Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source DRM Solutions?

Posted by kdawson on from the using-the-force-for-good dept.

Feint writes "I'm working on an business platform for inter-company collaboration based on an open source software stack. As part of that platform I would like to integrate some sort of digital rights management for the documents in the system. The vast majority of articles about DRM are focused how good or evil it is to apply DRM to digital music or video. I haven't seen many articles address open source solutions for protecting business data like CAD / MS Office / PDF / etc. documents, which is a real need in business today. Can the Slashdot readership suggest some open source DRM offerings other than the Sun DReaM initiative, which hasn't had a release since Jan. 2007?"

15 of 369 comments (clear)

  1. We call it... by Anonymous Coward · · Score: 5, Informative

    Public key cryptography. It won't protect work from being copied, but that's an endless battle anyways until the trusted computing platform is mainstream.

    1. Re:We call it... by DHalcyon · · Score: 5, Interesting

      Aditionally, at some point, people will just not put up with that nonsense anymore - with HDDVD players refusing to work with projectors or whatever because one little detail in the HDCP chain isn't exactly right, and other horror stories like this.

      The alternative is easier nowadays: Piracy - It Just Works. With sites like ThePirateBay and easy to use Bittorrent clients like uTorrent and the likes, and with fast net connections, pirating HD content is seriously becoming easier for average users than getting it in a legit way.

  2. Open Source DRM? by Anonymous Coward · · Score: 5, Funny

    No.

  3. I'm sure we could by Improv · · Score: 5, Interesting

    I'm sure some of us could, but why would we want to? Design our own prison? Encumber data? Stop whistleblowers?

    --
    For every problem, there is at least one solution that is simple, neat, and wrong.
  4. Unclear On The Concept of "Open?" by Jeremiah+Cornelius · · Score: 5, Funny

    Hey, Guys! I want some help too!

    Do we have open-source Tasers? I'm also after open-source software to rig voting machines.

    I look in freshmeat and SourceForge - but they mostly seem to be oriented to freeing people, not locking 'em up.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  5. It's an oxymoron by Kjella · · Score: 5, Insightful

    If it's open source, you can change it thus disabling any protection it might offer unless it's some hardware-backed signing. The system isn't designed for it either, just removing all the ways you could dump the information anyway would be big job. Just get Vista if you want an end-to-end DRM stack. In short, you want to give someone the DRM'd file, the instrcutions on how the DRM works and still want them to be unable to decode it on their own, bypassing any DRM? Not going to happen.

    --
    Live today, because you never know what tomorrow brings
    1. Re:It's an oxymoron by david_thornley · · Score: 5, Interesting

      DRM is a twisted variant of crypto. If Alice sends a message to Bob using GPG, Eve can't read it because she doesn't have the key. In this case, Bob is the intended recipient, and Eve is the unintended recipient. In the case of DRM, Alice encrypts software and gives it to Bob. So, if Alice doesn't give Bob the key, Bob can't use the software. If Alice does, then Bob can break the DRM, having both the key and the code.

      So, in DRM, Bob and Eve are the same person. DRM is not only socially undesirable, it's sexually perverse.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  6. Talk about a contradiction in terms. by robbak · · Score: 5, Insightful

    You need to go find out what DRM is.

    DRM is about Alice/Bob/Eve cryptography where Bob and Eve are the same person. All DRM tries to work by hiding the Implementation - Universally, it fails.
    Open source is about revealing the implementation.

    OpenDRM. Just say Huh?!

    --
    Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
  7. RE by Anonymous Coward · · Score: 5, Informative

    I think the systems you're after are called Document Management Systems, like you'd find used for medical records under HIPAA.
    The only open source system I am aware is OpenKM[http://www.openkm.com/].

  8. You're probably in for a disappointing search by Weaselmancer · · Score: 5, Informative

    Most people smart enough to program such a thing are also smart enough to know it can never work. People who do create/sell/push drm solutions are selling snake oil.

