Hypervisors Can Defeat GPLv3's Anti-Tivoization 377
DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.
Bogus! (Score:5, Insightful)
If the code is released under GPLv3, then modifications of the code must be able to run on the same hardware. It doesn't matter if the key to run the code is a checksum or a password to give the hypervisor. Either way, if modification of the client cannot be dropped into the place of the original client (either to run on the same hardware or the same hypervisor), it's in abuse of the GPLv3.
Backfire in responce. (Score:4, Insightful)
For TiVo being a consumer product is Bad, IBM Being corporate product it is good.
Free Software has a lot of advantages but if you try to get too academic with it it gets to a point where adoption of such products are impractical.
Take the TiVo, what GPLv3 wanted to do was force TiVo to release their DRM so the community has access to their product. What actually happends is TiVo
finds a backdoor to the license and uses it, or drops using open source and any stop to any shared contributions from TiVo and a move to a different
platform.
The License for free software is the cost of using the software. (Except for trading money (and rules) for rights to use, you agree to follow these rules for
rights to use) as more rules you add to the license the more expensive the free software becomes. So if you make FreeSoftware to strict on its use
people won't use it. Academically Free as in speech software sounds like a good plan but real life realizes there is information that you want to keep
private.
Re:Don't you love it when (Score:2, Insightful)
Re:Backfire in responce. (Score:1, Insightful)
Re:Bogus! (Score:4, Insightful)
Somehow, I don't think the GPL 3 was so poorly written that it could be circumvented so easily.
Why not? It's just another form of DRM-- and we all know how easy that is to crack...
Re:Bogus! (Score:2, Insightful)
GPLv3 code can do whatever it wants, but the hypervisor can feel free to say "I'm sorry, there is no spiffy network card", "I'm sorry, there is no TV channel like that"
Not a defeat, a different way of doing things (Score:5, Insightful)
While on TiVo, there is no way to change any part of the code without the signing key, in the proposed solution it is possible for the user to change the whole open-source system with an other one, as required by the GPLv3 license. As such, there is much more freedom for the user to tinker with its own system.
But for the manufacturer, it has the distinct advantages that some parts of the system can be isolated from the open subsystem, in a much more stable way, both legally and technically, than in a closed-source driver. Thus, it is possible to implement DRM, software subject to type conformance, or safety-critical tasks without risking corruption from the open system, whatever this system does. And contrary to the current solution, this does not require additional hardware.
Re:Why are we Doing This? (Score:3, Insightful)
Surprise, surprise, companies are in business to make money.
Re:Backfire in responce. (Score:2, Insightful)
Free software advocates beleive that freedom is always practical, indeed is the only practical choice in the long run. I'm sorry if you don't value freedom.
There's not any "circumvention" going on, any more than it's circumvention that I can processes running both GPL and non-GPL applications on my PC. Just some hypervisor hype from - surprise! - a hypervisor vendor.
Re:Going the other way... (Score:2, Insightful)
The key is that people use a license because they like the restrictions, or the lack thereof. Companies love the BSD license when we write code in it, but they don't want to release it that way because their competitors can use it too. Companies love to release GPL'd code because the limitations are sufficient to keep down competition, but still make us happy and allow us to fix their crappy software. It's a good deal for all really. The GPLv3 is just a new version of that, it's a few more restrictions. Any programmer could have written that license, the GPLv3 just codofied it into one fairly solid legal document so that we don't have to each screw it up seperately. Think of the open source licenses as libraries, you could do it yourself if you don't like them, but it's generally easier to pick one that matches fairly well with your goals and run with it. That way there are less likely to be bugs. If someone writes a crappy library I don't use it in my code, and that's that. No reason to hate that programmer for all eternity, or have big flamewars over the code, just inform other programmers of what you feel the defficiencies are, hope that they can make an intelligent decision, and let it be.
