Clearing up anti-GPL3 FUD

Christopher Culver

Thu Mar 22 15:46:21 -0700 2007

manage

FWIW, all elements in the word "rhinophytophilia" are Greek, not Latin.

Clearing up anti-GPL3 FUD

Bruce Perens

Thu Mar 22 16:29:55 -0700 2007

manage

And I hadn't capitalized the name of the language, either. Fixed!

Clearing up anti-GPL3 FUD

N. Dan Smith

Thu Mar 22 16:25:38 -0700 2007

manage

I agree that an update to the GPL is needed.  The "Bittorrent" clause is a good example of the paradigm of computing changing enough to necessitate a change.  The concept of patent retaliation is also an appropriate addition IMO.  Also, I am no fan of DRM, so anybody who takes a sock in the gut because of that clause will have no sympathy from me.

However, the implementation of the DRM clause does not seem to match the GPL's role as a software distribution license.  To the point, the Tivoization problem described by Stallman has, in and of itself, nothing to do with GPL'd software.  If a piece of hardware (the TiVo in this example) requires that its firmware be signed in order to load, that seems to me to be a problem with the hardware, not the software.  Any user has the ability to obtain, modify, and redistribute the TiVo's GPL'd code, though a user could presumably only use that software on a different piece of hardware.  Still the fact that the current draft of the GPLv3 has implicit hardware requirements is, I think, stepping outside of the proper bounds of what a software distribution license should be.

I hold Tivo and other companies in contempt for requiring signed firmware.  However, I just cannot see how it is appropriate to address this issue in a software distribution license, especially in the retaliatory fashion that the FSF has acted.  After listening to several of Stallman's talks on the issue, I am still not convinced (and it is rare that RMS is not able to convince me of something).  The GPL needs an update, and I am sure that it will be fully and willingly adopted if this DRM clause is left out.

Clearing up anti-GPL3 FUD

Bruce Perens

Thu Mar 22 16:35:27 -0700 2007

manage

It seems to me that the Tivo is not just a piece of hardware, but a licensed copy of the software. It is an alterable copy, it's either a hard disk or FLASH copy. But it is a copy that uses technical measures to restrict rights that are otherwise guaranteed by the software.

Consider that in the future of computers with the Trusted Platform Module, it might become the norm for programs to be locked down this way, and for unsigned programs to be locked out, and this would effect GPL software much more than it does today.

Thus, it does not seem to me that we can afford to allow technical measures to remove rights that the GPL otherwise guarantees, any longer.

Thanks

Bruce

Clearing up anti-GPL3 FUD

Howard Owen

Fri Mar 23 08:21:33 -0700 2007

manage

The conundrum of whether GPLV3 steps outside the bounds of a software license in the Tivo case is caused by the blurry line between hardware and software generally, and particularly in embedded systems.  Our devices harness physics to represent abstract reasoning.  Physical motions and positions of electrons and photons are assigned logical values. We then combine these values into operational sequences that we call software. The layers of abstraction, piled one on top of the other in neat folds, or jumbled together in chaotic mixtures, have the remarkable to disappear beneath the problem we are trying to solve.  But when we need to understand those layers, not just for technical purposes, but to decide what a software license can equitably require of  its users, then confusion - and honest disagreement - is the result. 

making hardware distributors play fair

Ciaran O'Riordan

Thu Mar 22 17:36:54 -0700 2007

manage

I wouldn't agree that our licences are an inappropriate place to tackle problems such as tivoisation. We're not restricting how the devices are distributed, we're only restricting how our software can be distributed. It's the device manufacturer's choice whether they want to bundle our software with their hardware. If they bundle them in a way that they know will result in the buyer sitting infront of a free software box they can't modify, then that's purposely undermining the spirit of the licence and it should be stopped.

I also think that we should try to do more with our licences. We only have three ways to improve our legal environment:

• Lobbying: Change legislation.
• Market: Don't support people who give us legal troubles.
• Our licences.

My background is in lobbying against software patents in the EU, and I can tell you that that was a lot of work just to maintain a status quo that we don't even particularly like.

In the market, we could be effective but we're not organised and most free software users are not sufficiently aware of the issues and the importance of exercising their market power. So we can't rely on this.

Then there's our licences. This is the only option that we control. We don't have to convince politicians or companies who don't share our values. In a copyright system geared towards our opponents, one power we do get is to set the terms of distribution for our software. We would be negligent if we didn't help ourselves in this area.

About how serious that tivoisation issue is, I wrote a piece a while ago that I think it not bad: Tivoisation explained - implementation and harms.

Clearing up anti-GPL3 FUD

Marcos

Fri Jun 01 06:44:55 -0700 2007

manage

The overstepping into the hardware realm is still my biggest philosophical problem with GPL 3, although I must admit it has been cleaned up quite a bit. While I know others worked hard to make a better draft, I really have to thank Linus for his stubborn rejection of the earlier drafts. I think he really put the brakes on some of the excesses. And while I respect RMS, Moglen, and the FSF for all they have done, I find something a bit Big Brother-ish about their long term aims.

Clearing up anti-GPL3 FUD

TheBashar

Thu Mar 22 17:30:02 -0700 2007

manage

Nice piece.  Thanks Bruce.

Clearing up anti-GPL3 FUD

Roy Schestowitz

Thu Mar 22 20:28:17 -0700 2007

manage

I am certain that you know this already, but Dan Lyons has been characterised as an Open Source foe for quite some time. Groklaw readers would go as far as calling him an SCO shill.

EULA.

Timothy Brownawell

Thu Mar 22 21:42:22 -0700 2007

manage

preamble

...the purpose of the GPL, which is to protect users' freedom to change the software.

Ok, yes, very nice...

2, paragraph 2

This License permits you to make and run privately modified versions of the Program, or have others make and run them on your behalf. However, this permission terminates, as to all such versions, if you bring suit against anyone for patent infringement of any of your essential patent claims in any such version, for making, using, selling or otherwise conveying a work based on the Program in compliance with this License.

...except, apparently, that you can *lose* this freedom.

7b (allowed additional restrictions) .5

# 5) terms that wholly or partially terminate, or allow termination of, permission for use of the material they cover, for a user who files a software patent lawsuit (that is, a lawsuit alleging that some software infringes a patent) not filed in retaliation or defense against the earlier filing of another software patent lawsuit, or in which the allegedly infringing software includes some of the covered material, possibly in combination with other software; or

And sometimes, you can't use the software at all. Hello, EULA!

EULA.

Jim Hill

Thu Mar 22 22:44:31 -0700 2007

manage

IIRC, tit-for-tat remains the unbeaten champion strategy for the anonymous prisoner's dilemma. The GPL is playing that game, and implements that strategy.

So, that puts it midway on the spectrum between doormat and predator.

To no one's surprise, the predators object.

EULA.

zotz

Fri Mar 23 06:12:48 -0700 2007

manage

"And sometimes, you can't use the software at all. Hello, EULA!"

And the problem here is? If I read you right, why do people insist on their not being free unless they are free to deny the same freedom to others?

If I misread the meaning of that, please try and explain again.

all the best,

drew

EULA.

pyro9

Sun Mar 25 18:43:52 -0700 2007

manage

...except, apparently, that you can *lose* this freedom.

