Isaac wrote:Sorry, I'm having trouble finding this information:
I want to know if developers have any anti piracy security for purchased applications, which are done through 10.10's Ubuntu Software Center "For Purchase" section. In other words, once the purchased application is on someone's computer are there any deterrents in place to keep the user from freely redistributing the application?
Thank you very much!♥
Two of my favorite replies (note that both are edited to be shorter):
phrostbyte wrote:Adding any form of DRM to the GNU/Linux OS is sacrilege.
bryncoles wrote:--we're having a mature discussion about the merits and plausibility of implementing kernel-level drm, and no one has threatened to leave Ubuntu over it yet? What's with people -- this is actually an issue!
Well, I'll throw my toys out of the pram. I'll leave Ubuntu, and GNU/Linux over this. I'll get me of of those 'Difference Engines' or something...
Adding kernel level drm goes against everything that Linux and OSS stands for. Of course you are going to get those types of responses. Besides, if kernel level drm was added people will just build their own kernels without that part. Linux is about freedom and all the control given to the user or admin of their machine. DRM is quite the opposite, meant to take control of people's things AWAY from them and give them to the content creator/government/[big evil corp] whatever.
EDIT ADD: If anything, it would be nice to see something like Steam on Linux. It allows you to install your games and use them on any computer you want. A steam like client for any commercial software might be the right way to go.
Xamindar wrote:EDIT ADD: If anything, it would be nice to see something like Steam on Linux. It allows you to install your games and use them on any computer you want. A steam like client for any commercial software might be the right way to go.
How is that not exactly the thing I was suggesting? They came up with "kernel level DRM" on their own...
edit: this idea is already getting bashed in that thread...
I think the reason why they were assuming that DRM had to be implemented in the kernel was that they were confusing what you were suggesting with something like HDCP, which you need kernel support for. Like you would imagine, there's no reason why you would need (or want) kernel support for what you are suggesting.
Creating an open source alternative to something like Steam would be difficult. Steam provides good protection in part by relying on the assumption that modifying compiled programs is hard, but open source makes it easy... you could just comment out the code that checks to make sure you're licensed. If you wanted an open source version of Steam, you would have to think of something much more clever.
The alternative is Canonical shipping this as a binary blob without the source, which I don't think would ever happen.
I have Matlab and Maple on this machine (Arch) through my school. Matlab has some sort of an \"ID\" licensing key system that includes binding itself to my username. I think it creates some sort of a hardware ID for my computer, too, by which they create my license file.
There are schemes out there that make it at least difficult to pirate software that don't involve tinkering with your kernal.
I do think that you guys are right, though. The most secure way to do it is to force the user to sign on to a remote server each time they want to boot the program... or to have the computer search for a physical dongle.
Isaac wrote:How is that not exactly the thing I was suggesting? They came up with "kernel level DRM" on their own...
I didn't see you suggest anything of the sort on the DBB. I was replying to your first post in this thread, not about the whole Ubuntu thread you linked. You seemed to concentrate on the OS DRM thing so I replied about it.
You can not have OS wide DRM on an open source OS anyway. Steam type is the best you can do. Other options are having each program do its own DRM like you commonly see now on Windows. But that pisses off a lot of people (see Assasins Creed 2 and Spore).
Asking in the forums about Canonicals software is useless anyway. If you need info you need to contact Canonical and ask them.
snoopy wrote:or to have the computer search for a physical dongle.
I always wondered why they don't do that. Besides the fact that you would end up having a bazillion dongles connected to your computer, wouldn't this work just fine? Or are they easy to bypass as well by writing software to fake a dongle?
You could use public-private key cryptography. The private key is on the dongle, and the public key is in the software. The software could generate a random message and ask the dongle to sign it with its private key. Using the public key, the software could verify the signature. With this setup, you wouldn't be able to fake the dongle with a kernel module without knowing the private key.
The problem is that your DRM scheme is only as effective as its weakest link. There's no point in making the dongle harder to defeat than just replacing JMP instructions in the binary code to jump around the check all together, although with modern DRM schemes it's not *quite* as easy as replacing JMP instructions. In fact, I'd be interested if anyone knows how modern DRM schemes like Steam make it difficult to just modify the code to jump around the checks like we could do with CD checks in the Descent 2 era.
Steam seems to use keys - I think the DRM checks are in the applications themselves. As always, they can be cracked, though perhaps not as easily as D2's one that amounted to a single byte difference.
My argument is that, some level of protection will draw more developers into, what's currently, the virtually vacant marketplace, the \"for purchase\" Ubuntu Software Center. How does that hurt Ubuntu or the users? Really! How?
Those who don't participate in the purchases will not experience any restrictions and software vendors will have some sense of security, even though it's minimal. Maybe if the effort is too little there will be no change in the number of those who want to sell.
Traditionally most copy-protection measures have been built into the applications themselves anyway - unless the \"Ubuntu Software Center\" doesn't allow that I'm not sure there's a problem...
Even if it doesn't, there's a pretty huge range of free software available through somewhere in the OS anyway, as I recall (I remember seeing it in Mandrake 9.2, years before Apple \"invented\" the app store idea, and I remember Ubuntu had something similar back in 2006). That should cover most things users are after...
