[sword-devel] drm

Kahunapule Michael P. Johnson sword-devel@crosswire.org
Wed Apr 21 05:43:26 MST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 13:56 21-04-04, Michael A. Peters wrote:
>On Tue, 2004-04-20 at 19:37, Kahunapule Michael P. Johnson wrote:
>> OK, so I generate a new gpg key pair just for that purpose, get the 
>> license string, then post both for my hacker buddies?
>
>If your hacker buddies are interested in sword modules, Good Work! ;)

These are the same guys who steal Gideon Bibles from hotel rooms. :-)

>There is no drm that won't eventually be cracked.

True. It is a matter of economics. If you make it cheaper and less of 
a hassle to be honest, most people will be honest. If you make it only 
a little more expensive to be honest, honest people won't be as 
tempted to become dishonest.

>Right now - the only way honest people can use such bible texts in 
>sword
>is if they create them themselves, and I think this does hinder the
>widespread adoption of the project.

It does, perhaps. Another option would be to create a mechanism for 
linking a non-free program with Sword such that they scroll together. 
I know of one set of programs used by Bible translators here that do 
that-- a Bible translation editor, and a program that displays 
commercial Bible texts and commentaries. I'm not sure exactly how the 
messages are passed, but it works.

>Some mechanism to allow copy protected modules not only would allow
>students to use NASB and NRSV - but it could potentially also open up
>sword to additional commentaries etc. that currently are not 
>available.
>It would be great to be able to read Daniel side by side with the 
>Joyce
>Baldwin commentary on it.

I agree. My favorite Bible translation (the World English Bible) is 
available in Sword, but I still like to cross-compare with the NASB, 
NIV, etc.

>It is extremely trivial (at least on *nix) to write a gui that 
>generates
>a PGP key. I could do it in AppleScript in probably 15 minutes 
>(except I
>don't currently run OS X on anything). Maybe half a day in Linux 
>simply
>because I would need to look up pygtk syntax.

Yes, but what would that gain you? Why not just generate a random 
number (r) and use that plus the user name (n) to generate a personal 
key (p) that allows sword to generate the correct module key (m).

Buyer gives Sword n, and Sword generates r.
Buyer gives n and r to seller, along with payment for a module.
Seller verifies payment, then computes p = f(r, n, m) and gives that 
to buyer.
Buyer gives Sword p, and sword computes m=g(p, r, n), then decrypts 
the module to RAM and allows its use. The module is left encrypted on 
disk, but p, r, and n are stored with it so that it can automatically 
access the data later.

If buyer gives the module plus p, r, and n to someone else, he also 
gives them his fingerprints. If he hacks the source code and computes 
m, and bypasses the code to use that to either create an unencrypted 
module or to always encrypt directly with the module key instead of 
going through the motions of computing m from p, r, and n, then the 
system is broken. In proprietary copyrighted code that is issued in 
object form, only, this method is only slightly lame, in that it takes 
a little reverse engineering and debugging to hack. In an open source 
project, this method is totally lame, because the user has the 
complete commented source code, plus legal permission to change it.

>I think the real purpose would be prevention of accidental copyright
>infringement - those who want to infringe will infringe, if not with
>sword - then with whatever other Bible packages that already exist.

Indeed. I would hope that infringement would be minimal with Bible 
texts, anyway, considering the target audience (jokes above 
notwithstanding). However, publishers may see things differently. John 
C. Dvorak said it well when he found the real formula for computing 
losses to piracy:

Piracy losses = wished-for sales - actual sales.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: http://eBible.org/mpj/gpg.htm

iD8DBQFAhgn4RI/gxxfXR7sRAiqDAKCKpsBAGaMzQwUD/2iHWmTtVSe1GwCgwX96
PnlxeS7c3yRORrmZv6P7KpQ=
=JXGx
-----END PGP SIGNATURE-----

More information about the sword-devel mailing list