Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
Under no circumstances, however, will my profit motive compel me to help you hack my BIOS.
Doing what you propose violates the GPL though.
You are not providing all the tools/scripts that are needed to install the GPLed software. Therefore, by the definition of "soruce code" explicitly written into the GPL, you are not providing the source code. Therefore you're in violation of the GPL, and should by all rights get your ass sued off.
Go ahead and read the definition of "source code" that's written into the GPL. In the case where the signature can't be changed, this is even more clearly a violation. The signature is an important interface to the hardware, therefore the mechanism for signing the binary must be provided.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
The best answer is for me to tell you to go and actually read the GPL, as I did over 15 years ago and have been doing again and again since then.
It's true that you don't have to distribute the compiler and system libraries, but that's because the GPL makes explicit exceptions for those things. It's not something you can safely generalize and draw conclusions from.
Say I manufacture a PC-based product which runs a GPL'd app. Does it violate the GPL if I make everything available to you, source, a copy of the entire development environment, hell, root access to the machine used to develop the product, but fail to provide the BIOS password to the machine I sold you?
Yes, I do believe that this would indeed violate the GPL, if you sell me that device. If you gave me the BIOS password, or a way to reset it, then it wouldn't. But I do believe that the scenario you presented does indeed violate the GPL.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
Zooming back out from the discussion a bit, what good would DRM on GPL'ed software be if you had to give away all your secret keys? None!
That's false. First, note that you're talking about DRM on GPLed software, which is a separate issue from DRM in GPLed software (which is what's actually important to folks who sell MP3s for example). Second, you don't have to give away your secret keys unless you give away your binaries. The GPL is used in lots of places where the binaries are not distributed (eg. my university installs its own kernels on its own machines, but doesn't distribute them elsewhere). So, the "can't boot without signature" BIOS would be great for us, and would not create any obligations for us.
So if this were the case, how could Linus say that DRM on the Linux kernel is not contradictory to the GPL?
This one is easier to explain. I think it's pretty clear that Linus himself doesn't actually understand the GPL or the minutiae all its legal consequences. He doesn't even appear to want to. In other words, the answer to "how could Linus say that?" is "by making an error".
Re:You're forgetting one thing...
on
Linus on DRM
·
· Score: 1
I wasn't forgetting that. When that's the case, the argument simply doesn't apply -- it's exactly like an employer making sure their employees can't modify the kernel on their workstations. There's absolutely no problem with this.
But not all set-top devices are cable boxes. When was the last time you leased, as opposed to purhcased, something like a TiVo, or a PS2, or a DVD player, or a component MP3 player? In cases like that, where the device is purchased, it's an issue.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
Or did I totally miss the point somewhere?
Yes, but don't feel bad, many other people did too.
The GPL actually does guarantee that you be able to install a modified version of any protected executable that was distributed to you. You give me a console with a GPLed kernel, you must give me the tools that you would use to have that console run a modified version of that kernel, or you're violating the GPL.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
I would think that a GPLd program that would run on a "chipped" console would be OK on that basis. It's not an obligation of the software publisher to provide you with the hardware you need to run his software.
That contradicts what the GPL explicitly says, though.
By explicit definition in the GPL, the "source code" for something includes everything, every little script, that's needed to actually install a modified copy of the executable. If they don't ensure that you can install a modified binary, they don't meet the basic "supply all the source code" requirement in the GPL.
In other words, if a vendor ships a GPLed kernel on hardware that will only boot files with a valid signature, then the script that signs the kernel after compilation, and the private key needed to support that script, pretty much certainly count as part of the source code, by the GPL's own definition.
(With the GPL, it's not just the case that you can't assume free means what you think it does, you also can't even assume source code means what you think it does.)
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
As an end user, you have a lot of flexibility under the law to reverse engineer the hardware you've purchased for your own personal use. The law does not obligate the manufacturer of the hardware to assist you in any way.
Actually, the GPL does contain this obligation. Read it.
They explicitly define "source code" to include all the scripts and stuff you need to actually install a modified executable.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 4, Informative
To elaborate on my own point, since a few people have missed the implications of the GPL, here is how the GPL explicitly defines source code:
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
Think that through.
If you give me an executable, and you do not give me everything I need to not only recompile but to actually install that executable (with the exception, listed a little later, of the stuff that always comes with the system you're installing on), then you have not in fact given me the source code, by the very definition contained within the GPL.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
Who has broken the GPL? Company B hasn't done anything wrong at all. Company A has not used, distributed, or created a derived work of any GPL'd software. They are not a GPL licensee, unless you can claim that the MD5 sum of a program is a derived work, which is ludicrous.
