Torvalds Explains Dislike For GPLv3

Joe Barr writes "Linus Torvalds explains in three recent posts why he doesn't care for the DRM restrictions in GPLv3, and he has never been one to hold back. From his commentary: 'I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.' NewsForge has the complete text of all three posts available." We discussed his initial reaction to GPL3 at the end of last month. NewsForge is a sister site to Slashdot.

The real question

Torvalds sees openness as a tool, not as an end.

The real question is, should software developers impose their value system on end users or hardware manufacturers?

Given that developers and other intelligent people disagree as to what the right value system for software should be, my answer would be "no".

Re:The real question

FSFs arguments aren't really bad either. They just want you to be able to change the code which is under GPL in products. By wrapping GPL code in DRM and use DMCA to protect it there is legaly a whatertight hole to not let users change the GPL code in the products. This was probably not the intent of the author of said GPL code and thats why DRM is added in GPL v3. And why it's probably welcomed by most developers.

Re:The real question

If the code that you wrote under the GPL was digitally signed by a manufacturer and put in a "Trusted Platform" machine (let's say a router), the GPL (v2) clearly states that they must make your code available, along with any modifications to your code.

That's it. The GPL grants you the further rights to take that modified code and change it any way you like. But it does not grant you the right to install that modified software back on that same machine.

This is no different than if that manufacturer took your GPLed code and burned into a ROM or blew it onto an FPGA and then soldered it into the router. Just because you wrote it doesn't mean the manufacturer has to give you provisions to alter it on their machine.

The answer is purely economic -- don't buy a trusted platform based machine. Don't buy an OS that supports trusted platforms (Vista.) Don't allow friends, families or your business to buy trusted platform machines. If you're in a position to purchase hardware, get "no hardware enforcement of digital signatures" written as a requirement into your RFQs.

GPL v3 is not a business friendly license. It will restrict development unnecessarily, and drive manufacturers away from using GPLv3 code. Look at how well Linux has done in embedded devices (the slug as well as many other Linksys appliances.) These restrictions will likely drive those manufacturers to alternate sources of software, or limit them to only GPL v2 versions of the code.

Re:The real question

RMS started Free software because of an incident involving a buggy printer, and not being able to fix the driver.

with DRM'ed hardware that problem reappears:
1) buggy GPL'ed driver
2) you fix the driver
3) oops, you can't actually install your fixed driver

Now do you see the problem?

Re:The real question

4) original author of signed/DRM'd driver sees said fixed version
5) original author ports your fixes to original release and gives you credit
6) original author signs/DRM's new driver
7) original author releases new code

The GPL is not incompatible with this scenario at all. Signed drivers is the only way to get a stamp of approvable by someone offering you warranty for a product. If you buy a piece of hardware that comes with a signed Windows driver and your machine meets all the apparent requirements and yet it doesn't work, you're entitled to a refund (IMO). On the other hand, if you've meddled with the driver, then perhaps not.

The problem of course is when you can't use unsigned drivers if you accept the risks and losses.

Re:The real question

4) original author of signed/DRM'd driver sees said fixed version
5) original author ports your fixes to original release and gives you credit
6) original author signs/DRM's new driver
7) original author releases new code

There are a few problems with this scenario. Firstly, how do you test your driver to see that it actually works? Maintenance is the largest part of the software lifecycle.

Suddenly, the burnden is on the manufacturer to test your patches. Or at least sign all your test releases. Most manifacturers don't care. Driver writing pays big money, they can't afford to pay someone to go through your code. And even if the manifacturer is good to you, how long will they support their products? 5 years? What then? Expect them to release the key?

I'm not saying I have the solution, and I somewhat agree with Linus's stance - a hardware version of tripwire is a good thing for security. What I am saying is that you can't rely on developers of hardware to work with you. I can really see vendors using this as an advantage by having a no patch policy and telling you to buy the upgraded model for $4000 more.

Re:The real question

The content and control cartels attacked us with the DMCA, making it illegal to exercise our rights to use and modify our hardware and software as we see fit.

We must fight back - if you are in a fight, are being attacked, and don't fight back, you will lose.

The GPL v3 fights back - it is illegal to use GPL code in a product where it would be illegal for one to replace that GPL code with a modification.

The GPL v3 only makes it illegal to have DRM because it is illegal to bypass DRM.

Without the DMCA, these provisions would have never come about in GPL v3. If people could bypass DRM without breaking the law, people would use code to circumvent code. You can't use code to circumvent law (or code protected by law) or you are breaking the law. Therefore we use law to circumvent law - stop them from using the DMCA and our code at the same time - they can't use our code against us and make it illegal for us to use and modify our code as we see fit.

DRM and the GPL v3 may not be incompatible 100%, I believe the language says it can not be part of an "effective protection" system under the DMCA. If the GPL allowed use of DRM, but only on condition that such DRM would not be illegal to circumvent under the DMCA (e.g. the DRM writer automatically gives a license where any circumvention is authorized with respect to the DMCA) there would be no argument one could make against that. Breakig such DRM and infringing copyright would still be a copyright infringement.

Re:The real question

GPL has never been designed to be a business friendly licence. It has been designed to protect user rights. And that is exactly what it is doing. Businessmen found another way to restrict user rights and the GPL v3 found another way to protect them.

If you want a business friendly licence, go with BSD.

Re:The real question

GPL has never been designed to be a business friendly licence.

You say that like it's true. It isn't.
GPL is very business friendly. It is not so much software business friendly, but were I a manufacturing plant operator, I'd like to be able to improve and share the software that runs my business. If my associates agree to do the same we can get something that's better for all of us. It's like sharing better steel formulations to build bigger rooms with which to do our work, which is not making better steel. We all benefit.

