User: Password:
|
|
Subscribe / Log in / New account

FOSDEM'10: Maemo 6 platform security

FOSDEM'10: Maemo 6 platform security

Posted Feb 11, 2010 18:51 UTC (Thu) by brinkmd (guest, #45122)
Parent article: FOSDEM'10: Maemo 6 platform security

I was very disappointed in the talk, which promised to make "DRM business and freedom lovers happy with the same device". Nothing like that happened.

First, Nokia is right that on an embedded device, a security model is required that separates processes, and the Aegis framework seems to do the job. That part of the architecture was interesting and seemed reasonably well designed given the practical constraints.

However, the DRM architecture is just a projection of the TPM security model on Maemo. What made the presentation particular troubling is that no consideration at all was given to the criticism of TPM, which naturally applies to Maemo without modification. In fact, Nokia made two disingenious claims:

1. Nokia claims that users are "free to choose" between free devices + software, DRM encumbered devices + software and sim-locked devices. But these options are not equal: certain services will require the DRM software stack, and operators will sell sim-locked devices at a price point with which the free devices can not compete in the mass market. Elena said that (paraphrased) "it's up to the operator to decide if the device is sim-locked or not, and up to the user to buy it or not, there is nothing Nokia can do about it." which is blatantly wrong, as it is Nokia who provides operators with the opportunity to sim-lock the device and content providers to require a DRM software stack in the first place.

2. Nokia claims that they are interested in the opinion of the community, but not a single word was said about Nokia's response to the TPM criticism of the last decade, which culminated in the compromises that are documented in the GPLv3. We had conferences all over the world. Nokia was present at these conferences. Now they try to repeat the process as if nothing happened. The Maemo security framework that was presented is incompatible with the GPLv3. Nokia is not listening.

The danger from this is that there will be two separate free software stacks down the road, a stack that is compatible with DRM, and a stack that is incompatible with the DRM. This may very well be the biggest fork in the history of free software, and Nokia wants to make sure people stay on their side of the fence. Instead of harmony, there might be a deep division. The loser here is Elena: She either is ignorant of this or deceived her audience.


(Log in to post comments)

FOSDEM'10: Maemo 6 platform security

Posted Feb 11, 2010 20:29 UTC (Thu) by mlankhorst (subscriber, #52260) [Link]

And I was thinking of buying a device based on maemo. I'll pass now. Like the parent poster said, most devices will be sold with simlock and a plan. 2 year plan with maemo phone is still cheaper than buying the phone separately. Maemo was nice from what I read, but I really don't want a smartphone if it doesn't allow me to run my own kernel if I decide to do so.

Is there any phone I can buy with a plan that's still open and actually works and of which the next or current version isn't going to restrict what I can do when I buy it with a plan?

FOSDEM'10: Maemo 6 platform security

Posted Feb 12, 2010 11:08 UTC (Fri) by brinkmd (guest, #45122) [Link]

Boycotting Maemo may not be your best option. A boycot only makes sense if there is strong internal force to push in the direction of the boycotters: The boycott strenghtens this internal force by weakening the alternatives. I don't know what Nokia employees and close associates think about this, so one would have to figure that out first. The Maemo is still the free-est phone device on the mass market.

The Neo Freerunner with OpenMoko is still available, and if your needs are extremely modest, it may be a viable alternative for you. In that case, congratulations, you will have the free-est phone on the market. There may be other niche devices that I don't know about.

You could develop the next killer application for the phone and release it under GPLv3. Then when people go to Nokia and ask why it is not available on the device by default they will be embarrassed.

FOSDEM'10: Maemo 6 platform security

Posted Feb 12, 2010 12:31 UTC (Fri) by buchanmilne (guest, #42315) [Link]

"it's up to the operator to decide if the device is sim- locked or not, and up to the user to buy it or not, there is nothing Nokia can do about it." which is blatantly wrong, as it is Nokia who provides operators with the opportunity to sim-lock the device and content providers to require a DRM software stack in the first place.

If you believe it is blatantly wrong to allow SIM card locking, then you need to get your country's communications regulations changed to prohibit it.

For example, in South Africa, SIM locking is not allowed. I haven't found it explicitly in the regulations, but the handset subsidy regulations specifies conditions that can not be met (by competing operators) if hand sets are locked.

The regulator has the power (in the mobile operator licenses) to force the operators to do what is in the best interest of their "shareholders" (you), whereas Nokia only has the power to offer a product to the operators . If Nokia did not offer the feature, then in countries where SIM locking is the norm Nokia would sell fewer phones via operator channels, and more users would be locked into proprietary platforms and into networks.

FOSDEM'10: Maemo 6 platform security

Posted Feb 12, 2010 14:17 UTC (Fri) by brinkmd (guest, #45122) [Link]

If the users have a choice to refuse to buy SIM-locked devices, then Nokia has a choice to build such devices or not. In particular, Nokia then has further a choice to spend their dollars on better free software applications, or on DRM infrastructure that allows the proprietary market to enter the platform (they are trying to do both now).

Saying that adding DRM to the platform is necessary to get better games for example is actually quite an insult. Are the available games for GNU/Linux not good enough to attract a large number of people? If games are so important, why does Nokia not spend the millions it costs to develop DRM technology on developing awesome free software games?

Apple found a viable business model with the iphone, and Google (with Android) and Nokia (with Maemo) are now trying to imitate it. That's understandable. I am not sure if that's the only viable strategy for a phone company these days, but let's assume it is necessary. Then Nokia could still communicate these actions in a way that respects what the community decide with regards to DRM in the last decade, and answer the concerns about a deep fork in the code base with regards to the GPLv3.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds