So what are you going to do, track down an ancient piece of parchment and scan that?
For Bach, there is luckily a very old but reputable edition called Bach Gesellschaft. It was published between 1851 and 1900.
(not score program, they probably copyright the output of it)
IANAL, but this is no more likely than MS Word copyrighting the output of your essays, or Photoshop copyrighting your pictures.
Just be sure to note that you're not claiming copyright over the public domain work, otherwise your copyright will be easily challenged. Putting the whole thing into the public domain might be possible.. although I suppose you could be sued for negligence if you made a mistake in your transcription.
RMS always argued that free software is pro-capitalist, because there is a free market for support. I think it's great that we're seeing this argument validated with real-life examples.
Yes, there are several vendors who support their own distro of Linux, but are there previous instances where a third party (Oracle) is competing with a vendor who itself does support (RedHat)?
I have the same dream you do, which is why I'm currently building on top of L4 with the intent of writing an OS that does it right. L4 is a microkernel that got it right, and makes it possible to build a non-braindead system.
I can't guarantee I can pull it off, but I'm putting a hell of a lot of time into it, and I want the results really badly. Hopefully you'll hear from me in a year or two with an exciting announcement.
The fatal flaw in that model is that the computer needs the key, and I have physical access to the computer, I will eventually get the key.
I'm not a hardware expert, so I can't argue from direct experience how difficult it would be to recover a key that you have no software access to. However, I can argue that, since this kind of hardware hacking would require specialized equipment and a lot of expertise, it is orders of magnitude less practical than any software-based compromise. Also, since the key could be varied per-customer, it is not a case that one person's work would necessarily open the flood-gates for anyone to compromise their own keys.
The level of degredation depends on the level of sophistication of your capture. Will the studios be happy with copies that are only 98% as good as the original floating around unrestricted?
That is why standards like HDCP regulate what quality of signal is allowed to escape into the unencrypted analog domain. I believe it's something like "no better than DVD quality," compared with HD source material.
Sure I do: It is possible to simulate said system so that the software believes it is operating within such a system.
Such software is useless without the keys that decrypt the content.
The people who own those keys can refuse to give them to anyone but software they trust. They can use the "remote attestation" feature of the TPM to verify the entire software stack, from the bootloader up to the application in question (accepting only a certified TPM's attestation).
Once those keys are on the computer, they can be kept in memory that the TPM ensures is accessible to only the application ("memory curtaining"), and persisted in sealed storage.
Given this, how do you claim you will compromise the key that decrypts the actual content?
As far as the principles of cryptography are concerned, it is. You apparently don't understand this.
Dude, it's not. I already explained this in other comments, but I'll repeat here:
- a message is compromised when an attacker can perceive it with eyes, ears, or analog recording devices.
- media is only compromised when an attacker can access original, digital, undegraded source material.
You have to present an unencrypted version of the content to the user.
Only in analog form. There is no requirement that you present an unencrypted digital version of the content to the user. Analog content is already degraded.
On a more practical note, it is already possible to simulate the operation of a TPM chip.
Yes, but your simulated TPM chip will not have the private keys that your real TPM has. It is possible to put infrastructure in place that certifies that a TPM's public key corresponds to a hardware-base, "trusted" TPM. The Trusted Computing Architectural Overview defines a series of credentials which cryptographically certify things about a TPM or a computing platform. TPM-enabled software could be written that does not trust a TPM (and its key) until it sees a signed credential that the TPM is conformant and based in hardware.
Also, TPM is not the only means for doing this: the private keys can be embedded into the display hardware itself, so that no component of the computer itself ever sees unencrypted content.
It has never been about creating an impenetrable fortress that you cannot in theory get around beyond using brute-force methods. Because this is impossible, and the theory says so. Ignore me if you want, but it's true.
It is possible to create systems where no part of the system but some silicon in your display device ever sees unencrypted digital data. You have no effective rebuttal to this.
A secret message is a form of media too, is it not?
Not in the sense that is relevent to this discussion. A secret message conveys information. It is critical that it not be in any way perceived by an attacker. If it is, it no longer has any value (and probably has negative value, because you are counting on the information not being in the hands of the attacker).