The problem is not that an MD5 sum of a program is a derived work. The problem is that, when you've got a system that will only run a signed executable, then the signature becomes a part of that executable. Without the signature, it won't run, and with the signature, it will. That means the signature is an inherent part of the executable. Maybe not from a technical standpoint, but certainly from an "in real life" standpoint, and probably from a lawyer's standpoint. (This is an example of why it's dangerous for someone who is "just an engineer" to make pronouncements on what the GPL forbids or permits.)
So, company B has certainly done something wrong. They gave you a GPLed executable and did not give you the tools you need to modify that executable. That violates the clear intent of, and I'd argue the plain text of, the GPL itself.
Re:It's more complicated than that.
on
Linus on DRM
·
· Score: 1
I do not agree.
It all comes down to the question of "what does the term source code mean in the context of a legal discussion of the GPL".
The GPL does define source code. Here's the definition:
The source code for a work means the preferred form of the work for making modifications to it.
If I can't build something that I can actually run, because you've left something out (eg. the private key needed to produce a signed binary), then it should be pretty easy to make a legal argument that you have not in fact given me all the source code.
It's more complicated than that.
on
Linus on DRM
·
· Score: 4, Interesting
Imagine the following:
1) Someone makes a BIOS that will only boot a signed kernel, where the person with the BIOS password gets to pick which signatures are valid.
2) My company buys a bunch of workstations with this BIOS.
3) Our IT guys build a kernel that's tweaked for our company. They sign the kernel, and set the BIOS to only boot kernels with their signature.
This is wonderful. It means folks can deploy Linux within an organization without having to worry about umpteen zillion different kernels being installed by the workers. It means you can deploy at a university in such a way that students can't make their own boot floppies to get by the access controls on your public machines. It's a Good Thing.
Now, imagine this:
4) A set-top box designer uses this BIOS.
5) They set the BIOS to only boot kernels with their own signature, and don't give the BIOS password to people who buy the set-top boxes.
6) They refuse to sign any kernels that anyone else makes, and refuse to sign any kernels with dynamic module loading turned on.
This, I think, actually violates the GPL. They're distributing a Linux binary, and they're not giving you any way at all to modify it. You can't tweak the kernel you run on your own hardware that you bought with your own money. I think this would only comply with the GPL if you could boot your own signed kernels that the system would use. The fixed signature ends up being an important part of the running binary, and you're not given the "source code" you need to compile that part of the binary.
So, I think some uses of signature do not fall outside the scope of the GPL.
Actually, no. I haven't seen one single reference to patents in this SCO vs. IBM thing yet. SCO is saying things like "this is about misappropriation of trade secrets and contractual violations", not mentioning patents. The claims I've seen are that Linux is derivative of Unix, not that patents are being violated.
Go ahead and read SCO's claims, here. The only mention of the word "patent" at all is from some random IBM guy. The SCO folks don't talk about patents at all. Patents are just a red herring in this.
That's nonsense. You can implement the same feature a different way (different algorithm perhaps) then what is patented. Otherwise the patent would be too broad and should be stricken.
There are plenty of patents that should be stricken that are enforced every day.
But anyhow, I wasn't talking about a patent. You don't have to copy something to violate copyright. You can also violate copyright by making a "derivative work". For example, if someone copyrights an API specification, you can violate the copyright by implementing that API. That's the sort of thing I think they're going to be arguing. Basically, if they can argue that Linus got some specific idea from Unix, and they own that idea, then they can argue that the Linux implementation is derivative of the Unix one, regardless of whether anyone even knows what the actual Unix algorithm is.
How absurd this idea may or may not be has nothing to do with whether the law will allow it.
Doesn't follow. My bet is they're going to argue not that the code was copied from Unix (probably easy to disprove), but that it was derived from Unix (almost impossible to disprove, and probably true for broad enough meanings of "derived"). Anyone who even knows what the infringing code is is not going to be able to write a replacement without being open to the exact same sort of lawsuit.
What on earth do they hope to accomplish? Getting rid of Linux vendors? That's futile, since the source is already available on the net for free.
And what does that have to do with getting rid of Linux vendors?
They may well be able to utterly kill Linux as a commercial entity, regardless of whether it's technically possible to continue running it and working on it in a machine in your basement. They can (in theory) stop anyone from making any money off it, relegating it to underground status.
A good point in general, but I watch RHAT every day, and when there's a spike of the sort seen early this morning, it's almost always the case that there is a news item that can at least partially explain it. (My officemates joke with me about how RHAT usually does the opposite of what the market does anyway.)
Don't know where this is going, but I'm afraid it might get significantly harder for humble college students such as myself to
sample an artist's music before going out and buying a disc.
You misspelled "systematically engage in mass theft"...
This guy could have purchased the domain name in anticipation of this game (Since it has been rumoured to be coming out along with GTA4 for awhile, with Rockstar execs starting the rumours) and then leased it to them for a large profit.
