Published at LXer:

When Iwrote about the wrangling over the GNU GPLv3 licence a month back, it provoked a lively conversation in thecomments. Given this evident passion among readers, I thought it would be interesting to ask the top hackers - the ones actually involved in the discussions - for their thoughts on the matter. So I contacted Richard Stallman for the FSF angle, and a bunch of the top kernel hackers - Linus, Alan Cox, Greg Kroah-Hartman, Andrew Morton and Dave Miller - for their view.

Read More...

I can actually see computers sold in the future that will not work if you modify the code. Of course I thought they would be sold by Microsoft. But maybe they will have Linux in them. If no one objects...

The problem is that there are situations where you do want to prevent modified code from running. Most of the ones I can think of are regulated environments, like a drug manufacturing facility, where software/hardware validation are a big deal. A decent DRM makes sense here

However, this keeps getting lost in the noise over DRM on music and videos and unfortunately, Stallman and the FSF don't seem to understand this. Instead of concentrating on the disease (lack of respect for a users rights to digital content) they are focusing on the symptom (DRM).

You're talking about someone cracking a computer which controls some manufacturing process. It's against the law weather the computer has GPL software or not. I can't hack a computer at work and change things I don't like. It doesn't matter if the computer OS is covered by Microsoft's EULA or weather it runs Linux and is covered by the GPL. The fact is the computer belongs to the company I work for, not me.
You could compare the GPL to being able to modify your own car. You can make it faster, louder change the suspension so it bounces down the road. But you cant do that to your company car can you?
I think RMS understands better than you think. Tivo found a "Loophole" in the GPL and RMS is fixing it. It now appears that Novel/Microsoft may have found another "Loophole". So why is everyone getting so upset with Novel?

Actually I'm not talking about cracking at all (although preventing cracked software from running is a side benefit). In a regulated environment, you have to validate your software (i.e. prove that it does what it says it does). If a vendor updates their software, you need to re-do your validation. By having some sort of DRM, you could tie the key generation to the validation process, so that you literally can't run software on a particular machine until it has been validated. Basically, this prevents mistakes and violations of regulations. Cracking isn't part of the scenario at all.

You and I are probably not going to agree on this part largely because I don't think Tivo did anything wrong. From what I understand, Tivo has complied with the GPL by releasing their changes back to the community. What they have done is prevented unauthorized changes to the system. I can understand that because if they allowed users to change the system, they are going to get pounded with support requests from users who are using modified software. That is a real and significant cost that the community does not have the right to foist onto Tivo. Besides, there are alternatives to Tivo, so if someone doesn't like what Tivo is doing, they can take their cash elsewhere. That will send a bigger message than any FSF action ever will.

As for Microsoft and Novel, I see that as an extortion play by Microsoft that has nothing to do with the GPL, DRM or anything else. Balmer has gone on several rants lately about how Linux infringes on Microsoft IP, and that Linux users need to pay Microsoft for that. Novel has been retarded enough to go along with the extortion scheme, probably because Microsoft paid them a lot to do it and some bonehead in Novel thinks that this gives Suse some market advantage. However, this story is all about greed and intimidation, nothing else.

Well hopefully the vendor supplies the Maintenance Manager with a key so the software can be validated if they do some custom modifications or upgrades. Oh wait, that's "vendor lock-in" isn't it. The only way to modify a machine is if the vendor does it for you and charges 10X what you could do it yourself. If thats the case then they shouldn't be using GPL software.
Surely you don't believe that FUD! The reason for Tivo is that the DMCA doesn't want you to be able to modify the code cause you might figure out a way to make copy's. Of course it's only a matter of time till someone figures out how to modify the hardware to bypass or change the key. My answer to Tivo is to refuse to buy one myself. Just as I would not buy a car if I couldn't modify anything on it. And I'll never again buy an Operating System I can't modify. But still should they be allowed to use GPL software and install it so as to make it impossible to modify the code?
It has everything to do with the GPL. And probably more than a little bit to do with DRM. Please read the Groklaw article "Getting cute with the GPL" if you would like to know why it affects the GPL.

I know FOSS zealots hate to admit this, but not all software markets have the size needed to support GPL software. Want an example? Go look in sourceforge for open source LIMS systems. There are a bunch of them and not a single one worth its weight in warm spit. Most died after the founders moved on. So if I need a LIMS system that actually does what I need, yeah, I gotta go with a commercial vendor. But that still doesn't change the fact that I could really use a DRM system in my validated labs to prevent people from either using un-approved patches or from adding their own stuff onto the system. Yes, ultimately it comes down to trusting the people you have working in your labs, but having another tool like DRM could also help prevent innocent mistakes from bringing regulators down on your head and yanking your certification.

What FUD? You ever dealt with real consumers? They are a pain in the posterior. They will lie, cheat and steal. I bet Linksys has a warehouse full of bricked routers that people returned as "broken" after they tried, and failed, to use open source firmware. The open source community has no right to impose those kinds of costs on Linksys, Tivo or any other company. If the world were a perfect place and people accepted the consequences of their actions, then yes, I would agree that Tivoization shouldn't be allowed. However, the world is far from a perfect place, and I would say the majority of consumers try to place the blame for their mistakes on others, so no, I don't think in the real world Tivoization is a bad thing. And if the open source community is going to insist that it is, don't be surprised when Linux is dropped and Windows picked up.

