Nokia Urges Linux Developers To Be Cool With DRM

superglaze writes in to note that according to Nokia's software chief, its plans for open source include getting developers to accept things like DRM, commercial IP rights, and SIM locks. "Jaaksi admitted that concepts like these 'go against the open-source philosophy,' but said they were necessary components of the current mobile industry. 'Why do we need closed vehicles? We do,' he said. 'Some of these things harm the industry but they're here [as things stand]. These are touchy, emotional issues, but this dialogue is very much needed. As an industry, we plan to use open-source technologies, but we are not yet ready to play by the rules; but this needs to work the other way round too.'"

Re:Say what?!?

[qortra]

Interesting. I read it as more of a ransom note:

"We have QT, and unless you give us DRM software in 6 months, you can kiss future GPL releases goodbye!"

Re:Say what?!?

[paroneayea]

Hopefully at some point soon OpenMoko [openmoko.com] will become good enough for normal phone usage. Now there's a company that, from the very beginning, has wanted to play by our rules.

Want to get the linux community's support? Asus did it, even though I'm not entirely sure they realized it when they began doing so. By releasing a machine that's linux friendly and not locked down, you're sure to get a community surrounding you that will help even improve the usefulness of your product.

Re:Here's an idea? Want DRM in your product?

[inasity_rules]

Funny, but why not? Optionally installed of course.... Trying to mandatorily include DRM in all opensource media players would be a very strange and ludicrous idea. But if someone wants to hang themselves, give them some more rope and fetch the popcorn.

Nokia needs to educate the mobile industry

[Anonymous Coward]

I'm sad to see Ari take this position, he's normally a very reasonable guy (he's been the head of the Open Source division at Nokia that does maemo since it was founded.

Nokia should use its 40%+ market share to educate the mobile industry about openness. Inside Nokia, there is a growing consensus that Symbian is a major failure (there's a reason they're putting so much money into maemo). So they should go out to their telco partners and say "Look guys, we've made a big mistake, Symbian sucks, the future of smart phones is open, and that means you'll have to change the way you work, live with it"..

Re:Here's an idea? Want DRM in your product?

[gnasher719]

Well, I suppose someone could write an open source DRM module for mplayer. Would that work for you?

First, this could be done even using GPL v. 3 (the GPL would require that the DRM module can be modified by users and that a modified module can be installed; the GPL doesn't care what the module actually does). And it would most likely be the most unbreakable DRM in existence: If you write a DRM module that cannot be circumvented even with the possibility of modifying the code and installing a modified module, then what on earth is a hacker to do to get around this?

Re:Say what?!?

[3p1ph4ny]

I'm going to be a senior in college this fall, in Computer Engineering. I've never contributed to an OSS project before (although I've been hacking kde4 for a few weeks), but I would love to start and learn how.

I love KDE very much, and if Nokia starts to hold QT hostage, I'd very happily donate a large chunk of my free time to QT development. In fact, it would be just the opportunity I'm looking for to get started contributing to OSS.

So, your sentiment may be true overall, but there are probably a few would-be QT hackers.

Re:Say what?!?

[geminidomino]

[citation needed]

Mostly because I'm curious.

Can an AC be at -2? Let's find out.

[Anonymous Coward]

DRM doesn't have to be a bad thing. In particular, open source software is in a particularly advantagous position to make DRM software that's durable and more of a two way street. That's wealth. Real wealth. Giving choice to everyone, over night. If Sony, et al get Microsoft to do it, I'll pretty much be one way. A belated attempt to turn the internet into multicast cable tv. If random companies, or again just Microsoft, impliment specific schemes they may tire of maintaining them, and just turn the data people bought off. Why can't I use DRM to protect and maintain a durable finely gained control of how my data is used and by whom? Sex tapes come to mind, though some are sure to be efforts at self promotion, and I'll still be confident in my ability to use my personal appearence as a deterent. Not everyone is so fortunate. But it could also be youtube videos networks have no qualms about appropriating for their own commercial purposes. It could be a database of painstakingly researched impossibly obscure mineral claims.

What's the end you want? One that draws your foes into a collabrative fold, or one that keeps you unnecessarily at odds depriving everyone of more choice, more ability?

Re:Here's an idea? Want DRM in your product?

[dk.r*nger]

Well, I suppose someone could write an open source DRM module for mplayer. Would that work for you?

