LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Bitfrost: the OLPC security model

Bitfrost: the OLPC security model

Posted Feb 8, 2007 20:51 UTC (Thu) by cjb (guest, #40354)
In reply to: Bitfrost: the OLPC security model by bronson
Parent article: Bitfrost: the OLPC security model

I'm not sure I buy that. If OLPC gets to do this, couldn't Tivo do the same thing?
Remove their restrictions by bundling an offer to supply a developer key that gives you complete access to the machine if you want it? Sure, they could, and they'd be GPLv3-compliant by my interpretation if they did.

They presumably won't, because they don't want you to be able to (for example) use a public source of TV listings and stop paying them for monthly service.

The vast majority of people won't know, won't bother, or won't qualify.
No, if you've bought the device, it would be a breach of GPLv3 to not give you the key on request. A "restricted" developer program wouldn't suffice. (But no-one's suggesting the OLPC program will be restricted.)

(Log in to post comments)

Bitfrost: the OLPC security model

Posted Feb 8, 2007 22:52 UTC (Thu) by bronson (subscriber, #4806) [Link]

Of course the OLPC program is restricted.

From the article: "in general, the children will not have that functionality available to them."

From our editor's comment: "There is a delay built into the developer key mechanism; if the laptop is reported stolen during the wait, no key is issued."

This makes total sense. If there really were no restrictions, there would be no point to making the keys private in the first place. The thieves would just request the keys after they'd stolen the laptops.

I've read the v3 draft a few times. You'll notice that 6.3b doesn't specify any durations. How long could Tivo delay issuing a key before It's in violation? A few months? A year? And could Tivo pull the old tape trick used by a number of BSDs in the early 90s? (charging $400 for a $30 tape claiming "it's a reasonable cost of physically performing this conveying of source. Go ahead, take us to court -- it'll cost you a lot more than $400!")

From reading the license, it seems to me like they could.

Bitfrost: the OLPC security model

Posted Feb 8, 2007 23:56 UTC (Thu) by cjb (guest, #40354) [Link]

From the article: "in general, the children will not have that functionality available to them."
This doesn't mean that developer keys will be refused to some children, it means that before the child asks for the key, the (BIOS-writing) functionality won't work.
I've read the v3 draft a few times. You'll notice that 6.3b doesn't specify any durations.
The Bitfrost spec (section 8.19) says that the delay between asking for and receiving the key will be fourteen days. That seems entirely consistent with the delay one would expect from replying to a written offer of source code under the GPL that we've been using for the last twenty years.

I'm only really interested in talking about this to the extent of showing that the scheme is entirely in accord with GPLv3 and the spirit of the GPL. If your problem is that the GPL isn't free enough for you, you need to find some other people to talk to. :)

Bitfrost: the OLPC security model

Posted Feb 9, 2007 2:34 UTC (Fri) by bronson (subscriber, #4806) [Link]

I'm genuinely interested. I still don't understand how the GPLv3 can allow the OLPC to use DRM and at the same time prevent Tivo from abusing it. That's why I was asking about known modes of GPL abuse from the past. There will always be people who want to skirt the rules.

I *like* the GPLv2, and presumably I'll like the v3 when it ships. Ideally I'd like v3 to be able to be the go-to license for most projects. Other than the DRM language, which I'm unsure about, it looks like v3 could be that license.

Of course, I'm happy to let our discussion rest here and leave any further fine slicing to future litigators. :)

Bitfrost: the OLPC security model

Posted Feb 9, 2007 2:49 UTC (Fri) by cjb (guest, #40354) [Link]

I'm genuinely interested. I still don't understand how the GPLv3 can allow the OLPC to use DRM and at the same time prevent Tivo from abusing it.
So, my understanding is that the GPLv3's answer to DRM is to say "Sure, you can build DRM -- after all, you wouldn't have freedom if you couldn't -- but you must give the person who you distribute the code to the freedom to remove the DRM if they wish". That's what Bitfrost tries to do.

How do you think TiVo would claim to be following that, yet abusing it? The methods you mentioned (waiting too long, or charging too much) just aren't ones that we've seen people abuse over the last twenty years; I can't think of a single memorable example of either, so it certainly hasn't been common. If they *do* provide the source+key that gives you full control of the system in a timely manner, then it's Free Software.

Bitfrost: the OLPC security model

Posted Feb 9, 2007 11:56 UTC (Fri) by NAR (subscriber, #1313) [Link]

you must give the person who you distribute the code to the freedom to remove the DRM if they wish

I think I get it - the code is distributed to the child, but not to the thief, so the thief can't ask for the key. However, an other thing occured to me. As far as I know, the children can't sell or give away their laptops, i.e. can't distribute it (I could be wrong here). Can they distribute the software (including the OpenBIOS) on the laptop? GPL (even v2) gives them the right, but will the software work on any other laptop (even if they distribute the key, which is part of the software under GPLv3)?

Bye,NAR

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds