Stallman's Legacy Halts At Hardware

szczys writes: To say Richard Stallman had a profound effect on free software is not a bold enough statement. The power of the GPL, and his advocacy for software freedom have changed the world. But there is one frontier that has yet to hear this gospel. These days, no hardware is an island. Almost every type of electronics we use is running some type of code, and in almost every case some of that code is secret in more ways than one. From beefy processors to graphics controllers, boot ROMs and binary blobs run in the silicon we base our systems upon. The code is not published and in the rare case that you are able to view the source it is only under strict NDA. This represents one of the biggest barriers to true open hardware.

All in for transparency?

[ArcWild]

Stallman has always had the right idea IMHO, but that 'ideal' put up against Corp Profit will never win sadly.
"Those who don't understand code, will be owned by those who do"
I'm all for a hardware manufacturer who creates and promotes 100% open hardware with public code provided.....................know any?

Re:All in for transparency?

[jellomizer]

The success of the GPL is in spite of Stallman not because of it.
Most successful GPL program are "Infrastructure based" Operating Systems, Web Servers (the most popular one is under the Apache Open source license) , Programming Languages, Databases. These are software that people use as the backdrop to the real work they are trying to accomplish. Installing a Database will not solve any problems, but using the database to solve your problems may improve your success. These get a lot of action because these are tools people really want, there are enough of them to keep interest, and the fact that they are not solving any real business need, means a lot of people don't have interest on keeping it for themselves. Support in an Open Source Project means that your particular needs will have a say in a larger project.
However GPL doesn't have too much in end use applications because they are solving rather narrow solutions. So they will not get a lot of support because their solution is very narrow. This means if someone is going to spend a lot of time/money working on a solution they will need to sell the software for money.

The problem with Hardware manufactures is that they make money off their hardware. There code is specialized for their hardware. So they are not so willing to let it go.

Soap == Stallman's kryptonite

His legacy also stopped at bathing as well.

Wrong...

[LynnwoodRooster]

The biggest barrier to true open hardware is the fact someone has to pay for a tangible good, and that tangible good - hardware - is designed for a specific purpose. The BIOS and bootloaders and such are immaterial, and do not limit you from using a piece of silicon as you desire. The block is silicon that does what you want to do in the first place. And that carries with it costs beyond just software creation.

Re:Wrong...

[fuzzyfuzzyfungus]

I wish that this were more often true; but firmware appears to be getting bigger and uglier(even on systems where 'firmware' means only the BIOS-or-equivalent stuff, not the entire embedded OS), rather than more unobtrusive over time.

Sure, the PC BIOS was pretty lousy; but we went and replaced with with UEFI, which is essentially an always-on secondary OS designed by the people who thought that ACPI wasn't a dubious plan. That's not exactly progress.

It's also false that firmware doesn't limit you from using silicon as you prefer: Since it's often cheaper to reduce the number of different SKUs than it is to shave every last transistor off the size, it's quite common to find parts that are feature-differentiated by firmware enforced locks(and, with a competent implementation of 'verify against the key burned into silicon', not something you can reasonably expect to just hack around). The Rasberry Pi, for instance, is based on a chip with a variety of supported codecs; but Broadcom will sell you versions with some enabled or disabled(so that you can avoid paying license fees for codecs you have no intention of using; but they don't need to spin a variant for every last possible combination of codecs). The rPi people attempted to square this particular circle by arranging so that you can buy unlock codes individually as needed; and I don't blame them for a situation largely beyond their control; but they are a good example of hardware whose exposed capabilities are directly controlled by firmware.

More broadly, the delightful 'crypto bootloader' phenomenon has cut a fairly broad swath through hardware openness. Tivoization is not a new thing; but it seems to be more popular than ever; and techniques for moving enforcement directly onto the die, where attacks are difficult and almost always uneconomic, has proceeded apace. If you can't even boot something not blessed by the vendor, the hardware could be 100% open and it still wouldn't do you a bit of good without the necessary private key.

Re:Wrong...

