Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Linux Software Your Rights Online

Linus on DRM 969

Posted by michael
from the asbestos-underwear dept.
Linus Torvalds weighed in on the DRM debate on the linux-kernel mailing list last night. No, don't click through, his email is reproduced below. Worth reading and thinking about.

Thread on LKML:

Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!

Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.

I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.

[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.

But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.

That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.

Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.

So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).

Linus

This discussion has been archived. No new comments can be posted.

Linus on DRM

Comments Filter:
  • Props to Linus (Score:5, Insightful)

    by dtolton (162216) on Thursday April 24, 2003 @10:04AM (#5799287) Homepage
    What Linus is saying makes complete sense to me. I think the
    Kernel level of Linux is the wrong place to make a political
    stand like that. What has made Linux successful, and what will
    make it ultimately *the* OS is it's an
    Evolvable System [shirky.com]

    The fact that people can use Linux for whatever they need to is
    what makes it such a compelling system. The fact that you can
    tinker with it, change the source, in short make it work for you
    is what makes Linux successful.

    He also makes a good point, there is a difference between
    allowing DRM and forcing everyone that uses the OS to use DRM
    (as M$ want). There are some times when DRM is very legitimate
    (Goverment Top Secret Docs, Litigation Confidential information
    etc), and there are the times when I consider it to be
    un-ethical (most other situations I can think of).

    I have to say way to go Linus. Keep the system evolvable.
    Ultimately isn't it a catch 22 anyway? If he prohibits DRM,
    isn't that sort of like saying "this is my software and you
    can't do XX with it".
  • In summary... (Score:5, Insightful)

    by sporty (27564) on Thursday April 24, 2003 @10:04AM (#5799301) Homepage
    Technology, encryption, reverse engineering, mp3's, drm, sniffers.. they arne't inherently evil. It's the usage and if they go against your morals, ethics and general desires, if they are good or not.

    Laws which put their use at all, as forbidden or not, is what should not be put into law. It's how they are used.
  • Voltaire (Score:4, Insightful)

    by egoff (636181) on Thursday April 24, 2003 @10:06AM (#5799316)
    Sounds like the quote by Voltaire that embodies free speech:
    'I may disagree with what you say, but I will defend to the death your right to say it.'
  • Still cool (Score:4, Insightful)

    by ike6116 (602143) on Thursday April 24, 2003 @10:06AM (#5799317) Homepage Journal
    Once again Linus leaves it up to the one thing that makes linux beautiful: Choice.
  • just an engineer (Score:4, Insightful)

    by dAzED1 (33635) on Thursday April 24, 2003 @10:06AM (#5799319) Homepage Journal
    I don't find myself agreeing with him "politically" generally, but like he himself, and as he poitns out RMS as well, says...he's just an engineer.

    Seems reasonable to me though. You don't have to compile it in to the kernel you use if you don't want it. He's just offering a choice. For this one, I will accept that he is in fact remaining neutral politically.

  • by Viperion (569692) on Thursday April 24, 2003 @10:07AM (#5799330) Homepage
    It's Linus' optimism. See, RMS insists that if you don't tell people what they can't do with software, that they'll do the worst. Linus assumes that people will do whatever they feel like, and the more they can do, the better, because you can't easily stop a movement. You can stop a man.

    Go Linus. I'm not a DRM fan, but I am a fan of you ideology.
  • Misconceptions (Score:5, Insightful)

    by lpret (570480) <.lpret42. .at. .hotmail.com.> on Thursday April 24, 2003 @10:07AM (#5799334) Homepage Journal
    I think it's interesting that it takes the "leader" of the OSS movement to put the brakes on some overboard reactions by slashdotters and many others. Too often we relate some issue as being a Microsoft invention and thus evil when all along it's been incorporated in a different form in our favourite OS. Perhaps we can learn a lesson about this and start applying it to other organisations (RIAA, MPAA, etc.)?
  • by DrWhizBang (5333) on Thursday April 24, 2003 @10:08AM (#5799341) Homepage Journal
    why does allowing binaries to be signed make DRM "ok". maybe i don't understand DRM (which is likely...)
  • by October_30th (531777) on Thursday April 24, 2003 @10:10AM (#5799355) Homepage Journal
    On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.

    This is exactly why I like Linus. Unlike certain nutjobs, he's rational enought to know that one should always use the right tool for the job.

    When ideals get in the way of actually achieving your goals they are doing more harm than good for the cause.

    That comment made me wonder if RMS actually holds a grudge against Linus for not conforming to his standards of "purity".

  • by zogger (617870) on Thursday April 24, 2003 @10:10AM (#5799361) Homepage Journal
    --if you are going to do that, why would you even put the key in there? What am I missing?

    Seems to me that drm violates the spirit of gpl, but I most likely still don't understand it. If some company wants to make a drm enabled kernel,and deploy it, then it can be cracked shortly if they follow the gpl? Or what? I don't get it obviously. This is like missiles, anti missiles, anti-anti missiles, ad absurdium.

    new distro, the yossarian distro
  • Re:Props to Linus (Score:0, Insightful)

    by MrMickS (568778) on Thursday April 24, 2003 @10:10AM (#5799362) Homepage Journal
    Linus is discussing the kernel not the OS. Linux is the kernel not the OS.
  • by Hunts (116340) on Thursday April 24, 2003 @10:11AM (#5799370) Homepage
    There is nothing horrible about the idea of DRM, its mearly what people are going to do with it. And before any blows my head, just remeber this is that same argument put forth to defend openbsd only yesterday( was it yesterday, I'm loosing track of time at the moment.)

    I like that I can trust software to be what it says it is, I think its a step in the right direction to protecting againt trojans etc..

    I dont want to be forced to do it though for every little thing that somebody thinks I need permission to run. If certain DRM can be applied to the linux kernal that make computing safer (and by that I mean actually safer, not MS safer or somebody else thinking their making me safer by imposing rules on me), then go right ahead.

    Just make sure I can remove it should I wish.
  • Re:Props to Linus (Score:5, Insightful)

    by FortKnox (169099) on Thursday April 24, 2003 @10:15AM (#5799400) Homepage Journal
    Linus is great in these situations. He takes rabid open source zealots and brings them back to reality before they go too far off.

    He simply shows that you don't have to be political (mp3 sharer, privacy guru, etc...) to enjoy Linux. And offshoots will always be there for you rabid-types.

