The FSF's Free Software Awards
- Eli Zaretskii (advancement of free software)
- Tad (SkewedZeppelin) (outstanding new free software contributor)
- GNU Jami (project of social benefit)
(Log in to post comments)
The FSF's Free Software Awards
Posted Mar 19, 2023 16:24 UTC (Sun) by Sesse (subscriber, #53779) [Link]
The FSF's Free Software Awards
Posted Mar 19, 2023 16:46 UTC (Sun) by louie (guest, #3285) [Link]
Sad end for the org.
The FSF's Free Software Awards
Posted Mar 19, 2023 17:30 UTC (Sun) by donbarry (guest, #10485) [Link]
The FSF's Free Software Awards
Posted Mar 20, 2023 13:22 UTC (Mon) by farnz (subscriber, #17727) [Link]
I disagree - I see the FSF's RYF policy promoting DRM'd non-free firmware (as long as software can't overwrite it) over hardware the user can control, and I wonder where the FSF's principles have gone. I would have expected the FSF to prefer the possibility of Free firmware over a guarantee of DRM-assisted lockdown, but that's not the way the modern FSF is going.
The FSF's Free Software Awards
Posted Mar 20, 2023 20:52 UTC (Mon) by coriordan (guest, #7544) [Link]
If you have the solution to DRM, why aren't you telling us? The world needs to know!
The FSF's Free Software Awards
Posted Mar 20, 2023 21:43 UTC (Mon) by pizza (subscriber, #46) [Link]
Is fifteen years enough time?
Let's turn that around. Is there a documented example of *any* hardware (or software) being freed due to the GPLv3's anti-tivoization clauses since it was released fifteen years ago? Because there are numerous examples of the GPLv3 instead leading to systematic excision of copyleft software, along with a vast increase in funding for more permissively-licensed alternatives (LLVM, musl, and toybox come to mind) leading to entire ecosystems that have _zero_ GNU (and if you exclude the Linux kernel, zero copyleft) code remaining.
(And I say this as someone who releases stuff under the GPLv3)
The FSF's Free Software Awards
Posted Mar 20, 2023 22:15 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
The FSF's Free Software Awards
Posted Mar 20, 2023 23:02 UTC (Mon) by coriordan (guest, #7544) [Link]
You got to cherry-pick the issue. You don't also get to flip the burden of proof when the weakness of your argument is exposed.
RYF surely has flaws. But if the corner case you refer to exists, and if it was fixed 15 years ago, would that have changed much? FSF is getting people to think about what rules should exist for hardware. This is one part of building support for tackling this issue. Their current version is not the final version, and getting the text right is only a small part of making this campaign a success.
The FSF's Free Software Awards
Posted Mar 21, 2023 22:34 UTC (Tue) by pizza (subscriber, #46) [Link]
You're the one who said that "massive social change takes time" -- The FSF's last major attempt at this was the GPLv3, which was an objective failure in that respect -- far from "increasing freedom" it instead directly led to a massive push away from "Free Software" as a whole.
(And I say that as someone who thinks the GPLv3 is superior to the GPLv2, and I use it whenever I have a choice/say in the matter)
> RYF surely has flaws. But if the corner case you refer to exists
It does.
> and if it was fixed 15 years ago, would that have changed much?
Well, the RYF initiative is only ten years old -- I was referring to the GPLv3 with the 15 year thing.
But assuming this issue with RYF was actually addressed at the outset, I'd be willing to bet it would have made only a modest difference -- The FSF grossly overestimated their general influence at the time, but with a saner definition of RYF, I think their influence would have still shrunk overall, just not as much. Instead, they dug their heels in with their absurd position wrt embedded firmware, leading to fewer and fewer people taking them seriously, including plenty of would-be allies.
Where it would have likely made the biggest difference is that there would have been that folks genuinely trying to build "RYF" devices wouldn't have had to jump through non-trivial hoops to make hardware designed around the notion of runtime-loadable firmware appear to be fixed purpose -- Which increased the BOM and NRE costs, and gained the end-user precisely nothing (and arguably resulted in an objectively inferior product instead)
Who knows what that wasted opportunity cost could have yielded?
The FSF's Free Software Awards
Posted Mar 21, 2023 6:32 UTC (Tue) by pabs (subscriber, #43278) [Link]
https://events19.linuxfoundation.org/wp-content/uploads/2...
https://sfconservancy.org/blog/2021/jul/23/tivoization-an...
The FSF's Free Software Awards
Posted Mar 21, 2023 6:10 UTC (Tue) by pabs (subscriber, #43278) [Link]
https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-h...
https://www.bunniestudios.com/blog/?p=3657#comment-1400801
The FSF's Free Software Awards
Posted Mar 21, 2023 11:30 UTC (Tue) by farnz (subscriber, #17727) [Link]
I've seen (at least) Purism and Novena talk about how they're having to have DRM'd non-free software in read-only memory precisely to meet FSF RYF certification.
And my point is that the FSF has compromised its principles already - it's said that you can get FSF RYF certification if you use DRM to stop people exercising Freedom Zero. This is hardly in keeping with an organisation that has "maintained its principles" - no, it's compromised them in the name of practicality.
The FSF's Free Software Awards
Posted Mar 21, 2023 14:16 UTC (Tue) by coriordan (guest, #7544) [Link]
(Maybe they are aware RYF has a flaw, but the other approaches have worse flaws. A flaw existing in a campaign by FSF doesn't mean they've compromised their principles.)
The FSF's Free Software Awards
Posted Mar 21, 2023 15:10 UTC (Tue) by farnz (subscriber, #17727) [Link]
To take the suggestion I made by e-mail to the FSF back in 2013 seriously, rather than telling me very rudely to go away - split RYF into multiple tiers.