Trussed Platform

don't buy a trusted platform based machine

The whole "trusted platform" name is misleading. It means hardware that some 3rd party software or content vendor can trust, not hardware that the owner of said hardware can trust.

Since a TP actually limits what the owner can do with it, I suggest using the more accurate term, "trussed platform".

(trussed: (adj) bound or secured closely; "the guard was found trussed up with his arms and legs securely tied"; "a trussed chicken")

I certainly wouldn't buy a trussed platform machine.

Re:The real question

>> That's it. The GPL grants you the further rights to take that modified code and change it any way you like. But it does not grant you the right to install that modified software back on that same machine.

It might not grant you that right expressly, we have discovered, but this was always the intention of the GPL: to allow you access to execute your modified version.

(http://www.gnu.org/philosophy/free-sw.html [gnu.org])

So in essence, some hardware manufacturers have discovered a loophole. And so the GPL is been modified to compensate for this.

This means that if TiVo, Cisco, Sony, Apple, or any hardware manufacturer wants to lock their boxes up with DRM that prevents anybody from modifying their code, fine, they are within their rights -- as long as they write their own software, from scratch, or license or buy it from a third party who accepts such terms. They will not be able to use GPLv3'd software for this.

>> The answer is purely economic -- don't buy a trusted platform based machine. Don't buy an OS that supports trusted platforms (Vista.) Don't allow friends, families or your business to buy trusted platform machines. If you're in a position to purchase hardware, get "no hardware enforcement of digital signatures" written as a requirement into your RFQs.

But why is the onus on the user or developer -- possibly even the guy who originally licensed the software? Consider reversing the roles in your statement: The answer, to hardware manufacturers, is purely economic -- write your own code, or if you must use software licensed under the GPLv3 (because you are lazy, because it is easier, because it is better, because it offers faster time to market, etc.), do not impose DRM on the users of your product.

This sounds pretty radical, but it is just as radical as saying that you can only use GPLv2'd software in your commercial applications if you distribute your software under the GPL license. The user/distributor of the GPL'd software has a right to do virtually *anything* he wants with it -- except limiting the rights of those who use his derivative work. This, according to the GPLv3, includes hardware manufacturers.

The bottom line is that nobody has a God-given right to use software that is not their own -- not developers, not hardware manufacturers, not users. And those who use licensed software, must abide by the license's stipulations, or not use such software at all. This goes the same for open source licenses like the GPL, as for potentially more restrictive ones like, say, Microsoft's.

    -dZ.

Re:The real question

This reminds me of a story from the British reign in India, when the Brits were trying to put a stop to the local practise of suttee, burning a widow on her husband's funeral pyre.

Some locals complained that this was part of a deeply held religious belief and long tradition, and the Brits had no right to interfere.

"Not at all", the local governor said. "You believe that it is alright to burn a woman on her husbands funeral pyre. Very well. It is our belief that anyone who tries to burn a woman alive should be hung from the neck until dead. You follow your beliefs, and we'll follow ours."

Re:DRM is the antithesis of openness

I do not understand people that are totally anti-Rights-management.

Because to the extent that your computer is an extension of your mind, DRM is a "restraining bolt" that determines what you can or cannot say or think about, and its application is almost entirely in the hands of a powerful few. Even if it was never abused (and that's a huge if), the idea of somebody else having the final say over what you are allowed or not allowed to think is a disturbing thought.

(Analogy: imagine someone had invented a pill that kept people from thinking about molesting children, and that they wouldn't let anyone move to their town unless they agreed to take that pill. Would you feel comfortable agreeing to that, even though it was for a good cause? What if you knew the pill could easily be altered in the future to, say, force people to vote for a particular political party? Remember, once you've moved to the new town, you'll have to either accept any additional pills they decide to require in the future, or pack up and move to another town again... which might be very inconvenient for you, especially if there are no longer any "pill-free" towns nearby)

Re:DRM is the antithesis of openness

>> In order for the market to work and content to move into the digital
>> age and away from physical media, there has to be DRM.

Perhaps in the generic sense of "digital rights management", i.e., some combination of technological and legal mechanisms for managing the legitimate rights of those people who create, own and distribute digital content.

But that's not what "DRM" is used to mean, by many content owners. To them, "Digital Rights Management" is about forcing on consumers -one- unbelievably restrictive, poorly engineered, legally questionable mechanism for protecting -and substantially extending- their already overbroad perception of what their "rights" are under the law.

> I agree with you completely. I do not understand people that are totally
> anti-Rights-management. The problem is the way companies are using the DRM
> tool as a lot of them see it as a way to squeeze more profit from their
> customers.

Very true. But many of the Anti-Rights-Management folk have leftover -legitimate- suspicions of anyone defending rights management. Like a man who's been beaten up by crooked cops once, he will -always- be suspicious of cops. The fact that they are good cops doesn't change this.

Until the good cops start cracking down on the bad cops, we can't even -begin- to deal with the suspicions.

> But you have to see DRM with a broader view, it is about the management
> of rights in information, as the world continues to depend more on
> digital information there is an inherent *need* in controlling who
> can and who can not access that information.

That's not completely on target, I feel. There is a need to enforce the legitimate ownership rights to information. This is not precisely the same as "controlling who can and can not access that information." Rights management law and technology needs to take into account the right of consumers to have permanent unencumbered (not unrestricted) use of digital content they have purchased.

