Weekly Edition
Return to the Front page
| |||||||||||||
The Nook Tablet and the GPL
Recently, certain corners of the net have carried the claim that Barnes
& Noble is refusing to release the source for the kernel shipped in its
"Nook Tablet" book reader device. That, of course, would be a violation of the
kernel's licensing. GPL violations are far from unheard of in the mobile
electronics market, but B&N is a company with a high-enough profile to attract
special attention. A look at what is going on suggests that there is less
to the story than meets the eye - but it still merits a look.
The big fuss was made on the XDA developers forum, where many Android-related conversations are hosted. There, Adam Outler claimed:
It would seem that Barnes and Noble is betraying the most sacred of
things in the open-source world, The General Public
License(GPL). As open source programmers we all use the GPL
daily. The GPL is what keeps Open-Source work like the Linux kernel
free, modifiable and re-distributable. I tried to compile the
sources provided by Barnes and Noble, but they are incomplete. They
will not compile.. I'm not the only one, others have tried and
failed as well.
He also claims that B&N has been deleting requests for the source from its own forum sites. In truth, B&N has made the kernel source for its Nook devices available - though some prodding from Matthew Garrett was required to get that to happen. One can find it by scrolling down on the Nook "terms of service" page. Matthew believes that source distribution to be complete - or something very close to it. His position is that B&N appears to be living up to its obligations under the GPL at this time. Some XDA developers still disagree with this assessment for one simple reason: it is not actually possible to build a replacement kernel for the Nook (specifically, the "Nook Tablet" variant) using the source provided. Like many consumer electronics devices, the Nook Tablet is locked down and will refuse to boot a kernel that lacks a signature that it recognizes. What the XDA developers want is a signing key that will allow them to build kernels that are actually bootable on the device. Without that key, they say, the kernel sources are incomplete and useless. It is certainly a reasonable thing for them to want; hackable devices are, after all, far more interesting and valuable than the locked-down variety. There is a difference, though, between wanting something and claiming that somebody is obligated to provide it to you. Whether B&N is obligated to provide that key is far from clear. The relevant GPLv2 language is this:
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus
any associated interface definition files, plus the scripts used to
control compilation and installation of the executable.
Many developers have, over the years, claimed that a signing key qualifies as one of the "scripts" referred to in §3 of the GPL. Even if the license does not explicitly say that it must be possible to build and install an executable that the hardware will actually deign to boot, that requirement is arguably within the intent of the license. Version 3 of the GPL added language to make this expectation explicit; in most cases, it is not possible to use GPLv3-licensed code in a device if that code cannot be updated by the user. But the Linux kernel is not covered by GPLv3, and, more to the point, the discussion around GPLv3 made it clear that a significant portion of the kernel development community does not wish to limit the use of their code in this way. The "kernel developers' position on GPLv3" document posted in 2006 was explicit on that point. Linus Torvalds made his position clear on the issue well before the GPLv3 process even started:
But since the signature is pointless unless you _use_ it for
something, and since the decision how to use the signature is
clearly outside of the scope of the kernel itself (and thus not a
"derived work" or anything like that), I have to convince myself
that not only is it clearly ok to act on the knowledge of whether
the kernel is signed or not, it's also outside of the scope of what
the GPL talks about, and thus irrelevant to the license.
Of course, the actual meaning of the language in the GPL is not determined by Linus or any specific group of kernel developers. That, in the end, can only be definitively done in a court, and, even then, clarity can be hard to come by. So it is conceivable that, someday, some developer could pursue a case against a company like B&N and prevail, forcing either the release of the signing key or the removal of the product from the market. Such an outcome, needless to say, would cause a number of manufacturers to reevaluate their use of Linux in their products. That outcome seems unlikely, though, for one simple reason: Linus and a number of other high-profile developers have, through their statements and rejection of GPLv3, made it clear that they see locked-down systems as a permissible use of the kernel and in full compliance with its license. Such signals carry a lot of weight in arguments before a judge, who will be reluctant to rule that a vendor cannot do what the developers of the kernel explicitly said was allowed. Anybody seeking such a ruling will be fighting an uphill battle from the outset. Saying that the license allows certain behavior is not a statement that such behavior is a good thing. But that is the nature of free software: it is not truly free if it cannot be used to do something the author disagrees with. Once code is released under a free license, it can be used for any number of distasteful things, including running criminal organ-harvesting rings, controlling land mines, tracking people the government doesn't like, or sending "join my social network" email. It can also be used to implement unpleasant DRM schemes on a locked-down ebook reader. That is simply part of the loss of control that comes with making software free. In some parts of the market, it has become clear that an open platform is a competitive advantage; see HTC's policy of not locking down the boot loaders on its handsets, for example. Barnes & Noble is engaged in a difficult fight against companies like Amazon; as Charlie Stross so clearly stated last year, an insistence on using DRM is just making that fight harder. The push for DRM seemingly comes mainly from the publishers, but pushback from retailers like B&N could force some change there. So one could easily argue that B&N should stop locking down its readers, not because of licensing problems, but because it makes more commercial sense not to. (Log in to post comments)
The Nook Tablet and the GPL Posted Jan 10, 2012 20:57 UTC (Tue) by dbruce (subscriber, #57948) [Link]
I love my Nook Color, and I am generally happy to support Barnes and Noble - partly because I love brick-and-mortar bookstores in general, but mainly because B&N has had the courage to stand up against Microsoft's Android-related threats.
So, I'm not about to excoriate B&N over their tivoization of the Nook, but my loyalty would definitely be enhanced if they abandoned this lockdown policy. I mainly use the device to read public domain ebooks from Project Gutenberg.