I've posted the suggestion I made as a comment elsewhere on this article, but in short, split RYF up - the top tier is "what the FSF wants, if it doesn't have to compromise at all", and lower tiers are compromises, where the bottom-most tier is the minimum acceptable compromise, and intermediate tiers bring you closer to the FSF's principled position.
Additionally, where a device is made from component parts, call out the tiers for the component parts. When posting about your RYF certified device, you should have to include the overall rating, and be permitted to give the full list of parts that need replacing to get to each higher tier - noting that you must not skip a tier if you have component parts in that tier, but you can simply not list higher tiers if you don't care about them.
So, using my suggested Gold/Silver/Bronze tiers, a laptop might be "RYF Bronze. CPU and WiFi firmware blocks RYF Silver. CPU, WiFi, SSD, trackpad and keyboard firmware blocks RYF Gold". Whereas a competing laptop might be "RYF Bronze. CPU, WiFi, SSD, trackpad and keyboard firmware blocks RYF Silver", and not call out what needs to be done to get to Gold at all. I would then be able to use the RYF certification to quickly see that all laptops with the CPU types I want are RYF Bronze, but that the first of this pair is closer to fully Free than the second, and that the manufacturer of the first laptop cares about getting to Gold, whereas the second thinks I'll be happy with Silver.
Similarly, I might look at WiFi dongles, and determine that I have a choice between RYF Bronze and 802.11ac, RYF Silver and 802.11n, or RYF Gold and 802.11a/802.11b/802.11g. I can then choose my tradeoff, knowing that if I'm not compromising on principles, I am limited to old, slow, RF-inefficient standards, and that newer standards involve more of a tradeoff.
The FSF's Free Software Awards
Posted Mar 21, 2023 16:44 UTC (Tue) by pizza (subscriber, #46) [Link]
0) Stop pretending that "hardware" consists solely of immutable hard-wired logic gates. In the general sense this hasn't been true for decades, and that's not going to change (for very sound technical reasons, plus additional legal ones)
1) Stop repeating the absurdity that non-replaceable binary blobs are somehow "freer" than blobs that can be replaced, This is almost a freebie once one accepts/admits (0), because you're no longer trying to pretend that mutable software is really iommutable hardware. It also lets folks not waste considerable engineering effort (and complexity) trying to design technical means to make mutable software immutable.
The FSF's Free Software Awards
Posted Mar 21, 2023 5:53 UTC (Tue) by pabs (subscriber, #43278) [Link]
https://libreplanet.org/wiki/Group:Free_Software_Foundati...
I was told that if anyone is interested in changing that aspect of RYF, the FSF is hiring for a position that could change it:
https://www.fsf.org/resources/jobs/fsf-job-opportunity-li...
Before my forwarding, it seems that *none* of the people complaining about RYF on LWN or elsewhere have sent feedback to the FSF.
The FSF's Free Software Awards
Posted Mar 21, 2023 13:21 UTC (Tue) by farnz (subscriber, #17727) [Link]
I made my complaints to the FSF around 10 years ago, and was told to go away (but a lot less politely than that), because the FSF knew better than I did what would work, and that the RYF program was going to ensure that future generations of laptops would be fully Free.
Please don't revise history to forget the fact that people have tried to suggest better routes to the FSF and been ignored.
The FSF's Free Software Awards
Posted Mar 20, 2023 2:44 UTC (Mon) by PengZheng (subscriber, #108006) [Link]
Such a horrible statement.
It is always an honor to receive Free Software Awards from guys who created gcc/gdb/other great software in the darkest days of FOSS.
The FSF's Free Software Awards
Posted Mar 20, 2023 3:27 UTC (Mon) by pizza (subscriber, #46) [Link]
I'm sorry, but '"the darkest days" are happening right now, with the stratospheric rise of Software-as-a-service that renders most "Free Software" utterly irrelevant for everyone that isn't building software-as-a-service offerings, with ever-growing legal barriers placed in front of folks that want to alter the hardware they have.
You can't compete with services by providing software. Especially when datamining-at-a-massive-scale is what pays for those services.
...Stallman's most dystopian predictions are all coming to pass, yet the FSF is wasting their time on RYF nonsense. Meanwhile, *farmers* have become the prime movers in the fight for "software freedom", because they're the ones going after the legal barriers that make it a literal felony to tinker with "your" hardware.
The FSF's Free Software Awards
Posted Mar 20, 2023 7:48 UTC (Mon) by coriordan (guest, #7544) [Link]
> I'm sorry, but '"the darkest days" are happening right now
There are tough new problems, but FSF has been key to solving a lot of the toughest problems in the past. We can't leave everything to them, but I'm very glad we have their help.
The keynote of this year's LibrePlanet (two days ago) was "The future of the right to repair and free software". So FSF is on it.
The FSF's Free Software Awards
Posted Mar 20, 2023 13:07 UTC (Mon) by pizza (subscriber, #46) [Link]
While I'm not sure they've ever actually "solved" any problems in the past, they can't solve problems of the present (much less the future) with their past approaches. I'm not saying they need to change their principles -- far from it -- But the world they exist within has completely changed, and making headway against this newer generation of extremely-well-funded adversaries [1] requires a different approach going forward, not doubling down on performance art that only appeals to the Truest of the TrueBelievers for whom computing is a fetish rather than a tool needed to participate in quasi-modern society.
(Right now, Freedom Zero, ie "The freedom to run [a] program as you wish, for any purpose." is being increasingly undermined by the legal sytem, and for the vast, vast majority of users out there, it's the only one that actually matters. Meanwhile, without Zero, none of the other Freedoms matter because there's no way to actually exercise them!)
The FSF's Free Software Awards
Posted Mar 20, 2023 16:07 UTC (Mon) by gioele (subscriber, #61675) [Link]
You mean FSF should do something more moderate and gradual like «encourag[ing] users to not rest content with nonfree software, while at the same time recognizing that they have other pressures and obligations. We want to help them stay both motivated and determined in their gradual process to eliminate nonfree software from their lives.» [1]?
