Will developers who make a living from Zope/Python be out of work when TCPA comes next year? Rob ________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
From: "rra42" <rra42@yahoo.co.uk>
Will developers who make a living from Zope/Python be out of work when TCPA comes next year?
Uh? Of course. It doesn't have any impact on Zope at all, at least not on the short term. Assuming you are talking about the Trusted Computing Platform Alliance, at least. In the long term it might even be beneficial, since TCPA is created to stop pirating of software, and since Zope is free, people might choose free open source software more than they already do. :-) In the long term Zope might need to be able to support license distribution with TCPA, and I have no idea how hard that will be.
Hi, it was point 18 of the TCPA/Palladium FAQ that concerneed me: Quote:
>>>>>>>>>>>>>>>> TCPA will undermine the General Public License (GPL), under which many free and open source software products are distributed. The GPL is designed to prevent the fruits of communal voluntary labour being hijacked by private companies for profit. Anyone can use and modify software distributed under this licence, but if you distribute a modified copy, you must make it available to the world, together with the source code so that other people can make subsequent modifications of their own.
At least two companies have started work on a TCPA-enhanced version of GNU/linux. This will involve tidying up the code and removing a number of features. To get a certificate from the TCPA corsortium, the sponsor will then have to submit the pruned code to an evaluation lab, together with a mass of documentation showing why various known attacks on the code don't work. (The evaluation is at level E3 - expensive enough to keep out the free software community, yet lax enough for most commercial software vendors to have a chance to get their lousy code through.) Although the modified program will be covered by the GPL, and the source code will be free to everyone, it will not make full use of the TCPA features unless you have a certificate for it that is specific to the Fritz chip on your own machine. That is what will cost you money (if not at first, then eventually). You will still be free to make modifications to the modified code, but you won't be able to get a certificate that gets you into the TCPA system. Something similar happens with the linux supplied by Sony for the Playstation 2; the console's copy protection mechanisms prevent you from running an altered binary, and from using a number of the hardware features. Even if a philanthropist does a not-for-profit secure GNU/linux, the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free. (There is still the question of who would pay for the user certificates.) People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. This helped make people willing to give up their spare time to write free software for the communal benefit. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended. The benefit for Microsoft is not that this will destroy free software directly. The point is this: once people realise that even GPL'led software can be hijacked for commercial purposes, idealistic young programmers will be much less motivated to write free software.
>>>>>>>>>>>>>>>>>>>> End Quote
Best wishes, Rob Lennart Regebro wrote:
From: "rra42" <rra42@yahoo.co.uk>
Will developers who make a living from Zope/Python be out of work when TCPA comes next year?
Uh? Of course. It doesn't have any impact on Zope at all, at least not on the short term. Assuming you are talking about the Trusted Computing Platform Alliance, at least. In the long term it might even be beneficial, since TCPA is created to stop pirating of software, and since Zope is free, people might choose free open source software more than they already do. :-)
In the long term Zope might need to be able to support license distribution with TCPA, and I have no idea how hard that will be.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
rra42 kirjutas P, 05.01.2003 kell 20:37:
Hi, it was point 18 of the TCPA/Palladium FAQ that concerneed me:
Quote:
>>>>>>>>>>>>>>>>>
People believed that the GPL made it impossible for a company to come along and steal code that was the result of community effort. This helped make people willing to give up their spare time to write free software for the communal benefit. But TCPA changes that. Once the majority of PCs on the market are TCPA-enabled, the GPL won't work as intended. The benefit for Microsoft is not that this will destroy free software directly. The point is this: once people realise that even GPL'led software can be hijacked for commercial purposes, idealistic young programmers will be much less motivated to write free software.
Fortunately Zope and Python are written by less young and less idealistic programmers, who are not afraid that their code can be hijacked - they are under BSD-like licenses ;) So one can't scare them away by undermining GPL. And I don't think that the main driving force behind free software is "idealistic young programmers", rather it is "scratch your own itch". Naive young programmers are more prone to thinking that they can get rich quick (or even make their living) by selling licenses for the third program they ever wrote ;) as this is what media tells people. It usually takes time to realize that software development is mostly a _service_ business. -- Hannu Krosing <hannu@tm.ee>
Hi, Reading comment on TCPA at:
http://www.notcpa.org/about.html http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
I got the impression that an open source document or application will not run on a "fritzed" PC unless the code had been signed/certified: Quoting from www.notcpa.org:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> And there's more. Every program you want to execute has to be certified. So, you're a developer and want to create your own programs? Of course, with a certified IDE you're able to write your own source code. But it's not possible to execute your programs you just developed - unless you're going to certify them (which costs about $100.000!)."What the heck, I'll switch to linux when TCPA is reality!"
