>ed2d2 commented: But can the "trusted computing" scenario not be used to protect GNU works?

Trusted Computing defeats the GPL, in many cases the source code becomes essentially useless. If you change a single line then the software can no longer access it's data files and it can no longer connect to other programs locally or over the internet. The data files and communications can be encypted. Any change at all causes the software to fail to work. Trusted Computing's fundamental function is to deny you access to your own encryption keys.

>aridhol commented> Trusted computing requires that the binaries be signed by a trusted signer.

That is a common missunderstanding. Trusted Computing can certainly make use of such signatures to be even MORE oppressive, but Trusted Computing works even without any signatures at all. The program is hashed and that hash is used as a sort of signature. That hash is used to generate an encryption key that you are forbidden to see. If you change the program in any way then the hash changes. If the hash changes you can no longer use the correct encryption key. Without the correct encryption key it is impossible for the progeam to read it's own files or to talk to other people running the same software. So even with no signature at all the Trust System imposes a total lock-down against you.

>D*ckBreath commented: The "trust" in trusted computing means that (1)the user and (2)the software provider can both be assured that the software and hardware are not tampered with.

It s possible get (1) owner protection and assurance without imosing (2) total and abusing software provider over the owner of the computer. You can do it with hardware identical to Trusted Computing (thus with identical ability to protect the ower) where the owner is given a printed copy of his master key that is locked inside the Trust chip. If the owner knows his master key then he has full control of his computer, he gains the ability to override any atempt to abuse the system against his wishes.

>D*ckBreath continues: this does mean that, yes the software is (1)not compromised by a spy, or spy agency, or some enemy, or by some virus; it also means that (2)the software is not compromised by the end user.

Again, you can get all of the protections of (1) and none of the abuses against the owner (2) simply by lettign the owner konw his master key. If he knows his key then he can "compromise" his own machine if he likes. However it is impossible for an owner to "attack" himself ot "compromise" himself. Any change he chooses to make to his own system is perfectly legitimate.

>D*ckBreath continues: A software package that does something good, such as securely handling classified data, can be trusted to do its job properly.

Yes. And if the owner is allowed to know his own master key then such security is fully enforced so long as they is what the owner wants. Letting him know his key cannot in any way reduce his security.

>* VPC commented: The only thing taken away from a user

The central design factor of Trusted Computing is that the owner is forbidden to know his key. There is NO POSSIBLE legitimate justification for that. Any benefit for the owner can be had by the same system here he knows his key. The sole purpose for that design factor is to hijack his machine as a weapon against him

If the owner knows his key then the entire Trust system falls apart. That therefor implies that the owner is forbidden to rip owne his own machine and read out his key with a microscope. Currently they merely make that inconvient to do, and thus the system is pointless. I could simply go into business reading out people's keys for them and the Trust system falls apart, turning into the beneficial system I described where every owner is given a copy of his key in the first place. In order to then 'protect' the Trust system there will be an overwhelming call to make it CRIMINAL to open up your own property and look at it under a microscope. So the Trust system actually implies revoking basic property rights. And that's on top of all of the abuses of the system that I won't bother to even begin listing.

I will finnish off with the ultimate danger - Cisco is produced a new router. It is a Trusted Computing Router. It is being hailed as "blocking viruses". It does not actually block viruses. What it does is (1) require that you be running Trusted Computing, (2) use Trusted Computing to verify that you are running "approved" software such as a mandated operating system version and an approved firewall (thus the anti virus claims), and (3) if you are not "compliant" it denies you an internet connection. The President's Cyber Security advisor gave a speech at a computer conference calling on ISP's to install these routers and make Trusted Computing compliance a MANDATORY part of their Terms Of Service for internet access once most of the public has replaced their old non-Trusted machines with new Trusted ones. If you don't have a Trusted machine you are banned from the internet. If you swicth off Trusted Computing then you are banned from the internet. If you alter your BIOS, or alter your OS, or decline to run the software they mandate, or you choose to run any software they forbid, then you are denied internet acces.

At that point it's Game Over. You must "voluntarily" and totall submit or your computer is a worthless lump of slag. You no longer own your machine. You have no control over what it will do or what it will refuse to do.

The problem with "trusted" computing is that if you decide to load a piece of software that is not "trusted" (i.e. does not have a certificate based on the executable code). It may not load, or the other software you are running will stop working.

For example, you decide to compile the source for OpenOffice yourself, and load it. Nope- the "trusted" components on your computer will refuse to load it.

Basically, anything you can compile yourself is not "trusted". The only thing "trusted" are binaries with certificates.

You can kiss goodbye to running anything that is open source and is distributed in source form for you to compile. And even if open source projects do get trusted certificates for their code, you can say goodbye to rapid releases of new versions with new features or bugfixes.