    Your best bet is to use PGP and simply encrypt your data, and trade public keys with your intended recipients. And plan ahead - once someone can see it, assume they can always see it. The whole "revoking a key" bit is the snake oil part of DRM.

    --
    Weaselmancer
    rediculous.
  9. There is a precedent for open source DRM.. by Nemilar · · Score: 5, Informative

    For all those who are saying "open source DRM" is an oxymoron, they should have a look at OpenIPMP, which is an open-source DRM solution for video formats. So there is a precedent for this kind of thing, although it may not be widely adopted.

    --
    Nemilar http://www.techthrob.com - Visit Me!
  10. Yes, this exists by Geoffreyerffoeg · · Score: 5, Informative

    "DRM" is not the search term you want, though, and it is in fact not what you want for business documents. You just want to set up a public-key infrastructure (PKI) and make sure people protect their private keys. This can be done by OpenPGP, GnuPG, etc.

    DRM makes it hard for people to leak a file. It does not spend very much effort, if any, on authenticating the initial owner of the file (for example, anyone who picks up a DVD can play it, although they can't copy it to a new DVD). In a business environment, you're usually far more worried about authenticating the file's recipient and making sure the original does not accidentally reach anyone else's computer, than about preventing a cooperative person from intentionally leaking the file. (In most cases, you do want to permit them to print, copy-and-paste, etc. the document. These would all be prevented by DRM because they all make it easy to leak the file.)

    The other failing of DRM, as I'm sure you've seen discussed, is that it's crackable by mere cleverness. If you're going to permit someone to view a file on screen (or hear an audio clip over headphones), you can always take a screenshot (or recording) and leak that. HDCP and so forth make the screenshot harder, but nothing prevents you from pointing a camera at the TV. It will be low quality but it will be a leak. PKI, on the other hand, is only crackable by brute-force searches of the key space, or (unlikely though possible) sufficiently smart mathematicians.

  11. DRM in a nutshell... by evilviper · · Score: 5, Interesting

    DRM depends on proprietary software. You are encrypting a file, then giving the user the key to decode it, while telling the program in question to decode the file, but only allow it to be used in one of a few ways (eg. display PDF, but don't print).

    Such a system is untenable with proprietary software (just need to find the right memory address), and absolutely impossible with open source software, as you can simply remove the line in the program that tells it what actions not to allow. (See xpdf). With proprietary DRM systems, the companies just hope it's difficult enough to decipher the compiled code of the proprietary programs, that it takes a while before someone finds the right spots in memory to probe/change, and publishes the details... Then, they make trivial changes to the DRM system, and call it a new, "fixed" version that everyone should start using quickly (before someone figures it out).

    The only thing DRM can do effectively, is to prevent the first opening of the file. After you send that first key (eg. via server), no matter what the DRM involved, the user can (trivially) strip the DRM off, and do whatever they want with the unencrypted file.

    If that is what you want... I would suggest using public-key encryption to protect the file instead of a commercial "DRM" system. Either PGP or SSL (keys in combination with a password) can make absolutely sure only the intended recipient can make use of the file, even if others obtain copies of it. If you are expecting any more control over what others do with the file, you are simply denying reality.

    All that said, here is one open source DRM system: http://www.sidespace.com/products/oggs/

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  12. Open Source ECM by smerkel · · Score: 5, Informative

    You should also check out http://www.alfresco.com/. It was started by some of the founders of Documentum and Interwoven. It does some interesting Enterprise Content Management foo, which may be of use to you.

  13. And if you WANT more... by Ayanami+Rei · · Score: 5, Informative

    ... I suggest you put your wallet back in your pocket, and don't spend any more money on consultants, software, or IT staff hours spent configuring the free and non-free stuff in furtherance of your goals.

    Instead you should save your money and hire a lawyer instead who will draft up NDAs for you to have people sign in order to protect those documents/secrets you want tightly controlled.

    Technical solutions will not cut it. They never will. You are throwing your money away.

    Hire a lawyer, and only give the documents to people who ABSOLUTELY need it and is worth the time to get contracts involved with.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON