decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Second Discussion Draft of GPLv3 Released
Thursday, July 27 2006 @ 02:00 PM EDT

The Second Discussion Draft of GPLv3 has now been released. You can go to read it here. There is also a revised LGPL. Also you will find explanations of the changes and an audio of Eben Moglen explaining the changes on this page. And here's the press release.

There was some confusion about the DRM clause, and they have addressed the confusion:

The new draft clarifies that the license only directly restricts DRM in the special case in which it is used to prevent people from sharing or modifying GPLv3-covered software. The clarified DRM section preserves the spirit of the original GPL, which forbids adding additional unfree restrictions to free software. GPLv3 does not prohibit the implementation of DRM features, but prevents them from being imposed on users in a way that they cannot remove.

That is what it always meant to say, but some misunderstood, so the wording has now been made clearer.

Here's the heart of the information from the press release:

**************************************

Second Discussion Draft of Revised GNU General Public License Released

Six-Month International Review Process Leads to Revisions and Clarifications

BOSTON and NEW YORK, July 27, 2006 -- The Free Software Foundation (FSF) and the Software Freedom Law Center (SFLC) today have released the second discussion draft of the GNU General Public License (GPL) version 3 (GPLv3). This new draft marks the middle of a year-long public review process designed to evaluate proposed changes and to finalize a new version of the GPL.

The GNU GPL is the most widely used free software license worldwide: almost three quarters of all free software programs (also known as "Free/Libre and Open Source Software", or FLOSS) are distributed under this license. Since the GPL's last revision more than 15 years ago, free software development, distribution, and use have changed tremendously.

Since the release of the initial GPLv3 discussion draft in January, members of the free software community have submitted nearly one thousand suggestions for improvement. Many have continued the discussion at international GPLv3 conferences held in the United States, Brazil, and Spain. With the help of discussion committees, the Free Software Foundation and the Software Freedom Law Center have considered all the issues raised by public comments. The new draft of GPLv3 contains extensive revisions in light of these comments.

"We have considered each suggestion with care," said Eben Moglen, founder and Chairman of the Software Freedom Law Center, which represents various free software projects and is assisting FSF in revising the new license. "By listening to people from around the world, we are working toward a license that acts consistently in many different legal systems and in a variety of situations."

"The primary purpose of the GNU GPL is to preserve users' freedom to use, share, and modify free software," said Richard Stallman, founder of FSF and original author of the GPL. "We depend on public review to make the GPL do this job reliably."

About the Revisions

The new draft clarifies that the license only directly restricts DRM in the special case in which it is used to prevent people from sharing or modifying GPLv3-covered software. The clarified DRM section preserves the spirit of the original GPL, which forbids adding additional unfree restrictions to free software. GPLv3 does not prohibit the implementation of DRM features, but prevents them from being imposed on users in a way that they cannot remove.

Other significant revisions in the new draft include a reworked license compatibility section, and provisions that specifically allow GPL-covered programs to be distributed on certain file sharing networks such as BitTorrent.

Additionally, this release includes the first draft of the GNU Lesser General Public License (LGPL) version 3. The LGPL license covers many free software system libraries, including some published by the Free Software Foundation.

The text of the new GPL and LGPL drafts can be found on the web at http://gplv3.fsf.org/gpl3-dd2-guide.html. The site also includes audio commentary from Eben Moglen; a rationale document which describes the changes to the new draft; and further information about the GPLv3 revision process. As with the first draft, community members are encouraged to submit comments online at gplv3.fsf.org.

Throughout the remainder of the process, there will continue to be international GPLv3 discussion conferences, including one next month in Bangalore, India. A third discussion draft of GPLv3 is expected to be released this fall, and the final version will be released between January and March of 2007.

"Last November, we published a document which outlined the process for drafting the new GPL," said Eben Moglen, chair of SFLC. "As of now, we are still on schedule for a final release in early 2007."


  


Second Discussion Draft of GPLv3 Released | 927 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections here please
Authored by: WhiteFang on Thursday, July 27 2006 @ 02:12 PM EDT
Corrections here please

---
DRM - Degrading, Repulsive, Meanspirited
'Nuff Said

[ Reply to This | # ]

OT here please
Authored by: WhiteFang on Thursday, July 27 2006 @ 02:14 PM EDT
Clickies if you got 'em.

---
DRM - Degrading, Repulsive, Meanspirited
'Nuff Said

[ Reply to This | # ]

Additional unfree restrictions?
Authored by: Anonymous on Thursday, July 27 2006 @ 02:15 PM EDT
"The clarified DRM section preserves the spirit of the original GPL, which
forbids adding additional unfree restrictions to free software."

What are those unfree restrictions of the original GPL to which I can not add
aditional ones?

[ Reply to This | # ]

DRM "Misunderstood"
Authored by: Anonymous on Thursday, July 27 2006 @ 03:16 PM EDT
I don't think Linus misunderstood the DRM clause. He disagreed with it,
because his way of looking at the problem has changed since he was a student.

After working at Transmeta, Linus can understand *why* a company would try to
limit people from messing with software on an embedded device. As a technical
programmer, he still releases software open source and uses open source, and
demands that he not be treated as an 'IDIOT' (
http://lists.osdl.org/pipermail/desktop_architects/2005-December/000390.html ).
But he can understand why TiVo does what it does. And he disagreed with the
clause.

[ Reply to This | # ]

How else is DRM used?
Authored by: rocky on Thursday, July 27 2006 @ 03:48 PM EDT
I just don't understand the original fuss, or the reason for the clarification.
Why else does anyone use DRM? I thought they're always trying to keep their
code secrent and prevent the distribution or disclosure of it. If people want
to do that, they just don't have any right to use GPL'ed code. It's that
simple.

Apparently there's some kind of distinction between multiple uses of DRM that
I'm just not aware of. Can someone explain the types of DRM uses they're trying
to separate, and why one of them might be "OK" with respect to GPL'ed
code? I'm rather skeptical that anyone will be able to bring up a convincing
one.

[ Reply to This | # ]

Sharks with Lasers
Authored by: Quila on Thursday, July 27 2006 @ 03:55 PM EDT
Does this mean that Linus' sharks with lasers will be free to wreak havoc?

