Linus Torvalds blesses DRM, and nothing happens

Can we just talk about something else, please?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Last week Linus Torvalds said share denial technology, or DRM (Digital Rights Management) is OK. He did so on a linux kernel mailing list and so anticipating the reaction, with the Subject line: Flame Linus to a crisp!, he wrote:

"I'm going to just hunker down for some really impressive extended flaming, and my asbestos underwear is firmly in place, and extremely uncomfortable."

Continuing the dramatic costume theme, Linux IDE subsystem guy Andre Hedrick entered, first warning, with a gothic flourish, that:

"Like fire, control DRM/CPRM and you receive benefits. Let it run wild and you will be burned."

Before leaving us with this reminder:

"PS: If this turns into a flame fest, the absolute seriousness of this issue will be lost. I have rented a blowtorch and flamethrower, and [am] prepared to destroy people who attempt to make this messy. One of the last things I will do before stepping to the side, will be to resolve this issue in a constructive way. So if it turns nasty, I am here for the long haul."

So we were in for a reet, really good game of Dungeons and Dragons. An epic battle. Only, it didn't happen.

Linus added:

"The technology itself is pretty neutral, and I'm personally pretty optimistic."

He regretted the demands, but weighed up the responsibilities and concluded:

"Unfortunate? Yes. maybe my moral sense is lacking, but I just can't see myself saying 'no, you can't use Linux for [encoding satellite TV streams]'".

Torvalds reminded us that it isn't the duty of open source software to protect open hardware - ie, the x86 platform, which is where most Linux users are today.

This subsequent bit from Linus is important:

"But such a 'make the machines be something the _users_ can trust' is 100% indistinguishable from a technical standpoint from something where you "make the machine something that Disney Corp can trust". There is _zero_ technical difference. It's only a matter of intent - and even the intent will be a matter of interpretation."

Which is correct, but where this leaves the GPL after all this has eventually been decided someplace else, at some point, is more than collateral damage.

Hedrick didn't throw down any more bolts of lightning, and they all wandered off and starting about strange things like 'how does this affect Quake?', which is a barmy thing to be talking about at such a historic moment.

Before Larry McVoy stepped in again to tell us how great his Bitkeeper software is. Again.

"The rockets go up - who cares where they come down?"

Which does sound like what we heard from the TCPA lot, who were sensitive to echoes of Tom Lehrer's famous disclaimer for the rocket scientist:

"Who cares where they come down, that's not my department, says Werner von Braun."

TCPA folks adopt the argument that it's "technology neutral" and honest guv, don't ask us about the morality of all this, we only work here.

The issue that brought this to the fore has been the embedded Linux contingent, who have been caught playing fast and loose with the GPL before, but who do stand a good chance of working Linux into entertainment playback devices or gateways, such as set top boxes and handhelds. These guys are working for pretty reactionary companies, and with things getting tough, these companies are looking to get something for nothing, as they do in tough times.

So they might want to pull stunts such as "can we use free Linux in our boxes to carry encrypted content and violate the GPL without anyone noticing?"

It's only a couple of months since Transmeta itself incorporated DRM support into its processors, so we were wondering how long it would be before Linus Made A Statement.

And now we have A Statement. Linus says he has faith that the public won't buy crappy DRM services which restrict their rights, such as the service Steve Jobs launched on Monday for his Apple computers. Just as dongles failed, DRM media and systems will fail, he said, because no one will buy them. (We remember hearing the same sort of argument from the EFF at about the time that CPRM on ATA, and copy-protected CDs were being introduced.)

So - why is it so quiet in here, we asked Alan Cox.

Cox told us that one way or another, this was an issue that would be decided in court.

"Really the question is 'can you use GPL'd code in a signed system'. The answer is a legal not a technical one and nobody can change that. It may be that future GPL versions take a clearer line on it (as GPLv2 did with patents) but for current code the situation is simply 'Ask your lawyer'."

Yes, but what happens then?

Andre Hedrick, who has not let us down yet, asks:

"How they do they deal with digital signing a kernel for use in an embedded environment - violating the GPL - without imposing restrictions on the GPL?"

"DRM is a media lock; interfaces aren't copyrightable - so the GPL won't help you there."

And if it comes to a lawsuit, who gets it in the ass?

"Is Linux a sum of its parts, or are its parts separate?"

In other words, who gets sued, and what are the implications? These are pretty big questions, and no one seems to be asking them.

The important thing to remember is that the GPL is a social construct, rather than a legal construct, which has never been tested in court. Its authority derives from consensus, not from the random fancies of a Judge. Throwing the GPL to the legal system now does seem to expose the Movement to an enormous amount of risk. Are we all aware that this is happening, and do we all appreciate the risk involved?

Larry McVoy did have a nice summary which, although he may have been talking about patent implications, resonates here:

Me: Action A is leading to reaction B which you don't want.
You: Action A is perfectly legal, etc., etc.
Me: It's not about whether it is legal or not, it's about reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Reaction B is what you don't want, it's behaviour A which is the cause.
You: Action A is perfectly legal, etc., etc.
Me: You keep missing the point about the reaction B.
You: Action A is perfectly legal, etc., etc.
Me: Err, umm, how many times do I have to tell you it is the reaction that is what you want to avoid?
You: Action A is perfectly legal, etc., etc.
Me: Sigh.

Next in this series: Steve Jobs blesses DRM, and nothing happens. ®

Related Story

Of TCPA, Palladium and Werner von Braun .

Secure remote control for conventional and virtual desktops

More from The Register

next story
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
Torvalds CONFESSES: 'I'm pretty good at alienating devs'
Admits to 'a metric ****load' of mistakes during work with Linux collaborators
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.