See the threat to open source now?

I think that you are completely wrong in thinking only thieves and people who don't understand trusted computing are the only people who get upset. Anyone who actually understands the implications to Linux and Open Source should be getting upset (do you think the "trusted" platform will let you run Linux? Do you think that you'll be able to run legit imately purchased software like MS Office under Wine?).

The only people I can understand getting upset about this technology is:

1) Thieves and malicious computing personalities
2) Honest PC-users who don't understand trusted computing

The only thing taken away from a user is the right to state that they are to be trusted, without someone actually checking up on it. Other than that, what's the problem?

> The GPL has succeeded for the last decade, while I have
> been tending it, because it worked, not because it failed
> or was in doubt.

Eben Moglen confuses the superior moral and ethical
imperative of the GPL with its legal inferiority. The GPL
has succeeded because no one has tested its legal validity
in a serious court challenge.

Moglen's theory of:

"Licenses are not contracts: the work's user is obliged to
remain within the bounds of the license not because she
voluntarily promised, but because she doesn't have any right
to act at all except as the license permits."

http://www.gnu.org/philosophy/enforcing-gpl.html

is legal gibberish.

******
Here's an email exchange with RMS:

"I assume, however, that at least some people want the GPL
to be binding--nothing can make it binding except a claim of
contract."

http://lists.essential.org/upd-discuss/msg00131.html

-- the respondent's email address resolves to:
MICHAEL H. DAVIS, (Professor of Law) Cleveland State
University. Education: Occidental College (B.A.,1967);
Hofstra Law School (J.D., 1975); Harvard Law School (LL.M.,
1979).

******
Perhaps further consideration should be given to:

"(A``non-contractual copyright permission'' would be some
sort of license that does not involve a contract I
suppose, but that is not a well defined term.)"

http://lists.softwarelibero.it/pipermail/diritto/2002-Februa
ry/000641.html

-- the respondent's email address resolves to:
PETER D. JUNGER
Professor of Law Emeritus
Case Western Reserve University
College: Harvard College, A.B. 1955
Law School: Harvard Law School, LL.B. (magna cum laude)
1958

******
How about this:

"The GPL IS a contract. Calling it a license
simply describes the type of contract it is."

http://www.mail-archive.com/license-discuss@openso
urce.org/msg01522.html

-- the respondent's email address resolves to:
ROD DIXON J.D. LL.M.
Visiting Assistant Professor of Law, Rutgers University
School of Law, Camden, New Jersey, Fall 1999 to present.
EDUCATION: LL.M. (with Distinction), Georgetown
University Law Center, 1998. J.D., George Washington
University Law School, 1992. M.A., University of
Pittsburgh, Faculty of Arts and Sciences, 1986. B.A.,
University of Pittsburgh, College of Arts and Sciences,
1984.

Doesn't anyone outside the academic legal community harbor
any suspicion that the GPL is fatally flawed?

Obviously the "broken window fallacy" refers to a limited circle of benefit when the window is broken. Microsoft and other proprietary software companies benefit when Windows break by being able to offer a replacement or upgrade for a fee. The free software (OS) is valuable and allows the cost of the software to be applied in other areas of the economy rather than into the pockets of the proprietary software companies.

>What it really does is it undercuts the value of
>commercial software, which destroys jobs in the software
>industry.

Google for "broken window fallacy". When a formerly scarce good becomes abundant, the economy benefits.

How does giving away "free" software protect free speech? It may be a role model for free speech, but I don't see how it protects free speech.

What it really does is it undercuts the value of commercial software, which destroys jobs in the software industry.

The "trust" in trusted computing means that the user and the software provider can both be assured that the software and hardware are not tampered with. The software intregity is assured.

While this does mean that, yes the software is not compromised by a spy, or spy agency, or some enemy, or by some virus; it also means that the software is not compromised by the end user.

A software package that does something good, such as securely handling classified data, can be trusted to do its job properly.

But also, a software package that

Trusted computing requires that the binaries be signed by a trusted signer. For example, Company A is a trusted signer, and Product B is GPL. Company A can take Product B, modify it to their heart's content, and publish it as their own. As long as they sign it, the computer will run it. The computer has no notion of license, just signed or unsigned.

But can the "trusted computing" scenario not be used to protect GNU works? Can we make sure that others are not infringing on the GPL using this, or am I grasping at straws here? Is there anything in this initiative that could be used to promote our freedoms?

>The result is an increasing movement to create what is in
>truly Orwellian fashion referred to as trusted computing,
>which means computers that users can’t trust.

Great quote! "Trusted computing" is a perfect example of Doublespeak, for which you could also say that the built-in presumption is that the user cannot be trusted.