Archive for November 2005

pdk 0.0.20

November 18, 2005

At work I just put out pdk 0.0.20. While only one new major feature is in place, it brings out a significant piece of pdk’s original vision.

The ability to publish your workspace history over anonymous http means that it is really easy for another person to pick up where you left off and make a few changes. They can either pull your work into their workspace as an add-on, or make some changes to your work and publish them back to you. Installing pdk on your web server will make this easy and safe, but it isn’t absolutely required. A simple rsync-to-public-server will get the job done with some minor race conditions.

We’ll have to rework some tutorials in the coming weeks. We can make them simpler now. Basically now you can get started customizing a distro in a couple of easy steps. See the mailing list for details, but it boils down to:

  1. Pull Ian’s (or somebody else’s) workspace.
  2. Add your stuff.

The only major headaches left in the distro development process are making installable iso images and package maintenance.

Jeff has been putting a lot of work into pickaxe, and now he is working on integrating it directly into pdk. This will make the new user experience really easy all the way out to making new installable iso images.

I’ve got package build-farming across multiple architectures and some really jaw-dropping maintenance reporting stuff on my mental todo list.

I’m getting excited about all this progress. One user has already proven that the pull functionality works in the field.

Very cool.

Digital Rights Management: “No Excuses”

November 14, 2005

I’ve been sitting on an idea for awhile, and I think the time has come for me to let it out in the wild.

I call my idea “No Excuses,” and it address digital rights management (DRM) in a novel way.

I’ll start of by diving right into the oversimplified technicals. Skip the next paragraph if you don’t know what AES is.

All digital media is allowed into the wild and can be downloaded via bittorrent or similar system. Every item out there in the wild is encrypted with a block cipher. Each item is encrypted with a different key. When a key is issued to a user, it comes in a certificate where the content holder asserts that the particular key is issued to the particular user possibly with some restrictions.

Put simply, you can download anything for free, but it’s encrypted. You pay the owners to get certificates with keys to decrypt and use stuff you download.

The five laws of the system for the consumer are:

1. You can temporarily use the unencrypted content for playback on your own devices and software players if they don’t already know how to run the “no excuses” system. Therefore…
2. There is “no excuse” for distributing somebody else’s work unencrypted.
3. There is “no excuse” for distributing certificates.
4. There is really “no excuse” for distributing a key without its certificate.
5. There is “no excuse” for misusing keys or otherwise violating some term you agreed to.

This would be almost bonehead easy to implement from the consumer or player side. Managing these kinds of certificates and keys would be straightforward on a desktop computer. It would simply be a plugin for most desktop media players, and the software would be open source.

The requirements for a “no excuses” player would be even smaller. The player would just need to parse key files, decrypt the content, and possibly remove old expired keys.

Few consumers are really interested in defeating the system or being mass pirates. We little people just want to listen to our music on our stuff. The rules of the game clearly allow that, even for players that predate the system. They allow it and give the honest consumer a lot more flexibility in playing content on a lot of devices.

Furthermore, it cuts down on download costs, as bittorrent spreads these out quite evenly.

Mass pirates can still be found.

As a copyright holder, if you stumble on your work being distributed unencrypted, you clearly have recourse, as there is simply “no excuse” for this behavior.

As a bigger distributor or label, if you stumble on a nest of tons of unencrypted files, keys or certs, you still have some tricks in your bag. This is where things get interesting.

Suppose you had a policy of rotating keys every two weeks for all content. When you find an illegal nest of 1000 files, there are some statistical tricks you can pull to narrow down who the culprits are. Furthermore, you can finally get some traction out of that watermarking tech you’ve invested in. Instead of watermarking the content to say “it’s mine,” you watermark it with a nonce you can track later.

On top of that, the value of these illegal schemes will be greatly diminished. The motivations for the otherwise honest person to cheat a system like this vanish as content becomes available in the right forms and for reasonable prices. When the vast hordes of honest people have no use for the pirates, their ability to acquire resources will vanish.

On the legal side of this, consumer and content holders rights could be more directly addressed by some sane laws. A quick aside: since we are talking about the law, intent matters. We all know that people make mistakes and software has bugs. To a judge, intent matters. That said, here’s my worthless legal framework:

1. If software purports support the “no excuses” framework, then it had better implement it. If it can be shown that the writer of the software intended to subvert the system, they can get a civil peanalty. That seems like pretty high legal bar, protecting the honest programmer.
2. Research software is exempt for the duration of the research.

I’d be very curious to get feedback on this. I hope the idea spreads.

By the way, I really despise the term “digital rights management.” Considered in light of the US constitution (I’m American) it gives me the shivers. Maybe “terms of use management” would have been better.