[lkcl]

The biggest barrier to true open hardware is the fact someone has to pay for a tangible good, and that tangible good - hardware - is designed for a specific purpose. The BIOS and bootloaders and such are immaterial, and do not limit you from using a piece of silicon as you desire. The block is silicon that does what you want to do in the first place. And that carries with it costs beyond just software creation.

i'm designing Libre Hardware, right now. i've been on this task for the past five years, since the embarrassing time when i encouraged 20 software libre developers to join me in buying one of the very first ARM netbooks to come out (back in 2010) that turned out to be GPL-violating. i had to spend a frantic 3 weeks reverse-engineering the hardware in order to provide those people with a GPL-compliant linux kernel.

this example just on its own demonstrates that what you have said is simply untrue in a very profound and subtle way. you claim "The BIOS and bootloaders and such are immaterial, and do not limit you from using a piece of silicon" - how can you load a kernel into memory using the BIOS's bootloader (if there is one) if you do not know how the BIOS *actually works*? how can you load a kernel into memory if you don't have the hardware's documentation? what if the proprietary bootloader (if there is one) has some sort of checksum or DRM where you are not provided the keys?

another example is the IBM / Lenovo laptops, where the BIOS had the PCIe device and MAC address of the WIFI adapter *burned into EEPROM*. quite literally the only way for people to replace the WIFI adapter was to *replace the entire BIOS*. that required a *massive* reverse-engineering effort and we now have coreboot support for many Lenovo laptops.

time and time again i have had to cut certain SoCs and ICs from the list of products because i cannot get the SDK, cannot get the Datasheet, cannot get *any* information about how the SoC or IC works.

so you claim "the block is silicon that does what you want to do" - it only does what you want to do via a hardware API which requires an extremely comprehensive bit-level and timing-critical software-driven understanding of that "block". without that, the hardware is LITERALLY useless. [remember NDISWRAPPER for WIFI cards?]

can you see, therefore, through these examples, that you've fundamentally misunderstood the complexity of the issue, and why there are such severe barriers to entry in the hardware arena?

i *do* understand this, so it's why i have been working for the past five years on creating Libre-compliant eco-conscious hardware, where the hardware - all of it - will be vetted for GPL-compliance before putting it into production. sounds mad? but it's the only way, i feel, that instead of waiting for someone else to tackle this, i'm *actively* taking responsibility for ensuring that there exists Libre-compliant Hardware.

Re:Wrong...

[sbaker]

What is being discussed is not "free" (as in "free-beer!") chunks of physical hardware, Indeed, that would be tough to do because physical objects are made of atoms - and atoms are not generally zero cost items - so they cannot be copied and distributed for free. We're talking about "free" (as in freedom) hardware that can be understood for $0 and (at some cost/difficulty) copied. The design of the hardware is free (as in beer and as in freedom) but the hardware itself is only free as in freedom.

To look at it another way - if I design and build a house - I can offer the plans for free under a GPL-like license. You can then look at my plane, improve them and you can use the plans to build yourself a house - all without without paying me a cent...but you still have to buy the bricks and pay the builder. You *do* have to pay for your own "copying". That's actually the same with software - if I want a copy of emacs, even though it's GPL'ed, I have to pay for the bandwidth and disk space to make myself a copy of it (the GPL even allows the author to charge me a reasonable amount for making that copy - which is something that almost never happens!) The distinction between copying GPL'ed emacs and copying my GPL'ed house is in the cost of copying the item (fractions of a penny versus hundreds of thousands of dollars). That's not a conceptual difference - it's just a matter of scale - and it's not even necessarily larger. I've downloaded hundreds of Gigabytes of stuff that cost me many dollars worth of disk space to store - and I've downloaded the open-hardware design for a bracket for my "lasersaur" laser cutter that cost pennies to manufacture.

The problem we're discussing with hardware that depends on "binary blobs" is in no way different from writing software that requires an external library for which you don't have source code.

The issue is whether the software library is free (as in beer) or not. If you have to link some GPL'ed program to DirectX in order to run it under Windows - the software can still usefully be GPL'ed because even though DirectX is a closed source "binary blob" - people who run Windows all have a copy of it already. So it's effectively free-as-in-beer. However, if you write your own closed-source middle-ware package and charge people $100 to license it - then creating some GPL'ed application that requires that middle-ware isn't a very constructive thing to do. Of course we'd prefer that all of the libraries we use are also GPL'ed - but that's not an absolute requirement - and it's not a particularly reasonable one out here in the "real world".