It's not an unreasonable provision. Essentially it says if you're not going to be a good neighbor, you cannot borrow my lawn mower.

There have been far too many attempts to honor the GPL in name while constructively violating it. For example by modifying GPL code, releasing the source as required, but patenting something in it so that it cannot actually be freely passed on to others and freely used by them as required.

The situation is not unlike the one where some former copyright holders are now using trademarks to keep works now in the public domain effectively under their control exactly as if they had a perpetual copyright.

Paragraph 2 simply says that sort of loophole is not acceptable here. I would prefer that it simply prohibit such a suit, but a license cannot do that, so the next best thing is to make the grant of license contingent on refraining from such underhanded tactics.

The only way to lose the freedom is by trying to take it away from someone else. That seems fair enough.

EULA.

Timothy Brownawell

Sun Mar 25 19:25:14 -0700 2007

manage

No, that loophole is covered in section 11, which I very much agree with.

What I don't like is how it says that you can't modify it *for your own use* if you start a patent suit. "We believe that you should have the right to modify the software you use. Unless you piss us off, in which case we'll take away this "right"."

(I also think this is kinda dumb, since now no patent-holding company can safely customize GPL software for their own use... all someone would have to do is somehow implement one of their patents in upstream for the software they use, and then they have to either ignore that infringement or forfeit the use of their modified software. So congratulations, the GPL *really is* a minefield now. Even if you don't distribute anything.)

EULA.

pyro9

Sun Mar 25 20:41:59 -0700 2007

manage

It's much less broad than that unless the copyright holder implements the optional clause.

They can customize for their own use all they want. As long as they don't incorporate their patent into the GPL code, then sue someone for THAT patent in THAT program or its derivitives. If someone copies the patented technique in their own original code, you may freely sue them for that infringement. You may freely sue for infringing on your other patents (if any).

7b5 is the one that effectively prevents a patent-holding company from safely customizing GPL software iff the copyright holder chooses to use that option. Even then, it's not a problem if the patents are used only defensively.

EULA.

Timothy Brownawell

Sun Mar 25 21:13:21 -0700 2007

manage

*re-reads for the 3rd time*

Ok, yeah, you're ri--

*re-reads for the 4th time*

Um... actually, no, I still don't see that.

This License permits you to make and run privately modified versions of the Program, or have others make and run them on your behalf. However, this permission terminates, as to all such versions, if you bring suit against anyone for patent infringement of any of your essential patent claims in any such version, for making, using, selling or otherwise conveying a work based on the Program in compliance with this License.

I parse this as:

This License permits you to make and run privately modified versions[a] of the Program[b; what you would call "upstream"], or have others make and run them on your behalf. However, this permission terminates, as to all such versions[ref a], if you bring suit against anyone for patent infringement of (any of your essential patent claims in any such version[ref a]), for making, using, selling or otherwise conveying a work based on the Program[ref b, which is "upstream"] in compliance with this License.

, which is, if your privately modified version uses your patents, and Joe uses those same patents in something based on the same upstream, then you lose modification rights if you sue Joe.

EULA.

pyro9

Sun Mar 25 21:40:17 -0700 2007

manage

The key phrase is "for making, using, selling or otherwise conveying a work based on the Program[ref b, which is "upstream"] in compliance with this License."

In other words, if you're not suing over your patent being used IN THAT PROGRAM, your permission doesn't terminate. It's the reasonable statement "You can't both sue me for writing it and benefit because I did".

Perhaps the language needs to be made more clear since we're parsing it differently.

Clearing up anti-GPL3 FUD

Peter Rock

Fri Mar 23 02:14:17 -0700 2007

manage

"One thing to Torvalds' credit: when he's wrong, he can be convinced of that eventually."

About 6 months ago I had an email exchange with Linus. He seemed convinced that GPL3 went too far in regard to DRM. He stated that if users wanted "hackable hardware", they should vote with their wallets and demand that hardware be manufactured. I responded with...

"You say buyers should make clear their desire for hackable hardware and that they should not pay for hardware they cannot modify. Fine, but I the copyright holder am going to take you, the hardware manufacturer, to court if you dare make this "hackable hardware" and have you charged for "circumvention" under the DMCA. How is the buyer who desires "hackable hardware" going to stop me?"

Linus never responded. Bruce, I hope you are right that he can be convinced eventually. We could use his help and support with regard to this license.

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 13:45:59 -0700 2007

manage

But, your argument isn't a response to Torvalds' comment. If you have an issue with the DMCA or with laws enabling mandatory DRM, then you need to speak to the people who make the laws.

The license used for Linux cannot have ANY impact on those laws - it can't give you permission to circumvent DRM (only the copyright holder can) and it can't change the law or the market. Only buying and voting power can do that.

Clearing up anti-GPL3 FUD

Peter Rock

Wed Mar 28 01:24:01 -0700 2007

manage

"If you have an issue with the DMCA or with laws enabling mandatory DRM, then you need to speak to the people who make the laws."

If they are not listening, then we need to consider alternative solutions.

"The license used for Linux cannot have ANY impact on those laws - it can't give you permission to circumvent DRM (only the copyright holder can) and it can't change the law or the market."

Strictly speaking you are correct. But, GPL3 sets up a stalemate and opens up a door. What it does is shift the anti-circumvention issue to the intent of a license rather than the manfacturing of hardware. I don't see Big Media having any success trying to declare GPL3 itself an illegal circumventor of DRM. I'm sure the FSF would love it if they tried. So when you say "cannot have ANY impact on those laws" I disagree. Sure, the impact is not direct - GPL3 doesn't change the DMCA itself, but it shifts the battle and takes the pressure off HW manufacturers. You are right that GPL3 doesn't give us "permission", but under the circumstances it is not realistic to believe we will get such permission anytime soon through mere lobbying. GPL3 gives us a way to freedom even if that freedom is technically underground due to oppressive laws. It's not ideal, but it is better than mere protest.

Linus is not respecting what the actual circumstances are right now. It would be easy for Big Media to take a hardware manufacturer to court - even the threat is enough to keep them at bay. But GPL3 allows hardware manufacturers to keep on making TC devices by lifting the pressure off them and shifting the circumvention to a copyright license. HW manufacturers would no longer be the ones breaking the DMCA.

Because GPL3 demands complete corresponding source code, the user is then free to modify their copy as they like. Without GPL3 and given the DMCA, "buying and voting power" are useless as the law takes that power away. In a fair world, I agree with Linus...but our world (or at least the U.S. world) is not fair now. Of course, HW manufacturers may not be allowed to ship software that allows the copying of media, but with GPL3 we who want the freedom to do this should be able to easily download patches - much like we do with DeCSS. A GPL2 program however, that doesn't give us the complete code is useless as any applied patch would be detected by a TC machine and shut down.

If you can offer a better suggestion than "protest the DMCA" and "vote with your dollars", I'm all ears. But relying on that alone - I think - is not realisitc.

