version. I see no problem with that.
I only fail to understand why they plan to put a kernel above that hypervisor. For it to be of any use, the hypervisor must controll all I/O operations anyway, what they get from Linux?
Rethinking email
This wouldn't work. If we use Linux to pass off data to another OS (i.e. Windows) for processing, whether that OS is virtualized or on a remote computer in another country, if the whole process as a whole is necessary to perform the task the system was designed to perform, then the secondary OS (Windows in this case) becomes a derivative work and is such already prevented by GPLv2. This is precisely why MPlayer does not bundle win32 codecs with its player. Mplayer does precisely what this whitepaper describes: virtualizes windows api, passes off encoded video to the proprietary Windows codec to play video for Linux.
That's not quite what I am saying. Basically the hypervisor could limit resources to unsigned code, such that the code will still install and "run", but have such limited resources that it will not function properly. This could be done, by say limiting the memory to unsigned code, or not allowing use of a floating point unit, or GPU.
Copylet being torn apart by Tivolization and hypervisors... hmmm.... That only shows the many ways to hack the hacker's copyright hack! Everything can be hacked!
I'm not sure how this is different from including any other non free junk along with your distribution or what this has to do with GPL3. If the distributor takes GPL3 code and turns it into non free or tivos it, GPL3 kicks in and the distributor loses the right to distribute. If the distributor makes some kind of non free thing of their own, so what? The mechanism should make no difference, the GPL only covers distribution. Who cares if they use a hypervisor or TPM to launch WinCE or a Vax emulator? As long as they don't make someone else's softare non free, no one should care.
Because that makes no sense, let's look further at the other article linked:
"illegal attacks"? What kind of new DRM snake oil am I looking at here? I'd laugh this off if it were not supposedly from some guy at Sun.
The bottom line is that they have tied the software up in hardware and TPM knots. At this rate, I'm not sure what they want GPL'd software for. If they are going to buy a hypervisor and a media player why not buy a non free OS from the get go and spare themselves the trouble and obligations that cut against their anti-social nature? Either way they go, people are going to find a way to get hold of their precious data and devices.
Friends don't help friends install M$ junk.
...could allow companies to build Linux-based devices...Only addresses the technical challenge, whereas marketing a product like that is a whole other ballgame. Take the Apple/AT&T stupidity as a prime example.
Let's see... Apple comes out with a "closed" product and grants exclusivity to AT&T. How long did it take for Adam Smith and free-market economics to demonstrate how poorly their strategy is... less than 2 months.
The iClone already looms in China which is a much larger cellular market, a teenager successfully hacks not 1 but 2 iPhones, and there are at least 2 companies that have already publicized software to liberate iPhones from the Death Star (that was the old-skool name for AT&T's logo).
Back to the topic at hand. Going with a closed strategy makes it easy to market a competing platform that is more open. OpenSource and open platforms are good for business and for markets because promote innovation, among other things.
I take no issue with their choice in direction as it creates more opportunities for open plaforms.
Hope is the currency of fools
I may be confused, but isn't this actually a way of complying with the GPL3? Using a hypervisor allows users to upgrade the kernel of their device without running into the (theoretical) security problems that companies who lock down their devices are afraid of.
You omitted the sentance before that, ""Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. " ('The Information' from your quote above is referring to 'Installation Information', enumerated here, and is not any and all information about the hardware ... it is this specific information enumerated) ... so sure, I can provide you with everything you need to trigger your code, but I can limit what you can do. Your program installs. Your program executes. But it lives in my sandbox. (is my take, and so far as I can tell, fulfills the letter of the law)
The text is almost correct... until you look at the picture and see that the VM's are nto perferct isolated but use a communication channel that effectively links the gplv3 code (linux is still v2?!?!) tightly to the video application. That part is not discussed in the text. I think it is all allowed under v3 until the v3 code is tightly inter coupled with the video application. (YES the RED part, like the evil guy wearing black this evil part of the picture is colored RED! ;)
By the way, linux on the ps2 is run that way. It is run in a tight controlled section of the machine that does not have access to the copy control mechanism. But in that case there is not sought after a way to circumvent those limits. YOu cannot play a dvd under ps2 linux
nothing in the GPLv3 says that it has to run as well. For example, a non-authorized OS might boot, but not before some hardware is turned off... "Yes, it runs." "Does it do anything interesting?" "Well, I can ping it from the network..."