The Nook Tablet and the GPL Posted Jan 11, 2012 0:01 UTC (Wed) by jmalcolm (guest, #8876) [Link]
> I mainly use the device to read public domain ebooks from Project Gutenberg.
I hate to say it but I doubt your loyalty matters much if you are not a source of revenue for B&N. They are not a device company; they sell books. The Nook is simply a channel for their content.
I love my Nook Color as well, especially now that Netflix runs on it, but I am also not making them much money. They will get more from me than Amazon does at least.
The Nook Tablet and the GPL Posted Jan 11, 2012 0:09 UTC (Wed) by jmalcolm (guest, #8876) [Link]
Excuse my ignorance here but is the Nook Tablet more locked down than the Nook Color? I know that CyanogenMod (totally Open Source Android) runs on the Nook Color. So booting Linux (Android even) is certainly possible.
Is it not possible to boot the Nook Tablet code in the same way that CyanogenMod is booted? Can this be done for the Nook Color but not for the Nook Tablet because of extra hardware DRM on the tablet?
Or is it the case that the code could be made to work easily but some people just do not like that it has to be modified at all from how it is released by B&N?
The Nook Tablet and the GPL Posted Jan 11, 2012 1:46 UTC (Wed) by clump (subscriber, #27801) [Link]
While the Nook Tablet has a reliable rooting procedure, it unfortunately does have a locked bootloader. This is a very disappointing change from the Nook Color.
Just to clarify Posted Jan 11, 2012 19:43 UTC (Wed) by dbruce (subscriber, #57948) [Link]
>it unfortunately does have a locked bootloader
I think I understand you, but does this specifically mean that you can't just put a CM image on the micro-SDHC card and boot from that without rooting, like you can do with the Nook Color?
Just to clarify Posted Jan 12, 2012 14:03 UTC (Thu) by clump (subscriber, #27801) [Link]
To the best of my knowledge, you cannot *yet* boot non-official images via SD because of the bootloader. Root certainly is nice, but it does not compare to booting arbitrary roms.
Android and free software Posted Jan 12, 2012 0:01 UTC (Thu) by bignose (subscriber, #40) [Link]
It's worth noting that these devices running CyanogenMod, while a significant improvement in freedom, is not free software. To work on all of the devices it supports, it uses non-free drivers; it may also retain non-free programs (such as Camera) in the OS.
For a totally free Android on a device, you want to see the Replicant project http://replicant.us/ Because so many devices lack free drivers, the support for devices is rather less broad than CyanogenMod. We have work to do.
Note, though, that I support the spread of CyanogenMod and use it myself. It's not free software, but it is a big freedom improvement over the stock non-free Android on these devices.
Android and free software Posted Jan 14, 2012 1:59 UTC (Sat) by Trelane (subscriber, #56877) [Link]
Thanks for the info! I'm quite interested. :)
Android and free software Posted Jan 21, 2012 7:19 UTC (Sat) by rqosa (subscriber, #24136) [Link] > It's not free software More precisely, it's mostly, but not entirely free software. (Unless I'm mistaken, the only proprietary parts are device drivers and device firmware blobs.) > it may also retain non-free programs Those proprietary programs from Google aren't part of CyanogenMod — Google doesn't allow the project to distribute them.
The Nook Tablet and the GPL Posted Jan 11, 2012 19:38 UTC (Wed) by dbruce (subscriber, #57948) [Link]
>> I mainly use the device to read public domain ebooks from Project Gutenberg.
>I hate to say it but I doubt your loyalty matters much if you are not a source of revenue for B&N. They are not a device company; they sell books. The Nook is simply a channel for their content.
Well, in addition to the PG books, I have bought quite a few online Nook titles. They are definitely my choice for books too recent to be public domain - I just have a big interest in Shakespeare, Homer, Dante, and so forth. I also buy tons of stuff from their physical store in our city.
Your point is valid, though - although I am probably in the upper percentiles of Nook users based on how much reading I do with it, I hardly appear to them as a voracious reader if they just look at the purchases in my Nook account.
The Nook Tablet and the GPL Posted Jan 10, 2012 21:34 UTC (Tue) by dashesy (subscriber, #74652) [Link] Many developers have, over the years, claimed that a signing key qualifies as one of the "scripts" referred to in §3 of the GPL.What if the script reads the signature from standard input? Then providing all signatures will not be useful to have a signed kernel.
The Nook Tablet and the GPL Posted Jan 10, 2012 21:35 UTC (Tue) by dashesy (subscriber, #74652) [Link]
I meant "providing all scripts", sorry
The Nook Tablet and the GPL Posted Jan 11, 2012 14:57 UTC (Wed) by Felix.Braun (subscriber, #3032) [Link]
This is not how law works. Lawyers don't stick to the letter of a license. The only thing that matters is the intended meaning (if that is discoverable and provable). So whether the signing key is provided to the installation script on standard input, is baked into the script file itself or is read from a different file whose name is hardcoded into the script does not really matter.
The ultimate question is, what a sensible reader of the GPL would understand when he reads "The derivative work needs to include the installation scripts." As the article shows quite nicely, the intended (and sensible) meaning of this phrase is open for discussion. But this discussion would certainly take more into consideration than where the computer stores the bits for the signing key.
The Nook Tablet and the GPL Posted Jan 10, 2012 21:48 UTC (Tue) by zooko (subscriber, #2589) [Link]
Dear Editor:
I'm still waiting for you to write the definitive guide to how to buy an ereader which doesn't admit remote control (allowing some external third party to remotely delete or corrupt my books) or other limitations on my freedom to read.