Clearing up anti-GPL3 FUD

sepreece

Wed Mar 28 15:21:12 -0700 2007

manage

"But GPL3 allows hardware manufacturers to keep on making TC devices by lifting the pressure off them and shifting the circumvention to a copyright license. HW manufacturers would no longer be the ones breaking the DMCA."

This makes no sense at all. The manufacturers would still be the ones who chose to use insecure (i.e., untrusted) software. In effect you're just saying "If you need to meet content owner's requirements for DRM, you can't use GPLv3 software."

If that's what you WANT to say, then that's fine. The Linux developers clearly don't want to say that.

Again, the ONLY solutions to DRM are in the marketplace and legislation. I can't guarantee success there - if people don't care enough, DRM will continue. And, most people probably will prefer some degree of TC to the current insecurity of most computers, so that's likely to become common, too.

Clearing up anti-GPL3 FUD

Peter Rock

Thu Mar 29 00:12:22 -0700 2007

manage

"The manufacturers would still be the ones who chose to use insecure
(i.e., untrusted) software."

Not true. The fact is, the manufacturers would be the ones who chose to convey, not use the software. If they use the software, they are not required to give the complete corresponding source code and therefore the DRM provision is rendered meaningless. In fact, in such an environment, DRM enforced through TC is perfectly acceptable. In fact, as a user of GPL software you are not even required to accept the license agreement to use the software! Doing so would be a violation of your freedom. I think it is really interesting when I see GPL licensed software on Windows machines (never seen it on a GNU/Linux machine though I guess it could happen) that actually requires one to agree to the GPL just to install and use it. The fact is, if you just use GPL software, you are not under any restrictions at all. You are under restrictions when you convey it.

And therefore your statement that -

"In effect you're just saying "If you need to meet content owner's requirements for DRM, you can't use GPLv3 software."

- makes no sense to me as it is based upon a false perception of what GPL3 demands.

"If that's what you WANT to say, then that's fine. The Linux developers clearly don't want to say that."

It's not what I want to say. It's just a fact. Therefore, if the kernel developers don't wish to say that, then they shouldn't as doing so would be based on a misunderstanding of the intent of the GPL. That intent has not changed at all dating back to GPLv1. What has changed is the innovation of some to exploit the unforseen holes that existed in earlier GPL licenses.

"Again, the ONLY solutions to DRM are in the marketplace and legislation."

The marketplace is negated by legislation in some places. This is a fact. So essentially, what you are saying is -

"The ONLY way to have freedom is through legislation."

And you are correct. And given the landscape, the only realistic way to do so is through a license of intent. Perhaps one day the law will change allowing the marketplace to open up, but it is absurd to suggest to someone to sit around and wait until (if?) it does.

"most people probably will prefer some degree of TC to the current insecurity of most computers, so that's likely to become common, too."

I don't think so. I think TC may be wanted by some organizations/families, but I would venture to guess that they would be in the minority. Your average user has no need for TC. For most people who want to keep private records, encryption is enough. But this is all a moot point as those organizations/families that want TC devices are not going to be denied that freedom by GPL3 anyway. Go ahead, use TC devices! Anyone continuing to spread that rumor is either confused and/or is trying to confuse others.

Clearing up anti-GPL3 FUD

sepreece

Thu Mar 29 07:19:12 -0700 2007

manage

I apologize for using "use" in the generic sense rather than the legal sense. I meant "choose to build their systems with unsecure..." As DRM schemes harden, I think it is increasingly unlikely that DRM mechanisms will be licensed to manufacturers for implementation on untrusted (i.e., user-replaceable) system software.

I disagre with your analysis of the marketplace/legislation issue. Customers elect legislatures as well as buying systems. The market will determine what approaches are economically viable (there is some evidence that, for music, at least, the tide may be turning towards non-DRM distribution, largely driven by market forces). If customers are unwilling to accept mandated solutions, they WILL complain to their representatives in legislatures. So far, there's little sign of such a movement, but it may happen. Or it may not - people can be surprisingly accepting of restrictions.

But I see no logic behind your argument that "the only realistic way to [influence legislation] is through a license of intent." How does a software license influence legislation?

Clearing up anti-GPL3 FUD

Peter Rock

Thu Mar 29 08:09:29 -0700 2007

manage

"As DRM schemes harden, I think it is increasingly unlikely that DRM mechanisms will be licensed to manufacturers for implementation on untrusted (i.e., user-replaceable) system software."

I don't agree with your definition of untrusted software. To me, if a TC environment is not oppressive, then "untrusted" software is software that I had no choice in allowing into *my* system. A TC environment may help keep such unwanted software off of *my* computer, but an untrusted system is not merely defined as a machine with "user-replaceable" software. This is exactly how Big Media want us to think of TC. But I reject that and refuse to speak on those terms. I will speak about TC on its "original" terms - for more on that, see this video here -

http://www.lafkon.net/tc/

If you would like a .ogg copy of this video I have one if you'd like to send me your contact information. But VLC should be able to play some of the formats at that site.

"So far, there's little sign of such a movement, but [change] may happen."

I don't disagree that change "may happen", but when freedom is at stake, passivity is not realistic. We have been very active in trying to bring about change. The key thing here is that this legal change must be done throughout the world...NOT just the U.S. The DMCA is a good case study in understanding this issue, but if there is even one place on the planet that makes it illegal for HW manufacturers to sell circumventing machines, then there is a need for GPL3. This issue is a world-wide issue, not just an american one.

"But I see no logic behind your argument that "the only realistic way to [influence legislation] is through a license of intent." How does a software license influence legislation?"

A software license IS legislation! It is law. And it now places the intent of the GPL in direct opposition with the DMCA. I like this strategy as anyone who is thinking clearly about this issue will plainly see that it is the intent of the DMCA that is extreme - not the GPL. What is extreme about protecting the freedom to use, modify, distribute, and run for any purpose *my* software?

Clearing up anti-GPL3 FUD

sepreece

Thu Mar 29 09:17:54 -0700 2007

manage

Note that I said "untrusted", not non-TC. By untrusted, I simply mean any software that the manufacturer (or service provider) has no information about and therefore has no reason to trust. In particular I said "system software", meaning software that runs with privileges beyond those of user software and, in particular, software that mediates and has the opportunity to alter data passing through the system's internal communication channels.

I do agree with Bruce that it is possible to conduct trusted communications over untrusted paths, but it raises the risk. Again, remember that the manufacturers are required to indemnify the content owners against breaches in the DRM.

I completely agree that the DMCA overreaches and should be repealed. I have mentioned that to legislators.

I personally have issues with the FSF's using the term "freedom", which has connotations based in human rights, with respect to software, which I do not believe to be an element in those human rights, but I don't really want to debate that here and now.

A software license is not, in any sense, legislation. Nor is it a law. It grants to a licensee certain rights that legislation reserved to the copyright holder.  It offers no possible opposition to the DMCA, which criminalizes certain activities, supposedly in order to protect those rights reserved to copyright holders. [Again, I believe it goes way too far.]

As I have said elsewhere, I completely support your right to put any restrictions on your software that you feel appropriate. I am simply unhappy to see the primary FLOSS license adopt restrictions that go beyond what I consider appropriate. I believe the DRM and anti-tivoization aspects of GPLv3 are simply a waste of time and effort that make the license less clear and more complicated thatn it needs to be to protect the aspects of FLOSS development that I consider most important. YMMV.