That means when technology changes, I need to have recognized my absolute -right- to transfer the content to another form. That means when the company that produced the content folds, I need to have recognized my absolute right to engineer my own solutions for transferring and utilizing this content (and have third-parties engineer the same). I need to have recognized my absolute right to -refuse- to accept future contractual licensing changes on content I have already purchased. I need to have recognized my absolute right to be informed prior to purchasing, the licensing terms of the content, in simple clear terms.

And content providers and software and hardware manufacturers are fighting like mad to avoid respecting any of these rights.

> It is not only about music and movies. It is about documents and all
> other kind of digitally representable data.

> The people that rant about the right management technology usually has
> no idea how to control information,

Well, to be fair, most people who -support- DRM technology usually have no idea how to control information, either.

> I am totally against the way CORPOPRATIONS are using DRM technology
> (I was the first to compile a list of Sony Rootkit CD's when it
> started) but seriously, the technology is not bad, it is corporations
> abusing it to get more power.

Unfortunately, they will continue to abuse it until (A) the rights of consumers and the responsibilities of corporations are clearly enumerated in the law, and (B) DRM technology is mature enough to rely on. We aren't even close to that point. It requires methods for accurately and independently auditing the software and hardware end-to-end. That ain't happening; not in DRM, not in voting, automotive, medical, or any other hardware and software where we have a need for verification and reliability.

Re:DRM is the antithesis of openness

Now, there should be provisions for expiration of DRM concurrent with copyright and whatnot

Yeah, but there never will be. That's the problem of DRM.

DRM lets content producers legislate arbitrary terms. Copyright law becomes pretty much irrelevent, because the software dictates the terms, and DMCA gives those terms the force of law.

DRM completely eliminates the balance of Copyright law, because it gives content producers, who have an incentive to control every possible aspect of how their work is used, a blank check to do so.

Re:DRM is the antithesis of openness

but in order for the market to work and content to move into the digital age and away from physical media, there has to be DRM

I have always had such a strong reaction against DRM that any future with DRM has always seemed distopian to me. I tend to think that eventually the entire concept will be discredited, because customers will choose with their dollars products that can be played on all their devices, and artist will choose to ally themselves their customers. It is just a matter of people seeing what the geeks already know; that there is power in not getting locked into a single system.
However, there are such strong interests fighting for DRM, that I also admit that it's possible that in the end, that the future will require some sort of DRM. But if I am to concede that possibility, it then becomes clear to me that new laws are needed, protecting the user's rights. If copyright holders are to be allowed to use a technical solution for protecting against unfair use, then they must be prevented from hindering fair use.
 
there should be provisions for expiration of DRM concurrent with copyright and whatnot, but there is nothing wrong with reasonable use of DRM for protecting intellectual property in a manner consistent with appropriate precedents and law.

I agree with this, but there is a lot of hand waving in that "and whatnot." Society has a lot of work to do hammering out exactly where the boundaries between fair and unfair are. It's not even clear to me that a fair technical solution is possible. How would software know your intentions when you copy that file? Are you just making a backup for your own use, or are you going to sell it?

Re:DRM is the antithesis of openness

I'm sorry, but in order for the market to work and content to move into the digital age and away from physical media, there has to be DRM.

Not really. A more appropriate action would be to develop a different way to pay content creators than trying to map the analogy of physical items made out of molecules onto abstract concepts made from pure information.

This whole scheme was a kludge when it was invented a couple of centuries ago, but it worked OK so long as there were only a couple of printing presses in each city. It really started getting strained when technologies such as photocopiers and tape recorders became available to the public. It almost broke down totally with the availability of hard drives and the Internet to transmit copies. Now, with the world moving towards the sale of content with no media at all, the concept is becoming absurd. There's no physical media left at all on which to map the physical property analogy.

Trying to simulate the physical object mapping with pure encryption and software algorithms is like trying to hold together jello with rubber bands. It's not going to work unless the government takes away your right to own a general-purpose computing device without encrypted links to your monitor and speakers. I assert that the freedoms that give you the right to own unhindered computer hardware are more important than the economic benefits that content producers would get from unbreakable DRM schemes. I don't care if the amount of content created and the number of producers the economy supports would be significantly decreased. Locking down every information handling tool available to us is just not worth it because the same DRM tools that content creators use to ensure payment will undoubtedly also be used by governments and private parties to monitor, snoop and control all of the information that we use.

"We"

By "we" is he referring to kernel developers? Because we all know RMS is a crusader trying to press his beliefs onto others. I think the creators of the GPL are trying to be much more influencial than Linus ever was. Linus mostly wants a great OS and community of developers. RMS wants complete reform (or removal) of IP laws. Different goals will get different reactions, and here's where they start to clash.

Re:"We"

His quotes in TFA sound as if he's not against IP law reform/removall, so much as he is against the way they are doing it.

You don't strong arm the postal carrier when your neighbor puts up a fence. Why should software developers be strong armed over content providers decisions. If you want to fight DRM's, fight the people who are creating them, fight the people who distribute them, don't fight the people who are trying to make your software more effective.

-Rick

Oh yeah, Stallman is a real tyrant...

Not.

He's thinking about the near future, where most interesting new hardware would have a chain of trust that requires you to have secret keys to get your programs to run on it, and you will never get those secret keys.

You modify that source code to your heart's content, suckers, because it's written against this prison platform (and it's probably not really useful anywhere else) and if you change it, it won't load.

WTF is the point of the GPL then? Where is the freedom?

Leaving aside the fact that DRM itself is nonsense (it is), impossible (it is), and inherently repugnant and evil (it is), DRM is directly incompatible with the purpose of the GPL, that's all.

The GPL itself has a "no secret sauce" provision. You're not really staying free if you can keep to yourself some secret that the code actually needs to work. This is just formally and explicitly extending the same line of reasoning for the most likely way it's being violated.