In the meantime, I guess I'll experiment with an Efika MX Smartbook and a Pixel Qi display...
Regards,
Zooko
The Nook Tablet and the GPL Posted Jan 10, 2012 22:00 UTC (Tue) by zeekec (subscriber, #2414) [Link] Nook Color with CyanogenMOD
Free readers Posted Jan 10, 2012 22:01 UTC (Tue) by corbet (editor, #1) [Link] It's not an objective I've forgotten. But I think the answer is reasonably clear:
Life gets harder if you want to purchase current books, of course. A tool like calibre can save copies of even DRM-encumbered books, protecting against remote deletion. Elimination of the DRM is also possible for those who are willing to dig a bit.
Free readers Posted Jan 10, 2012 22:49 UTC (Tue) by JoeF (guest, #4486) [Link]
Some publishers, e.g. O'Reilly, offer their books without DRM. O'Reilly also offers a discount on the e-books if the person has the dead-tree version.
Free readers Posted Jan 14, 2012 2:12 UTC (Sat) by Trelane (subscriber, #56877) [Link]
Baen also has very good non-DRM pay books in addition to their famed library. I am pretty dedicated to Baen. :)
The Nook Tablet and the GPL Posted Jan 10, 2012 22:35 UTC (Tue) by proski (subscriber, #104) [Link] Buy the latest Amazon Kindle for $79 and don't connect it to the internet. Nobody would be able to delete your books. Moreover, without the net, you won't see the "special offers", so you would save some money. Kindle is seen as a hard drive, so no special software is needed to access it.
The Nook Tablet and the GPL Posted Jan 11, 2012 0:42 UTC (Wed) by hummassa (subscriber, #307) [Link]
YES. Congratulations. This is brilliant.
The Nook Tablet and the GPL Posted Jan 11, 2012 16:35 UTC (Wed) by clump (subscriber, #27801) [Link]
I wouldn't be so sure about remote access, even if you don't register a Kindle. Root a Kindle K3G and have a look inside. Look specifically at the cron jobs and the default firewall.
The Nook Tablet and the GPL Posted Jan 11, 2012 18:07 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]
if the network connection is turned off, those cron jobs don't reach anyone.
The Nook Tablet and the GPL Posted Jan 13, 2012 9:44 UTC (Fri) by dany (guest, #18902) [Link]
I agree. I have latest Kindle Touch and can confirm, that after more than about week or two without wireless turned on, Kindle is displaying no more Special Offers, but instead default screensavers with text "Please connect wirelessly to download the latest Special Offers".
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 1:00 UTC (Sat) by giraffedata (subscriber, #1954) [Link] I think you could also reap the benefits of a network-connected Kindle without fear of losing your books by just backing up your books (using the USB access where the Kindle appears as a storage device). But then maybe the Internet has a way to poison the Kindle for a certain book so even if you restored it from backup the Kindle would refuse to read it.I don't know the boundaries of "my freedom to read," but would the fact that the Kindle won't read formats such as the open epub format be an interference? I believe the only format it will read that gives you decent readability is one only Amazon can generate. So if Amazon doesn't want you to read something, you don't read it -- at least not practically.
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 1:16 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
the kindle will read many formats.
now some people don't consider any e-reader to have 'decent readability' (see the other comment about how it doesn't handle specific types of hyphination), but I routinely get multiple formats of books and put them on my kindle without involving Amazon or converting the format.
so far I've only found one place that I could get epub books where I could not get the same book in a format the the kindle could handle. And in that case it as a DRM locked down epub, hardly what I would call 'open'.
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 3:33 UTC (Sat) by giraffedata (subscriber, #1954) [Link] I recently acquired a Kindle Touch and looked up the long list of formats it can read. There are many I don't recognize, and many that are not ebook formats. I tried to read a few PDFs on the Kindle and it was technically possible, but a nightmare. I'll convert the PDF to paper next time. Are you saying you found books in other than Amazon-proprietary AZW format that were readable on Kindle? And in that case it was a DRM locked down epub, hardly what I would call 'open'. There are multiple kinds of openness. The fact that anyone can create and distribute an epub file, locked down or not, is an important and valuable kind of openness.
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 4:21 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
> Are you saying you found books in other than Amazon-proprietary AZW format that were readable on Kindle?
Yes, .azw is basically .mobi plus DRM, so .mobi and .prc books work perfectly. there are others that work.
.pdf works if the page size the .pdf was created as is close enough to the screen size (this is why I have the kindle DX it's 9.7" screen is good enough to read most .pdf files that were created with letter or A4 pages in mind)
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 1:19 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
when Amazon has removed books from the kindle in the past, people who had the books backed up could just re-load them as you speculate.
Any system where the vendor can push an OS patch to the device gives that vendor the ability to remove any content from the device, disable any feature that you are depending on, and 'poison' the device for any content in the future. People act as if Amazon (for kindle) and Google (for Android) are just itching for the chance to do this. So far I have only seem them do anything in reaction to legal action.
Apple on the other hand.....
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 13:53 UTC (Sat) by nix (subscriber, #2304) [Link]
And when Amazon tried remote deletion in the US it was such a PR disaster that after legal action they were forced to an assurance that they'd never do it again (but only in the US, to devices also purchased there). I suspect they'd do virtually anything rather than remotely wipe books from any kindle anywhere, because they know that if they do it, the PR nightmare will start again.