    Who's loss? None.
  • Sounds good to me (Score:2, Insightful)

    by Dacmot (266348) on Thursday April 24, 2003 @10:15AM (#5799402)
    If the GPL is all about freedom, it's also about freedom of what you can do with it (ok you can't include it in close source software without releasing that source, but that's to protect it from being non-free).

    If some third party wants to take the kernel source and add DRM to it, they are free to do so. I'm also free to not use their kernel and keep compiling my own from Linus' tree.

    Linus does have a point.
  • Re:Props to Linus (Score:5, Insightful)

    by 4of12 (97621) on Thursday April 24, 2003 @10:17AM (#5799429) Homepage Journal

    I agree with Linus, too. It will mean greater flexibility and freedom to do anything with Linux in the future.

    While I, too, am personally opposed to DRM policies that have been proposed so far, I don't use every single lever and fulcrum at my disposal to its fullest possible extent to press the my opinion. Letters to your elected representatives, newspapers, donations of money to the EFF, teaching others to use free products are good ways to achieve those goals.

    There are those that feel the Linux kernel is an appropriate tool for leveraging the propagation of those ideals. Despite my admiration of those ideals, I'm glad Linus doesn't choose to use his power to fight this battle in this way.

  • by Graabein (96715) on Thursday April 24, 2003 @10:25AM (#5799510) Homepage Journal
    Linus wrote:

    > On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.

    Perhaps what the world needs is more engineers and artists, and less flaming zealots. I think Linus has been, and still is, getting it just right. In fact, I think his statements above and the way he views this issue is 100% in the spirit of the GPL. The code is supposed to be free, remember? This includes free to be used in unspeakable ways, so long as the source is always included and freely redistributable. You can't claim freedom for only the ideals you like, that's tyranny.

    Then again, IANAL.

  • by Theodore Logan (139352) on Thursday April 24, 2003 @10:33AM (#5799620)
    But there is no way to stay out of politics when you're the head of a project of this size and importance. Indeed there is no way to ever stay out of politics, regardless of the reality of your everyday life. All our lives is about politics, albeit for most on a much smaller scale. Whatever decision we make is to some extent a political one. Take, for example, that homeless bum you passed on your way to the office. Either you gave him money or you didn't. Not caring about it at all, or refusing to even contemplate the issue, must have resulted in the latter choice, which is also a political move. There is no way to be "neutral" here. Not making a choice is also a choice. As is, returning to the topic, offering people a choice. This is obvious in every other area of life, why isn't it here? Nobody would say that one is being neutral on the topic of gun control if one thinks everybody should be able to choose whether they want to have a gun or not, just to take one example.

    This is what Linus seems to not be able to understand. Not caring about politics when your actions and choices have political consequences is also politics - the politics of "I don't care." If he says "I'll give you the choice of compling this into your kernel" that is in no way a neutral stand on anything.

    I'm not blaming Linus for this. In fact, I think his attitude is refreshing. But it is dangerous to think that just because he considers himself neutral, that is what he is. I like him, but sometimes I wish he would just keep his mouth shut instead of opening it and proving how shallow he is.
  • by Kourino (206616) on Thursday April 24, 2003 @10:37AM (#5799668) Homepage

    Try rereading the message. What Linus is, in fact, saying, is that DRM of the Linux kernel is okay. So, for example, you can digitally sign a kernel binary and have your platform refuse to boot if there isn't a valid signature if it floats your boat. He's also making the case that this is a valid action under the GPL. He never said "I like DRM in most fashions"; in fact, he said something rather the opposite of that at least once in this morning's message:

    And like the software patent issue, I also don't necessarily like DRM myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to - which very much includes things I don't necessarily personally approve of.
  • by slide-rule (153968) on Thursday April 24, 2003 @10:39AM (#5799686)
    By everyone's favorite analogy, it sounds like a housing contractor installing locks on houses he makes, which allows each homeowner to have the choice to decide to lock their door or not. (This in counterpoint to some hypothetical "popular" opinion that locks are inherently evil.) The presence of the lock doesn't mean the homeowner *has* to use it. (I didn't say it was a terribly great analogy.)
  • by egoff (636181) on Thursday April 24, 2003 @10:40AM (#5799700)
    DRM doesn't have to be evil, its just that many of the proposals for its implementation don't always have the user/consumer in mind. However, the basic idea of protecting copyrighted works is such an integral part of the American system that its written into the Constitution, Article I, Section 8:
    The Congress shall have Power . . . To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.
    Granted, abuse of copyrights is a huge issue right now, but the basic concept of securing them in a digital age isn't the devil incarnate.
  • Re:Huh? (Score:5, Insightful)

    by Frater 219 (1455) on Thursday April 24, 2003 @10:41AM (#5799710) Journal
    Is that "Oppenheimer" as in the head of the most politically motivated science program of all time?

    Perhaps a better analogy would have been Wernher von Braun, as commemorated in Tom Lehrer's song:

    Don't say that he's hypocritical

    Say rather that he's "apolitical"!
    "Vonce ze rockets go up, who cares vhere zey come down?
    "Zat's not my depaartment," says Wernher von Braun.

    The intended contrast is between the "apolitical" engineer who does not really care to what purpose his invention is used -- or by whom, as von Braun (purportedly) worked equally willingly for the Nazis as for the United States -- and the type (like Albert Einstein) who considers and possibly regrets its social consequences.

  • by Anonymous Coward on Thursday April 24, 2003 @10:42AM (#5799722)
    You don't want morals? You don't want politics?

    Don't use the GPL

    Ah... I see. Apparantly the only way you can have morals is to use the GPL. Righto.
    Er...no. This is saying "if you use the GPL, lots of morals and politics come along with it". It doesn't say "the GPL is the only moral license". It say "the GPL is a moral license".
  • by IamTheRealMike (537420) <mike@plan99.net> on Thursday April 24, 2003 @10:48AM (#5799793) Homepage
    Slow down there.

    RMS thinks in a different way to most of us. When he chooses a tool, he wants one that conforms to his ideals because he isn't just thinking about the next 5 minutes, he isn't interested in just solving this problem and moving on. He thinks a long way ahead.

    So when you offer him a proprietary piece of software, he won't use it, even if it's more convenient than what he already has. He believes that in the long term, it's the wrong tool for the job, because he takes into account things that to most people are entirely ethereal - things like what kind of society he wants to live in, the long term maintainability of the software, lack of vendor lock in and so on.