Ok, that was an extreme example (that might not be permissible) but nothing precludes a new GPL3 Tivo from disabling the tv capture hardware, for example, when an unauthorized OS is detected. At least that is my reading...
LedgerSMB: Open source Accounting/ERP
Start with two machines: a "Tivo" with proprietary firmware, connected via LAN to a PC with a Trusted Computing TPM and a GPLv3 OS image signed by the "Tivo"'s vendor.
The OS can be altered and recompiled on the PC at will, staying well within the provisions of the hardware/software definitions as used in the GPLv3 license.
But when streaming video from the PC to the Tivo, remote attestation is used to verify the signature of the OS image booted on the PC. If the bootstrap signature is not provided, or doesn't match, the Tivo refuses to play the provided stream.
Got it? Good. Now all you need to do is re-imagine the PC in this model as a virtual machine run inside the Tivo itself, and you get the idea.
There might be a problem with this end-run, however. It all depends on whether the GPLv3 has to say specifically about what functionality is locked out without a bootstrap signature from the VM. If there's some language about insuring "complete", "full", or "all" functionality to modified versions, then it may not matter whether there's a hypervisor in the way or not (although the original network example I gave above is still legit).
I'm intersted to hear what the lawyers have to say.
Then your sandbox needs to be large enough to allow for the unmodified program as well. If the unmodified program cannot run correctly when run in the sandbox
... no case prevented or interfered with solely because modification has been made." Now again, a program can function without functioning as intended. I see that as a loophole, don't you?
... there are other ways to tell if something has been modified, other than checking the source itself. IE, removing a jumper to connect to a programming interface, SMT fuses that pop on programming, etc. Hardware remedies that don't check for modification. You could be uploading an exact perfect image of the original code - these remedies aren't discriminating 'because modification has been made'. Might be a stretch but again, letter of the law versus spirit of the law. Former wins in court.
OK, here is the distinction: run, and run correctly. What is correct? The full relevant quote is,
"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made."
So, using my admittedly weak English skillz (I am an engineer), "The information" in sentence 2 is modifying "Installation Information" in sentence 1, which enumerates a number of things required to (1) install and (2) execute modified versions of the GPLv3 work. Sentence 2 then says that the information must be sufficient to ensure continued functioning of the object code. It does **not** say that it has to function identical to its non-modified counterpart, however it does say "continued functioning
A secondary loophole: "solely because modification has been made"
Have you submitted your thoughts on this loophole to any official of the Free Software Foundation?
If my 5 minutes of thinking have bested the how-many-months of development of the GPLv3, I'm not sure they deserve to know. That's just my quick read of the text. I could be wrong. But read in context it reads pretty clearly.
For this to be GPLv3 compliant, the hypervisor must either allow the spiffy network card to whatever kernel is running, or deny it to all -- or allow/deny based on something other than a checksum of the actual code running.
It's a bit like Linux on the PS3. Fine, but what can you do with it?
RMS is the one out to destroy all proprietary software. I'm not. I don't want to destroy TiVo.
But anywhere TiVo gets to use my code, I get to go in and make changes. That's the deal.
So, I dare you, come up with a possible use for GPL code here that doesn't either let us easily circumvent DRM, or completely defeat the point of TiVo using GPL'd code in the first place.
Don't thank God, thank a doctor!
It would still be "hippocracy". We don't call it "democraticy", do we?
Maybe it has something to do with doctors, though? The Hippocratic oath?
So why would that bother you? I certainly think "do no harm" is a noble goal, and not incompatible with the goals of the GPL!
