[KLUG Members] So it begins

[Adam Tauno Williams]

> >The issue is that true DRM requires that the *HARDWARE*
> >only executed *SIGNED* blocks of code.
> Oh, then there best be a large uprising then. There are SSOOOOO many "current /
> latest" device drivers floating around for Windows which are not signed... 

Yes, one does question the scalability of such a design.

> that
> entire signing thing is a bunch of BS the way things stand. Requiring that
> EVERYTHING have a signature in order for it to execute... ha haa haa haa haa!!!
> "Hey boss, can you OK another digital signature on qbw.exe, 

Sort of,  Quicken would sign qbw.exe with their certificate which would
be verifiable by the DRM system on the laptop;  it is sort of like SSL.
It has to be signed by a trusted authority.  At least the ones I've read
about.

>  know I know,
> gazillionth one today, but I can only tell if the code works by running it - I
> can not tell by reading the source I wrote!" 

I suspect developers will be able to delay signing in some test mode
much like is done with .NET assemblies currently.

> The emphasis is placed on having
> the special little signature token on the file, nothing to do with if the
> driver will work or not. 

Yes.  This doesn't have anything to do with "working" it is about
"trusting". 

> Manager busy work / feel important work, CYA for folks
> that have a hard time computing 2+2. Just what we need, more "useless" red tape
> in an already VERY inefficiently operated world.

I don't think it is quite as bad as all that, but some questions do come
into play -

1.) What about a Java application - is the application (or jar) signed,
or is the hosting VM signed.  If a VM is trusted but can run any
appropriate code, what does this accomplish?  (Honestly, the same could
be said of an application like M$-Office that can execute VBA scripts).
2.) Much the same applies to the .NET CLI, one of whose biggest features
is the dynamic loading of assemblies at runtime - note that pretty much
every .NET application provides a plugin interface just because it is so
darn EASY in .NET to do so.

There has to be a line drawn somewhere and I suspect initially it will
be pretty low - such as "this is a signed operating system / kernel".
The path of integration IN PRACTICE beyond that will be interesting to
watch.