    I see way too many people slamming RMS for not being pragmatic enough. I think in reality he is very pragmatic, but with a different timeframe for his concerns to most people, leading them to view him as a "nutjob" or having "alien" thinking.

  • by Kourino (206616) on Thursday April 24, 2003 @10:48AM (#5799803) Homepage
    In Soviet Russia, the point misses YOU!

    Nowhere in this message does Linus even begin to talk about RIAA-driven media protection schemes. Why are you even bringing it up in this post? "Digital copyright protection" IS NOT the be-all and end-all of DRM.

    Try reading the message again. Linus brings up the exact same point you did: "hiding" a private key in GPLed source is obviously not okay because it exposes the private key. And how does "wrapping it up in a shared lib" "violate everything OSS stands for"? Or are you conveniently overlooking the entire point behind the LGPL? Nevermind that shared libs don't even make sense at the kernel level.

    Linus' message has nothing to do with Winputers or the RIAA or forcing you to run/not run whatever because some guy in a suit in Hollywood doesn't trust you with things that aren't his anyway. There's nothing to see here. Move along.
  • Re:what ? (Score:5, Insightful)

    by RickHunter (103108) on Thursday April 24, 2003 @10:51AM (#5799830)

    What he actually seems to be supporting is the stated (note stated, not actual) purpose of Palladium/TCPA. Signing code and verification of signed code to ensure that programs are who/what they say they are. The nature of GPL'd software makes "DRM" impossible - if your GPL'd program does X to verify that its allowed to access a file, I can write a program that does X, accesses the file, and then writes the file in a form that I can access without doing X.

    DRM relies on secrets buried in the binary and removing elements of the system from the user's control. (As if the user had control over the verification bits, the system would be useless) The GPL is designed to place all elements of the system in the user's control.

  • Re:Misquote (Score:2, Insightful)

    by SN74S181 (581549) on Thursday April 24, 2003 @10:52AM (#5799844)
    And the irony is that the kind of people who quote that line are usually so deeply embedded in their armchair that 'defend to the death' would simply mean a heart attack during their struggle to get out of their 'armchair of rhetoric.'

    Plus, many people who make claims like that shout down people they disagree with when they come to campus to give speeches.
  • by Visceral Monkey (583103) on Thursday April 24, 2003 @10:56AM (#5799899)
    Burn him!!! Burn the witch!!!!

    But seriously. Options, even the sometimes-unpleasant ones, are always GOOD.
  • by WindBourne (631190) on Thursday April 24, 2003 @10:57AM (#5799902) Journal
    It is an interesting thought and you are correct in that you will not be able to modify the binary on the system. But the GPL does not give you the guarentee of being able to run the software anywhere on anything. It simple gives you the right to own the source code and to use it as you see fit.
    If the hardware company elects to forbid you, well, you may wish to not buy it.
  • Hmm... (Score:2, Insightful)

    by BFaucet (635036) on Thursday April 24, 2003 @10:58AM (#5799916) Homepage
    Well I don't see why anyone shouldn't be allowed to do this. I also don't see why anyone would want to use this under the GPL. One would think if someone didn't want people to tinker with something they made they would release it under a different liscense.

    If used in any OSS projects I'm quite sure it would kill the popularity/success of said project very effectively.
  • by Ungrounded Lightning (62228) on Thursday April 24, 2003 @11:00AM (#5799931) Journal
    What Linus is saying makes complete sense to me. I think the Kernel level of Linux is the wrong place to make a political stand like that.

    Unfortunately, you can't NOT take a political stand in such a situation.

    So the stand Linus has taken is:

    "Freedom means letting other people do things you don't like."

    And I say "Right on!"

    ==============

    If you want to buy a box that won't let you load a kernel image that isn't signed by somebody else (who won't sign it unless your interests are subordinated to his), and which you thus can't tweak, that's your prerogative.

    Don't like it? Vote with your dollars.

    Government trying to make it mandatory? Vote with your VOTE.
  • Re:Props to Linus (Score:3, Insightful)

    by Dyolf Knip (165446) on Thursday April 24, 2003 @11:04AM (#5799990) Homepage
    Exactly. MPAA-style DRM would put restrictions even on root. Stupid and impossible. But the idea of DRM could certainly be useful in situations when the sysadmin wants to make to less powerful users the distinction between looking at data and copying it.
  • Re:Props to Linus (Score:3, Insightful)

    by MrFredBloggs (529276) on Thursday April 24, 2003 @11:05AM (#5799999) Homepage
    You're talking about freaks,hippies,liberals, proletariat etc as if they actually exist, rather than just sloppy shorthand media creations that mean nothing. Some `people` are creative, and some aren't. Some make good albums. Some don't. I wouldn't get too hung up on labelling things (maaan - quick, allocate me a label!) - they're no use, and end up making it harder and harder to deal with reality as you frantically try and bend and twist it to fit into your neat little boxes.

    Still, 1 out of 10 for mentioning a great album!
  • Hrm... (Score:5, Insightful)

    by autopr0n (534291) on Thursday April 24, 2003 @11:08AM (#5800033) Homepage Journal
    Well, there's a big difference between allowing people to digitally sign binary builds of the kernel, and actually supporting DRM directly.

    Personally, it seems almost irrational to want to keep people from signing copies of the kernel. It's almost a free speech issue, people should be able to sign whatever the hell they want.

    I think the real issue is restrictions people place on others, the TCPA/Pallidum DRM systems of which code signing is only a small part. I think I would hate to see Pallidum style 'locks' on the runtime environment in the 'official' version of the Linux kernel. If that does happen, I'm sure it will fork like mad, though.

    I guess what Linus is saying is that if some companies want to make locked up, DRM'd systems using the Linux kernel, it's OK with him.
  • by Anonymous Coward on Thursday April 24, 2003 @11:11AM (#5800068)
    Must be great to adjust your view of how it should be instead of how it is.

    RMS doesn't want freedom, but Freedom(tm), which is all his. Don't ever confuse this with real freedom!

    True freedom is do do what one wants, good or bad, RMS wants to lock everyone into a jail, because if we are all in jail we can't do bad.
    Which is stupid, because bad things happen in jails too, infact, the climate enforces bad things to happen!
    This is what RMS Freedom(tm) is, a jail.