Don't thank God, thank a doctor!
As someone who sometimes has to write banal, reinvent-the-wheel code for a living, this sounds like good news to me.
I don't want my company to reuse GPL'd code. I want to earn a paycheck from (re)writing that code. It's a bonus if GPL'd code exists that does something that I need to do, because I read that code to figure out basically how I should write my own code. But my company will not consider using that GPL'd code because of the licensing issues.
Yes, the only benefit this provides my company is that they own the code that comes out of my keyboard. Yes, I'm fine making my living exploiting that desire.
A rich library robust, high-quality, open-source code that no employer dares to reuse is a lazy programmer's dream.
Y'know, you could just choose not to circumvent the licensing problems. You could just use code which you can get under a license that lets you do what you want with it. Or you could *gasp* write your own code! What a concept!
And at the risk of sounding petty, they started it. The root of this problem is not the GPLv3, it's DRM and Tivoization. I run a Linux machine, and I use it to view plenty of media which is either un-DRM'd or easily cracked (DVDs) -- and I require absolutely no VMs to do this.
To be perfectly honest, the legalese does not have to dictate the engineering choice here. You could simply make an engineering choice to use an open platform. No engineer in their right mind would use DRM as an engineering choice -- we all know it doesn't work, doesn't even slow the real pirates down much. If you're forced to implement something like this, realize that it is, in fact, a legal choice that someone made to force DRM on you.
Don't thank God, thank a doctor!
A working example of what this means.
Of course, to me, it means not buying a PS3, and not bothering to put Linux on it if I did. What's the point, if it's restricted from touching anything interesting? But it is nice to know that, unlike the pathetic PS2 "linux", I can run any distro that's bothered to port itself.
Don't thank God, thank a doctor!
A hypervisor actually makes this a lot easier because it establishes a virtual machine underneat which different software could be running.
When we send our credit card numbers over the internet, we do not trust that information to any router along the way. Similarly, a robust DRM solution would not want to trust the software itself with any unencrypted media content. Enter the hypervisor.
In such a system, each machine could have a public/private key pair which could be used to exchange DRK key information using established techniques such as we use for SSH. The OS would not be trusted with the key, nor would any software above the hypervisor. In short the main OS and media player would be unable to do anything more than handle encrypted streams of data. All decryption/DRM enforcement would take place below the hypervisor, and the operating system would not have any access to anything that is sensitive.
Another option would be a hypervisor which would separate GPL'd portions from non-GPL'd portions running some other OS (or possibly simply other kernels). A base kernel could route requests between them. THus the GPL'd portion would exist in a sandbox, unable to do anything interesting.
LedgerSMB: Open source Accounting/ERP
Read the summary again -- it's a company that makes hypervisors. They obviously have a vested interest in selling hypervisors, and if they can sell them as a way to break GPLv3, so much the better.
Personally, I don't see this as "breaking" the GPLv3 at all. I don't mind that there are closed parts of a system, as long as I'm free to modify the open ones, and the open ones are sufficiently isolated from the closed ones.
It's a bit like porting Firefox to Windows. Nothing wrong with that, is there?
Don't thank God, thank a doctor!
I suspect that for embedded devices such as this we'll start to see companies either rolling their own systems or grouping up with other companies to put together a base OS and tools which they can all use. In the long term it'd be cheaper than licensing the operating system from Microsoft and less legally fraught with peril than having to worry about OSS licensing. I think OpenCable is working that way now...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Yeah, yeah, non free media stays encrypted and I can't have it. How does this lead the author to conclude:
this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses."
GPL3 makes sure that free software stays free. Let's see if I understand by imagining:
So what has the hypervisor really added? It just looks like another layer or restrictions, which someone somewhere will break.
If it really does make the device into a tivo, you have a GPL3 violation which springs into effect regardless of the mechanism. If it does not do that, the GPL3 has not been challenged.
Friends don't help friends install M$ junk.
