**** BEGIN LOGGING AT Fri Feb 05 02:59:59 2016 Feb 05 23:26:09 DocScrutinizer05: the argument RMS makes is that non-modifiable firmware is like hardware -- you just can't have freedom there, because it can't be modified. while modifiable firmware puts the vendor into a position of power, as they can make changes to the firmware, while you can't Feb 05 23:26:49 I agree though that such a strict line is not really helpful in practice in many areas :-( Feb 05 23:38:25 my argument is that firmware is always modifiable, just sometimes the method to do it is not documented Feb 05 23:39:17 granting a RYF cert because the chip manuf doesn't tell you how to update the firmware is as silly as it gets, no? Feb 06 00:01:49 chip== *) complete blackbox (possibly with firmware, even modifiable one): OK *) documented but allegedly ROM firmware or no way to update it: (almost) OK *) with firmware in flash but no documented way to update: (still) OK *) with blob firmware in flash that's updateable by publicly documented method but not readable and thus completely unknown: BAD *) with some 'firmware' in RAM and needs upload of such firmware by Feb 06 00:01:51 linux CPU from a publicly available binary: VERY VERY bad Feb 06 00:02:09 looks sort of inverted logic to me Feb 06 00:05:52 and now the catch 22: as soon as a hacker reverse-engineers that publicly available firmware blob in file, a VERY VERY bad chip suddenly turns into a EXCELLENT one Feb 06 00:06:55 I bet on that last option every day, when I have a choice Feb 06 00:11:15 the RYF puts pressure on device manufs while it's actually targeted at chip manufs. The device manufs can't do anything about the chip firmware but the RYF pressure will cause them to do really poor choices, picking chips that are _not_ hackable, or even implementing measures to block hacking Feb 06 00:13:44 and all that just because the FSF doesn't limit their domain of responsibility to the actual linux system but instead thinks *every* data anywhere in the device should be under their rules Feb 06 00:14:13 DocScrutinizer05: well, if the vendor has a secret way of modifying the firmware behind the user's back, that's obviously a whole different story. but otherwise, if there is no public way of updating the firmware, it's effectively non-modifiable Feb 06 00:14:38 that's not what the RYF says Feb 06 00:15:38 the point is you never can prove that there's _no_ such secret way to update, you can't even prove a chip is free of firmware Feb 06 00:17:41 RYF doesn't say "public" or "effectively". Otherwise we could argue that there's no public way to upgrade the modem firmware since it's signed by a crypto key Feb 06 00:19:18 modems are known to support OTA-update. You never know if a WLAN or a BT isn't doing the same Feb 06 00:21:49 the complete RYF is based on "we trust in manufs telling us..." and rewarding the manuf lying Feb 06 00:22:11 that's paradox Feb 06 00:37:42 ooh here comes the catch 22^-1: a device with RYF cert is losing that cert as soon as a method to update the firmware gets public Feb 06 00:37:56 which iirc actually happened with GTA01/2 Feb 06 00:38:21 hmm no, GTA01 had other blobs too Feb 06 00:40:55 even the OMAP *might* have a way to update the ROMBOOT code Feb 06 00:43:09 all slightly advanced sensor chips most likely have a firmware and it's hard to believe there's absolutely no way to update that firmware Feb 06 01:33:53 it's an interesting question what happens if an update mechanism is discovered, but never officially used by the vendor to push updates to users... if the vendor never intends to push updates, the hypothetial possibility of doing so seems rather irrelevant Feb 06 01:53:59 oh, it gets fuzzier and fuzzier. Now we're at intentions of chip manufacturer to decide if a device's hw design qualifies for RYF ;-) Feb 06 01:54:59 why don't we ask for intentions of device manufacturer instead? at least we could hope to get a decent answer to that question Feb 06 01:57:33 and in the end of the day I think it's completely irrelevant for FSF what been the "officially used" intentions etc, it's simply just about "plausible deniability" when it comes to the question if a chip has a firmware or not. FSF likes to close eyes to pretend there was no problem, since they see RYF doesn't work when they open their eyes Feb 06 01:59:39 nota bene FSF doesn't certify any security status or whatever, but rather a political correctness (or what FSF thinks this would be politically corect) by the device manufacturer Feb 06 02:00:55 RYF is basically a joke when the device manufacturer gets asked to *restrict* freedom of users to hack a firmware in a peripheral Feb 06 02:02:05 "respects your freedom" should rather read "enforces your compliance" Feb 06 02:04:00 FSFD says "though shalt not have *any* blobs on your device" and a RYF device actually enforces that by requesting that any such blob is rendered useless by technical means Feb 06 02:05:14 on a RYF device you're NOT free to use any non-FOSS stuff Feb 06 02:06:19 there's a saying "freedom is always the freedom of those who like to differ" Feb 06 02:08:56 "we have a traffic regulation made of pure freedom: you're free to use the freeway, thus the name. Using any other street is forbidden" Feb 06 02:11:35 FSF's definition of freedom is: every single byte and every word you say is under GPL, since GPL *is* freedom. Those who stray away from GPL violate freeedom Feb 06 02:11:41 -e Feb 06 02:12:47 I'm more the BSD type of frreedom lover Feb 06 02:13:46 I tolerate GPL fans but I won't help to enforce GPL on stuff where it doesn't make sense Feb 06 02:23:53 I dont necessarily agree with everything FSF says on hardware but I do support any and all actions taken to enforce the GPL and get companies who violate copyright law by using GPL software and not distributing the source code per the terms of the license Feb 06 02:39:41 sure, when something is under GPL then this must get enforced Feb 06 02:40:42 thus it's pretty counterproductive to apply a mutated pseido GPL on hardware when you clearly can't enforce it Feb 06 02:44:33 amd I definitely will reject any such hw pseudo GPL when it got perverted into the opposite of a proper copyleft and freedom policy, when you need to trust in a lack of info (or let's call it lies) to comply and a disclosure of more info results in such polic When it comes to computing devices, I care about what is running on the main CPU of the device and how open that is not what is running as firmware on cellular modems or WiFi chips or whatever else Feb 06 02:55:28 The exception to that is when firmware exists on the main file system and is downloaded to the device. In cases like that, having permission to redistribute the unmodified firmware is important ( **** ENDING LOGGING AT Sat Feb 06 02:59:58 2016