    Mind you, if I can choose when to enter or leave the jail (i.e. use GCC) and leave it when I want to (i.e. TenDRA), then it's fine by me.
    However, RMS wants nothing but jails, no other software than GPL should exist.

    Please, don't ever confuse Freedom(tm) with freedom.
  • by Anonymous Coward on Thursday April 24, 2003 @11:15AM (#5800117)

    This includes free to be used in unspeakable ways, so long as the source is always included and freely redistributable.

    That's exactly what the GPL says, and that's exactly what RMS says. So Linus is just repeating what RMS has already written extensively about, yet manages to appear completely at odds with RMS.

    RMS would condemn DRM, but would never carve anti-DRM provisions into the GPL.

    Remember, RMS was writing about DRM before it even was on most of our radar screens. He could've changed the GPL then and there but didn't.

  • by Anonymous Coward on Thursday April 24, 2003 @11:19AM (#5800162)
    "..and also I don't see myself spending 100's to 1000's of dollars to aquire the right to make binaries that run on my own computer....which is really where this discussion ultimately heads..."

    Proving that you apparently are more interested in gratis software than libre software. This is already the case; even on Linux. Ever hear of Maya or Shake? They cost a few thousand each. Matlab, Mathmatica, Maple? Quite expensive. The programmers that made these products still need to eat and feed their families. They are already heavily DRM'd, although I'm not sure if they require a hardware dongle at this point in time.



    You're misunderstanding what he said. He said "...I don't see myself spending 100's to 1000's of dollars to aquire the right to make binaries that run on my own computer...". (emphasis is my own)

    If I have to get permission from some outside party to be able to create software that will run on my own computer, there's a problem. Why should I have to pay Joe Schmoe, Inc. to be able to run software *I* wrote on a computer *I* own?
  • by SmartGamer (631767) <sgamer AT swbell DOT net> on Thursday April 24, 2003 @11:21AM (#5800187) Homepage
    I'm pretty sure Linus is aware of that. I would not be surprised if he is fully aware of the fact that any security or DRM features in any open-source system can and will be circumvented.

    Think, if you were in Linus' position: Would you rather raise a stink about DRM and try to ban it from the Linux kernel, probably getting arrested in the process, or just let it happen and not fight when people develop ways around it?
  • by amcguinn (549297) on Thursday April 24, 2003 @11:23AM (#5800206) Homepage Journal

    You've defined the issue very well, but I don't think either scenario can be prohibited.

    Imagine this: Company A makes a set-top box as you describe. Company B develops and publishes a linux binary for it, with source, etc. Company A then signs the binary and distributes the detached signature. The box will now run the special signed version of Linux.

    Who has broken the GPL? Company B hasn't done anything wrong at all. Company A has not used, distributed, or created a derived work of any GPL'd software. They are not a GPL licensee, unless you can claim that the MD5 sum of a program is a derived work, which is ludicrous.

    No, it's difficult, but Linus is correct. The GPL protects the software only. The remedy to this problem lies elsewhere: people should choose not to buy crippled hardware, and governments should not make laws prohibiting people from modifying their own hardware.

  • Misunderstanding (Score:2, Insightful)

    by awol (98751) on Thursday April 24, 2003 @11:29AM (#5800284) Journal
    I think a lot of people here are reading too much into Linus's statement "On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals." I do not believe that Linus is (a) making any reference to RMS position on DRM; or (b) suggesting that this is an issue over which they have a difference of opinion, just that he is saying he is infavour of _not_ letting ideals get in the way of his engineering.

    Further, RMS must support rights management, since the GPL is a rights (or lefts) based device. That the management of rights over the digital domain should be excluded from the principle seems counterintuitive to me. Even when one acknowledges that Digital Right Managment is such a misleading name for the idea, Digitial Freedom Restrictions would be much better, RMS still has to be in favour (perhaps not, because I am sure he would recognise the pain of the implementation) since the GPL effectively restricts ones freedom to use GPLed stuff as one pleases.

    This is why I disagree with him (RMS). Copyleft still relies on the existence of property in ideas (or the manifestation of those ideas, the "output of intellect" as I like to call it) and it is the existence of property in these things that is broken (IMHO) where there is no property the vendor of the thing is perfectly entitled to do what they like to DRM their thing, but they are subject to the normal vagaries of competition law and that will become an increasingly powerful (despite the recent microsoft case) avenue as industry consolidations increase. But by the same token the punter is entitled to do what they like with what they are given when they make the purchase and no amount of fannying about with "license" based restrictions will do any good (when there is no propoerty that is).

    From my perspective there is only one valid
  • Further Discussion (Score:4, Insightful)

    by SomeOtherGuy (179082) on Thursday April 24, 2003 @11:43AM (#5800413) Journal
    DRM is like the discussion on gun control. (Guns don't kill people, people kill people.) And putting a nice fat elk on the dinner table is always a good thing for us meat eaters. DRM is the same way -- Linus is talking (in my opinion) about a useful purpose for something (that in the wrong hands) can cause a lot of damage.

  • Re:Props to Linus (Score:3, Insightful)

    by Disoculated (534967) <rob@scyCOUGARlla.org minus cat> on Thursday April 24, 2003 @11:54AM (#5800506) Homepage Journal
    It's not about politics at all, it's about having a good tool to do the job that you need done. That's it. It's not the intent of Linux to be a political movement (and the article is one of many examples where that has been reinforced by Linus), and you're sadly mistaken if you think that 98% of the people who use it are excluded if they can't incorporate it into their political beliefs.


    Having a political agenda is irrelevant to Linux itself. Do what you want with it. Use it for what you need it to do. You may do it because it makes you feel like you're striking a blow for free information, but I'm using it because it's stable and extremely well documented, and the corporations are using it because it's cheap. And all of us *can* use it, because at heart, it's neutrally free for everyone.

  • Re:Props to Linus (Score:5, Insightful)

    by renehollan (138013) <rhollan@noSpaM.clearwire.net> on Thursday April 24, 2003 @12:02PM (#5800603) Homepage Journal
    He simply shows that you don't have to be political (mp3 sharer, privacy guru, etc...) to enjoy Linux

    You don't have to be political to enjoy a nice pair of new running shoes (made, possibly, with child labour), medical advances (made possible to some degree due to research done via unanesthesized vivisection of Jews by Nazis during WWII), or "free" health care (paid by tax dollars taken from those who now can't pay for their medical needs not covered by the "free" program).