(It didn't help that they remotely deleted 1984, of all books! That they chose this one suggests to me that they were forced into putting remote deletion onto the books, and intentionally chose to act on the most inflammatory one possible, to ensure that they had a reason never to do it again to wave in publishers' faces in future. It's not like it's in their interest to wipe out books people are reading: it makes the Kindle a less attractive reading platform, and that's all they care about because reading platform attractiveness is pretty directly correlated with money spent buying books at Amazon.)
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 18:25 UTC (Sat) by zooko (subscriber, #2589) [Link]
It's interesting how people have different concerns about this.
To a lot of people, the issue seems to be whether the entity that has remote control of your library is likely to abuse that power. To me, that question is more or less irrelevant. I strongly hate the idea of any entity having remote control of my library of books. It doesn't matter who, or how they say they'll use that power!
If it is a generous and well-behaved entity, which has well-written PR and makes plausible promises not to abuse their remote control, then this makes me hate the situation all the more, because their power is the stealthy, well-mannered, insidious kind that is harder to take the measure of and that my friends and neighbors will tolerate.
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 18:50 UTC (Sat) by nix (subscriber, #2304) [Link]
But they don't have control of my library! I can back the thing up at any time (and have of course done so).
If you choose to have your only backup be on a remote site administered by the company which sold you the books, well, don't be surprised if said company takes advantage of you.
Kindle, book revocation, and the freedom to read Posted Jan 14, 2012 22:42 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
it is impossible to have a company store your library for you without giving them the power to delete your library (or portions of it)
If you don't like that, don't have a company store your library. Even with Kindle, Nook, etc you have the ability to maintain your own copy of the library.
The next issue is DRM, which can make it impossible to access even your own copy. The answer is to either break the DRM (pretty trivial with all common uses), or reward publishers (like Baen Books) who choose not to use DRM. It's not Amazon that is forcing the DRM on kindle books, it's some of the publishers who are demanding it. And those publishers demand it for the e-book no matter what you use to read it.
Kindle, book revocation, and the freedom to read Posted Jan 15, 2012 0:01 UTC (Sun) by giraffedata (subscriber, #1954) [Link] DRM, which can make it impossible to access even your own copy. Or worded another way which doesn't connote such evil: DRM, which makes it possible to read a book without actually owning (and buying) a copy.
Kindle, book revocation, and the freedom to read Posted Jan 15, 2012 1:09 UTC (Sun) by Trelane (subscriber, #56877) [Link]
> DRM, which makes it possible to read a book without actually owning (and buying) a copy.
I thought that was what libraries were for. :)
Kindle, book revocation, and the freedom to read Posted Jan 15, 2012 4:11 UTC (Sun) by giraffedata (subscriber, #1954) [Link] I thought that was what libraries were for. :) I'm glad you said that, because that's really the point. DRM is digital equivalent of the lending library concept - partial access to a book. In fact, one uses DRM to make a digital lending library - the library buys one full copy of the book, then distributes files to patrons, one a time, with each file becoming useless after a few weeks courtesy of DRM. I suppose if the market were such that publishers didn't offer books for sale to individuals to keep on their bookshelves, but instead sold them only to libraries, some of which charged patrons money, the same ill thoughts that go toward DRM would go toward libraries.
Kindle, book revocation, and the freedom to read Posted Jan 15, 2012 22:09 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
yes, DRM could be used that way, but that's not the common way that it's used. I don't sign up to read an e-book without purchasing it, I buy an e-book. The entire transaction is setup as a sale.
If it was only libraries that were using DRM, and the transaction was clearly structured as a temporary borrowing (with all the terms and conditions defined), with DRM used to enforce the terms. I would have no problem with DRM.
However, when a publisher charges the same or more for the e-book purchase than for the hardcover purchase, there's no justification in saying I am doing anything other than buying the book.
Kindle, book revocation, and the freedom to read Posted Jan 16, 2012 0:26 UTC (Mon) by giraffedata (subscriber, #1954) [Link] But the underlying concept that one is able to transfer less than the whole set of rights that would go with selling a traditional book is still there.
I don't sign up to read an e-book without purchasing it, I buy an e-book. The entire transaction is setup as a sale And I assume you mean to say that what it's a sale of is the equivalent of a sale of a traditional book. But I'm not sure what your point is -- I may have gotten lost in hypotheticals -- because you clearly understand that you aren't in fact doing that. You know when you buy a DRMed e-book that there are things you're not getting.
when a publisher charges the same or more for the e-book purchase than for the hardcover purchase, there's no justification in saying I am doing anything other than buying the book. The main justification is that the seller doesn't intend to sell you "the book." In our free market system, that's a whole lot of justification. We generally accept that market prices are too complex to make them the indicator of what's being sold. In fact, I have little trouble accepting that a restricted ebook is worth the same to someone as a full-rights hardcover.
Kindle, book revocation, and the freedom to read Posted Jan 16, 2012 1:30 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]
you are buying in to the theory that I'm not buying a book, only buying limited rights to read the book. I see it differently.
Kindle, book revocation, and the freedom to read Posted Jan 16, 2012 3:46 UTC (Mon) by giraffedata (subscriber, #1954) [Link] I don't think it's a matter of theory, just definition. I think we have a semantic breakdown and we're talking past each other. I don't think we mean the same thing by "buy."
Kindle, book revocation, and the freedom to read Posted Jan 19, 2012 15:31 UTC (Thu) by proski (subscriber, #104) [Link] Your favorite Linux distro can also release a package update that would delete all files starting with "1984". It would be a breach of trust, it would be a PR disaster, but it can be done. Yet I have no problems running "yum -y upgrade" on my systems.
Kindle, book revocation, and the freedom to read Posted Jan 19, 2012 16:53 UTC (Thu) by zooko (subscriber, #2589) [Link]
If the ereader manufacturer had no way to push updates to me -- I had to opt in by pulling updates from them -- and if I and others could inspect, modify, and/or redistribute the source code of the updates, then I would be fine with that.
Kindle, book revocation, and the freedom to read Posted Jan 26, 2012 18:06 UTC (Thu) by nix (subscriber, #2304) [Link]
One could say that the same is true of the Kindle. The only thing the wireless/3G interface is useful for is a link to Amazon -- you can't use it to access anything else -- and it sucks power so a prominent option is provided to turn it off. Don't want Amazon talking to your device? Don't turn the wireless/3G interface on. Your battery will last longer too.
You lose a bit of convenience -- buying books is a bit less convenient, and rather than periodicals appearing spontaneously on your device you have to plug it in and click once in Calibre. But that's not the end of the world, really. (You can also back the whole thing up in Calibre and be immune to Amazon-triggered deletions that way.)
The Nook Tablet and the GPL Posted Jan 11, 2012 10:40 UTC (Wed) by njwhite (subscriber, #51848) [Link]
Openinkpot is also a good, safe choice, providing you don't care about having the very newest shiniest toy.
Openinkpot Posted Jan 11, 2012 13:22 UTC (Wed) by corbet (editor, #1) [Link] Is Openinkpot still alive? There doesn't seem to have been any real activity there for some time...
Openinkpot Posted Jan 11, 2012 13:31 UTC (Wed) by njwhite (subscriber, #51848) [Link]
I think Openinkpot is somewhat alive, though not thriving. Developers can be seen on the mobileread forums, and the git repositories show some movement. Not a lot though, admittedly.
The Nook Tablet and the GPL Posted Jan 19, 2012 23:01 UTC (Thu) by aclucas (subscriber, #1615) [Link]
I have a 1st generation Sony Reader, which I administer with calibre. I convert everything I want to read with calibre, and it's all transferable to future calibre supported devices including a PC as last resort. Calibre is available for all popular OSes, and using Dropbox or one of the many alternative you can administer using a shared database from any of your computers.
The Nook Tablet and the GPL Posted Jan 10, 2012 22:28 UTC (Tue) by atai (subscriber, #10977) [Link]
In any cas, XDA developers have broken the protection scheme and are well on the way towards the installation of custom kernels on the Nook Tablet...
The Nook Tablet and the GPL Posted Jan 10, 2012 22:32 UTC (Tue) by raven667 (subscriber, #5198) [Link]
I don't think asking to provide the signing keys is a reasonable thing to ask because it defeats the whole purpose of signing. What should be done instead is provide a hardware switch that can turn the signing requirement off or allow the key database to be updated so that the owner can take over control their own device if they wish.
The Nook Tablet and the GPL Posted Jan 10, 2012 23:05 UTC (Tue) by nybble41 (subscriber, #55106) [Link]
That would be the normal solution, yes. If you don't need a specific key to install custom builds then there is clearly no obligation for them to provide you with their private key; you can simply use your own, or skip the signature check entirely.
However, the argument can be made that one is obligated to provide all the tools necessary to install custom builds of your GPL-derived software on the device it was written for under the build scripts clause (or more explicitly under the GPLv3). From that argument it naturally follows that if you distribute GPL-derived binaries designed to run on hardware which only accepts software signed with a specific key, the recipients of those binaries have a reasonable expectation under the GPL that you will provide not only the source code but also the means to use it on the original target device, even if that does defeat the purpose of signing the software in the first place.
The Nook Tablet and the GPL Posted Jan 10, 2012 23:19 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]
the thing is that the Tivo has been around for a long time (booting only from a signed kernel)
many kernel developers consider this an acceptable use of the kernel under the GPL, (although they would like to have the systems able to be changed)
so any claims that this is a requirement of the GPLv2 will not only run up against this, but against the legal opinions of the GPLv3 people who claim that the reason that GPLv3 is needed is to close this 'hole' allowed by GPLv2
The Nook Tablet and the GPL Posted Jan 14, 2012 1:19 UTC (Sat) by giraffedata (subscriber, #1954) [Link] many kernel developers consider this an acceptable use of the kernel under the GPL As long as one kernel developer claims copyright violation, it doesn't matter how many others don't. The legal opinions of those developers and of the GPLv3 people who claim this is a hole in GPLv2 also would be barely relevant to a judge trying to decide what license that developer intended to give and B&N intended to receive. I can see the long history of tivoization being important for something released for the first time recently, where the licensor's decision not to use GPLv3 could be evidence that he didn't intend distributing the signing key to be a condition. But since there is a very good alternate reason that the kernel is not licensed under GPLv2 (it's impractical due to its history), even that reasoning wouldn't apply to the kernel.
The Nook Tablet and the GPL Posted Jan 14, 2012 1:41 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
for that matter, each copyright holder could sue individually, so it's impossible to ever be sure that you have settled a lawsuit
and you don't even have to have a valid case to sue anyway (see SCO as a prime example)
However it's also arguable that the fact that you contributed since it became clear that Linus was Ok with tivoization to be tacit agreement with that position (or at least acceptance of it)
The Nook Tablet and the GPL Posted Jan 14, 2012 4:10 UTC (Sat) by giraffedata (subscriber, #1954) [Link] And that's why I don't talk about lawsuits. I'm more interested in the liability. People talk like lawsuits create the liability, but they're really quite separate. Like in the statement, "You should fix your sidewalk. Someone could trip and sue you." The right sentence is, "You should fix your sidewalk. Someone could trip and you'd be financially responsible for his injuries." A lawsuit doesn't enter into it unless you refuse to own up to that responsibility. The fact that multiple copyright holders could make a claim of copyright infringement liability due to tivoization isn't that interesting, because the answer to the question of infringement would be the same for all of them. The only number of claimants that is special is zero, because then the question is moot.
