LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Re: the beef

Re: the beef

Posted Oct 7, 2006 1:38 UTC (Sat) by vonbrand (subscriber, #4458)
In reply to: Re: the beef by nim-nim
Parent article: Busy busy busybox

The intended end result is to make the device somewhat harder to modify as long as it does not cost too much. Shock! DRM is only about saving a few bucks! One could easily argue the costs of having to forgo DRM are largely couterbalanced by free access to the GPL software pool.

One could also easily argue that the costs of other software alternatives is not significantly higher, and moreover the GPLv3 (and possibly even more agressive GPLv4 to follow, and...) creates a high potential liability cost ("But, yerhonnor, we used GPLv3ed code because it was cheaper, and the plaintif modified said code and our so modified device cut off her feet" can very easily be answered by "Then it was reckless design to leave it open to modification").

Nothing forbids repairing devices in a GPLv3 world. It only forbids repair accesses closed to the device owner. That screwdrivers are widely available never stopped an appliance manufacturer from using standard screws, precisely because lowering lifecycle costs has priority over keeping the owner out at all costs.
You'd be surprised then by the strange screws I've had to deal with... plus swabs of paint over screws, etc. Point of most of them was clearly making it harder to get inside, or making modifications visually obvious to whoever is handling the device. What if the "handling" of the device is remotely, over a network?

(Log in to post comments)

Re: the beef

Posted Oct 7, 2006 12:44 UTC (Sat) by nim-nim (subscriber, #34454) [Link]

> "But, yerhonnor, we used GPLv3ed code because it was cheaper, and the
> plaintif modified said code and our so modified device cut off her feet"
> can very easily be answered by "Then it was reckless design to leave it
> open to modification"

But was the reckless design to use GPLv3 or DRM instead of ROM? If you have this kind of liability hanging over your head, you can certainly afford ROM, or protected hardware jumper, or whatever

Re: the beef

Posted Oct 8, 2006 1:44 UTC (Sun) by sepreece (subscriber, #19270) [Link]

If the TC is good enough, there's no need to go to ROM. As noted elsewhere, there are disadvantages to using ROM. And it's usually sufficient to make it difficult to modify, so the user clearly has to jump over intended barriers (and thereby demonstrate that it's their fault, and not the manufacturers).

I'm neither a lawyer nor on the business side; I don't know what factors they use in deciding how hard to make it to crack the security.

Re: the beef

Posted Oct 8, 2006 9:12 UTC (Sun) by nim-nim (subscriber, #34454) [Link]

> As noted elsewhere, there are disadvantages to using ROM.

But are the disadvantages sufficient to refuse using GPLv3 software if it implies ROM?

> And it's usually sufficient to make it difficult to modify, so the user
> clearly has to jump over intended barriers (and thereby demonstrate that
> it's their fault, and not the manufacturers).

This part is easily done without blocking GPLv3 by making the update process interactive and spewing big red warnings if the updating binary is not signed by the manufacturer

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.