    You don't have to, certainly, but you should.

    Politics, at its core, is the study of the philosophy of ethics. Ideally, the concern should be arriving at a means to determine whether actions are "right" or "wrong" without personal or group bias. Of course, "politics", as practiced, has nothing to do with ethics, and everything to do with special interests. And, no doubt, different people have different views of "right" and "wrong". It behooves them, to take part in the ethical debate.

    With regard to Linux, particularly these days, that debate extends to whether it should be "permitted" to exist at all, supposedly being a "hackers'" and "terrorists'" tool. Surely, anyone who enjoys Linux should have an interest in the ethics surrounding it.

    Now, should is not must, and people are free to live their lives in apolitical oblivion. However, the old mantra "evil prevails when good people do nothing", does nag at one's conscience, and such apathy in an individual is not a characteristic I particularly like to see.

    In this regard, RMS is right to deride Linus Torvalds as merely an "engineer". Linus' pet operating system would not even exist, and have a strong ethical footing supporting the "goodness" of that existance, were it not for RMS' philosophical views. While this does not represent a "debt", per se., decent people generally respond to kindness (yes, the GPL is an act of kindness), by reciprocating.

  • Right on! (Score:3, Insightful)

    by WebCowboy (196209) on Thursday April 24, 2003 @12:05PM (#5800647)
    A computer revolution needs both idealists AND pragmatists. The PC wouldn't be where it is today without the work of both keeping each other in check. People like RMS, Eric Raymend, Ted Nelson and so on write manifestoes that get everyone fired up and motivated, however their fervour and idealism can get in the way of practical achievements. "Computer Lib" and "The Cathedral and the Bazaar" plant the seeds. "Mere engineers" whose primary (but not necessarily only) passion is the technology itself (like Ed Roberts, Steves Wozniak and Jobs, and yes even Bill Gates and Paul Allen) make those seeds grow.

    Besides, what would be the point of alienating "the man" anyways? All that would do is hinder the progress of Linux. Linux NEEDS DRM technology--we just need to ensure it is developed and used PROPERLY (so it doesn't become as flawed and abused as the DMCA is in the legal sphere).

    I rarely hear an argument against encryption in the Free Software community, even though the basic philosophy of Free Software/Open Source development is openness and public disclosure and encryption is about secrecy and non-disclosure. The communtiy recognises that encryption serves a imporant needs in security and privacy, and that the needs of those users are what matter most--and if we don't cater to those needs, MS and their ilk will.

    DRM is like encryption--in one sense it runs counter to the distribution philosiophy of Free Software, however it fills an important need when properly used. For critical uses, code and data can be signed to ensure authenticity--Joe User wants to make sure (in this day and age) some terrorist-supported cracker hasn't tampered with the source or binary he just installed on his coporate servers. Like Linus, I tend to be in the "use it for whatever the heck you want" ***so long as you don't hinder others from doing the same***.

    I only start to take issue when a developer starts hiding secret keys, implementing retarded measures like "product activation" and hindering fair use rights--particularly when it is a commercial product that you've paid dearly for monetarily. Since when did property rights become property privleges? I'm careful to know that it goes both ways (my view of restricting what can be wirtten under GPL is as dim as that of MS Product Activation).
  • by gr8_phk (621180) on Thursday April 24, 2003 @12:12PM (#5800722)
    Once you make it illegal to use an unsigned OS, Linux under the GPL is screwed. As a legal mandate someone will be put "in charge" of signing binarys. Not Linus nor anyone else outside the appointed (not elected) inner circle will be able to sign an OS. Since GPL requires source to be available, this will make the big commercial Linux distros better than Windows, but rest assured that the intent of the GPL to allow people to modify and redistribute will most certainly be compromised. Sure you can mod and distribute the source, you just wont be able to boot it.

    Just taking the other side to promote discussion.

  • Okaaaaay (Score:5, Insightful)

    by 0x0d0a (568518) on Thursday April 24, 2003 @12:13PM (#5800739) Journal
    Linus' pet operating system would not even exist, and have a strong ethical footing supporting the "goodness" of that existance, were it not for RMS' philosophical views. While this does not represent a "debt", per se., decent people generally respond to kindness (yes, the GPL is an act of kindness), by reciprocating.

    Uh...Linus does. Stallman and Co. handed him lots of code to use. In return, he did the same, and now "GNU/Linux" has the best kernel around.

    OTOH, I don't think that Stallman should be trying to push his ideology on Linus any more than Linus should be trying to do so to Stallman. The difference is that Stallman tries to do exactly that with Linus, and Linus doesn't do so to Stallman.
  • Re:Okaaaaay (Score:3, Insightful)

    by renehollan (138013) <rhollan@noSpaM.clearwire.net> on Thursday April 24, 2003 @12:26PM (#5800870) Homepage Journal
    OTOH, I don't think that Stallman should be trying to push his ideology on Linus any more than Linus should be trying to do so to Stallman. The difference is that Stallman tries to do exactly that with Linus, and Linus doesn't do so to Stallman.

    I suppose that one shouldn't push the "ideology" that treating others worse than one would ever want to be treated one's self, either? Do we let others pursue their chosen "ideology" of murder? If not, then why not, and what makes us "right" and others "wrong"? These are the (hard) questions to ask.

    A very strong argument can be made that non-free software is so harmful that it ought to be outlawed. I don't particularly agree that that's the case, but neither do I see Stallman's "pushing" of his ideology as particularly forceful: he's not putting a gun to Linus' head to "comply", is he?

    Stallman's "force" is nothing more than strength of conviction.

    Torvalds' political apathy, on the other hand is irritating, in the same way that Canada's wishy-washy stance on the war in Iraq is irritating: trying to please all by doing nothing.

    Guess what: driven people have strong opinions, and are willing to risk unpopularity (and often, much worse things), to stand by them. Such people make good friends and allies, though they do have enemies as well. When push comes to shove ("Linux is for terrorists"), will Linus be a "fair weather" friend to the Linux community, quietly disappearing into obscurity? I hope not, but, sadly, I'm not sure.

  • DRM vs. signing (Score:4, Insightful)

    by dh003i (203189) <(moc.liamg) (ta) (i300hd)> on Thursday April 24, 2003 @12:32PM (#5800925) Homepage Journal
    Digital rights management is just that -- digital rights management. It is designed to prevent me from making fair use of MY software, music, DVDs, whatever.