Media conveys an audiovisual experience. There is no harm from an attacker simply perceiving the information. If you show a movie to a big room of people, it still has the same value. There is only harm when someone can obtain a personal copy without paying in some way. (At least these are the studios' opinions about that).
Although, it occurs to me... what about recording digital S/PDIF audio? Would that be lossless, if it never gets converted to analog?
Yes. I don't know if anyone is pursuing HDCP-like technology for sound interfaces.
On the contrary, grandparent misses the point when he tries to apply traditional cryptography models to media. DRM'd media is not compromised when the attacker can perceive the message with eyes or ears (or analog recording devices), it is compromised when attacker can access original, undegraded source material. That's why the conventional "alice, bob, charlie" model doesn't work. There are hypothetical futures when content providers can achieve the latter almost perfectly. Neither you nor grandparent (who are probably one in the same) can dispute that, no matter how many "alice, bob, charlie" arguments you attempt to make.
DRM'd content is not a secret "message," it's media. If your argument boils down to "you can always hold a camcorder in front of your TV," you should say that up front, so that people can ignore you more readily. DRM is real, and people should not be misled into thinking that it's always going to be as toothless as it is now.
Nope, doesn't work. If you can go online and check that you ballot was counted this way or that, then you can go online to show me that it was counted this way or that.
Only I know whether it was one of the ballots that counted. I can't prove to you that it was.
There are two problems with that line of analysis.
One is that the cost of manufacturing a custom piece of hardware is very high -- completely out of the bounds of hobbyists. That means that individuals are essentially dependent on corporations to manufacture the kind of specialized hardware they want. This is true of many physical products: cars, light bulbs, paper. What makes computer hardware different is that hardware manufacturers can use software to make the product specifically disobey its owner. I can own a physical object, desire that that physical object do something of which it is completely capable, and have the product disobey me based on the manufacturer's wish.
If a pre-90s car tried to pull that kind of crap, you or a mechanic could open the hood and teach it a lesson. But hardware can be made more or less tamper-proof.
You could argue that the market would sort a thing like this out, if it was really important. The flaw again is that custom hardware is so expensive to manufacture, so the hardware will always serve its producer, and not its end user. The market will drive producers to control users in whatever way is lucrative.
The second flaw is that content is not a commodity. Tivo may be able to play locked content that my own software is unable to decrypt. Again you might argue that the market sorts things like that out, but there is no competition involved here. It's not like someone can compete against Bloomsbury to sell Harry Potter books without DRM. The publisher is an absolute dictator about what DRM schemes Harry Potter books can be published under. So I might buy a stupid DRM-encumbered movie I really really like, even though I abhor the DRM, simply because it's a one-of-a-kind movie.
So the balance of power in this situation is really out of whack: companies are the only entities that can produce the hardware, but it is in their interest to program their hardware to control users as much as possible, and users don't have options because the content is exclusive to these user-controlling devices.
Since this is really a power struggle, the FSF is fighting back in the only way they can. They're not trying to change laws or anything, they're just saying that the price of using their software is giving up control of your users. You can't use your software to keep users from doing things they want to do with hardware they own.
(notice I didn't use the word "freedom" in this post, nor did I in any previous posts. This is about power and control).
Thanks for posting that, but it doesn't sound like much of a rebuttal to me. In fact, it directly substantiates what I was saying:
Finally, there's a distinct logical fallacy in the argument that "users" should be protected. It's the fallacy of thinking that people who consume are equal to people who produce. And that's not true. People who produce are the one who get to decide how things are done, because they are the ones doing it. It's that simple.
That's pretty clear to me. In the question of who should have more power, Linus comes out on the side of developers (the "producers").
Sure, one person can be a user at one moment and a developer the next. This isn't about class warfare (maybe that's what Linus is trying to rebut). It's about who has the power when one guy is wearing the developer hat and another guy is wearing the user hat.
You're a user when you're using software that someone else compiled/packaged/distributed to you. You're a developer when you are compiling/packaging software yourself, whether you are the intended user or not.
When you are a developer, you get to decide how the software works. You can decide that, for example, DVDs can have previews that the software refuses to skip over.
When you are a user, you're stuck with the decisions the developer made, unless you have both the technical and legal capability to change the software that someone else packaged for you.
Without a permissive license, it's a grey area whether you have the legal capability to make changes of this sort. On one hand, Copyright only is supposed to cover copying. On the other hand, there are EULAs and interpretations of Copyright that say "loading from disk into memory is copying."
Increasingly, however, there are technical barriers that software manufacturers erect. With special-purpose hardware like a DVD player, there's just no practical way to modify the software that contains annoying restrictions. But even when there's commodity hardware involved like on a Tivo, there can often be measures in place like signing the "blessed" software and refusing to run anything else.
Linus is OK with this: his opinion is that he has no right to force companies like Tivo to allow users to swap in modified versions of Linux. His concern is that the Linux development community cannot be splintered by companies who build proprietary enhancements to Linux. That's why GPL is important to him -- not because he thinks end users should always be able to swap in modified versions of commercial software.
Richard Stallman is not OK with this. That damn printer driver didn't work right. He would not be consoled if you told him that he can get the printer driver's source code and modify it, but the printer itself refuses to run the modified software. He wants to prevent any situation that gives developers more power than end users.
I think Linus's difference with the FSF is quite simple.
The FSF is concerned with users. The whole thing started when Richard Stallman couldn't fix the printer driver that he was a user of. The FSF's goal is to ensure that everyone who uses software, ever, has the technical and legal right to modify the software they are using.
Linus seems more concerned with developers. If someone comes along and contributes some sweet code to the Linux kernel, he thinks it's only fair that any developer gets the opportunity to use that code too, in their own project. But he's not concerned that an end user can't install a modified version of Linux on their Tivo.
Are you sure about all that? I have not heard any plans for YARV to have a JIT, and I have heard no indication that it will approach the speed of Java. I have tried it out, and seen speedups of about 2-3x, but this is far short of being competetive with Java.
Understand that I am a huge Ruby supporter, which is why I don't want to see unrealistic expectations about YARV that don't deliver, thus tarnishing Ruby's reputation.
This is the way programming is going. We're moving from CPU-specific unmanaged programming to platform independent abstracted managed environments. One day your entire operating system will run that way.
Please god no.
There seems to be an army of people dedicated to ensuring that we never actually see the benefits of faster hardware. We're throwing more crap layers of software on our machines faster than the CPU speeds can increase.
All hail James Gosling!
James Gosling is the person I curse at when I visit a web page with an applet in it. My machine starts churning, and I see the little coffee cup invade my dock. 15 seconds later I've lost my appetite, and I no longer even want what was on that web page.
And a farkin licensing fee or royalty compensation is A-O-Fuggin-K in my book.
The problem is when formats that we use to communicate are encumbered by patents.
It's not enough just to make something better. We've already done that: it's called Vorbis. The inventors of MP3 are now profiting not on the merit of their technology, but the sheer inertia that you get when one format is a dominant standard.
It's just like GIF: PNG is better than GIF is nearly every way, and yet the computing world was stuck paying Unisys for years for their inferior technology, simply because GIF was entrenched.
That's why we "communist buddies" insist on unencumbered standards when it comes to the protocols and formats we use to communicate. We're not interested in writing checks indefinitely for the privilege of sending data to other people, or putting it on devices. It would be one thing if these technologies competed on merit alone, and if you could quickly drop one when a better one became available, but it doesn't work that way.
Like other comments on the performance of GC, yours is also 10 years out of date. Just because the GC in your Java VM is itself a hunk of garbage that should be "collected", doesn't mean all GC is bad.
Talk to me again when these miraculous implementations of GC that have no flaws make it into the mainstream. It's not that hard to solve for one particular constraint. GC apologists keep saying "algorithm X has hard bounds" and "algorithm Y doesn't stop the world" and "algorithm Z is faster than malloc/free!" I'm not interested in solutions to one isolated problem. I want to see one single GC implementation for a major programming language that has no major flaws. I'm not going to spend my life passing different flags to my VM that trade one major flaw for another.
And, doesn't the OS run most video and sound processing?
No -- the OS's job is to deliver buffers to and from user space programs. The user space programs perform the processing. If a user space program doesn't deliver or retrieve a buffer in time, you get an buffer underrun or overrun, respectively.
Slashdot Mirror
So what are you going to do, track down an ancient piece of parchment and scan that?
For Bach, there is luckily a very old but reputable edition called Bach Gesellschaft. It was published between 1851 and 1900.