I've been arguing with myself for 2 days whether to reply to this.

GuyFawkes

Fri Mar 23 04:21:05 -0700 2007

manage

Because I genuinely do not want to upset anyone or appear like I am trolling.

I downloaded all the links, looked at all the pictures and listened to all the audio.

It is an exaggeration to say "I could have cried", but not a huge one.

I imagine that a secreted x10 spy webcam somewhere in Redmond capturing the regular Thursday meeting of the Vista Start button design committee would have sounded the same and given the same overall impression, but MS would never have released it as official press release material.

The audio was abysmal quality, it wasn't edited so the pregnant pauses while people entered the room were removed, it wasn't synced with any presentation material or a button pointed list, you'd have to plough through it to get any morsels out.

For the sake of a little effort, more posed and therefore more media acceptable pictures could have been taken, radio broadcast quality audio could have been recorded and edited together, and the whole thing could have been made a lot more slick.

Yeah, I know, this won't have changed the importance of anything discussed, but it would have changed the apparent gravitas of what was said, and the accessibility of it to the mainstream media.

MS "wow" campaign sucked dead donkeys, but it _worked_, it had all the pre-requisites for further media dissemination....

Go to http://www.fsf.org/resources, where are the media ready graphics?

Where are the soundbites?

Go to http://www.microsoft.com/presspass/gallery.mspx, more than you can shake a stick at

And it is not like the Open Source community doesn't have the talent, or that is requires much effort compared to coding the next kernel iteration, it seems like the Open Source community is happy to content itself with preaching to the choir.

-------------------------

Please do not think I am trying to denigrate the efforts of sincere people, I am not, and we would not be here without you, I am merely playing devils advocate and asking why the Open Source community always appears to place PR last on the list.

I've been arguing with myself for 2 days whether to reply to this.

Bruce Perens

Fri Mar 23 07:11:59 -0700 2007

manage

The second audio file, made by a Brazilian reporter who cleaned it up with Audacity, is said to be better. I didn't really expect this to be treated as a webinar, all of the files there are from volunteers who just made them and uploaded them. Perhaps I should put more effort into making it work as a webinar next time.

Thanks

Bruce

Reporters and FSF

David Leppik

Fri Mar 23 13:57:04 -0700 2007

manage

It gets worse. According to this story, a reporter who tried to hear the FSF's side of the debate was told that he couldn't interview anyone unless he called Linux GNU/Linux.

The first rule of positive publicity is: don't shut out the media.

Reporters and FSF

Bruce Perens

Fri Mar 23 16:16:47 -0700 2007

manage

There are a few points that are made clear to anyone who wants to interview RMS, and literally thousands of reporters have made their way through these and interviewed him. Do not refer to him as an "Open Source" evangelist. Don't call the system with all that GNU stuff in it after the guy who wrote the last 5%. Even Lyons knows that, he's told me himself.

Technical press has different rules than non-technical, because the subject is complex and some people just can't grok it enough to write anything you'd want to see about it. Thus, you give the good material to the ones you know will get it right in the story, and you do your best to dissuade the ones who never get it right (and there are too many) from even writing about the topic. There is a short list of people who mess up so bad that they will always be shut out by any professional in this field, and they soon find work elsewhere.

Bruce

Reporters and FSF

ryan

Sat Mar 24 09:20:02 -0700 2007

manage

funny, I am not amazed, knowing a little bit about Stallman ..

Clearing up anti-GPL3 FUD

maethorechannen

Fri Mar 23 06:02:24 -0700 2007

manage

It works this way: if any entity that distributes the software arranges to protect a particular group from patents regarding that software, it must protect everyone.

How does that affect companies like Oracle who offer indemnity? Or does it only involve patent licences?

Clearing up anti-GPL3 FUD

Bruce Perens

Fri Mar 23 07:27:14 -0700 2007

manage

Indemnity means that a vendor promises to make up your losses after you're sued, and with this particular kind of indemnity, they may also opt to take over your defense. The indemnifier does not own the patent or a right to license the patent. It would not be effected by the license text.

Bruce

Clearing up anti-GPL3 FUD

Bill

Fri Mar 23 11:38:17 -0700 2007

manage

Ok, what then happens if Novell & microsoft switch to offering  indemnity, instead of patent protection. So Novell offers Indemnity to any customer that gets sued by microsoft, and then Microsoft would refund  novell.  Microsoft would sue them, settle for a penny which novell would pay and microsoft would give back to them.  I think any license you come up with will have loop holes and over time it will collect more and more language to ban the loop holes that it will be impossible for any non attorney ( read joe developer) to understand it.

Clearing up anti-GPL3 FUD

Bruce Perens

Fri Mar 23 13:00:03 -0700 2007

manage

I think it would work with GPL3 if Novell promised to indemnify against all patent holders, not just Microsoft. I will be at the FSF general meeting on Saturday, and will probably get to look at the latest text and maybe Eben will have time to talk about it. Until then, I should probably put this question on hold.

Thanks

Bruce

Clearing up anti-GPL3 FUD

Howard Owen

Fri Mar 23 08:54:00 -0700 2007

manage

I think an unspoken reason why DRM people want to go the route TiVO did is that it's really hard to design and write secure software. Your observations of where DRM can live in a GPLV3 world, and that those locations are the best technically seem right to me. But paranoia that clever folks will find a way around the restrictions if they are allowed to load arbitrary code into a running kernel is understandable when you take into account the fact that the DRM systems will not offer perfect protection. The Orwellian mantra being chanted by the content industry, and audible through Microsoft's exhortations to Vista hardware driver developers is also explicable, if not less objectionable, when you consider that "defense in depth" is a practical strategy for mitigating risk in imperfect security systems.  Yes, modular systems work better in such a scheme, but it's still counterintuitive to say you have to open up a piece that could be locked down (and in) without license terms that forbid that.

What remains to be seen, in my opinion, is whether the push for effective restrictions on content will succeed. GPLV3 will mean that it will be harder to use covered software in DRM systems that protect RIAA and MPAA controlled content. But if the restrictions succeed in taking root, then I fear that the content folks will accelerate their turn to Microsoft and others for their embedded software.  That could mean the systems will be less effective at protecting content, but they will also be a lot less useful and configurable for end users. Again in my opinion, the only thing that could stop the power grab would be a consumer revolt. That has been what happened with earlier attempts at control of media markets. But the content boys and girls, aided by Microsoft, Apple and others, are being very clever about trying not to antagonize their customers this time around.  (Never mind the lawsuits, the new TVs and stereos make this generation of DRM invisible and effective.) It's a hard trick to pull off, given that DRM cuts so strongly against the interests of those customers, but the "bad guys" wised up in recent years.

Clearing up anti-GPL3 FUD

Alan Mackenzie

Sat Mar 24 03:47:10 -0700 2007

manage

"...DRM systems that protect .... content".  NO!  These systems restrict the use of content, they do not protect it.

The said content is in no danger of catching fire, disintegrating with age, catching a disease, or being sexually assaulted.  If anything is being protected here, it's the content's sellers.