For some reason, this doesn't strike me as a terribly likely scenario in this case, given all the data. When coupled with information that "the official site is down at the moment", and some other information from the record (go ahead, check), you should admit that it at least looks fishy.
As to your other point:
I don't see why you used two different name hosts to verify two different domains
Well, because when I did a whois without specifying any hosts, those were the hosts I was told were authoritative for each domain. You type the command without specifying a host at all on a stock Debian box, for example, and it will actually forward the requests to those specific sources. On a MacOS X box, I had to chase down the referrals by hand.
I can't seem to see anything that says this is just a prank, so if it is, it's a very poor one.
From "whois -h whois.enom.com gtasincity.com", we see that the domain contact is some random guy at a UK hosting site, who has an aol.com email address. From "whois -h whois.register.com gtavicecity.com", we see that the domain contact is... the administrator for Rockstar Games.
So, you may not see anything that says this is just a prank, but I sure do.
Their behavior is incomprehensible. They kill Farscape, and pick up Tracker. Tracker? Tracker?
I really wanted to like a show staring both Adrian Paul and Geraint Wyn Davies. But damn, Wyn Davies hasn't been in anything this bad since Bionic Showdown.
And then, what's this John Edwards and "The Dream Team" crap? What does that have to do with SciFi? Just what is their mission statement? To make the world think that SciFi fans are drooling morons with no taste and no ability to separate fact from fiction?
It's somewhat hilarious that TNN has better SciFi than the SciFi channel these days. My TV used to be programmed to skip over TNN, back when it was "The Nashville Network". Now it looks like it's trading places with SciFi. I guess there's a "law of conversation of preprogrammed channels" or something.
Expect, if that happens, Sony will replace the hard drive in the Tivos with memory sticks.
Hm, might be interesting to have a TiVo with memory stick support, actually. I'd like to be able to record a program to a memory stick and then plug it into my laptop to play it back later.
There has to be some way to combine this with pneumatic tubes. Like, use the pneumatic tubes as a LAN, and the blimps as a WAN. Do something like that, and then this will be cool enough.
Remember, Grafitti was developed by Palm for Newton.
Well, for Newton and for other PDAs of the day. I own two different versions of Graffiti, besides the one built into my PalmOS handhelds. I've got it on my Newtons, and I've got it on my Magic Cap PDAs (Sony PIC-1000 and PIC-2000A). It's nice to be able to switch among three very different PDAs and use Graffiti on all of them.
Slashdot Mirror
You are not providing all the tools/scripts that are needed to install the GPLed software. Therefore, by the definition of "soruce code" explicitly written into the GPL, you are not providing the source code. Therefore you're in violation of the GPL, and should by all rights get your ass sued off.
Go ahead and read the definition of "source code" that's written into the GPL. In the case where the signature can't be changed, this is even more clearly a violation. The signature is an important interface to the hardware, therefore the mechanism for signing the binary must be provided.
It's true that you don't have to distribute the compiler and system libraries, but that's because the GPL makes explicit exceptions for those things. It's not something you can safely generalize and draw conclusions from.Yes, I do believe that this would indeed violate the GPL, if you sell me that device. If you gave me the BIOS password, or a way to reset it, then it wouldn't. But I do believe that the scenario you presented does indeed violate the GPL.
I wasn't forgetting that. When that's the case, the argument simply doesn't apply -- it's exactly like an employer making sure their employees can't modify the kernel on their workstations. There's absolutely no problem with this.
But not all set-top devices are cable boxes. When was the last time you leased, as opposed to purhcased, something like a TiVo, or a PS2, or a DVD player, or a component MP3 player? In cases like that, where the device is purchased, it's an issue.
The GPL actually does guarantee that you be able to install a modified version of any protected executable that was distributed to you. You give me a console with a GPLed kernel, you must give me the tools that you would use to have that console run a modified version of that kernel, or you're violating the GPL.
By explicit definition in the GPL, the "source code" for something includes everything, every little script, that's needed to actually install a modified copy of the executable. If they don't ensure that you can install a modified binary, they don't meet the basic "supply all the source code" requirement in the GPL.
In other words, if a vendor ships a GPLed kernel on hardware that will only boot files with a valid signature, then the script that signs the kernel after compilation, and the private key needed to support that script, pretty much certainly count as part of the source code, by the GPL's own definition.
(With the GPL, it's not just the case that you can't assume free means what you think it does, you also can't even assume source code means what you think it does.)
They explicitly define "source code" to include all the scripts and stuff you need to actually install a modified executable.
If you give me an executable, and you do not give me everything I need to not only recompile but to actually install that executable (with the exception, listed a little later, of the stuff that always comes with the system you're installing on), then you have not in fact given me the source code, by the very definition contained within the GPL.