Except that even the GPLv2 required separate software delivered with a GPL program and required for it to be used to be considered part of the same "work" and licensed under the GPL, as well, which would mean the anti-TiVo clause still applies to the hypervisor.
The GPLv3's "aggregate" clause is different than the corresponding clause of the GPLv2, and may allow some things that the GPLv2 doesn't, but only allows such "aggregate" software where "the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit", so using a non-GPL hypervisor distributed with a combination of hardware and GPL software to limit or subvert the user's effective freedom to replace the GPL software under the GPL would, itself, seem to be a violation of the GPL.
So what is Tivo worried that by allowing people to install a custom kernel or a GUI that it will "harm" their market share? Because 1% of people actually will install different firmware? And how is this bad for Tivo? Because that 1% may now buy a Tivo simply for hacking that they wouldn't have otherwise? And for DRM... The person had already watched the show what difference does it make if they record it again. Chances are if people even cared about it, it would already have been broken. Honestly Tivo has nothing to lose if it allows people to hack it.
... for the obtuse who posted at length until here.
But there will be a potential license issue if the GPL-ed software is designed to be connected only to a closed-source attestation unit.
The question is how much difference there is in the way the license treats connections via dynamically linked libraries and the way it treats connections via a network.
Guess I need to go read the license.
Anyway, if adding code which will only run when connected to a closed-source dynamic license is against the letter of the GPL, clearly, this kind of supposed end-run is at very least against the spirit of the GPL.
joudanzuki
Then the administrator was killed in a battle against the viruses. Obviously, that wasn't enough
So we upgraded again, this time to a supervisor. That worked well enough for a while, but then the authorities at the Tivo corporation found out the supervisor's powers were ineffective against their sworn enemy, the GNU resistance.
Infusing it with the power of virtual machines, the supervisor was converted into the much more powerful hypervisor!
So, long story short, I for one welcome our megaultravisor overlords.
The FSF believes that stealing is bad, but chooses to enforce that with purely legal means, not technological. Furthermore, their means put power back in the consumer's hands, taking it from the developer -- the MPAA/BSA/etc take power from the consumer, and brings it back to the developer/producer.
The MPAA, however, will use all of the means available to them -- technological, current legal, drafting new legislation, and completely pointless and unfounded lawsuits -- to achieve their goald of preventing people from stealing.
Think about that, for a second.
Think about the broader implications, too. I don't want free software to take over the world, but if it did, would it be so bad? You'd still be able to do anything you want with the code, including fork off projects of your own, so long as you kept the same license -- that license which forces you to redistribute your code, and keep the same license.
Compare that to a world run by the MPAA -- we'd all be running Tivos, Xboxes, etc. Computers would be outlawed, or they'd essentially be the same thing. And if you so much as think about doing anything you're not supposed to, we'll sue you.
I think we can all agree that killing is bad, and that murderers should be removed from society. But consider two ways of dealing with this: In one, anyone actually caught killing or attempting to kill someone is put in prison for life. In another, anyone caught with a gun, or even anything slightly pointy that could conceivably be a weapon, is shot on sight.
Same goal, but the means make all the difference.
Don't thank God, thank a doctor!
I'll gladly feed the troll here. DRM inherently limits access to the public. It is, by definition, a restriction on allowed distribution. The GPL can also be said to be a restriction of allowed distribution but there is a huge difference.
One restricts against distribution, the other mandates distribution. One is inherently silencing the voice, the other is inherently requiring you have to free it. One will consistently disallow users to share for the common good, the other ensures that they will.
Tell me how you can throw those under the same umbrella. They have one similarity - they determine the rights of distribution. They are diametrically opposed in the way in which they do so and what that means to the end users. Don't pretend you don't know the difference. I can guarantee any average user could.
Couldn't one just change the GPL'd OS source to in effect ignore or work around the closed sourced one? Unless they can also split the hardware control effectively neutering the device unless the closed OS is used?
I just can't be bothered.