> (Right now, Freedom Zero, ie "The freedom to run [a] program as you wish, for any purpose." is being increasingly undermined by the legal sytem, and for the vast, vast majority of users out there, it's the only one that actually matters. Meanwhile, without Zero, none of the other Freedoms matter because there's no way to actually exercise them!)
You mean FSF should campaign against law that require «devices [to] have measures to block execution of anything other than the “approved” system versions» [2]?
And also call out zealots that «are concerned solely with the licensing of the source code [and don't realize that, even] if the executable is made from free source code, and nominally carries a free license, the users cannot usefully run modified versions of it, so the executable is de-facto nonfree» [3]?
Or perhaps warn that «now that corporations dominate society and write the laws, each advance or change in technology is an opening for them to further restrict or mistreat its users.» [4]?
[1] https://www.fsf.org/campaigns/campaigns-summaries#ladder
[2] https://www.gnu.org/proprietary/proprietary-tyrants.html
[3] https://www.gnu.org/philosophy/open-source-misses-the-poi...
[4] https://www.gnu.org/philosophy/stallmans-law.en.html
The FSF's Free Software Awards
Posted Mar 20, 2023 17:03 UTC (Mon) by pizza (subscriber, #46) [Link]
Sure, and how does "RYF" fit into this? Remember, RYF says that proprietary blobs are perfectly okay as long as they aren't transferred through (or otherwise updatable by) the main system CPU.
> You mean FSF should campaign against law that require «devices [to] have measures to block execution of anything other than the “approved” system versions» [2]?
"Campaign" means more than having a web page updated, on average, once a year.
> And also call out zealots that «are concerned solely with the licensing of the source code [and don't realize that, even] if the executable is made from free source code, and nominally carries a free license, the users cannot usefully run modified versions of it, so the executable is de-facto nonfree» [3]?
Calling out these "zealots" has been so successful that more systems than ever are now locked down, with the full weight of the legal system enforcing those locks. It's probably safe to say that the overwheming majority of systems in use today are locked down, a complete inversion of the status quo of fifteen years ago.
> Or perhaps warn that «now that corporations dominate society and write the laws, each advance or change in technology is an opening for them to further restrict or mistreat its users.» [4]?
As I already mentioned, Stallman warned about this stuff a decade or two ago -- but seeing something coming doesn't make one effective in fighting against it. Again, the only folks having any real effect in this fight don't have anything to do with the FSF or even "free software".
The FSF's main weapon to date has been copyleft, which was a novel hack of the legal system at the time. Unfortunately, the adversaries have moved onto other legal techniques that make copyleft largely irrelevant, even putting aside the extremely lackadaisical approach to enforcement.
BTW, You're talking to someone who is a due-paying member of the FSF and writes their software under the GPLv3 (mostly device drivers and other hardware-adjacent stuff -- I have personally enabled an entire industry to ditch proprietary software!). I also run almost entirely Free Software on my own systems, self-host my entire online presence, and try my damnest to not rely on 3rd-party services for the same general reasons that Stallman has been talking about for decades. So I'm about as "converted" as it gets, but at the same time I have to earn a living and exist within an increasingly hostile society.
I say that as someone who is typing on a keyboard that runs proprietary firmware, connected to a PC running proprietary firmware in its EC, connected to a graphics card running proprietary firmware, connected to a display running proprietary firmware, connected to the internet using a wifi card running proprietary firmware, with LWN's web page cached on an SSD running proprietary firmware, and of course processed by a system CPU running proprietary firmware (aka "microcode").
"RYF" only makes it *harder* to replace those innumerable blobs with Free Software, and the alternatives are increasingly unfit for purpose (namely participating/earning a living in modern society) So when I say that the FSF's "RYF" thing is moronic at best, and actively counterproductive at best, I'm speaking with more than just an uninformed opinion.
The FSF's Free Software Awards
Posted Mar 20, 2023 20:35 UTC (Mon) by coriordan (guest, #7544) [Link]
I'm not saying FSF is perfect. Your attempts to fix their campaign might be ignored. (It's also possible that they're right and you're wrong. They've got a better record than any of us here.)
The FSF's Free Software Awards
Posted Mar 20, 2023 21:30 UTC (Mon) by pizza (subscriber, #46) [Link]
When it comes to their whole "RYF" approach, they are _wrong_. No ifs, buts, or maybes.
I understand _why_ they draw the line where they do -- they want to treat the hardware as fixed-function and immutable, but that blithely ignores the reality that all "modern" [1] hardware has embedded software and needs to be field-updateable to deal with vulnerabilities and bugs that can otherwise eat your data.
To be blessed as "RYF" the hardware can't even exhibit any outward _appearance_ of being modifiable by the end-user. Which is hilarious because with that thinking, the entire Free Software movement would have never been possible.
It's the same thinking that leads to liquor being sold in brown paper bags, because if you can't see what's inside the wrapper, you can pretend it's something "okay". It's puritanical nonsense that should absolutely be called out.
[1] Anything produced in the past decade or so is updateable, even if the mechanism is only known to its manufacturer.
The FSF's Free Software Awards
Posted Mar 20, 2023 22:01 UTC (Mon) by gioele (subscriber, #61675) [Link]
...OR, to be blessed as RYF, the hardware can ship a free firmware and allow its modification.
This is what the FSF wants, not the hardwiring of firmware into hardware. That's just an hyperbole, an obvious reductio ad absurdum.
For example, your keyboard could ship with the QMK firmware. Plenty of commercial keyboards (and key-based controls) use QMK.