The use of "protect" will subliminally arouse readers' protective instincts.  We don't want this!  How about using "restrict" instead?

Clearing up anti-GPL3 FUD

Bruce Perens

Sat Mar 24 08:03:07 -0700 2007

manage

Done.

DRM explained by Stallman

ryan

Sat Mar 24 09:29:38 -0700 2007

manage

DRM is short for: Digital Restriction Management. That is really the most correct explanation. Also see - http://www.gnu.org/philosophy/can-you-trust.html

Clearing up anti-GPL3 FUD

Howard Owen

Sat Mar 24 13:54:37 -0700 2007

manage

I take your point that the distinction between "protect" and "restrict" is important for propaganda purposes.

This distinction is important for other reasons, of course. As often happens with political language, one's choice of words in this case speaks volumes of one's attitude toward the underlying issue.  I was trying to understand why someone would want to do what TiVO did to the Linux kernel. I was thinking about that in order to assess Bruce's claim that GPLV3 won't  rule out DRM. I think that practically speaking, DRM will rule out the use of GPLV3. That's because the folks paying the folks who are implementing te DRM think in terms of "protecting" content from customers. They think that customers are really thieves bent on trammeling  the DRM monger's proprietary interest in certain bit patterns. If you think that way, then what are the chances you will elect to open up an important piece of your content protection system, just because (again, from the DRMster's perspective) a prominent enemy of your point of view thinks what you are doing is evil? The chances are fairly close to zero, it seems obvious.

So what? So the content industry won't use GPLV3 software in their DRM systems because they won't be able to subvert the intent of copyright holder as expressed in the license. That's probably good, on balance.  But it does cut against the (true) observation that GPLV3 won't rule out the use of DRM in conjunction with software it covers. What I don't understand is this: how exactly will that strike a blow against digital restrictions management? The content industry won't bat an eye over GPLV3. They'll all just run some godawful WinCE/Vista crap for their embedded systems. The boxes will be more opaque, and less reliable. Swell.

The only group in any position to really strike a blow against DRM are the great mass of audio/video customers themselves. And, with respect,  they won't be moved by hairsplitting distinctions between "protection" and "restriction." They will only revolt if they can't get their stuff, or can't use it the way they want. The very clever, but quite simple plan the content industry is following is to let them do enough of those things to keep them compliant. It remains to be seen if that magic trick will actually work.

Regards,
Howard

Clearing up anti-GPL3 FUD

pyro9

Sun Mar 25 19:04:57 -0700 2007

manage

GPL-3 strikes a blow against DRM exactly because of the crappy opaque and unreliable WinCE crap. Consumers may not know all the issues around DRM (until it's too late), but they will understand the quality differences between the crappy WinCE system that they keep having to unplug to reset and the better GPL-3 based system from Taiwan.

Clearing up anti-GPL3 FUD

Howard Owen

Mon Mar 26 16:07:40 -0700 2007

manage

GPL-3 strikes a blow against DRM exactly because of the crappy opaque and unreliable WinCE crap.

I sure wish that were true, or at least had some historical precedent behind it.

MS-DOS vs DR-DOS

Windows 3.1 vs OS/2

Windows 95 vs BeOS

WinCE vs Palm

The last is instructive. Microsoft already has passed the  erstwhile market leader in the high-end phone markets. Admittedly, Palm let technology pass them by before coming out with a halfway decent OS that can run on ARM. Nonetheless, that OS (Garnet) is technically superior to WM5 (WinCE in a horrible new skin.) and yet MS has the edge in shipments for PDA and "Smart" phones over Palm.  Each of the other examples involve clear technical leaders being wiped off the ground after MS got through with them.

Of course, GPL software isn't owned by a hard target like a single corporation, so the best examples, at least, can have longevity despite the worst an unprincipled monopolist can throw at them. But here's an additional worry that occurs to me when I think about this stuff: what if Microsoft's success against the above list wasn't solely due to the dirty tricks? What if they are really, really smart about marketing software, both inside and outside the law?

I actually believe that to be the case. So I see writing GPL3 software out of the embedded consumer entertainment electronics marketplace as a serious strategic error.  Microsoft will flourish there because they wil do a strong job of marketing their software.  As part of that, they will not only passively permit DRM, but they will do their utmost to forward the agenda of the content companies, because that will mean mega billions in sales for Microsoft.

No GPL license could countenance the latter sort of behavior. But I submit that it's actually a lot different from the former position. And I still believe that saying "GPL3 won't rule out DRM" is disingenuous. As practised by the leading implementors of DRM, GPL3 wll indeed rule itself out of use. This will hurt nobody on the DRM side of the world, and it's likely to be a boon for Microsoft in the bargain.

Regards,
Howard

Clearing up anti-GPL3 FUD

pyro9

Mon Mar 26 16:48:43 -0700 2007

manage

In the case of the PC, for reasons I have never really understood, people continue to accept flaky behaviour that they would never accept elsewhere. Wince took over Palm because PalmOS itself wasn't exactly the model of stability, particularly once 3rd party software got involved.

However, people expect a lot better from their VCR, DVD player and TV. Most of those devices come from Asia where Linux is doing somewhat better in general and tend to have a custom interface no matter what runs underneath. The ability to do away with even a $5 royalty and the expense of compliance tracking is a powerful incentive in that market space. When DVD players run $25, even shaving pennies off of the marginal cost is a big deal.

The content providers DO want more DRM.  Actually they seem to want to charge a fee just to remember a song or movie. However, they do not make media appliances. They can't beat the price of Asian imports in any event. They know the public has come to expect the sort of pricing that comes with Asian imports. They can only go so far in what they dictate and probably can't mandate a particular design. There's no such thing as an unhackable design anyway.

Even MS might not want WinCE mandated given the odds of a Democrat becoming president with a majority Democrat legislature and a strong motive to prove they're really not just Republican Lite (TM, pat. pend.).

I'm not saying it will be easy to incorporate DRM into GPL software within the license, but it can be done and the economics strongly favor the attempt.

Given that all DRM in my DVD player can be turned off with an "undocumented" sequence of keypresses, it wouldn't be hard to implement something stronger in GPL software. I suspect but cannot prove (and don't want to prove) that some savvy manufacturers WANT weaknesses in DRM on their devices. Many consumers will, after all, buy their product specifically because it is exploitable.

Clearing up anti-GPL3 FUD

Howard Owen

Mon Mar 26 21:08:40 -0700 2007

manage

You list the advantages that Linux has in the embedded space, generally. Fair enough, but that doesn't falsify the premise I put forward that GPL3 will hand Microsoft an advantage (perhaps decisive, perhaps not) in the embedded OS market for entertainment electronics. You imply  that Asian electronics manufacturers will do what it takes to incorporate DRM and GPL3 software together in their systems because "the economics strongly favor the attempt." As worded, I can't disagree. However, whether the attempt will succeed in economic terms is unclear to me. To restate my point in those terms, how will the difficulty of incorporating DRM into GPL3 software affect the costs of  bringing hybrids like that to market? Will it have zero impact? If not, then my point stands.