[ Reply to This | # ]

  • Not only that - Authored by: Anonymous on Friday, July 28 2006 @ 06:09 PM EDT
Opinion documents?
Authored by: Anonymous on Thursday, July 27 2006 @ 05:31 PM EDT
The rationale refers repeatedly to opinion documents ("Opinion on
Denationalization of Terminology", "Opinion on Covenant Not to Assert
Patent Claims", "Opinion on BitTorrent Propagation", and so on),
but I can't find them anywhere. Anybody got a link?

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: Anonymous on Thursday, July 27 2006 @ 05:31 PM EDT
From the preamble: "States should not allow patents to restrict development
and use of software on general-purpose computers [...]"

I am sceptical to the inclusion of the above or any other political statement to
the extent that there is room for confusion as to wether it is the view of the
licenser rather than the FSF. There are people who are sympathetic to both the
GPL and software patents.

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: Anonymous on Thursday, July 27 2006 @ 05:57 PM EDT
We're getting a cross-over.
  • In one corner we have "Commercial Entertainment" ... where you buy a cinema ticket, and that gives you the right to exactly one seat at one performance
  • In the other corner we have "Professional Services" ... where I need to be able to revise my documents forever, be certain that there is nothing hidden in them, hand them on withot encumbering the recipient in any way, and I need to be able to fix my tools.

Commercial Entertainment needs games consoles and DRM

Professional Services needs Free Software and ISO Standards

Both seem like legitimate businesses. Neither of them needs Microsoft Windows and Microsoft Word.

Could be fireworks ahead ...

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: Anonymous on Thursday, July 27 2006 @ 07:28 PM EDT
What Linus is saying relates to the issue of who has the rights that the GPL
refers to. Linus views the issue purely from the point of view of reciprocity
among software authors. As long as those who write the code make their code
available to others who write code, he sees no problem. In particular users of
software have no rights in his world view.

At least he is consistent. In a typical linux system users have very constrained
and limited rights and indeed linux permits the typical user a lot less freedom
than is available even under windows. In a commercial environnment the
administrators of a linux based network typically lock everything up tighter
than ... (ahem) ... a very tight thing.

Should every user on a linux system be given root so that they have the ability
to modify their operating system? Apparently not. How is this different? Yes - I
understand that a TIVO user owns their TIVO, whereas an ordinary user on a
company linux machine typically does not. Yet the GPL does not make such a
distinction - nowhere in its language do I see anything about owners of machines
being granted a different set of rights to software.

[ Reply to This | # ]

diffs against draft 1 and v2
Authored by: ciaran on Thursday, July 27 2006 @ 10:20 PM EDT

Two docs people might find useful:

[ Reply to This | # ]

LGPL compatibility?
Authored by: Anonymous on Friday, July 28 2006 @ 08:47 AM EDT
Anyone has analysed whether the GPLv3 is compatible with LGPLv2.1 and whether
GPLv2 is compatible with LGPLv3? It would seem to be a rather important point.
It could be (very) ugly if there's no compatibility and some you end up with
some libraries under LGPLv3 and others under LGPLv2.1.

[ Reply to This | # ]

Anonymous
Authored by: Anonymous on Friday, July 28 2006 @ 10:42 AM EDT
>>>
DRM "Misunderstood" Authored by: Anonymous on Thursday, July 27 2006 @
08:18 PM EDT
I tried to explain my .....

Does that explain my stance?
Linus
[ Reply to This | # ]
<<<

This posting and Linus follow up should finally put an end to a very silly
debate an to certain deletion policies at Groklaw in that one never knows who
Anonymous really is unless they tell you later in the posting.

[ Reply to This | # ]

What about a section 7 exemption?
Authored by: TerryH on Friday, July 28 2006 @ 11:29 AM EDT
If the principle objection that Torvalds has to Stallman's DRM clause in the
GPLv3 is that he sees it as an unnecesary restriction, would it be possible to
grant use with DRM hardware as a section 7 exemption, in the same way that the
new LGPL is constructed to allow linking to proprietary libraries?

I'm thinking of filing a comment suggesting this, but there may well be good
arguments against it. OTOH, it seems like a possible direction for truce, since
I don't think either side is keen to back down on the DRM issue.

You might ask "why bother", and that would make sense if the DRM
clause were the only change, but in fact, there are a lot of other changes,
too.

What would be the consequences of such a strategy in terms of linking and
license conversions? (e.g. would kernel modules have to use it or could they use
the straight GPLv3? If they did use GPLv3, would they then force that kernel
build to GPLv3?). I have to say, I still don't understand section 7 restrictions
or permissions or how they interact with copyleft!

[ Reply to This | # ]

All DRM still effectively forbidden by GPLv3
Authored by: Anonymous on Friday, July 28 2006 @ 12:18 PM EDT

Having heard the proclamations about what GPLv3 is intended really to say about DRM, I was surprised to find this in section 3 of the latest draft:

No covered work constitutes part of an effective technological "protection" measure under section 1201 of Title 17 of the United States Code. When you convey a covered work, you waive any legal power to forbid circumvention of technical measures that include use of the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing the legal rights of third parties against the work's users.

So under GPLv3, you could distribute piece of software that performed all of the functions of a DRM package, but in the United States, at least, it would not have the legal standing afforded to all other DRM software. As far as I can tell, this provision still places GPLv3 firmly against licensing of DRM software, even if Stallman and Moglen can be technically correct in claiming that the license does not forbid covered works from implementing DRM.

[ Reply to This | # ]

60 day rule
Authored by: jmart on Friday, July 28 2006 @ 01:42 PM EDT
I am glad to see the language about termination has been cleaned up. It should
now be clear that rights can be terminated immediately upon notification. The
60 day rule is a requirement that the copyright holder does the notification
within 60 days of a violation or not at all.

[ Reply to This | # ]

Read Only Computers
Authored by: TerjeBr on Friday, July 28 2006 @ 04:05 PM EDT
Definition: A Read Only Computer (ROC) is a computer that can only run preinstalled programs or only programs that are approveved by the manufacturer. This is in contrast to a General Purpose Computer (GPC) that can run any program the owner of the computer wants to run.

An example of a ROC is a computer with all its software in ROM. Another example is a computer that controls which software are allowed to run on it by cryptographic signatures and one or more keys installed in the hardware that is secret. This type of a ROC is a much more practical and flexible solution (if you want a ROC) than putting the software in ROM, and it is this type of ROC that the GPLv3draft2 forbids.

The relevant part of the GPL draft is in the 4th pragraph of section 1:

The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances.