Your computer could ship with a free BIOS, ME and BSC. It could. The vendors decided not to. The motherboard vendor decided to take a free BIOS (EDK2) and wrap it in proprietary software. The CPU vendor decided to take a free OS (Minix) and wrap it in proprietary software. The CPU vendor decided to stop releasing the source code to the low-level initialization library (AGESA, free from 2011 to 2014) and only distribute it as proprietary software.
What I find ironic of these discussions is that the RYF future that FSF wants is pretty much here. Technically, at least.
The FSF's Free Software Awards
Posted Mar 20, 2023 22:13 UTC (Mon) by pizza (subscriber, #46) [Link]
> This is what the FSF wants, not the hardwiring of firmware into hardware. That's just an hyperbole, an obvious reductio ad absurdum.
If that's what they want, then WTF do they object to hardware that allows updates in the field, but for which no free firmware exists? Because that is a necessary step in the liberating of said hardware. Not unlike how the entire Free Software movement began!
> Your computer could ship with a free BIOS, ME and BSC. It could. The vendors decided not to.
Because if they did, it would be prevented from selling to the majority of the market. For example, hardware that can be told to operate outside of the legal parameters for a given jurisdiction cannot be sold to the general public. And systems that cannot suitably attest to their "anti-piracy" capabilities are prevented from accessing pretty much all streaming services.
(That might be fine for many of the readers of this site, but their families might overrule any such decision)
You can decry that as being silly, shortsighted etc but like it or not, that's the *legal reality* we have to operate under, and it will take legal challenges to change that, not technical hand-wavery that pretends those realities don't exist.
The FSF's Free Software Awards
Posted Mar 20, 2023 22:34 UTC (Mon) by gioele (subscriber, #61675) [Link]
> > This is what the FSF wants, not the hardwiring of firmware into hardware. That's just an hyperbole, an obvious reductio ad absurdum.
>
> If that's what they want, then WTF do they object to hardware that allows updates in the field, but for which no free firmware exists?
Does the FSF object to that? Where?
Or does the FSF just say "if you do this and don't do that then you don't get the RYF certification"?
What is wrong in saying "look these are the parameters, if you match them you get this stamp of approval, otherwise you don't"?
Yes, the bar for RYF certification is extremely high, probably above what is possible in the current technical and legal environment. But what is bad in having a goalpost to measure how far you are from perfection?
ifixit has a 10-point scale for notebook and phone repairability. It was claimed for years their repairability scores where useless, because, c'mon current tech is thin and light, buyers want that, get real and give up. Then, suddenly Fairphone (2): 10/10! Framework: 10/10! Why can't the same happen (with a lot of technical and political effort) also for RYF? Years of slow progress then suddenly: RYF certification for the latest laptop!
Same thing for the legal angle. Repairs have been hindered for years by "chipped" parts (HP, phone parts, even auto parts). But things are slowly changing and right to repair laws went from being a pipe dream to a reality.
How about we stop shouting at FSF and their RYF certification, stop being super-pragmatic "that's how it is always going to be going forward" and, instead, start pushing to remove the technical and legal obstacles between this unpleasant reality and the one we desire?
The FSF's Free Software Awards
Posted Mar 20, 2023 22:49 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
The FSF's Free Software Awards
Posted Mar 21, 2023 6:42 UTC (Tue) by pabs (subscriber, #43278) [Link]
https://libreplanet.org/wiki/Group:Free_Software_Foundati...
A copy of them for LWN:
Change the criteria to require non-free firmware on secondary processors be able to be upgraded, downgraded, locally modified, replaced or reverse engineered. One way to see this is that some freedoms are better than zero freedoms. (Paul Wise, 2022-08-24)
Change the criteria to require that free software running on the main processors must be protected from modifications by non-free firmware on secondary processors, through the use of an IOMMU or similar technology. (Paul Wise 2022-09-05)
Any thoughts? What else needs adding?
The FSF's Free Software Awards
Posted Mar 21, 2023 8:13 UTC (Tue) by joib (subscriber, #8541) [Link]
As for your criteria, they look good, but they seem to miss e.g. the issue of CPU microcode updates? Regardless of whether the microcode is FOSS or not (most likely not), pretending that not updating it improves your freedom is actively harmful. And that applies to system firmware that executes on the main CPU, like the BIOS, as well.
Maybe it would be useful to have different 'levels' of 'firmware freedom'? E.g.
1. Device has fully FOSS firmware, and allows the owner to freely modify/replace/upgrade/downgrade/etc.
2. Device has proprietary firmware, and allows the owner to freely modify/replace/upgrade/downgrade/reverse engineer/etc.
3. Device has FOSS firmware, but requires signing/encryption keys to successfully load it that the owner doesn't have access to.
4. Device has proprietary firmware which needs to be signed and/or encrypted before successfully loading, and the owner doesn't have access to these keys.
5. Device has non-upgradeable firmware, or is trivial enough to not have any firmware at all (a RYF-certified resistor, anyone?).
I think it would be perfectly justifiable to give the RYF stamp only to devices that fulfill level 1 above. Yes, that would drastically reduce the number of RYF-certified devices, but at least then RYF would be a useful label and not something actively harmful like today. Perhaps devices fulfilling level 2 could be called "RYF candidate status", with the potential to graduate to full RYF level 1 if somebody develops a functioning FOSS firmware for it. And just leave levels 3-5 out of scope of RYF entirely?
The FSF's Free Software Awards
Posted Mar 21, 2023 8:24 UTC (Tue) by joib (subscriber, #8541) [Link]
The FSF's Free Software Awards
Posted Mar 21, 2023 8:57 UTC (Tue) by pabs (subscriber, #43278) [Link]
The FSF's Free Software Awards
Posted Mar 21, 2023 9:17 UTC (Tue) by pabs (subscriber, #43278) [Link]
I like your idea of RYF levels, although I'm not sure the FSF is interested in anything other than 1, they only accept other levels because level 1 basically doesn't exist yet.