No security system is perfect, and most ar far, far less so. But having the speakers and displays participating in the DRM, with encrypted communications between source and reproduction having to pass muster before any analog signal impinges on the eye or ear is a tough nut to crack. And cracking it isn't the point. The point is that compliant sources, transports and playback units have to implement the DRM as specified, or they won't play the content industry's stuff. So who gets the "jarring user experience?" Is it the guy who's playback of HD formatted video pauses for a second while WinCE has a brief conniption for some completely obscure reason, or is the purchaser of an off-brand HD-DVD player whose disk just sits there when inserted, or plays back at 640x480. (Without a hiccup, mind you.)

These aren't fantasies of the future. This is the world Microsoft has thrown its full weight behind with the release of Windows Vista. They are a powerful mover of markets. They aren't omnipotent, but they are very, very smart. You wonder why people accept the PC as it is? Because Microsoft was smarter (and more ruthless) than the guys at DR,  IBM, Be and literally hundreds of other companies who tried to compete with them.  They've had to tone down the "ruthless" part a little in recent years, but they are still a dangerous competitor.

I agree that the Democrats will surely fix all this up when the come in. Just like they prevented the current international mess through their courage and foresight.  Yes, it was Bush's DOJ who cut Microsoft the cushy consent decree that ended the antitrust litigation with the US government. But I'm sure you remember the loud howls of protest from the Dems when that deal went down. Wait, no howls? How come? Balance of Payments. The US runs a trade surplus in software. Serious sanctions against Microsoft, the kind that might affect their bottom line, and the kind that might be effective, are unlikely to come out of any US administration in my opinion. And by the way, didn't the DMCA pass under Clinton and a Democratic Senate?

So where do we look for deliverance from locked in content implemented in embedded software that GPL licensed stuff will not be a part of? Joe and Jane Sixpack, that's who. Maybe these systems really will suck enough to anger customers enough. Maybe having incompatible hardware will cause them to revolt. But the ace in the "bad guys" hole is this: HD content will not be made available to non-compliant hardware. I don't care if somebody cracks it. That's not, once again, the point. Like CSS before it, this new DRM technology has a dual purpose. It not only seeks to prevent copying of content, it's also a scheme to control the markets for players. Only this time the scheme goes beyond players and encompasses all the hardware in a playback system.  A thoroughgoing crack like DECSS might open that up some, but these guys appear to have learned some basic security principles, like "security should reside in the key, not in the algorithm."  They've mandated separate keys for separate releases of each title. They have revocation lists transmitted with pretty darned secure algorithms so that compliant players will suddenly stop playing a particular release. That's one place they might infuriate customers, but if they were to couple the revocation with a simple and quick media exchange for legal copies, it might not be too much of a pain point.

A lot of the stuff they are trying is dubious in practical terms, never mind the morality of the whole thing. But how it will work out is anybody's guess.  I just think that "legislating" against this breathtaking scheme is unlikely to have any positive effect. I don't know if mass education or political agitation will help. It's certainly worth trying both, since in principle, they both go to the heart of the issue. But my real hope is that the content industry and Microsoft, working together, won't be powerful or clever enough to hide the truly customer-hostile nature of this stuff. The other possibility is some sort of technical fix for the locking up of HD content, but I put my money on the users.

Regards,
Howard

Clearing up anti-GPL3 FUD

pyro9

Tue Mar 27 10:52:45 -0700 2007

manage

We seem to be talking about a different things. As odious as it is, there's no reason a userspace program running in Linux can't read an encrypted disk and send encrypted content to hardware that supports it.

A userspace app is more likely to be subverted than a kernel dedicated to the task, but frankly the Asian manufacturors don't likely care about that. They will gladly produce devices that meet whatever the spec is on paper even knowing that everyone and his dog can get around it. Some might quietly make sure the DRM can be easily defeated, but they'll deny it if asked, of course.

DRM as an inherant evil is a worthwhile topic, but is only related to GPL3 to the extent that it might be implemented on a system containing GPL software.

I'm not counting on much from the Democrats for stopping DRM, it doesn't look like they've realized how much social harm it represents yet. Possibly they never will. As you point out, DMCA happened on Clinton's watch. They do have a better track record on anti-trust and could well take interest if MS and MS only actually gets built into an embedded player standard.

I can imagine the lack of howls about the war has something to do with being clearly outnumbered on every front initially. Even now, they would have to mount a strong and united opposition to get around having Bush in the White House. I am disappointed that they haven't put more effort into that though.

Honestly, I don't actually like either party's politics all that much, but given a choice between the Democrats as they are now and the Republicans as they are now (that is, subverted by the neocons and the religeous right), I'll hold my nose and choose Democrats.

All of that aside, I do think that MS would/will be more concerned about keeping up the illusion that there is a healthy market in software with Democrats in both legislative and executive branch. Having WinCE actually specified in a content player specification would tend to raise red flags.



Ultimately, I don't think even the HD scheme of many multiple keys will prevent the breaking of DRM. I don't think a media exchange will do much to curb consumer anger. As soon as it is done even once, people will cease to see that shelf full of disks as a hard good that they "own" and start seeing it as decaaying before their eyes. When they see their player become incapable of playing a new disk but obviously working flawlessly on an older disk, they will smell a rat. Eventually there will be a class action suit demanding new players from the MPAA.

Even in the case of playing flawlessly at 640x480 vs. full resolution but throws a conniption, I suspect most people probably won't even notice the resolution loss. The big jump in perceived quality is between analog and digital. Consider how few people actually seem to notice that mp3 is not as good as a CD.

I agree that ultimately the users will be the undoing of DRM. The tighter the technical measures get, the more people will download their content and burn it to a disk (RIAA or no). The player that will really be in demand is the one that will play home burned disks with minimal fuss and bother. The losers will be the ones that panic if the file structure differs slightly from the standard.

Clearing up anti-GPL3 FUD

Howard Owen

Tue Mar 27 15:21:47 -0700 2007

manage

The topic pf DRM is indeed worthy of many additional discussions. But I ran down this rabbit hole in pursuit of one of the main themes of Bruce's article: that GPL3 won't rule out the use of DRM. I still contend that it does and will, and that DRM will rule out GPL3.  I think this is one reason Linus Torvalds opposes the draft. I think he has a point.  (I also think he has a philosophical dispute with rms about what a license should cover. I'm not addressing that argument here, just what I see as the practical consequences of the license draft.)  I also think that the DRM restrictions are the result of a principled stand by the GPL3 author and his reviewers.  I more or less agree with the principles, too. I just don't see how they can have any actual effect on the actual practice of actual DRM.

I also think you may not understand the real nature of the DRM systems just now coming to market. Do a Google on "HDCP" to run farther down the rabbit hole.  (Wikipedia Link)  It's actually scary stuff.  It's not a file format, it's a cryptographically secured end-to-end communications protocol. The reproduction device doesn't get the keys to decrypt the data without proving that the software stack, reviewed by the key issuers for security - and adherence to an insanely long list of digital restrictions- hasn't changed from the approved binary image.  Now go to a consumer electronics site and look at the specs for high end displays designed to play HD video. Check out the inputs, and notice you won't see S/PDIF anywhere. What you will see is HDMI, the HDCP compliant interface, on each and every high end display. Looks like they already have the Asians on board.