(not score program, they probably copyright the output of it)
IANAL, but this is no more likely than MS Word copyrighting the output of your essays, or Photoshop copyrighting your pictures.
Just be sure to note that you're not claiming copyright over the public domain work, otherwise your copyright will be easily challenged. Putting the whole thing into the public domain might be possible.. although I suppose you could be sued for negligence if you made a mistake in your transcription.
This is nothing but speculation.
RMS always argued that free software is pro-capitalist, because there is a free market for support. I think it's great that we're seeing this argument validated with real-life examples.
Yes, there are several vendors who support their own distro of Linux, but are there previous instances where a third party (Oracle) is competing with a vendor who itself does support (RedHat)?
I have the same dream you do, which is why I'm currently building on top of L4 with the intent of writing an OS that does it right. L4 is a microkernel that got it right, and makes it possible to build a non-braindead system.
I can't guarantee I can pull it off, but I'm putting a hell of a lot of time into it, and I want the results really badly. Hopefully you'll hear from me in a year or two with an exciting announcement.
The fatal flaw in that model is that the computer needs the key, and I have physical access to the computer, I will eventually get the key.
I'm not a hardware expert, so I can't argue from direct experience how difficult it would be to recover a key that you have no software access to. However, I can argue that, since this kind of hardware hacking would require specialized equipment and a lot of expertise, it is orders of magnitude less practical than any software-based compromise. Also, since the key could be varied per-customer, it is not a case that one person's work would necessarily open the flood-gates for anyone to compromise their own keys.
The level of degredation depends on the level of sophistication of your capture. Will the studios be happy with copies that are only 98% as good as the original floating around unrestricted?
That is why standards like HDCP regulate what quality of signal is allowed to escape into the unencrypted analog domain. I believe it's something like "no better than DVD quality," compared with HD source material.
Sure I do: It is possible to simulate said system so that the software believes it is operating within such a system.
Such software is useless without the keys that decrypt the content.
The people who own those keys can refuse to give them to anyone but software they trust. They can use the "remote attestation" feature of the TPM to verify the entire software stack, from the bootloader up to the application in question (accepting only a certified TPM's attestation).
Once those keys are on the computer, they can be kept in memory that the TPM ensures is accessible to only the application ("memory curtaining"), and persisted in sealed storage.
Given this, how do you claim you will compromise the key that decrypts the actual content?
As far as the principles of cryptography are concerned, it is. You apparently don't understand this.
Dude, it's not. I already explained this in other comments, but I'll repeat here:
- a message is compromised when an attacker can perceive it with eyes, ears, or analog recording devices.
- media is only compromised when an attacker can access original, digital, undegraded source material.
You have to present an unencrypted version of the content to the user.
Only in analog form. There is no requirement that you present an unencrypted digital version of the content to the user. Analog content is already degraded.
On a more practical note, it is already possible to simulate the operation of a TPM chip.
Yes, but your simulated TPM chip will not have the private keys that your real TPM has. It is possible to put infrastructure in place that certifies that a TPM's public key corresponds to a hardware-base, "trusted" TPM. The Trusted Computing Architectural Overview defines a series of credentials which cryptographically certify things about a TPM or a computing platform. TPM-enabled software could be written that does not trust a TPM (and its key) until it sees a signed credential that the TPM is conformant and based in hardware.
Also, TPM is not the only means for doing this: the private keys can be embedded into the display hardware itself, so that no component of the computer itself ever sees unencrypted content.
It has never been about creating an impenetrable fortress that you cannot in theory get around beyond using brute-force methods. Because this is impossible, and the theory says so. Ignore me if you want, but it's true.
It is possible to create systems where no part of the system but some silicon in your display device ever sees unencrypted digital data. You have no effective rebuttal to this.
A secret message is a form of media too, is it not?
Not in the sense that is relevent to this discussion. A secret message conveys information. It is critical that it not be in any way perceived by an attacker. If it is, it no longer has any value (and probably has negative value, because you are counting on the information not being in the hands of the attacker).
Media conveys an audiovisual experience. There is no harm from an attacker simply perceiving the information. If you show a movie to a big room of people, it still has the same value. There is only harm when someone can obtain a personal copy without paying in some way. (At least these are the studios' opinions about that).
