Feeds

Linus Torvalds blesses DRM, and nothing happens

Can we just talk about something else, please?

  • alert
  • submit to reddit

Website security in corporate America

Last week Linus Torvalds said share denial technology, or DRM (Digital Rights Management) is OK. He did so on a linux kernel mailing list and so anticipating the reaction, with the Subject line: Flame Linus to a crisp!, he wrote:

"I'm going to just hunker down for some really impressive extended flaming, and my asbestos underwear is firmly in place, and extremely uncomfortable."

Continuing the dramatic costume theme, Linux IDE subsystem guy Andre Hedrick entered, first warning, with a gothic flourish, that:

"Like fire, control DRM/CPRM and you receive benefits. Let it run wild and you will be burned."

Before leaving us with this reminder:

"PS: If this turns into a flame fest, the absolute seriousness of this issue will be lost. I have rented a blowtorch and flamethrower, and [am] prepared to destroy people who attempt to make this messy. One of the last things I will do before stepping to the side, will be to resolve this issue in a constructive way. So if it turns nasty, I am here for the long haul."

So we were in for a reet, really good game of Dungeons and Dragons. An epic battle. Only, it didn't happen.

Linus added:

"The technology itself is pretty neutral, and I'm personally pretty optimistic."

He regretted the demands, but weighed up the responsibilities and concluded:

"Unfortunate? Yes. maybe my moral sense is lacking, but I just can't see myself saying 'no, you can't use Linux for [encoding satellite TV streams]'".

Torvalds reminded us that it isn't the duty of open source software to protect open hardware - ie, the x86 platform, which is where most Linux users are today.

This subsequent bit from Linus is important:

"But such a 'make the machines be something the _users_ can trust' is 100% indistinguishable from a technical standpoint from something where you "make the machine something that Disney Corp can trust". There is _zero_ technical difference. It's only a matter of intent - and even the intent will be a matter of interpretation."

Which is correct, but where this leaves the GPL after all this has eventually been decided someplace else, at some point, is more than collateral damage.

Hedrick didn't throw down any more bolts of lightning, and they all wandered off and starting about strange things like 'how does this affect Quake?', which is a barmy thing to be talking about at such a historic moment.

Before Larry McVoy stepped in again to tell us how great his Bitkeeper software is. Again.

"The rockets go up - who cares where they come down?"

Which does sound like what we heard from the TCPA lot, who were sensitive to echoes of Tom Lehrer's famous disclaimer for the rocket scientist:

"Who cares where they come down, that's not my department, says Werner von Braun."

TCPA folks adopt the argument that it's "technology neutral" and honest guv, don't ask us about the morality of all this, we only work here.

The issue that brought this to the fore has been the embedded Linux contingent, who have been caught playing fast and loose with the GPL before, but who do stand a good chance of working Linux into entertainment playback devices or gateways, such as set top boxes and handhelds. These guys are working for pretty reactionary companies, and with things getting tough, these companies are looking to get something for nothing, as they do in tough times.

So they might want to pull stunts such as "can we use free Linux in our boxes to carry encrypted content and violate the GPL without anyone noticing?"

It's only a couple of months since Transmeta itself incorporated DRM support into its processors, so we were wondering how long it would be before Linus Made A Statement.

And now we have A Statement. Linus says he has faith that the public won't buy crappy DRM services which restrict their rights, such as the service Steve Jobs launched on Monday for his Apple computers. Just as dongles failed, DRM media and systems will fail, he said, because no one will buy them. (We remember hearing the same sort of argument from the EFF at about the time that CPRM on ATA, and copy-protected CDs were being introduced.)

So - why is it so quiet in here, we asked Alan Cox.

Cox told us that one way or another, this was an issue that would be decided in court.

"Really the question is 'can you use GPL'd code in a signed system'. The answer is a legal not a technical one and nobody can change that. It may be that future GPL versions take a clearer line on it (as GPLv2 did with patents) but for current code the situation is simply 'Ask your lawyer'."

Yes, but what happens then?

Andre Hedrick, who has not let us down yet, asks:

"How they do they deal with digital signing a kernel for use in an embedded environment - violating the GPL - without imposing restrictions on the GPL?"

"DRM is a media lock; interfaces aren't copyrightable - so the GPL won't help you there."

And if it comes to a lawsuit, who gets it in the ass?

"Is Linux a sum of its parts, or are its parts separate?"

In other words, who gets sued, and what are the implications? These are pretty big questions, and no one seems to be asking them.

The important thing to remember is that the GPL is a social construct, rather than a legal construct, which has never been tested in court. Its authority derives from consensus, not from the random fancies of a Judge. Throwing the GPL to the legal system now does seem to expose the Movement to an enormous amount of risk. Are we all aware that this is happening, and do we all appreciate the risk involved?

Larry McVoy did have a nice summary which, although he may have been talking about patent implications, resonates here:

Me: Action A is leading to reaction B which you don't want.
You: Action A is perfectly legal, etc., etc.
Me: It's not about whether it is legal or not, it's about reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Reaction B is what you don't want, it's behaviour A which is the cause.
You: Action A is perfectly legal, etc., etc.
Me: You keep missing the point about the reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Err, umm, how many times do I have to tell you it is the reaction that is what you want to avoid?
You: Action A is perfectly legal, etc., etc.
Me: Sigh.

Next in this series: Steve Jobs blesses DRM, and nothing happens. ®

Related Story

Of TCPA, Palladium and Werner von Braun .

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.