I really can't understand why people don't get this. The corporate world on a whim thinks it might be more profitable to take away all your freedom to tinker. They're probably not even right about that.

You just all roll over? Sure, I'll help. No, I don't need to get paid.

RMS is saying, look, this is bad shit, and I want no part of building this prison. Anyone who feels like I do, here's a license you can use. Don't be a sucker.

Linus doesn't want to use it, fine. I think he's an idiot for not getting it, but no one is being "pressed." We're all free to do what we want. Stallman can't press anybody. And that's the point. he's fighting so that you can't be "pressed" by others.

"Pressing." LOL! All this hate against RMS and the FSF is so barbarous, and so sadly ironic, frankly...

Re:Oh yeah, Stallman is a real tyrant...

All of your arguments against DRM make sense, but they're arguments against DRM, not against open source software that implements hooks for DRM hardware. The GPLv3 would, for example, rule out allowing a company to ship a Linux distribution on a hardware platform that required the software to use secret keys in order to run, even if the code that had the hooks were open source. This does not hurt the hardware vendor, but does hurt the open source project which will be passed over by anyone who needs to interact with that platform.

Linux became the default choice for many business server and embeded applications because it DID NOT make these kinds of arbitrary decisions about the rightness or wrongness of the use to which you put the OS. That menas it might be used to kill people (which I find much more problematic than DRM) or to sniff out file sharers or to record international phone calls, but that's something that you fight outside of the tool. The tool is just a tool and improper uses should be sanctioned by dealing directly with those uses, not invalidating the tool.

Put another way: if the Linux kernel COULD be put under the GPLv3 tomorrow and WAS, I expect that we would all be using FreeBSD in not so very long. That really doesn't make the statement about DRM that I think Stallman was trying to assert.

Your take on RMS is remarkably incorrect.

Because we all know RMS is a crusader trying to press his beliefs onto others.

I think this says a lot less than you think it does. Everyone who tries to convince others of the weight of their argument is "trying to press [their] beliefs onto others". This does not address whether those beliefs are wise or valuable.

I think the creators of the GPL are trying to be much more influencial than Linus ever was.

They already are much more influential, but influence isn't that important without understanding what the influence is trying to get you to do. The GNU GPL is almost 20 years old and is the most popular license in the Free Software community. GNU is a remarkably popular OS. Linus Torvalds has not written any license, nor has he assembled a social movement, nor has he put together an operating system. The Linux kernel was originally his work, but now there are many forks of the Linux kernel and Torvalds' fork is one (and this fork has many contributors, Torvalds no longer writes Linux alone). People draw inspiration and code from his fork of the kernel, but plenty of people in the community don't use the Linux kernel at all, yet they still use some GNU programs (such as GCC). Even some proprietary software projects use GNU programs to build their systems (again, GCC among them). The GNU project aims to bring people software freedom—the freedom to run, inspect, modify, and share programs—freedoms which Torvalds sometimes works against (his chastising Andrew Tridgell for working on a program to allow users to copy data from Bitkeeper repos comes to mind).

RMS wants complete reform (or removal) of IP laws.

Please cite a source to back this up; I know of nowhere RMS says that he would like all patent, trademark, copyright, and other laws to disappear. RMS presents a clear understanding of why we should not use the term "intellectual property [gnu.org]" (which is what you mean by "IP" here), and has come up with a clever use of copyright law to create and maintain a legally defensible commons. Someone who is utterly opposed to copyright law would not do this. They would probably reject copyright law entirely for copyrightable works, place their copyrightable works into the public domain and encourage others to do the same. Yet in his explanation of "copyleft", RMS says why he doesn't place his copyrightable work into the public domain (but would be fine with his copyrighted works entering the public domain through systematic copyright expiration, in fact during the recent GPLv3 conference Eben Moglen said that RMS would be more comfortable with a copyright regime from long ago instead of the one we have now).

Your post is vastly overvalued in its moderation. It is not interesting nor does it deserve a +5.

He's right on the money

He hit the nail on the head (can I think of any more cliches?) with that one. The point of opening the source should be to cooperate, not force people to do it your way. Version 2 of the GPL only forces people to not abuse your kindness. If we try to use our licenses to force our beliefs on others, where exactly does it end? With all the backlash in this country towards the religious right trying to legislate their own morality onto everyone else, you'd think the extremely liberal like Stallman would learn a lesson from that and NOT try to force his own sense of right and wrong onto everyone.

Re:Speaking of money...

Money wins much of the time. I don't see this as an issue of forcing anything, but merely ensuring that the playing field remain somewhat hospitable to open source development. I think Linus' view might be appropriate for the process of development, but I think RMS is focused more on the environment in which that development takes place. In effect, Linus is asking that we place a great deal of trust in the commercial sector, trust which I'm tempted to think is entirely misplaced. There have undoubtedly been some shining stars, but these are the exception, not the rule. In essence, open source needs to protect itself against those who insist on playing in a more non-cooperative environment simply because it offers them greater advantage.

Re:He's right on the money

"If we try to use our licenses to force our beliefs on others, where exactly does it end?"

They still have the right to write their own software which is not subject to the GPL v3. Stallmann is not trying to force his own sense of views onto anyone, they are still perfectly capable of writing their own if they don't like the it. And software developers can still licence their software under the GPL v2 if they wish.

Digital Rapacity Management

We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.

Well this shows what happens when people worship differently.

Linus worships a benevolent God, looking out for the best in a cooperative humankind.
The DRM people worship only one God, the Almighty Dollar.

Re:Digital Rapacity Management

...and RMS and company worship a vengeful god, who will rain fiery death on the evil proprietary DRMed software.