You missed mentioning embedded firmware that is updatable but the update mechanism is unpublished proprietary software (but no signing etc), IIRC the OpenMoko FreeRunner WiFi chip was like that and the firmware was also ultra-buggy.
Maybe another option is this:
Clearly enumerate each part (including the different hardware layers (IP/etc), read-only software, embedded/uploadable firmware, FPGA gateware etc) of the device and list who has the access needed to understand, modify, rebuild and replace each item and how that access is granted (licenses/etc). Then score each device based on the proportion of proprietary parts and their importance to most end users. Could give different scores depending on the audience too. Group the devices into thresholds based on those scores.
The FSF's Free Software Awards
Posted Mar 21, 2023 12:01 UTC (Tue) by farnz (subscriber, #17727) [Link]
Part of the problem with RYF as it exists today is that it's a straight binary - I pointed this out to them over ten years ago, and basically got told to shut up because they knew better.
My suggestion was to have three levels of RYF, giving vendors reason to do better over time.
- Gold. All firmware must be Free. If the firmware is not replaceable by the user, then there is good technical justification for why this is not possible, it must be possible for the user to verify that the firmware embedded in hardware matches the source they have for it, and it must be possible for a running system to avoid using the non-replaceable firmware without loss of functionality or performance.
- Silver. All replaceable firmware must be Free. Where non-replaceable firmware is non-free, it must be possible for a running system to avoid using the non-free firmware without loss of functionality or performance. This thus requires CPU microcode, FPGA configuration bitstreams and the like to be Free, but allows boot ROMs to be non-Free, provided that the boot ROM just loads a Free firmware from an external source (host system, external Flash, whatever).
- Bronze. All replaceable firmware must be Free; non-Free firmware must not be trivial for the manufacturer to replace either.
The idea is that Gold is where we want everyone to be - all firmware is Free, and the user is treated as the ultimate authority on their device. Silver is an acceptable compromise - once you're booted, no non-Free firmware is involved, but the boot phase may involve non-free embedded boot ROMs and the like (e.g. TI Sitara SoCs have a ROM bootloader that brings up enough of the SoC to load the "real" firmware from external storage). And Bronze is the current FSF RYF policy, a compromise to let you test the waters with RYF.
Beyond that, I suggested that the FSF offer guidance on what needs to change for a device to climb the rankings - so while a laptop might get Bronze, the FSF would then say things like "to move to Silver, this laptop needs the CPU microcode and SSD firmware Freed. To move to Gold, this laptop needs CPU microcode, SSD firmware, SSD boot ROM and WiFi controller boot ROM Freed". The goal here is twofold: one is that you can look at that list and decide that you're willing to compromise on the non-free parts, and the second is that manufacturers who submit a device for certification can both trivially get Bronze, and have guidance on who to lean on if they want Silver or Gold in future (e.g. "I have an alternate CPU vendor that'd meet Gold if I switched, I just need to find an SSD vendor who meets Silver and I've got a Silver grade device").
I was told, however, quite firmly, that the FSF was sufficiently influential that vendors would Free their firmware just to get RYF certification, and that adding layers of certification wouldn't encourage more freeing of firmware. It's now 10 years later - how many vendors have done that?
The FSF's Free Software Awards
Posted Mar 21, 2023 13:41 UTC (Tue) by Wol (subscriber, #4433) [Link]
And if "user <> owner"?
What if it's a multi-user system?
My work laptop is locked down. It's annoying and frustrating at times, but it's not my work laptop so I don't have any real say in the matter, And rightly so. If I can't do my job because it's locked down, then that's not my problem ...
I do agree with having a scale of freedom - you often have to make trade-offs and who are you to dictate which trade-off is right for me :-) - but people should have choices, and telling them that the manufacturer can change the deal after they've bought the device (PS2 anyone?) should NOT be acceptable.
Cheers,
Wol
The FSF's Free Software Awards
Posted Mar 21, 2023 16:36 UTC (Tue) by pizza (subscriber, #46) [Link]
But that still doesn't address the fundamental flaw RYF as it exists today, namely the absurd claim that having replaceable non-free firmware is somehow "less respectful of your freedom" than non-replaceable non-free firmware. (where "replaceable" actually means "the end-user has no way of doing so", not "there is no simple-ish technical means to do so")
(It also flies completely in the face of the reality of "best practice" hardware design of the last couple of decades -- field-upgradability of firmware is usually a hard requirement, often due to legal mandates)
> I was told, however, quite firmly, that the FSF was sufficiently influential that vendors would Free their firmware just to get RYF certification, and that adding layers of certification wouldn't encourage more freeing of firmware. It's now 10 years later - how many vendors have done that?
What's sad is that even ten years ago, it should have been clear to them that they did *not* have sufficient influence. After all, 10 years ago was still 5 years after the GPLv3 landed, and the wholesale abandonment/replacement of GNU software (and other than the Linux kernel, copyleft in general) was well under way at that point in time.
The FSF's Free Software Awards
Posted Mar 21, 2023 16:51 UTC (Tue) by farnz (subscriber, #17727) [Link]
I agree that my suggestion then for Bronze wasn't ideal - it was based on the assumption that the FSF had thought about it, and had decided that this was the minimum acceptable compromise. I was suggesting that they should add extra levels above this minimum compromise to make it clear that the desired target is Free firmware everywhere, and got told not to bother them.
The FSF's Free Software Awards
Posted Mar 23, 2023 9:06 UTC (Thu) by eduperez (guest, #11232) [Link]
The FSF knows that current hardware cannot run without a firmware, and the FSF knows that hardware with a free firmware is almost impossible to find; the FSF could not use any modern hardware and maintain their ideals at the same time... unless they convince everyone that immutable firmware is not software. This problem has existed since the beginnings of the free software movement, when people began to point out that using hardware with a closed firmware was a contradiction with the purist rules of free software advocates.
The absurdity of RYF rules is not a bug, it's a feature.
The FSF's Free Software Awards
Posted Mar 20, 2023 23:16 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
Note that NY's right to repair got largely neutered on the governor's desk by allowing vendors to withhold parts for "security" reasons or to batch parts together for "reliability" making many of the stated goals back to the drawing board.
The FSF's Free Software Awards
Posted Mar 20, 2023 23:59 UTC (Mon) by pizza (subscriber, #46) [Link]
I do that, nearly every single day, by contributing to the body of Free Software in the form of drivers and other enablement for hardware that used to require highly proprietary software to operate. I've been fighting this particular battle for the past fifteen years, and while it's all fine and good to have lofty, idealistic goals, if you're going to have any chance of achieving them your plans have to take into account the "unpleasant reality" of the world as it is, not using a definition of hardware that's two decades out of date and excludes most stuff under a decade old.
The FSF's Free Software Awards
Posted Mar 20, 2023 22:22 UTC (Mon) by pizza (subscriber, #46) [Link]
It was "technically" here three decades ago. But what's steadily changed since then is a massive increase in system-level DRM, backstopped by massive criminal penalties for even talking about how to bypass it.
Far from being a "technical" problem, it's instead nearly entirely legal in nature.
The FSF's Free Software Awards
Posted Mar 26, 2023 2:28 UTC (Sun) by linuxrocks123 (subscriber, #34648) [Link]
Basically every general purpose computer still allows running any software you want, even if you might have to go into the BIOS once in the computer's life. Even Apple's ARM-based computers allow that.
All Android phones still allow sideloading. Multiple models of Android phones officially support rooting, with no significant downsides for doing so except that people in a few European countries with stupid laws can't run Android banking apps when they do that, and yeah that's a problem but it's pretty niche. Those people can just buy a $50 Android burner and use it and treat it as nothing but a hardware 2FA token if that's really bothering them that much. iPhones are the sole remaining instance of the walled garden problem.
All the major streaming services except NBC Peacock officially work on Linux, and you don't have to do anything to make them work except run some easily reverse-engineered proprietary bytecode inside your browser. No checks for HDCP which is therefore now irrelevant. Even if it weren't, HDCP strippers are widely available, and even if they weren't, HDCP 1.x has been fully cryptographically broken and HDCP 2.x is a commercial flop.
Raspberry Pis are more and more capable and provide significant freedom at the hardware level. There are other competing SBCs that provide similar computing freedom for those who want it.
Why all the doom and gloom, man?
The FSF's Free Software Awards
Posted Mar 26, 2023 12:47 UTC (Sun) by pizza (subscriber, #46) [Link]
Hello? Secure Boot and everything that routinely depends on it now?
> Multiple models of Android phones officially support rooting, with no significant downsides for doing so except that people in a few European countries with stupid laws can't run Android banking apps when they do that, and yeah that's a problem but it's pretty niche.
Or access the likes of Netflix. -- The last time I used Sony's official unlocking service, one of the stated side effects was to wipe your device's embedded DRM keys, which resulted in anything using anything greater than Wildvine L3 from working. Meanwhile, my (US-based!) banking app also refuses to run on "rooted" devices, even though it's little more than just a web site wrapper.
So, no, "rooting" means a significant loss of real-world functionality for the average user.
The FSF's Free Software Awards
Posted Mar 26, 2023 14:51 UTC (Sun) by Wol (subscriber, #4433) [Link]
> Hello? Secure Boot and everything that routinely depends on it now?
You're missing the OP's point. Does secure boot lock you out of the device you bought and paid for?
Yes it's a pain in the arse for many people. But it also means you can (hopefully) make sure the code running on YOUR device is the code you INTENDED to run on your device.
If other people won't let their code run on a device with modified boot, that's not down to the DRM.
As for your banking app being "just a shell to a browser", the bank wants to be sure your device is not running a key-stealing trojan. I just refuse to have financial stuff on my phone ... end of. Given that I'm now (from choice) running trojan-like software from Ipsos Mori, I'm only too glad I don't have stuff I consider sensitive on the device. They moan every few days about how their software isn't working the way they expect on my phone, and I simply respond that if they want to monitor what I'm doing, they shouldn't be expecting me to modify my behaviour to suit their app. Standby time of my phone has been halved to less than two days as a result of their app ... if their app isn't running because they flattened my battery, why should I care :-)
Cheers,
Wol
The FSF's Free Software Awards
Posted Mar 21, 2023 13:39 UTC (Tue) by paulj (subscriber, #341) [Link]
As a thought experiment, the FOPL licence: https://github.com/pjakma/fopl
The FSF's Free Software Awards
Posted Mar 20, 2023 6:22 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
The FSF's Free Software Awards
Posted Mar 20, 2023 10:38 UTC (Mon) by ballombe (subscriber, #9523) [Link]
The FSF's Free Software Awards
Posted Mar 20, 2023 18:47 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
* Amplified (and not just at an annual conference!) new community leaders to share their vision of free software, rather than focusing almost exclusively on a single person's vision
* Isn't fixated on freedom to the exclusion of all else (Linux-Libre's deblobbing is so thorough that it won't even tell you that your CPU microcode is too old to support Spectre mitigations, so good luck with that I guess), and instead provides enough information for users to make informed decisions about reasonable tradeoffs
* Does a better job of engaging with the wider industry rather than approaching most issues confrontationally
and probably a bunch of other stuff that I need to spend more time thinking about and writing down.
The FSF's Free Software Awards
Posted Mar 19, 2023 18:30 UTC (Sun) by pizza (subscriber, #46) [Link]
.... Great, further shrink the pool of hardware that Free Software can run on.
Just because a brcck "Respects Your Freedom" doesn't mean that we should try to turn everything else into bricks.