Yeah, but no:
mplayer -vo mpegpes:grab.mpg YourDRMfile.wmv

So, your DRM decoding module should set a flag in mplayer that forbids file-output. So I modify mpegpes module to ignore that flag, or for mplayer to lie to the DRM module about which output module is loaded. Hmm, so you require the mplayer binary to be signed by someone you trust, probably Microsoft or RedHat, and they'll charge $6000 pr release, even if it's a trivial but critical bugfix.
OK, I don't wanna do that, so I plug in a kernel-module that will always open /usr/bin/mplayer_signed instead of /usr/bin/mplayer when the DRM module asks, so it will appear signed. So you now require the kernel to be signed. So I run the kernel in a VM, and screen-scrape from the VM-host -- so you require direct access to a cryptographic chip on the motherboard to make sure that I don't run you video in a VM.
Then I get myself one of these videocards with a FPGA on it, and program that to dump the video-stream back into the memory, so I can copy it to disk - so you want your cryptographic chain of trust to include the videocard, and I put my FPGA in the other end of the DVI cable, and rip from there. So you demand access to a chip in the monitor, also.
So, no, you can't put a DRM module (that's worth anything, at least) in anything opensource, without making the entire system wall-to-wall closed (AND broken, too). Microsoft, whose customers couldn't care less about closed, tries to do this, and fails. ("What, I can't put my legitimately purchased Plays for Sure! file on my fucking iPod?")

Re:Emotional?

[MadKeithV]

How do you want to enforce any kind of DRM when you open your source code?

The same way good encryption is enforced - by making breaking it independent of the code. Of course, it's an order of magnitude harder with DRM, perhaps even impossible, because the client needs to have the key to decrypt. If someone finds a solution to that, it'll be a huge step forward for DRM.

Re:Say what?!?

[Anonymous Coward]

You did not understand his point.
He said that the industry (Nokia) is not yet ready to play the open source way.
The open source community is NOT ready to play the industry rules, as well.
There should then need a dialogue between industry and open source.
We should understand their need and try to push them towards our rules.
They do the same.
It sound fair to me.

--
Anidel

I wouldn't expect any of the big companies to behave as good guys in one day.

--

This is obviously a troll article...

[clickety6]

c'mon guys! really!

Inflammatory comments from a guy called Ari Jaaksi?

Ari Jaaksi - Hairy Jacksy (*)

Can't you even recognise a troll these days?

(*)Hairy Ass for non-Brits

Re:Here's an idea? Want DRM in your product?

[Sobrique]

And herein lies the fundamental, underlying flaw with 'DRM'

Re:I'm cool with DRM

[Alsee]

In related news, I'm cool with Bush running for a third term.

...as long as everyone completely ignores him and his orders.

-

Re:Linux has two choices

[Anonymous Coward]

Netflix wrote their own player. For someone to write a linux player besides Netflix they would have to reverse engineer their access and DRM schemes.

Re:I don't know where to begin...

[Anonymous Coward]

Mathmatically impossible isn't the same thing as mathmatically convienent. Not to mention at the extremes it's not cheap either. You might as well be arguing against ACL's, logons or some other facet of security or access control.

More to the point DRM doesn't need to lock out fair use. A fact that a open source/free software solution would have the ability to not just acknowledge, but actually enforce. Better yet, because of the possible durability of an Open Source solution, there's a potential to make that the dominant view. The bitter medicine to go with the corporate requested spoon full of sugar.

There is good in DRM done well (extraordinarily difficult). The massively parallel experimental process of open source software is uniquely capable of addressing that problem, but also enforcing the public good.

Re:Say what?!?

[galoise]

and the whole point is that it is not in the interest of trolltech to stop releasing gpl versions, because that makes the comercial version worthless.

it's a self-restraining clause. Or at least, it can have that reading.

Re:Say what?!?

[sm62704]

I had to look up SIM lock [wikipedia.org].

A SIM lock, Simlock or Network lock, not to be confused with PIN or PUK code, is a capability built-in to GSM phones by mobile phone manufacturers. Network providers use this capability to restrict the use of these phones to specific countries and network providers. Currently, phones can be locked to accept only SIM cards from one or more of the following:

• Countries (the phone will work in one country, but not another)
  
• Network/Service providers (e.g. AT&T Mobility, T-Mobile, Vodafone, etc.)
  
• SIM types (i.e. only specific SIM cards can be used with the phone).

In some countries, most mobile phones are shipped with country and/or network provider locks. In addition, these locked phones tend to have firmware installed on them which is specific to the network provider. For example, if you have a Vodafone or Telstra branded phone in Australia, it displays the relevant logo and may only support features provided by that network (i.e. Vodafone Live!). This firmware is installed by the service provider and is separate from the locking mechanism. You can unlock most mobile phones to work with any GSM, such as O2 or Orange (in the UK) but the phone may still display the original branding and may not support features of your new carrier. Most phones can be unbranded by uploading a different firmware version, a procedure recommended for advanced users only.

This is the main reason I love slashdot - it exposes me to new ideas and technologies. If I run across something unfamiliar, wikipedia almost alwasys comes to the rescue.

