LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DRM is a bit of a red herring.

DRM is a bit of a red herring.

Posted Feb 12, 2007 0:11 UTC (Mon) by drag (subscriber, #31333)
In reply to: DRM is a bit of a red herring. by mmarq
Parent article: Recommendation: no GPLv3 for Solaris

"""And they say:- ok here are the keys, you can do as you please, i accept the GPLv3 contract. But... if you remove or change our code, all guaranties are void. Not only that but we have signed our binarys also. The data channel will be looking upon those signatures and if it dosent find them no connection will be allowed."""

Well according to the GPLv3 draft the second part would be invalid. Running cannot automaticly result in a decline of the functionality of the system.

In other words it's against the license to disable functionality if it detects modified code. In the GPlv3 draft they gave two examples, one example was online services.

However it's perfectly valid, according to the license, that mofidying the code would void warrentees and garrentees. It's not reasonable at all to blame broken software you made on the hardware vendor you got the machine from.

They are trying to make a distinction between practical functionality software-as-a-tool and stuff like warrentees and such.

(Log in to post comments)

DRM is a bit of a red herring.

Posted Feb 12, 2007 1:43 UTC (Mon) by sepreece (subscriber, #19270) [Link]

This is in highly speculative territory.

I personally doubt that a court would find that the distribution license could limit the distributor's right to make contracts with its customers, including contracts that bound the customers to NOT do things the license would allow them to do. But IANAL.

Beyond that, even under a broad reading of the license terms, the service presumably IS allowed to authenticate the proprietary software that it works with (in the TiVo-like case, the software that runs on top of Linux). The system may be designed so that software can work with the hardware without relying on (or trusting) the GPLed software. Then the system can allow the GPL software to be replaced without actually opening up the system's interesting functionality.

Also, the license only requires providing keys; there is no basis for figuring out what happens if the means of authenticating the software isn't "a key". If the service or proprietary software calculates a checksum, for instance, that is not a key.

And, of course, virtualization may be the ultimate way to allow using the GPL software for untrusted functions and using only authenticated software for things the system needs to trust (like interaction with remote services).

DRM is a bit of a red herring.

Posted Feb 12, 2007 16:04 UTC (Mon) by Arker (guest, #14205) [Link]

You may doubt it, but you're wrong.

Under copyright law, they have no right whatsoever to use the code. If they don't like the terms it's offered under, their remedy is not to use it. Simple as that.

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:19 UTC (Mon) by sepreece (subscriber, #19270) [Link]

You're oversimplifying.

The distribution of the software is controlled by the software license. Selling you a box with the software in it is subject to the terms of the license. I'm assuming you can buy the device without buying the service.

Buying service (whether for a TiVo, cable box, or cell phone) is a separate arrangement. Assuming you buy the device, and get to keep it regardless of whether you get the service, there's no interaction with the license terms. The contract terms for the service could require using a specific version of the software and that requirement would have nothing to do with the distribution licensing.

A possible refinement of this would be to have the device provider provide only core, GPL software. The service provider could then provide the proprietary client software that enables use of the service. That software could then tie to a specific version of the GPL software. For instance, a DVR vendor could ship boxes with DVR functionality based on Linux and MythTV, and TiVo could ship their proprietary software to run on top of the Linux, replacing the software that shipped with the device.

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:47 UTC (Mon) by drag (subscriber, #31333) [Link]

Ya.. that could be possible. As long as that propriatory bit of code being sent by Tivo isn't violating the GPL (which I assume is not violating it) when they sent it.

The GPL has absolutely no restrictions on the sort of stuff people do to it themselves, it never has and hopefully never will. If end users want to add propriatory code to impliment some sort of DRM then that would be valid and without conflict with GPLv3.

(although that sort of drm would be almost certainly be trivially easy to crack)

DRM is a bit of a red herring.

Posted Feb 12, 2007 2:57 UTC (Mon) by mmarq (guest, #2332) [Link]

"" In other words it's against the license to disable functionality if it detects modified code. In the GPlv3 draft they gave two examples, one example was online services. ""

Confess i havent read those. But it dosent. At least from the client side, from that TIVO box it never will. If you have only somehow unrestricted acess to Online Services, you will never have acess problems from your modified TIVO box.

GPL v3 can say that no license will hold, if the covered code is used to restrict functionality upon modification.

But nevertheless i cant see how the GPL can impose legally on Online Services Providers an authentication method. If those acesses require a token in the form of a DRM checksum, simply by modifying the code it will generate a different checksum... TIVO will say that is not their fault... i dont know but it seems complicated...

Specialy because that DRM token restricting funcionality, will not be most probably generated from any v3 covered code, but from the BIOS level. Watch next bios capable of playing online games while you load an online OS ftp://download.intel.com/technology/efi/docs/pdfs/IDF04li...

DRM is not about security, is about control, and protected by the DMCA. If that security BS message is passed sooner or later there will be huge FUD campaingns stating that because all the source code must be available, GPLv2 or V3 makes systems easely crackables, in fouling an Online Service, by any expert "kid".

In the general matter i'm on the side of FSF and RMS, but i belive the rug has been pulled out off their feet on this, and i cant see clearly how they gonna prevent this legally by means of a licence !...

That is why i sugest the provision of making those DRM features turn off upon user whish, that is, mandatory as an optional feature because v3 holds also for every "online" binary covered... but would that be DMCA legal ?... and inclusion of LinuxBIOS as an integral part of a Linux System... would vendors buy it ?

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:37 UTC (Mon) by drag (subscriber, #31333) [Link]

"""GPL v3 can say that no license will hold, if the covered code is used to restrict functionality upon modification.

But nevertheless i cant see how the GPL can impose legally on Online Services Providers an authentication method. If those acesses require a token in the form of a DRM checksum, simply by modifying the code it will generate a different checksum... TIVO will say that is not their fault... i dont know but it seems complicated...

Specialy because that DRM token restricting funcionality, will not be most probably generated from any v3 covered code, but from the BIOS level. Watch next bios capable of playing online games while you load an online OS ftp://download.intel.com/technology/efi/docs/pdfs/IDF04li..."""

I don't understand everything your aiming at.

But if you want to use GPLv3 in a machine you want to sell to people that you want to impliment DRM then bypassing the userland and going straight to firmware is a perfectly valid way to do it and it wouldn't conflict with the GPLv3. Also running non-GPlv3 code along side GPlv3 code in order to impliment DRM is valid also.

The goal of the GPlv3 here isn't to eliminate DRM or make GPlv3 software incompatable with DRM, it's just to make sure that people don't use DRM to circumvent the GPL license and limit 'four freedoms' that are suppose to be garrenteed for Free software.

As long as a paticular form of DRM does not require that software be unmodifiable to work then there isn't any problem with it being used with GPLv3 as far as the license goes.

DRM is a bit of a red herring.

Posted Feb 12, 2007 23:50 UTC (Mon) by mmarq (guest, #2332) [Link]

"" I don't understand everything your aiming at. ""

.-Means tivoization will continue

.-It will be possible to disable functionality, if modified code is detected, most notorious on Online services, because those most logicly, not implementing the specific restrictions by using GPLv3 code, are not bond to the distribution licence terms... IANAL, but it seems logic to me.

But though, im getting confused myself. 3 pertinent questions arise on these tivoization and functionality clause:

Why isnt installing or replacing a binary program, or a binary derivative (plugin, library...) also be considered a modification upon the original program, which must be allowed to run ?

Just following the precedent question here providing key for "in sito" compilation and signature is completely wortless, as is i belive, transfer that key and source code to a 3th capable part without transfering the machine which that key is exclusively attributed ?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds