[SPAM] Re: Could there be a law to protect the free choice of operating system?

xdrudis xdrudis at tinet.cat
Mon Apr 1 14:30:55 UTC 2013

On Sun, Mar 03, 2013 at 09:40:22AM +0100, Alessandro Rubini wrote:
> > I think the freedom and rights of all and every citizen of the European
> > Union must be strictly observed in any transaction, and that freedom and
> > those rights should be the priority over the profit of companies and
> > corporations who may have intended to impose their interests.
> While I sympathise, reality is exactly the other way round. The
> profit, the companies and the holy "marketplace" are the most
> important things out there.

Yes the lesson I learnt the only time I spent significant time trying
to prevent a small part of law becoming worse (and seeing our friends
succeed for "once", but business continuing "as usual") is that nobody
cares about law.

Nowadays they are already building hardware (like in chips) that 

1- need propietary software to boot, which even must be signed by
  certain keys before the boot CPU accepts to start the application

2- (but SMM is not new) have privileged software running "below" the
   OS with more access to the system than the OS itself (just as the
   OS under applications has more control than the applications). It
   appears that "they" (who?) sense too much force from free software
   and react by allowing it in a layer as long as there's an
   underlaying layer out of user control than can control the user
   controlled layer. In a positive view, this is a recognition of 
   the success of free software, even in the form of an scalation
   of repression.

3- Even advertise remote management whereby a remote administrator
  (sufficiently blessed by the controllers of the keys) can inspect,
  monitor, alter, repair, etc. the computer from internet

4- Establish (even in W3C) "standards" to exclude user controlled
   software from content/services/connectivity
5- Then there's the continuing trend of featuritis, planned obsolesce
   and secrecy to enlarge the burden for reverse engineering and to
   prevent availability of alternative free software for current
I mean it is becoming incresingly irrelevant that nobody sells hardware
without an OS or with free software preinstalled, if they are 
increasingly building hardware that simply can't run without 
propietary software or pushing services that will be inaccessible
from freedom respecting systems.

I apologise for not having had time to read this thread in all detail,
and don't mean to hitchhike it with off-topic, but I believe secure
boot and similar is quite related, because once the hardware is
incapable of running user selected software, the commercialisation of
the hardware with or without the software the user does not want
becomes moot. We used to assume one problem was many users didn't know
their computer could run something else, due to the overwhelming
commercialisation modes, disinformation, FUD, etc. but for new
computers they are increasingly building them so that the user
misconception becomes fact.

> Unfortunately, I don't think these aims are considered important
> nowadays by the general public or the decision makers.  While I can't
> make specific examples, when I listen to the news I always have the
> feeling things are going the other way and everyone is happy about
> that.

ACK, for example: the next batch of GTA04 phone is being cancelled due
to lack of preorders (a phone as freedom respecting as possible, albeit
with optional propietary wifi, bluetooth, 3D drivers and closed
hardware parts including the GSM chip, yet much more open than any
other phone I know).

I heard somewhere that one study set up to measure how much contract 
legalese internet users did not read when using online services,
and reached the conclusion that an average internet user should 
dedicate some 70 days a year in reading the terms of use and similar
clauses of all the web services they use. They apparently don't care to 
read them, even less to negotiate them, or even to reject the
services because of their terms. So they may be similarly inclined
about software licences. Sorry I don't have the quote handy.

So, even against my own feelings, maybe it is more convenient to 
point people to the inconveniences they live and relate them to
the powers that be and the lack of users power / freedom, that 
to just enlightem about licence clauses who nobody really believe
they're worth anything. Not simple though. And the worst inconveniences
are yet to come.

> So, the right path to attack the problem you describe is requesting a
> split of the contract.  Since we users (and even the decision makers)
> know very well that we *own* the laptop but only have limited rights
> on the software we get, we can request to sign two different
> contracts.  One item is *sold* and the other is *licensed*.  We need
> to remind that to customers (to prevent "piracy" and "raising
> awareness" about the issue, yo know), so software companies may have a
> harder time fighting this than other, stronger, proposals.

Undocumented hardware and hardware that enforces signatures on 
boot software isn't exactly hardware users "own". And hardware
users can own is arguably extinct or almost so.
> While I have no direct experience, I think the "preferred" OS is even
> installed or unlocked or whatever the first time you turn on the
> computer (maybe software vendors want to remind users that that's own
> copy that cannot be lent to others, or something similar).

I thought so too, I don't have the experience either, but was told by
some people from that French NGO against racketiciels that this is not
so in practice, they said in France shops often install software and
accept licenses in behalf of the users before selling PCs, arguably
because consumers find that too confusing (maybe confusing to understand
the terms, and outraging to know them), or because it is necessary or
convenient to install further software the shop wants installed. 

My impression was that the practice of selling most of the PCs (at
least for consumers) was already illegal with the status quo, but
nobody was acting against this particular violation. I'm not sure it
is really illegal because I believe you can sell second hand software
in the EU, so maybe the licensor is the shop and then sells the
licenses second hand somehow, which I'm not sure is OK with the terms
of the license, but may might be ok with the enforceable terms of the
license, but might be lacking sufficent proof of acceptance by the end
user of the transferred license... Too complex for me.

> Unfortunately, and I'll conclude, this technological market is
> disappearing, and we are late as usual. The desktop pc is marginal
> already (but there you can buy os-less parts) and the laptop it going
> to be marginal pretty soon.  Most modern computing devices are already
> one-vendor-only things like microwave ovens, and their are sold as
> appliances rather then general-purpose computers (again, not me: this
> time is Cory Doctorow).  So maybe Renzo's idea is sound and worth
> following, but maybe it would be wasted time because by the time we
> achieve the result that market place would be inexistent already.

ACK, but note that the os-less parts com with propietary firmware which
has control over the whole system, and which can't be replaced either
for lack of alternatives or for signature checks by those same parts.

So let me add some links to almost recent news on signed boot and PCs:

Hispalinux, an Spanish association is dennouncing secure boot to 
the UE (also in reuters and slashdot and I guess elsewhere).
I'm not sure it will achieve much, but I thank them for trying,
I think it's the proper thing to do. 


Matthew Garret seems to think it's not very useful and says the EU
has already accepted it (I suspect the argument goes that secure
boot is optional for x86 and MS does not have a monopoly on ARM,
so antitrust law may not apply directly to MS).


It appears that signed boot might be compulsory in the computers
the USA administration buys, if this NIST recommendation is binding.
I have only browsed it and don't know enough about the USA to judge
its weight, it appears to not require exactly UEFI secure boot, but
some general signed boot mechanism. 


The W3C seems to accept DRM schemes in web standards, though 
some draft EME specification for browser plugins used to decrypt
content (which would not standarize the software itself, because
DRM can't be truly interoperable and is incompatible with effective 
software freedom, but would give standard buzzwords to new DRM
stacks, which could use remote attestation to force signed 
binaries for popular services and advance social acceptance)

You can sign here against this


More information about the Discussion mailing list