I actually got a couple of the details of HDCP wrong. For example, if you aren't HDCP compatible, the best quality you will get will be equivalent to DVD for video, not 640x480. (You may have a point about general consumers not being able to tell the difference, but the enthusiasts who are buying this stuff now surely can.)  Also, the keys that get revoked are those of the players, not the videos themselves. So that has still more potential for angering customers. But it does give Hollywood more of a club to directly discipline those same Asian manufacturers we've been discussing.

This generation of encryption algorithms and security protocols being used for DRM may well suffer the same fate as CSS, but we really are talking about a much smarter implementation.  Intel designed this stuff, and they used standard algorithms lke SHA1 and DSA. If those fall to cryptanalysis then we have a much bigger problem on our hands than the benefit blowing up DRM would yield. The protocols are pretty complex, and if they turn out to be flawed in some way, then we may luck out.  But I don't share what appears to be a general faith among many digirati that DRM is inevitably doomed.

Enough!  I will stop beating the DRM hobby horse now 8)

Regards,
Howard

Clearing up anti-GPL3 FUD

pyro9

Tue Mar 27 17:22:46 -0700 2007

manage

I did do some digging into the new DRM. It's worth noting that there are already exploits out there that can extract title keys from HDDVD along with the inevitable websites listing those keys.

If all else fails, I'm sure there will be plenty of people using JTAG to pull keys right out of an embedded device's memory and others reverse enginering the firmware to get device keys.

The high end devices certainly DO support the new DRM. The low end DVD players 'support' region coding too, unless you press the magic sequence on the remote.

Some enthusiasts CAN tell the difference and many more THINK they can. The vast majority will wait till they can get a player for under $100 at Wally World. Personally, I can tell the difference, but don't find it all that compelling (a crappy storyline gets no better in high res, a good story line is absorbing enough to not notice visual defects  :-). Personally, given a choice between a new expen$ive setup or a decent DVD quality setup, I'll take the latter and be happy.

SHA1 is far from broken, but there IS a better than brute force attack out there now.

Very worst case, someone taps the signal right in the LCD or plasma cathodes and gets close to 100% and there's nothing DRM can do about it. There is ALWAYS a way. The more the *AA ticks people off, the more will find one of those ways just to have a bit of private revenge.

Agreed, we've probably about exhausted this one for now, but it's been a good discussion :-)

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 14:27:35 -0700 2007

manage

Most embedded devices don't run WinCE, they run nice, hard, little real-time OSes that are generally more reliable than Linux (because they don't try to do as much).

Lately there's been a trend to put Linux in those devices because it's a nicer development environment and supports lots of nifty new technology, but moving Linux to GPLv3 would probably alter than trend significantly. "Smart" devices would go to WinCE (or Windows Mobile) and dumb devices would go back to device OSes. [Smart and dumb here are not judgmental - smart devices allow add-on software, dumb devices are closed.]

Clearing up anti-GPL3 FUD

pyro9

Tue Mar 27 15:18:42 -0700 2007

manage

I'm not so sure. Nobody in the embedded space has gone to Linux just because it's cool. There is a value proposition to it. Linux is royalty free. It's not just the per unit price, it's also the cost of compliance tracking and billing.

WinCE certainly doesn't offer that sort of value. I would expect many embedeed devices to remain with their small realtime systems (they're not even really operating systems in many cases, they're more dedicated programs). Some will adopt WinCE as they do now, and others Linux.

One possibly interesting option is much more open to Linux than to WinCE. Use a tiny real-time kernel with an API to the more complex OS subsystem.  Linux handles the flashy features and flexibility and the realtime core can have the DRM and accept requests from the guest OS. Linux has a much greater potential to be a good guest.

OTOH, MS doesn't  even seem to understnd the concept of not owning the whole machine. That's why there are so many virtualization systems for Linux (and grown out of Linux) from complete machine emulation down to user mode linux to vserver while  Windows has one that they bought rather than develop (other than hacking it to only be useful w/ MS).
 

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 18:27:17 -0700 2007

manage

It's all speculation - you may be right.

A couple of additional points:

- Some embedded devices run on real-time OSes that are royalty free because the vendor wrote them. Some vendors use Linux andc pay the equivalent of royalties to use a specialized distro. Some vendors use Linux just to avoid using an OS that somebody else controls...

- The microkernel approach does have some potential patent issues, depending on exactly what the relationship between microkernel and application kernel is.

I completely agree that there is a value proposition to Linux! The question for the vendor is the relationship between that value and the associated costs, which include both the license limitations and the costs of either working with a specialized distro (not beer-free!) or staffing to do the needed adaptation and maintenance (which can be substantial).

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 19:27:11 -0700 2007

manage

"think in terms of "protecting" content from customers. They think that customers are really thieves bent on trammeling  the DRM monger's proprietary interest in certain bit patterns."

Gosh, I can't think what might incline a content owner to think that consumers, untrammeled, might tend to violate the owners' copyrights.

I don't like DRM either, and I agree that content owners are using it to block some uses that they should not be able to control. But, I can also understand why they would feel they needed to act aggressively to avoid in the future the kind of abuses that have been and are common with today's media.

Clearing up anti-GPL3 FUD

Howard Owen

Tue Mar 27 21:09:17 -0700 2007

manage

You're making me break my no-DRM-talk promise.

Yes, people will steal for a variety of reasons. Some people steal music because they don't care about copyright. Mostly though, I don't believe they ponder the issues much. They just take the path of least resistance. That path used to lead through Napster et al. It still does (with the emphasis on "et al") for larcenous and lazy folks. But the success of iTunes shows that many, many folks will pay what I consider to be a slightly more than reasonable rate for music in digital form, if it comes via the convenience of the Internet. And I don't believe that's a case of DRM triumphing over piracy. That starry eyed libertarian idealist - Steve Jobs - seems to think that removing the DRM would blow the lid off the legitimate digital music market in a good way. 

What percentage of sober American motorists routinely exceed the speed limt more than by about 10 or 15%? The number has to be pretty low. Why? Is it because slower is safer? I think its because you risk a  fine in a graduated scale based on the amount you exceed the speed limit. Patrols are pretty regular on average, and the risk of getting caught is predictable. The American motoring public obeys the speed laws - more or less - because of the fear of real consequences.  Of course some do so because it's safer, and some even because they think it's the moral thing to do.

The RIAA saw this and launched its scheme to sue customers for downloading files. Only they must have figured that they couldn't do as thorough a job with Kaaza as the various state police could with traffic, so instead of trying to impose reasonable fines, they tried to soak defendants for millions. I guess they figured that would "put the skeer into 'em" as a Confederate general once said.  Well, they may by now have become aware f the fatal drawbacks to that approach, although who can tell with that crew? The point is, it doesn't take a very severe threat to convince those who might steal out of laziness that it isn't worth the trouble. Couple that with moral suasion and real convenient ways to get the content legally, and I think you have not only a sustainable business model, but a real gold mine.