BINGO! For a corporation, money speaks louder than anything else. This is the only real approach we have that corporations will listen to. I won't buy a Tivo for pretty much the same reason.

I've read articles like that before, and I honestly don't think that the GPL is the real driving force behind the Microsoft/Novell agreement. Yes, Novell is dancing around the GPL, and they have almost certainly violated it, but that is Novell's problem. Microsoft's motivation is to assert some level of ownership over Linux that results in a revenue stream regardless of the license used. They want to get paid every time any operating system is put on a computer. If GPLv3 had been in force, I would bet this agreement still would have happened. Novell just would have had to do some harder singing and dancing. The fact is that Microsoft is trying to monetize FUD. They want to scare people into using approved Linux that results in money to Microsoft and the license/DRM is only a secondary concern. I seriously doubt that they will ever take this into court to try and force it because that would open their patents to scrutiny and they almost certainly don't want that. Also, taking the step of bringing it to court would almost certainly invite a response from the likes of IBM, and they REALLY don't want that.

I agree you should be able to protect your equipment from tampering. You put a big loud login banner which states:
WARNING: Unapproved modification of this hardware/software could get you fired. Is it worth it? You could also write a simple script which runs md5sum checks on all the critical software. Hell put the whole system on a CD and yank the hard drive out. There are many ways for you to protect your system, and you have every right to do so. What I'm saying is that the vendor has no right to tell you that you can't make changes to the GPL software that runs their system. I don't care if it's in the medical field, the financial field, the legal field, the scientific field or the whatever field, there are better ways to protect your system than Vendor keys.
The open source community did nothing to Lynksys except provide them with thousands of man hours of free programming. Also Lynksys probably sold several warehouses of routers because they were open source.

The point is TIVO and Novell both found a loophole in the GPL. No one cares about TIVO but everyone is pissed at Novell. They are both examples of why the GPL is due for a rewrite.

.

This may be a nuance, but it is an important one....The vendor isn't forcing me into a situation where GPL software cant be changed, I'm ASKING for that capability. Yeah, there are ways to lock down machines, but in the kind of situation I'm talking about, DRM is a tool that can be used, and I want the ability to use it in situations where it is needed. This is my beef with the way GPLv3 is going, they are aiming at the symptom (DRM) rather than the disease (a consumers rights).

Oh, and we do use the "mess with this and I'll can your behind" approach now, but I would like something a bit more effective and less confrontational.


True. And my understanding is that both Linksys and Tivo have reciprocated and released all their changes back to the community.

This one I don't agree with. People like us, who do care about the open/closed state of the software are in the vast, vast minority. I would bet that over 95% of the Linksys routers sold were sold because the local computer mega store had them in stock and they were cheap. Most people can't figure out how to turn on basic router security, they sure as heck don't care what OS the thing is running.

That is because Novell did something far, far, far more dangerous. They joined the claim that Microsoft IP is being infringed by Linux and other programs like OpenOffice. Tivoization doesn't pose any real threat Linux. Sure, it may annoy people, and it may be a violation of the GPL, but Linux and FOSS can easily ignore situations like Tivo. Novell on the other had could bring Linux to a halt and it has almost certainly violated the GPL. Yeah, MS is spreading FUD, but depending on what patents are involved (and presuming they could be upheld which is far from certain), it could pose a major challenge to circumvent.

You are right that the GPL needs a re-write, but my problem is that re-write is starting to look like it will infringe on my ability to use FOSS software the way I need/want to. Like I said, DRM is a symptom, not the disease, and the GPL needs to go after the disease.

I personally am sick of ethical debates that goes round in circles. It's too taxing mentally and emotionally...

On the other hand, I will cheerfully use any means necessary (questionable or otherwise) within my power to use the software I want on the system that I own and to hell with the so-called ethics and business practices of those holier-than-thou corporations whose sole motive is profit... if this involves any infringement of EULAs, I certainly wouldn't lose any sleep over it.

I've been working in engineering and manufacturing for almost 20 years, and have designed test systems, written software for test systems, and modified software for test systems. DRM would be the last thing any right minded manufacturing engineer would use, because we would not be in full control of our own hardware and software. How do we gain ISO9000 certification without that kind of control. Also, when we need to change software, alot of times we can't wait for vendors to respond. It's just crazy to think DRM would be a benifit to use in manufacturing. The manufacturing company becomes just another user to limit. Anyways, all the companies I've worked for have in-house methods for software control, including limiting access to source and binaries, version verification during runtime, and standards checks.

Someone at your company has the right to that key. Unless of course you are absolutely positive you will never ever need to make any changes at all. But it sounds like some of your employees are trying to make changes all the time. It sounds like you would rather give up your right to freedom in the hopes that the vendor will supply you with a secure system. You should be looking into ways to secure your equipment, and educating your employees about the need to run original unmodified software. You are the consumer, however, and you do have the right to trust the vendor for your security.

It seems to me that DRM is the disease. What the disease attacks is consumer rights. The actual symptom is loss of freedom.

This is only the beginning of the DMCA's attack on your rights. They have the money, and in this country that means they can get laws passed. I think it's still too early to declare GPL-v3 unnecessary. Now that Microsoft is weaseling it's way into the open source community I think every effort needs to be taken to protect the rights of programmers and users of GPL code.