Now we're getting to the point where you could imagine what happens to the GPL and linux. First of all: It's no longer possible to install linux, because this Operating System is not certified by the TCPA. No, that's not a joke. Okay, imagine there would be a certified Linux. (HP creates one, btw). What's happening to OpenSource development, then? Every open source developer would need to certify his program, before he can distribute them. But how should he pay that certification? What happens to quick bugfixes? And what happens to all the guys who want to compile the software on their own. There is NO chance to do all that stuff.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> End Quote.
This was what made me concerned about the viability of continuing to offer clients zope/python based solutions. Rob Jim Washington wrote:
The short answer is No. Why do you ask?
rra42 wrote:
Will developers who make a living from Zope/Python be out of work when TCPA comes next year?
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
From: "rra42" <rra42@yahoo.co.uk>
I got the impression that an open source document or application will not run on a "fritzed" PC unless the code had been signed/certified:
That would kill all type of backwards compatibility. Can you imagine a future Windows that can not run any current application? I can't, nobody would buy it.
And there's more. Every program you want to execute has to be certified.
According to the TCPA this is simply incorrect. I'm sure it will be possible to have a setting that only allowes certified code to run, this would for example be useful on network server to protect against viruses and worms, or when you don't want your employees to install games on companies computers. :-) But making a version of Windows that doesn't run legacy code *at all* is like making a completely new operating system. And who would buy that? The reason people run windows is because there is so much software for it. And Microsoft is well aware of that fact, and trust me, they won't make an OS that has no software to it. They tried that once (OS/2) and it didn't work. :-) Also, if you wouldn't be able to run Linux on Fritzed hardware then you wouldn't buy Fritzed hardware, and your problem would be solved. And who would benefit from that? Well, certainly not TCPA...
At least in Europe, (and I think the CBDTPA in the USA does much the same thing), we will have laws that make buying non-fritzed hardware somewhat difficult. Below is an extract for EU Directive 2001/29/EC, Chapter III, Article 6, published at http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc... Quote:>>>>>> 2. Member States shall provide adequate legal protection against the manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services which: (a) are promoted, advertised or marketed for the purpose of circumvention of, or (b) have only a limited commercially significant purpose or use other than to circumvent, or (c) are primarily designed, produced, adapted or performed for the purpose of enabling or facilitating the circumvention of, any effective technological measures.
>>>>> End Quote
So it is not immediately clear that we will be able to legally allowed to buy non-fritzed hardware, and even then, will Intel consider that they want to manufacture non-fritzed chips? Rob Lennart Regebro wrote:
From: "rra42" <rra42@yahoo.co.uk>
I got the impression that an open source document or application will not run on a "fritzed" PC unless the code had been signed/certified:
That would kill all type of backwards compatibility. Can you imagine a future Windows that can not run any current application? I can't, nobody would buy it.
And there's more. Every program you want to execute has to be certified.
According to the TCPA this is simply incorrect. I'm sure it will be possible to have a setting that only allowes certified code to run, this would for example be useful on network server to protect against viruses and worms, or when you don't want your employees to install games on companies computers. :-) But making a version of Windows that doesn't run legacy code *at all* is like making a completely new operating system. And who would buy that? The reason people run windows is because there is so much software for it. And Microsoft is well aware of that fact, and trust me, they won't make an OS that has no software to it. They tried that once (OS/2) and it didn't work. :-)
Also, if you wouldn't be able to run Linux on Fritzed hardware then you wouldn't buy Fritzed hardware, and your problem would be solved. And who would benefit from that? Well, certainly not TCPA...
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
From: "rra42" <rra42@yahoo.co.uk>
So it is not immediately clear that we will be able to legally allowed to buy non-fritzed hardware
Yes, it is immediately clear that this will be legal. What won't be legal, and already is not legal, is to BREAK or circumvent the copyright protection. In other words, it is illegal to run Microsoft Word or other software without a license, and it is also illegal to break any copyright protection that Microsoft imposes on it, including TCPA. It is NOT illegal to run Open Office instead.
and even then, will Intel consider that they want to manufacture non-fritzed chips?
Well, so buy from another manufacturer, then... But as I said before, the TCPA sais that this description of how it's supposed to work is incorrect. It's a technology that allows you to control the software licensing, not a technology to prevent you from running open-source software. This also makes sense, while the fascist control of computers doesn't. As far as I'm conserned, that's it when it comes to this topic. TCPA will not stop Zope from working. If you want to discuss TCPA some more, I'm sure there are mailing lists on this topic availiable.
As someone who makes a living from coding zope/python, I don't think it is wrong for me to solicit the views of the zope community on how something like TCPA will impact zope. Following your comment:
But as I said before, the TCPA sais that this description of how it's supposed to work is incorrect.
I have tried to find resources on the web to show how TCPA and open source tools like zope/python will co-exist. The best I could find was from www.trustedpc.org (item 24 in the TPM FAQ pdf document) which didn't give much detail. If you have a web reference you could share that counters the alarming descriptions of the likely effect of TCPA/Palladium on open source tools such as Zope/Python I and I am sure others would take great comfort from it as Zope/Python are terrific tools and we would like to be able to speak to clients with confidence about the future of these great products. Best wishes, Rob Lennart Regebro wrote:
From: "rra42" <rra42@yahoo.co.uk>
So it is not immediately clear that we will be able to legally allowed to buy non-fritzed hardware
Yes, it is immediately clear that this will be legal. What won't be legal, and already is not legal, is to BREAK or circumvent the copyright protection. In other words, it is illegal to run Microsoft Word or other software without a license, and it is also illegal to break any copyright protection that Microsoft imposes on it, including TCPA.
It is NOT illegal to run Open Office instead.
and even then, will Intel consider that they want to manufacture non-fritzed chips?
Well, so buy from another manufacturer, then...
But as I said before, the TCPA sais that this description of how it's supposed to work is incorrect. It's a technology that allows you to control the software licensing, not a technology to prevent you from running open-source software. This also makes sense, while the fascist control of computers doesn't.
As far as I'm conserned, that's it when it comes to this topic. TCPA will not stop Zope from working. If you want to discuss TCPA some more, I'm sure there are mailing lists on this topic availiable.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
Hi Rob, In article <3E189883.8060900@yahoo.co.uk>, Rra42 wrote:
As someone who makes a living from coding zope/python, I don't think it is wrong for me to solicit the views of the zope community on how something like TCPA will impact zope.
I agree!
Following your comment:
But as I said before, the TCPA sais that this description of how it's supposed to work is incorrect.
I have tried to find resources on the web to show how TCPA and open source tools like zope/python will co-exist. The best I could find was from www.trustedpc.org (item 24 in the TPM FAQ pdf document) which didn't give much detail.
I think the status of this info has a lot to do with how far away in philosophy these two initaitives are from each other. It's almost like wondering why there are no good Vegan black-pudding recipes (For those not fortunate enough to live in the North of England, Black Pudding = a blood pudding). I doubt that proponents of TP inititives want to complicate their propositions by addressing OS s/w, or that proponents of OS s/w theirs by addressing TP.
If you have a web reference you could share that counters the alarming descriptions of the likely effect of TCPA/Palladium on open source tools such as Zope/Python I and I am sure others would take great comfort from it as Zope/Python are terrific tools and we would like to be able to speak to clients with confidence about the future of these great products.
Of course, there is no reason why code cannot be signed or unsigned code cannot be sand-boxed in some way. *HOWEVER*, I have to take the view that - specifically in the context of clients choosing an application for use in the forseebale future - TP in all it's forms is wholly fictional! It doesn't exist right now, and the needs of TP are such that it challenges just about every platform and protocol in common use. On the platform side I would think that script engine based platforms are under threat because of the "promiscuous" way in which script engines run scripts (!), technologies such as .NET and Java because TP must be engineered in from day one and there is no route from what we have today to a TP-compliant implementation of these technologies. I would imagine you could kiss goodbye to C & C++ for the same reasons - wouldn't we be looking for something more like ADA? On the protocol side, the protocols in use today allow expoits that challenge TP, and many of these protocols might be incompatible with any sort of "pure" TP concepts. I feel very strongly that there are more immediate things to worry about before this is a commercial issue. May I ask, are you thinking ahead here, of is your concern based on feedback from clients or prospects? Regards, PhilK Sun, 05 Jan 2003 23:22 GMT @ Vaio Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
Hi Rob, In article <3E18404C.3070408@yahoo.co.uk>, Rra42 wrote:
Will developers who make a living from Zope/Python be out of work when TCPA comes next year?
I doubt it - unless you know of some reason why TCPA should threaten HTTP. Any application server which delivers it's content via web browser is running in a "sandboxed" environment of sorts - and any "Trusted Computing" environment would have to have a way to support this to use the web...as it is presently constructed... Regards, PhilK Sun, 05 Jan 2003 19:21 GMT @ Vaio Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
Hi Philip, I was not so much thinking of the client but the server: actually getting a TCPA server to run Zope and/or Python. The comments I've read seem to indicate that uncertified (eg open source) code won't run on a TCPA box. Best wishes, Rob Philip Kilner wrote:
Hi Rob,
In article <3E18404C.3070408@yahoo.co.uk>, Rra42 wrote:
Will developers who make a living from Zope/Python be out of work when TCPA comes next year?
I doubt it - unless you know of some reason why TCPA should threaten HTTP.
Any application server which delivers it's content via web browser is running in a "sandboxed" environment of sorts - and any "Trusted Computing" environment would have to have a way to support this to use the web...as it is presently constructed...
Regards,
PhilK
Sun, 05 Jan 2003 19:21 GMT @ Vaio
Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518
Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
Hi Rob, In article <3E1890FE.6060009@yahoo.co.uk>, Rra42 wrote:
I was not so much thinking of the client but the server: actually getting a TCPA server to run Zope and/or Python.
Interesting - let's assume that there was the citical mass in the market to get the script engine certified, but not the scripted application (I know there is non-script - e.g. c - code in Zope). Would the script engine run uncertified code? Would I be able to run my own DOS batch files, Un*x shell scripts or equivalent? To me the impossibility of drawing a sensible line would seem to show that this scheme cannot fly in such a draconian form as some pundits fear.
The comments I've read seem to indicate that uncertified (eg open source) code won't run on a TCPA box.
OK, but unless the SOBs can really impose a scheme which effectively says "you cannot run legacy code on your non-legacy box", TCPA products are more likely to meet a niche need - the need for trusted computing in scenarios where the economics support doing such an expensive thing! Regards, PhilK Sun, 05 Jan 2003 20:24 GMT @ Vaio Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
Since April last year when IBM started shipping ThinkPads with TCPA ( http://www.eet.com/sys/news/OEG20020424S0013 ) it has no longer been credible for us to tell prospective Zope/python clients that it will never happen. They are reading that TCPA will solve their virus/ confidentiality/ spam/ security problems and they want to know if investments they make in a Zope/Python solution today will continue to look like a smart decision two years from now when, with "software assurance" TCPA enabled XP Longhorn is the only upgrade option they have. I just think it would be a good idea for the Zope community to have a community response to these questions. Best wishes, Rob ________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
This is pretty interesting. I'm not sure there can be a community response to this. If TCPA takes root, I think what will result is an even more pronounced split between Microsoft server apps and desktop apps and back-end systems like Apache and Zope and whatnot. Those who like and trust Microsoft will go the TCPA hardware way. Those who don't won't. There will be a healthy market for non-TCPA enabled computers for those who don't want to run MS software. I think TCPA is making a mistake. No small or midsized company wants to buy a computer that they can't run untrusted (read: pirated) software on, period. I think that pirated MS software is the major driving force behind MS' control over document and OS standards. They will give up that slice of their pie. Larger companies are much slower and more conservative and plodding and they will do whatever Microsoft tells them to do. But they probably don't make up enough of a market for Microsoft to cash out on. MS needs all the little companies: 50, 100 people. FWIW, a desire for total control is the same thing that caused IBM's PS/2 series to fail miserably. Lots of big corporate buyers bought PS/2 systems with MCA slots because they were stupid and trusted IBM. When it became apparent that ISA was still far more popular, they couldn't get cheap hardware, and they found out that smaller companies were paying much less and getting more, they started to buy Dell in droves. I think this pattern will repeat itself here and in five or ten years we will likely think about TCPA-restricted PCs in the same way that we think about IBM PS/2 systems. We will be feeling sorry for all the folks at huge pharmeceutical companies with a garages full of obsolete TCPA systems. - C On Sun, 2003-01-05 at 16:05, rra42 wrote:
Since April last year when IBM started shipping ThinkPads with TCPA ( http://www.eet.com/sys/news/OEG20020424S0013 ) it has no longer been credible for us to tell prospective Zope/python clients that it will never happen.
They are reading that TCPA will solve their virus/ confidentiality/ spam/ security problems and they want to know if investments they make in a Zope/Python solution today will continue to look like a smart decision two years from now when, with "software assurance" TCPA enabled XP Longhorn is the only upgrade option they have.
I just think it would be a good idea for the Zope community to have a community response to these questions.
Best wishes,
Rob
________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) -- Chris McDonough <chrism@zope.com> Zope Corporation
Hi Chris, In article <1041802871.9269.55.camel@dorothy.nv.cox.net>, Chris McDonough wrote:
I think this pattern will repeat itself here and in five or ten years we will likely think about TCPA-restricted PCs in the same way that we think about IBM PS/2 systems. We will be feeling sorry for all the folks at huge pharmeceutical companies with a garages full of obsolete TCPA systems.
Agreed - emphatically! Regards, PhilK Sun, 05 Jan 2003 23:58 GMT @ Vaio Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
Hi Rob, In article <3E189E28.6050505@yahoo.co.uk>, Rra42 wrote:
Since April last year when IBM started shipping ThinkPads with TCPA ( http://www.eet.com/sys/news/OEG20020424S0013 ) it has no longer been credible for us to tell prospective Zope/python clients that it will never happen.
Quoting this URL "The TCPA spec has significant limits. It does not provide network and software support to let separate systems query each other to set up a secure connection. That will have to wait for version 1.2 of the spec, which is still under discussion at the TCPA. It will also have to wait for operating system support from Microsoft Corp., something most observers don't expect until Longhorn, the next major version of Windows due in 2004." So, in the contect of an Internet/Intranet Client-Server App, we don't have a spec, much less a product, as yet. The problems here are exponentially greater than those in stand alone systems.
They are reading that TCPA will solve their virus/ confidentiality/ spam/ security problems and they want to know if investments they make in a Zope/Python solution today will continue to look like a smart decision two years from now when, with "software assurance" TCPA enabled XP Longhorn is the only upgrade option they have.
If XP Longhorn is the only upgrade option they have - given that many of them may be currently running Linux - there will be bigger things to worry about at that point.
I just think it would be a good idea for the Zope community to have a community response to these questions.
If there is a level of concern about this in the market, then you are correct - but I am astonished if there is much beyond FUD in this concern right now. It's hard to have a meaningful discussion about the practical use of these systems at this early stage - it's just too early. Regards, PhilK Sun, 05 Jan 2003 23:46 GMT @ Vaio Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518 Tell me and I forget. Show me and I remember. Involve me and I understand. - Chinese saying
rra42 wrote:
Since April last year when IBM started shipping ThinkPads with TCPA ( http://www.eet.com/sys/news/OEG20020424S0013 ) it has no longer been credible for us to tell prospective Zope/python clients that it will never happen.
They are reading that TCPA will solve their virus/ confidentiality/ spam/ security problems and they want to know if investments they make in a Zope/Python solution today will continue to look like a smart decision two years from now when, with "software assurance" TCPA enabled XP Longhorn is the only upgrade option they have.
I just think it would be a good idea for the Zope community to have a community response to these questions.
Best wishes,
Look, if TCPA would really cause something like zope not to work anymore, it would also - cause any legacy application not to work - make it impossible to develop anything in-house - kill any software-company not being able to shell out $100000 to certify their software - kill any software where it's not financially feasible to certify it, IOW, nearly everything you can find on something like tucows would vanish Since the above amounts to appr. 95% of all software, tell your clients if this were true they'll probably have some bigger problems than zope. cheers,o liver
participants (7)
-
Chris McDonough -
Hannu Krosing -
Jim Washington -
Lennart Regebro -
Oliver Bleutgen -
Philip Kilner -
rra42