Re: [Fsfe-uk] Explanation of Tivosiation and problems - comments sought

[Chris Croughton]

On Fri, Dec 15, 2006 at 04:10:53PM +0000, Ciaran O'Riordan wrote:
> 
> I'm writing a blog entry about Tivoisation, how it works, what problems it
> causes, and how it can be blocked.  I plan to put it on line on Monday, but
> any comments would be welcome.  My main concern is whether it is easily
> understandable.


Defining the term at the start (and spelling it consistently) would
help.  It's not a word I've ever seen before, and to me it would imply
something like "turning a computer into a digital video recorder", which
is not something I'd want to block...

> Tivoisation is a way of giving someone a computer whose software can
> be upgraded but which will refuse to run any software that isn't first
> authorised by the manufacturer.

Which has what to do with the word?

> To implement tivosiation, a manufacturer must do three things:
> 
> 1. Put a chip in the computer which will check any software before it
>    is run and which will only allow the running of software if an
>    authorised digital fingerprint is found.
> 
> 2. Inject that certain digital fingerprint into each version of their
>    own software.
> 
> 3. Don't tell their customers the fingerprint.
> 
> By doing this, the manufacture can still publish new versions of the
> software in the future.  It just has to inject the secret fingerprint
> and then publish the software and users will be able to run it.

I thought that was a MS idea.

> However, if the user tries to use a modified version of the software,
> or tries to run some third-party software, the computer will refuse to
> function fully, or will simply not run the software at all.

Sounds like MS (and was it IBM?) to me.

> ==Controlling your own computer==
> 
> There are two reasons why free software licences should block
> tivoisation.  The first is that tivoisation prevents users from having
> control of their own computer.

Does the inability to get and change the code for your car engine
control system "prevent you from control of your car"?  Or does not
having the code for your mobile phone prevent you from controlling that?

> We can see the importance of this by looking at the first company to
> do tivoisation: the Tivo.  The Tivo is a tivoised computer which runs
> GNU+Linux.  The software in the Tivo includes spyware which gathers
> information about the user and automatically sends that information to
> Tivo.

Ah, now we come to the definition of the word.  Unfortunately, for
anyone in the UK it falls flat on its face because TiVo have done none
of those things here (except use the Linux kernel, and precious little
other GPL software apart from TCL; some other people have ported other
GPL utilities to run on it, but TiVo didn't).

> The GPL ensures that Tivo owners can get a copy of the source code,
> but because of tivoisation, any effort to modify the software and use
> it will fail.  Being able to get a copy of the source code is not
> enough in this case.

Nope, it doesn't fail on mine or any other UK TiVo.  I can run anything
up to and including GCC on it, assuming I can make it fit (and failing
to fit enough memory to run some other program is not a crime).

OK, their own software is not covered by the GPL, in most cases
(although since much of it is in TCL the source is by definition
available, since TCL is an interpreter; it isn't very well commented,
but then neither is that of many GPL utilities).  But again, there is
nothing in the licence of the Linux kernel which says that everything
you run using it must be covered by the GPL (if it did many thousands of
us would switch to one of the BSD variants in a hurry).

> By making computers non-programmable, tivoisation makes...

... them not usable as computers.  They are appliances which happen to
have a CPU in them.  I don't expect to be able to run GCC on my fridge,
or my car engine, or my cable router either, even if they did give me
the source to them (which in the case of the engine control system they
are probably forbidden to do by law any, and for good reasons, I really
don't want to be driving anywhere near someone with a hacked engine
system!).  I don't care what OS they are running, as long as it is
stable enough for the purpose.

> free software
> users non-programmers.  Normally, when our software spreads, we gain
> more developers as some of the users will know how to program, and
> they will make small or large changes, and many will publish their
> improvements so that everyone, including the non-programmers, can
> benefit from the general ability of the community to modify the
> software.