The FSF's Free Software Awards
Posted Mar 19, 2023 20:41 UTC (Sun) by mmaug (subscriber, #61003) [Link]
> .... Great, further shrink the pool of hardware that Free Software can run on.
> Just because a brcck "Respects Your Freedom" doesn't mean that we should try to turn everything else into bricks.
If you don't want to brick your rig, don't run LineageOS. Not hard. But those in the community that prefer not to have unknown actors roaming their computer...
Sure my rig is not as flashy or shiny as what you might run, but it serves my needs as a professional developer and user of the internet. However, I AM a professional, so a machine being fussy, while frustrating, does not prevent me from doing my work. Unfortunately, my 80+yo mother who is actually on-line more than I am (gotta stalk the grandchildren on FB), requires a machine that is less capable but more polished so she's running a Chromebook (at the added cost of frequent inquiries from her as to whether she needs to update her Windows Defender subscription... argh!)
The manufacturers are selling this year's fastest, shiniest, flashiest rigs, and part of that is to sell equipment that captures data that can be sold to other companies from its clients. If more potential clients are considering that their own privacy is more important that smooth curves or bigger screens, then the manufacturers will follow.
LineageOS, Trisquel, and other distros prove that there are alternatives to commercially written Linux, that you can run Linux without having the proprietary modules or binary blobs included.
The FSF's Free Software Awards
Posted Mar 19, 2023 21:23 UTC (Sun) by pizza (subscriber, #46) [Link]
You misunderstand me.
A completely "de-blobbed" smartphone is about as functional as a brick. Including the level of possible interactivity.
The FSF's Free Software Awards
Posted Mar 19, 2023 21:34 UTC (Sun) by pizza (subscriber, #46) [Link]
Every single LineageOS build still relies on blobs for basic hardware functionality. Sometimes those blobs are executed by the Linux system, sometimes those blobs are stored on, and transferred through, the Linux system, and other times those blobs are running completely independently from the Linux system -- notably the radio subsystems, including bluetooth, wifi, and especially the cellular baseband/modem.
Take away those blobs and you have a shiny paperweight for all you can accomplish -- I'd expect most, if not all, Lineage-OS-supported hardware to be incapable of even *booting* if they are truly de-blobbed.
So let's stop pretending that the mere presence of a binary blob in /lib/firmware somehow renders your system "less free" than one that has said blob stashed in flash. Either way it's still a binary blob that's necessary for your hardware to accomplish its intended purpose.
(BTW, I _strongly_ support the GPL, even v3, and the FSF's overall mission. I also strongly believe they are shooting themselves in both feet with their asinine "RYF" virtue signaling nonsense because it doesn't help improve access to or availability of Free Software in general -- indeed, it *hurts* that mission, because it prevents folks from actually running free software on the hardware they already own)
The FSF's Free Software Awards
Posted Mar 19, 2023 20:54 UTC (Sun) by atai (subscriber, #10977) [Link]
Down the road , deblobbing may be necessary for national security reasons (or requirements), not just for Stallman's moral reasons.
The FSF's Free Software Awards
Posted Mar 19, 2023 21:18 UTC (Sun) by pizza (subscriber, #46) [Link]
True "national security" stuff requires air-gapped systems with no (or very tightly controlled) access to external systems.
Again, a smartphone that can't communicate with the outside world is pretty much useless in nearly every other context.
The number of "smartphones" that can operate without blobs? Zero.
(The ones that claim otherwise just push the blobs onto separate storage. But the blobs are still there!)
The FSF's Free Software Awards
Posted Mar 19, 2023 22:24 UTC (Sun) by Wol (subscriber, #4433) [Link]
> True "national security" stuff requires air-gapped systems with no (or very tightly controlled) access to external systems.
I think you mean "requires a faraday cage" :-) if you remember the stories (from probably 30 years ago) of people in one office block pointing sensitive rf receivers across the road and reading the contents of CRT screens in the office block the other side ...
Cheers,
Wol
The FSF's Free Software Awards
Posted Mar 20, 2023 1:55 UTC (Mon) by atai (subscriber, #10977) [Link]
For national security requirements in common smart cell phones, see the ongoing sage over Tiktok
The FSF's Free Software Awards
Posted Mar 20, 2023 3:16 UTC (Mon) by pizza (subscriber, #46) [Link]
The histrionics over TikTok are nothing more than performance posturing; if "national security" actually mattered with respect to anything TikTok was supposedly [1] doing, they'd also be pushing for comprehensive privacy legislation that would apply to everyone else as well.
[1] So far the only justification offered is that TikTok is owned by a Chinese company.
The FSF's Free Software Awards
Posted Mar 20, 2023 6:24 UTC (Mon) by roc (subscriber, #30627) [Link]
The FSF's Free Software Awards
Posted Mar 20, 2023 12:48 UTC (Mon) by pizza (subscriber, #46) [Link]
Okay, what exactly does TikTok (or even Bytedance) do that's any different than US-headquartered folks such as Youtube or Instagram?
In other words, is it the "information flow" that's the problem, or "information flow to China" that's the problem? And if it's the latter, how is that somehow worse? -- Keep in mind that the Chinese government has already been confirmed to purchase data from the open market. And it's not just the Chinese government. The US Federal government does this too (to get around 4th amendment concerns), and multiple states are trying to do the same so they can punish folks who visit known abortion providers. (Meanwhile your typical ISP and telco has been hoovering up data about all their customers and will happily sell it to anyone with a credit card. Or give it away to anyone who claims to be law enforcement...)
Again I ask, is TikTok the problem, or is it really the nearly entirely unregulated data market?
The FSF's Free Software Awards
Posted Mar 20, 2023 16:42 UTC (Mon) by atai (subscriber, #10977) [Link]
What is the difference between US companies you mentioned and the Chinese Communist Party?
big difference.
The FSF's Free Software Awards
Posted Mar 20, 2023 17:08 UTC (Mon) by pizza (subscriber, #46) [Link]
> big difference.