However it's also arguable that the fact that you contributed since it became clear that Linus was Ok with tivoization to be tacit agreement with that position (or at least acceptance of it).A valiant argument, but I don't think one would get any traction with it. The developer claiming infringement would argue, "I knew Linus was OK with tivoization, so I made sure I retained copyright and licensed my contribution under GPLv2, which I knew makes distributing my code conditioned upon distributing the signing keys too." Equally plausible, which means the court would have to go back to the bare text.
The Nook Tablet and the GPL Posted Jan 14, 2012 4:23 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
I wish that the people who think that tivioization was a violation of the GPLv2 would actually sue someone rather than helping microsoft by spreading FUD that using linux is dangerous because different people think the license means different things and so there is no way to be sure that you are in compliance with it.
The law is squishy Posted Jan 14, 2012 12:18 UTC (Sat) by khim (subscriber, #9252) [Link] I'm more interested in the liability. People talk like lawsuits create the liability, but they're really quite separate. No, they are not. They are separate for humans because humans have souls and morals, but they are identical for the corporations because without potential lawsuit there are no potential monetary loss. If the probability of successful lawsuit is very low then liability is diminutive even if potential payments can be quite high. A lawsuit doesn't enter into it unless you refuse to own up to that responsibility. Well, sure. If the probability of successful lawsuit is high enough and estimated damages are large enough then you can pay without lawsuit - but this is just a shortcut. The fact that multiple copyright holders could make a claim of copyright infringement liability due to tivoization isn't that interesting, because the answer to the question of infringement would be the same for all of them. Absolutely not! This affects probability of successful lawsuit and as such affects liability severely! The only number of claimants that is special is zero, because then the question is moot. You are forgetting that law is squishy. Law is not math¹! If you have sequence of ten true statements in math - they you have a proof. If you have sequence of ten true (=~75% probable) statements in law - you have theory which will be laughed out of court because it has only 5.6% chance of being true. You can try to fix you theory by strengthening each step (that's why attorneys usually cite not just one precedent but dozens of them) but that's hard. The developer claiming infringement would argue, "I knew Linus was OK with tivoization, so I made sure I retained copyright and licensed my contribution under GPLv2, which I knew makes distributing my code conditioned upon distributing the signing keys too." Bwa-ha-ha. Ok. Equally plausible, which means the court would have to go back to the bare text. Never. "Bare text" is just start of the journey. Then you need to interpret it. Good starting point is the fact that FSF widely advertised GPLv3 as solution which closed Tivoization loophole. Another point will be well-publicised Linus interpretation. Mediocre attorney will find hundreds of examples and will throw the lawsuit from the court (you will be forced to explain why you've contributed your code without additional paragraph which explained that your interpretation differs from typical interpretation if you knew that Linus is Ok with tivoization). Good attorney will find your own words which will damn you and counter-sue - with good chance of success. ¹) This is not 100% true. Law is squishy - this is the most important part of it. But that just means that it uses probabilistic logic and that means that literal interpretation of documents is used only rarely (when you have no facts to assign sensible probabilities). This is why precedents and assorted collection of publicly spoken phrases are important: they can affect probabilities and thus change the outcome. And this is where attorney–client privilege comes from - it makes the whole scheme practically usable: attorney can talk with client without fear of altering the probabilities.
The law is squishy Posted Jan 14, 2012 23:47 UTC (Sat) by giraffedata (subscriber, #1954) [Link] They're still different. You can be sued and not be liable, and be liable and not be sued. You can have a high probability of being sued and low probability of being liable, and vice versa. They're different issues, suitable for entirely different discussions. When society decides what costs should fall on a corporation, it does it in different rooms from when it decides what enforcement procedures should be available make such costs land there.I'm more interested in the liability. People talk like lawsuits create the liability, but they're really quite separate.No, they are not. They are separate for humans because humans have souls and morals, but they are identical for the corporations because without potential lawsuit there are no potential monetary loss. My point, in addition to the fact that they're separate things, was that I find the liability discussion more interesting.
The law is squishy Posted Jan 15, 2012 0:03 UTC (Sun) by khim (subscriber, #9252) [Link] When society decides what costs should fall on a corporation, it does it in different rooms from when it decides what enforcement procedures should be available make such costs land there. If society decides that company should be liable then it should write penalties (enforced by court) in law. If law forbids something yet does not say what penalty is there for violation then for all intents and purposes such law is pure PR - companies will ignore them and will be right. Top managers understand that principle very, very, VERY well. Joe Sixpack Average may not understand that, but then LWN readers are not Joe Averages, I've kind of expected better from them. My point, in addition to the fact that they're separate things, was that I find the liability discussion more interesting. I find them boring. Imaginary liabilities belong to PR realm and there are a lot of other, more interesting things to discuss. They don't materially affect companies and as such are ignored 99% of time. 1% which is not ignored happens when they can be used to improve public image of the company - but it's hard to predict when particular company will need such boost thus it's hard to predict when imaginary liabilities will come in play.
The law is squishy Posted Jan 15, 2012 1:04 UTC (Sun) by giraffedata (subscriber, #1954) [Link] If society decides that company should be liable then it should write penalties (enforced by court) in law. I think you're mixing multiple legal concepts. Liabilities and penalties don't usually go together. A penalty, based on the latin word for "pain", is a punishment - something designed to make someone hurt - and is imposed as an example to stop people from doing things that are wrong. Liability is just owning someone something. There's nothing wrong with owning someone something; when a court finds liability, it doesn't assess penalties; it just orders that the person owing pay the person owed. The enforcement procedures I was talking about, in connection with legal liabilities, is making courts available so if someone, due to difference of opinion or simple selfishness declines to pay what he owes, the creditor can force the transfer of wealth. I pointed out that the laws that set up the court system are generally orthogonal to the laws that define who owes whom.
I think we agree more then differ... Posted Jan 15, 2012 12:10 UTC (Sun) by khim (subscriber, #9252) [Link] I think you're mixing multiple legal concepts. Yes. Quite consciously, in fact. There's nothing wrong with owning someone something; when a court finds liability, it doesn't assess penalties; it just orders that the person owing pay the person owed. Right. But even in this case lawers fees will not be returned - and this will be your punishment in such a case. If probability of lawsuit is high enough then it works very well - for example if you borrowed money from bank and then decided that there are no need to return the loan then court case is essentially inevitable. Even so these liabilities are usually bolstered by fines and penalties - otherwise it may become easier to postpone payments till the actual squabble in court. I pointed out that the laws that set up the court system are generally orthogonal to the laws that define who owes whom. The laws which define who own whom either specify penalties (and then we are back to [potential] court case) or they are just PR (which can be used to placate general public but which are pointless otherwise). Your liability will still be determined by court, but only in handful of cases and penalty will be quite small (lawer's money will be your penalty as noted above) thus it's usually prudent to ignore such liabilities completely: not everyone will go to court thus it's obvious way to save money.
penalty vs liability Posted Jan 15, 2012 19:19 UTC (Sun) by giraffedata (subscriber, #1954) [Link] We may very well agree more than differ; that may be because you're using the wrong words for things. Two people can't expect reach a meeting of the minds if they aren't using the same language.
But even in this case lawyers fees will not be returned - and this will be your punishment in such a case. That's not a punishment - not the way the word is commonly understood. It's no more a punishment than your upholstery getting wet when it rains is punishment for being negligent and leaving your windows down. It's just an unfortunate loss. A punishment is something whose purpose is to hurt. The purpose of the lawsuit is to get a debt paid, not to hurt the person who owed the debt. Legislators (and courts) do not make laws allocating liability in the hopes that they will generate high legal costs and thereby mold people's behavior. I agree behavior is governed by enforcement realities as much as by the liabilities being enforced, but they still ought to be discussed separately. I mentioned that "you should fix your sidewalk or you could be sued" demonstrates a misbelief that the lawsuit creates the liability. Even in the case of the soulless corporation, that would be a misstatement; it would be like saying to the CEO, "we should not rent this building; we would be sued for $10,000 a month (the rent)." Yeah, maybe the only reason for a corporation to pay its rent is the threat of lawsuit, but we still recognize the difference between the liability and the suit.
The Nook Tablet and the GPL Posted Jan 19, 2012 0:28 UTC (Thu) by cmccabe (guest, #60281) [Link]
The legal opinions of the people who designed the license, the biggest users of the license, and the way the license has been interpreted in the past absolutely do carry weight. I realize you think you're doing something positive by trying to create uncertainty about this issue, but you're really not.
The Nook Tablet and the GPL Posted Jan 20, 2012 16:18 UTC (Fri) by giraffedata (subscriber, #1954) [Link] The legal opinions of the people who designed the license, the biggest users of the license, and the way the license has been interpreted in the past absolutely do carry weight. Well, we agree on that, but I suspect we disagree on how much weight.
I realize you think you're doing something positive by trying to create uncertainty about this issue, but you're really not. We definitely disagree on that. Creating uncertainty in someone's mind about something that nearly everyone believes is uncertain (whether GPLv2, as enforced by courts, allows someone to copy a work in a tivoized product), is positive. Honesty is good.
The Nook Tablet and the GPL Posted Jan 11, 2012 11:15 UTC (Wed) by njwhite (subscriber, #51848) [Link]
> So one could easily argue that B&N should stop locking down its readers, not because of licensing problems, but because it makes more commercial sense not to.
Yes, it probably does make commercial sense. But I think it's important not to stop arguing that it also is the right thing to do ethically; even if it was in B&N's commercial interest to lock down their hardware, they should not do it.
Legality of terms of service Posted Jan 11, 2012 15:15 UTC (Wed) by southey (subscriber, #9466) [Link] First, Barnes and Noble provides complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. Thus the tablet appears to boot until it realizes that it lacks that magically signature. So the GPL v2 requirements are addressed, just that you have to use a different bootloader (apparently the same sort of issue with UEFI).Due to the apparent legality of EULAs, the terms of service of using your device probably overrides certain other requirements like providing the necessary information to boot into an Barnes and Noble functional tablet. So those terms may override your right to possess that signature as well as any licensing terms (regardless of GPL version) owned by Barnes and Noble (presumably the signature-related stuff).
Legality of terms of service Posted Jan 12, 2012 3:49 UTC (Thu) by Baylink (subscriber, #755) [Link]
So, are the terms of *purchase of the object* (which are generally those of the Uniform Commercial Code) strict enough to protect B&N from being charged with commercial fraud for selling an object that -- once I'm done modifying it the way I want, as is my right under First Sale -- no longer works *and they knew this in advance*?
