At least with open source DRM you know they are only doing what they say. Not a big difference, but also not a big cost.

That's not going to happen. The only thing that makes DRM schemes work at all is security-through-obscurity. If we have an open source DRM module then anyone who can read C/C++/whatever can look at the source and see not only the encryption algorithm used, but also where in memory to look for the encryption key. DRM is stupid, but it's not that stupid.

Which is probably why (if I understand the proposal correctly) the proposal is for an API rather than an implementation. In fact...

This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems

So "it's ok, it's going to be open source" isn't terribly reassuring, either.

Me, I'm still waiting for a spanner that works just as well on screws. And which can get nails out of wood. But everytime I complain about it, someone pops up with some bullshit argument about having different tools specialised for different purposes. Crazy, right?

If not already, this kind of seamless integrations between their devices is something people will require soon

Seriously, why? I'll grant you that automounting phones on desktop systems could benefit from a bit more handholding for non-technical users, but why assume a common interface is useful, let alone desirable?

First, he means GNU/Linux, not Linux.

No, I don't believe he does. The name "Linux" is overloaded and is used to refer both to the Linux Kernel and to the desktop operating system built around that kernel.

You well may feel that the GNU userland tools are more important than the Linux Kernel and that therefore the GNU project should have first billing. As such it is your right to prefix the OS name with "GNU/" if you feel that helps anything. But that doesn't make the more widespread usage wrong, and neither you nor Richard Stallman get to tell us what we call the OS.

This has been a public information announcement. Thank you for your attention.

Didn't work with DVDs. Remember you only need one place to get an unencrypted copy. CDs made DRM on music files irrelevant.

I'm not aguing against that. DRM is fundamentally flawed as a concept. It involves giving the user the cyphertext and the encryption key together and hoping the key is well enough hidden that the user won't be able to use it except on the supplier's terms. Given a skilled and determined opponent, DRM is always going to fail. That's pretty much a given.

What I don't understand though, is why some people seem to see that as a good reason to include DRM into the W3C standard. I can see that it appeals to the techno-anarchist element on Slashdot, (which is most of us by my reckoning) but we still don't gain anything by the inclusion of DRM in the standard. So why are some people so keen to see it adopted?

It feels to me like we're being played. Like someone wondered how best to astroturf the issue in the techie forums and decided to tell us all that we were all Cyber Robin Hood and that the most fun thing ever would be to support the proposition now and rape the content once it was adopted. And to avoid any mention of the legal side of things and in particular the potential for punitive lawsuits to discourage attempts to crack the system.

TL;DNR: Yeah, DRM doesn't work. But that's not a good reason to include it in the W3C standards.

That is a bit of a stretch. If the non-compliance is simply a case of not supporting the DRM part of the spec (or doing so incorrectly/not in full), that does not aid in circumvention as the DRM content simply will not play.

It IS a bit of a stretch. The trick would be to require digitally signed browsers and then shift the burden of demonstrating compliance onto the distributor. Then you could talk about non-compliant browsers as circumvention tools. But we're a good way away from that as yet.

On the other hand, I don't think there's any doubt that breaking the DRM is going to be illegal, and that's what bothers me about all these calls to support the proposal on the grounds that DRM is technically flawed. Because any eforcement is only going to use technical measures as a first line of defence. The second line will be lawyers and lawsuits.

My philosophy is this:

First, try to follow the law. Do not compromise principles, but try to follow the law. Second, if following the law means I must compromise my principles, break the law. Third, do not ever get caught, also help others to circumvent the law and not get caught.

The law can get fucked when it has become the tool of big business to wield against normal people.

Firstly, I can't help but admire your principles.

That said, it seems to me one thing to call for massed civil disobedience against an unjust application of an unjust law, but quite another to advocate illegal behaviour as a workaround for a standard that hasn't yet been passed.

The first case is, arguably, every person's civic duty in the face of oppression. The second is simple contempt for the law. I think that's a much harder proposition to justify, both philosophically, and in a court of law.

What you get it useless, easily bipassable security features

Which would be fine, except that bypassing those features is almost certainly going to be illegal under laws like the DMCA. We can expect to see people sued and non-complying browsers declared illegal as circumvention tools.

So are you really advocating breaking the law as a valid response to an onerous standard?

And if one day the content corporations launch a series of prohibitive lawsuits, will you condemn those corporation for their poor behavior? Or will you (as many others undoubtedly will) say "morality has nothing to do with it - it's the law".

And maybe "you should have complained when the standard was first proposed."

/me googles ...

Ha! I like it! :D

You still seem to be missing my point: standards don't force the big vendors to do anything at all ever. The big vendors do what they want to meet their business needs. You can either write a standard that describes that (e.g., SCSI) or write a standard that fails to describe that, and thus generally fails (like HTML in the IE6 years).

Well that's one way of looking at it. Or we could consider that conforming to existing standards helped establish Firefox and Opera and break IE's dominance of the market and the long stagnantion of th Microsoft Years.

So maybe "fail" isn't the best word for what happened :)

I've been a secretary of a standards body working group, if we're appealing to experts here, but I don't see how that's particularly relevant.

I'm delighted that you've been secretary of a standards working group, it doesn't seem to follow that you know more about the SQL standards process that Michael Gorman who was secretary of that particular group.

But the point is that giving the big vendors everything they want does not necessarily result in a useful standard. And to support the point, I thought I'd provide a link to a case where exactly that had happened. And where the secretary of the working group (who might ordinarily be expected to support the standard in question) was the one questioning the validity of the result.

Just to be clear about this: I'm not invoking Gorman's name as an authority on the purpose of standards. I'm citing him as an authority on the standard that he oversaw, and the usefulness of that standard after the approach you advocate. And while I don't want to belittle your experience as secretary of an unrelated and unnamed group, it's not at all clear how that gives your opinion equal weigh as regards SQL.

"Because the big boys want it" is the only relevant thing for a standard.

Citation needed :)

We could ask them to keep that shit out of the browser and build their own client.

Ask all you want, standards aren't laws.

Aardvarks aren't kumquats. So what?

Browsers will have to support whatever the big players do, standard or otherwise, and we'll end up with the IE6 problem all over again. No thanks.

The problem with IE6 wasn't so much that the standards were wrong. It was one of wilful non-compliance on MS' part. MS wanted to use their then dominant position to turn IE itself into the de facto standard. That way all their competitors would have been forced to play catch-up with MS. They gambled and lost.

Alternatively, look at the SQL Standards process. The standard committee is composed of representatives of all the major database players, and rather than get into a pissing match about who gets what in the next standard, they've basically adopted the approach you recommend. Whatever any of them is doing or wants to do next goes into the standard.

The result is a standard that's probably unimplementable in its entirety. In fact all the groups represented on the committee announced that they intended to implement "a subset, plus extensions" of the standard. Even the secretary of the standards committee questioned whether the standard was in fact worthy of the name "standard". But don't take my word for it.

I've explained elsewhere why I don't think that "because the big boys want it" is in itself sufficient reason to include something in a standard. I hope I've shown here that even if that happens, it won't necessarily bring about any benefits.

Really, it's just an all round bad idea.

I suppose if there were any similarities at all between DRM and physical violence, you'd have a point.

The similarities are between standards and laws. While they are not without differences, they have a fundamental similarity in that they outline a common set of behaviours to which it is intended that we adhere.

The question is whether we use them to try and make the world a better place for everyone or do we use them to sanction existing practices?

It works in Ankh-Morpork. And you wouldn't want to argue with Vetinari would you?

So all we need now is a ruthless despot willing to throw anyone caught abusing the standard into a scorpion pit, and all will be well? That could work.

Of course reaching agreement about who to trust in the role of "ruthless despot" might take some time :)

A technical standard is in no way, shape, or form a law. That's probably where your thinking went off.

A technical standard and a law are both ways of defining how we want some aspect of the world be work. That's probably where you've failed to keep up. (BTW, do we really need to do this all snide and sarcastic? I mean I'm up for it if you are, but it's not exactly conducive to a constructive discussion. Your call :))

Standards are useful precisely to the extent they describe what the big players actually do, so that you can code against the standard and be content

Standards are only useful if people follow them yes. But that doesn't mean that we should use them to rubberstamp every counter-productive, short-sighted or destructive practice currently being persued.

Standards are supposed to be about how to make something work well.

A standard that petulantly refuses to describe what the big players are doing anyway is worse than useless. The W3C finally learned this lesson, but apparently /. has a shorter memory.

So presumably we should legalise mugging because muggers are going to rob people with violence whatever we do, and if we're going to have destructive anti-social behavior, it's far better if it's enshrined in some sort of formal framework?