Linus Torvalds blesses DRM, and nothing happens

Can we just talk about something else, please?

  • alert
  • submit to reddit

High performance access to file storage

Last week Linus Torvalds said share denial technology, or DRM (Digital Rights Management) is OK. He did so on a linux kernel mailing list and so anticipating the reaction, with the Subject line: Flame Linus to a crisp!, he wrote:

"I'm going to just hunker down for some really impressive extended flaming, and my asbestos underwear is firmly in place, and extremely uncomfortable."

Continuing the dramatic costume theme, Linux IDE subsystem guy Andre Hedrick entered, first warning, with a gothic flourish, that:

"Like fire, control DRM/CPRM and you receive benefits. Let it run wild and you will be burned."

Before leaving us with this reminder:

"PS: If this turns into a flame fest, the absolute seriousness of this issue will be lost. I have rented a blowtorch and flamethrower, and [am] prepared to destroy people who attempt to make this messy. One of the last things I will do before stepping to the side, will be to resolve this issue in a constructive way. So if it turns nasty, I am here for the long haul."

So we were in for a reet, really good game of Dungeons and Dragons. An epic battle. Only, it didn't happen.

Linus added:

"The technology itself is pretty neutral, and I'm personally pretty optimistic."

He regretted the demands, but weighed up the responsibilities and concluded:

"Unfortunate? Yes. maybe my moral sense is lacking, but I just can't see myself saying 'no, you can't use Linux for [encoding satellite TV streams]'".

Torvalds reminded us that it isn't the duty of open source software to protect open hardware - ie, the x86 platform, which is where most Linux users are today.

This subsequent bit from Linus is important:

"But such a 'make the machines be something the _users_ can trust' is 100% indistinguishable from a technical standpoint from something where you "make the machine something that Disney Corp can trust". There is _zero_ technical difference. It's only a matter of intent - and even the intent will be a matter of interpretation."

Which is correct, but where this leaves the GPL after all this has eventually been decided someplace else, at some point, is more than collateral damage.

Hedrick didn't throw down any more bolts of lightning, and they all wandered off and starting about strange things like 'how does this affect Quake?', which is a barmy thing to be talking about at such a historic moment.

Before Larry McVoy stepped in again to tell us how great his Bitkeeper software is. Again.

"The rockets go up - who cares where they come down?"

Which does sound like what we heard from the TCPA lot, who were sensitive to echoes of Tom Lehrer's famous disclaimer for the rocket scientist:

"Who cares where they come down, that's not my department, says Werner von Braun."

TCPA folks adopt the argument that it's "technology neutral" and honest guv, don't ask us about the morality of all this, we only work here.

The issue that brought this to the fore has been the embedded Linux contingent, who have been caught playing fast and loose with the GPL before, but who do stand a good chance of working Linux into entertainment playback devices or gateways, such as set top boxes and handhelds. These guys are working for pretty reactionary companies, and with things getting tough, these companies are looking to get something for nothing, as they do in tough times.

So they might want to pull stunts such as "can we use free Linux in our boxes to carry encrypted content and violate the GPL without anyone noticing?"

It's only a couple of months since Transmeta itself incorporated DRM support into its processors, so we were wondering how long it would be before Linus Made A Statement.

And now we have A Statement. Linus says he has faith that the public won't buy crappy DRM services which restrict their rights, such as the service Steve Jobs launched on Monday for his Apple computers. Just as dongles failed, DRM media and systems will fail, he said, because no one will buy them. (We remember hearing the same sort of argument from the EFF at about the time that CPRM on ATA, and copy-protected CDs were being introduced.)

So - why is it so quiet in here, we asked Alan Cox.

Cox told us that one way or another, this was an issue that would be decided in court.

"Really the question is 'can you use GPL'd code in a signed system'. The answer is a legal not a technical one and nobody can change that. It may be that future GPL versions take a clearer line on it (as GPLv2 did with patents) but for current code the situation is simply 'Ask your lawyer'."

Yes, but what happens then?

Andre Hedrick, who has not let us down yet, asks:

"How they do they deal with digital signing a kernel for use in an embedded environment - violating the GPL - without imposing restrictions on the GPL?"

"DRM is a media lock; interfaces aren't copyrightable - so the GPL won't help you there."

And if it comes to a lawsuit, who gets it in the ass?

"Is Linux a sum of its parts, or are its parts separate?"

In other words, who gets sued, and what are the implications? These are pretty big questions, and no one seems to be asking them.

The important thing to remember is that the GPL is a social construct, rather than a legal construct, which has never been tested in court. Its authority derives from consensus, not from the random fancies of a Judge. Throwing the GPL to the legal system now does seem to expose the Movement to an enormous amount of risk. Are we all aware that this is happening, and do we all appreciate the risk involved?

Larry McVoy did have a nice summary which, although he may have been talking about patent implications, resonates here:

Me: Action A is leading to reaction B which you don't want.
You: Action A is perfectly legal, etc., etc.
Me: It's not about whether it is legal or not, it's about reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Reaction B is what you don't want, it's behaviour A which is the cause.
You: Action A is perfectly legal, etc., etc.
Me: You keep missing the point about the reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Err, umm, how many times do I have to tell you it is the reaction that is what you want to avoid?
You: Action A is perfectly legal, etc., etc.
Me: Sigh.

Next in this series: Steve Jobs blesses DRM, and nothing happens. ®

Related Story

Of TCPA, Palladium and Werner von Braun .

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.