    I think what Linus is talking about is an entirely different applications of essentially the same technology. He's talking about signing as being a good thing, so that we -- the users -- can verify, for example, that the latest kernel release was actually released by Linus, and not some poser. This is good and fine. If we want to be able to verify such things, we simply install the appropriate verifying software, with internalized or modularized support in the kernel; alternatively, we can add/remove that verifying feature from the source.

    In other words, *we* have the option to have these things, which would allow us to verify that the latest kernel release was actually signed by Linus (doesn't GPG do this?)

    However, DRM and digital signing can never work in a GPL'ed system unless the person controlling the computer wants them. You're welcome to put a DRM-scheme in any GPL'ed (say) CD-player, referring to an external closed key. I, however, if I don't like that, can remove that from the source, thus have the program not even request such a key. Likewise with signing. This does not mean that DRM and signing are useless on GNU/Linux. It just means that they can't* be imposed against the administrator's will. The administrator of the computer can still use them -- if (s)he wants -- to verify that updates are signed by individual's they trust. And they can still use them to ensure that ordinary users on those machines (if said machines are corporate) can't use them to violate copyright laws, which would create liability for the corporation. However, the administrator can also choose *not* to use them.

    I also don't see how RMS is the counter-point in this case. RMS has had ample opportunities to include anti-commercial, antiÐadvertising, and patent-fighting terms into the GPL. He has refused. I e-mailed him asking about the Open Software License, which has a clause in it that would terminate the right of anyone to use that software if they brought a patent lawsuite against any other under an OSI-approved license with the same clause in it. I suggested he put such into the GPL to ward off patent lawsuites. He refused, stating that there was already something in the GPL preventing stealth patents from infecting GPL'ed programs.

    I don't think it's enough, but his worry is that such a clause would make the GPL a EULA, regulating the user's actual *use* of the software. I also don't see anywhere where RMS or anyone else in the FSF has said that the GPL bans DRM and signing, nor that it should be modified to do so. As it happens, I think that such a clause should be included in the GPL, because patents are a major problem for ALL software developers. If developers had to do exhaustive patent searches before writing code, nothing would EVER be produced. I think, however, that anyone who wants such a clause can simply add it to the GPL in their own modified version of it.

    * The worrysome case, however, is with things like requiring DRM by law, or by hardware code. There are nazi ideas floating around to make it legally required for all software to use DRM. This may not directly affect any FS/OSS projects, as they can simply move abroad. However, one should not understimate the power of multinational corporations to get the WTO to penalize nations that don't agree to the US' draconian IP laws. Furthermore, hardware initiatives like Palladium would prevent GNU/Linux from running on hardware at all.
  • by iabervon (1971) on Thursday April 24, 2003 @12:33PM (#5800941) Homepage Journal
    It's possible that the second situation might be construed as linking the kernel and the BIOS into a single derived work, since the kernel is now essentially an irreplacable part of the BIOS. That would require the BIOS to be GPL.

    On the other hand, it's easily possible to build a device which includes a Linux kernel which can't be replaced by the end user: just put it in ROM. The way to install a replacement would be with a soldering iron and a ROM fab, which would be beyond the means of most users, but there's no requirement in the GPL to only use techniques which everyone could replicate.

    This isn't really that different from the Red Hat release process where the final steps include "send the ISO to the CD plant" and "shrink-wrap the box". The end user will have an extremely hard time producing a labelled, pressed Red Hat CD that boots a different kernel, but that's not Red Hat's fault, nor does it prevent them from selling such a thing. Red Hat can even sell to people who don't have a CD burner, although these people couldn't produce a CD from source.

    The GPL only requires that I give you all of the information required to rebuild from source, not that I give you all of the other resources required to produce exactly what I am distributing, when the other resources are not information.
  • Re:Okaaaaay (Score:3, Insightful)

    by fucksl4shd0t (630000) on Thursday April 24, 2003 @12:45PM (#5801060) Homepage Journal

    I suppose that one shouldn't push the "ideology" that treating others worse than one would ever want to be treated one's self, either? Do we let others pursue their chosen "ideology" of murder? If not, then why not, and what makes us "right" and others "wrong"? These are the (hard) questions to ask.

    Not that hard, if you actually put your brain to the task. :) There is a core set of behavior that is damaging to society as a whole, whether the behavior is practiced by politicians or criminals (the same class!) or whatever. Murder is in this class of behavior. This behavior, when let run wild (as in the favorite cite of Nazism) isn't just damaging to the world we live in, it can potentially destroy the whole world and all of human existence. Therefore, for pragmatic reasons, this behavior shouldn't be allowed by the forces that be, and if they practice this behavior, they should be thrown out and new powers installed.

    Guess what: driven people have strong opinions, and are willing to risk unpopularity (and often, much worse things), to stand by them. Such people make good friends and allies, though they do have enemies as well.

    How's that song go? "I don't wanna hear how you're so driven" some more stuff, then "If you say it, mean it, if you mean it, do it. You can't live your live through me, if you do it, live it, if you live it, say it, action is the air you breathe." Yeah, that's right, take your packaged rebellion. :)

  • No shit (Score:2, Insightful)

    by Mr. Underbridge (666784) on Thursday April 24, 2003 @12:58PM (#5801200)
    You've obviously never read anything that Richard Stallman has ever written about free software.

    What, like one of his usual windy manifestos? I can assure you I've not, and am rather happy with the fact. One time I was about to when I realized there was some paint drying, and that immediately stole my attention. That guy gives new meaning to "Quixotic."

    That said, which part of what I said was wrong? He fits the zealot part, that's for sure. And he has, in the past, received money for writing code. So he doesn't seem to have a problem with the code for $ thing.

  • Re:Okaaaaay (Score:4, Insightful)

    by renehollan (138013) <rhollan@noSpaM.clearwire.net> on Thursday April 24, 2003 @01:00PM (#5801215) Homepage Journal
    Not that hard, if you actually put your brain to the task. :) There is a core set of behavior that is damaging to society as a whole, whether the behavior is practiced by politicians or criminals (the same class!) or whatever. Murder is in this class of behavior. This behavior, when let run wild (as in the favorite cite of Nazism) isn't just damaging to the world we live in, it can potentially destroy the whole world and all of human existence. Therefore, for pragmatic reasons, this behavior shouldn't be allowed by the forces that be, and if they practice this behavior, they should be thrown out and new powers installed.