:-p

I agree, he is a nice guy. The world isn't

The biggest difference between Linus Torvald and Richard Stallman is that Linus is an optomist and Richard is a pessimist.

Linus seems to walk in world all his own. Somehow he seems to think that we can vote with our dollars to force the hardware makers to cater for our non-drm needs. Right.

Has he got some other figures on linux use? It is already hard enough to get hardware makers to support linux besides closed source software like windows. But for hardware makers to develop non-drm hardware for just the linux market is insane. Linux is Linux because it runs on cheap easily available hardware. Specialist hardware or worse having to make you own would kill Linux fast.

What he maybe doesn't get that DRM isn't a analog state. It is binary. You either have it or you don't. Oh, and at the moment, we don't. We got a sorta DRM0.1 at the moment. FULL DRM will be a beast few can imagine. Certainly Linus doesn't seem capable. Stallman is capable.

FULL DRM means that ALL hardware and ALL software in your entire computer will be DRM aware. Hardware DRM will not work with NON-DRM software and/or NON-DRM hardware.

For DRM to realize its full potential EVERY piece of your computer must be DRMed. The motherboard, the CPU, the memory, the buses, the cables, the monitor, the speaker, etc etc. It cannot have a single open piece of hardware because the moment you have that the entire DRM chain becomes useless. It is the old argument against DRM that you will always still be capable of capturing the out put of any DRM device. As long as you can hear/see it you can recapture data no matter how it was protected before.

Que the old story of Vista requiring DRM monitors. if you don't then you could simply hookup a DVI cable to the output and put in a video capture device and instantly avoid any DRM measure.

Will Vista really do this? probably not, as I said before we don't have full DRM yet. We probably won't have it in Vista either. But it is coming unless we stop it now.

It is difficult to constantly be paranoid and think that behind every wintel move there must be an evil scheme but can we afford to be wrong?

Then there is Linus defence of DRM namely signing RPM packages. Well yeah, signing them makes it secure but what is that saying again? He who trades his freedom for security soon will have neither? Something like this.

We could have the security of knowing who wrote the software we run OR we can have the freedom to write and run our own software. Not both. Your choice.

Markets ultimately correct these silly drm attempt

DRM will come and go. It's not the real threat you think it is. I have now been programming and dealing with hardware for about 20 years now. Just enough time to see the same things happen over and over again. Many makers will use DRM to lock you into bying there stuff. Consumers will get pissed off and stop bying that stuff.

I used to fret and worry about IBM locking down PC hardware so customers would end up locked in an IBM world. Remember that bus that IBM made, microchannel or something, that was suppose to be better than ISA. IBM was going to charge big time for board makers in liscence fees to make cards for these slots. Well along came a small company called Compaq and gave consumers what they wanted. Over the years I have watched this same scenerio play out over and over again with HD interfaces, Video cards, data file formats, you name it. Each time the open market solution natuarly won.

The consumer market wants cheap and hassle free solutions whether they have the DRM label or not. If John Doe can't plug his USB key and save a file in 10 seconds without sacrificing serious money he will go to a providor that will. Linus is right, vote with your dollars. In the ever competitive hardware market, where margins are as thin as tissue paper, some one will be there to cater to what you want.

Computer hardware and software is ultimately a buyers market. Let the market punish dumb hardware and software makers that restrict your use.

Interesting comments

'I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.'

Given the prevailing attitudes towards hardware vendors from a driver development perspective...

There's a diff between leadership & followship

Linus' philosophy doesn't bridge the gap between us vs them (coders vs hardware engineers), but it does help content owners deal with their own cesspool of problems.

I applaud his choice; it's not quite an RMS sort of view, but close: let the idiots deal with their issues. We'll let the software do its job.

Fairly simple, eh?

I suppose ....

... RMS could always go looking for another kernel for his crusade.

Bravo Linus, for showing us that one need not have a GPL tatoo to enjoy the benefits of Linux.

What's The Big Deal?

People seem to forget that, simply because GPL3 is coming out does not mean that GPL2 is going away. GPL2 is permanent! GPL2 Lasts forever. Sure developers can choose to use GPL3 if they want but, the fact that they used GPL2 does not require them to use GPL3.

Linus doesn't like GPL3 in its present state, for good reason. He has stated that he will, for now, stick with GPL2. What's the issue? GPL2 has been good enough for Linux for the past ten years, there's no reason it should have to move to GPL3.

Re:No more hacking?

Yep, that's exactly what the restriction in the GPLv3 is intended to prevent. It's hardly a philosophical change of direction, more like a clarification. The GPL has never been intended to allow freeriders who want to use and benefit from GPL code while at the same time preventing others from doing the same thing.

However, what's the question here?

Martin Fink tells it like it is:

The question is not why you should migrate to GNU GPL v3, but why not?

Enough with the ``forcing morals on others" stuff

Look, GPL3 does not force ``our" morality (in whatever sense of ``our" is relevant) here on anyone; nobody is compelled to use the license OR to use software released under such a license. This is not exactly like sending a perv-squad to take down adult shops or sending Christian soldiers off on a crusade in the middle-east or sending young people to blow themselves up in crowded buildings. . . . Heck, it isn't even like that whack-job Jack Thompson.

(As an aside, there IS frequently plenty good reason to force our morality on those who don't agree. If the come walking into my town to commit genocide, I will impose my morality on them by either (i) appealing to their rationality or (ii) using force.)

DRM *can* be good

One of the points he made which is very important is that digital signing of content is important for the way open source software works. If RedHat has to supply the keys used to sign Fedora Core 6 with the OS, the signature is completely useless. The anti-DRM provissions of GPL V3 would not only lead to less places you can use open source software, it would also make that software worse.