Legality of terms of service Posted Jan 12, 2012 15:07 UTC (Thu) by southey (subscriber, #9466) [Link] Not a lawyer, but you cannot sell your hardware with software that you don't have a right to sell or distribute. That is essentially what I understood from Groklaw's coverage (apologies for any of my errors) of what Psystar wanted to do with Apple software. Also see Vernor v. AutoDesk that software is not protected by first sale.So if once I'm done modifying it the way I want means removal of software that you have no right to sell or distribute then there is no problem by you or them. If not, then I would think that they have a case against you if they wanted to.
Legality of terms of service Posted Jan 12, 2012 20:01 UTC (Thu) by Baylink (subscriber, #755) [Link]
I wasn't clear; I'm sorry.
If B&N knows that if you modify the device -- in a way they are required to permit, by license -- that it will then be non-functional... *does B&N give enough formal notice of that to buyers, and does that notice protect them from being charged with fraud* under the Magnusson Moss act, or the UCC, or what have you? Because they are, effectively, selling that category of buyers a brick. And they know this in advance.
That was my question; sorry for burying the lede.
Legality of terms of service Posted Jan 15, 2012 23:02 UTC (Sun) by steffen780 (guest, #68142) [Link]
This varies by jurisdiction. AIUI the reason we have "System Builder" rather than "OEM" licenses in Germany is that some court decided that you can in fact sell software licenses you own. Typical how they try to claim "software==physical object" when someone copies it, but when someone sells it then suddenly they expect special treatment..
Legality of terms of service Posted Jan 19, 2012 12:07 UTC (Thu) by liron (guest, #8069) [Link]
Note that extra requirements via EULA, licenses or other contracts, are not alowed in the GPL v2:
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."
The Nook Tablet and the GPL Posted Jan 11, 2012 22:25 UTC (Wed) by Baylink (subscriber, #755) [Link]
> Many developers have, over the years, claimed that a signing key qualifies as one of the "scripts" referred to in §3 of the GPL. Even if the license does not explicitly say that it must be possible to build and install an executable that the hardware will actually deign to boot, that requirement is arguably within the intent of the license.
> Version 3 of the GPL added language to make this expectation explicit; in most cases, it is not possible to use GPLv3-licensed code in a device if that code cannot be updated by the user.
Alas, under the legal maxim of exceptio probat regulum (the exception proves the rule), *exactly because they felt the need to put this into GPLv3 explicitly*, they would likely lose a GPLv2 based case -- if we needed to say it in v3, then that implies that v2 *specifically did not* require it.
Oops.
Has Eben Moglen addressed this specific point anywhere, does anyone know?
exceptio probat regulum Posted Jan 11, 2012 22:32 UTC (Wed) by corbet (editor, #1) [Link] I'm not quite sure I'd take it that far. It's not uncommon to seek to clarify language to ensure it matches the intent that has been there all along; one could easily argue that GPLv3 was doing that, I think.Or one could argue that the real reason for the additional language in GPLv3 was to add the exceptions for ROM-stored code and devices that are not "User Products". One certainly cannot find that weirdness in GPLv2...
The Nook Tablet and the GPL Posted Jan 12, 2012 5:46 UTC (Thu) by rusty (✭ supporter ✭, #26) [Link]
I just want to note that *this* kernel developer thinks the intent of the GPLv2 language was clear, and it was never you-can-look-but-only-I-can-touch.
As to Linus' statement on overreach, I also disagree. People have attempted to override the GPL's "no further restrictions" clause via support agreements, employment agreements, NDAs, patent licensing, and witchcraft (ok, maybe not). A technological attempt to violate the license should fare no better.
The Nook Tablet and the GPL Posted Jan 12, 2012 5:54 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
Rusty, I know that some kernel developers feel as you do, but several others (notibly including Linus) have gone on record pretty vocally with the opinion that there is nothing against the license with this.
that would make suing over this a fairly dicy proposition. and in any case, I think you would be far more justified in going after vendors that not only lock down the bootloaders, but also don't provide the source (and there are many handset and tablet vendors doing this right now)
In any case, as with the original tivo (which I've now had, and hacked for over a decade now), the bootloader is going to be defeated at some point anyway.
The Nook Tablet and the GPL Posted Jan 12, 2012 16:07 UTC (Thu) by ortalo (subscriber, #4654) [Link]
From a different point of view: how are we going to power open source (our) efforts for a truly secure computing environment (including secure boot, etc.) if we need to rely on things like bootloaders cracking just in order to use open source (our) software on new devices?
More and more, it seems we happen to rely on these vulnerabilities we are usually chasing down to simply continue programming with nice devices. That's not very wise.
In my humble opinion, we should take an active stance for these devices to come with a procedure for fully resetting them, especially with respect to cryptographic keys. (Think of TPM versus smart cards for example.)
The Nook Tablet and the GPL Posted Feb 29, 2012 19:17 UTC (Wed) by JanC_ (guest, #34940) [Link]
Alternatively, devices could be sold in in two versions: pre-configured (with a secured Android, WebOS, Windows, etc. from the manufacturer) and unconfigured (you would then be able to lock these devices down yourself, if you prefer to).
There could even be a consumer law saying that either an unlocked version should always be available for the same price, or there should be a way to get it unlocked at the shop where you bought it...
The Nook Tablet and the GPL Posted Feb 29, 2012 20:25 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]
> There could even be a consumer law saying that either an unlocked version should always be available for the same price
I would predict that such a law would have no practical effect.
As an example, there was a law passed saying that you cannot charge a different price for a cell phone depending on if the customer signs up for service or not.
the result was that instead of charging a higher price, you get a 'rebate' if you sign up for service when you buy the phone.
no practical difference, but the letter of the law is being complied with.
|
|||||||||||||