The rationale for not allowing a GPL program to be used in a ROC is because ROCs are considered evil. So at least people using the GPL to protect the freedom of their code will not allow any ROC to have the benfit of running their GPL program on it. This is making a political statement about ROCs and not about the freedom of the program that is covered by the GPL.

I guess it is natural for programmers to see ROCs as a threat to their freedom. A programmers nightmare is if the most common computer is not a GPC as it is today, but a ROC. Then you cant modify the programs, and you are stuck with what the manufacturer gives you or approves of. The Tivo machine is an example of a ROC, so this horror scenario has been given the name tivoisation. Making the computer a ROC instead of a GPC is also a requirement for making effective DRM work on computers. It is understandable that when one fights DRM, one will also want to fight against widespread use and sale of ROCs instead of ordinary GPCs, when the only reason to sell a ROC instead of a GPC is because the manufacturer wants to also make use of DRM in their product. That is why the fight against ROCs is seen by many as one battle in the bigger fight against DRM.

But my point is that there can be many legitimate uses of ROCs in the society. A manufacturer of flight computers to be installed in planes or helicopters may want to make their computer a ROC, so the owner of the plane or helicopter can only run preinstalled or approved software from the manufacturer. This is for safety reasons, so they can give guarantees about the safety of the aircraft. Now, suppose they want to develop the software as free software, so that all flight computers in the world can benefit from quality software, may be developed by many aircraft industries and programmers. But then they cant use the GPL as the license, because it prohibits use in a ROC. And they cant use other free software that is covered by the GPL.

Another example is a manufacturer of medical equipment to be used in hospitals. To be able to guarantee for the safety and the lives of the patients the want the computer inside the equipment to be a ROC. Think how great it is if free programs are used to control that computer, so that the patients can even read the source themselves if they want to check it before agreeing to the treatment. But the GPL as it is now drafted will again be a roadblock to this, and at best cause a split in which free license is used, or at worst encourage use of non-free software instead.

There are many other examples I can think of that justifies the use and sale of ROCs instead of GPCs in many fields of endeavor. The GPL should not exclude programs from being used in those cases. Keep in mind that the freedom to run any modified program is still there, you just have to copy the program to a GPC. Any modified program can also be used by other and competing manufacturers of ROCs, if the GPL would allow it. The GPL should focus on the freedom of the program and not be constructed as a weapon against use of ROCs.

---
Terje Bråten

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: Anonymous on Friday, July 28 2006 @ 05:55 PM EDT
What about using GPLv3 software in the new Nokia phones (S60, S80, S90, etc)
that require all software run on the device be signed by one of Nokia's
verification partners?

Say I want to develop and sell a VPN product based on some OOS software? The way
I would do it would be

a) get the source code
b) (port it to the phone platform if required)
c) make my modifications
d) compile and make an installation packet
e) get the installation packet tested and signed by a verification center (this
costs money)
f) start selling my new software (the signed installation packet) while making
the source code also available as required by the OOS licence

Now, if the original software was licenced under GPLv3, would I be able to do
this or not, given that I do not own the keys that the verification center uses
for signing the installation packets?

[ Reply to This | # ]

Mistake: "How to apply this license to your own sw" removed
Authored by: dwheeler on Friday, July 28 2006 @ 06:39 PM EDT
One section they removed was "how to apply this to your own software". I think
this is a dreadful mistake. Licensing is complicated, and few are lawyers.
Having the "magic incantation" text in the license itself is very helpful, and
makes it more likely that those who would like to use the license can do so
correctly.

[ Reply to This | # ]

Freedom to tinker
Authored by: pnambic on Friday, July 28 2006 @ 08:53 PM EDT
Say I take some GPLv3ed software, modify it to suit some
hardware I built, and then sell the resulting device in a
tamper-proof box (for example by putting the firmware on
an old-fashioned EPROM, and encasing the whole thing in a
solid block of carbon fiber-reinforced plastic). I do of
course provide the full source code for everything running
on the device on my web site. I even publish the full
hardware specs and data sheets.

Am I in compliance with the GPLv3? If not, why not? If I
am in compliance, why should I not be in compliance if I
replaced the EPROM with flash and the carbon fiber with a
checksum verifier (which is presumably a lot cheaper)?

[ Reply to This | # ]

Can't we all just get along?
Authored by: hbo on Friday, July 28 2006 @ 09:36 PM EDT
Well, probably not. The problem is not that our devices mix hardware and software, but that they mix matter and mind! The realm of human ideas is full of slippery slopes and ambiguity, clashes of opinion and black and white outlooks. It can be messy and frustrating.

Here's one simplifying assumption that I find helpful in clearing up some of the mess around these topics. Linus represents developers, whereas Richard Stallman represents users. The two groups have partly overlapping and partly divergent interests. The issue with closed hardware shows this nicely. Richard Stallman decries the loss of freedom that tying software to a particular platform or device will bring to users. He can certainly muster arguments as to why that's bad for developers as well, but the basic perspective his concern arises from is that of the user. Linus, in contrast, sees the GPLV3 as restricting a software architect's ability to perform a whole class of practical and useful functions, such as verifying that an OS has not been corrupted - by the user or otherwise - before it is allowed to boot. The posting putting that in the context of a medical device gives the best example of that sort of application I've seen in today's discussion.

There are other obvious differences between the two. Recklessly engaging in more nuance-quashing simplification, Stallman is ideological, while Linus is practical. To add a little nuance to that, you could note that both have produced important software. But Richard's masterpiece is the GPL, whereas Linus' crowning accomplishment is the Linux community. Linus thinks the biggest benefit of the GPL, in practical terms, is its fairness. He denigrates the thing that is precious to Richard: its Freedom.

What seems amusing to me is that both might disagree with the idea that Richard's Freedom is one big reason why Linux is successful in corporate settings. It turns out that many businesses tend to see themselves principally as users of software, so naturally, the user-centric GPL has value to them, once they get past the "software ownership is immoral" rhetoric of the License's author and actually read the thing.

I see two big ironies here. First, Richard Stallman's attempt to reformulate the GPL will fail if he doesn't hold on to developers as a constituency. And a large segment of them, maybe a plurality, tend to think like Linus. Second, I think Linus soft-peddles the threat that locking software down to a particular machine or OS poses to Linux. With the current regulatory environment in Europe, I seriously doubt that Microsoft will even try to take immediate advantage of the opportunity embedded keystores will present them with, but governments surely will.