I also agree with the idea that, while DRM is evil, it's not software developers place to fight it and in fact there is no *need* to fight it. The proprietary vs open thing will soon be smack the content creators around just as badly as it is smacking the software creators around now. The more quality content that is available for free, the harder it will be for the content houses to insist that you not only pay for content, you also have crazy limits on what you can do with it.

There should be a fund and an organization dedicated to fostering tallent and helping them develop creating creative commons licenced works. I'd like to see all the National Endowment for the Arts money going to something like this for a few years. Better yet, I think there should be a tax on RIAA/MPAA producs used to fund it.

Re:DRM *can* be good

Someone more legally minded than me may shoot me down for this, but I understand that Linus' comments about Redhat are a misunderstanding of the GPL3. From TFA:

Notice how the current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys so that anybody sign their own versions of the modules they recompile, in order to re-create their own versions of the signed binaries that Red Hat creates. That's INSANE.

This is not what the GPL3 says at all. It says you must distribute keys IF your code won't work without them. In the Redhat case, that's not true at all - you can download and install unsigned (or third party signed) code all you want. Redhat signs stuff so you can be sure it came from Redhat and not Fred in His Shed - that is ALL.

From TFL:
Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications. It also includes any decryption codes necessary to access or unseal the work's output.

The GPL3 does not try to take code-signing capability away from anyone. It states that you must give away keys if it's impossible to make a working program without them. I'll give an example:

Say there's a crypto program that uses modules, and is not open source. If you write modules, they have to be signed by one of a series of keys before the program will use the module.

If you tried to release a GPL3 module for this product, you would have to also put your keys with it because without the keys, a third party cannot produce a working module.

The GPL3 really says that if you're using DRM, you have to let other people use it too. There's a double-edged sword here: At the moment, you could release your (non-working) module as GPL2. Of course, it's useless, except for anyone else who has the keys. It's unlikely the owner of the crypto program would release keys for anyone to use (and so distribute) as that (as stated by Linus) makes the use of DRM pointless. In short, you're unlikely to be able to use the GPL3 for such situations.

My personal view (as if it matters) is that the GPL3 will fail because (a) people don't understand it and (b) no commercial vendor is likely to use it if they have to give everything away to do it. Using GPL2 + secret keys means you get all the benefits of open source, without giving away your competitive edge.

Of course, GPL3 might gain ground because version 3's got to be better than version 2, right?

You are wrong and out of context.

Linus understands the license correctly, as do you, but you don't understand Linus. He wasn't talking about what RedHat does -now-, he was saying -if- you had hardware that only ran signed kernels and -if- RedHat distributed a kernel for it -then- the GPLv3 -would- require RedHat to distribute their private key at the same time.

Nothing to do with anything being done now, since RedHat does not currently run on any such locked hardware afaik.

Well said

I thought, when I first heard that Linux wouldn't support GPLv3, that he was simply throwing his teddies out the pram at something that was even written yet. No I hear his reasoning though it sounds like a very good call. GPLv3 sounds like it is loosing sight of what it really set out to achieve. OSS has reached a point where a lot of tech companies are seriously considering using it if not actually already using it. I can't help feeling that the power might have got to RMSs head a little. I'm not a big fan of Linus in particular but he does do a fairly good job of "keeping it real" something that people in powerful of infulental positions seem to lose sight of.

Expediency vs Principle

It is commonly argued here that RMS and FSF are out-of-touch crusaders to be marginalized when considering how really to get software written. I disagree.

Torvald's kernel and the community that support it are quite remarkable, and I wish to take nothing away from them. However, they would not exist if not for gcc and a host of other tools that themselves would simply not exist were it not for Stallman. He was savvy enough to see the creation of these tools; part of this savvy manifested itself in the GPL which demands quid-quo-pro from users of free software.

Now you can imagine a world in which we all just gave away our efforts, and you can imagine a world in which this benevolency resulted in a societal revolution in which open-source (but not necessarily free) software thrived. I can never prove that such a world might not have evolved, but the world as it actually exists has been heavily shaped by Stallman's efforts.

Stallman is certainly not irrelevant in the history of software. I would hesitate to dismiss him as irrelevant to the future.

Re:Expediency vs Principle

Being relevant to the future doesn't make him right nor necessarily relevant to the future and claiming free software wouldn't exist today without gcc is absurd. BSD exists today after all. It could be argued that Linux has done more to make Stallman relevant than anything Stallman has done himself. Most ppl are interested in the software, not the ideology. That appears to include Linus.

Sometimes...

...I think Linus is the only Human in the OS leadership. He seems to have a remarkable amount of common sense. Too bad it isn't rubbing off on his compatriots...

Re:One word

Thank you. Linus dislikes IP issues, which is fine, but tends to ignore them until they come back to haunt him and everyone around him, which is not. I don't like toll roads, but that doesn't mean I can just drive through tollgates like they don't exist.

RMS deals with issues by confronting them. Linus deals with the same issues by avoiding them. And yet, it's fashionable to laugh at RMS for being out of touch with reality. Go figure.

Why would they have to give away their keys?

Okay, call me dense, but I really fail to understand why he thinks the GPLv3 is forcing people to give out their private keys??

Perhaps I'm misunderstanding something, but I was under the impression that GPLv3 says that "source code must be made available, including any encryption keys required to get it". Doesn't this just mean that any encrypted information needed to get the system running need be provided? How does this imply that people need to give away the keys they used to SIGN the code? Authenticating the code has nothing to do with its availability.