    That's a circular argument: Murder is illegal killing, and should therefore be considered "wrong".

    Well, ..., okaaaaaay.

    The hard part is not arguing that murder is wrong: that's axiomatic. The hard part is determining when killing another is murder and when it isn't.

    Now, even there, we've got a pretty good set of rules to guide us, but murder and killing, are extreme actions -- irreversable, given modern technology and medical skill (and, one could argue, by definition, since, if someone can be "brought back", then, perhaps, they weren't dead to begin with. Not really.).

    The really hard questions are along the lines of "Should activity X be prohibited because it may lead to bad thing Y?".

    May is not will, but increasing the mere liklihood of bad things is not acceptable, is it?

    Think "Gun control" for a hard problem. (Philosophically, increased accountability for firearm use may render it a simple problem, but such rational approaches have not been socially accepted on a wide scale, so the problem remains "hard").

  • by jms (11418) on Thursday April 24, 2003 @01:12PM (#5801334)
    [a signature hash] is a qualitative statement made about the work in question, but the statement is its own creative work.

    This is completely untrue. A signature hash is a quantitative statement about the work. That's the entire point of a hash. There can be a thousand english-language reviews of a movie, all of which will be different. There is only one possible hash of a kernel in any given hashing language/algorithm. There is no room for "creativity" in the computation of a signature hash.

    However, I doubt that a copyright infringement case would get very far. Consider the criteria for fair use:

    Criteria 1: What is the purpose and character of the use?

    The purpose of a hash is completely different from the purpose of a kernel. The hash also has completely different characteristics than the kernel. Both favor fair use.

    Criteria 2: What is the nature of the work?

    The nature of a hash is a single factual, mechanical observation about a published work, favoring fair use.

    Criteria 3: What is the amount and quality of the work being use?

    The amount of the work included in the hash is a vanishingly small amount of the original work. Less then 100 bytes derived from a several megabyte program. It is impossible to reconstruct a kernel from a kernel hash. Both observations favor fair use.

    Criteria 4: What effect does the use have on the market for the original work?

    None, thus strongly favoring fair use.

  • by alange lurk (623143) on Thursday April 24, 2003 @01:15PM (#5801361)
    It's been mentioned elsewhere in the thread, but there is a difference between the hardware and the software. GPL applies to software, not to hardware.

    The DRM "features" that most posters are complaining about would have to be implemented in hardware (if they are in GPL'd software it would be possible to modify your copy of the source and compile a new version). As such, it is the hardware manufacturers who need to be persuaded that DRM is bad, not Linus.

  • by limekiller4 (451497) on Thursday April 24, 2003 @01:26PM (#5801455) Homepage
    fean writes:
    "You don't like the fact that coporate america makes US policy? quit bitching and do something about it... RUN for president, RUN for congress"

    Yeah! It worked for Al Gore! ...wait...

    But back to the issue at hand; perhaps you just don't see the circularity of your argument.

    Postulate 1: Corporations give money to those who advance their interests.

    Postulate 2: People with money get more exposure. Evidence shows that the candidates that outspend their opponents are far more likely to get elected. In other words, money wins elections.

    Conclusion: If you don't support the corporations interest, you are very unlikely to be elected.

    So much for that bright idea.

    Do you ...believe this shit you're shoveling or did you just read it in a book and vomit the contents here because it makes you feel like you understand "the game?"
  • by A55M0NKEY (554964) on Thursday April 24, 2003 @01:37PM (#5801580) Homepage Journal
    And how much would it cost to get whoever is the signor for the box you buy to sign each development kernal image you want to test, or any hacked up kernal for your own use? MUCHO DINARs. DRM being common in hw would mean most ppl couldn't do squat for hacking up shit.
  • by Anonymous Coward on Thursday April 24, 2003 @01:38PM (#5801591)
    So you're OK with the mass-murdering - thousands per month - that was going on in IRAQ prior to the invasion? You're OK with torture?

    First of all, Iraq is not an acronym, so it should not be capitalized.

    Second, any caring person is obviously disturbed by brutality. But what you seem to be forgetting is that we live in a world that is (unfortunately) full of brutal dictators. The regime in Myanmar/Burma makes Saddam's Iraq look like Great Britain. Robert Mugabe of Zimbabwe is an autocratic, murderous thug. Then there's North Korea, along with dozens of other repressive and violent dictatorships around the world. I must admit that it is very difficult to take the "we must invade Iraq for humanitarian reasons" crowd seriously, particularly when they go out of their way to ignore even worse regimes in other parts of the world.
  • by Per Wigren (5315) on Thursday April 24, 2003 @01:45PM (#5801686) Homepage
    He says that Open Source "cite only short-term practical benefits as the reasons for what they do." while Free Software "embodies the firm philosophy of the free software movement" which means ensuring that the software, including future versions, forks and derives will remain free.
    All Free Software licenses are Open Source licenses, but far from all Open Source licenses are Free Software licenses.
  • by mboedick (543717) on Thursday April 24, 2003 @01:53PM (#5801791)

    If someone creates a version of the Linux kernel that only runs signed binaries, and the GPL forces them to release their source, couldn't someone simply hack their kernel to run unsigned binaries? It wouldn't even require any reverse engineering.

    It seems to me that the GPL is inherently at odds with DRM, as DRM depends heavily on being proprietary and obfuscated (and this still doesn't stop people).

  • Re:Props to Linus (Score:3, Insightful)

    by Catbeller (118204) on Thursday April 24, 2003 @02:18PM (#5802061) Homepage
    "Is it then poor civil hygiene to install technologies that could someday be used to circumvent laws?
    "

    What laws? You mean, laws that we have to assume will someday exist because the MPAA and RIAA want them to exist? Or Homeland Security?

    And, install what technology? Stallman wants Linus to NOT install technology. It has nothing to do with creating technology to "circumvent laws".

    BTW, when was it anyone's responsibilty to make the world safe for copyright owners -- who now own the copyrights for all eternity?

    Bad laws, especially ones that don't even exist yet, should not be accomodated. "The Law is the Law" is a crackpot notion used by prosecutors who play fast and loose with logic. A person who is convicted of sharing music files will go to prison to get his regular once-a-day rape with white bread and bologna, but Ken Lay, who engineered the theft of BILLIONS, will be on late-night talk shows and never see the wrong side of a police car's door.