Although, it occurs to me... what about recording digital S/PDIF audio? Would that be lossless, if it never gets converted to analog?
Yes. I don't know if anyone is pursuing HDCP-like technology for sound interfaces.
On the contrary, grandparent misses the point when he tries to apply traditional cryptography models to media. DRM'd media is not compromised when the attacker can perceive the message with eyes or ears (or analog recording devices), it is compromised when attacker can access original, undegraded source material. That's why the conventional "alice, bob, charlie" model doesn't work. There are hypothetical futures when content providers can achieve the latter almost perfectly. Neither you nor grandparent (who are probably one in the same) can dispute that, no matter how many "alice, bob, charlie" arguments you attempt to make.
DRM'd content is not a secret "message," it's media. If your argument boils down to "you can always hold a camcorder in front of your TV," you should say that up front, so that people can ignore you more readily. DRM is real, and people should not be misled into thinking that it's always going to be as toothless as it is now.
DRM is concerned with the same thing, except Bob and Charlie are actually the same person.
No, Bob is a piece of hardware. His key lives deep inside a silicon wafer.
Programmers who expect to break DRM are living in the past.
By the way, you know that Ron Rivest is the R in RSA, right? Do you really think he would propose a system that doesn't work at all?
Nope, doesn't work. If you can go online and check that you ballot was counted this way or that, then you can go online to show me that it was counted this way or that.
Only I know whether it was one of the ballots that counted. I can't prove to you that it was.
There are two problems with that line of analysis.
One is that the cost of manufacturing a custom piece of hardware is very high -- completely out of the bounds of hobbyists. That means that individuals are essentially dependent on corporations to manufacture the kind of specialized hardware they want. This is true of many physical products: cars, light bulbs, paper. What makes computer hardware different is that hardware manufacturers can use software to make the product specifically disobey its owner. I can own a physical object, desire that that physical object do something of which it is completely capable, and have the product disobey me based on the manufacturer's wish.
If a pre-90s car tried to pull that kind of crap, you or a mechanic could open the hood and teach it a lesson. But hardware can be made more or less tamper-proof.
You could argue that the market would sort a thing like this out, if it was really important. The flaw again is that custom hardware is so expensive to manufacture, so the hardware will always serve its producer, and not its end user. The market will drive producers to control users in whatever way is lucrative.
The second flaw is that content is not a commodity. Tivo may be able to play locked content that my own software is unable to decrypt. Again you might argue that the market sorts things like that out, but there is no competition involved here. It's not like someone can compete against Bloomsbury to sell Harry Potter books without DRM. The publisher is an absolute dictator about what DRM schemes Harry Potter books can be published under. So I might buy a stupid DRM-encumbered movie I really really like, even though I abhor the DRM, simply because it's a one-of-a-kind movie.
So the balance of power in this situation is really out of whack: companies are the only entities that can produce the hardware, but it is in their interest to program their hardware to control users as much as possible, and users don't have options because the content is exclusive to these user-controlling devices.
Since this is really a power struggle, the FSF is fighting back in the only way they can. They're not trying to change laws or anything, they're just saying that the price of using their software is giving up control of your users. You can't use your software to keep users from doing things they want to do with hardware they own.
(notice I didn't use the word "freedom" in this post, nor did I in any previous posts. This is about power and control).
That's pretty clear to me. In the question of who should have more power, Linus comes out on the side of developers (the "producers").
Sure, one person can be a user at one moment and a developer the next. This isn't about class warfare (maybe that's what Linus is trying to rebut). It's about who has the power when one guy is wearing the developer hat and another guy is wearing the user hat.
You're a user when you're using software that someone else compiled/packaged/distributed to you. You're a developer when you are compiling/packaging software yourself, whether you are the intended user or not.
When you are a developer, you get to decide how the software works. You can decide that, for example, DVDs can have previews that the software refuses to skip over.
When you are a user, you're stuck with the decisions the developer made, unless you have both the technical and legal capability to change the software that someone else packaged for you.
Without a permissive license, it's a grey area whether you have the legal capability to make changes of this sort. On one hand, Copyright only is supposed to cover copying. On the other hand, there are EULAs and interpretations of Copyright that say "loading from disk into memory is copying."
