Hypervisors Can Defeat GPLv3's Anti-Tivoization 377
DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.
Can it really? (Score:3, Interesting)
Re:Bogus! (Score:4, Interesting)
Re:Bogus! (Score:5, Interesting)
it just prevents you from getting extra access to the machine by updating the code. Thus it allows "tivoization" without violating the letter (or arguably the spirit) of GPL v3. The GPL code you can hack and modify to your heart's content; the hypervisor just makes sure that said hacking doesn't compromise the machine.
Don't you love it when (Score:2, Interesting)
Do they really think software these days isn't slow and bloated enough without the additional burden of context-switching, just to circumvent the licensing problems?
I equally despise Microsoft and RMS these days...
Re:Bogus! (Score:1, Interesting)
I haven't read TFA, but my inclination is to think the exact opposite: sure you'll be able to modify your GPLv3 operating system. Modify it all you want. Because it won't do you any good.
The actual media handling will be handled by another parallel OS which you can't touch. All the Linux part will handle is the user interface. You'll have a /dev/mediacmd device that can issue commands like "Stop" and "Play" and maybe "Record." And that's all. The GPL side will never be able to access the actual stream data, or display its own.
Going the other way... (Score:2, Interesting)
It used to be that the restrictions on proprietary code caused people to want other options, and jump through hoops to get around the restrictions.
Now people will be doing the same to deal with the restrictions of GPL 3.
Seems that the "spirit" of open software is being compromised by people trying to nail it down in legal terms.
This FUD makes no sense. (Score:1, Interesting)
I'm not sure how this is different from including any other non free junk along with your distribution or what this has to do with GPL3. If the distributor takes GPL3 code and turns it into non free or tivos it, GPL3 kicks in and the distributor loses the right to distribute. If the distributor makes some kind of non free thing of their own, so what? The mechanism should make no difference, the GPL only covers distribution. Who cares if they use a hypervisor or TPM to launch WinCE or a Vax emulator? As long as they don't make someone else's softare non free, no one should care.
Because that makes no sense, let's look further at the other article linked:
"illegal attacks"? What kind of new DRM snake oil am I looking at here? I'd laugh this off if it were not supposedly from some guy at Sun.
The bottom line is that they have tied the software up in hardware and TPM knots. At this rate, I'm not sure what they want GPL'd software for. If they are going to buy a hypervisor and a media player why not buy a non free OS from the get go and spare themselves the trouble and obligations that cut against their anti-social nature? Either way they go, people are going to find a way to get hold of their precious data and devices.
Re:Bogus! (Score:2, Interesting)
Re:Bogus! (Score:3, Interesting)
It depends on how broadly you interpret the spirit of the GPL. Under this scheme you'd run Linux in a VM. Therefore, you could modify the GPL'd code and update it in the VM. Now, if you believe that is the whole of the SPIRIT of the GPL then there is no problem.
However, this is being done for the sole purpose of bypassing a clause in the GPLv3 that would require the manufacturer to essentially open the specifications of the device. The primary reason manufacturers don't want you to have the specs is that they like to take a device and disable functions in software then sell the exact same device at a higher price without the artificial limitations. If they provide the specs then 'modified' firmware that turns on all the device functions will appear, like that for Tivo, Linksys devices, etc.
I personally believe the idea behind the free software movement and the GPL is about more than just opening source. I believe that opening the source is just a mechanism for achieving a higher aim that empowers the user to be able to fully control their own system (provided they have the skill and abilities to do so). Whether it be a playstation, an xbox, a tivo, a wireless router, a cablebox, a general purpose computer, or a fancy wristwatch; a computer is a computer is a computer and the GPL was just a tool created by a group aiming to create a fully open system that empowered to program and control their own computer. After all, it isn't Sony's playstation, Microsoft's XBox, or Linksys's router; when you bought it, they lost all right to any say in how that device is used or modified.
An attempt at an explanation (Score:3, Interesting)
The OS can be altered and recompiled on the PC at will, staying well within the provisions of the hardware/software definitions as used in the GPLv3 license.
But when streaming video from the PC to the Tivo, remote attestation is used to verify the signature of the OS image booted on the PC. If the bootstrap signature is not provided, or doesn't match, the Tivo refuses to play the provided stream.
Got it? Good. Now all you need to do is re-imagine the PC in this model as a virtual machine run inside the Tivo itself, and you get the idea.
There might be a problem with this end-run, however. It all depends on whether the GPLv3 has to say specifically about what functionality is locked out without a bootstrap signature from the VM. If there's some language about insuring "complete", "full", or "all" functionality to modified versions, then it may not matter whether there's a hypervisor in the way or not (although the original network example I gave above is still legit).
I'm intersted to hear what the lawyers have to say.
Re:This FUD makes no sense. (Score:3, Interesting)
They want it because the price is unbeatable.
It's just that it has an annoying license that they have to work around, in order to be able to sufficiently hamstring their users.
Re:Bogus! (Score:4, Interesting)
Check and mate, general-purpose personal computer!". Well, I guess you will still be able to import one from China, provided you won't get caught.
Homebrew it. Engineers shall rule the world
Re:Bogus! (Score:3, Interesting)
Or maybe they will simply port their apps to BSD and use that on the tivo boxes. Or maybe they will license some other OS that will allow them to keep everything closed source.
Or do they have a specific reason for sticking with Linux?
The dumbest topic on /. (Score:3, Interesting)
So where's the beef?
The GPL3 doesn't stop DRM. Woot stop the presses! I could have told you that months ago during the drafting process because it's not designed to stop DRM.
It's ours. (Score:1, Interesting)
THAT is the problem. If I purchase it, it's my hardware and I'll do whatever the fuck I want with it.
There should just be a no bullshit fine print statement in the GPL that states, "any hardware running any GPL'd version of software needs to be 100% unrestricted, same goes for any other software running on that."
I'm sick of this stupid legal babble. "Oh TECHNICALLY we can do this" - kiss my ass.