I suggest you read the interview with Allard closely. He specifically stresses the point that Zune and P4S are separate worlds, and while he would have had the opportunity to point out any interoperability options at various points in the interview, he doesn't do so. I find it hard to come to any other conclusion that the approaches are indeed incompatible.
Not true either. You can get developer certificates from Symbian directly, and they allow signing of application packages for installation on actual hardware. It's as easy as registering, downloading the certificate request tool, filling in some certificate details and you're good to go. As an alternative, you can use self signing.
... and even where it will, it won't be allowed to do interesting things (write to filesystem, talk to network etc). If you want to get your code signed, you have to have an expensive verisign certificate, and pay a bunch of cash to have your app reviewed.
FUD. You can use self-signing and still make use of most features - file system access and opening network connections included.
the Cellular Telco's in particular love this stuff and will happily get into bed with MS if they can sell them a proven TC architecture that is resistant to attack.
This only works if the other company is interested in what Nokia or others have to offer. Companies purely based on an IPR portfolio don't fall into this category and can pretty much dictate their terms if their portfolio contains business critical patents. See Eolas or Intertrust...
The idea is that it is not the player model which gets revoked, but an individual player, the same as in CPRM (which is actually very strongly related to AACS)
Hey, I enjoy a good argument any time:) If applied cleverly, PlatSec is actually a way for small developers to prevent software piracy. You just have to be creative to figure out how mandatory application integrity checking can be used against crackers;) - I think it will outweigh the cost required for signing.
Platform security? Thats why I suggest you never used symbian or a newbie
Good one, that made my day:D - trust me, in a Symbian OS experience pissing contest I would win.
You can't get a security license without paying to Nokia and/or Symbian.
So what, we are discussing security on a technical level, not on a "how much does it cost you" level. On the technical level, PlatSec is secure by design. Note that I'm not saying that it is robust against implementation bugs, such as buffer overflows or design errors.
If you can't afford signing, you a) don't get access to system level capabilties such as AllFiles, b) need user consent to user level capabilities and c) probably won't be able to have your application installed on most phones anyway because operators will be very happy to restrict installation to signed apps only.
What is it you want then: no software signing, no security checking and viruses/malware, or signing fees and no viruses/malware?
That's not true. Since Mac OS X is simply a Unix under the hood, all you need is to set up a Bluetooth serial port (can be done in System Settings) and let pppd run on that port. I have that setup running here without problems (similar to this actually). If Eugenia can't manage it, it doesn't mean that it is impossible. Of course it's another thing if you complain that this is not possible via a nice System Settings panel, I give you that.
I think he's wrong about the EUCD not applying - well technically, it won't apply probably anyway because he is Norwegian, but I assume there is some equivalent law.
The EUCD protects '... any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other [protected] subject matter, which are not authorized by the rightholder.' To me, this covers also a distributed a setup like the iTMS, where parts of the protection are in the server, parts are in the client. PyMusic is a classical circumvention device because it circumvents the client. It doesn't matter that there is no protection between client and server, because in the 'normal cause of operation' it is not intended that you go in between client and server. It would probably be a different story if you were mailed the plain content, and then would need to manually import it into iTunes for protection.
People have a moral right, and perhaps a duty, to work to subvert things they think are unjust.
So if I find it unjust that my neighbor has more money than I do, then I just rob him, or if I find the prices of food to high, I just steal it from the supermarket, and you say I have a moral right or even duty to do so?
And while I personally don't really feel that FairPlay is terribly unjust
Regarding the question whether Symbian is involved: Here's some money for you to make... Load up your phone with all Symbian "viruses" that are out there and see if you can make the challenge!
No, you're right. That's why what happened in the Netherlands (moving from a collecting entity to tax based funding) makes much more sense regard the argument of government influence - why hide it?
I admit that having the articles in german only doesn't help, but the fee is collected for exact the opposite reason, to not give the government too much power.
The fee is collected by a third party, not the government, and none of the money goes to the government. Consider the problem at hand: How to fund public broadcasting adequately (i.e. it is a given that you want to ensure that you can have public broadcasting with a certain quality level)? If you raised taxes for this, it would be a government thing, and any government could simply decice not to raise taxes anymore to do away with too critical public broadcasters (would be nice if they were actually critical, but that's another story). So in most countries where a scheme for funding public broadcasting is needed beyond donations, a separate entity has been formed to collect the money independently from the government.
Of course, there is the problem of the legal basis for such a third party, and that is where any government could still intervene by simply declaring this entity as illegal.