So, if you want to keep people from making money on your code without having to release their improvements, license GPLv3. If you want to encourage more people to use the code, including a few edge cases where they might make money on it without releasing it, use GPLv2. If you want everyone to be able to use it and you just don't want someone else to claim that they wrote it use BSD. If you really just want it used and don't care at all, release it into the free domain without any license attached. It's your call, do what you want. I want my code to be used, but I also want it to CONTINUE being used. Code is a living thing which changes over time and needs to be modified, otherwise it will die. I feel that to keep my code alive and in use it's important that changes make it back to the public, thus I would choose a GPL license over a BSD license for most software. The important thing here though is that licensing my code this way is my choice. RMS didn't make me do it. Stop blamming the wrong people. If your mad about licensing, be mad at the people who chose the license, not the ones who wrote it.
I'm not intending to flame the parent. It's just a context to bring up this point. More licenses are just more choices, the essense of freedom is choice. Don't complain about having more of it.
Seems fair to me (Score:5, Insightful)
Really, your new version of the kernel will have the same privileges as the old version. I see no problem with that.
I only fail to understand why they plan to put a kernel above that hypervisor. For it to be of any use, the hypervisor must controll all I/O operations anyway, what they get from Linux?
Re:A pretty obvious workaround (Score:3, Insightful)
"This software cannot run on the same CPU as software that implements DRM"
The DRMer will just use a separate coprocessor.
"This software cannot be distributed with software that implements DRM"
Oops. You can't distribute a Windows machine with a GPLed program on it.
"This software cannot communicate with software that implements DRM"
It can't connect to the internet?
You're asking for the legal equivalent of an evil bit.
Re:Bogus! (Score:5, Insightful)
You must have a huge stake in proprietary software to cheer about this. Note that if this is the way of the future, it's not only "Check and mate, RMS!", but also "Check and mate, general-purpose personal computer!". Well, I guess you will still be able to import one from China, provided you won't get caught. Hurray indeed.
Re:Bogus! (Score:1, Insightful)
aaarrrggghhhh! Please understand that while one is (just) a license, the other is a Digital Restriction Mechanism designed to technically limit your ability to use something. DRM is meant to ultimately enforce "pay per use" strategies of the rights holders, while the GPL is meant to ensure that FOSS remains F. And O. If stupidity were painful, we'd see a lot less of it...
Circumventing? (Score:5, Insightful)
Re:The more you tighten your grip, RMS, (Score:3, Insightful)
The important thing here is that the GPL3 is a license that dicates terms only about the thing to which is applied. By that I mean, Samba is now under the GPL3, which means you can't tivoize Samba, but that doesn't say anything about whatever else you happen to include in the box.
GPL2: You can take Samba, modify it, release the patches, but make the hardware refuse to load any other version. So for instance if those patches were needed to run on that specific device, you've effectively closed that branch of the source. Sure your patches are there, but since they're for that specific hardware and you control it, it's absolutely useless for everybody else, and goes against the intention of the GPL.
GPL3: Under the GPL3 you MUST make Samba replaceable, VM or not.
You seem to understand the anti-tivoization as that the whole device must be open if GPL3 software is used. This is incorrect. The GPL3 on Samba only applies to Samba, and that's the only thing that must be replaceable. The GPL intends to keep the software which it applies to "free" (according to the FSF's definition). The hardware only needs to cooperate to comply with the license on the specific code it's applied to. Anything else isn't included.
Re:Backfire in responce. (Score:3, Insightful)
Since they love to use Tivo as an example, let's run with that. Isn't Tivo's (the company, not the device) use of Linux simply distributing single-purpose boxes that are run by it?
Preventing a company like Tivo from distributing GPLv3 software on a closed device doesn't increase the freedom of the software. It doesn't even have anything to do with the freedom of the software. It's an attempt to impose openness on the hardware irregardless of whether the code itself is free. So not only is it a restriction on what you can do with the code, it's not even intended as a way to keep the code itself free, but to impose restrictions on others in exchange for a limited license.
There are many other reasons that such a clause is counterproductive as well as making the license less free. Companies will either get around the clause by allowing the installation of modified versions of the GPLd portion of the product without allowing the closed portion to continue functioning if the user performs such an "upgrade" (section 6 specifically allows this), or they'll switch to either a more-free or proprietary solution.
Re:Why are we Doing This? (Score:3, Insightful)
Re:Bogus! (Score:3, Insightful)
"If the notion of human rights in the future no longer serves a market need then why should it not perish?"
