On Mon, 2005-11-14 at 10:28 +0900, Andre Caldas wrote: > I don't think this should be a matter of: 'Is there any good uses?' > Probably people can come up with good uses for it easily. The problem > here is: > Is it possible to separate the good and bad uses? > > Is it a trade? Do I have to agree with the 'bad uses' in order to have > the 'good uses'?
Yes. This is a generic condition of living. I want to suggest an analogy that may be thought provoking. Prior to the invention of the printing press, duplication of documents was incredibly expensive. As a practical matter, it was available only to governments and members of the aristocracy. If you look at the documents that were widely duplicated, many of them can be seen as tools of social control. The printing press changed this. Later, the web changed it further. But if you had evaluated the social benefit of duplication prior to the printing press, you would have concluded that it was basically an anti-freedom technology. I want to suggest that TPM is now in the stage comparable to "duplication before the printing press". Just as we would have been wrong to discourage scribes, we would now be wrong to discourage TPM. Consider, for example, that effective DRM would essentially destroy centralization of content ownership. The basic job of RIAA is license management, but in a connected world with widely available TPM hardware, any musician can now do this for themselves directly and cheaply. This is certainly not the type of freedom that FSF is trying to advance, but decentralization of this form is definitely a change in the direction of freedom. I also want to suggest another historical parallel: Nobody worried much about copyright prior to the printing press. It was the newfound low cost of bits that prompted the introduction of copyright. This has now happened again in computing, and a new technology is emerging to enforce property rights for bits. This technology isn't going to go away, and it doesn't defeat open source. In the end, open source will not succeed or fail with the masses on the strength of its moral position. The masses mostly don't care. Open source will succeed or fail because it is better, more agile, more responsive, and more robust. GPL is a very effective tool for building collaborations, which is why it sits underneath so much good code. If you go out and say to people "give bits away because it is right", they will mostly laugh at you. If you go out and say "give bits away because it serves to accomplish something you care about" you stand a chance of success. In my personal opinion, the technical battle over TPM hardware and the unrestricted ability to copy bits is already lost. Content protection is feasible, and it is only a matter of time before it is ubiquitous. Ironically, this is WONDERFUL for open source. The first time some vendor tries to lock down their user's content seriously, there will be a thundering hurd (sorry) of people switching to OpenOffice. We, on the other hand, can use attestation as a marketing tool in the opposite direction: we'll attest that the software *won't* do that. The real danger in TPM doesn't lie in DRM. It lies in the difficulty of configuration management. In the end, the party who successfully tracks all of those cryptographic checksums is the real source of trust in the system. It's too big a job for any one company to do, so a small number of tracking companies will emerge, and they will have very powerful roles in the determination of which systems are trusted to do what. There is a significant opportunity here for an open-minded, open source friendly company to be first, and to have major impact on the behavior of the industry merely by structuring the attestation interaction properly. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
