lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 21 Jun 2007 01:54:23 -0300
From:	Alexandre Oliva <aoliva@...hat.com>
To:	"Jesper Juhl" <jesper.juhl@...il.com>
Cc:	"Linus Torvalds" <torvalds@...ux-foundation.org>,
	"Al Viro" <viro@....linux.org.uk>,
	"Bernd Schmidt" <bernds_cb1@...nline.de>,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	"Ingo Molnar" <mingo@...e.hu>,
	"Daniel Hazelton" <dhazelton@...er.net>,
	"Greg KH" <greg@...ah.com>,
	"debian developer" <debiandev@...il.com>, david@...g.hm,
	"Tarkan Erimer" <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	"Andrew Morton" <akpm@...ux-foundation.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Jun 20, 2007, "Jesper Juhl" <jesper.juhl@...il.com> wrote:

> On 18/06/07, Alexandre Oliva <aoliva@...hat.com> wrote:
>> Your analysis stopped at the downside of prohibiting tivoization.  You
>> didn't analyze the potential upsides,

> Maybe that's because I don't really see any up sides.

You do:

> a few vendors that currently tivoize hardware may open up their
> hardware but I doubt that will be very many

You just don't think they'd prevail over the downsides.  *This* is an
opinion I can respect, even if it's as much of a guestimate as mine.
I'm sure both are highly influenced by personal opinions, wishful
thinking and fears.  This is all very human.

>> so you may indeed come to different conclusions, and they may very
>> well be wrong.

> Just because I come to a different conclusion than you doesn't
> nessesarily make it wrong.

Agreed.  I didn't say they were.  I said they could be.  Can you prove
they're right?  Do you even have any supporting evidence to back your
guestimates?  Heck, you may even have more than I do.

I openly admit mine is mostly theoretical.  I extrapolate the initial
success of GNU+Linux on the PC environment, due in a large part to the
ability for users to tinker with their computers, and expect it not to
be so significantly different for other kinds of computers.

For sure you'll get a far lower *percentage* of hackers in consumer
devices than on PCs, whose users used to be far more
technically-inclined and thus more propense to become hackers when
GNU+Linux started than these days.

But then I think of all of these computer users who helped make
GNU+Linux what it is today, and other hackers that hadn't discovered
this inclination before because they haven't had access to hackable
computers.  They could be tinkering with their DVRs, cell phones,
wireless routers et al, and bringing the same kind of exciting
community development to these kinds of computers.

I'm saddened that the major Linux developers are willing to trade all
of this (which I openly admit may be just a figment of my imagination,
or just a tip of an iceberg) for some professional contributions
(good) and some additional exposure that won't do justice to their
software (bad), because these users will miss a big part of the
picture by not being able to tinker with the software in the
environment where they use the software.

>> It's very human to look only at the potential downside of an action
>> and conclude it's a bad action.

> And you believe yourself to be immune to that - right?

Last I looked, I was still human.  So no.  I try to use logic to
reason out such behaviors when I realize they might be in action.
But, as the saying goes, logic is a tool we use to justify our
intutions.  Or, logical reasoning is a tool to make the wrong
decisions with a greater amount of confidence ;-)

>> You can create the device using GPLv3 software in it.

> Not as long as I want to prevent the user from tampering with it, no.

<broken record>mumble ROM mumble</broken record>

> But do you really expect a vendor to put a device on the market where
> they also lock themselves out of upgrading it and releasing new
> software for it?

Depends on how badly they want to use the GPLed software.

Don't you guys think Linux is so technically superior that some
vendors might prefer to stick with it (should it move to GPLv3, or
tivoization be found to be already forbidden by GPLv2 in a US court or
elsewhere) even if this means going to ROM or respecting users'
freedoms?

Or are Linux advantages so thin and fragile (if they exist at all)
that you're just hoping nobody realizes there are better choices out
there, and you're desperate for vendors not to realize this?

> For a few select individuals that may be true. But for the majority of
> the population it won't mean a thing.

Agreed.  You're thinking of percentages (fewer percent hackers among
consumers of user products than among PC users).  I'm thinking all
hackers in PCs could become hackers of such devices as well, and then
some.

>> This is the upside that you left out from your analysis, and from
>> every other analysis that set out to "prove" that anti-tivoization is
>> bad that I've seen so far.

> I'm sorry, but I don't think it holds water.

Fair enough.

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
FSF Latin America Board Member         http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@...dhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@...d.ic.unicamp.br, gnu.org}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