If you read the article, you'll know that the article is really nothing more than an ad for the Trango hyperviser system. After reading it, I'm let to wonder why someone with goals that conflict with the GPLv3 would want to run Linux at all? I mean if you're going to all the trouble to install and run a proprietary hypervisor, why not just go the rest of the way and replace Linux with a tried and true commercial, proprietary, and closed embedded OS. Why all this fuss about wanting to use linux at all? Seems to me that Linux, while ideal as an embedded OS, is hardly the only choice for the Tivo's of the world.
Anyone who uses Linux in a Tivoized way, and feels bitter about the GPLv3 needs to examine themselves and their motivations and recognize that everything has a cost and now we are requiring them to pay up by honoring the GPLv3, or pay up by licensing an OS which is compatible with your aims. Complaining about the GPLv3 and trying to find ways to game the system is disingenuous at best, dishonest at worst.
If they want to lock the stuff down, why not just build the system with a BSD instead of using GPL code?
Just say "FUCK YOU" to the FSF and stop using Linux.
And let all hardware makers stop using it. BSD is just as free as in beer, and just as good, and you don't have to deal with RMS's religion. Or even use WinCE or XPEmbedded. Whatever, just don't use a technology that is based on religion.
So where's the beef?
The GPL3 doesn't stop DRM. Woot stop the presses! I could have told you that months ago during the drafting process because it's not designed to stop DRM.
Liberty.
There will be a GPLv3.5 in near future.
.5 release - like for example, erm, Notes or Sybase. .5 upgrade Release, making 200.0 a 200.5.
Like for every other great thing there will be a
Even the MS SQL Server got a
The point of this is that at the moment Tivo boxes run linux directly on the bare metal. But Tivo want to implement certain policies to control usage of the device, for e.g. they may not want you to be able to send unprotected video over a network link, or they may only want you to be able to send anything to specific authorised devices. These policies are implemented in software. Somebody who wants to bypass these policies can therefore, largely thanks to linux being open, simply modify the linux installation on the tivo box to do whatever they like. To prevent this Tivo have implemented a solution restricting users from modifying the linux software on the device. The GPL v3 prevents this kind of restriction, (among other things) in short if a device runs Linux the user must be free to modify it. This means that again users can bypass any software policies Tivo decide to implement. What TFA is suggesting is that linux on a tivo box can be run on a hypervisor. This means that tivo's policies can be implemented within the hypervisor, the hypervisor can be configured to only allow certain types of network connections for example. With linux then running on top of the hypervisor users can change what they like but they will not be able to bypass tivo's policies (untill the inevitable security hole is found in the hypervisor of course). I actually quite like this solution, while I don't like DRM this does mean it will be easy for users to customise it's OS anyway they see fit, maybe altering the UI or adding small apps or maybe even light games
A hypervisor is not needed to do this; a network (maybe in a box or on a board) could do the
same with entirely separate chips. To keep this from happening would require some kind of
language so that "linking" would encompass apps that live in multiple places, whether or not in
the same execution engine or address space, so that the complete function required all of them.
This would mean that remote invocation of code or other separation techniques would not matter.
The key would be that pieces of software requiring, say, a GPL piece to work would fall under GPL
whether or not they were link edited together; the test would be that combined function requiring the
GPL piece would be GPL. It is possible to link together 2 routines such that they are part of the
same program, yet one does not ever invoke the other. I've done this with driver code at times,
just to get some other code loaded into kernel, where the "extra" loaded code was unrelated to the
driver and neither called nor was called by it. Thus the link-edit definition of "linking" is
arguably less correct than a combined function one.
I make a living writing software for small businesses. They pay me for my time, but they generally don't care what I do with the software once I'm done. In fact, they like the idea of GPL-ing it, because then they get the advantage of improvements from the community.
Whatever their reasons, IBM has found a way in which they can make a profit, while employing people full-time to work on Linux.
Not only that, but do you ever wonder who pays Linus' rent? He's a millionaire by now... But here, take a look. If there was no money to be made in open source, why are these companies literally giving money to the main Linux developers?