Out of interest, how many good programmers has that actually created?
And how much useful feedback has it generated from people who weren't
programmers?  I'm already a programmer (and people pay me to do it so I
can't be all that bad) but I have only looked at the kernel code a
couple of times, and never submitted any changes, because by the time I
actually notice a problem there's a new version out which fixes it (the
one time I analysed and fixed a bug in anything major (in GDB) I checked
just before submitting it and found that a patch had been released te
day before).

I have contributed to fixing bugs in some FOSS, but only because I was
already wanting to program code in that area and to use that software.
If I had been only using it as part of an appliance I would be very
unlikely to do so (the only software of my own running on my TiVo, for
instance, is a two-line hack to one of the 3rd-party applications, and
is to do something in which no one except myself seems remotely
interested -- and since it works now the way I wanted I don't even
remember what it was, it just sits there and works, much like my only
kernel driver hack did until a later version of the kernel fixed it in
another way).

Yes, there are things with lots of software (and firmware) which I would
like to be different, but in reality (a) I'm probably the only person
who wants those changes and (b) I have other things to do rather than
trying to change some massive chunk of code.  And I'm a born tinkerer,
most people just want the thing to work, they don't even want to know
that it has a processor let alone how to program it.

> With Tivoisation, the ability of the community to choose the direction
> the software develops in is inhibited, and the link between the spread
> of our software and the growth of our developer community is cut.  If
> a million people bought Tivos, there would be an extra million
> GNU+Linux users in the World, and we would gain zero developers.

Yup.  But none would be lost either.  Exactly the same as if a million
people bought MP3 players, or TV sets, or telephones, or refrigerators.
No one would know or care that it was running Linux, or BSD, or Windows,
or VMS, or whatever, it's an appliance.  The only people with any
interest are the developers, and companies who own the rights to the
software and charge royalties on it.

> This is unfortunate, to any degree, but it can also become
> particularly problematic if it becomes widespread.
> 
> If we accept this behaviour from hardware manufacturers, we will get
> more of it because hardware manufacturers won't turn down the
> opportunity to have more power over their customers.  If Tivoised
> computers become the norm and the era of programmable computers fades
> into history, free software development will be in trouble.

If enough people want unfettered computers, they will design and make
them.  Look at the Balloon board from Aleph One, completely GPL including
the hardware design.  I hear the Chinese have their own box well on the
way.  Yes, the era of cheap multi-purpose PCs may be ending, but that's
because the vast majority of buyers never wanted that anyway, they
wanted a word processor or a games machine or some other appliance not
something to program.

> Of the three components of tivoisation mentioned above, item #3 is the
> problematic one.  If manufacturers implement #1 and #2, but told each
> customer the (possibly unique) digital fingerprint and how the
> customer can include it in software, then there would be no problem.

But would there be any point in using it at all?  If I have an appliance
then I don't want any random person able to install stuff on it, I want
it to carry on working.

> Allowing items #1 and #2 is important because they can be used for
> security purposes.

While distributing the keys so that anyone can still install any
software they like?

> So, discussion draft 2 of GPLv3 blocks item #3 by saying that when you
> are required to distribute a program's source code, you must include:
> 
>   ...any encryption or authorization keys necessary to install and/or
>   execute modified versions from source code in the recommended or
>   principal context of use...
> 
> This only applies to people distributing hardware plus software where
> the hardware is configured as in step #1 above.  If you are just
> distributing software, then the number of keys that are necessary to
> install and/or execute the software is zero.

As long as the software doesn't need them.

> So this language only
> applies to a small number of hardware manufacturers, probably less
> than ten.

Which in itself makes it suspicious.  And the use of the name of one
manufacturer also makes it look like some kind of vendetta, rather like
MS deciding to call all GPL software 'Stallmanware'.

First find a neutral term which doesn't pick on one manufactuer, and
define it at the start.  Then if you want to pick on one manufacturer as
an example make sure that it isn't going to be seen by a lot of people
as obviously incorrect in their area.

Chris C