Sun’s Open Source DRM

For a variety of reasons I’ve been looking into Sun’s ‘open source DRM’ scheme at work. Architecturally, it seems like a pretty solid solution. If you’re going to do CRAP, you might as well do it with open standards for interoperability between the different layers of the CRAP stack, so that people aren’t locked into specific implementations/tools/etc. So, it has that right; has it so right, in fact, that I could concievably even drop my unqaulified opposition to DRM assuming that the certification system did not require a locked-down kernel for software at the top of the stack to run. [This is an assumption I’m almost certain I’ll be wrong about.]
That said… man, do they get a lot of things wrong. Some of the most egregious:

  • In their whitepaper, they have the most anti-cluetrain sentence in the history of sentences:

    [W]e see important and even more promising markets for DRM systems in the categories of “business” and “life”.

    I know what they’re trying to get at, but c’mon… life is not a business category. Don’t put quotes around it. Don’t tell me about how DRM is going to help me market to life. That’s just… eww. If that sentence doesn’t make you ill inside, you’re broken.

  • I could detail the other white paper cluetrain violations, which are numerous. But that would take too much of my life away. Go read it yourself- it is otherwise a good whitepaper, in one of those ‘so close yet so far’ moments. Particularly fun is the ‘architecture diagram’ that consists nearly completely of non-overlapping ovals, and the ‘cartesian graph of DRM Usage Models’, also promiently featuring a blob for ‘life’.
  • They require registration, including phone number and street address, to view the draft specifications on “open” Again, lack of clue about how you build a meaningful community, or about how you’re supposed to behave when you’re doing ‘open’- minimal interference, maximal opt-in.
  • They have source for many bits of a reference implementation here. Great stuff, except for the detail that when you read the README, you note that to actually encode anything to test it with requires… unreleased code. And a closed-source database server.

Anyway, it seems evident the industry is going to shove DRM down our throats, so I’m happy someone is creating a DRM stack that is potentially based on open standards and open interoperability. That at least is something, and I do honestly congratulate Sun for doing it with more clue than anyone else out there right now. Sadly, that isn’t a very high bar.