So yes, people will steal. But treating all your customers like they are criminals is not only false and stupid, it's really, really bad for business. Plus, it's a really, really bad reason to try to impose an Orwellian scheme to control what people can do with bits and hardware they have ostensibly bought and own. It's just my opinion. Drop me a line at hbo at egbok dot com if you'd like to discuss it some more.

Regards,
Howard

Clearing up anti-GPL3 FUD

pyro9

Sun Mar 25 19:19:06 -0700 2007

manage

Agreed. In fact, DRM actively harms the content. Like any data, the more it is copied and spred around on diverse media, the more likely it is to survive.
The copyright holders don't always do such a good job. MANY works are lost forever because copyright holders wouldn't publish and wouldn't let anyone else do it either.

Meanwhile, ET has some wierd bit rot that makes shotguns look like radios.

Clearing up anti-GPL3 FUD

jay car

Fri Mar 23 11:32:57 -0700 2007

manage

As an ordinary, everyday, not particularly bright, person from a very non-technical background (who just happens to think that tech news is interesting to read about), I have to say that your explanation of the reasons for, and the changes in the GPLv3 is the best I've read, so far.  This is the first time that the reasoning has really became clear to me. 

I know that it's a popular belief on most tech oriented sites that "ordinary folks" barely know what software is, much less whether it does or doesn't (or even should) contain freedoms of any sort.  But the truth is that more and more people ARE becoming better informed.  Maybe not in herds and droves, but I see a steady rise in curiousity, if not out-and-out interest in getting free from Windows and Microsoft (or proprietary software in general).

Once one begins to look for information about alternatives, especially ones that work to guarantee certain freedoms, it isn't a big leap to see the mean-spiritedness and deceptive behavior of "journalists" the likes of Lyons.  Even I can spot the nonsense when reading such opinions as his (though he's among the worst, he's certainly not alone). 

When random, ordinary folks, like me, begin to get the picture, we tend to tell our friends and family.  Now, in my case, my friends and family dislike computerish discussions.  They yawn, change the subject, avoid my calls :o) and generally consider anything more technical than email to be beyond their scope of interest.  Except when they have problems with something computerish, and then they call me.  I have the dubious honor of being the unofficial tech support for my circle of friends and family members. 

What's funny is that after a year or so, I begin to get questions about things that I had attempted to tell them about earlier, and suddenly they have become interested in learning more.  Which puts pressure on me to learn more so I can explain things better.  Then they tell their friends...and so it goes. 

Which brings me back to this nice explanation of the new version of the GPL.  It is a wonderful thing when I don't have to read something and spend hours trying to simplify it in my own mind enough to be able to explain it to someone else.  I love it when I can just send a link to an excellent explanation and know that it's something clear and easy to understand, for everyone, even ordinary folks.

Because people in my life know I like computers (I love my own computer, especially), they tend to send me links about various tech subjects they read about in the news.  When the Microsoft and Novell deal first hit the news, I received several emails from friends with links to various articles about it.  Most wrote short notes expressing that they thought it sounded great that Microsoft was making friends with other software vendors.  It all sounded so hopeful to them.  They thought I was being unfairly negative when I wrote back saying it was sizing up to be a very sad state of affairs for Novell.  Few people understood why such a partnership wouldn't be a good thing.  I didn't really know how to explain.  Most people just wondered what I was talking about..."So, now you're griping about patents?"  "Oh, you're just so prejudiced against Microsoft, you wouldn't like them no matter what they do." are some of the comments I get. 

Your article is so nicely done that I am comfortable sending the link to others.  It is the kind of thing that helps get the information further out into the world.  I know it takes time, but people really do care about their freedoms.  They don't always understand when it comes to computers and software, but once they do, they care.  I've seen it happen. 

Anyway, sorry for the long ramble, it was mostly to say "Thank You". 

I think Technocrat and Groklaw, and even Slashdot (in its own weird and warped way) have helped a lot more than any of you may think, to help educated us old farts about the issues of software freedoms. 

I know this comment doesn't really add any value to the conversation, but I think that sometimes it's just nice to say thank you, so I thought I would. 

Thank you :o)

Clearing up anti-GPL3 FUD

Chris Fernandez

Sat Mar 24 23:40:51 -0700 2007

manage

Very GOOD! I enjoyed the reading.
http://www.binaryfreedom.info

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 13:58:59 -0700 2007

manage

IANAL, but your suggestion that Linus could change the license by posting a notice of intent and only removing work by objecting contributors seems off-the-mark in at least two ways:

(1) The people who don't object are still the copyright holders and can object at any time, regardless of the notice. They would be free to sue Linus or downstream distributors for violating their copyright.

(2) I don't believe you can legally separate out the contributions in the kernel - most of them would be derivative works of each other. My suspicion is that the copyright has to be viewed as held in common by all the authors, except, perhaps, for a small number of recent "leaf-node" contributions that could be isolated (nothing derived from them).

Besides, "writing out" the objectors seems wholly impractical, and comparing it to git seems wildly inappropriate. The kernel is orders of magnitude larger and more complex than git. I'm sure it could eventually be done (Linux itself is an existence proof), but not in a reasonable amount of time.

And, of course, people wanting to use GPLv2 would be free to fork the kernel. This might simplify life for the people building embedded devices, I suppose - most of them don't want to up-rev their kernels all that often and might be perfectly happy with an embedded-specific kernel that cut out a lot of the desktop/enterprise cruft...

Clearing up anti-GPL3 FUD

sepreece

Tue Mar 27 14:14:39 -0700 2007

manage

"It essentially trades the makers of those systems the right to base their devices on our great GPL software, in exchange for the consumer's right to make that hardware run new and innovative programs that weren't envisioned by its manufacturer."

This might be a reasonable trade, but the proposed language asks for rather more - it asks that the device continue to perform its original function. That means that service providers cannot trust the software on the device. I would, personally, have no objection to requiring that the device be reflashable, but requiring that everybody grant the replaced components the same trust they granted the original components just feels broken to me.

I'm with Linus - share-the-code is a reasonable requirement.

Note that I'm not opposed to people using the GPLv3 if its restrictions are important to them. Every author should be free to release her work under conditions that satisfy her. But putting the restrictions in the mainstream license for FLOSS developers means a lot of people will use it without thinking about how they're restricting the application of their software.

And I'd still love to hear a rational explanation of why it makes sense to say it's OK to lock up the device if you put the software in ROM, but not if it's in flash. The "same rights" argument is just too contrived - it's clearly something they came up with as a rationalization, especially as the device manufacturer generally doesn't have any access to the device.

Clearing up anti-GPL3 FUD

Phil

Wed May 30 15:47:09 -0700 2007

manage

spreece:

"And I'd still love to hear a rational explanation of why it makes sense to say it's OK to lock up the device if you put the software in ROM, but not if it's in flash. The "same rights" argument is just too contrived - it's clearly something they came up with as a rationalization, especially as the device manufacturer generally doesn't have any access to the device."

I think you misunderstand. The point was that if the DRM were implemented in non-GPL'd software and "locked up" in ROM or in "protected/trusted" EEPROM, and a publicly detailed API were published so that the GPL'd software could continue to interact with the DRM unit after modification, then the DRM and the GPL'd software could exist in the same box and not violate GPLv3.

Mr. Perens: did I get it correct?