Finally, I'd like to offer my heartfelt thanks to Linus and to rms. Both these gentlemen have strongly influenced my life and career. I'm grateful that both are still going strong, and pursuing their divergent, but complementary visions of how software should be done. Please don't ever agree on everything, guys. We need both perspectives.

---
"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

[ Reply to This | # ]

Nutshell?
Authored by: Anonymous on Friday, July 28 2006 @ 11:29 PM EDT
"The GPLv3 tries to expand the copyright past the project itself. Instead of saying that it cares about the source code, the GPLv3 says that it also cares about the hardware, and the environment required to run the source code. That's a big thing."

Why not include a seat in parliament too? ;) I did a lot of reading to get to that statement. For me it summed it up pretty well. Also, I have been in the unenviable position of trying to explain technical issues to non technical people way too many times. My son has a favorite saying. "Anything sufficiently complex is indistinguishable from magic." If you don't understand how that follows, well..... ;)

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: Anonymous on Saturday, July 29 2006 @ 02:00 AM EDT
That's fine for the original owner of the device. Now, let's say the device has
a two year warranty. After six months, the original owner who tinkered with the
device sells it on eBay without telling the new user of the changes and loss in
warranty? That new user will waste the vendor's time and money.

Also, what if the above device has an interface to enter credit card information
to sign up for an online service? The original owner could have changed the
software to log all data entered.

To take this another step, let's say some crooked guy that works in a
distribution center modifies the software on every device before it is sent
out?

There is an expectation that appliance devices work as expected and there is a
level of trust with the manufacturer. Also consider how litigous the US has
become. A company could conceivably be held liable for not locking down and
validating the security of the above device.

The answer is very simple. Those users that want to tinker should only buy
hardware that permits tinkering. Attempting to force vendors to either allow
tinkering or to use inferior software does not seem like a good idea to me.

[ Reply to This | # ]

Thanks, Linus and PJ
Authored by: rdc3 on Saturday, July 29 2006 @ 10:45 AM EDT

I found the give and take on the topic of GPLv2 vs. GPLv3 to be fascinating and illuminating. Thank you both.

I am particularly glad to see Linus make his comments here, as the pragmatic point of view is often not well represented. It is important that debate on critical issues that can potentially divide the broad FOSS community can take place on a basis of mutual respect.

I do appreciate PJ's efforts to keep things civil. Name calling discourages serious give and take on important issues. However, I wish that the admonishments would extend to those within the community who tend to overuse epithets like "troll." PJ does have a serious problem with actual trolls. One of my pet peeves is the tendency for a comment to be labelled and dismissed as trolling merely because it questions an ideal from a pragmatic or other perspective.

Ideals and idealists are important. Richard Stallman deserves great credit for establishing and fighting for the ideals of free software/software freedom.

However, there is idealism too in the focus on "quid pro quo" that Linus espouses. It is the academic ideal, widely cited in university mission statements, of "advancement and dissemination of knowledge." The reciprocity (copyleft) provisions of GPLv2 and other reciprocal open source licenses serve the advancement and dissemination of software knowledge very well.

However, the academic ideal of advancement and dissemination of knowledge is neutral with respect to the application of knowledge. To restrict by legislation or other legal instrument the application of knowledge, is outside the bounds of academic ideals and generally considered to be highly questionable. The academic stance is rather to speak out against the misuse of knowledge through argument and critique. Education ahead of legislation is always the preferred approach.

From the academic perspective, then, the reciprocity provisions of copyleft licenses are the one kind of restriction that may be justified on the grounds of ensuring that advances in knowledge are disseminated. I think there is great merit to the viewpoint that Linus takes in identifying the "quid pro quo" as the essential value and beauty of GPLv2.

On the technical issue of the DRM restrictions in the proposed GPLv3 draft, Linus is right. Although many applications of DRM are badly misguided and downright evil, there are legitimate and important security and safety applications. We simply can't throw out the baby with the bath water.

[ Reply to This | # ]

Pragmatic should not be short sighted
Authored by: jbb on Saturday, July 29 2006 @ 01:44 PM EDT
Linus claims that his take on the GPLv3 is pragmatic but I think it is also short sighted. Despite all of the ad hominem attacks against RMS, he has a proven track record of seeing what is around the next corner better than anyone else I know of.

It is because RMS is so far-sighted that he is often near the center of very heated and passionate debates. He is extremely valuable to the community precisely because he is asking us to look at things differently from the way we see them now in order to solve problems that have not hit us yet but are coming down the road.

I tend to take a pragmatic, engineering, approach to things and this has caused me to disagree with RMS in the past. In the fullness I've time I've discovered that where we've disagreed, I've been consistently wrong and he has been consistently right. I encourage people who disagree with RMS because of pragmatism to stop for a moment and really try to see if RMS is solving a problem that is not right in front of us but is coming down the pike. Very often, people with a pragmatic viewpoint miss seeing the forest because of all the trees.

RMS is trying to provide us with the least restrictive license possible that will guarantee the end users/owners certain basic freedoms. The key point in the current GPLv3 DRM discussion is: who controls the keys? Is it the manufacturer or the owner?

The problem that those with the "pragmatic" viewpoint seem to be ignoring (or unaware of) is that if the manufacturers are allowed to control the keys then GPLv3 code could be used as part of a movement to destroy the owners' freedom on all of the devices they own.

RMS is trying to create a license such that the people who use this license are sure that the code they write cannot be used to destroy owners' freedoms. With this there is at least a glimmer of hope that FOSS will continue to thrive and flourish, even if it is only in a small enclave protected by the GPLv3.

Again, the key question is who will have control, the manufacturer or the owner?

Here is an example. Linus has mentioned that he wants to be able to sign his code so people know it is the real deal from him. This is good. In fact prevention of code signing would be a total show-stopper for GPLv3. Linus should be able to sign code and people should be able to know if the kernel they are running is signed by him. What the GPLv3 takes away from Linus is his ability to prevent owners from running code he didn't sign.

I don't think Linus should have that ability (even though I highly doubt he personally would ever use it). Writing code under the GPL is almost always a group effort. I don't think it is keeping with the spirit of the GPL to allow one person from that group to have total control over what software the owners of the computers are allowed to run.

It is technologically feasible that the next generation of computers will all be equiped with treacherous computing components that will be able to take total control of the computer away from the owner and give it to the manufacturer so that the owners have absolutely no control over the software that runs on their own machines. The GPLv3 will not prevent this from happening. But it will prevent GPLv3'ed code from being used as part of this take over.