    Laws can be bad, and disobeyed. Lay and Cheney apparently think this is so, with a vengeance.

    But creating hooks in an OS (not really the subject here, as Linus is tralking about signed binaries not part of the OS) to facilitate the enforcement of laws not yet created?

  • Re:Props to Linus (Score:3, Insightful)

    by cpeterso (19082) on Thursday April 24, 2003 @03:16PM (#5802735) Homepage

    In America the last presidential election was about 50/50 republican/democrat; so I don't see why you think liberalism has lost its relevancy.

    but you are assuming that "New Democrat" == Liberal. And it just ain't so..
  • by fean (212516) on Thursday April 24, 2003 @03:31PM (#5802966) Homepage
    Fine then... if you aren't going to do anything about it, QUIT BITCHING...

    I never said you'd make a difference, I never said you'd win an election, or outspend any corporations... all I really want is for you to spout your beliefs somewhere where people will actually pretend to care what you think...

    but if you understand "the game" so well (not really sure what that's in reference to... but whatever)

    all I care about is that if you have an opinion one way or another about something, you should be out doing something about it... and if you aren't sick of talking about it by the time you get home and read /., you aren't doing enough...

    but evidentally you know more about "the game" than me and my backwoods ideas... all I know are the things I heard my sister-wife talking about while I roasted chipmunks over the fire.
  • Re:Okaaaaay (Score:2, Insightful)

    by twofidyKidd (615722) on Thursday April 24, 2003 @05:34PM (#5804177)
    All that "rhetoric" on how they can be used to stop a tyrannical government could've flown back in 1776 when the people were the government and there wasn't such a thing as a "defense budget." In good ol' 1776, the farmer and the president had the same shit at their disposal. Now if you come within a mile of the White House with so much as a .22 handgun, the prez's SS (I really meant secret service) makes the phone call to the man on the roof about the "terrorist" en route, and he takes your ass out with a high-powered rifle right between the eyes at a range in excess of a few hundred yards. To hell with breaking a sweat in an Apache...

    I completely understand your argument, but at least I hope you see the "Tyrannical" underpinnings of the foundation from which our president, and most of our government, acts from. If you don't like what they're doing, you may have a right to say it, but at this point you have to assume that a public declaration of your opinion will result in your name appearing on an Ashcroft sactioned terrorism watchdog list with a silent, but rather large barrel pointed at your back. Wish you had some defense now...

  • Re:Props to Linus (Score:2, Insightful)

    by osu-neko (2604) on Thursday April 24, 2003 @05:53PM (#5804311)
    In America the last presidential election was about 50/50 republican/democrat; so I don't see why you think liberalism has lost its relevancy.

    Uh... that doesn't make any sense.

    Oh wait! I see. You think one of those two parties still represents liberalism... You want to know how relevant liberalism is in America today, look at how many votes were cast for Ralph Nader...

  • unsurprising. (Score:4, Insightful)

    by Eivind (15695) <eivindorama@gmail.com> on Friday April 25, 2003 @01:50AM (#5806550) Homepage
    Yes, you can make hardware that will only run signed binaries, and thus close that hardware to tinkering. Infact, making such hardware has already been attempted, it's called a console.

    In essence, the bootloader of such hardware does the equivalent of:

    if (valid_signature(kernel))
    boot(kernel)
    else
    com plain_and_stop();

    This is nasty, if you are running on such hardware, than the ability to change the kernel in any way you like brings you nothing: if you change anything, even something completely trivial, the signature will no longer be valid, and your new changed kernel will not boot.

    Linus is rigth though, this is clearly allowed under the GPL. And furthermore, it very likely CANNOT be forbidden even if we would want to.

    A Signature is (or atleast it can be) a separate document saying the equivalent of: "I, Bill Gates, testify to the fact that the kernel with sha1sum=b7a7bf03dcafd4d48001d6a2a6fd2ceaefa4cc1e is trustworthy and can be booted. signed(bill_g)"

    There is no way for the GPL, or any other legal document to forbid the above document from existing. The signature above is clearly not a derived work of the kernel, but rather a commentary upon it. (namely a commentary on the trustworthiness) The only info derived from the kernel is the sha1sum, but the only function of this is to make it clear which kernel you are talking about. (much like mentioning the ISBN-number of a book you are reviewing)

    Furthermore, there is also no way you would be able to forbid hardware from acting on the existence (or absence) of such a signature. Afterall there is no law saying that "hardware *must* boot all code."

    Now, what *would* be nasty would be new laws *requiring* hardware to implement signature-checking. Such laws would essentially make it forbidden to make user-modifiable computers. The way the US is moving at the moment, I would not be too surprised if such a law is introduced and passed in the next few years.
  • by theLOUDroom (556455) on Friday April 25, 2003 @09:45AM (#5808117)
    Am I the only one that see it or didn't Linus just take a stand on DRM?

    What he said was that you can't hide encryption keys in the binary, but it's perfectly okay to have DRM as long as the key are published as part of the source.

    What this means is: "You can't distrubte a (Hollywood) DRM'ed Linux kernel"

    Yes, he says DRM is allowed, but only good DRM. The kind of DRM I'd like to have on my computer, so that I'm in control.

    Typical Hollywood, pipe-dream DRM relies on me not having access to the keys. Linus has just said that this isn't allowed. The only type of DRM you can have is the type of "DRM" that SSH already enforces for me. People with the right keys can get stuff and those without it can't, and I can change the keys.

    I wouldn't mind at all, having bullet-proof DRM that I had the keys for. (And knew they couldn't be changed on me.) It would actually be a bit reassuring. Say you keep your journal on your PC. It would be nice to have some DRM on your system to keep someone from just posting it to the net.

    The DRM he's saying is allowed is very simlar to the "DRM" we already have on our systems: Unix file permissions.

    The whole point of Hollywood DRM is to take root access away from the person sitting in front of the computer. He's just said that any keys compiled into the kernel would have to be published, and since the only way to have tough to crack DRM is at the kernel level (or below), that can't be done.

    Yay Linus for satisfying the both the idealists, and those who just want to bitch about OSS zealots, and that god Linus isn't one of them. :)

Line Printer paper is strongest at the perforations.

Working...