DRM, SUN, TCPA, ...

In an interesting article, Sun Microsystems chief security officer Whit Diffie warns that users could lose control of their PCs with the future DRM systems.

This is an interesting point. With great worry I’ve read during the last years the way TCPA follows (some time ago it’s been renamed to sound “better”). Now the list of companies being member of the TCPA consortium never included SUN - until some months ago.

How’s SUN’s position with DRM and the “mother of DRM named TCPA”, and especially how does Java fit into - or not fit into?

As soon as someone tries to lockdown PC hardware with DRM they will create a market for PCs that aren’t locked down.

Cas

[quote]As soon as someone tries to lockdown PC hardware with DRM they will create a market for PCs that aren’t locked down.
[/quote]
I really hope you’re right, Cas. And in case Java will run on these “new market PCs” I’m totally happy.

I have vowed that win xp is my last Microsoft OS. This is why.

[quote]I have vowed that win xp is my last Microsoft OS. This is why.
[/quote]
Haha. The time XP arrived I thought everyone would stop using MS products. The whole registration process and tons of spy functions… “Who would use that?”, I asked myself. I thought that they overdid it and everyone would switch to linux/mac os… but I was wrong.

I have the bad feeling, that it will turn out that way with TCPA, too. If you cut down the user’s rights in small steps the big crowd won’t notice anything.

Their monopoly is powerful. They keep feeding us sh*t and we keep eating it… well most of us…

Having seen a Mac for the first time years a few weeks ago I might defect… oh no, hang on, Apple are in the pockets of the pigopolists too. Where to turn?

Cas

Compared to the ugly XP registration process the TCPA thing is a “quantum jump” - but in the very negative sense.
Well, I think many people with interest in computers are more sensible what’s conerning that TCPA thing. I know several developers who say: No WinXP, but in particular no TCPA Longhorn, no TCPA PC at all.

However you’re right in judging the masses: they do what the manipulators tell them to do.

The movie “They live” will have to be redone - this time not with aliens but TCPA (Well then, I don’t think Carpenter meant aliens actually.)

[quote]Where to turn?
[/quote]
I always remember an (internal) company slogan at a place I used to work, “We suck less.”

All options suck to some degree. Go with whatever sucks least.

I think you’re overlooking the fact that the ‘masses’ may very well start jumping up and down when they find that they can no longer rip their own CDs and then copy them onto a handheld device because of some DRM feature. Or that they are restricted in some other way.

They’re not exactly up in arms about the fact that they can’t save video streams to disk, can’t play many audio CDs in their machines, are forced to pay royalties to music publishers evey time they buy a CD-R, can’t upgrade much in their machine without having to prove they’re not a dirty criminal…

Outlook used to do a lot more things automatically, but now it doesn’t. Some files it won’t let you receive at all - you can’t even retrieve them from a sandbox, it just destroys the attachments when it sees them. Are people complaining? No. Microsoft tells them it’s for their own good, and that they wouldn’t understand anyway. Better you just let Microsoft take care of things - you’ll be safe then. You wouldn’t want to fall prey to these scary people the media is always telling you about, now would we?

And the sheep shrug, and return to their patch of grass, oblivious to what happening around them.

And on a lighter note…

[quote]I always remember an (internal) company slogan at a place I used to work, “We suck less.”
[/quote]
A while back, during my time writing application servers in C, one of our team slogans was:

“We put the arse in parse”

I wouldn’t count on it; Sun has a history of being on (IMHO) the wrong side w.r.t. to anonymity, freedom, etc.

c.f.:

[quote]Whoa! Those b*stards at Sun that are responsible for the “no-one is allowed to see our site without password and confirmed email access” policy have turned up the heat (…at least, since the last time I had a JDC id).
[/quote]
(and the history of attempting to make it compulsory to register personal info before being “allowed” to log bugs)

NB: This isn’t irrelevant; JDC ID’s are fairly rigorously policed. I’ve had > 5 deleted without warning, presumably because the name and home address were obviously BS.

[quote]And on a lighter note…

A while back, during my time writing application servers in C, one of our team slogans was:

“We put the arse in parse”
[/quote]
ROFL. I know a few friends who would be inspired by that in their current workplaces ;D

Yes, you’re right.
It would be sad if I couldn’t use Java in the future because of “trustworthy computing” (=TCPA). There’s no reason at all to trust TCPA. Why should anyone trust a big group? Have they been elected by the people?

So maybe an OpenSource Java, backed up by SUN and IBM and … would be good. However, TCPA probably will kill OpenSource, too…

How will TCPA kill opensource?

[quote]How will TCPA kill opensource?
[/quote]
Um, because you can’t find a computer that can run open-source software?

IIRC (but it was a long while ago and I may be remembering something completely different here :)) the reason you couldn’t play DVD’s on linux was that the guardians of the encryption system had a recursive restrictive license (just like the GPL) which prevented any licensee from allowing any non-licensee to know the keys etc.

One manufacturer implemented their system badly, so that the keys were easy to get out, and now the whole system has been blown open (because the keys have been distributed widely).

I don’t believe TCPA will take over the computing industry.
I don’t doubt that there will be implementations of it, but a complete takeover is hard to believe.

Someone eventually will come out and advertise non-TCPA systems for sale at half the price of TCPA systems or something along those lines if TCPA does take over the indsutry.
I would bet it is costly to implement TCPA.

[quote]I don’t believe TCPA will take over the computing industry.
I don’t doubt that there will be implementations of it, but a complete takeover is hard to believe.

Someone eventually will come out and advertise non-TCPA systems for sale at half the price of TCPA systems or something along those lines if TCPA does take over the indsutry.
[/quote]
There’s some good articles about the pro, cons and dangers of TCPA on the net, please have a look at. The cons however by far out-weight the pros for me (and a lot of people actually).

You could imagine TCPA to eat all the market, like it’s today with certain monopolies. Take the many Internet sites which just show up correctly with one certain browser, the OS domination, the “Office Word” domination, etc.
Unfortunately a very probably TCPA-scenario is that those who don’t use TCPA systems will “just” be locked out in a similar way. One day you’ll just be allowed to do Internet banking/shopping/blabla when you’re in TCPA mode. Or all the DVDs you buy will just be playable on TCPA systems, the games, too, and so on…

Even if there will be some TCPA-free systems, they’ll reside on an isolated island. It’s like you switched on your old Amiga computer then: nice system but you can just use it off-line and without today’s periphery.

So where and how will Java be in a potential TCPA market?

I don’t see any major problems for Java (at least in principle). A TCPA operating system can certify that a Java application is the one that is expected (verify jar signatures). Or more likely, the JVM can be certified and it in turn can validate any code running within it. Java application authors that required TCPA type operations would have to get their applications certified and signed by some agency. This is likely to cost significant money, and it that which would pose the first barrier to open source software regardless of language — who pays.

So open source software would need some sugar daddy to pay for the certification of the critical components. While still open source, you wouldn’t be able to change this code without recertifying (and paying again).

All assuming that TCPA doesn’t rely on obscurity for its security, but no one would be that dumb would they …