I'm asking what the difference is between TikTok and Instragram, insofar as they both datamine the hell out of their userbase then freely use (if not outright sell) that data to any number of bad actors.
You're going to have to come up with something a bit more concrete than "it's bad when China does it, but not when <we / someone else> does it."
The FSF's Free Software Awards
Posted Mar 20, 2023 20:32 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
Jealously guarded data
Posted Mar 20, 2023 21:03 UTC (Mon) by corbet (editor, #1) [Link]
Dunno...it seems like that jealously guarded data is often available to anybody who will pay, even when it isn't simply exfiltrated directly.
Jealously guarded data
Posted Mar 20, 2023 21:32 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
Jealously guarded data
Posted Mar 20, 2023 21:46 UTC (Mon) by pizza (subscriber, #46) [Link]
It's the practice that's the problem, not the name on the front door or the specific national laws they're subject to.
> So perhaps they've started making it available in "lawfully required" circumstances (regardless of the sanity of the law in question). In which case, sure, I'll add it to my list of reasons to dislike FAANG.
Meanwhile, Bytedance is merely making their private data available to the CCP under "lawfully required" circumstances.
Jealously guarded data
Posted Mar 20, 2023 21:53 UTC (Mon) by atai (subscriber, #10977) [Link]
> Meanwhile, Bytedance is merely making their private data available to the CCP under "lawfully required" circumstances.
Available to *Whom* is still a big difference, the US Government or the CCP
Jealously guarded data
Posted Mar 20, 2023 22:12 UTC (Mon) by mathstuf (subscriber, #69389) [Link]
I agree. However, Instagram (Facebook/Meta) and YouTube (Google/Alphabet) were called out. I don't think these companies sell direct access to data (though Cambridge Analytica does seem to be an exception) but rather services that use the data.
While I dislike the behavior just as much, they at least have a *reason* to keep what they collect out of the hands of anyone with $$$.
> Meanwhile, Bytedance is merely making their private data available to the CCP under "lawfully required" circumstances.
Sure. While I would advocate for not doing business in such regimes, I'm sure anything publicly owned would be raked over the coals for not exploiting profits from^W^W^Wproviding services to the region with such a decision.
The FSF's Free Software Awards
Posted Mar 20, 2023 16:49 UTC (Mon) by atai (subscriber, #10977) [Link]
Regulation only works inside the legal framework of a country. Regulation does not regulate other political entities outside a country so regulation cannot be used as a catch phase or a magic solution to address the privacy problem.
No regulation can control another government. Any government will pass its own and apply its own regulation.
The FSF's Free Software Awards
Posted Mar 20, 2023 17:15 UTC (Mon) by pizza (subscriber, #46) [Link]
Regulation doesn't affect things outside your jurisdiction. But it can certainly apply to anyone doing business within yours.
You know, the same way that products sold within.. let's say the EU, have to pass basic safety tests. Or if you want to accept payment in local currencies you have to follow the government's financial reporting regulations. Etc etc etc.
So, no, comprehensive privacy legislation will absolutely affect TikTok (and Instragram, etc etc), assuming they want to continue doing business in those jurisdictions.
The FSF's Free Software Awards
Posted Mar 20, 2023 21:58 UTC (Mon) by atai (subscriber, #10977) [Link]
Today there is no way to tell if Tiktok is sending data overseas or not from a smart phone in the US.
The FSF's Free Software Awards
Posted Mar 20, 2023 22:19 UTC (Mon) by pizza (subscriber, #46) [Link]
Sure there is. It's called massive punitive punishment via the legal system. Granted that's after the fact but if the potential cost is high enough, no business will take that chance that they'll get caught.
> Today there is no way to tell if Tiktok is sending data overseas or not from a smart phone in the US.
Sure there is. Require all data to be stored within the US, block all communication with "bad" jurisdictions, and come down ruinously hard on any violators. That's the approach the Chinese have taken, quite successfully I might add.
The FSF's Free Software Awards
Posted Mar 20, 2023 13:51 UTC (Mon) by PengZheng (subscriber, #108006) [Link]
LOL
Your speech is a consequence of information manipulation. Is the so-called genocide aimed at the Uyghurs in Xinjiang? Please check the changes in population, average income, education level and other data of Uyghurs in Xinjiang over the past decade and compare them with those of American Indians.
It is Bytedance's fault to weaken US government's ability of information manipulation.
PS: This is quite off the topic. So I'll stop here.
The FSF's Free Software Awards
Posted Mar 20, 2023 16:58 UTC (Mon) by atai (subscriber, #10977) [Link]
That is correct.
The FSF's Free Software Awards
Posted Mar 28, 2023 20:03 UTC (Tue) by rbtree (guest, #129790) [Link]
The FSF's Free Software Awards
Posted Mar 19, 2023 23:24 UTC (Sun) by divested (guest, #154722) [Link]
Deblobbing is only one aspect of the project as in the automated Linux kernel CVE patcher which dramatically improves security of these end of life vendor-mutilated kernels: https://divestos.org/pages/patch_levels
It quite literally enlarges the pool compared to LineageOS due to its far longer support lifetimes, providing monthly security updates for decade old devices.
The FSF's Free Software Awards
Posted Mar 19, 2023 20:49 UTC (Sun) by mmaug (subscriber, #61003) [Link]
The FSF's Free Software Awards
Posted Mar 19, 2023 23:30 UTC (Sun) by divested (guest, #154722) [Link]
DivestOS vs /e/OS?
Posted Mar 21, 2023 18:46 UTC (Tue) by Herve5 (subscriber, #115399) [Link]
DivestOS vs /e/OS?
Posted Mar 22, 2023 1:00 UTC (Wed) by divested (guest, #154722) [Link]
Or the general overview: https://divestos.org/pages/patch_levels#others