| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Re: the beef
Re: the beef
Posted Oct 4, 2006 19:35 UTC (Wed) by nim-nim (subscriber, #34454)In reply to: Re: the beef by sepreece
Parent article: Busy busy busybox
> The intended end result, from the device distributor's point of view, is
> the same: the end user can't change the software in the device so that it
> does things other than what it is supposed to do.
What they actually care about is the device behaviour, and it's not even an absolute requirement, or they'd be selling welded steel enclosures not cheap plastic ones anyone can open to install mod-chips.
The intended end result is to make the device somewhat harder to modify as long as it does not cost too much. Shock! DRM is only about saving a few bucks! One could easily argue the costs of having to forgo DRM are largely couterbalanced by free access to the GPL software pool.
> preserving the ability to repair devices lowers the lifecycle cost of the
> device
Nothing forbids repairing devices in a GPLv3 world. It only forbids repair accesses closed to the device owner. That screwdrivers are widely available never stopped an appliance manufacturer from using standard screws, precisely because lowering lifecycle costs has priority over keeping the owner out at all costs.
> Yes, the device distributors want to have a right on the device that the
> end user does not have, as a condition of using the device with their
> service.
This argument does not stand:
1. many of the DRM-ed devices are intended for standalone use (media players...) with the service part completely absent or optional
2. if it's really a condition of using the service then there is something called "terms of service" for this, and it's not even deprecated by DRM, since many terms can not be DRM-enforced.
If the device is sold to the user what he does with it is none of the service provider business as long as it does not impact the service infrastructure (if it does impact the service infrastructure you can detect it infrastructure-side without device-level DRMs)
If the service absolutely depends on total control on the appliance there's a well known solution: providing the device free of charge to the user, and recouping costs with the service fee.
Of course some businesses want to sell appliances without passing control to the user, have customers provide seed money for services by paying for the required appliances beforehand, benefit from GPL code without allowing the tinkering conterpart the GPL was about and so on.
I want a pony too. Will I get one?
(Log in to post comments)
Re: the beef
Posted Oct 7, 2006 1:38 UTC (Sat) by vonbrand (subscriber, #4458) [Link]
The intended end result is to make the device somewhat harder to modify as long as it does not cost too much. Shock! DRM is only about saving a few bucks! One could easily argue the costs of having to forgo DRM are largely couterbalanced by free access to the GPL software pool.
One could also easily argue that the costs of other software alternatives is not significantly higher, and moreover the GPLv3 (and possibly even more agressive GPLv4 to follow, and...) creates a high potential liability cost ("But, yerhonnor, we used GPLv3ed code because it was cheaper, and the plaintif modified said code and our so modified device cut off her feet" can very easily be answered by "Then it was reckless design to leave it open to modification").
Nothing forbids repairing devices in a GPLv3 world. It only forbids repair accesses closed to the device owner. That screwdrivers are widely available never stopped an appliance manufacturer from using standard screws, precisely because lowering lifecycle costs has priority over keeping the owner out at all costs.You'd be surprised then by the strange screws I've had to deal with... plus swabs of paint over screws, etc. Point of most of them was clearly making it harder to get inside, or making modifications visually obvious to whoever is handling the device. What if the "handling" of the device is remotely, over a network?
Re: the beef
Posted Oct 7, 2006 12:44 UTC (Sat) by nim-nim (subscriber, #34454) [Link]
> "But, yerhonnor, we used GPLv3ed code because it was cheaper, and the> plaintif modified said code and our so modified device cut off her feet"
> can very easily be answered by "Then it was reckless design to leave it
> open to modification"
But was the reckless design to use GPLv3 or DRM instead of ROM? If you have this kind of liability hanging over your head, you can certainly afford ROM, or protected hardware jumper, or whatever
Re: the beef
Posted Oct 8, 2006 1:44 UTC (Sun) by sepreece (subscriber, #19270) [Link]
If the TC is good enough, there's no need to go to ROM. As noted elsewhere, there are disadvantages to using ROM. And it's usually sufficient to make it difficult to modify, so the user clearly has to jump over intended barriers (and thereby demonstrate that it's their fault, and not the manufacturers).
I'm neither a lawyer nor on the business side; I don't know what factors they use in deciding how hard to make it to crack the security.
Re: the beef
Posted Oct 8, 2006 9:12 UTC (Sun) by nim-nim (subscriber, #34454) [Link]
> As noted elsewhere, there are disadvantages to using ROM.
But are the disadvantages sufficient to refuse using GPLv3 software if it implies ROM?
> And it's usually sufficient to make it difficult to modify, so the user
> clearly has to jump over intended barriers (and thereby demonstrate that
> it's their fault, and not the manufacturers).
This part is easily done without blocking GPLv3 by making the update process interactive and spewing big red warnings if the updating binary is not signed by the manufacturer