Slashdot Mirror
I suggest you read the interview with Allard closely. He specifically stresses the point that Zune and P4S are separate worlds, and while he would have had the opportunity to point out any interoperability options at various points in the interview, he doesn't do so. I find it hard to come to any other conclusion that the approaches are indeed incompatible.
Not true either. You can get developer certificates from Symbian directly, and they allow signing of application packages for installation on actual hardware. It's as easy as registering, downloading the certificate request tool, filling in some certificate details and you're good to go. As an alternative, you can use self signing.
FUD. You can use self-signing and still make use of most features - file system access and opening network connections included.
Of course there are open DRM standards, e.g. OMA DRM or MPEG-21, but there won't be a royalty free DRM anytime soon. It's all patented up.
Only in the US.
You mean something like these?
Indeed
This only works if the other company is interested in what Nokia or others have to offer. Companies purely based on an IPR portfolio don't fall into this category and can pretty much dictate their terms if their portfolio contains business critical patents. See Eolas or Intertrust...
The idea is that it is not the player model which gets revoked, but an individual player, the same as in CPRM (which is actually very strongly related to AACS)
It's not only player models that can be revoked, but this goes down to individual players.
Hey, I enjoy a good argument any time :) If applied cleverly, PlatSec is actually a way for small developers to prevent software piracy. You just have to be creative to figure out how mandatory application integrity checking can be used against crackers ;) - I think it will outweigh the cost required for signing.
If you say so... you must know.
Platform security? Thats why I suggest you never used symbian or a newbie
Good one, that made my day :D - trust me, in a Symbian OS experience pissing contest I would win.
You can't get a security license without paying to Nokia and/or Symbian.
So what, we are discussing security on a technical level, not on a "how much does it cost you" level. On the technical level, PlatSec is secure by design. Note that I'm not saying that it is robust against implementation bugs, such as buffer overflows or design errors.
If you can't afford signing, you a) don't get access to system level capabilties such as AllFiles, b) need user consent to user level capabilities and c) probably won't be able to have your application installed on most phones anyway because operators will be very happy to restrict installation to signed apps only.
What is it you want then: no software signing, no security checking and viruses/malware, or signing fees and no viruses/malware?
For somebody who claims to be so experienced, you know surprisingly little. Does the term Platform Security ring a bell?
That's not true. Since Mac OS X is simply a Unix under the hood, all you need is to set up a Bluetooth serial port (can be done in System Settings) and let pppd run on that port. I have that setup running here without problems (similar to this actually). If Eugenia can't manage it, it doesn't mean that it is impossible. Of course it's another thing if you complain that this is not possible via a nice System Settings panel, I give you that.
Right. But if EU member countries don't implement it in a law, the directives themselves become binding.
I think he's wrong about the EUCD not applying - well technically, it won't apply probably anyway because he is Norwegian, but I assume there is some equivalent law.
The EUCD protects '... any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other [protected] subject matter, which are not authorized by the rightholder.' To me, this covers also a distributed a setup like the iTMS, where parts of the protection are in the server, parts are in the client. PyMusic is a classical circumvention device because it circumvents the client. It doesn't matter that there is no protection between client and server, because in the 'normal cause of operation' it is not intended that you go in between client and server. It would probably be a different story if you were mailed the plain content, and then would need to manually import it into iTunes for protection.
So if I find it unjust that my neighbor has more money than I do, then I just rob him, or if I find the prices of food to high, I just steal it from the supermarket, and you say I have a moral right or even duty to do so?
And while I personally don't really feel that FairPlay is terribly unjust
I'm glad you wrote that
Here you go.
Regarding the question whether Symbian is involved: Here's some money for you to make... Load up your phone with all Symbian "viruses" that are out there and see if you can make the challenge!
Take a look at CPRM, AACS is quite similar.
That's not how AACS works. The keys are unique per individual player, not per brand or model.
No, you're right. That's why what happened in the Netherlands (moving from a collecting entity to tax based funding) makes much more sense regard the argument of government influence - why hide it?
I think others have clarified this here quite nicely.
The fee is collected by a third party, not the government, and none of the money goes to the government. Consider the problem at hand: How to fund public broadcasting adequately (i.e. it is a given that you want to ensure that you can have public broadcasting with a certain quality level)? If you raised taxes for this, it would be a government thing, and any government could simply decice not to raise taxes anymore to do away with too critical public broadcasters (would be nice if they were actually critical, but that's another story). So in most countries where a scheme for funding public broadcasting is needed beyond donations, a separate entity has been formed to collect the money independently from the government.
Of course, there is the problem of the legal basis for such a third party, and that is where any government could still intervene by simply declaring this entity as illegal.
No, it's not.