That being said even if open source software did not exist I don't see the general purpose computer going anywhere.
You misunderstood me. The very same hypervisor tech that is described to circumvent the GPL3 can be used to deny you all unsupervised access to your computer whatsoever. Thus the OP shortsightedly cheers RMS's defeat, when at the same time the general-purpose computer is under threat, and he should rather worry about that (unless, as I suggested, his stake in proprietary software beats his interest in the availability of general-purpose computers).
Re:Backfire in responce. (Score:2, Insightful)
Re:Bogus! (Score:2, Insightful)
No, the only thing the GPL3 "anti-TiVoization" clause does is keep GPL3 software out of set-top boxes, home-targeted networking gear, and other devices designed as limited-use because they're for nontechnical users and making them hard to modify keeps down support costs. It's a big middle finger to TiVo which does nothing for software freedom.
Re:Bogus! (Score:2, Insightful)
Whine, whine whine. (Score:3, Insightful)
Y'know, you could just choose not to circumvent the licensing problems. You could just use code which you can get under a license that lets you do what you want with it. Or you could *gasp* write your own code! What a concept!
And at the risk of sounding petty, they started it. The root of this problem is not the GPLv3, it's DRM and Tivoization. I run a Linux machine, and I use it to view plenty of media which is either un-DRM'd or easily cracked (DVDs) -- and I require absolutely no VMs to do this.
To be perfectly honest, the legalese does not have to dictate the engineering choice here. You could simply make an engineering choice to use an open platform. No engineer in their right mind would use DRM as an engineering choice -- we all know it doesn't work, doesn't even slow the real pirates down much. If you're forced to implement something like this, realize that it is, in fact, a legal choice that someone made to force DRM on you.
Re:Bogus! (Score:4, Insightful)
Nope. [DRM] tries to maximize revenue of corporations by intrusive means discussed at length here on
DRM has nothing to do with revenue. Of course, it's a tool which is most often used with respect to increasing revenue, but there is no fundamental connection between the two. I might, for example, use DRM to release a movie which I wish to re-release occasionally in order to switch which of two characters shoots the other first (not mentioning any names, here). I might charge nothing for these releases, I just want to make sure that everyone is forced to watch the version that I've decided is "current". DRM can do that.
The GPL is a tool which allows me to restrict the use of my source code such that only people willing to grant other people my pet set of rights can distribute it. Everyone else must ask for my permission first, or they get nothing (and likely will get nothing, even if they ask).
Now, I'm a fan of the GPL. I'm a fan of the clever hack which it embodies for using copyright law to control the distribution of additional, non-copyright rights. Very cool. I'm also a fan of the basic idea of offering users who want to share the right to do so.
However, it's completely unreasonable to draw an imaginary line in the sand between one set of restrictions (you can share, but only if you play by my rules) and another (you can use, but only if you play by my rules) on the basis that one doesn't comprise a restriction because the intent is different.
Re:This FUD makes no sense. (Score:4, Insightful)
See, that's never made much sense to me. Why don't they just pick up a gratis operating system with a more permissive license, like one of the BSD's, and stop worrying about tivoizing GPL'ed code?
Or are they actually just evil and want to lock down GPL'ed code because it fills their weekly evil quota or something?
Re:Bogus! (Score:3, Insightful)
Re:Seems fair to me (Score:5, Insightful)
(See http://www.gnu.org/licenses/gpl-faq.html#GPLAndNo
The hypervisor is just another method to achieve exactly this behaviour that was built into the GPL from the very beginning: Make a clear distinction where the proprietary code runs, and where the GPLed code resides. So no: The hypervisor is not a "circumvention device against the GPL3".
Re:Bogus! (Score:2, Insightful)
Re:Bogus! (Score:4, Insightful)
Or maybe they could start playing by the rules of the community they took Linux from, saving millions in development cost and time-to-market. Or maybe the could purchase a closed-source license for another OS. Or maybe they could write their own code instead of taking someone else's, so they can do what they want with it.
Re:Bogus! (Score:2, Insightful)
I love people who think like this.
"This code was just here yesterday! Damn you, Tivo!"