I don't understand why Linus seems to be confusing digital signing with DRM.. (yes, DRM uses digital signing techniques for implementation, but that doesn't imply that digital signing IS a form of DRM... only that DRM is a form of digital signing..)

- confused.

Alan's Comments

Ping Wales have an interview with Alan Cox on the subject [pingwales.co.uk]. I know of two people who have tried submitting this, but it's been rejected both times.

Proprietary Linux

I think Linus might change his tune if and when companies begin releasing de facto proprietary version of Linux on closed hardware platforms.

It's simple really. A hardware company, say Dell or Apple, build DRM systems that only allow binaries that are digitally signed to run on their systems. They then proceed to pilfer GPLv2 code, sign it to run on their system, and then never give out signatures to any FOSS people.

Dell sells a PCs, servers or Laptops running "Dell Signed Linux". Sure they give you the source, but they don't give you the keys. Linux becomes a closed OS on DRM platforms, with only the big companies able to turn the now useless source into working binaries. Cue the "Proprietary Linux" club, which will begin to look an awful lot like the Unix club.

he doesn't get it

Smart guy, but can't see the big picture outside his own specialist niche. This isn't a dig, it's an observation,and I have seen it many times with brilliant people I know. If the software patents and DRM goons had had their way back before he wanted to build a minix/unix replacement, he wouldn't have been allowed legally to do most of what he did. Heck, we would barely have affordable functioning home computers either.
I really like the idea of a new GPL that goes farther than the last one in making sure freedom and openness becdomes the norm and not the exception. If we can't get rid of software patents, we can use the fact they exist against that concept. It's sad but you can't remove the legal aspects to coding, so might as well use what ammo and tools are available to counter the threat that patents and DRM clearly are.

Short Sighted

Although Linus makes very good points I think he doesn't understand the pernicious nature of those who would want DRM technology.

Granted as a software creator I should have the ability to do whatever I want and the F/OSS community should only have domain over what they create. However, we are _not_ an independent community. Without hardware vendors the software we create is worthless.

If the almighty Microsoft decided to lock out hobbiests and allow only those paying into a "partners" program to have their software signed as running on windows and neither the OS nor the underlying hardware allowed for execution of unsigned code then the F/OSS would run into problems.

Granted "we" as a community could buy other hardware, but with the _vast_ market share of Microsoft it would be difficult [as it is to get drivers now] to convince vendors to spend the time, energy, and $$$ to develop F/OSS friendly hardware.

I think Linus is a bit niave in thinking that larger software vendors won't make backdoor agreements with larger hardware vendors to use DRM technology to remove competition.

I mean they've used every other tactic they can think of, why not hardware DRM?

DRM is not inherently evil

Some police departments are using DRM in cameras to prove that photographic evidence has not been tampered with. This is just one of many, many examples people benefit from limiting the capabilities of the user. If you've ever worked in IT, you know how dangerous users can be. Imagine never having to remove gator from someone's computer again, while still giving them privileges to manage their own system.

An anti-DRM software license is just as stupid as RMS deliberately making su insecure because he was mad that he couldn't root a box.

Anti-DRM provisions

Has anybody here actually read and understood the anti-DRM provisions of GPLv3, or are you all just spouting off?

Section Three -- the anti-DRM provision -- basically says that any work covered by the GPLv3 is not to be construed as a copy-prevention measure. In other words, if some mis-worded legislation makes it onto the statute books -- specifically legislation which apparently makes an act illegal, ignoring that a copyright holder might well have given permission for such an act -- GPLv3 3 is there to make it quite clear that the copying is being carried out with the blessing of the author.

It also ensures that if software subject to GPLv3 is recorded on some medium which attempts to restrict copying, that any user who is forced to bypass anti-copying restrictions in order to perform a legitimate act for which permission had already been granted, has a legal defence for doing so.

Which of the above don't you agree with?

Fighting DRM

I agree with Linus that the GPL is the wrong place to fight DRM.
If you like me and many others, think that DRM imposes problems for both individual persons and the way we want to run our societies, then you must fight DRM at the _real_ battlefield, namely the political process that makes the laws governing your society.
_WE_ know why DRM is a bad thing, but does the politicians? the voters? your friends?
You need to sharpen your thoughts about why you think DRM is a bad thing for our society, and then act upon it.
Fighting DRM is a political battle, not a technical.

We may not be able to gather enough political support to outright ban DRM, so let us instead follow the anti-tobacco crowds lead, and bit by bit; a law here, a ban there, make DRM product manufactureres life difficult and expensive.

Eg. enforce a DRM escrow: the content providers must guarantee, not promise, not try, but guarantee, that a DRM free version is available when the copyright expires.
And since DRM products enjoys not only the strong copyright protection, but also protection from DMCA laws, then it is only fair, that the duration of this state guaranteed monopoly is shortenend somewhat.

Be imaginative; think of all the little scenarios where DRM could be a problem, and work for small, concrete laws that expells DRM for that scenario, or at least makes it more expensive.

Make a "lex Sony rootkit"; make DRM dealers responsible for their actions in a way that actually hurt them.

Make sure that all DRM products are marked as such in a clear way, perhaps like on cigarette packets; "Warning, this product contains DRM, that may be harmfull for your personal freedom";-)

Make a "Lex ipod", that guarantees everybody the right to use their bought content on _all future_ appliances.

--
Regards
Peter H.S.

GPL2 not 3 for Linux is quite strategic

If Linux were released under GPL3, then nobody with a DRM box could run Linux on it. But by allowing Linux to run on DRM hardware, if something doesn't work because of DRM, then the HW manufacturers are the bad guys, and DRM at fault -- not those nice OSS people who just want to help everybody.