---
Anyone who has the power to make you believe absurdities has the power to make you commit injustices.

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: wharris on Sunday, July 30 2006 @ 06:16 AM EDT
OK, some people disagreed with my voting machine example, so I have
another one.

Cellphones are each assigned a unique identifier (ESN) which along with the
assigned phone number uniquely identifies an account to charge for service. I
hope everyone agrees that the cell phone manufacturer has a legitimate
reason to prevent me, the customer, from reprograming my phone to
impersonate my parents, Linus Trovalds, or anyone else I can get the ESN for.

Thus, the hardware must ensure that the software reading the ESN is not
tampered with (and thus guarantees that the ESN comes from ROM), the
software initiating communicate is not tampered with (and thus properly
transmits the ESN given by the first routine), and whatever OS is used is not
tampered with (and thus uses only the approved routine for initiating calls).

If the company allows for firmware updates then it is not allowed to use GPL3
code in its implementation. I think the world will be a better place if the
source code used by cellular telephones is available for scrunity, and they will

be chepear if the companies have a free OS to use rather than having to pay
for WindowsCE.

[ Reply to This | # ]

An acceptable Tivo like machine?
Authored by: TerjeBr on Sunday, July 30 2006 @ 07:45 AM EDT
Suppose some manufacturer made a computer that would only run programs signed by their master key or signed by a per computer specific key. Suppose also that the owner of this device would only be able to read and copy this device specific key if it was opened and a seal broken that voided the warranty. This would be in compliance with the drafted GPLv3 right?

A key need not be included in cases where use of the work normally implies the user already has the key and can read and copy it, as in privacy applications where users generate their own keys.

The user already has the key and can read and copy it, even if the normal user would not venture inside the device to open up the hardware limitations to get the key.

---
Terje Bråten

[ Reply to This | # ]

Crippled Hardware
Authored by: Anonymous on Monday, July 31 2006 @ 02:50 PM EDT
I can see your point and it does have some merit. Knowing these places as I do I for one would much perfer to see these sorts of things locked down while in use. I would no objection to out of use equipment being GPL'ed or whatever. In use stuff *has* to be nailed down - for legal as well as practical reasons.

There is nothing stopping me from driving my car into a crowd of people. However, if I do I will surely be sued (among other things). It's better to be safe though so Ford should make my car so it will only drive me to and from work and to and from the store.

My suggestion is that there is a place for closed source with or without physical restrictions and a place for FOSS and that in some situations one is a better choice than the other.

No problems there. Just don't use my FOSS code in your crippled device and we're both happy. :)

-Void

[ Reply to This | # ]

GPLv3 and Linus's fears
Authored by: ShawnX on Monday, July 31 2006 @ 11:55 PM EDT
Linus,

I think we need to be careful. There has to be several
balances struck:

1) That companies can benefit using the kernel source code
as they wish within the context of the GPL.

2) That Open Source developers can benefit from using the
kernel source code within the context of the GPL.

3) That end-users can benefit from the work done by the
Open Source community and or proprietary companies.

4) That end-users are not restricted in their freedom to
use the Linux kernel or any other version of the kernel
they should so choose.

5) That companies cannot impede on end users rights to
their hardware by restricting what kernel can be used.

Do you think Linux would exist today if all of this evil
DRM crap existed in the early '90s?

The only way DRM can work with Linux is that DRM that is
targeted for certain situations that do not affect 'The
Public Good' should be exempted from being harassed by the
GPL. However, I'm unable to think of how that would work.

Honestly now, If the GPLv2 is left to erode further, Linux
as we know it will die. Perhaps we need an update to v2.0
(say 2.5) which stops the erosion just enough but keeps
the spirit of v2 license alive?

Companies can't be kept honest and will do whatever they
can to run circles around the GPL no matter what you say.

I know the kernel is stuck with v2, unless the kernel bits
are replaced slowly over time. But now is not time to play
poltics with the FSF and the Open Source community. Let's
not watch all the hard work that you and lots of other
people put into the kernel gradually die. That's not in
your interest or anyone elses.

[ Reply to This | # ]

Renting music (pay per hear) or otherwise not allowing the sharing of music with others...
Authored by: Anonymous on Tuesday, August 01 2006 @ 01:34 AM EDT
Not sure if this is feasible if the whole end user system is open. But this
isn't necessarily bad. Without any form of fool-proof hardware DRM the
proprietary software and music businesses have survived. Thus claiming that DRM
is necessary goes against historical fact. Those whispering in Linus' ears may
offer him riches beyond his imagination for cooperating, but they can't be
serious and suggest the end of the world would come to pass under GPL3.

If I believe that such a world with strong DRM locked up in hardware is worse
for me, it makes sense I support something like the GPL3 which discourages it or
at least legally disallows others to use GPL3 software to achieve those ends.

And I am sure there would also be alot of support for an environment that was
friendly to having music and other copyrighted material be more readily
shareable and adaptable. Like open source, more interesting music might come
into existance faster. And jobs wouldn't vanish. They never do. They just
relocate.

[ Reply to This | # ]

Asserting freedoms
Authored by: flash200 on Tuesday, August 01 2006 @ 11:15 AM EDT
Linus claims that the GPL v3 is saying that software should trump hardware, that
a software license should be able to dictate rules to the hardware it runs on.

That's a straw-man argument. What the FSF is saying is more that hardware
doesn't have the right to trump software--at least in the case of the GPL--that
the two should either coexist peacefully, and respect the terms of the other, or
they shouldn't be used together.

Linus also claims that GPL v3 is not proactive in nature, that it's more about
stopping DRM than promoting the freedoms of the GPL. This is a more reasonable
argument to make, but I likewise disagree.

If group X starts trying to deprive a person of freedom Y, is it reactive for
the person to openly assert their right to freedom Y? Is it reactive simply
because up until then no one was trying to deprive them of freedom Y? If the
person was already making use of freedom Y, the only change is that their wish
to assert that freedom is now explicit rather than implicit. Their goals and
intentions remain the same, and were not influenced by group X.

The FSF is not saying, "You can't make DRM devices". They're not
making any effort via GPL v3 to prevent DRM devices from being made. What
they're doing is saying, "You can't use DRM to invalidate the freedoms of
software covered by GPL v3".