OpenHardware that requires use of a binary blob is no different from software that requires some complicated library. If the binary blob is legally copyable (free as in beer) - we can still usefully make our own copy of the hardware. But if the binary blob is either not legally copyable or requires a license fee to copy - then we're in the same situation we were in with software that needs a pay-to-license middleware library.

Viewed in this way, OpenHardware is no different at all from OpenSoftware - EXCEPT that the cost of copying it is higher because it's made of atoms instead of bits.

You know you're getting old.

[Lead+Butthead]

When you start missing the days when every piece of hardware you bought came with schematics and firmware listings, instead of six page license agreement printed in four point fonts and written in incomprehensible legaless (and indeed, demanding adherence to reprehensible terms.)

Patents ...

[gstoddart]

I think patents are why this can never work.

Pretty much EVERY industrial process is patented by someone. That patent is guarded by a corporation who wants to ensure they get paid ... either through sales, or licensing the patent.

IBM makes a zillion patent applications every year.

There's simply no way you can bypass the sheer quantity of "intellectual property" which encumbers the world. And since pretty much every aspect of the hardware is probably covered under a patent, you're not going to get it.

Hell, even with software, Microsoft used to insinuate that Linux violated a bunch of their patents, but wouldn't ever name them.

The modern world has been structured to serve the needs to greedy corporations. They're not going to allow you to sufficiently change the rules of the game to take that away.

Which is why every treaty these days is having the intellectual property pushed even harder, because governments are on the payroll of entities which want to further entrench their rights as superseding ours.

Keep dreaming.

Make your own

[Richard_at_work]

Nothing is stopping you making and using your own hardware, rather than putting expectations on other peoples products. Of course, making your own hardware isnt cheap or trivial, whereas putting expectations on other people is both of those things.

Re:Make your own

[Richard_at_work]

I take it that

a. you didnt finish reading my post, and
b. entirely missed the point of it.

Stallman's open-source-everwhere view blinds him

[Da+w00t]

Source: e-mail exchange with him, based on my shmoocon presentation on hacking USB flash drives.

In short: I said there's no way you can have open source firmware for a proprietary undocumented ASIC, that has to keep track with new developments in flash memory every 3 months.

He want on to ask if there was a way to buy a USB flash drive that wasn't field-reprogrammable, or to "convince a company to make USBs [sic] that way". I'm not aware of any, and it's impossible as-is to A) ask a vendor "What chips are you using?" and B) have the vendor use the same controller/flash chips on the same device.

Dude wouldn't listen, and I gave up trying to educate him.

Re:It eould be nice, but...

[Arnold+Reinhold]

The big problem is security. There are too many places for exploitable bugs, deliberate back doors, key loggers, side channels and other forms of pwnware to hide in modern processors. Do you know where all the components in your PC were fabricated?

What's good about GPL?

[mi]

Stallman has always had the right idea IMHO

How was it a "right" idea? The society — and generations of programmers — were spending considerable efforts on software, which could not be used by all. This caused a substantial duplication of efforts and repulsed a substantial body of programmers, who preferred the truly free BSD-license instead. Instead of cooperating, people and groups ended up competing. And when the original GPL proved to not be "enough" — for example, it was still possible to use GPL2-licensed gcc in a BSD-project, Stallman doubled down with GPL3, forcing FreeBSD, for example, to switch from gcc to BSD-licensed clang.

put up against Corp Profit will never win sadly

Yep, these denunciations of "profit" is the very core of the problem. Generations of young idiots do not realize, that profit is simply a reward for doing something people want. There is nothing wrong or shameful about it and all efforts to "fight" it are misguided and destructive.

Re:What's good about GPL?

How was it a "right" idea? The society - and generations of programmers - were spending considerable efforts on software, which could not be used by all. This caused a substantial duplication of efforts...

It was the right idea at the time. What you describe is precisely what was happening in the 1980s. GPL was a drastic medicine for this; since the source could not be re-closed, its sole target was to avoid just that duplication. For achieving this, I applaud GNU, no question.

Fast forward 20 years. People have become accustomed that software is free. From OS to $EDITOR, compiler & desktop. And now the liberty of GPL starts to become a hindrance at times. People want to use GPL stuff for work, and can't because $REASON. BSD/MIT software gets more popular again.
My argument here is that the BSD/MIT software would not be so popular now, if it wasn't for GPL. E.g. LLVM would never have gotten its Apple blessing as an opensource compiler if it wasn't for GCC. Heck, it isn't even now. Just compare the quality difference between opensource and Apple clang.

GPL did its duty in the 1980's, 1990's and 2000's. We can afford the luxury of dispensing with it for now, because it was successful, not because it is bad. Sure BSD/MIT software can achieve more than GPL because it can get industry money to support it easier then GPL software. But only because there always is an implied threat that such BSD/MIT projects can re-license to GPL. It keeps the industry at bay.

Stallman doubled down with GPL3,

Not going to start an argument here. Just noting that GPL3 is the logical fallout from what I describe above.

Re:What's good about GPL?

[Bradmont]

Saying BSD-style licenses are "truly free" and the GPL isn't is like saying that you're only truly free if you have the right to use a gun to hold others captive. The ability to revoke freedoms from others does not make one more free in any logical sense.

Re:What's good about GPL?

[mi]

you're only truly free if you have the right to use a gun to hold others captive

Actually, being unable to hold somebody — like a thief caught in your home — captive would be a violation of freedom. But your analogy is flawed and let's not use it.

The ability to revoke freedoms from others does not make one more free in any logical sense.

BSD revokes no freedoms from anyone.

Whatever is released under BSD remains so for ever. A new development may be made under a different license, but that can happen with GPL too. Heck, it did happen with GPL! The last gcc, for example, that's available under GPL2, is 4.2.1 — beyond that it is all GPL3.

Re:What's good about GPL?

Saying BSD-style licenses are "truly free" and the GPL isn't is like saying that you're only truly free if you have the right to use a gun to hold others captive. The ability to revoke freedoms from others does not make one more free in any logical sense.

A comparison:
* GPL: use the code for whatever you want, but you must share changes
* BSD: use the code for whatever you want

Seems to me that the latter has one less restriction on what you're able to do. Isn't having fewer restriction equivalent to being more free?

Re:Why are so many moving away from the GPL?

Uhhh...no, it's not the most popular:
https://www.blackducksoftware.com/resources/data/top-20-open-source-licenses

And no, it's not growing:
http://osswatch.jiscinvolve.org/wp/files/2015/02/figure2.png

Re:Why are so many moving away from the GPL?

[Bert64]

It's not freedom that in todays society we are not free to kill anyone we want, or take anything we want from anyone else...
Sometimes you have to give up freedoms which would allow you to harm others, and thats what the GPL does... You are given a limited set of freedoms by the GPL, and the primary limitation is that you must grant the same level of freedom to anyone else, you're not free to limit someone else's use of the software.

incorrect

[Gravis+Zero]

From beefy processors to graphics controllers, boot ROMs and binary blobs run in the silicon we base our systems upon. The code is not published and in the rare case that you are able to view the source it is only under strict NDA. This represents one of the biggest barriers to true open hardware.

this is incorrect! the giant barrier that prevents people from having true open hardware is the obscene cost of having your design made into a silicon chip. if you could suddenly get a one-off chip made for $100, we would all be running much different systems and few of them would be related to x86.

Re:Why are so many moving away from the GPL?

[fonos]

Nothing in the GPL forces you to contribute back changes. You can download GPL'd code, change it however you want, and use it on your own systems to your heart's desire, without having to contribute anything.

However, if you download GPL'd code, modify it, and distribute a binary, you must distribute your code changes under the GPL. If you don't want to do that, write your own damn code from scratch. None of this is forced upon you.

Dirty hippie extremist

I respect what Stallman has contributed to free software, but at the same time, his views are ridiculous. He is to FLOSS what fundamentalists are to religion. His untenable ideals and overwrought goals drive people away, and do more to hurt the more reasonable open source options than to help free software.

Re:Why are so many moving away from the GPL?

[AmiMoJo]

Without the GPL we wouldn't have much of the freedom we now enjoy. Would Linux be so popular, would it get as much contribution from private companies if they were able to release their own proprietary versions? Look at BSD. It doesn't benefit much from Sony using it on their games consoles and in their smart TVs, because they don't have to give anything back.

Without GPL software, software that wouldn't exist in the way it does without the GPL, we would be much more reliant on non-free products. We would be less free to compute.

Re:Why are so many moving away from the GPL?

[lkcl]

The BSD and MIT licenses offer true freedom. The GPL offers restriction and the elimination of freedom.

this is a very subtle and dangerous perspective that has one extremely large software project which has ended up in complete chaos, causing headaches for many people, including misunderstandings and ignorance by vendors who assume that because the majority of the software is BSD/MIT, the linux kernel's GPL license is somehow magically transmuted to a BSD/MIT license as well.

that software is android.

the only reason why we have things like cyanogen, thank god, is because there is one last bastion of fundamental GPL code left in android devices: u-boot and the linux kernel. without that, the smartphone industry would be viewed with extreme hostility. it's *already* bad enough in cases where companies such as Mediatek blatantly and continuously violate the GPL.

look at what happened with Fairphone, for example. great product, yes? envisioned as being sustainable, yes? and after 2 years, what happened? well, there turned out to be some security vulnerabilities in the version of android that was supplied (by Mediatek). it was *critical* that the users upgrade. but, because Fairphone had naively bought a binary-only GPL-violating OS from a 3rd party OEM company that *DIDN'T EVEN HAVE THE SOURCE CODE*, there was no way to provide updates of *ANY KIND*. the buyers therefore had to abandon their products for security reasons. bear in mind that this is supposed to be eco-conscious *sustainable* hardware that's supposed to be re-usable. it was extremely embarrassing for Fairphone, and a very hard lesson for them.

so that's even when there's a GPL kernel. imagine what it would be like - imagine the situation if the linux kernel *wasn't* GPL? you would end up with the exact same situation as with apple. apple _used_ to release the kernel source code (based on FreeBSD) back to the community... they stopped recently. the end result: people no longer actually own their own hardware.

the GPL is, at its heart, a recognition that collaboration is better than competition and secrecy. the BSD and MIT licenses were developed when everybody released source code *anyway*. the licenses were therefore more about fighting the liability that is inherent in releasing code as "Public Domain". everyone *trusted* that the code modifications would be released.... and then suddenly they weren't [did you even *know* for example that Windows 95's TCP/IP stack is actually BSD-licensed?]

google's insistence on using BSD licenses - to the point of re-implementing entire GPL-based pre-existing libraries - has resulted in untold very subtle harm to end-users and to software freedom in general - harm that is very difficult to quantify and explain because it's long-term, and the consequences are ongoing.

the one thing that really really stinks about what google did with android is summed up in this simple question: they replicated dozens of critical low-level libraries and applications that had perfectly-functional GPL versions that were proven and had stable communities based around them (that could really have done with the financial support of google).... so why did they not replicate the Linux Kernel as a BSD-based project as well? that hypocrisy - that they did not also re-create the Linux Kernel as a BSD/MIT project - tells you everything that you need to know.

Re:Cowardly GPL apologists

This reminds of labor unions claiming credit for us not working on weekends... Bullshit, in other words.

Sometimes I read a thread here and just spot the most amazing, untrue bullshit - like this line.

I've been in the office Monday through Saturday for the past 3 months - involuntarily. The project manager just had to send a simple email requesting additional resources when the goals on his timeline started slipping. HR and my direct boss walk over to me and tell me that I'm expected to be at work Monday through Saturday from 8am to 6pm. I don't get paid extra for the extra hours. I don't get comp time. I'm not allowed to use vacation days during crunch time. The contract I signed when I started here said nothing whatsoever about involuntary unpaid OT. My recourse is to find a new job (it's hard to interview on a Sunday) or initiate legal action which will end badly for me.

My neighbor is a UAW worker in a Ford plant. He gets Saturdays and Sundays off - except when they allow him to volunteer for weekend OT at 1.5x rate or even higher. I'm willing to bet his annual salary is higher than mine when you factor in his OT pay.

Please hop on the clue bus when it comes to unions. Please, I'm begging you.

Re:Open Source vs. GPL

[tepples]

The most successful GPL-program is gcc

It depends on how you define "success". I'd bet there are more Android devices running Linux than developer PCs running GCC.

USL v. BSDi left door open for GNU/Linux

[tepples]

BSD existed since 1970-ies.

But was it free in 1984? Wikipedia says it didn't start to become free software until 1991. And was it a complete free operating system, entirely free of AT&T encumbrances, in 1992? Once Linux was combined with what the GNU project had produced by the early 1990s, it succeeded in part because of the legal uncertainty surrounding BSD prior to the 1993 settlement.