So, company B has certainly done something wrong. They gave you a GPLed executable and did not give you the tools you need to modify that executable. That violates the clear intent of, and I'd argue the plain text of, the GPL itself.
It all comes down to the question of "what does the term source code mean in the context of a legal discussion of the GPL".
The GPL does define source code. Here's the definition:If I can't build something that I can actually run, because you've left something out (eg. the private key needed to produce a signed binary), then it should be pretty easy to make a legal argument that you have not in fact given me all the source code.
Imagine the following:
1) Someone makes a BIOS that will only boot a signed kernel, where the person with the BIOS password gets to pick which signatures are valid.
2) My company buys a bunch of workstations with this BIOS.
3) Our IT guys build a kernel that's tweaked for our company. They sign the kernel, and set the BIOS to only boot kernels with their signature.
This is wonderful. It means folks can deploy Linux within an organization without having to worry about umpteen zillion different kernels being installed by the workers. It means you can deploy at a university in such a way that students can't make their own boot floppies to get by the access controls on your public machines. It's a Good Thing.
Now, imagine this:
4) A set-top box designer uses this BIOS.
5) They set the BIOS to only boot kernels with their own signature, and don't give the BIOS password to people who buy the set-top boxes.
6) They refuse to sign any kernels that anyone else makes, and refuse to sign any kernels with dynamic module loading turned on.
This, I think, actually violates the GPL. They're distributing a Linux binary, and they're not giving you any way at all to modify it. You can't tweak the kernel you run on your own hardware that you bought with your own money. I think this would only comply with the GPL if you could boot your own signed kernels that the system would use. The fixed signature ends up being an important part of the running binary, and you're not given the "source code" you need to compile that part of the binary.
So, I think some uses of signature do not fall outside the scope of the GPL.
Actually, no. I haven't seen one single reference to patents in this SCO vs. IBM thing yet. SCO is saying things like "this is about misappropriation of trade secrets and contractual violations", not mentioning patents. The claims I've seen are that Linux is derivative of Unix, not that patents are being violated.
Go ahead and read SCO's claims, here. The only mention of the word "patent" at all is from some random IBM guy. The SCO folks don't talk about patents at all. Patents are just a red herring in this.
But anyhow, I wasn't talking about a patent. You don't have to copy something to violate copyright. You can also violate copyright by making a "derivative work". For example, if someone copyrights an API specification, you can violate the copyright by implementing that API. That's the sort of thing I think they're going to be arguing. Basically, if they can argue that Linus got some specific idea from Unix, and they own that idea, then they can argue that the Linux implementation is derivative of the Unix one, regardless of whether anyone even knows what the actual Unix algorithm is.
How absurd this idea may or may not be has nothing to do with whether the law will allow it.
Doesn't follow. My bet is they're going to argue not that the code was copied from Unix (probably easy to disprove), but that it was derived from Unix (almost impossible to disprove, and probably true for broad enough meanings of "derived"). Anyone who even knows what the infringing code is is not going to be able to write a replacement without being open to the exact same sort of lawsuit.
They may well be able to utterly kill Linux as a commercial entity, regardless of whether it's technically possible to continue running it and working on it in a machine in your basement. They can (in theory) stop anyone from making any money off it, relegating it to underground status.
A good point in general, but I watch RHAT every day, and when there's a spike of the sort seen early this morning, it's almost always the case that there is a news item that can at least partially explain it. (My officemates joke with me about how RHAT usually does the opposite of what the market does anyway.)
As to your other point:Well, because when I did a whois without specifying any hosts, those were the hosts I was told were authoritative for each domain. You type the command without specifying a host at all on a stock Debian box, for example, and it will actually forward the requests to those specific sources. On a MacOS X box, I had to chase down the referrals by hand.
So, you may not see anything that says this is just a prank, but I sure do.
Their behavior is incomprehensible. They kill Farscape, and pick up Tracker. Tracker? Tracker?
.
I really wanted to like a show staring both Adrian Paul and Geraint Wyn Davies. But damn, Wyn Davies hasn't been in anything this bad since Bionic Showdown
And then, what's this John Edwards and "The Dream Team" crap? What does that have to do with SciFi? Just what is their mission statement? To make the world think that SciFi fans are drooling morons with no taste and no ability to separate fact from fiction?
It's somewhat hilarious that TNN has better SciFi than the SciFi channel these days. My TV used to be programmed to skip over TNN, back when it was "The Nashville Network". Now it looks like it's trading places with SciFi. I guess there's a "law of conversation of preprogrammed channels" or something.
There has to be some way to combine this with pneumatic tubes. Like, use the pneumatic tubes as a LAN, and the blimps as a WAN. Do something like that, and then this will be cool enough.