IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Using DRM to eliminate coding new programs is bad
it's true. I'm still mulling the DRM requirements; making the keys available on request eliminates ANY functions of DRM, though. (I know that's the purpose - but that's Linus' problem with GPL3, and the reason the kernel will probably NOT go GPL3). This is not a bad thing, IMO.

My only need for clarification was about 'personal modifications' - and the term's relation to modifying a program and running it on a server (the running a server = distribution argument).


Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
New DRM to ensure you are running what you want to run...
Is a good thing though. Running the Official stuff or your personal (or commercial) stuff, as long as you can do it without an restrictions (using your own key or a sub-key of the official one)

Using DRM to eliminate coding new programs is bad, it's true. I'm still mulling the DRM requirements; making the keys available on request eliminates ANY functions of DRM, though. (I know that's the purpose - but that's Linus' problem with GPL3, and the reason the kernel will probably NOT go GPL3). This is not a bad thing, IMO.

No, really it does not eliminate the functions of DRM, (though Private Keys being published would). Think of it this way:
E-Mail server, I run one. I have setup my server to completely trust any mail I have signed. I also have my server verify any "signing keys" through public sources. If the key is not valid (being checked through pgp.mit.edu or somesuch) or being in the "allowed" manual approval file, it will not process the mail.
Tivo could very well do something similar, an "authorized_keys" file sort of like for ssh does for key based login. It isn't a very hard thing to do, yet Linus seems to think it is.

I think if verbiage is modified to make that clear... I believe it would be much, much better. IOW, If I add the public part of my sigining key to the "authorized keys" and the program is then allowed to run... it is effectively doing the same thing. Giving YOU the one who compiles the customized binaries signed with your key, the same function as *IF* the private key was available for the "server stuff". This would be the equivalent.

Allowing custom/modified binaries to be run right along side the "official" stuff would be just fine. Even if your key you used to sign the binary was a sub-key of the "official" one, asking for a sub-key would not be getting the "Private Key" of Tivo.

But, I await your response.
My only need for clarification was about 'personal modifications' - and the term's relation to modifying a program and running it on a server (the running a server = distribution argument).
It depends on too many things to work out right now.

I actually think setting up a way to deal with personal DRM (or signed etc..) would be a good thing. If commercial interests would allow us to get those sub-keys or even run "manually authorized" keys (as in a file with it in it), could be the workaround you are looking for Skip.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
New If anyone can get an authorised key
then anyone can craft software that runs. That's the point, after all.

If the keys supplied work (and work they must, to comply) and anyone can get one,without restriction (like the source) then the keys are essentially meaningless. It would be like locking your house with a lock you designed yourself, but leaving a bucket of (different) keys that work on your doorstep for any and all to take and use. What good does a lock do if anyone can get a key on demand? What's the point?

Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
New I think I see Greg's point
The right analogy is that a lock has been designed which any number of keys can be made to fit, but only a small number fit by default. If we require that users can always make additional keys fit, then we get the benefits of DRM (you know only authorized keys will fit) with the benefits of the GPL (anyone can run what they want on their own machine).

That said, I think Linus is right. Managing this for end users is complicated. In practice people will either not modify keys at all, or will bypass DRM by allowing a key that everyone can use.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
New Hmmm. Hierarchy of keys.
So - say I create a program for, say a Tivo with a GPL3 kernel (big assumption, I know), Tivo's programs are guaranteed to be authorised, and I can authorise the program to run on *my* Tivo as well. Meanwhile the program I wrote wouldn't run on other Tivos without being specifically authorised? I can see that as having some utility...

Or a small number of keys that always work - which leads to your second scenario?

Am I reading you right here, or am I just being dense?

Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
New You've got the idea
I was talking the first option, where Tivo's programs are guaranteed to be authorized but users can authorize more for their programs.

However after a while a third party will produce something useful, and every user who wants to use their software will have to authorize that third party's keys. If you want to use stuff from 3 people, you need 3 keys.

Before long users and developers managing this will decide that it is easier to just share a private key among developers. Then users only have to authorize third party software once, and they get lots of software.

So the first option, DRM but users can adjust who has permission, effectively becomes no DRM in the end.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
New *chuckle* But when your goal is no DRM...
...in the first place, that's not so bad either.


Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
     GPLv3 Update #2. - (folkert) - (7)
         Using DRM to eliminate coding new programs is bad - (imric) - (6)
             DRM to ensure you are running what you want to run... - (folkert) - (5)
                 If anyone can get an authorised key - (imric) - (4)
                     I think I see Greg's point - (ben_tilly) - (3)
                         Hmmm. Hierarchy of keys. - (imric) - (2)
                             You've got the idea - (ben_tilly) - (1)
                                 *chuckle* But when your goal is no DRM... - (imric)

My pain became my strength I am reborn I'm deaf not dumb lest you forget.
46 ms