Increasingly, however, there are technical barriers that software manufacturers erect. With special-purpose hardware like a DVD player, there's just no practical way to modify the software that contains annoying restrictions. But even when there's commodity hardware involved like on a Tivo, there can often be measures in place like signing the "blessed" software and refusing to run anything else.
Linus is OK with this: his opinion is that he has no right to force companies like Tivo to allow users to swap in modified versions of Linux. His concern is that the Linux development community cannot be splintered by companies who build proprietary enhancements to Linux. That's why GPL is important to him -- not because he thinks end users should always be able to swap in modified versions of commercial software.
Richard Stallman is not OK with this. That damn printer driver didn't work right. He would not be consoled if you told him that he can get the printer driver's source code and modify it, but the printer itself refuses to run the modified software. He wants to prevent any situation that gives developers more power than end users.
I think Linus's difference with the FSF is quite simple.
The FSF is concerned with users. The whole thing started when Richard Stallman couldn't fix the printer driver that he was a user of. The FSF's goal is to ensure that everyone who uses software, ever, has the technical and legal right to modify the software they are using.
Linus seems more concerned with developers. If someone comes along and contributes some sweet code to the Linux kernel, he thinks it's only fair that any developer gets the opportunity to use that code too, in their own project. But he's not concerned that an end user can't install a modified version of Linux on their Tivo.
Are you sure about all that? I have not heard any plans for YARV to have a JIT, and I have heard no indication that it will approach the speed of Java. I have tried it out, and seen speedups of about 2-3x, but this is far short of being competetive with Java.
Understand that I am a huge Ruby supporter, which is why I don't want to see unrealistic expectations about YARV that don't deliver, thus tarnishing Ruby's reputation.
This is the way programming is going. We're moving from CPU-specific unmanaged programming to platform independent abstracted managed environments. One day your entire operating system will run that way.
Please god no.
There seems to be an army of people dedicated to ensuring that we never actually see the benefits of faster hardware. We're throwing more crap layers of software on our machines faster than the CPU speeds can increase.
All hail James Gosling!
James Gosling is the person I curse at when I visit a web page with an applet in it. My machine starts churning, and I see the little coffee cup invade my dock. 15 seconds later I've lost my appetite, and I no longer even want what was on that web page.
And a farkin licensing fee or royalty compensation is A-O-Fuggin-K in my book.
The problem is when formats that we use to communicate are encumbered by patents.
It's not enough just to make something better. We've already done that: it's called Vorbis. The inventors of MP3 are now profiting not on the merit of their technology, but the sheer inertia that you get when one format is a dominant standard.
It's just like GIF: PNG is better than GIF is nearly every way, and yet the computing world was stuck paying Unisys for years for their inferior technology, simply because GIF was entrenched.
That's why we "communist buddies" insist on unencumbered standards when it comes to the protocols and formats we use to communicate. We're not interested in writing checks indefinitely for the privilege of sending data to other people, or putting it on devices. It would be one thing if these technologies competed on merit alone, and if you could quickly drop one when a better one became available, but it doesn't work that way.
Hear, hear!
See my reply to a similar comment. Still, that paper looks promising and I will give it a closer read.
Like other comments on the performance of GC, yours is also 10 years out of date. Just because the GC in your Java VM is itself a hunk of garbage that should be "collected", doesn't mean all GC is bad.
Talk to me again when these miraculous implementations of GC that have no flaws make it into the mainstream. It's not that hard to solve for one particular constraint. GC apologists keep saying "algorithm X has hard bounds" and "algorithm Y doesn't stop the world" and "algorithm Z is faster than malloc/free!" I'm not interested in solutions to one isolated problem. I want to see one single GC implementation for a major programming language that has no major flaws. I'm not going to spend my life passing different flags to my VM that trade one major flaw for another.
And, doesn't the OS run most video and sound processing?
No -- the OS's job is to deliver buffers to and from user space programs. The user space programs perform the processing. If a user space program doesn't deliver or retrieve a buffer in time, you get an buffer underrun or overrun, respectively.
You realize that a call to malloc is nondeterministic don't you?
malloc only blocks threads that are calling malloc. "Stop the world" blocks threads no matter what they are doing. Big difference.
Generational collection stops the world. Perhaps you are thinking of concurrent collectors?
I'll get more excited about concurrent collectors when they find their way into the mainstream and prove themselves.