It also gives us all ongoing opportunities to observe misapplications of DRM technology (spyware, malware attempts) by providing a nice platform. While finding ways of actually thwarting lawful applications of DRM would be wrong, if there's an unlawful misapplication of DRM that's easily observable (because Linux runs on the thing) and possible to thwart...Cool!

So I have to say that Linus has it right, both in spirit and in strategy wrt to the kernel. And there's nothing stopping anyone from writing GPL3 applications that run on it -- but only if you get a non-DRM box. Which is another way of strategically opposing DRM -- allow your OS to run on it, but let it break half the apps, so people have a reason to not buy DRM hardware.

And he says as much, too.

God bless Torvalds

He's so level-headed in a field of holy-men-with-a-mission-from-$DIETY as far as the eye can see. I may not always agree 100%, but it's well worth it just to hear him point out from time to time that we do not, in fact, have to commit ourselves to Jihad.

Missing the Point

I feel that Linus is missing the point. GPL3 is mostly a set of changes to give some assurances that code licensed under it will not be made proprietary through the use of DRM and strengthens the provisions regarding patents.

Having anti-patent provisions makes total sense in my book. Having patents invoked against GPL'ed software means that the software cannot legally be used, and this provision makes it just that much more costly for a real (not a lawyer-only firm) to shut down a GPL project using patents while not effecting other users in the least.

The DRM provisions don't forbid the use of DRM, but assuming their legal theory is correct, it will make it legal to circumvent the DRM assuming that it is done for a legal end.

get over it

I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers.

Bill Gates has no qualms about enforcing his rules on hardware manufacturers. Neither does Steve Jobs or anybody else in industry. And corporate CEOs are religious about how they think the market should operate and won't shut up about it.

RMS is no more religious than any of these people, and the GPLv3 restrictions are still far less onerous than anything Microsoft, Apple, Sun, or any of the other big players will force you to agree to.

Linus is entitled to his opinion about the GPLv3. But his statement that we have no moral right to enforce those restrictions is ridiculous in light of the fact that everybody else is trying to place far stronger restrictions on licensees and nobody thinks twice about it.

DRM concept is false idea itself

Whole DRM concept is seriously flawed and cannot work in reality but in limited way only. Here are my points:

- In cybernetics theory, there is no mathematical distinction between hardware and software. Hardware has theoretical base in abstract automatons while software in algorithms, but cybernetics shows those two are mathematically equivalent. Whatever algo you can design in hardware (logic gates, for example) you can implement in software and vice versa. Also in theory, there is no distinction between data and program as well.

- Most non-cs people intuitively accept hardware as something static, and software+data as something volatile, and DRM is a try to declare software+data static by binding it to hardware. This is fundamental error of the DRM, because hardware could be not as "static" as it is expected to be. So, DRM concept does not respect laws of mathematics which makes it false.

- Algorithm cannot decide if it runs as a part of some "bigger" algorithm. First emulator of specific DRM hardware will make the specific hardware obsolete.

Example for dummies:

Imagine your computer is DRMed totally to the stage you can only use a word processor with limited scripting of your own documents, and email to send your documents around. But you can create an universal computing platform even on top of that:
- let the document represent a "memory" for virtual computer (line==instruction, use hex or keep the stuff human readable or both)
- write some virtual instructions as a document script functions
You can code an 8-bit platform such way in a week or two, capable of running some ancient 8-bit operating system such as Newdos-80 or CP/M at the speed comparable with those of 70'-80' computers. Or you can code something like forth or lisp even quicker, in days.
- Process your data such as sound or pictures on that platform. Use other word documents as a filesystem.
- use email transport as a low level network layer, implementing some simple protocols over it, treating an email message as a "packet".

Now you have a free as in uncontrolled platform at your hands.

Re:Translation

Translation: "I feel that we do not have the muscle - as open source software developers - to force hardware manufactures to bow to our DRM demands. They'll just laugh at us."

Don't put words in his mouth. Linus has never been the crusader that RMS is, and as he says in the article, doesn't want to be either. He claims that he doesn't feel like using software licensing and copyright as a weapon to fight political battles. I don't blame him, either. He seems to have meant precisely what he said. Since Linus isn't much prone to doublespeak or pulling punches, I'm tempted to believe him.

GPL3 is a tipping point for the FSF. If they go that route, they will lose all corporate support, which they think they don't need but in fact very much do. GPL3 goes way too far. So if they want to marginalize themselves...go right ahead.

Re:If Linus thinks..

> The GPL... allows you to stand upon the shoulders...

It's always interesting to see people depate BSD vs GPL in theoretical terms, while completly ignoring how both actually work in the real world.

The most prominant BSD licensed products (Free, Open and Net ) all happily share between themselves, thus effectivly standing on each other's shoulders. What they don't do is waste time on stupid license discussions, or being worried about what someone else might do with their code.

The GPL world, otoh, spends it's efforts on discussions like this one... and I can't find a single instance of people standing on each other's shoulders.

(not that i think linus should switch licenses. afterall, it's his software. he can license it any way he likes.)

Re:If Linus thinks..

and I can't find a single instance of people standing on each other's shoulders

Uh, say what?!? What about Linux (based on Stallman's work), mplayer (based on libavcodec, which uses X264), and basically every other GPLed software in existence? Looking at popular packages, it's hard to find GPL'd work that *isn't* standing on some other GPL'd product's shoulders!

More examples: CVS (based on VCS), SVN (based on CVS), Gimp (based on tons of image processing libraries, e.g. libpng)

It's possible that there is no CVS code in SVN (although I'd be surprised), but I would be astonished if the SVN developers weren't reading CVS code for ideas.