[OT] RFC for DRM replacement

Tue Sep 9 07:05:12 UTC 2003

> >Mark Rafn wrote:
> >>Fundamentally, if the client is open-source, it can be 
> >>modified, and the 
> >>modified version can LIE and say it's the original version. 
> Anything 
> >>which prevents this is not open-source.

> Mário Amado Alves answered:
> >?!
> >Many (most?, all?) open source licenses require authorship notices
be kept.

--- "Giacomo A. Catenazzi" <cate at pixelized.ch> wrote:
> The opensources licenses usually don't requires explicity authorship
> notices to be keep, but copyright law usually requires it.
> So it is not a problem of open sources definitions,
> 
> BUT I think that open source movement should actively support that
the
> programs KEEPS copyright notices, else in case of license problem
(change
> of law, flaws, incompatibility with oper open source licenses) it
> whould difficult to relicense, and as SCO case tell us, it could
difficult to probe the  origin of code.
> So keeps the copyright notices!

CUT! 

We are talking about a malicious user who is modifing the software to
LIE about the fact it is modified. They wont be telling anyone that
they did this

I have thought about this issue for a while :

My solution is to introduce a game theory, where the game itself is
changed so often (the key) that it is very hard to crack all of them
quickly.

here is my defence of the proposal :
-------------------------------------------------------------------------------------------------------------------
http://www.advogato.org/article/698.html
-------------------------------------------------------------------------------------------------------------------
After a long discussion on freenode.net/#GNU yesterday, I find my
aguments for a secure system to distribute data without allowing
cheating in line with the spirit of the GPL. 

These are my arguments in favor of a certified client : 

1. There are valid applications where a group of people agree to use
one version of the software and want to eliminate cheaters. A First
person shooter for example would be a good example 

2. By allowing for a auditing of the clients on a random basis, and the
inclusion of the entire memory of the software including of the data at
a specified timepoint you can get a secure fingerprint that is very
very difficult to fake. 

3. By allowing for a secondary protocol to use a secure cipher to
encrypt and slightly change the binary of the file, you can increase
the cost of binary hacks. This application of a cypher can take place
on the original binary before starting using a key that is agreed apon
by the group. 

4. These techniques do not eliminate crackers, but make the cost
prohibitive, random and frequent changes to the binary form using a
secure algorithm will increase the cost of making binary patches very
much. 

5. The users are free to review and edit the source code of all the
components of the system, Each user is free to join any group that they
wish. Groups are free to certify any on binary that is proposed. 

The only restriction that the user must agree to is the client software
is not hacked, cracked or changed during execution. There are many
applications that could use this type of security and it does not take
away the users rights, it just protects the group. 

In closing, my proposal is based on the idea of game theory, that
having a the "game" the binary changed often will in the long term root
out "cheaters". 

By only allowing certified users access, and having a trust metric, it
should be possible also to eliminate long term abusers. 
-------------------------------------------------------------------------------------------------------------------

mike

=====
James Michael DuPont
http://introspector.sourceforge.net/

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3