Slashdot Mirror
Open Source DRM Solutions?
Feint writes "I'm working on an business platform for inter-company collaboration based on an open source software stack. As part of that platform I would like to integrate some sort of digital rights management for the documents in the system. The vast majority of articles about DRM are focused how good or evil it is to apply DRM to digital music or video. I haven't seen many articles address open source solutions for protecting business data like CAD / MS Office / PDF / etc. documents, which is a real need in business today. Can the Slashdot readership suggest some open source DRM offerings other than the Sun DReaM initiative, which hasn't had a release since Jan. 2007?"
If it's open source, you can change it thus disabling any protection it might offer unless it's some hardware-backed signing. The system isn't designed for it either, just removing all the ways you could dump the information anyway would be big job. Just get Vista if you want an end-to-end DRM stack. In short, you want to give someone the DRM'd file, the instrcutions on how the DRM works and still want them to be unable to decode it on their own, bypassing any DRM? Not going to happen.
Live today, because you never know what tomorrow brings
You need to go find out what DRM is.
DRM is about Alice/Bob/Eve cryptography where Bob and Eve are the same person. All DRM tries to work by hiding the Implementation - Universally, it fails.
Open source is about revealing the implementation.
OpenDRM. Just say Huh?!
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
How about trusting the people you give documents to?
We have had this discussion. There is no legitimate use for DRM. It has no right to exist. I have told people this before. DRM does not improve the security of corporate networks. Thats not what it is meant to do. DRM has just one purpose. to deprive people of the right to use the computers they own as they see fit. Securing documents and sensitive company data is to use good security practices. IPSec, Kerberos, PKI, that kind of thing.
Point. Learn good computer security practices.
I want DRM to dissappear from this world forever/
Well, that's the rub isn't it, OSS being conceptually antithetical to DRM. Most open source licenses (hi BSD guys) require contributing your own work back to the collective good.
I second the earlier idea that encrypting your data is the best option, and submit for review the existence of libcrypt as an efficient means of accomplishing said goal.
This comment is fully compliant with RFC 527.
"trusted computing" nonsense won't change anything. It's just another pile of inconvenience for the paying users that will be snipped out entirely for the bittorrent version. Sony and Microsoft have been doing their best to build tamper-proof encryption-based hardware systems (playstation and xbox series), and they're all defeated by a modchip soldered onto the motherboard - you let the tamper-proof hardware do its thing and decrypt the data, then you snoop the data right off the memory bus on its way back from the chip.
Hardware is no harder to attack than software, it just needs different tools. DRM cannot ever work.
You're being highly inaccurate. Your definition of "work" is "work perfectly". This is not the aim of DRM. DRM aims to make it difficult to copy stuff around.
I'm not aware of a mod-chip for the PS3. Your summary of how mod-chips work is incorrect anyway. And there isn't an off-chip bus carrying unencrypted data around on a real TCP. Get a clue.
Sure, maybe a million-dollar lab can open the chip inside a suitable vacuum and snoop the internal busses; for most people that's out of range, and the kind of people who run million-dollar labs don't tend to allow their use just to warez the latest game.
There's a clear economic message here - can you see it yet? When the cost of breaking DRM is higher than the profit to be made, DRM wins. It doesn't have to be perfect.
Now get with the program - DRM is a clear and present danger to our way of life. Don't sleepwalk into it.
The problem with DRM is that it is a narrow technical solution to an wide ranging, largely non-technical, problem.
There's a clear economic message here - can you see it yet? When the cost of breaking DRM is higher than the profit to be made, DRM wins. It doesn't have to be perfect.
Well it allows DRM vendors to sell DRM systems. The technical difficulty of breaking DRM has to be higher than the average executive at a record company.
However, there are at least four aspects to the problems for DRM to actually work as you have described, i.e. as 'resistance' that stops the kids from copying enough for them to get on the bus, queue at a checkout and go home again.
1. Politics: The majority of people don't believe in the propaganda of the content industries. Even those that think they do, don't appear able to act on their beliefs.
2. Communication: You only have to break it once, then the means of circumvention can be spread at the speed of Ethernet.
3. Physics: It is harder and slower to build and deploy restrictions than destroy them.
4. Sociology: The productivity of a grown-up working in an office with paperwork, clocking out at 5, family commitments etc, is far lower than some dedicated student working 24 hours per day to get their Blue-ray player to 'work'.
My little Linux and tech blog
So when you share your name, address and credit card number (commonly considered 'personal data') with Amazon, under the 'information wants to be free' principle they can share it with whoever they want?
When you share your passport, National Insurance and driver's licence numbers, family details and NHS numbers with the MoD when you apply to join the armed forces, it's not such a big issue if they then (inadvertently) share it with the public?
The vast majority of your personal data will be shared with some person, company or organisation at some point. That's the whole point of having personal data in the first place. It then stands to reason that the definition of 'privacy' is that it is not then shared any further.
There is a fundamental technical problem with DRM which can't be solved that others have said before in various forms, so I can't claim this as my own:
Encryption is all about securing data so you can send it safely from A to C without B being able to read it. The problem with DRM is that B and C are the same person.
This reality will _never_ change despite what technology is being used. In order for our senses to comprehend the signal or heck even if it were sent as a direct data stream to our brain--the man in the middle is us and we can, if we so choose, mold that stream into whatever we want.