As to SIM locks and DRM, WTF? These are EVIL with a capital E and capital V, I, and L. They are the antithesis of OSS.

"Look" Satan said to me, I know that concepts like murder, adultery, and theift 'go against the Christian philosophy,' but they are necessary components of the current industry. Why do we need locked cages? We do," Satan continues. "Some of these things harm the industry but they're here [as things stand]. These are touchy, emotional issues, but this dialogue is very much needed. As an industry, we plan to use Christian technologies, but we are not yet ready to play by the rules; but this needs to work the other way round too."

I have three words for Jaaksi and his father Satan: "Fuck off, asshole."

Re:Say what?!?

[Stradivarius]

Nobody disputes your right to enter into whatever purchasing agreement you desire, to include DRM or not. (Some may dispute whether you really have much choice, given that the music market is controlled by a small cartel, but let's assume for the sake of argument you both had the choice and chose DRM).

Now suppose you want to want to play that music on your open-source device - say a Linux-based mp3 player. Since open source software guarantees you the freedom to modify the source code, there is nothing to prevent you from modifying the operating system or other open source code on the device to circumvent whatever DRM measure the vendor put in place.

This situation is of great concern to the DRM-using vendor. They wish to enforce your agreement by technical means (rather than legal means), in part because it avoids them having to know whether you're breaking the agreement you made, and in part because it's a lot cheaper for them than suing you for copyright infringement or breach of contract in the event you violate your agreement.

Thus the vendors start playing tricks like building hardware that will only run software that the vendor themselves digitally signed. This includes the GPL operating system and other GPL software on the device. This allows them to enforce their DRM, but also prevents you from exercising your freedoms under the GPL to run your modified software, even when your modifications are unrelated to the DRM you agreed to.

The free software community views this tactic as an attack on the whole point of the GPL. The DRM-using vendors simply don't care about the collateral damage their attempts at technical enforcement of DRM impose. But the free software community cares a lot about those freedoms.

That is why GPLv3 has explicit provisions against this sort of practice - if vendors want to use technology to restrict your freedoms, they can write their own software to do it. If they want to use GPLed software, they need to honor its terms (and hopefully the spirit too). What they can't do is have it both ways.

So to summarize - open source software gives you the freedoms that DRM companies aren't willing to let you keep, and gives them cost savings they aren't willing to give up. So instead they try to circumvent the GPL, creating the current conflict.

Re:Say what?!?

[Znork]

The Freerunner looks good enough for geek use, so I'm certainly going to order one. It's the first phone I've actually wanted.

I doubt opensource developers need any 'education' from Nokia; most understand those 'business rules'. And reject them. Nokia on the other hand, have been fairly consistently in favour of proprietary approaches, from support for software patents to DRM, etc.

The phone industry and its 'business rules' has brought us things like short text messages with profit margins in the range of thousands of percent of the cost, 'ringtones', drm'ed throwaway music, etc. I understand exactly how it works, as does anyone who hasn't had a rectal anesthetic for the last decade.

Over the longer term, open handsets stand to revolutionize portable computing. Unless the company changes philosophy at some fundamental level, I doubt Nokia will be part of that.

Re:Say what?!?

[scamper_22]

"So in short, the following question is purposeless: "is DRM compatible with OSS?" The question you should be asking: "why would an OSS developer donate his time to make his and everybody else's life harder?"."

no, that's not the question should be asking. I don't think any sane mind OSS developer would put their time to write DRM applications.

HOWEVER, would a company like Nokia have a reason to write open source DRM applications? Absolutely.
That said, they'd have to provide the source code which would then make circumventing their DRM trivial. So the only way this could work is if they got governments (looking at you Canada) to go along with criminal offences with respect to software that breaks locking mechanisms. They seem to be having success in certain countries.

So it's not unthinkable for Nokia to have a linux based mobile OS, with an open source DRM package that they use for media content (which means it can ported and the media can remain fully compatible). The only thing protecting the open source DRM from being hacked as the laws against it (as above). If this became the norm, I'm pretty sure you would see other develops using the nokia package to allow other applications to access the media. Maybe a plugin for media players... Or maybe nokia would develop those too.

I must claim ignorance as to whether or not the GPL would legally prevent open source DRM from being implemented.

Re:Say what?!?

[Anonymous Coward]

That said, they'd have to provide the source code which would then make circumventing their DRM trivial. So the only way this could work is if they got governments (looking at you Canada) to go along with criminal offences with respect to software that breaks locking mechanisms. They seem to be having success in certain countries.

Doesn't need laws passing at all. Control is moving from the source code, to the digital signatures on the binaries, enforced by hardware.

Trusted Computing - look it up. Intel La Grande + TPM, ARM TrustZone and so on...