Even in a business model based around supporting an open source project, there's plenty of room for developers and innovation.
So it's worse to tell you something insulting about yourself than to sue your ass into oblivion for no reason? That's not unethical, that's just stupid.
I actually don't have any problem with your ethics, except the part where you apparently can't or won't read my post. I did address every single issue you had, and you proceeded to ignore that and rehash the same arguments... except, oh, "tech support sucks" may have been a reference to support-driven business models.
Don't thank God, thank a doctor!
The corporate sponsors didn't show up for a long time -- I believe it took several years. And they certainly didn't notice until Linux was in a usable form.
That's the essential difference -- 1991 was when Linus released a working kernel, all by himself. HURD had absolutely nothing usable at that point. Neither had any corporate backing, and in fact, Linus expected HURD to replace Linux whenever it was done, but as it turns out, microkernels are much harder to write than monolithic kernels, and developers do tend to flock to the more popular open projects.
Only if you have an agenda.
If you were trying to make a case of Linux vs BSD, it would be telling. Linux has more developers simply because it was the first on the scene. BSD was still closed at that point. So, it does say something about a massive open community versus a few proprietary developers, and also about why if you're going to go open source, you should release early and often.
Don't thank God, thank a doctor!
But I also question whether or not it matters as much-- once the various Linux desktops reach critical mass. The fact is that in the Linux World, DRM'd stuff is pretty much ignored or worked around ANYWAY, so if someone comes up with a GPL'd codec to a DRM'd content file, the vendors can't control the ability of the Linux OS running under the hypervisor to access the content anyway. Also, since most of us aren't going to be running hypervisors on our machines, why would we buy a machine configured to work against us?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
Because the Linux and the video app communicate via shared memory (and not the kind of arms-length communication -- files, pipes, messages, etc. -- used between separate works), the video app needs to be GPL3. That may be the Achilles heel of this arrangement.
In the UK at least you get 28 days to refuse a contract and all monies spent are returned. If buying a CD is a contract then you have 28 days to read the license and refuse to return the item (actually, just refuse the contract, no item needs to be returned: you just lost right to use the product).
If you need to use tricksy words to get around something, isn't this DEFINITE PROOF that you aren't obeying the spirit of the contrct?
If Tivo thought that the FSF didn't mind their code being used this way, would they instead ask them to clarify that they could do this? That they didn't shows, surely, that they know the FSF DIDN'T.
I see a lot of comments, but not one about how the inherent problem that is the company trying to control what we can or cannot do with our own hardware that we purchase.
THAT is the problem. If I purchase it, it's my hardware and I'll do whatever the fuck I want with it.
There should just be a no bullshit fine print statement in the GPL that states, "any hardware running any GPL'd version of software needs to be 100% unrestricted, same goes for any other software running on that."
I'm sick of this stupid legal babble. "Oh TECHNICALLY we can do this" - kiss my ass.
This should be modded up. Excellent summary of all of the points.
An incomplete list of some important differences between the GPL and DRM:
The GPL is perpetual. A significant fraction of DRM can have privileges "revoked" afterward, whereas the whole point of the GPL is that no one can ever revoke those privileges.
The GPL is legal and may be sound; DRM is technical - and technically flawed. As this thread started with, all DRM can be defeated. If you can see it, you can copy it. It's POSSIBLE the GPL is flawed, but there is definitely not the certainty of that you have with DRM which, from a technical standpoint, MUST be flawed.
DRM breaks the ownership model over your whole computer. A basic problem with DRM is that it depends on the model that you have no right to any control over your computer, a device you bought and did not rent. If you rented iPods and could only play DRM music on them, so be it. But DRM has coopted ownership to the extent that it's in deep conflict with the right of first sale.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
It doesn't run on the Tivo, so is that because the source isn't complete or is it because of a checksum in the hardware? Tell me.
"Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 1 hour, 17 minutes since you last successfully posted a comment"
Soon it'll be 2 hours...