[ Reply to This | # ]

For and against
Authored by: Anonymous on Tuesday, August 01 2006 @ 05:08 PM EDT
Hope the two main characters don't feel insulted, but here goes...

Linus is for a great developer time and developers getting together to build
better products faster (this benefits end users).

RMS is for end users being protected. His fear and his being against something
are directed towards a scenario where a company has too much power and then
won't share. This worry and effort allows for developers to be relaxed about
otherwise worrisome potentially uncomfortable or damaging situations.

In Linus' world, people cooperate with him to beat common foes. TiVo, for
example, is not perceived much as a threat but a borrower that may one day
contribute back or open up more voluntarily. Microsoft is being beaten. Many
others seem to be cooperating more and more each day.

The world of RMS has to deal with those constantly trying to thwart the peace
(SCO and Microsoft being just the major current examples: the latter answering
only to the letter of the law if anything and when in the mood; the former
confused but dangerous nevertheless). Not concidently, it appears that those
most subdued by the legal protections are those who most desire to control the
entire market, care the littlest about most end users or the majority of
developers, and have the most power.

Both tactics are useful; however, it is unfair of Linus to call RMS's focus
useless. Linus' methods and style may be more practical in getting otherwise
hard to acquire code written (both kernel code via hands-on work and discussion,
as well as drivers that require added cooperation from specific groups). But the
GPL has likely been a greater catalyst for getting FLOSS mainstream. For
example, it gives businesses with copyright a nonnegligible advantage over
competitors while allowing for a developer community to be happy because the
majority of the field (save for the copyright holder) is effectively working at
the same level legally, and the leader in the field getting ahead only so long
as they don't stray too far to destroy their goodwill.

Linus' method may be best most of the time (during peace time). It is the nicer
cooler side of FLOSS. This is the good cop. However, it is nice to know that
there is a large mouth with real teeth lying in the not too distant background,
every so often coming out to set some order among groups that get too far out of
line. Yet the side of FLOSS that gives it teeth, the bad cop, is not such an
uncool thing to have either.

[The bad cop may be too unrefined for daily contact with the people, but it may
be just what is required when there is a war... btw, I am not convinced that
Linus' method may not win out without RMS' worry to help it, but it is tough to
deny that together they probably keep FLOSS larger and healthier than either
would alone. .. and the bad cop is not that bad actually.. at least that hasn't
been the case yet.. let's hope the good cop offers enough of a carrot to
potential troublemakers to avoid serious confrontations (SCO has not really been
very serious, perhaps by design, perhaps because of the good cop aura).]

When these two read this they will surely start to cry, but I do hope the making
up session doesn't last too long because these two are in fact sworn enemies by
design.

[ Reply to This | # ]

  • For and against - Authored by: Anonymous on Wednesday, August 02 2006 @ 02:08 AM EDT
Suggestion that GPL3 include reference to errata or..
Authored by: Anonymous on Wednesday, August 02 2006 @ 02:02 AM EDT
If the GPL3 includes a link to an errata, definitions page, rationale page,
interpretations page, etc. that is updated (keeping the older comments), this
would help make the license more long-lived. Think of how the US Constitution
has not itself been modified but the law of the land has via the extension
points laid out in the Constitution (eg, Congress will make laws.. and
provisions for amendments).

This way as the definition of "open" or "hardware" or
"modification" or anything grows and varies over time, the updated
website page can reflect this so that interpretations of the license from that
point on are more likely to be homogenous.

This way we don't have to think everything through now.

I am not sure how best to do this. Maybe only some sorts of additions would be
legally binding. I don't know, but there should be a way to include the
unforseen (but keeping in spirit) without having to wait another 15 years or
come up with a new version every 2 weeks to reword a clause. Naturally, no one
would be bound by something that wasn't listed at the time they accepted the
license. Also, this should be for minor changes (and things like
interpretations) that could probably be ignored (not missed) in the majority of
the cases (there should be nothing new but only extra verbiage or slight
fixes).

I am guessing this might be a good idea. Then again maybe GPLv3.0.0.23.4 is
actually better and less ambiguous.

[ Reply to This | # ]

Second Discussion Draft of GPLv3 Released
Authored by: bloggsie on Wednesday, August 02 2006 @ 05:27 AM EDT
PJ: Please consider for one moment this situation. You are running an organization which collects sensitive data from a large network of many thousands of machines. They are set up to deliver the numbers, in a very timely fashion, to a central repository. Remember that these machines collect sensitive data, upon which decisions of real consequence will be made. Now please remember that because they are networked they could well be interfered with, in spite of the best will in the world and with all precautions taken. The only way for you to be able to trust this veritable army of machines is for you to test that each and every one has not been interferred with in such a way that it corrupts the data it records. The only way I know of to guarantee this is to make sure that the program running in the machines reports a crypto hash of the contents of its program memory via a cryptographically secure communications channel. If my understanding of the GPLV3 is correct, and I sincerely believe it is, GPLV3, in effect prohibits the use of GPL software in, for example: Voting machines; EFTPOS and cash dispensing terminals; Casino machines; etc., etc.

PJ, Whilst I appreciate your concern for individual freedoms. Is that really what you want?

[ Reply to This | # ]

The price of marketshare
Authored by: flash200 on Wednesday, August 02 2006 @ 09:56 AM EDT
In the Tivo example, an OEM is taking GPL software from the community, and
they're publicly distributing it on hardware on which you cannot run modified
versions of the software. That goes against the spirit and the intent of GPL v2.
Allowing the use of GPL software on such such devices requires giving up some of
the intended protections that the GPL offers, protections that, while implicit
in v2, were made explicit in v3. It requires yielding ground legally in the
interest of gaining marketshare.

Is it worth gaining marketshare in areas where freedoms are lost, areas in which
marketshare can only be gained by giving up those freedoms? What's gained by
this, aside from a bigger marketshare for crippled versions of free software?

[ Reply to This | # ]

Reading Linus' comments
Authored by: Anonymous on Wednesday, August 02 2006 @ 10:18 PM EDT
I'm not sure if this is Linus, but this is what the whole big thread with him
boils down to:
<i>
What does online security have to do with it?
Authored by: Anonymous on Tuesday, August 01 2006 @ 10:16 PM EDT
Er..."online security" has nothing to do with the discussion, that's
what firewalls are for :-)

The conflict boils down to "can I force YOU to run MY binary to access MY
online service". The GPLv3 says "NO!"

I presume the GPLv3 says this because it's exactly what DRM systems today are
doing, and they don't want GPL software to be used to implement DRM.

The problem is that the EXACT same technology is used for legitimate purposes
too...so by preventing the use of GPLv3 software in DRM systems, they are also
preventing a whole class of useful (to somebody) services from being released
under GPLv3.

In other words, I cannot legally give you a binary compiled from GPLv3 code and
retain the ability to validate you haven't changed it...which certainly DOES
stop me from implementing DRM...but it also stops your computer from doing
trustable work for me (eg http://setiathome.berkeley.edu/)

Clear?

-b
</i>


Then you have this:
<i>DRM "Misunderstood"
Authored by: Carlo Graziani on Friday, July 28 2006 @ 01:13 PM EDT
I really don't see what is wrong with manufacturers saying "you cannot run
unapproved software on this device", and making sure that that rule isn't
broken.

Precisely.

Look, let's move this discussion away from Tivo, which everyone hates. There are
other kinds of software-controlled devices where it is both potentially illegal
and a bad idea to allow unauthorized, un-audited code to run.

Wireless devices are a good example. They have to behave according to limits on
emissions set by the FCC, for safety, environmental, and interference reasons.
Often those limits are enforced by software -- the device itself can physically
exceed them.

It would make no sense to insist that anyone should be able to run their own
version of the driver code on the device, since this would invite
morally-retarded programmers to juice up their devices, polluting the spectrum
for everyone else.

Incidentally, this is not a theoretical case. Linux kernel support for the Intel
ipw2200 wireless chips comes separated into two components, the driver (source)
and the firmware (binary, supplied by Intel). I believe (but I can't confirm,
unfortunately) that the binary firmware is signed, Tivo-like, and the device
won't run if the signature doesn't match. This is not so as to allow Intel to
perpetrate some nefarious licensing scheme, but rather so that they can provide
Linux support without getting into legal trouble with the FCC. See section 0 of
this document for details.

I believe it is likely that Intel support for this device would not be possible
under GPLv3. This would be A Bad Thing.</i>

Fair enough argument, but are we reading the same <a
href="http://gplv3.fsf.org/gpl-draft-2006-07-27.html">draft</a&g
t;?

There are at least a couple of issues which is raised in the GPL v3:

1) Authors not able to raise patent-litigation against licensees without voiding
GPL license.
Status: Good thing.
Why: Against the spirit of the GPL, even GPL v2 disallows this I believe.

2) Authors not able to raise DMCA-lika litigation against licensees without
voiding GPL license.
Status: Positive.
Why: In spirit of FSF and GPL-license. However, it is clearly a jab at DMCA
itself and may or may not earn disrespect in USA courts.

3) Authors not able to license patents concerning the work without shielding the
users or providing infringing material for free!
Status: Divisive.
Reason: Messes with the business side of things. Plague or colera? You are sued
by a patent-holder, while if you yield, may become responsible for your users /
be forced to aquire an even larger userbase. If not, a lengthy court-battle
where you may lose ensues and you may in both cases lose GPL rights.

This shows that there is an imminent war-front in this regard. I must confess I
think the GPL is right that this may become an issue. Without these clauses, GPL
conveyors might not sublicense the patents or may abandon its userbase rights
through nefarious agreements concerning IP. Then they should not be using GPL
software, thus have their license revoked.

Legally speaking this protects the freedom of the GPL software concerning
patents. So I'm slightly more positive than negative about this, but only
because this shows the industry might be at the brink of a patent-war. It's not
going to be easy..

4) Over to the Linus-comments. From section 3 in GPL v3:
<i>No Denying Users' Rights through Technical Measures.

Regardless of any other provision of this License, no permission is given for
modes of conveying that deny users that run covered works the full exercise of
the legal rights granted by this License.

No covered work constitutes part of an effective technological
"protection" measure under section 1201 of Title 17 of the United
States Code. When you convey a covered work, you waive any legal power to forbid
circumvention of technical measures that include use of the covered work, and
you disclaim any intention to limit operation or modification of the work as a
means of enforcing the legal rights of third parties against the work's users.
</i>

This means everything should be accessible, modifiable, runnable, but not
including against an online service. The license doesn't mention online
services, neither does it grant anything to performances of GPL v3 works as far
as I can read..

Status: Makes GPL unusable for some proprietary projects.

Why: Delivering a system with secret root password? Not allowed by this clause.

However, according to FSF every system should be general purpose when possible.

My take is that this is showing an FSF going actively to war against limited
systems.

This might make us all have to re-think how we're relating to software,
including Linus. Security which is going behind the user's backs are not
tolerated by GPL v3, e.g trusted computing and networks.

Overall, if it succeeds, this may be a good thing!

This clearly draws the frontline for a new battle.. This time, the sides are
less clear.

Realistically, I doubt the GPL can survive without a fork. Not all GPL users
will "upgrade" to v3 for fear of becoming responsible concerning
patents and being dragged into FSF's warzone.

[ Reply to This | # ]

GPL3 adding complexity to FLOSS licensing?
Authored by: Anonymous on Thursday, August 03 2006 @ 07:26 PM EDT
Maybe the clauses can be designed well and software can be written to manage it.
Particular combinations are given human readable names (LGPL, GPL, GPL-P,
GPL-DRM, etc), but in any case we can write rules of what clauses (among the
batch) can be combined with which other ones if XXX is desired. [An end goal can
be to break all FLOSS licenses into sections that can be combined with any other
section (so we would have a multi-categorized/tagged database of clauses) to be
able to produce yes/no answers to standard queries on the overall Frankenstein
license being created.]

You should be able to take a distro, for example, and with one click know all
the applicable licenses for the included software and be able to follow a link
to a list showing exactly what is licensed how. This can have many views to make
it easy to answer many important questions readily. Something else that would be
useful would be to have an editor (or many.. example via plugins) and whatever
you open on the system, it marks it by the license (even subparts of a file can
be recognized to have different copyrights). For cases where the info is not
known automatically, the default can either be "I don't know" or
"You?" For all cases, however, the user can modify the info to fix it
(and have the modifications saved for later recreation). For example, you copied
something from the web. Initially the system tags it as unknown. Later, you open
up an editor and adjust the copyright info based on what you know or had read on
the web.

To get started, we just need a few small standard. Then anyone can build a
viewer as well as integrate it with other programs or even process the
information for whatever use. Part of the standard can even include guidelines
for how to id a work inline so that it can be scanned to discover the license
automatically (eg, @copyright-owner=Foo Bar, @license-name=GPL, or as an option,
another file ending in .meta with some particular format and in the same
directory, etc). Some will write programs to then scan and discover as much of
the copyright info automatically as possible (hopefully with very few false
positives). Others can manually classify everything they find.

If people don't do this voluntarily, I think there are already companies
providing this or similar services to large customers.

[ Reply to This | # ]

DRM and Linnux
Authored by: Anonymous on Monday, August 07 2006 @ 04:17 PM EDT
The GPL3 stops DRM. What this means is that the person selling a machine or
device using GPL3 code to implement the DRM must give the keys and every other
secret over to the owner (or much better allow the owner to generate a new
batch). What this means is that only the owner of the device will be able to
really be sure that their digital material will not be used, viewed, etc, on
that device by someone or something that is not supposed to (thus Hollywood
probably does not really like this arrangement).

Some examples:

[DRM music]

A device comes out from WeMakeDRMDevices Inc using a GPL3 os (Linnux 3) to
implement its lowest layer DRM, and as per the GPL3 license, they hand the DRM
secret material over to the owner-buyer. The owner, WeLeaseBigBadDevices, leases
the devices to its BadCustomers(TM) that pay the monthly subscription to talk on
the device, listen to music, and have it help them cook Worse(TM). The customers
can, neither by contract nor in all likelihood by reverse-engineering (if the
design is solid), overcome the DRM. However, WeLeaseBigBadDevices can control
the contents of the device, and unless WeMakeDRMDevices is illegally holding
something back (or kept a copy of the key), WeLeaseBigBadDevices has complete
control over the device. Of the three parties, the GPL3 guarantees that the
owner is the one with power, not the manufacturer nor the customers.

You buy the device above from WeMakeDRMDevices. After receiving/generating the
DRM key material, you and no one buy you has ultimate control over the contents
of that device (again, unless WeMakeDRMDevices is illegally holding something
back). Later you buy a DRM protected application and some songs. Six months
later, someone figures how to crack the application/songs because they were able
to analyze the program transparently (using their reverse-engineering tools).
While the application used tough encryption, they were able to look at the
application do its thing because the operating system did not have DRM
controlled by a third party (only the application did, but the operating system
is a lower level than the application). A new decyphering application was then
posted on the web to allow bypass. You got a copy of the program and used it to
do a better backup of your songs than the software that came with the DRM
application allowed. You consider this fair use and like that you now have a
product that is better than before. It is very possible you have broken no laws
though some may differ claiming DMCA trumps the fair use.

[Voting machines]

Another company, WeMakeDRMVotingMachines, just got a large order from the state
of Washington for their Linux 2.6 DRM'd voting machines. The machines come with
instructions on how to set everything up as well as some "privacy"
keys. The state of Washington, new owners of the machine, proceed to set
everything up for the next elections. As the election results are being tallied,
a rogue WeMakeDRMVotingMachines programmer, working in conjunction with Mr. BG
Smith, III, uses some secret keys held at WeMakeDRMVotingMachines that control
the actual DRM. After a quick upload to the machines, we find out that the next
state governor will be [drum roll] Mr. BG Smith, III! Hip-hip h.... And the best
part is that while the rogue programmer sold out for 3 million,
WeMakeDRMVotingMachines knew nothing and broke no laws.. assuming anyone would
even suspect anything. According to Linus' GPL2 license, WeMakeDRMVotingMachines
was well within their rights to keep the DRM protection under lock and key in
their sole custody and to do with as they desire (save some other contractual
obligations or laws). Six years later, with the state on the virge of collapse,
the last decent (and overworked) administrator having access to the purchasing
documents realizes that Washington never really controlled the machines (The
GPL2 was used and not the GPL3). It would explain why so many unpopular
candidates managed to win over the previous elections.

WeMakeBetterVotingMachines, a competitor in the voting machine market, sold
their wares to the other 49 states and various territories. Happily, there were
no problems reported with the excellent machines. Each of the purchasers got a
fresh and unique set of keys to exercise total and sole control over their batch
of machines set up througout their states. Not coincidently,
WeMakeBetterVotingMachines used Linnux 3 to run their machines, which license
terms (GPL3) required they release the key generation instructions to those who
bought their machines. Otherwise, they certainly would have been tempted to
spend their big investment bucks, not on programmers, but on an expensive
salesforce that very competently know how to raise their arms up in the air and
say to the customers, "Sorry, we'd like to give you complete access to
these machines you are buying from us, but then everyone else buying these
machines would be able to hack into your machines and to mess with your
elections. This is why our design allows for only one very secret key to exist
and we keep it under a big bad lock and key, secured away from those that can't
be trusted."

[Some more music]

Finally, going back to the example from WeMakeDRMDevices (which also uses Linnux
3), you then decide to sell your used device at a second hand store for 10
bucks. Along with the used machine, you hand over some papers you received when
you bought the device at the store. Essentially, these papers hold a copy of
GPL3 as well as instructions for the next owner on how to generate a fresh set
of unique keys to control completely and solely the DRM technology in the
machines. The new owner will not have to worry about anyone else messing (at
least no more than they would worry that you or WeMakeDRMDevices are breaking
the law by holding back) with their old collection of songs they created in the
shower which is expected will be added to the device for safekeeping along with
songs from professional artists they expect to buy.

[Wrap-up]

Throughout these stories, no people, animals, or very many minerals were harmed.
All participants came off happy except most citizens of Washington state. DRM is
doable. There was the scenario where the owner leased out the devices it owned
in order to sell DRM songs to their customers. We also had voting machines that
were owned and controlled, as makes sense, by none other then the governments
that bought them. All of these happy stories were made possible thanks to the
tremendously useful piece of software, Linnux 3, a new and improved fork of
Linux 2.6 that has key portions rewritten and licenses GPL3.

I think I understand some of Linus' view, but I don't agree all that much with
it. What I see is that Linus doesn't want to have Linux lose its momentum to
something like a BSD because of GPL3 concerns by hardware makers. Linux is happy
if hardware makers use Linux and then contribute something by way of specs or
drivers (even if binary). But many won't contribute back the hacks they pulled
on vanilla Linux using hardware. One of these might even grow to be the next
Microsoft in .. games, entertainment, and the supercomputing markets. [The
all-in-one XBox Xtreme.]

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )